Microsoft releases guidelines for customer privacy
To counter accusations of misuse of consumer records, Redmond offers up recommendations for software developers
By Elizabeth Montalbano, IDG News Service October 17, 2006
Criticized in the past for an initiative that would require the company to collect and catalog personal information about its customers, Microsoft on Tuesday released an internal document about how it protects customers' privacy in the hopes other companies will adopt similar practices.
The company publicly published a 49-page document, called Microsoft’s Privacy Guidelines for Developing Software Products and Services, at the International Association of Privacy Professionals Privacy Academy 2006 in Toronto.
Ten security trends worth watching
Systems are growing more complex and cybercriminals more sophisticated, but it's often an enterprise's own users that pose the biggest threat
By Sumner Lemon, IDG News Service October 18, 2006
In a keynote speech that was webcast at last month's Hack in the Box Security Conference in Kuala Lumpur, Malaysia, Bruce Schneier, chief technology officer of U.S.-based managed security services provider Counterpane Internet Security, identified 10 trends affecting information security today.
Schneier outlined the following:
1.) Information is more valuable than ever. For example, Amazon.com relies on information to make purchasing of books easier through its one-click purchasing system. Similarly, when Internet retailer Pets.com went belly-up, the company's database of customers "was the only asset of value they had," he said.
Information also has value for controlling access, such as single sign-on and authentication for users, and law enforcement, which uses information to help track criminals and gather evidence.
2.) Networks are critical infrastructure. The Internet was not designed to serve as critical infrastructure. "It just sort of happened," Schneier said, noting that hasn't stopped more critical systems from migrating to the Internet. The Internet helps companies run more efficiently and eases communication between people, but there are real economic risks involved. "If the Net goes down, or part of the Net goes down, it really affects the economy," he said.
3.) Users do not necessarily control information about themselves. For example, Internet service providers have control over records of the Web sites that users visit and e-mail messages they send and receive. Also, some mobile operators keep a copy of users' phone books on their servers.
"There's a lot of value in information about you," Schneier said. "But you have no control over the security of that information, even though it may be highly personal."
4.) Hacking is increasingly a criminal profession. Hacking is no longer for hobbyists. More and more, attacks are organized and led by criminals who are driven by a profit motive. "The nature of the attacks is changing because the adversary is changing," Schneier said. Extortion related to denial of service attacks and phishing attacks are two examples of criminal attacks. In addition, there is a black market for exploits that allow attackers to penetrate corporate IT systems.
5.) Complexity is your enemy. "As systems get more complex they get less secure," Schneier said, calling the Internet "the most complex machine ever built." Advances in security technology simply have not kept pace with the Internet's growth. "Security is getting better, but complexity is getting worse faster," Schneier said.
6.) Attacks are faster than patches. New vulnerabilities and exploits are being discovered faster than vendors can patch them. In other cases, vulnerabilities in some embedded systems, such as Cisco Systems routers, cannot be patched, leaving companies vulnerable.
7.) Worms are more sophisticated than ever. They already contain vulnerability assessment tools, and are scanning corporate defenses for weaknesses and using Google for intelligence gathering. "This trend is a result of more worms being criminal."
8.) The end point is the weakest link. "It doesn't matter how good your authentication schemes are if the remote computer isn't trustworthy," Schneier said. In many cases, computers outside your company's security are the weakest link. [i. e. Contractor and Client computers Bob] These computers are often infected with worms and spyware, presenting an opportunity for attackers.
9.) End-users are seen as threats. Companies are increasingly developing software that is intended to defend against the end-user, Schneier said, citing DRM (digital rights management) software as an example. "More and more we're seeing security that doesn't protect the user, but protects against the user." In at least one case, involving DRM software installed by Sony without users' permission, the software caused damage to the end-user's computer. "Rules and regulation around this is going to be a big battleground," Schneier said, predicting that a battle will be fought between PC software that is protecting the user and software that is designed to protect against the user.
10.) Regulations will drive security audits. There’s no shortage of regulations that detail how companies should handle data. Regulations such as the Sarbanes-Oxley Act will be the driving force behind corporate security audits.
Marketing opportunities are where you find them.
Apple: "How to remove the Windows virus"
Posted by Sean @ 11:06 GMT Wednesday, October 18, 2006
First McDonald's and now Apple.
Apple Support has a very interesting notice available today. It seems that some of the iPod (video) units available for purchase from September 12th contain the RavMonE.exe virus. More details are available from: http://www.apple.com/support/windowsvirus/.
Also of interest is Apple's framing of this support issue. Note that the notice is located in a sub-folder named "WindowsVirus" rather than "virus". In fact, the words "Windows Virus" appear eight times while the actual name of the virus - RavMonE.exe - is mentioned only twice. Let's be clear, some Apple iPods have shipped with a virus that affects mass storage devices. So it might not be a Mac OS or an iPod issue. But this is an Apple issue, not just Windows.
"Small number", "less than 1%", "less than 25", "and easy to restore" are also mentioned frequently in the notice. With more than eight million iPods shipped in Apple's third quarter we would be interested in a raw number for that 1% effected by this. What's one percent of a few million?
From the notice: "As you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it." Whom do you think the people that bought those iPods will be more upset with?
Scholarly Electronic Publishing Bibliography 10th Anniversary
Filed under: Reference
Congratulations to Charles Bailey for making the 10th anniversary of the Scholarly Electronic Publishing Bibliography! For those of you playing along at home, this is version 64, and covers over 2,750 articles, books, and other resources related to scholarly electronic publishing online.
The HTML version is available at http://epress.lib.uh.edu/sepb/sepb.html .
Someday, every judge will have two blogs – pro and con...
Tim Wu and Stuart Sierra have built “Project Posner” — a free database of all of Judge Posner’s opinions. There isn’t a federal judge I respect more, both as a judge and person, and while I clerked for him, I can claim credit for only one thing that he’s done: The Posner-Becker Blog.
posted by [ Lessig ] on [ Oct 18 06 at 12:35 AM ]
It's Election Season, And The Web Is Letting You Know How Much Your Elected Officials Cost You
from the who-needs-a-law-for-transparency? dept
The bipartisan "transparency" bill sponsored by Tom Coburn and Barack Obama has received plenty of attention for at least shining some amount of light on the pork and back scratching that gets thrown into various bills and laws. However, you don't always need someone to pass a law to get transparency. While things like real-time fact checking may not be all that useful to the political process, taking existing data and making it easier to access can be quite helpful. We've already seen that with a bunch of online sites, such as those who track where political donations come from. Now, the website Washington Watch has launched a new effort as we head into election season to shine some more of that transparency light on politicians. It's showing just how much various laws passed by the last Congress cost or saved each American household. Of course, in some ways, it's a little unfair to reduce everything simply to a dollar amount. After all, some things are worth spending money on. However, it does provide yet another way to look at the data that most people never had access to previously.
Not all strategic decisions are wise...
Removing Features Is Not An Upgrade
from the strategic-stupidity dept
It's sometimes amazing at how the entertainment industry seems to make strategically backwards decisions sometimes. Just as they're finally recognizing that they really do need to compete with free -- and that that's absolutely possible -- someone goes and does the opposite. The way you compete with free is by embracing free as a promotional mechanism and then offering something else or something more that's worth paying for, that people want to pay for and that they don't mind paying for. It's about increasing value. Not so hard really... though you'd never believe it to watch the way the industry acts sometimes. The latest, as sent to us by John is an Engadget posting about Creative sending a firmware "update" to a few of its portable media players that fixes some bugs... and also disables the previously available feature for recording FM radio. Yes, this is a feature that existed one moment and is now gone. It's a feature that people may have paid extra for. It's a feature that may have convinced people to buy the Creative device for over the competition. And, for some reason, it's now gone. Hopefully, it's just an error -- but if it really is at the urging of the recording industry (as many are assuming -- perhaps too quickly), then it's a huge step in the wrong direction. It's trying to compete by making your own product less valuable, rather than increasing the value and offering something that's worth paying for. So, hopefully this is a mistake, but if it was done on purpose, it's definitely a step backwards.
Typical strategy? Beat up on the small players to establish precedent, then go for the gold?
Universal Music Sues Grouper and Bolt.com, YouTube Escapes
October 17, 2006 Pete Cashmore
The story everyone expected to see this week was a major media company suing YouTube over copyright. Well, Universal Music has indeed sued some video-sharing companies today, but thanks to a deal struck with YouTube last week, the market leader escaped unharmed. Instead it’s two smaller players - Bolt.com and Grouper - that face the wrath of Universal’s lawyers and a possible $150,000 in damages for every infringement.
Universal says that thousands of videos are being shared without permission, which would put the total figure owed in the hundreds of millions. According to Reuters, the charge is “copying, reformatting, distributing and creating derivative works from Universal’s musicians”. As it happens, the $150,000 figure is pretty standard in these cases: it’s the amount that News Corp, NBC Universal and Viacom could sue YouTube for if the site doesn’t offer them a decent cut of the revenue. A Universal spokesperson is quoted as saying “Grouper and Bolt… cannot reasonably expect to build their business on the backs of our content and the hard work of our artists and songwriters without permission and without compensating the content creators”. The lawsuit was filed in the U.S. District Court, Central District of California, late today.
It’s very strange that Bolt.com and Grouper in particular were called out, while Metacafe, MySpace Video, Guba, vSocial, Veoh and big players like Google Video have so far avoided any issues - none of these sites encourage the sharing of copyrighted content and all of them take it down when alerted, but the uploading of infringing material is inevitable when you run a decently-sized video sharing service. Grouper operates a P2P network which might be somewhat shady, but Bolt works just like YouTube and the other video-sharing services. It’s not even a particularly high-profile site. Universal, however, are comparing the services to Kazaa and Napster, which will seriously worry the parties involved. We can only assume that Universal at least approached the sites about the issue, or that they’ve been considering their options for a long time. Perhaps they spoke to a number of companies and YouTube were more willing to co-operate - we simply don’t know right now.
This lawsuit is almost certainly going to set the precedent for future legal action involving video sharing sites - everybody will be following the story closely.
On the other hand...
The Good News About 'GooTube'
webtech submitted by webtech 15 hours 9 minutes ago (via http://www.wired.com/news/columns/0,71943-0.html?tw=wn_index_7 )
As users fret about what YouTube/Google's label deals mean for the site's copyright-protected content, the silver lining goes unnoticed: Anyone can now legally make music videos using copyright music and upload them to GooTube. Commentary by Eliot Van Buskirk.
Google to score ad revenues coup: eMarketer
By Ben Charny, MarketWatch Last Update: 6:23 PM ET Oct 16, 2006
SAN FRANCISCO (MarketWatch) -- Google Inc. is on track in 2006 to become the first company ever to pocket 25% of all U.S. online ad spending in a calendar year, according to a new report from eMarketer, an online ad tracker.
For 2006, Google's expected to report U.S. advertising revenues of $4 billion of the $16 billion expected to be spent in 2006 this year in this regard.
Google's U.S. ad revenues represent a 65% jump from the $2.4 billion in comparable revenues Google reported last year, according to the upcoming eMarketer report.
The newly-revised figures eMarketer is to formally release Tuesday demonstrates how Google continues to pull away from Yahoo Inc., which is ranked second in this important revenue category.
,,, In 2005, Yahoo and Google had virtually the same amount of U.S. ad revenues. Yet by the end of 2006, Google is expected to pocket almost twice the amount of U.S. ad revenues as Yahoo, according to the new eMarketer report.