Friday, December 22, 2006

Well, thanks Al Gore! I've got 24 inches of global warming in my driveway.


Strange quote...

http://www.mercurynews.com/mld/mercurynews/news/local/states/california/peninsula/16289017.htm

Stolen server holds 2,500 Social Security numbers

By Truong Phuoc Khánh Mercury News Posted on Thu, Dec. 21, 2006

A computer stolen from Santa Clara County's employment agency contained the Social Security numbers of 2,500 people who are being advised to take steps to protect themselves from identity theft.

The risk to clients is not believed to be high because the information was encrypted by passwords, [Let's hope the reporter got this wrong. Data can be encrypted or access can be controlled by passwords, but “encrypted by password” is a non-sequitur... Bob] according to a statement from the county. Only those who have used the PESCO software to assess their job skills are affected.

The theft was discovered last week and reported to police Friday.

Three computer servers were stolen from an unoccupied building undergoing construction. [No doubt move there to make it easier for the thieves... Bob] Because of electrical work, the power had been turned off and the alarm was not working. Two of the servers did not contain client information; the third server did. The information included names, Social Security numbers and job skill assessments, but not addresses or telephone numbers.

The county is notifying affected clients.



I wonder if this is the end to it?

http://www.infoworld.com/article/06/12/21/HNrootkitgrows_1.html?source=rss&url=http://www.infoworld.com/article/06/12/21/HNrootkitgrows_1.html

Sony rootkit settlement with states reaches $5.75M

Two days after reaching settlements worth $1.5 million with Texas and California, Sony agreed on Thursday to pay another 40 states to end investigations

By Robert McMillan, IDG News Service December 21, 2006

Sony BMG Music Entertainment's botched attempt to stop unauthorized music copying has cost the company another $4.25 million.

Two days after reaching settlements worth $1.5 million with Texas and California, Sony agreed on Thursday to pay another 40 states the money to end investigations into its use of two copy protection programs: First 4 Internet's XCP (extended copy protection), and MediaMax, written by SunnComm International.

In a statement, Sony said it was pleased with Thursday's settlements.

... Sony has reportedly also reached a tentative settlement with the U.S. Federal Trade Commission in the matter, although nothing relating to that investigation was announced Thursday. Sony settled a class-action lawsuit over the software in May.

As with the California and Texas agreements, residents of the 40 states that settled with Sony are entitled to up to $175 in refunds for damages that may have been caused to their computers. The settlements also limit the ways that Sony can use copy protection software in the future and require that the company notify consumers if it uses this kind of software.

A list of the states covered in Thursday's settlement can be found in the Massachusetts statement.

Sony has set up a Web site with information for consumers on the matter. It is expected to eventually include information on how to file a claim under these latest settlements.



I hope the ruling includes the requirement that notice is given online – as easy to find as the content itself. Otherwise we get back to the individual request for each item...

http://techdirt.com/articles/20061221/191554.shtml

Judge Says No Deep Linking To Videos

from the that's-a-problem dept

Deep linking is apparently an issue that just won't die. You would think, by now, people would realize that if you put something on the web, people can link to it. If you don't want them to link to it, then don't put it online, or put in place one of the incredibly easy technical methods to redirect traffic that comes into the content you want to hide. It's really not that difficult -- but too many people still haven't figured it out, and unfortunately some of them are judges. In the latest case, a federal judge in Texas has said that it's illegal to deep link to a video on another site if that site objects. The fact that linking is the core of the internet and the other site can easily put in place technical measures to stop it apparently isn't particularly important. Admittedly, part of the problem may be that the guy who did the linking also chose to defend himself rather than hire a lawyer, and apparently part of his legal strategy was to accuse the company suing him of "acting like Genghis Khan." You'd have to hope that a lawyer would be able to better defend the case and explain to the judge why this ruling doesn't make much sense -- but in the meantime, beware of linking directly to videos on other sites.


More...

http://news.com.com/2100-1030_3-6145744.html

Judge: Can't link to Webcast if copyright owner objects

By Declan McCullagh Story last modified Thu Dec 21 17:44:12 PST 2006

... What's unusual in the SFX case is that a copyright holder is trying to prohibit a direct link to its own Web site. (There is no evidence that SFX tried technical countermeasures, such as referer logging and blocking anyone coming from Davis' site.)

A 2000 dispute between Ticketmaster and Tickets.com suggested that such direct links should be permitted. A California federal judge ruled that "hyperlinking does not itself involve a violation of the Copyright Act" because "no copying is involved."



Like most users aware of this problem, I don't use Internet Explorer...

http://developers.slashdot.org/article.pl?sid=06/12/21/1836240&from=rss

Clipboard Data Theft Now Optional With IE7

Posted by Zonk on Thursday December 21, @03:08PM from the options-are-good dept. Internet Explorer Microsoft Programming The Internet

An anonymous reader writes "It's been known for a long time that Internet Explorer will happily allow any Web site to steal data that users have recently cut-and-pasted or copied into the Windows 'clipboard' data storage area. Well, now it looks like Microsoft has finally decided that this 'feature' was probably ill-advised, according to The Washington Post's Security Fix blog. IE7 throws up a warning asking whether users really want to let a site filch their clipboard data (Firefox, Opera and most other non-IE browsers forbid this behavior by default)."



Could this indicate that DHS has hired a lawyer? Nah...

http://www.washingtonpost.com/wp-dyn/content/article/2006/12/21/AR2006122101621.html?nav=rss_technology

Report Says TSA Violated Privacy Law

Passengers Weren't Told That Brokers Provided Data to Screening Program in '04

By Ellen Nakashima and Del Quentin Wilber Washington Post Staff Writers Friday, December 22, 2006; A07

Secure Flight, the U.S. government's stalled program to screen domestic air passengers against terrorism watch lists, violated federal law during a crucial test phase, according to a report to be issued today by the Homeland Security Department's privacy office.

The agency found that by gathering passenger data from commercial brokers in 2004 without notifying the passengers, the program violated a 1974 Privacy Act requirement that the public be made aware of any changes in a federal program that affects the privacy of U.S. citizens. "As ultimately implemented, the commercial data test conducted in connection with the Secure Flight program testing did not match [the Transportation Security Administration's] public announcements," the report states.

The finding marks the first time that the Homeland Security Department has acknowledged that the problem-plagued Secure Flight program has violated the law.

... A 2004 probe found that the TSA improperly stored 100 million commercial data records containing personal information on passengers after the agency said no data storage would occur.



For my technology law friends...

http://www.bespacific.com/mt/archives/013351.html

December 21, 2006

The Best (and Worst!) of Legal Technology 2006 From FindLaw

"The world of Legal Technology has...had its share of ups and downs in 2006, with companies spying on their boards, the treasury department spying on money transfers, and the government spying on, well, everyone! With all the spying going on, data security was certainly on everyone's mind in 2006, and several key stories arose out of the inability of companies and government agencies to protect their customer and employee data. The new Federal Rules of Civil Procedure also added to the mix with new requirements for companies and other potential litigants to keep in mind as they generate gigabytes and gigabytes of information every day." [Link]

[My favorite:

IT Security Issues Discussed in Recent Federal Decision
Despite the Department of the Interior’s repeated failures to meet network security standards, a federal appeals court recently vacated an order requiring the agency to disconnect its computers from the internet and internal networks. The detailed and specific IT security aspects mentioned in the opinion are noteworthy in light of recent and widespread data security breaches at government and private organizations. The decision also provides guidance for any organization seeking to improve its network security.
(read more)



Potentially useful – if you are disposing of your old computers improperly...

http://www.bespacific.com/mt/archives/013349.html

December 21, 2006

Consumer Reports Launches Online Electronics Reuse and Recycling Center

Press release: "Consumer Reports' environmental website has
launched an online Electronics Reuse and Recycling Center. The Center features thoroughly researched, unbiased, expert advice to help de-clutter your home and solve the huge and growing problem of electronics waste. It also features the results of a March 2006 nationwide, online survey including information about why people replace their electronics and what they did with their old equipment."



Perspective. Makes an interesting hypothetical (Also: Your tax dollars at play)

http://techdirt.com/articles/20061221/115606.shtml

Who'll Pay For C3PO's Social Security Benefits?

from the what-are-you-doing-dave dept

Despite the fact we can't create a robot that can navigate stairs without doing a face plant, there's apparently concern in some circles that robots may someday want the same rights afforded humans. A "speculative paper" released by the British government predicts that should robots eventually learn to reproduce, improve or think for themselves -- it's inevitable that they'll sue for equal rights. Once obtained, the robots would then drain government coffers, as "states will be obligated to provide full social benefits to them including income support, housing and possibly robo-healthcare to fix the machines over time," according to the report. Of course the very nature of a more efficient economy where robots comprise a significant portion of the labor force should hopefully mean an increase in the distribution of wealth, potentially offsetting the impact of having to pay the social security costs incurred by a legion of hard-working R2D2s. The paper admits we won't be worrying about any of this for at least another twenty years, assuming robots can first hurdle the monumental task of self-sustained bipedal movement sans fatality. Judging from existing robots, we've got a long way to go before sentient reproducing robots become societal burdens: the Japanese government this week honored its most innovative robot designs, which included a $3,454 robotic spoon, and a sensor wielding toy seal.



Looks like it could already be useful...

http://digg.com/tech_news/wikiHow_3

wikiHow

"wikiHow is a collaborative writing project to build the world's largest how-to manual. With your contributions, we can create a free resource that helps people by offering clear, concise solutions to the problems of everyday life. wikiHow currently contains 14,962 articles written, edited, and maintained primarily by volunteers" http://www.wikihow.com/Main-Page



Geek stuff? Security Managers: Does your policy cover this? Study this article carefully!

http://www.oreillynet.com/pub/a/network/2006/12/21/using-google-to-view-myspace-or-any-restricted-sites.html

Using Google to View MySpace or Any Restricted Site

by Wei-Meng Lee 12/21/2006

Editor's Note: A year ago, a reader with the handle of bigthistle posted one of our favorite hacks to hacks.oreilly.com, describing how to access restricted websites using the Google Translate feature. Acknowledging that our readers often have better ideas than we do, we recently asked Wei-Meng Lee to take a closer look at this technique, and he wrote up this awesome HOWTO based on the original submitted hack. For many more innovative ways to use Google, get your hands on a copy of our recently released Google Hacks, Third Edition.



I'm a sucker for these lists...

http://digg.com/tech_news/The_new_100_most_useful_sites_by_Guardian

The new 100 most useful sites by Guardian

Two years ago most Britons didn't have broadband and Web 2.0 was barely a twinkle in a developer's eye. Things have changed - as our cream of the crop for 2006 shows

http://technology.guardian.co.uk/weekly/story/0,,1975939,00.html



Another case of poor management – it took two months to figure out something that should be in the logs... Lots of fun questions thought: Was a crime committed? Why bring along the SWAT team? What was the basis for the search warrant?

http://digg.com/security/Swat_team_raids_High_School_student_s_house_for_changing_school_website

Swat team raids High School student's house for changing school website!

Some kid in high school has several armed police officers and the swat team attempt to break down the door to gain access to his house. All this because of a few harmless changes made to the home page of his High School website. Over $20,000 in electronics confiscated!

http://operationsuccess.blogspot.com/2006/12/why-swat-team-raided-my-house.html



Always amusing

http://www.pogowasright.org/article.php?story=2006122107272726

New State Laws Go Into Effect Jan. 1

Thursday, December 21 2006 @ 07:27 AM CST - Contributed by: PrivacyNews - State/Local Govt.

Residents in at least 32 states will wake up New Year's Day to a host of new state laws, according to a compilation of legislation from the National Conference of State Legislatures (NCSL).

... .Source - Government Technology

http://www.ncsl.org/programs/press/2006/pr061220.htm

PRIVACY

  • As of January 1, 2007 it will be illegal in Arkansas to publicly post or display an individual’s social security number or to require an individual to transmit their social security number via the internet unless the information is encrypted. (Arkansas 85th General Assembly, SB 335)

  • Employers in Maryland are no longer allowed to print an employee’s social security number on their paycheck or any part of the pay stub. (Maryland General Assembly, 2006 Regular Session, HB 388)

  • Victims of identity theft in Hawaii, Kansas, New Hampshire, Oklahoma, Pennsylvania, Rhode Island and Wisconsin will be able to place a security freeze on their credit reports. The security freeze will prevent credit reporting agencies from releasing information to unauthorized parties without the consumer’s authorization preventing perpetrators of the identity theft from obtaining additional credit. (Hawaii 23rd Legislature 2006, HB 1871; Kansas Legislature, 2006 Session, SB 196; New Hampshire General Court, 159th Session, SB 334; Oklahoma Legislature, 2006 Regular Session, SB 1748; General Assembly of Pennsylvania, Session of 2005, SB 180; Rhode Island General Assembly, 2006 Session, H 7148Aaa; Wisconsin State Legislature, 2005 – 2006 Session, AB 912)



Will this become a trend? We could add all felons to the registry for example... (What did you do to that phone to become a registered sex pervert?)

http://www.out-law.com/page-7598

Online criminals threatened with sex offenders' register

OUT-LAW News, 21/12/2006

Internet and email users can be added to the sex offenders' register for a whole slew of new offences after the Home Office drastically increased the number of relevant offences.

An unspecified range of offences related to internet and phone use has been added.

No comments: