Tuesday, August 08, 2006

Perhaps an article on the finer points of groveling? Sounds like their lawyers were out to lunch when this was written...

http://battellemedia.com/archives/002792.php

August 7, 2006 08:27 AM

AOL: Dooooooh!

AOL has officially responded to the recent ruckus over data released by folks in its research group. The summary: Man, did we screw up.

I emailed my contacts there and got an early draft of the release:

"This was a screw up, and we're angry and upset about it. It was an innocent enough attempt to reach out to the academic community with new research tools, but it was obviously not appropriately vetted, and if it had been, it would have been stopped in an instant.

Although there was no personally-identifiable data linked to these accounts, we're absolutely not defending this. It was a mistake, and we apologize. We've launched an internal investigation into what happened, and we are taking steps to ensure that this type of thing never happens again.

Here was what was mistakenly released:

* Search data for roughly 658,000 anonymized users over a three month period from March to May.

* There was no personally identifiable data provided by AOL with those records, but search queries themselves can sometimes include such information.

* According to comScore Media Metrix, the AOL search network had 42.7 million unique visitors in May, so the total data set covered roughly 1.4% of May search users.

* Roughly 20 million search records over that period, so the data included roughly 1/3 of one percent of the total searches conducted through the AOL network over that period.

* The searches included as part of this data only included U.S. searches conducted within the AOL client software."



http://techdirt.com/articles/20060807/0859250.shtml

VA's Plan To Advertise Value Of Data Leak Worked

from the in-hindsight dept

Back in May, following the theft of one of its employee's laptops containing personal data on 50,000 veterans, the VA tried a new version of security-via-obscurity. It first said that chances where the thieves had no idea about the data, and probably just stole the laptop for its resale value. They then followed this up by doing their best to make them aware how valuable it was, putting up a $50,000 reward and pumping it up in the press. The FBI said at the end of June the machine had been recovered, and now, the thieves have been apprehended, and told police they didn't know they'd gotten anything more than a random laptop until -- yes, you guessed it -- the theft got publicized. Admittedly, companies or governmental groups in this situation are in a bit of a bind. They need to own up to people whose information they've lost that they are at risk, but should exercise a bit of restraint in putting the story out so they don't alert otherwise ignorant thieves to the real value of the computers they've stolen. Though undoubtedly any attempt at restraint is likely to be interpreted as a cover-up or ignoring the problem. The real solution, of course, is to prevent the data leaks. While the question of whether or not the data in the VA case is at risk seems to be answered, the bigger question remains: why did an employee have the personal information on 26.5 million veterans on a laptop, let alone at their home?



Oh my, not again!

http://www.washingtonpost.com/wp-dyn/content/article/2006/08/07/AR2006080700470.html

Computer Stolen From VA Subcontractor

Missing PC May Contain Names, Social Security Numbers, Medical Data

By Mary Mosquera and Patience Wait Special to washingtonpost.com Monday, August 7, 2006; 4:54 PM

The Veterans Affairs Department today confirmed that a subcontractor, Unisys Corp., had informed the department that a desktop computer containing sensitive personal information of veterans is missing from the company's offices. It is the second VA data compromise in three months.

Unisys said the desktop computer contained billing records with information for veterans who sought treatment at two VA medical centers, one in Philadelphia and one in Pittsburgh. The information includes names, address, Social Security numbers and dates of birth. It does not include personal financial information.

... Unisys notified VA Aug. 3 that the computer was missing from its Reston, Va., offices. VA immediately dispatched a team to Unisys to assist in the search for the missing computer and to help determine the precise nature of the information it may have contained.

... "The building and floor where the computer was located require security protocols for physical access. Log-in and password protocols also were required to access the data, which were stored in a database on the computer," she said.

Initial estimates indicate the desktop contained information on approximately 5,000 patients treated at Philadelphia, approximately 11,000 patients treated at Pittsburgh and approximately 2,000 deceased patients. VA is also investigating the possibility the computer may have contained information on approximately 20,000 other people who received care through the Pittsburgh medical center.



http://slashdot.org/article.pl?sid=06/08/07/1821232&from=rss

Cashing in on Online Prediction Markets

Posted by timothy on Monday August 07, @03:12PM from the betcha-someone's-making-money dept. The Internet The Almighty Buck

garzpacho writes "BusinessWeek takes a look at the use of prediction markets to forecast business success. These markets have been taking the form of games online--the Hollywood Stock Exchange, for example, allows players to bet on the success of movies. Hollywood is currently one of the largest consumers of prediction market data, in part because movies' broad appeal leads to a large number of players, but also because the markets have been surprisingly accurate--92% in picking Oscar winners over the last three years. Because of this success, other industries are taking a look; pharmaceutical and tech storage businesses are currently working to set up their own markets."



Don't ya just love it?

http://www.wired.com/news/technology/0,71554-0.html?tw=rss.index

Giant Robot Imprisons Parked Cars

By Quinn Norton| Also by this reporter 02:00 AM Aug, 08, 2006

The robot that parks cars at the Garden Street Garage in Hoboken, New Jersey, trapped hundreds of its wards last week for several days. But it wasn't the technology car owners had to curse, it was the terms of a software license.

The garage is owned by the city; the software, by Robotic Parking of Clearwater, Florida.

In the course of a contract dispute, the city of Hoboken had police escort the Robotic employees from the premises just a few days before the contract between both parties was set to expire. What the city didn't understand or perhaps concern itself with, is that they sent the company packing with its manuals and the intellectual property rights to the software that made the giant robotic parking structure work.

The Hoboken garage is one of a handful of fully automated parking structures that make more efficient use of space by eliminating ramps and driving lanes, lifting and sliding automobiles into slots and shuffling them as needed. If the robot shuts down, there is no practical way to manually remove parked vehicles.

... "It's more of a problem than people imagine," says Bill Coats, Partner at White & Case. More complex licensing schemes are becoming common, from term licenses like those offered by Robotic to "Self Help Features" that allow venders into their software after the sale, and "time bombs," where the term in the license is backed up by code in the program which simply stops it working after a certain date.



Warning! This only works if you actually know what you are talking (bloging) about!

http://www.bespacific.com/mt/archives/012063.html

August 07, 2006

Resource on Marketing Your Practice with a Blog

Blawg: Marketing Your Practice with a Weblog, by Jim Calloway and Tom Mighell.



No one thought... I suspect we will see a number of cases like this, simply because it is obviously a dumb thing to do and there is no way to “prove” it didn't result in election fraud!

http://techdirt.com/articles/20060807/1241210.shtml

Would You Believe Letting Poll Workers Keep Voting Machines For Days Might Be A Security Problem?

from the not-so-secure,-huh? dept

While it's abundantly clear by now that electronic voting machines can be hacked, every time a new such report comes out, the e-voting machine companies respond that any such hack is improbable, since it would usually require some time alone with the machine, which would be nearly impossible under typical election settings. Of course, that doesn't take into account what happens before the election. In San Diego there's a lawsuit to invalidate an election in June because of questions over the e-voting machines. However, the really interesting part is that the lawsuit specifically calls out the practice of allowing "sleepovers." It turns out the county registrar of voters actually released the e-voting machines to poll supervisors days to a week ahead of time, and allowed them to store them however they saw fit between that time and the election. This is fairly common throughout the country, but isn't often discussed. While it's still a big leap to go from that fact to proving that the election was tampered with -- it does continue to raise questions about why we're trusting these machines when the opportunities for abuse are so great?



But you used the software! That's proof you agreed to the terms, right?

http://techdirt.com/articles/20060807/1544227.shtml

Does A EULA Wipe Out Fair Use Provisions?

from the everything-becomes-a-contract-dispute dept

It's no secret that almost no one actually reads end user license agreements (EULAs) these days -- because, if you would, you'd almost never agree to what's in the license. In fact, there is some question to whether or not EULAs are enforceable at all, since they are often agreed to without any chance to negotiate the agreement. Ed Foster is running a series of interesting posts about a recent Ninth Circuit case that may spell bad news for copyright law when it comes to EULAs. In the case, the Los Angeles Sheriff's Department was sued because they installed copies of a piece of software on all of their computers (it was part of the image), but then limited who could use it via some sort of security token. The software company claimed that all those installations were beyond the number of licenses. The department responded that since only a limited number of people could use the software via the security token, there was no breaking of the license (claiming that only copies of the software that were used should be considered "activated"). While the case was officially a copyright case looking at whether this violated fair use rules, in the end, it apparently hinged upon the EULA -- with the Ninth Circuit court ruling that basically having an EULA trumps the provisions in section 117 of the Copyright Act that allow for fair use, and making this entirely a contractual dispute over the EULA. As Foster notes, this effectively kills that part of the Copyright Act and allows firms to simply put in their EULA that you are only buying a license to the software, and therefore things like "fair use" don't even apply. Don't think other industries won't take notice and start creating EULAs for music and movies as well. Of course, this completely contradicts a ruling we wrote about last year in the Second Circuit, that noted a EULA could not trump your Section 117 rights. Two conflicting Circuit Court rulings is the type of thing that the Supreme Court looks for in taking on a case, so perhaps one of these days we'll see the Supreme Court take on EULAs, and whether or not they can get rid of your fair use rights.



Sounds like a business model to me! And musicians aren't stupid.

http://techdirt.com/articles/20060807/1723209.shtml

Note To Record Labels: Big Musicians Don't Need All Your Services (And Attached Strings) Any More

from the why-bother? dept

It's been clear for quite some time now that the RIAA's moves over the last few years have very little to do with "protecting the artists," as they claim. Instead, it's very much about saving the increasingly obsolete business model of the record labels -- who are often accused of cheating the artists. In the past we've noted musicians both big and small recognizing that there are better ways to do things, often by avoiding the record labels altogether. These musicians have embraced alternative business models that often support giving away their music and making money selling other products (concerts, CDs with extra material, access, travel arrangements for concerts, etc.). It appears that an artist management firm is really trying to embrace that view as well, describing itself as "artist-friendly" and trying to work out deals that take the power away from the record labels.

The article notes, by example, that Universal Music turned down a potential deal to distribute Ice Cube's latest album. The deal would have been for distribution only (something the labels are good at) -- leaving Ice Cube to pay his own way for production and marketing. However, Universal apparently said no, out of a fear that if it were successful, other big name artists would start realizing they didn't need the full suite of services (and the indentured servitude of a recording contract) either. Of course, if true (and Universal denies it), it would suggest that, yet again, the record labels are hastening their own demise. The power of the internet and other new technologies has definitely decreased the need for certain parts of the record labels' services -- but it doesn't mean they're completely obsolete. They are still strong in distribution and marketing -- and these are very valuable services. However, their insistence on presenting the whole package when it's not needed is driving musicians away, and that will just lead more to route around the labels completely. If they embraced the changes in the market, they'd realize there are still plenty of opportunities where they could make money, without resorting to suing thousands upon thousands of music fans, and making many others feel like criminals just for listening to music they like.



Oh boy! A “Learn brain surgery at home!” web site!

http://techdirt.com/articles/20060807/2219245.shtml

Lights! Camera! Incision! (Brought To You By The Scalpel Company)

from the this-surgery-sponsored-by... dept

theodp writes "Launched six years ago as a way for doctors to bone up on new techniques by watching their peers perform surgeries, OR-Live.com has recently begun attracting a new audience: patients who are curious about new procedures. Weekly viewership of the live and on-demand webcasts of surgeries has grown from 62,000 to 131,000 over the past year, with consumers making up 60% of the audience. And yes, video Podcasts are available." Of course, theodp leaves out perhaps the more interesting (and partly disturbing) part of the service. Each video is sponsored by a medical equipment manufacturer who is using the surgery to showcase their product -- in the best light possible. So these aren't representative surgeries, but ones where the equipment all works perfectly, which could be a bit misleading.



Do you support a specialized market?

http://www.ysearchblog.com/archives/000339.html

August 07, 2006

Announcing Yahoo! Search Builder

Look Ma, My Own Search Engine!

It’s always great to help a friend. A friend of mine who is a diver wanted a specialized search engine for his website focused on diving. At around the same time, an engineer at Yahoo! built a prototype that made building specialized search engines a snap. Now, whether you have a blog or website about diving, gaming, crafting, or anything in between you can create a search engine tailored for your users.

With Yahoo! Search Builder you can create a custom Web search engine by selecting a set of trusted sites to search across or you can tune the search algorithm to the topic of your choice. Beyond Web search, Search Builder includes Site search and News search.



Tools & Techniques

http://digg.com/security/JitterBugs_could_turn_your_keyboard_against_you

JitterBugs could turn your keyboard against you

tlmac59 submitted by tlmac59 20 hours 53 minutes ago (via http://www.physorg.com/news74167514.html )

Researchers warn against an entirely new threat to computer security: peripheral devices – such as keyboards – which could be physically bugged in an attempt to steal data. A class of devices that could covertly transmit data across an existing network connection without the user's knowledge has been identified. They are called JitterBugs.

No comments: