Tuesday, July 25, 2006

July 25, 2006

Looks like that white hat has turned black...


HOPE Speaker Rombom Charged with Witness Tampering

Posted by timothy on Monday July 24, @02:45PM from the complicationism dept. The Courts Security United States

An anonymous reader writes "Steven Rombom -- a.k.a. "Steven Rambam" -- the licensed private investigator who was arrested Saturday by FBI agents minutes before his talk on privacy at the Hope Number Six hacker convention in New York -- is being charged with witness tampering and obstruction of justice in a money laundering case the government is pursuing against Albert Santoro, a former Brooklyn assistant district attorney, according to Washingtonpost.com's Security Fix blog. The government alleges that Santoro hired Rombom to locate a government confidential informant whom Santoro accuses of entrapment, and that Rombom visited the informant's in-laws under the guise of an FBI agent and tried to convince them tha their son-in-law was a danger to their daughter and grandkids."

Extending the “Shrink-wrap” contract to the “Think-wrap” contract?


How to Deal w/ Dubious 'Contracts'?

Posted by Cliff on Tuesday July 25, @12:46AM from the nowadays-you-don't-need-to-sign-anything dept. The Courts Businesses The Almighty Buck

phorm asks: "It seems that for almost every service out there nowadays businesses want to fix customers into a contract. Some are pretty obvious (cellphone service, etc), but others are downright sneaky. About a year ago, my grandparents signed up for internet service with one of the bigger ISP's (Telus). They were offered an lesser rate for the first year, followed by $10/month more for following years, as well as their DSL modem for free (to be returned when service ends). None of the documentation received with the modem indicated that any 'contract' was being entered, nor were any documents signed. However, when they recently tried to cancel their service, Telus has indicated they will be charged a fee due to being within the 'contract'."

Similar to EULAs, sometimes companies will enter you into a "contract" without providing anything to sign and will hold you to terms you may not even know about simply by your use of the service. How can you deal with companies practices, especially if dealing with their representatives becomes...difficult? [More... Bob]

This technology will “improve” something – we just don't know what.”


Law of Unintended Consequences Strikes Grocers

Posted by ScuttleMonkey on Tuesday July 25, @01:45AM from the try-not-to-shed-too-many-tears dept. Businesses Technology

netbuzz writes "The law of unintended consequences is taking a chomp out of grocery chain profits as more stores transition from human clerks to self-service checkout technology, thus reducing the time shoppers spend in line and under the temptation of impulse items. That's the upshot of research being released tomorrow by IHL Consulting Group in Franklin, Tenn., which provides market analysis to the retail industry and its IT vendors."

Enough of these and we could precipitate a return to global cooling! We gotta do something!


Solar Power Minus the Light

Posted by ScuttleMonkey on Tuesday July 25, @05:27AM from the green-energy-saving-green dept. Power Hardware

An anonymous reader writes "Popular Science is running a story about a small company trying to take advantage of all the global warming hype. Matteran Energy uses 'thermal-collection technology to heat a synthetic fluid with a very low boiling point (around 58F), creating enough steam to drive a specially designed turbine. And although a fluid-circuit system converting heat into electricity is nothing new, Matterans innovative solution increases the systems efficiency to a point where small-scale applications make economic sense.' Notably, this comes during a record breaking heat wave here in the US. So has the day finally arrived where I can run my AC off of all that heat outdoors?"


MySpace Outage Blamed on L.A. Power Loss

By ANICK JESDANUN AP Internet Writer Jul 24, 1:42 PM EDT

NEW YORK (AP) -- The popular social-networking site MySpace.com suffered a pair of extended outages over the weekend because of power problems at a key data center in the Los Angeles area, the company said Monday.

In a message to MySpace users, company co-founder and President Tom Anderson said MySpace "has been screwy" since Saturday because of failures in both the main power supply and the backup generators.


Visa Changes Retail Security Rules

July 22, 2006 By Evan Schuman

Visa on July 21 changed its retail security requirement structure, which will—because of a change in definition of what a qualifying transaction is—force more retailers to use its more stringent security procedures.

The core change includes all transactions when determining what level a retailer should be; Visa uses four levels to group retailers based on their volume of transactions.

The criteria was previously limited to online purchases. "The most significant modification involves the Level 2 merchant category, which previously only applied to merchants processing between 150,000 and 6 million Visa e-commerce transactions per year," a Visa statement said. "Level 2 has now been broadened to include all acceptance channels and applies to any merchant processing 1 million to 6 million Visa transactions per year."

... Retail technology analysts who discussed the new Visa PCI rules in a Web audiocast late on July 21 agreed that the changes will almost certainly impact a lot more than the thousand or so merchants that Visa said it will impact, as the changes will likely cause all retailers to be more strict about credit card authentication issues.

When do we reach consensus? (Pay me now or pay me later?)


Companies take costly steps to secure laptops

Posted 7/23/2006 10:52 PM ET By Jon Swartz, USA TODAY

SAN FRANCISCO — Big U.S. companies are taking tough measures to shore up laptop security amid a rash of thefts.

... About 88 million Americans have been exposed to potential ID theft since February 2005 as a result of reported data breaches, says the Privacy Rights Clearinghouse. In at least 43 instances — a fourth of all reported breaches — stolen or missing laptops were involved. Few of the laptops have been recovered.

What companies are doing:

Ernst & Young started encrypting — or scrambling — data on laptops for its 30,000-person workforce in the USA and Canada after a laptop with personal information on about 38,000 customers was stolen from an employee's car in February.

Fidelity accelerated encryption on thousands of employee laptops. The mutual fund giant was the victim of a laptop breach in March that affected data of 196,000 current and former Hewlett-Packard workers. It also is increasing training on laptop security and protection of customer data.

Aetna undertook several preventive measures after a laptop containing names, addresses and Social Security numbers for 59,000 members was swiped from an employee's car in April. The insurer had employees re-encrypt and recertify files. Every company PC was audited to ensure files were properly encrypted. Aetna also tightened restrictions for storage devices such as thumb drives.

Encryption can be pricey. Gartner estimates a company with 100,000 customer accounts can spend $30 to $40 per laptop on data encryption. Yet, the cost of a data breach is even higher. Companies with 100,000 customer accounts will spend at least $90 per account if data are compromised or exposed — not including fines and lawsuits, Gartner says.

... Personal information sells on the Internet for about $1 per stolen record, Egner says.

Toward ubiquitous surveillance


License Plate Tracking for All

By Luke O'Brien 02:00 AM Jul, 25, 2006

WASHINGTON -- Jealous lovers may soon have an alternative to sniffing for perfume to catch a cheating mate: Just follow their license plate.

In recent years, police around the country have started to use powerful infrared cameras to read plates and catch carjackers and ticket scofflaws. But the technology will soon migrate into the private sector, and morph into a tool for tracking individual motorists' movements, says former policeman Andy Bucholz, who's on the board of Virginia-based G2 Tactics, a manufacturer of the technology.

Bucholz, who designed some of the first mobile license plate reading, or LPR, equipment, gave a presentation at the 2006 National Institute of Justice conference here last week laying out a vision of the future in which LPR does everything from helping insurance companies find missing cars to letting retail chains chart customer migrations. It could also let a nosy citizen with enough cash find out if the mayor is having an affair, he says.

Giant data-tracking firms such as ChoicePoint, Accurint and Acxiom already collect detailed personal and financial information on millions of Americans. Once they discover how lucrative it is to know where a person goes between the supermarket, for example, and the strip club, the LPR industry could explode, says Bucholz.

Private detectives would want the information. So would repo men or bail bondsmen. And the government, which often contracts out personal data collection -- in part, so it doesn't have to deal with Freedom of Information Act requests -- might encourage it.

"I know it sounds really Big Brother," Bucholz says. "But it's going to happen. It's going to get cheaper and cheaper until they slap them up on every taxicab and delivery truck and track where people live." And work. And sleep. And move.

Privacy advocates worry that Bucholz, who wants to sell LPR data to consumer data brokers like ChoicePoint, knows what he's talking about.

"We have pretty much a Wild West society when it comes to privacy rights," says Jay Stanley, a spokesman for the American Civil Liberties Union. "The overall lesson here is that we really need to put in place some broad-based privacy laws. We need to establish basic ground rules for how these new capabilities are constrained."

Current laws don't constrain much. Just as it's legal for the paparazzi to take pictures of celebrities in public, it's legal for anyone to photograph your license plate on the street. Still, there aren't enough LPR units in service yet to follow your car everywhere.

... The next step is connecting the technology to databases that will tell cops whether a sexual offender has failed to register in the state or is loitering too close to a school, or whether a driver has an outstanding warrant. It could also snag you if you're uninsured, if your license expired last week or even if your library books are overdue.

The subway has never looked more appealing.

So who is liable? (Who isn't?)


E-Health Gaffe Exposes Hospital

By Kevin Poulsen| Also by this reporter 02:00 AM Jul, 25, 2006

Georgetown University Hospital suspended a trial program with an electronic prescription-writing firm last week after a computer consultant stumbled upon an online cache of data belonging to thousands of patients, Wired News has learned.

... The hospital had securely transmitted the patient data to e-prescription provider InstantDx. But an Indiana-based consultant accidentally discovered the data on InstantDx's computers while working to install medical software for a client.

"The initial investigation has found that no patient demographic data was inappropriately used," says Worley, who says between 5,600 and 23,000 patients were affected. She added that the hospital learned of the breach when Wired News contacted it last week.

... The breach highlights the liabilities of sharing private medical records with third parties as the industry crawls toward electronic record keeping.

... Maryland-based e-prescription firm InstantDx was quick to accept responsibility for leaking the Georgetown file. The company wouldn't say whether other hospitals and doctors' offices were represented in the vulnerable files, but said that its systems have been secured. InstantDx chairman and CEO Allan Weinstein describes the incident as "a one-time quirk."

The consultant responsible for the discovery, Goshen, Indiana-based Randall Perry, says bad security practices contributed heavily to the incident. Perry says he accessed the data using a password he discovered hard-coded into a popular medical practice application, where any moderately skilled user could retrieve it.

"This is just security through obscurity," says Perry. "My home network is probably 10 times more secure than what they have set up over there."

... "One of the biggest problems you have is people inadvertently stumble upon security vulnerabilities, and frequently it's because they're trying to get their job done," says Rasch. "And what we do now is say, 'He did something wrong. He shouldn't have been there. Let's go after him.' How does that encourage people to report vulnerabilities and get them fixed? What they should do is give him a $10,000 finder's fee."

... "There's over 20,000 HIPAA complaints to (the Department of Health and Human Services), but zero civil enforcement actions so far," says Swire. "If HHS refuses to enforce the law, then medical organizations will be less careful with patient data.... I believe that will make it harder to do the next shift towards electronic medical records."

Who would you like to be? Can you think of someone you would like to turn into Osama bin Lauden?


VeriChip VeriEasy To Clone, Researchers Say

from the not-inspiring-much-confidence dept

For some time we've been following the colorful past of RFID maker VeriChip, a company that promotes implanting RFID chips in humans for identification purposes. As if the stated goal of the company wasn't disturbing enough, it has a history of lying to regulators and to the public about the nature of its devices, and how they would be used. Now, two researchers, presenting at a hacker conference, have demonstrated that the company's chips can easily be cloned, essentially allowing an individual to assume another's identity. Not surprisingly, this stands in contradiction to VeriChip's claim that their products are impossible to counterfeit. In fact, the researchers claim that the company's chips have no security mechanism whatsoever. For its part, VeriChip has responded saying it hasn't reviewed the evidence, and that it's still easier to steal someone's ID out of a wallet than it is to gain information from a chip in someone's arm. That may be true, but when your wallet is stolen, you can realize it quickly and alert the relevant authorities. How do you know when someone's passed by you with a wireless scanner? If fingerprint identification can be defeated with Play-Doh, and someone can clone your embedded identity chip without you knowing it, there's something to be said for old-fashioned, disposable ID systems.

The Porn industry is always looking at new technologies... Is this their doing? remember, phones now have video cameras...


Mobile Phones' Impact On Sexual Relations

from the in-many-different-ways dept

Last year, we wrote about how many people in Germany choose not to turn off their mobile phones during sex (you know, in case something more important happens). A similar study just concluded in the UK found that even more people in the UK feel it's okay to leave it on while they get it on. Of course, this study also dug deeper into other areas, and discovered that the mobile phone has become an important part of a sexual relationship these days, whether it's just flirting by phone or, for some, sending sexually explicit text and photos. On the flip side, about one-fifth of those surveyed had sent or received a text message designed to end a relationship. There are also some uses of mobile phones in relationships that may not be quite as obvious -- such as the large number of women who use mobile phones to deter men from approaching them. Amusingly, five years ago, we had written about a study saying that men used phones as a mating call, to show off to women. It sounds like there may be some mixed signals between the sexes.

Does this make my old Monopoly game an “instant antique?”


Monopoly replaces cash with Visa debit card

vezquex submitted by vezquex 15 hours 18 minutes ago (via http://www.geekologie.com/2006/07/monopoly_replaces_cash_with_vi.php )

Say goodbye to the rainbow-colored monopoly money of yore.

Outlaw chocolate and only outlaws will have chocolate. "He's an outlaw, look at those rotten teeth!”


The War on Chocolate.

johndi submitted by johndi 22 hours 39 minutes ago (via http://www.slate.com/id/2145932/?nav=tap3 )

Economists doubt that schools can sucessfully ban junk food. Thirteen year old William Guntrip is a good example why it might not work. He is a junk food dealer, and is making nearly $100 a day selling junkfood on the playground.Clippings

No comments: