Thursday, September 21, 2006

Many stories on HP. This isn't going to die a quiet death... WSJ also has a full 'timeline' – they at least are taking this seriously, why isn't HP?

H-P's Dunn Was Closely Involved In Leak Probe

Emails Point to Prime Role Of Chairman, Top Counsel In Setting Direction, Tactics

By PETER WALDMAN September 20, 2006; Page A3

... Ms. Dunn has said in interviews that she couldn't supervise the investigation because, as one of the H-P directors being investigated for leaking information to the media, she was a potential target of the probe. Instead, Ms. Dunn has said, she turned to H-P's security department to handle it.

However, H-P emails reviewed by The Wall Street Journal suggest that Ms. Dunn and Ms. Baskins were closely involved in helping direct the course of the investigation. The emails indicate that the two were kept well informed of the investigation's tactics and progress by the H-P security officials who ran the probe, as well as by some of the private investigators H-P hired to assist the computer company.

... H-P emails indicate that lawyers and others inside H-P knew the company was on shaky legal ground in going after personal phone records, yet pursued them anyway. On Jan. 28, 2006, Kevin Hunsaker, a senior ethics attorney in H-P's legal department, asked a colleague if it was legal to acquire people's personal text messages, presumably from their cellphone records.

Feds Haven't Paid From ChoicePoint Fund

The Associated Press By HARRY R. WEBER September 20, 2006

We have full faith that the FTC is working hard [Translation: These guys are 'hardly working' Bob] to come up with a process to ensure that the money we contributed [Interesting word choice... Bob] to help consumers is wisely spent for the benefit of anyone actually affected.

Nearly eight months after federal regulators trumpeted a settlement they secured with ChoicePoint Inc. over a data breach, the government has not paid any money to victims from a $5 million fund that was to be set up as part of the agreement.

The Federal Trade Commission also has not yet implemented procedures for how the 800 fraud victims it has identified so far can apply for and receive compensation from the fund, nor has it hired anyone to administer the fund on behalf of the agency, [We will clearly need this procedure in the future. This should be trivial – model it on the hurricane fund giveaways. Anyone want this job? Bob] said FTC spokeswoman Claudia Bourne Farrell.

... Jessica Rich, assistant director of the FTC's division of privacy and identity theft, [new to me Bob] said in a statement released to AP on Wednesday that 'law enforcement is still identifying victims and we want to make sure we have the right people.' [“We figure that if we stall long enough, everyone will die of old age and we can spend the money on new staplers...” Bob

All the techie sites have stories on Google...

Google Hoping Someone In Belgium Recognizes How The Internet Works

from the here,-let-us-show-you.... dept

Earlier this week, we wrote about how a Belgian court had ordered Google to stop indexing French and German speaking newspapers on their Google News site and within the Google cache. As we noted at the time, the ruling seemed confused, as it often mixed up the idea of Google News and Google cache (as well as how Google advertises, claiming that it advertised on Google News, which it does not). Since then, Google has appealed the case (which has been accepted) and also followed through on the demand that they remove those Belgian sources from their index (they did so for both Google News and the full Google index, on the Belgian versions only).

However, today, they're contesting the second part of the order, requiring the company to post the entire text of the order on the front page of each site, without any commentary from Google. Google is claiming that this is unnecessary and disproportionate. Instead, they are simply linking to an online copy of the order -- which seems to make a lot more sense. The best coverage of this story, however, may come from search engine expert Danny Sullivan who spent some time talking to the Belgian industry association that's pushing this. He comes to the conclusion that they don't really understand what they're doing and they don't really understand the internet. He tried discussing it with them, but it seems to come back to the same ridiculous thinking we've come across before: jealousy. The newspapers are jealous that Google has created something that's useful. Even though it adds great value to their sites, they feel that Google should pay them to make their sites more useful. It's this kind of thinking that pretty much dooms them to obsolescence. Google can get by just fine without them. Whether or not they'll be able to survive without Google giving them traffic is, perhaps, a more important question.

One of the “benefits” of global warming? (Just an aside: Does this suggest that the pole has less ice than the “northwest passage,” which is still blocked?)

Scientists Shocked as Arctic Polar Route Revealed

Posted by samzenpus on Thursday September 21, @04:24AM from the no-more-pesky-ice dept. Science

Paladin144 writes "A route unencumbered by perennial sea ice leading directly to the North Pole has been revealed by recent satellite pictures. European scientists indicated their shock as they noted a ship could sail from Europe's northern-most outpost directly to the pole, something that hasn't been possible during most of recorded human history. The rapid thawing of the perennial sea ice has political implications as the U.S., Canada, Russia and the EU jockey for control of the newly opened passages." [Because of the deep strategic significance? Bob]

...and I suspect that hiring from the outside helps too.

