Saturday, July 08, 2006

July 8, 2006

Free CLE credits? I think this could be a good advertising technique for young lawyers...

Applied Discovery 2006 Summer Webinar Series

Already know everything there is to know about Zubulake, Morgan Stanley and the proposed amendments to the FRCP? Then you are ready for the advanced e-discovery issues explored in the Applied Discovery 2006 Summer Webinar Series.

Again, the comments are interesting. (Does the school think Dial-a-drug will appear on the phone?)

School Admins Demand Access to Students' Cellphones

Posted by Zonk on Saturday July 08, @05:34AM from the why-was-i-calling-paraguay dept. Privacy Communications

Reverberant writes "School administrators in Framingham MA have implemented a policy allowing them to not only confiscate cell phones, but also to search through students' cell phone data as part of their anti drug/violence efforts. Students claim that the policy is an invasion of their privacy."

It is inevitable. That's what the NSA does.

Privacy watchdog sniffs for signs of U.S. snooping

SIMON TUCK From Friday's Globe and Mail

OTTAWA — Canada's privacy watchdog has cast a wide net in its efforts to uncover whether the United States has gained improper access to Canadians' banking records, a spokeswoman for the Privacy Commissioner confirmed yesterday.

Have you noticed that news of a potential Identity Theft is released on Friday so it gets lost over the weekends?

Naval Safety Center Finds Personal Data on Website (From Naval Safety Center Public Affairs)

WASHINGTON--Naval Safety Center Finds Personal Data on Website

From Naval Safety Center Public Affairs

NORFOLK, Va. (7 July 2006) -- Personal information on more than 100,000 Navy and Marine Corps aviators and aircrew was discovered and removed from the Naval Safety Center web site yesterday.

The information was on the command’s publicly available website,, and included full names and social security numbers. The information was also contained on 1,083 Web Enabled Safety System program disks mailed to Navy and Marine Corps commands.

Rear Adm. George Mayer, Commander, Naval Safety Center, immediately had the information removed and an investigation is underway to determine how the information had been inadvertently posted. [Logs turned off? Bob] NSC is taking steps to recall the disks.

Too little, too late?

Is The Navy Trying To Patent The Firewall?

from the go-go-patent-system-go dept

Bruce Schneier has noticed that the US Navy is apparently trying to patent something that sounds suspiciously like a firewall. It could still be rejected, but just the fact that they filed such a patent in early 2005 suggests how much effort is being put into filing patents for old ideas just because the patent system seems willing to approve more often than not.

Yeah, but it's free!

Microsoft Adds Privacy Folder To Windows

Posted by Reverend on 07 Jul 2006 - 23:16 GMT

Microsoft has released an add-on to Windows XP that creates a password-protected "My Private Folder" for storing private documents and files. Some enterprise administrators immediately objected.

Microsoft Private Folder 1.0, which can be downloaded from the Redmond, Wash. developer's Web site -- users must prove that their copy of Windows is legitimate by running the controversial Windows Genuine Advantage (WGA) tool -- places the new folder on the desktop.

"It's a useful tool for you to protect your private data when your friends, colleagues, kids or other people share your PC or account," Microsoft said on the page dedicated to the new tool.

Commentators to the MSBlog site, however, quickly blasted the add-on.

"Have they even thought about the impact this could have on enterprises?" wrote someone identified as Stuart Graham on Thursday. "I'm already trying to frantically find information on this product so that a) I can block to all our desktops and b) figure out how we then support it when users inevitably lose files.

"I can see the benefit in this product for home users but it's a bit of a sloppy release by Microsoft (no documentation from what I can see and no enterprise management facilities)," Graham continued.

Private Folder 1.0 runs on Windows XP SP2.

Do you see why using a mere password is unlikely to protect anything?

Cracking the Secret Codes of Europe's Galileo Satellite

Source: Cornell University Released: Fri 07-Jul-2006, 20:40 ET

Newswise — Members of Cornell's Global Positioning System (GPS) Laboratory have cracked the so-called pseudo random number (PRN) codes of Europe's first global navigation satellite, despite efforts to keep the codes secret. That means free access for consumers who use navigation devices -- including handheld receivers and systems installed in vehicles -- that need PRNs to listen to satellites.

The codes and the methods used to extract them were published in the June issue of GPS World.

The god business must be profitable.

The Top 10 Power Brokers of the Religious Right

By Rob Boston, Church and State. Posted July 7, 2006.

Friday, July 07, 2006

July 7, 2006

Oh Lord, let me live long enough to see this happen! (Remember this every April 15th)

Say goodbye to the IRS

Interview by Christopher Lancette

Seventh district congressman John Linder (R-Ga.)... also the author of the FairTax, legislation that would change the U.S. tax system.

... Currently, the average taxpayer gives the government 33 cents of every dollar they earn. In our system, they would give the government 23 cents of every dollar they spend. [Great! Bob] Then we would provide to every household - every household - a cash distribution at the beginning of every month that would totally untax them up to poverty-level spending. [Huh? Potentially stupid! Bob]

Might be interesting to see what's happening in other states...

State: Thousands of Social Security numbers stolen

posted by: Jeffrey Wolf Web Producer Created: 7/5/2006 5:49 PM MST - Updated: 7/5/2006 10:30 PM MST

DENVER - Thousands of people have had their Social Security numbers stolen and then used by others to get jobs in Colorado.

State labor chief Rick Grice says he discovered the thefts when he asked his computer experts to check Social Security numbers filed by major employers for worker's compensation insurance.

There were 2,200 cases where a single number was used six or more times. One Social Security number was provided by 57 different employers.

... He also says that employers are not document experts. "The fraudulent market is huge. It's easy to reproduce a Social Security card. That's not an employer's responsibility. Employers can't do anything about that black market," said Buono.

Identity theft has been a growing concern, leading to the lawmakers this year to pass a law making such an offense a felony punishable by up to six years in prison. It was signed by Owens in May.


Top Financial Regulator Confirms Data Theft

Download this press release as an Adobe PDF document.

Boca Raton, FL (PRWEB)July 6, 2006 - The NASD, formerly known as The National Association of Securities Dealers has confirmed a burglary in its local offices resulting in the theft of 10 lap top computers. Though the burglary occurred on February 24, 2006, the regulator made no public mention of the breach until confronted with a Police Report on June 30th – over four months later.

The theft was uncovered by financial services executive and author Rogan LaBier, when investigating a rumor that such a breach had occurred. [Rumors got to outsiders before the managers responsible for security knew it? Bob] "It's potentially devastating" said LaBier, in an article sent to subscribers of a private newsletter. He also posted the Police Report and other documentary evidence to his website.

In a June 30th conversation with LaBier, NASD spokesperson Herb Perone confirmed that the break in did occur, but said that "there was no personally identifiable customer account information contained in the stolen lap tops." Perone also noted that because of this, "no notices were sent to individuals."

But LaBier found at least one individual who did receive a written notice from the NASD, reporting that his social security number, among other confidential records, was contained in one of the laptops stolen in the Boca Raton heist. The letter also states that the laptops were "password protected", and that gaining access "would require an unauthorized user to reformat the hard drive, [absolute nonsense Bob] or use special software to bypass the computers operating system." [like Knoppix, free and downloadable from the Internet Bob]

On July 3rd, LaBier spoke with Perone again. He questioned whether individual account records were in fact contained in those lap tops, and if so, how many. He also asked if the NASD was relying on the password protection in claiming that "no personally identifiable customer account information was contained on those computers." The Spokesman said he would get back to LaBier with an answer, but at this time, the NASD has still not commented.

According to Privacy experts, the relative strength of password protection is questionable. Doug Rehman, a retired Special Agent in the Florida Department of Law Enforcement and President of Rehman Technology Services in Mount Dora, Florida told LaBier "A password protection system is only as secure as the password is complex. Windows XP, for example, offers pretty much zero protection. Other systems can be nearly impossible to crack. If the passwords are less than eight characters long, professional software can crack those in a couple of days. Many users choose common or simple passwords, or keep the current passwords readily accessible, on post it notes, for example."

Just how many individuals may have had personal, confidential information on the stolen computers remains to be seen.

"What is so troubling," says LaBier, "is not so much the fact that the computers were stolen. It is that the NASD made the conscious decision to not reveal this theft to the public, and further, to create a response that might mislead the public to believe that no confidential financial information had actually been stolen. And apparently, nothing has been done about the incident other than working with local law enforcement, which considers the case inactive."

The NASD's Website describes the regulatory organization as "the primary private-sector regulator of America's securities industry... The NASD licenses individuals and admits firms to the industry, writes rules to govern their behavior, examines them for regulatory compliance and disciplines those who fail to comply."

The Boca Raton Police Department detective in charge of the investigation into the burglary believes that it was conducted for the lap tops themselves, and not for data contained in them. According to the Police Report, the perpetrators defeated the alarm system and several video surveillance cameras, [Yep, clearly amateurs... Bob] targeting the laptops and their power cords. The case is currently considered inactive. Whether or not the computers have made it into the hands of individuals capable defeating the password protection remains to be seen.

NASD's letter to Theft Victim Letter from NASD confirming the burglary of victim's confidential data. Uploaded: Jul 6, 2006

Police Report (pdf) This is the first page summary of the Boca Raton Police Department's report of the burglary. Uploaded: Jul 6, 2006 [Note that business and home phones are included Bob]

But never fear, the FBI is there to protect you! Their expertise is legendary, their security invincible!

Consultant Breached FBI's Computers

Frustrated by Bureaucracy, Hacker Says Agents Approved and Aided Break-Ins

By Eric M. Weiss Washington Post Staff Writer Thursday, July 6, 2006; Page A05

A government consultant, using computer programs easily found on the Internet, managed to crack the FBI's classified computer system and gain the passwords of 38,000 employees, including that of FBI Director Robert S. Mueller III.

The break-ins, which occurred four times in 2004, gave the consultant access to records in the Witness Protection Program and details on counterespionage activity, according to documents filed in U.S. District Court in Washington. As a direct result, the bureau said it was forced to temporarily shut down its network and commit thousands of man-hours and millions of dollars [obviously not a “per incident” budget Bob] to ensure no sensitive information was lost or misused.

The government does not allege that the consultant, Joseph Thomas Colon, intended to harm national security. But prosecutors said Colon's "curiosity hacks" nonetheless exposed sensitive information.

Colon, 28, an employee of BAE Systems who was assigned to the FBI field office in Springfield, Ill., said in court filings that he used the passwords and other information to bypass bureaucratic obstacles and better help the FBI install its new computer system. And he said agents in the Springfield office approved his actions.

The incident is only the latest in a long string of foul-ups, delays and embarrassments that have plagued the FBI as it tries to update its computer systems to better share tips and information. Its computer technology is frequently identified as one of the key obstacles to the bureau's attempt to sharpen its focus on intelligence and terrorism.

An FBI spokesman declined to discuss the specifics of the Colon case. But the spokesman, Paul E. Bresson, said the FBI has recently implemented a "comprehensive and proactive security program'' that includes layered access controls and threat and vulnerability assessments. Beginning last year, all FBI employees and contractors have had to undergo annual information security awareness training.

Colon pleaded guilty in March to four counts of intentionally accessing a computer while exceeding authorized access and obtaining information from any department of the United States. He could face up to 18 months in prison, according to the government's sentencing guidelines. He has lost his job with BAE Systems, and his top-secret clearance has also been revoked.

In court filings, the government also said Colon exceeded his authorized access during a stint in the Navy.

While documents in the case have not been sealed in federal court, the government and Colon entered into a confidentiality agreement, [so, we could get a set of instructions from the court? Bob] which is standard in cases involving secret or top-secret access, according to a government representative. Colon was scheduled for sentencing yesterday, but it was postponed until next week.

His attorney, Richard Winelander, declined to comment.

According to Colon's plea, he entered the system using the identity of an FBI special agent and used two computer hacking programs found on the Internet to get into one of the nation's most secret databases.

Colon used a program downloaded from the Internet to extract "hashes" -- user names, encrypted passwords and other information -- from the FBI's database. Then he used another program to "crack" the passwords by using dictionary-word comparisons, lists of common passwords and character substitutions to figure out the plain-text passwords. Both programs are widely available for free on the Internet. [see why passwords are not secure enough? Bob]

What Colon did was hardly cutting edge, said Joe Stewart, a senior researcher with Chicago-based security company LURHQ Corp. "It was pretty run-of-the-mill stuff five years ago," Stewart said.

Asked if he was surprised that a secure FBI system could be entered so easily, Stewart said, "I'd like to say 'Sure,' but I'm not really. They are dealing with the same types of problems that corporations are dealing with."

Complex investigation leads to complex litigation?

Drowning in data - complexity's threat to terror investigations

By John Lettice Published Thursday 6th July 2006 14:03 GMT

Analysis A Home Affairs Committee report into police detention powers, published earlier this week, concludes that police powers to hold terror suspects without charge will need to be extended from 28 days to 90 days - and, once the flimsier justifications (e.g. time needed for prayers) have been stripped out, technology is largely to blame. The Committee, which has an impressive track record of criticising the Government but somehow ending up agreeing with it anyway, takes into account the international nature of current terrorist threats, the security services' need to mount 'pre-emptive' operations in order to 'protect the public', encryption, the burden of data analysis, and the logistics of forensics in general in order to come to its conclusions.

... It's fairly easy to see how one facet of the problem, volume of cases, grows like topsy. The Forest Gate raid is by no means the only case where resource-intensive raids and arrests have been based on doubtful tips and flimsy evidence, and while for reasons of sub judice we can't go into many of these cases in any great depth, published data on the charges that have been brought is surely significant. Few terrorism arrests lead to terrorism charges, and in the case of 'Islamist' category arrests, the charges ultimately brought are often immigration, credit card or ID fraud related. People are pulled in because the security forces believe they 'might' be terrorists, 'might' be about to launch a huge chemical, biological, nuclear attack, 'might' be suicide bombers.

... * One gotcha of the arguments (bizarrely, they can all agree but still have arguments) is that the more publicity the issue gets, the more likely terror groups are to use encryption. Few do at the moment, and security awareness among Islamist groups (even the allegedly experienced ones) is frequently low. Another gotcha arises as and when encryption is widely used. If it's poor and badly set up, then it's easy to crack and you don't need the key. If it's properly set up, as Professor Ross Anderson put it to the Committee you either guess the password or give up. No amount of analysis time will have any bearing on this, and as far as the encryption issue goes, 90 days is neither here nor there.

Related stories

Homebrew chemical terror bombs, hype or horror? (4 June 2006)
DoJ pushes data retention on ISPs (1 June 2006)
Government wants encryption key offence in force (19 May 2006)
CIA defends unaccountable snooping (18 May 2006)
MoD opens doors on counter-terrorism lab (10 April 2006)
NSA searches for advanced data mining tech (27 February 2006)
Lords restrict terror website censorship plans (6 February 2006)
EC outlines anti-terror database measures (28 November 2005)
Home Office plans for science to tackle terror (23 November 2005)
Clarke calls for ID cards after imagining huge poison terror ring (14 April 2005)

Litman on the Economics of Open-Access

Jessica Litman (University of Michigan) has posted The Economics of Open-Access Law Publishing (Lewis & Clark Law Review, Forthcoming) on SSRN. Here is the abstract:

... Law journal publishing is one of the easiest cases for open access publishing. Law scholarship relies on few commercial publishers. The majority of law journals depend on unpaid students to undertake the selection and copy editing of articles. Nobody who participates in any way in the law journal article research, writing, selecting, editing and publication process does so because of copyright incentives. Indeed, copyright is sufficiently irrelevant that legal scholars, the institutions that employ them and the journals that publish their research tolerate considerable uncertainty about who owns the copyright to the works in question, without engaging in serious efforts to resolve it. At the same time, the first copy cost of law reviews is heavily subsidized by the academy to an extent that dwarfs both the mailing and printing costs that make up law journals' chief budgeted expenditures and the subscription and royalty payments that account for their chief budgeted revenues. That subsidy, I argue, is an investment in the production and dissemination of legal scholarship, whose value is unambiguously enhanced by open access publishing.

July 06, 2006

Copyright Law, Second Edition

Federal Judicial Center: Copyright Law, Second Edition, 2006, 241 pages.

  • "This monograph provides a concise overview of the law of copyright from its origins in the English common law through recent Supreme Court cases, designed to provide judges with a grounding in the essential concepts and statutory and case law in this specialized area. The monograph covers the duration and renewal of copyright, ownership of copyright, copyright formalities, as well as jurisdictional and procedural issues and the preemption of state law by federal copyright statutes. New material in this second edition includes updated case law, including Internet copying and music downloading; the Digital Millennium Copyright Act; judicial interpretation of Copyright Office regulations, decisions, and practices; and expanded coverage of contributory and vicarious liability, increasingly invoked by plaintiffs in infringement cases. The monograph covers developments in case law through May 1, 2006."

Fowler, Johnson, Spriggs, Jeon, and Wahlbeck on Network Analysis of Supreme Court Precedents
James H. Fowler , Timothy R. Johnson , James F. Spriggs , Sangick Jeon and Paul J. Wahlbeck (University of California, Davis , University of Minnesota , Washington University, St. Louis - College of Arts & Sciences , University of California, Davis and George Washington University) have posted Network Analysis and the Law: Measuring the Legal Importance of Supreme Court Precedents on SSRN. Here is the abstract:

Better than “My dog ate my homework?”

Police blotter: SBC sued over deleted screenplay

By Declan McCullagh Story last modified Fri Jul 07 06:09:49 PDT 2006

Police blotter is a weekly CNET report on the intersection of technology and the law.

What: An aspiring writer sues SBC (now AT&T) after a technician installing a DSL link allegedly deleted three screenplays from his computer.

When: A California appeals court ruled on July 5.

Outcome: Screenwriter basically gets no money.

What happened, according to court documents:

When Nicholas Boyd asked SBC to install a digital subscriber line (DSL), he got more than he bargained for.

In December 2000, a technician named James Kassenborg showed up, allegedly said that certain icons and files were not needed--and deleted all of Boyd's scripts and related projects when installing the connection.

July 06, 2006

Commentary on Style and Substance in Website Writing and Design

Putting the White Back in Strunk and White, by Christina Wodtke. "Style and appropriateness may seem like an odd duo, but they are not. Style is the natural result of the over-abundance of energy and unique perspective a designer—creative person—is gifted and cursed with. Appropriateness is what helps them guide it in its application."

Fighting fire with gasoline? Won't this result in a “how to” manual?

July 06, 2006

Government Funds Law School Analysis of Sensitive Gov't Docs. reported that "the federal government will pay a Texas law school $1 million to do research aimed at rolling back the amount of sensitive data available to the press and public through freedom-of-information requests. Beginning this month, St. Mary's University School of Law in San Antonio will analyze recent state laws that place previously available information, such as site plans of power plants, beyond the reach of public inquiries."

Isn't it a bit early to panic?

eBay Says You Can't Trust Google Checkout; Bans It From eBay

from the a-little-competitive-fun dept

When Google released its Checkout offering last week, there was a lot of discussion over whether or not it was a Paypal competitor. Most people agreed that while it did some of the same things, it was really targeting a different market. Even eBay made some statements to that effect. However, eBay's actions suggest that they actually are quite worried about Checkout. They've now banned eBay sellers from using Google Checkout, claiming that it's not trustworthy, since Google does not have a "substantial historical track record of providing safe and reliable financial and/or banking related services." That seems like a pretty weak statement. If they just want to block out a competitor, that's one thing. However, claiming that Google isn't trustworthy enough in financial transactions is clearly the company just coming up with a random excuse to hide behind to avoid admitting that they're actually worried about the new competition from a big player.

Wiki Demonstrates How Yellow Pages Are Obsolete -- Gets Sued For Its Efforts

from the yeah,-people-must-be-confused dept

It really is amazing that the yellow pages business directory business is still as strong as it is. In the age of the internet, selling ads in phone books is still a multi-billion dollar business -- though, those in the business must realize it's at risk. While millions of the books are distributed, sooner or later advertisers are going to wake up to the fact that most of these books are a complete waste, likely only to be thrown out (if touched at all). There are ways that yellow pages providers can move into the internet age (and a few are trying), but it seems there are going to be a few speedbumps along the way. The world's largest yellow pages publisher, Yell, who made about $2.4 billion last year has apparently unleashed its legal attack dogs against Yellowikis, a volunteer wiki-based yellow pages directory that lost a grand total of $500. The company is, of course, claiming trademark infringement, but it's hard to see how "yellow pages" can't be considered a generic term at this point. Furthermore, it seems incredibly unlikely that there's any confusion (which is what trademark law is supposed to be about: preventing consumer confusion) about the fact that Yell has absolutely nothing to do with Yellowikis. Of course, thanks to this news spreading, it's likely going to mean that Yellowikis will get a lot more attention, boosting the bottom-up threat to Yell's traditional business.

Are the document disclosed for this lawsuit fair game for others trying to build a case?

Direct Revenue Spyware Infected Company's Own Investors

from the whoops dept

We've followed the saga of spyware maker Direct Revenue for years. Back in 2004, they claimed they were changing their ways and becoming more transparent. Since then, we've noted repeatedly how the company continued its sneaky ways, eventually leading to a lawsuit filed in NY earlier this year. That lawsuit meant that a lot of internal documents were made public, revealing a lot about what went on at the company, suggesting it wasn't at all interested in really cleaning up its act. Business Week has now put together a very thorough piece using those documents and additional reporting to look at what was really happening inside Direct Revenue the past few years.

The story isn't likely to surprise many people. As if to answer our own question of how the company could possibly make money if it wasn't sneaky, the internal documents show that as soon as the company tried to be more transparent and less evil, people didn't want their software. That resulted in an email from one of the company's founders (that was written after those promises to be a good actor in the space) stating: "We need to experiment with less user-friendly uninstall methodologies." However, one of the more interesting stories concerns some of the investors who threw millions at the company (allowing its founders to pocket millions on their own as well). According to the Business Week piece, a managing director at one of the company's investors got infected by Direct Revenue's software, and couldn't get rid of it (of course). Eventually the company had to send its customer support director over to their investors' offices to fix the machine. Makes you wonder just what sort of due diligence the investors actually did before investing in this company.

The fool, he should have blamed it on lawn mowing... Now Mom & Dad can refuse to buy a new iPod, but insist he keep mowing the lawn! (This happened in Castle Rock)

Dude struck by lightning blames it on iPod.

jer2eydevil88 submitted by jer2eydevil88 8 hours 43 minutes ago (via )

Next thing he knew, he was in his bed, bleeding from his ears and vomiting. He was barefoot and had taken off his burned T-shirt and gym shorts. He doesn't know how he got back in the house.

More amusing than useful...

The Ten Commandments of Cell Phone Etiquette

bodiethelab submitted by bodiethelab 14 hours 44 minutes ago (via )

Light reading, enjoy a good laugh about your friends, colleagues and even yourself!

Thursday, July 06, 2006

July 6, 2006

Illinois university hit with security breach

By Dawn Kawamoto Story last modified Wed Jul 05 16:14:35 PDT 2006

Western Illinois University is notifying more than 180,000 people that their personal data is at risk after hackers entered its networks.

The university said it mailed the last of its notifications on Monday to people whose Social Security number, credit card account number and other sensitive information were on the student service servers in the security breach.

"The breach occurred on June 5 through our electronic student services system servers. They do frequent checks on their system and discovered the breach within hours after it occurred," [Very impressive!] said Darcie Shinberger, a spokeswoman for Western Illinois University.

The incident affects alumni and students who attended the institution between 1983 to the present, as well as 1,000 individuals who were there from 1978 to 1982. Anybody who purchased items online from the university's bookstore or who stayed at the university union hotel also may have had their data exposed, [Strange definition of “Student”] Shinberger said, but could not specify a date range.

The hacked servers house Western's electronic student services system, which is used to run the university's admissions Web site, financial aid, bookstore and hotel.

Western Illinois University distributed e-mail notices to those affected on June 15 and began following that up with mailings last week. It has not received any reports from its public safety office of individuals having their personal information compromised as a result of the incident, Shinberger said.

For the school to say it has no evidence that private information has been used to commit identity theft is disingenuous, said Avivah Litan, an analyst at research firm Gartner. Unless a school has taken an extensive review over an extended period, there's no sure way of determining whether the hackers have profited from the information, Litan said.

In addition, victims of identity theft will often turn to other sources to report the problem, such as their credit card companies or local police, before notifying the place where the breach occurred.

Following the incident, Western Illinois University, which serves 13,400 students and has an alumni base of 95,000, [13,400 + 95,000 = 108,400 Are the other 70,000 just passers-by?] began installing new security measures. It is reviewing its policies for storing information and handling online credit card information.

The security breach is not the first for the university. A few years ago, a student broke into Western's computer system and began rifling through his or her own virtual records.

"We have never had anything of this magnitude. This is a first for us," Shinberger said. "There are always risks when doing business online."

Perhaps one of the strongest indicators of the level of security at U.S. universities is that even after a string of major breaches at such places as Ohio University, Notre Dame University and the University of Texas, hackers continue to find their way into college computer systems.

The pervasiveness of security breaches there stem, in part, from the way educational institutions are set up. Universities and colleges desire an exchange of ideas and information and, as a result, maintain relatively open networks. Security experts have noted that this situation may well be to blame for security breaches at institutions.

No sweat. People who invest in hedge funds have no political clout.

Bisys Loses Details of 61,000 Hedge Fund Investors (Update2)

July 5 (Bloomberg) -- Bisys Group Inc. said personal details about 61,000 hedge fund investors were lost when an employee's truck carrying the files was stolen.

Backup tapes with the information, including the social security numbers of 35,000 individuals, were being moved June 8 between the Roseland, New Jersey-based Bisys RK business unit to another facility, said Amy Conti, a Bisys spokeswoman.

The loss by Bisys, a provider of administrative services to financial companies, is among more than 100 similar thefts reported since January by the U.S. San Diego-based Privacy Rights Clearinghouse. The organization's Web site shows two or more losses of sensitive records every week, including confidential information on 28.6 million U.S. veterans in a laptop stolen from the home of a Department of Veteran Affairs analyst.

The Bisys tapes can only be read with “sophisticated hardware and proprietary software,” [A tape drive?] Conti said in an interview from Roseland, New Jersey. “We began calling our clients last week to notify them.''

Conti, who declined to identify the hedge funds, said police and private investigators believe the tapes were thrown away. [Based on what? Their psychic detective? Bob]

The police are on the opinion that this was a joy ride, and the contents disposed of,'' she said. ``We believe these files weren't compromised, but we have a legal and moral requirement to let investors know.''

No doubt the information was just “Thrown away”

Payroll Firm Scammed Out of Personal Data

Scammer Asked for Data and Got It


July 5, 2006 — - The latest corporate data breach is from a company you may never have heard of, even though one in six American workers gets paid by the firm.

Automatic Data Processing, one of the world's largest payroll service companies, confirmed to ABC News that it was swindled by a data thief looking for information on American investors.

According to a company spokeswoman, ADP provided a scammer with personal information for an undisclosed number of investors who had purchased stock through brokerages that use ADP's investor communications services. Initial reporting indicates that these firms include a number of brand-name brokers, including Fidelity.

The company spokesperson said the data thief exploited a Securities and Exchange Commission rule that allows public companies to get names and addresses of shareholders from brokers, as long as the shareholder has not objected to the disclosure of such information.

The thief apparently impersonated a corporate officer from a public company and got ADP to send the information. The company declined to answer questions about its data security measures or why its existing measures did not prevent the data loss.

ADP refused to disclose the number of individuals affected by the data theft, but said that the loss, which occurred between November 2005 and February 2006, resulted in the "inadvertent disclosure" of investors' names, mailing addresses and the number of shares they held in certain companies. No Social Security numbers or account information were disclosed.

"ADP notified federal law enforcement authorities promptly after its discovery of the problem in February 2006," said Dorothy Friedman, an ADP spokeswoman, in a prepared statement. "Shortly thereafter, ADP notified its broker clients. Law enforcement authorities are continuing to investigate the matter."

Some customers whose personal data was compromised have received a letter from ADP. The three-page letter contains a list of 60 "affected companies," including HealthSouth and Sirius Satellite Radio among many smaller corporate names.

"We have been advised that the information disclosed was not sufficient by itself to permit unauthorized access to your account, and we have no evidence that the information on the lists has been improperly used," reads the customer notification. "However, we recommend that you be alert to any unusual or unexpected contact or correspondence that you may have with the listed public companies (or with anyone else) about your holdings in these companies."

The letter then goes on to encourage affected customers to consider contacting one of the national credit bureaus to discuss getting a fraud alert service. ADP says federal authorities are investigating the matter.

Identity theft can be low-tech too...

Personal data were sought, police say

Triangle Briefs: Published: Jul 06, 2006 12:30 AM Modified: Jul 06, 2006 03:12 AM

From Staff Reports

DURHAM - A Burlington man was jailed Tuesday after, authorities say, he was going door-to-door and posing as a government worker to gain residents' personal information.

Rashod Lamont Whitfield, 26, was charged with impersonating a law enforcement officer and resisting police after a deputy with the Durham County Sheriff's Office confronted him. Deputy Shane Fowler said Whitfield was knocking on doors on Hadrian Drive, asking people for their personal information. When the deputy confronted Whitfield, the suspect said first he was a Burlington police officer, then said he was the sheriff, Fowler said.

Dr. Frankenstein (without the grave robbing?),71276-0.html?tw=rss.index

Tweaking Genes in the Basement

By Allen Riddell 02:00 AM Jul, 06, 2006

In the 1970s, before the PC era, there were computer hobbyists. A group of them formed the Homebrew Computer Club in a Menlo Park garage in 1975 to trade integrated circuits and swap tips on assembling rudimentary computers, like the Altair 8800, a rig with no inputs or outputs and half a megabyte of memory.

Among the Club's members were Apple founders Steve Wozniak and Steve Jobs.

As the tools of biotechnology become accessible (and affordable) to a wider public for the first time, hobbyists are recapturing that collaborative ethos and applying it to tinkering with the building blocks of life.

Eugene Thacker is a professor of literature, culture and communications at Georgia Tech and a member of the Biotech Hobbyist collective. Just as the computer hobbyists sought unconventional applications for computer circuitry, the new collective is looking for "non-prescribed uses" of biotechnology, Thacker said.

The group has published a set of informal DIY articles, mimicking the form of the newsletters and magazines of the computer hobbyists -- many of which are archived online. Thacker walks readers through the steps of performing a basic computation using a DNA "computer" in his article "Personal Biocomputing" (PDF). The tools for the project include a $100 high school-science education kit and some used lab equipment.

Other how-to articles guide readers through cultivating skin cells and "Tree Cloning" -- making uniform copies of plant tissue.

Thacker calls the spirit of his article "playful," but adds that it's entirely possible that hobbyists could be part of the future of important biotechnology.

"The people in the Homebrew Computing Club didn't all aim to be Bill Gates," Thacker said. "Nobody knew what was going to happen. There was an interest in the technology as it first became accessible to people who didn't work in big corporations."

The Collective is the inspiration of Natalie Jeremijenko, who began the Collective in 1997. An artist and professor of Visual Arts at the University of California at San Diego, Jeremijenko says the virtue of the hobbyist's "hands-on, DIY mentality" lies in its power to engage a wider audience in the issues surrounding biotechnology.

"Messing with the stuff of the future allows you to have an opinion and to participate in the political process that determines our technological future," she said. "It's a little theoretical; it's also fun."

She conjures Benjamin Franklin as the patron saint of the hobbyist. Rather than appealing to God or to experts, Franklin appealed to the "sense-making of the everyman," she said.

With the tools of the biotech amateur now available for purchase -- used laboratory equipment has its own section on eBay -- some have asked why "garage biotech" has not spread even further.

The main factor limiting an amateur biotech community is the immaturity of the technology, according to Drew Endy, a biological engineering professor at MIT. "Even though it's cheap it's extraordinarily difficult," he said. "The technology isn't reliable enough."

And there's another reason.

"People are very comfortable manipulating silicon," said Endy. "A lot of people, to be blunt about it, are not comfortable with taking responsibility for the manipulation of genetics."

Kim Coghill, a spokeswoman for the Biotechnology Industry Organization, was wary of a potential Bill Gates of biotech starting out as an amateur. "I hope he's not doing (something) in his basement without the guidance of the FDA," she said.

All the members of the collective are familiar with the case of Steve Kurtz, a professor and artist who has had to defend himself against accusations of "bio-terrorism" after local police happened upon his amateur home lab in May 2004.

He says his case has had a moderate "chilling effect."

"Amateurs need experts," Kurtz said. "We come to them with ideas and ask them for help. Scientists are (now) a lot more hesitant to get involved."

Kurtz adds that Tepnel, the company selling a biokit used to conduct a homebrew test for genetically modified organisms designed by Critical Art Ensemble, now refuses to sell to the general public.

While inconvenient, none of these obstacles will stop amateur engagement in the long-term, says Kurtz.

"They're not doing it because it's trendy -- people like the Biotech Hobbyist Collective," he said. "They authentically believe in what they're doing."

July 05, 2006

Most Large North American Organizations Subjected to Security Breaches

Press release: "CA today announced a new security survey of 642 large North American organizations which shows that more than 84% experienced a security incident over the past 12 months and that the number of breaches continues to rise. According to the findings, security breaches have increased 17% since 2003. As a result, 54% of organizations reported lost workforce productivity; 25% reported public embarrassment, loss of trust/confidence and damage to reputation; and 20% reported losses in revenue, customers or other tangible assets. Of the organizations which experienced a security breach, 38% suffered an internal breach of security."

July 05, 2006

Handbook on Military Law

Steven Aftergood: "The 2006 edition of the Operational Law Handbook (598 pages, PDF) published by the Army Judge Advocate General is "a 'how to' guide for Judge Advocates practicing operational law. It provides references and describes tactics and techniques for the practice of operational law."

Related government documents:

Show me the software, then show me the “fixed” software. (Then show me the law/contract that says you don't have to pay when you lose...)

New Casino Business Model: Any Time Someone Wins, Blame The Software

from the stacking-the-odds dept

Everyone knows that casinos stack the odds against players. That's the business model. However, every once in a while they need to pay out large amounts, because it's the possibility of such payouts that keep people coming back, despite their long odds. It appears one casino has come up with an ingenious method to stacking the odds even further: when someone wins a big jackpot on a computerized Keno machine, just claim the winning results were a software glitch and refuse to pay (found via digg). The men who did not get their prize are hiring lawyers to discuss the matter. The casino claims that they're not liable for any "malfunction." Of course, the article isn't entirely clear on exactly what the malfunction was -- but it seems like they should pay up, and if they have a problem with the machine, they should take it up with the machine's manufacturer.

Wednesday, July 05, 2006

July 5, 2006

18” guns are okay, but no more of that irritating “ping ping ping.”

Judge Orders Navy To Temporarily Stop Using Sonar

July 4, 2006 6:49 a.m. EST Hector Duarte Jr. - All Headline News Staff Reporter

San Francisco, CA (AHN) - A federal judge in California has ordered the Navy to temporarily halt using sonar because it could be harmful to whales and other sea mammals.

... On Friday, the Defense Department gave the navy a six-month exemption from the Marine Mammal Protection Act, to allow the use of its sonar, for the first time in six months.

... She noted the Navy should have taken steps to conduct the exercise in a less densely-populated marine environment.

July 04, 2006

All 50 States Linked to DOJ National Sex Offender Public Registry Site

DOJ press release, July 3, 2006: "All 50 states are now participating in the National Sex Offender Public Registry (NSOPR) Web site, the Justice Department announced today. South Dakota and Oregon have now been added to the Web site, which provides real-time access to public sex offender data nationwide with a single Internet search. The Department of Justice-sponsored site allows parents and concerned citizens to search existing public state and territory sex offender registries beyond their own states." [Note: "Information from the various state Web sites is not hosted by the Department, and the Department has neither responsibility for nor control over the information available for public inspection or search from individual state Web sites that are accessible through this Web site."]

Well, we wouldn't want Microsoft to have a monopoly.

It’s not just Windows. OS X phones home too.

4 July 2006 Tim Gaden Mac, X Factor

Daniel Jalkut has discovered that Windows Genuine Advantage is not the only piece of software that phones home to check in. Mac OS X 10.4.7 gets lonely too.

Using Little Snitch, an app that monitors network traffic on your Mac, he caught the home-sick culprit, a new Dashboard process called dashboardadvisoryd.

Every now and then it “phones home” to Apple to check that your Daskboard widgets are up-to-date. At least that’s what Apple says in its 10.4.7 release notes.

The important issue here, Jalkut notes, is one of transparency. While nothing untoward is going on, [prove it! Bob] it is still that process is hidden, operates without telling the user what it is doing and can’t be turned off:

In an era when consumers are being encouraged to take responsibility for their own safety in the interconnected world, Apple and others should respect the boundaries of our “digital house” by at least keeping us in the loop about what is being done on our behalf. I can find no documentation about what Apple is choosing to send and receive on a regular basis from my Mac. Keep me in the loop, Apple. And if I’m not comfortable with it, give me an option (short of Little Snitch) for turning it off. It’s my computer, after all.

Can you see this as a business model?

BBC to offer 'personalised' radio

The BBC wants to allow audiences to create personal radio stations from its content, its director general has said.

The planned service, provisionally called MyBBCRadio, was revealed by Mark Thompson at the Radio Festival in Cambridge.

It aims to give audiences more control by combining existing services such as podcasts and the BBC Radio Player.

It will be part of the BBC's iPlayer, a free service which will also offer seven days of BBC TV on demand.

Thompson said MyBBCRadio would use peer-to-peer technology [RIAA is going to freak out! Bob] to provide "thousands, ultimately millions, of individual radio services created by audiences themselves".

The BBC hoped to share these ideas with the commercial sector, he added.

Online success

The personalised radio scheme is expected to build on the success of the BBC's online radio services.

In March, the corporation said people had listened to 20 million hours of BBC content online, using everything from live streams to downloaded programmes.

The most requested shows include BBC Radio 4's long-running soap opera The Archers, and Chris Moyles' BBC Radio 1 breakfast show.

In May, audiences downloaded 4.5 million BBC podcasts.

In his speech, Mr Thompson said the corporations' governors would decide on whether podcasting would become a permanent service later this year.

The decision will be based, in part, on a study of how the BBC's podcasts affect the commercial sector.

The governors will also look into the market impact of Radios 1 and 2 following criticism from commercial competitors, said Thompson.

However, he defended the stations, saying they had been successful "not because they've become more like their competitors but because they've become less like them".

"If you've got a problem with a popular BBC, the people you're picking a fight with are the British public," he added.

Russia lifts controls on currency

Russia is lifting controls on its currency, the rouble, making it fully convertible.

The move allows Russians to open foreign bank accounts and will ease restrictions on foreign investors.

So everyone can agree on the process...

Online Service for Creating and Sharing Flow Charts or Diagrams

Filed under: Net-Tech-Tools

I am a flow chart nerd. I use them in documenting procedures and figuring out evaluation processes. So I was very happy to see that Gliffy is available. Gliffy ( is an online service that allows you to create flow charts and other diagrams online. At the moment it’s in beta, and it’s free.

July 1, 2006

Search Multiple Information Sources With Opsdo

Filed under: Search Engines

I wanted to look a bit askance at a search engine which, on its first visit, recommends I visit its “how to use” page. That obscure, that complex, or that different? Whatever, Opsdo’s interesting, though you have to pay attention to how Opsdo is presenting search result pages. Opsdo’s at and is in Alpha 2.

July 04, 2006

Links to Public Wi-Fi Hot Spots Around the Country

ABCNews Wireless America: "As a service to readers, we've compiled a list of public Wi-Fi access points in the nation's 30 most populous cities."

July 04, 2006

Knight Science Journalism Tracker

"The Knight Science Journalism Tracker is a new Web-based service for journalists who cover science, environment and health... It's a service of the Knight Science Journalism Fellowships. Our goal is to provide a broad sampling of the past day's stories in these areas and, where possible, of press releases or other news tips related to generation of news in the general circulation news media. Our goal is to have a new batch of posts up each day by 1 pm Eastern time."
[Note: the archives date back to April 27, 2006]