Vigilant vs. Operational Leaders: Changes at Ford, the Coke-Pepsi Fiasco, and Other Management Moments

Published: September 20, 2006 in Knowledge@Wharton

As Wharton marketing professors George Day and Paul Schoemaker see it, the recent and well-publicized travails of the Ford Motor Co. offer a clear example of the distinction between vigilant leadership and operational management.

To explain that distinction, Day and Schoemaker -- building on research from their recently published book, Peripheral Vision: Detecting the Weak Signals That Will Make or Break Your Company -- have identified four leadership traits: external focus, conceptual ability, organizational role and time horizon.

Vigilant leaders are more externally oriented: They are open to new ideas, seek diverse perspectives, listen to a wide array of sources and foster broad social and professional networks. Richard Branson, says Day, is an example: The inveterate inventor and promoter -- with 200 start-ups under his belt -- is now developing alternative fuels. Operational leaders are more narrowly focused, have less interest in outside opinions and confine their networking to familiar settings.

Think of it as preparation for travel!

26B Stroke 6 by Ryan Singel and Kevin Poulsen Tuesday, 19 September 2006

Not Security Theater, Security Game

Posted by ryansingel at 2:02 PM PDT

screenshot of airport security gameTired of whinging about the rules that prevent you from bringing bagels with cream cheese, but not bagels with butter, onto airplanes?

Give The Arcade Wire's Airport Security flash game a go and see how good you are at removing passenger's hemorrhoid cream, shirts, shoes and pants.

Careful, though, the game's pace and arbitrary rules might make you sympathetic to the poor folks who have to paw through your belongings at the airport.

Also, don't bring rules with you. For instance, snakes seem to be fine on the plane, until you get a security alert telling you otherwise.

Let me know if you can best my high score of 100 points.

I could ad a hottub, sauna, and a few thousand square feet without even hacking the system? Lets Homeowners Add New Info

By ELIZABETH M. GILLESPIE AP Business Writer Sep 20, 6:56 PM EDT

SEATTLE (AP) --, a real estate site that publishes estimated values for some 68 million U.S. homes, is now giving homeowners the chance to add newer information about their properties to its vast database.

Lots of “fun quotes”,1759,2018143,00.asp?kc=EWRSS03119TX1K0000594

Many U.S. Workers Favor E-Mail Monitoring, Research Shows

By Matt Hines September 20, 2006

Despite the implied submission of personal privacy, most workers at U.S.-based companies believe that their employers should be allowed to monitor electronic communications to help protect against misuse of sensitive data.

According to a report published by researchers from Iowa State University and network security software maker Palisade Systems, 100 percent of the workers the group surveyed at U.S.-based corporations said it was appropriate for companies to scan their employees' e-mail, instant messaging and other communications systems to ensure that people were not inappropriately sharing information with outsiders.

The study specifically asked if companies should be allowed to scan electronic communications for proprietary business data such as customers' personally identifiable information, including Social Security numbers, bank account data or credit card numbers.

By comparison, the study, which is based on interviews conducted with people working in 171 organizations in the government, university and commercial sectors, found that only 11 percent of survey respondents working for government agencies and 31 percent of people working for universities felt that employee communications should be monitored.

Researchers involved in the study said that the disparity in opinions is largely based on the realization among workers at U.S. companies that so-called insider threats represent one of the greatest dangers to data security, and that workers understand that businesses must keep a closer eye on their employees to prevent costly information leaks.

"What we've seen over the last 18 months is a rapidly growing acceptance in corporate America of monitoring behavior not only among executives who want to watch their employees, but also among employees in terms of understanding that anything they do using company resources can and should be watched," said Kurt Shedenhelm, chief executive of Palisade, which is based in West Des Moines, Iowa.

"In some cases such as the financial services industry, we obviously see the government requiring this type of activity via Sarbanes-Oxley and other compliance regulations.

While U.S. workers have increasingly accepted that their bosses might be reading their e-mails to ensure that critical data isn't being distributed without approval, the picture remains far less clear internationally, where some countries including Germany still bar companies from monitoring almost any employee communications, Shedenhelm said.

Among the changing trends within the context of scanning workers' electronic communications is a growing desire on the part of businesses to monitor instant messaging systems in addition to e-mail, according to Palisade, which markets software specifically designed to help companies perform such security tasks.

"Whereas 12 months ago everyone was scared about e-mail, there is now a move within more companies to monitor IM and other messaging systems as some experts contend that IM is becoming an even more broadly used business tool than e-mail," said Shedenhelm.

"Clearly people are accepting the fact that when you are operating within the walls or network of any company, anything that you do can be watched, and that regulations requiring companies to do so are only likely to become more stringent."

Among the other findings of the study, which was conducted by Dr. Doug Jacobson, a professor in the department of Electrical and Computer Engineering at Iowa State, was that 78 percent of the organizations surveyed stored, sent or accessed consumers' personally identifiable information or proprietary data on their computer systems.

Some 84 percent of the companies involved in the research said that they were already required by law or industry regulations to protect client records and information.

In addition, of all the organizations that said they handle and store private information, 83 percent said they maintain files that include customers' addresses and phone numbers, with 67 percent reporting that they still harbor people's Social Security numbers.

An additional 36 percent of those interviewed said they use customers' bank account information, and 30 percent said they store and handle customers' credit card data.

Of the organizations that maintain such databases of sensitive information, 64 percent indicated they have technology in place to monitor the data, but not to prevent mishandling of the files.

Some 30 percent of those firms said they can monitor content traveling out of the network by e-mail, but did not have tools in place to prevent such behavior.

An additional 16 percent of respondents said they can monitor specific content flowing out of their networks via instant messaging, but said they could not block such communications.

Only 13 percent of those surveyed said they could scan for information leaving the network by Web mail, with no ability to stop the practice.

Palisade Systems was founded in 1996 by Doug Jacobson, an Iowa State University professor of computer engineering.

Maryland Governor Wants To Scrap E-Voting Machines; Go All Paper For The Election

from the not-a-partisan-thing dept

Following all the problems (both technical and human) in last week's primaries in Maryland, combined with the rather damning report on the security of the machines put out by Ed Felten (which Diebold has responded weakly to, making all sorts of claims that don't refute anything Felten put in the paper), Maryland's Governor, Robert Ehrlich is calling for the state to scrap all of the e-voting machines for the November election and focus on paper ballots. This comes as even more problems were found with the electronic voting machines used in the election. Of course, the head of the Elections Board and the state Senate President are fighting against this plan, saying that they can "correct" the problems with the machines. That would be impressive, considering just how many problems have been found with Diebold e-voting machines over the years, and the company's blatant unwillingness to deal with them.

The rationale for keeping the machines also leaves us scratching our heads: "We paid millions. These are state-of-the-art machines." Two responses: The evidence is pretty clear that these are not state of the art machines. They're badly made, with ridiculously weak security, and a company behind them that bullies its critics, blatantly misleads in its responses to security problems and cracks jokes about their weak security when confronted. Therefore, it really doesn't matter how many millions you spent on them, the machines are a problem. The Senate President also accused Ehrlich of simply using this issue as a political ploy to rally his supporters. By the way, for those of you who want to believe e-voting is simply a big Republican conspiracy (based on some offhand remarks by Diebold's former chief), we should note that Ehrlich (who wants to scrap the machine) is a Republican, and the folks who want to keep the machines are Democrats. So, once again, we'll note that this is not a partisan issue. It's an issue about having secure, fair and accurate voting.

So you can do it from the customer keypad! DUMB!

Reprogramming Your ATM For Fun And For Profit (Mainly For Profit)

from the not-so-hard-at-all dept

There was some buzz last week after CNN showed a video of an ATM machine that had been programmed to believe it had $5 bills instead of $20s (so any withdrawal actually gave you 4X the money you asked for). The guy who did this just walked in and knew the code to reprogram the ATM. He then left the ATM programmed that way, and the ATM gave a lot of people extra money for nine days before someone pointed out the problem. So how easy would it be for anyone else to do this? Apparently it's ridiculously easy. With a bit of hunting online, it's not too hard to obtain a copy of the manual for the type of ATM machine used, including instructions on how to switch it to diagnostic mode. You do need a password, but the manual lists the typical default passwords that it seems likely many of these ATM owners failed to switch. Hopefully, this new burst of publicity over the issue will encourage owners of the machines to change their passwords -- but if you happen to see certain ATMs with unusually long lines in the near future (and don't mind committing fraud), you might want to withdraw some money.

Market gossip goes high-tech

By Saskia Scholtes in New York Published: September 20 2006 22:07 | Last updated: September 20 2006 22:07

Market gossip is to take on a more high-tech form thanks to a new automated system that will trawl through more than 40m internet sources – from blogs to regulatory filings – on behalf of hedge funds.

... “It’s important to know that the smoke is out there and that others see it,” he said. “There may be more information value in online trends in the aggregate: 5,000 more web mentions of a product than the week before could be an important signal for an analyst covering the product’s manufacturer.”

... Another example is internet search company Yahoo, which last week enhanced its finance site with a blog that compiles postings from portfolio managers, hedge fund managers and other finance professionals. Yahoo is making the change to help counter Google, which has links to blogs on its Google Finance website.

Where burglars go to select victims?

Monkey Bites

by Michael Calore Wednesday, 20 September 2006

Zebo Is Growing

Zebo now has 4.9 million global users. The social networking site that asks members to list what possessions they own officially launched last week. Zebo was even profiled in The New York Times, and in that article, their membership number was cited at 4 million. Today, a Zebo representative told me that the site's membership has now reached 4.9 million users globally.

No comments: