Saturday, July 15, 2006

July 15,2006

I wonder how I missed this one...

http://yro.slashdot.org/article.pl?sid=06/07/11/183219&from=rss

Patriot Act Bypasses Facebook Privacy

Posted by ScuttleMonkey on Tuesday July 11, @03:34PM from the if-you-don't-want-it-published dept. Privacy The Internet

Geoffreyerffoeg writes "An article from the National Association of Colleges and Employers contains yet another horror story about a prospective hire's Facebook being checked — with a different twist. The interviewee had enabled privacy on his profile, '[b]ut, during the interview, something he was not prepared for happened. The interviewer began asking specific questions about the content on his Facebook.com listing and the situation became very awkward and uncomfortable. The son had thought only those he allowed to access his profile would be able to do so. But, the interviewer explained that as a state agency, recruiters accessed his Facebook account under the auspices of the Patriot Act.' How can a 'state agency' use the Patriot Act to subpoena a Facebook profile?"


Has this company been used in the US?

http://www.theregister.co.uk/2006/07/14/fileswappers_protected/

File-swappers' identities protected by Dutch court

By Jan Libbenga Published Friday 14th July 2006 13:11 GMT

A Dutch appeals court has thwarted attempts by the Dutch anti-piracy organisation BREIN to get the identities of file-sharers from five ISPs, including Wanadoo and Tiscali.

The court found that the manner in which IP addresses were collected and processed by US company MediaSentry had no lawful basis under European privacy laws. A lower court in Utrecht had reached a similar conclusion last year.

The court also argued that the software MediaSentry uses can't properly identify users or provide evidence of infringement.

Last year, expert witnesses at Delft University of Technology criticised MediaSentry's software for being too limited and simplistic. For instance, MediaSentry took filenames in Kazaa at face value. More importantly, the software scans all the content of the shared folder on the suspect's hard disk. In that process, it breached privacy laws.

The Dutch Protection Rights Entertainment Industry Netherlands (BREIN) represented 52 media and entertainment companies and has been investigating 42 people suspected of swapping song files. Nine file-sharers decided to settle with BREIN.

BREIN says it will go to a higher court, but lawyer Christiaan Alberdingk Thijm, who represented the ISPs, sees the decision as an important victory.



It's not nice to mock the ignorant, even if they are politicians...

http://www.infoworld.com/article/06/07/14/HNtubes_1.html?source=rss&url=http://www.infoworld.com/article/06/07/14/HNtubes_1.html

Dance to senator saying 'Net is 'series of tubes'

Ted Stevens remarks catalyze a flurry of parodies

By Grant Gross, IDG News Service July 14, 2006

Commentary is spreading across the Web after U.S. Senator Ted Stevens described the Internet as a "series of tubes" during a debate on net neutrality June 28.

Stevens, the chairman of the Senate Commerce, Science and Transportation Committee, was speaking perhaps metaphorically during a rambling argument against a net neutrality amendment to a broadband bill. Stevens' apparent point: The Internet could be easily clogged with junk, and broadband providers should be able separate their own content from streaming video and huge personal e-mail files.

In part, Stevens, an Alaska Republican, said: "The Internet is not something that you just dump something on. It's not a big truck. It's a series of tubes."

Stevens continued: "And if you don't understand that those tubes can be filled, and if they're filled when you put your message in it, it gets in line, it's gonna be delayed by anyone who puts into that tube enormous amounts of material." Stevens went on to say that his staff sent him an "Internet" that was apparently delayed by 'Net congestion. (He may have meant that his staff sent him an e-mail.)

On an 11-11 vote, the committee rejected the amendment, which would have prevented broadband providers such as AT&T Inc. and Comcast Corp. from charging extra based on the type of content transmitted by Internet-based companies.

Stevens' underlying point hasn't stopped a series of parodies from popping up on the Internet. Earlier this week, Jon Stewart of The Daily Show with Jon Stewart broadcast Stevens' remarks. Stevens, who is noted for making impassioned arguments in the Senate, is a frequent target of Stewart jokes, and Stewart suggested this week Stevens doesn't understand the Internet.

Stewart's riff on net neutrality is on YouTube.com. (Warning: Stewart uses a bit of off-color humor, as usual for him.)

Stevens is also parodied in a techno dance mix making the rounds on the Internet.

A bit of controversy erupted this week when the blog and community Web site MySpace.com, owned by conservative businessman Rupert Murdoch, pulled another song parody, but the folk-music tribute to Stevens was back on the site as of Thursday.

If that's not enough political parody for you, do a Google search on Ted Stevens and "series of tubes" and find out what the bloggers are saying.

A Stevens spokesman didn't have an immediate comment on the parodies.



Perspective – see below

http://www.theglobeandmail.com/servlet/story/RTGAM.20060713.wnazi0713/BNStory/National/home

White supremacist jailed for nine months

Canadian Press

TORONTO — An unabashed neo-Nazi who defied an court order to stop spreading hated over the Internet was arrested Thursday after being sentenced to nine months in jail for contempt, a punishment his lawyer called harsh.


http://www.siliconvalley.com/mld/siliconvalley/15041024.htm

Posted on Fri, Jul. 14, 2006

FBI computer consultant spared jail time in hacking case

WASHINGTON (AP) - An FBI computer consultant who pleaded guilty to hacking the secret passwords of Director Robert Mueller and others will not serve any time in prison, a federal judge has ruled.

Joseph Thomas Colon of Springfield, Ill., was sentenced Thursday by U.S. District Judge Richard Leon to six months of home detention and ordered to pay $20,000 in restitution to the FBI.

Colon pleaded guilty in March to four misdemeanor counts of intentionally exceeding his authorized computer access.



http://digg.com/videos_educational/Original_Footage_of_the_Hindenburg_Disaster

Original Footage of the Hindenburg Disaster

Grovulent submitted by Grovulent 15 hours 34 minutes ago (via http://www.infectiousvideos.com/index.php?p=showvid&sid=0562&o=140&idx=3&sb=daily&a=playvid )

With the famous commentary - Oh the humanity!



...because it's inexpensive, lets you feel like you are doing something, and has (a minuscule) chance of causing real damage.

http://www.redherring.com/Article.aspx?a=17564&hed=Israeli+Web+Sites+Attacked

Israeli Web Sites Attacked

Fighting along Israel’s border has led to hacker attacks against hundreds of sites.

July 13, 2006

The fighting along Israel’s northern border with Lebanon has brought with it an upsurge in attacks on Israeli-related web sites in the past 24 hours, Israeli web sites reported Thursday.



Could we make this argument in this country? Note they they are not offering to stop using the cameras until the law is amended...

http://news.scotsman.com/uk.cfm?id=1029662006

Number plate cameras may be illegal

HAMISH MACDONELL SCOTTISH POLITICAL EDITOR

POLICE cameras which use automatic number plate recognition could breach human rights legislation, a leading surveillance expert has warned.

Sir Andrew Leggatt, Chief Surveillance Commissioner, [Interesting title... Bob] urged ministers in Edinburgh and London to bring forward legislation swiftly to ensure the equipment is in line with privacy laws and police are not prevented from using the cameras to provide evidence in court.

... The piece of legislation which is the focus of his concerns if the Regulation of Investigatory Powers Act 2000 (RIPA). Most of it covers the whole of the UK, although there is a separate law for Scotland dealing with devolved issues as well.

Together, they require police and local authorities to obtain authorisation for any operation involving intrusive surveillance. Authorisation is generally granted in relation to operations against specific suspects.

But Sir Andrew said that if an ANPR camera was set up to record any of the large number of vehicles which may have been entered on police computers as being suspect - and particularly if the system was linked to Highways Agency computer records - it was "unlikely" that the operation could be authorised under the terms of RIPA.



http://digg.com/linux_unix/NTFS-3G_-_Full_NTFS_read_write_support_for_Linux

NTFS-3G - Full NTFS read / write support for Linux

copperkidd submitted by copperkidd 8 hours 55 minutes ago (via http://sourceforge.net/mailarchive/forum.php?thread_id=23836054&forum_id=2697 )

Finally, a read-write ntfs driver, capable for unlimited file creation and deletion.



If true, this is a major escalation. If someone is giving these guys the weapons needed to reach Tel Aviv, Israel will stop dealing with the symptom and try to kill the source.

http://www.metimes.com/articles/normal.php?StoryID=20060715-063055-5521r

One dead after Hizbullah hits Israeli warship

By Emma Charlton AFP Published July 15, 2006

An Israeli sailor was confirmed dead and three remained missing on Saturday after Hizbullah struck a warship off the Lebanese coast in a dramatic display of the Shia guerrilla group's military capabilities.

... An army spokeswoman denied media reports that it had been struck by an explosives-laden drone [Hard to imagine that an unguided ballistic missile could hit anything 10 miles away. Bob]- but the strike was set to raise questions about the full extent of Hizbullah's strike capacity.

... According to Israeli media, the warship was 16 kilometers (10 miles) from the Beirut coast at the time of the attack and was hit in the stern. The army refused to confirm either detail.

... A foreign civilian vessel, believed to be Egyptian, was also hit and set on fire, its passengers and crew rescued by a third boat, according to an army spokeswoman, who gave no details of casualties on the ship. [Poor target identification? Bob]

Friday, July 14, 2006

July 14, 2006

See, it's not just backup tapes that get lost.

http://science.slashdot.org/article.pl?sid=06/07/13/1654200&from=rss

Apollo 11 TV Tapes Go Missing

Posted by timothy on Thursday July 13, @07:22PM from the check-the-roswell-basement dept. NASA Space

Richard W.M. Jones writes "On July 21st 1969, Honeysuckle Creek observatory brought us the first TV pictures of men on the moon. The original signals were recorded on high quality slow-scan TV (SSTV) tapes. What was released to the TV networks was reduced to lower quality commercial TV standards. Unfortunately John Sarkissian of Parkes Observatory Australia reports that 698 of the 700 boxes of original tapes have gone missing [warning: large PDF] from the U.S. National Archives. Even more worryingly, the last place on earth which can actually read these tapes is scheduled to close in October this year. The PDF contains interesting comparisons which show that if all you've seen are the TV pictures from the landing, you really haven't seen the first moon walk in its full glory."



http://www.securityfocus.com/brief/252?ref=rss

Researchers hunt comment spammers

Robert Lemos 2006-07-13

Microsoft researchers released details on Thursday about the software giant's Search Defender project, a tool created to discover the major sources of comment spam on the Internet.

The research project aims to remove the advantages that spammers gain through more efficient comment spamming techniques, looking for large networks that feed to central domains and asking Web hosters and search engines to shut down the doorway sites to those domains.

"Comment spamming is getting worse and worse, causing a lot of clutter," Yi-Min Wang, manager of Microsoft's Cybersecurity and Systems Management Research Group, said in an interview with SecurityFocus. "In this particular report, we basically describe an automatic method to find (the spammers) and we need the communities to help actually fight them."

The Search Defender system first creates a list of potential doorway sites--intermediate destinations that take victims who click on comment spam to a more central Web page--with a tool called SpamHunter which crawls the Web for comment spam using search engine queries to find other sites in the same network. Then, using another Microsoft research project, Strider URL Tracer, the system finds the central domains to which the doorway sites refer visitors.



This will change as soon as they start signing up virtual union members...

http://slashdot.org/article.pl?sid=06/07/14/0517202&from=rss

Teachers Union Opposes Virtual K-8 Charter School

Posted by CowboyNeal on Friday July 14, @07:36AM from the phoning-it-in dept. Education The Internet

theodp writes "'You can't sit a child in front of a computer and expect him to learn things he needs to succeed in society,' said unimpressed Chicago Teachers Union president Marilyn Stewart of the Chicago Virtual Charter School, which will open to Chicago elementary school students this fall if approved by the state board of education."



We don't need new laws to stop this, do we?

http://www.pressofatlanticcity.com/business/national/story/3328816p-12259082c.html

Federal protection for consumers

By EILEEN ALT POWELL, AP Business Writer (Published: July 12, 2006)

NEW YORK (AP) - Earlier this year, consumers who thought they were requesting a free trial of a tooth whitener from an Internet site soon found withdrawals of $106.90 from their bank accounts or similar charges to their credit cards, according to a nonprofit consumer education group.

Consumer Action, based in San Francisco, said it appeared that people who asked for the free samples were automatically enrolled in a recurring payments program for the product, whether they wanted it or not.

In this case, most of the victims of the scam had federal law on their side to get their money back, said Linda Sherry, a spokeswoman for the group.

... But, Sherry points out, "some of them can be confusing, so consumers have to make sure they're taking the right steps" in filing complaints and claims in a timely manner if something goes wrong.



It occurs to me that there is little in the literature to prepare people for CPO positions... Might make a useful article...

http://www.eetimes.com/news/latest/showArticle.jhtml?articleID=190400041

Commerce Dept. names Cresanti privacy chief

EE Times (07/13/2006 3:13 PM EDT)

WASHINGTON, D.C. — Commerce Secretary Carlos M. Gutierrez announced today the appointment of Robert C. Cresanti to serve as chief privacy officer for the Department, concurrent with his responsibilities as Under Secretary for Technology.

Cresanti would be the highest-ranking official to serve in this capacity in the federal government.



Here's a contrast...

http://www.washingtonpost.com/wp-dyn/content/article/2006/07/12/AR2006071201229.html

Top Cyber Security Post Still Unfilled After a Year

By Brian Krebs washingtonpost.com Staff Writer Wednesday, July 12, 2006; 4:40 PM

One year after the Department of Homeland Security created a high-level post for coordinating U.S. government efforts to deal with attacks on the nation's critical technological infrastructure, the agency still has not identified a candidate for the job.

... Rep. Zoe Lofgren (D-Calif.), a co-author of the bill that would have forced the department to create the position last year, did not mince words: "I think DHS is pathetic and incompetent. It's a complete mystery what's happening over there."



Was this not obvious?

http://www.governmententerprise.com/news/190400168;jsessionid=VWXIFS0MU2I4SQSNDLPCKH0CJUNN2JVN

UK Companies Must Protect Customer Data Even If Outsourced Overseas

By K.C. Jones Courtesy of TechWeb.com July 13, 2006

U.K. companies must protect customer data even if it sends the data overseas for outsourcing.

The British Information Commissioner's Office said this week that companies are responsible for data protection. They can be punished for breaches, no matter where they occur and no matter how the information gets out. The ICO recently issued new, more strict guidelines, for protecting personal information under the Data Protection Act.

The ICO specifically protects information transferred beyond the boundaries of the United Kingdom and states that companies should make sure their contractors are handling data safely.



http://www.eweek.com/article2/0,1759,1988728,00.asp?kc=EWRSS03119TX1K0000594

Most CFOs Harbor Security Concerns

By Matt Hines July 13, 2006

Chief financial officers continue to rank information security as their top priority as compliance auditors and the fear of public humiliation over data leaks drive new levels of IT security scrutiny, according to a new survey.

... A downloadable copy of Technology Issues for Financial Executives can be found at www.csc.com/solutions/managementconsulting/knowledgelibrary/2335.shtml.



http://news.com.com/2008-1028_3-6094146.html?part=rss&tag=6094146&subj=news

FBI's CIO faces agency's tech challenges

By Anne Broache Story last modified Fri Jul 14 05:58:15 PDT 2006

When Zalmai Azmi took the job of the FBI's chief information officer three years ago, he had a daunting task ahead of him: steering the agency's rocky computer modernization project back on course.

... CNET News.com spoke with Azmi about Sentinel's direction, the existing cumbersome systems and recent reports that a contractor hacked the FBI's computers.



Interesting tactic...

http://www.law.com/jsp/article.jsp?id=1152695127989

SBC Denied Access to Conn. Senator's Home Computer

Douglas S. Malan The Connecticut Law Tribune July 13, 2006

Gemini Networks Inc., in its ongoing feud with SBC Communications over legislation that would provide SBC with pricing flexibility, has lost an appeal to the Freedom of Information Commission that would have granted it access to the home computer of Connecticut Sen. John Fonfara, D-Hartford.

... Rowlenson, who was represented before the FOIC by Katherine A. Scanlon of Pullman & Comley's Hartford office, requested copies of any notes, drafts, memoranda, e-mails or other documents related to discussion of Senate Bill 1097. Gov. M. Jodi Rell vetoed the bill last summer as a result of ethical questions raised by Gemini. Because Fonfara used his private America Online e-mail account to send correspondence related to S.B. 1097, Rowlenson sought to obtain those e-mails through a request dated June 30, 2005.

... Rendering its decision last month, the FOIC sided with Fonfara on the matter, opining that any correspondence sent from or received on Fonfara's AOL account regarding S.B. 1097 included Gemini's counsel "who has copies of such e-mails, and ... therefore there is no practical reason to recover additional copies of such e-mails ..."



http://www.forbes.com/business/feeds/afx/2006/07/13/afx2878325.html

Apple drops legal challenge to online publishers

07.13.2006, 09:44 PM

SAN FRANCISCO (XFN-ASIA) - Apple Computer Co Inc has dropped its legal challenge against two Internet publishers who reported secret details about its new products, a lawyer said.



http://www.bespacific.com/mt/archives/011804.html

July 13, 2006

'Ethics Essentials' for New Judges

Administrative Office of the U.S. Courts: Ethics Essentials, a Primer for New Judges on Conflicts, Outside Activities, and other Potential Pitfalls (26 pages, PDF)....emphasizes the importance of understanding and observing ethics standards."



http://www.bespacific.com/mt/archives/011802.html

July 13, 2006

Markle Foundation Task Force on National Security in the Information Age Report

Press release: "The Markle Foundation Task Force on National Security in the Information Age released its third report today with recommendations on how to reconcile national security needs with civil liberties requirements. The report offers a new "authorized use" standard for government handling of legally collected information that bases authorization to view information on how the information is going to be used, rather than on the nationality of the subject or the location of collection. The report also proposes a new risk management approach to sharing classified information that balances the risk of compromising classified information with the security risk that can come from failing to share information with those who need it to understand the threats to national security."

  • Mobilizing Information to Prevent Terrorism: Accelerating Development of a Trusted Information Sharing Environment (100 pages, PDF)



Who in the organization would be responsible for looking for this kind of negative information? Personnel? Legal? PR?

http://techdirt.com/articles/20060713/0948251.shtml

Jobseekers Doing Online Background Checks On Employers, Too

from the role-reversal dept

With the growing popularity of social-networking sites and the increasing propensity for people to post all sort of information about themselves publicly online, there have been plenty of stories about how it can come back to haunt jobseekers. But in an interesting reversal, some sites are Web-2.0-ing the old Vault.com "bitch about your boss" idea to use similar tools to try to get some inside dirt on potential employers. One job-search site is relaunching with some social networking-like features where instead of connecting to make friends or get dates, jobseekers can get in touch with them to ask questions about their company. Of course, all this relies on employees actually caring enough to use the system, and giving honest information about their place of work, and perhaps their superiors. But with lots of employers monitoring employees' computer use, it's doubtful that too many workers would want to open themselves up to being directly contacted by strangers to talk openly about their employer -- particularly when some companies are even firing or suing employees for talking bad about them online. Perhaps the real lesson here is that instead of worrying about what their employees might say on a job board, hiring managers should just keep their pictures of swingers parties and tales of humiliating employees out of their MySpace profiles. After all, if they're doing Google background checks on applicants, the potential hires are probably looking them up, too.



Ain't technology great! (Is there a Class Action it the future based on “...it's too complex for non-geeks?” Perhaps a warning sticker: “Do not attempt to use this device if you are older than 12”

http://techdirt.com/articles/20060713/1049218.shtml

No, That Phone Isn't Broken, It's Just Unusable

from the how-do-you-turn-this-thing-on? dept

From the "Not Surprising At All, Really" file comes a new survey out of the UK that's found nearly two-thirds of the new mobile phones returned to a major retailer there as broken aren't broken at all, it's just that apparently they're so difficult to use people think they're broken. The poor usability of increasingly complex devices is symptomatic of the mobile industry's usability problems as a whole -- particularly with the mobile content and data services that are supposed to be driving its latest renaissance. A survey of people who used data services for the first time during the World Cup found that half of them won't use it again, citing poor ease of set up and use as significant reasons, while other content providers report embarrassingly low response rates to content-delivery messages, something largely blamed on, again, setup and usability problems. The sad thing is that these exact same types of stories and surveys have been published for many years, but very little meaningful action is taking place, particularly from mobile operators, who must bear a lot of the responsibility for ensuring users devices are set up properly when they get them, but also from handset vendors, most of whom don't devote enough resources to software and user-interface design.



http://techdirt.com/articles/20060713/1542253.shtml

Isn't Competition Supposed To Lower Rates?

from the oh,-right... dept

If you haven't been following what's been going on in Lafayette Louisiana, they've been having quite a technology battle. The local telco and cable company (BellSouth and Cox) have been spending millions of dollars fighting a proposed muni-fiber offering that the residents of the city voted for. The people of the city voted for it, even after push polls (designed to influence the vote, not accurately predict it) and silly threats from the incumbents. Ever since it was approved, however, the incumbents have been able to hold up the deployment by fighting it in court. Cox and BellSouth, of course, claim that such a muni network would represent unfair competition -- something they should know an awful lot about, since Cox was recently accused of anti-competitive practices in blocking out competitors in certain new housing developments. Apparently, from their point of view, "unfair competition" is just about any competition. Competition, of course, might force them to do something like offer more competitive rates -- something studies have shown isn't really happening yet. With that in mind, is it really any surprise to hear that Cox is now raising their cable rates in the city, even as they try to convince the courts that the muni-fiber network would be bad for the people of the city?



Great idea! Put FEMA in charge and the survivors of the 1906 San Francisco earthquake should get this service in just a few more months...

http://techdirt.com/articles/20060714/0316217.shtml

Should Telcos Provide Free Voicemail As Disaster Relief?

from the seems-like-a-decent-idea dept

We've all heard the stories: whenever there's any kind of disaster, phones (both landlines and mobile) become pretty much useless. The latest example where this was seen was with the bombings in Mumbai, India -- but it's a story that's been seen many times before. Following Hurricane Katrina, former telco exec Tom Evslin and VoIP pioneer Jeff Pulver started talking about a simple way to at least minimize this problem. They suggested to the FCC that telcos should simply set up free voicemail accounts for those whose phone lines were impacted by the disaster. It's a relatively simple plan. Basically, phone numbers that are unreachable will automatically go to a voicemail account. If the person associated with the phone number can access a phone somewhere, he or she can leave a message letting everyone know how they are. Family and friends can then easily leave messages, rather than repeatedly trying to contact a phone number that is unreachable. It would be easy enough for this all to take place far away from the disaster area, so calls could be routed elsewhere, also minimizing the influx of phone calls to an area. Pulver and Evslin worked out the details and realized this was incredibly inexpensive to implement, and figured it made sense for the FCC to mandate it. Not surprisingly, though, the telcos immediately trashed the proposal, claiming it was prohibitively expensive -- though Pulver and Evslin don't see how that's possible. On Thursday, Evslin and Pulver spent the day at the FCC, trying to talk to folks there about the plan. It sounds like they found interest and guidance, but it still sounds like there's an awful lot to be done, and the telcos don't seem willing to go along. If the original calculations are correct, it really isn't that expensive to provide -- and the goodwill gained (and the lack of news stories trashing the telcos for having no service at all) seems like it would greatly outweigh the cost.


It's not enough to give away your name, address, phone number, SSAN, and bank account password... Stalker Alert!

http://www.techcrunch.com/2006/07/13/brand-your-life-story-with-dandelife/

Brand your life story with Dandelife

Marshall Kirkpatrick July 13 2006

Dandelife is a fascinating new “social biography network” that launched its beta this week. Users tell their life stories with text, photos, videos and time lines. Part of the business model will be to license users’ stories to corporations seeking case studies and brandable narratives. I feel very ambivalent about this.

... The company’s leading competitor may be OurStory.com, a similar site that received $6 million in VC funding in January. OurStory founder and CEO Andy Halliday told me that his service may allow users to opt-in to anonymous aggregate studies in the future but that user generated content in their system will not be made available to marketers.



http://news.com.com/2100-1030_3-6094132.html

Judge dismisses suit over Google ranking

By Elinor Mills Story last modified Thu Jul 13 19:23:03 PDT 2006

A California judge on Thursday dismissed a Web site's lawsuit against Google over its fall in the Google search index, but left the door open for the lawsuit to be amended and refiled.



At first glance, this looks very useful. Includes some for lawyers and law enforcement. Even a schema for your wine cellar!

http://digg.com/programming/Library_of_free_database_models

Library of free database models

hourigan submitted by hourigan 1 day 2 hours ago (via http://www.databaseanswers.org/data%5Fmodels/ )

The library includes hundreds of sample database schemas for tons of topics – ranging from “Airline Reservations” to “Organizations and People” to “Car Servicing” to “Pizza Delivery”.

Thursday, July 13, 2006

July 13, 2006

This could be a great give away for someone in the security field. Give people the software, then walk them through installing it on their machines.

http://digg.com/security/Marcus_Ranum_on_hard_disk_encryption_This_stuff_is_really_easy%21

Marcus Ranum on hard disk encryption "This stuff is really easy!"

hemphill81 submitted by hemphill81 10 hours 4 minutes ago (via http://www.ranum.com/security/computer_security/editorials/diskcrypt/index.html )

"I have no idea why I was lazy about setting up hard disk encryption on my laptop. After a bit of research and a relatively simple bit of data wrangling, I've protected my laptop's data. What too me so long? This stuff is really easy!"



The alternatives are obvious... If you're not a bureaucrat!

http://www.washingtonpost.com/wp-dyn/content/article/2006/07/11/AR2006071101066.html

Top VA Officials Criticized in Data Theft

By Christopher Lee Washington Post Staff Writer Wednesday, July 12, 2006; A13

A career analyst and top officials at the Department of Veterans Affairs share the blame for the recent theft of sensitive personal data on millions of veterans, federal investigators said yesterday.

In a 68-page report, VA Inspector General George J. Opfer recommended that VA Secretary Jim Nicholson "take whatever administrative action deemed appropriate" to punish officials who were slow to report and investigate the May 3 theft of a laptop computer and an external hard drive from the analyst's Aspen Hill home.

Opfer wrote that new security measures since the theft are "a positive step" but are inadequate. Nicholson should establish "one clear, concise VA policy on safeguarding protected information," he wrote.

The report, the product of a nearly two-month investigation, included no new major findings about the theft and the department's handling of it -- subjects picked over for weeks in a series of congressional hearings and in news stories.

It did, however, unearth previously undisclosed details, such as that the stolen laptop itself contained no VA data, only the external drive did. [That explains why the drive and laptop were sold separately. I must have missed that in the original story. Bob] The report also found that, contrary to testimony by VA officials, the thieves would not have needed to know how to use a statistical software program to view the data. [Fairly obvious. Remember, just because you can't do it does not mean it is impossible for everyone... Bob]



What, you want facts?

http://www.whatpc.co.uk/computeractive/news/2160148/tiscali-bpi-evidence-proof

Tiscali snubs BPI demands to stop "illegal" music downloads

Says no "overwhelming evidence" of customer wrong-doing has been supplied

Dinah Greek, Computeract!ve 12 Jul 2006

Tiscali has refused to bow to British Phonographic Industry (BPI) demands that it suspends the accounts of those customers accused of illegaly downloading music, citing lack of proof.

The internet service provider (ISP) said nothing it has so far received comes close to meeting the BPI's claim it has "overwhelming evidence" that 17 Tiscali customers have been sharing " significant amounts" of copyright music.

The BPI wrote an open letter to both Tiscali and Cable & Wireless on Monday demanding that the ISPs pull the plug on 59 customers it had identified as illegally sharing copyrighted music.

Cable & Wireless issued a statement saying it would investigate. However while Tiscali said it takes copyright infringement seriously, it was not impressed with the BPI's proof.

It said the BPI had only supplied it with minimal evidence about one of the 17 customers. It also said the BPI had supplied no actual proof that copyright infringement had actually taken place.

In a letter to the BPI, Tiscali said: "You have sent us a spreadsheet setting out a list of 17 IP addresses you allege belong to Tiscali customers, whom you allege have infringed the copyright of your members, together with the dates and times and with which sound recording you allege that they have done so.

"You have also sent us extracts of screenshots of the shared drive of one of those customers. You state that such evidence is 'overwhelming'. However, you have provided no actual evidence in respect of 16 of the accounts.

"Further, you have provided no evidence of downloading taking place nor have you provided evidence that the shared drive was connected by the relevant IP address at the relevant time."

Tiscali also warned the BPI that it had no intention of handing over customer names and addresses without the requisite court order.

It pointed out if it did this, it risked breaching the terms and conditions of its customer agreements, and the provisions of the Data Protection Act 1998.

However the ISP said based on the partial evidence the BPI had provided it had written to one customer. This person has been given seven days from the receipt of the letter in which to reply to Tiscali.

The ISP told the BPI that if it didn't get a satisfactory response from the customer and providing the BPI could supply more concrete proof of copyright infringement, it would then suspend the user's account "pending resolution of the BPI's investigation".



http://www.securityfocus.com/brief/251?ref=rss

University CIO steps down following breaches

Kelly Martin 2006-07-12

Ohio University's CIO has stepped down following previously reported security breaches that compromised 367,000 personal records containing Social Security Numbers and other private data.

In a public statement published by the university, current CIO William Sams has said, "...it has become clear to me that a new energy level and skill set is going to be required in order to allow our IT organization to realize its potential." In response to numerous security breaches in April and May 2006, and first reported in June, the university has formed a Security Incident Response Team, performed a comprehensive security audit, and has worked with forensics experts and the FBI to track down the attackers.

In addition to the announcement, the university has also suspended its director of computing and network services, Tom Reid, and Todd Acheson, its systems manager.

The announcement of William Sams' departure is a rare example of a senior official taking responsibility for his group's security failures as the university makes significant attempts to become more transparent. Ohio University's board of trustees recently decided to spend up to $4M to fix the university's security issues.



Is $5 really free? Still, might be fun to make up a set for someone you like...

http://www.kk.org/cooltools/archives/001298.php

Vistaprint

Free business cards

Everyone now has more than one business card. Maybe that's one definition of the new economy. Another sign of the new economy is "free." So here's a source where you can get printed business cards for "free." For the cost of postage (about $5) Vistaprint will send you 250 color custom business cards. The catch? Their choices of stock designs are pretty ugly, and there's a single viral advertising line on the back of each card declaring free business cards at Vistaprint.com. But when the inventory of my other cards ran low, I found a suitable design at Vistaprint and printed up my dream job card for $5. I now have a business card for every occasion.

Vistaprint Free Cards



http://techdirt.com/articles/20060713/0332234.shtml

Is Leveraging The Streisand Effect Illegal?

from the a-new-anti-streisand-attack dept

A couple years ago, I jokingly coined the phrase "The Streisand Effect," to describe an increasingly common phenomenon. Someone would get upset about something they didn't like online and would have some lawyers send out a nasty cease-and-desist letter to get it taken offline. Such a plan would usually backfire, because getting the lawyers involved would end up drawing much more attention to whatever it was that the lawyers were trying to suppress. The name came from a story from a few years earlier, where Barbara Streisand got upset over a project that involved photos of the entire California shoreline, taken from a helicopter. Her complaint was that her seaside mansion was included among the photos. Of course, before she filed the lawsuit, almost no one knew that. Afterwards, the photo became an internet hit. Since that time, the phrase has grown in popularity -- though, it seems that plenty of folks still don't quite understand it. However, it was only a matter of time until lawyers came up with a way to flip the Streisand Effect around, and use it to their advantage.

Back in May, we had the surprising story of how the head of Sharman Networks (makers of Kazaa, and general pariah of the the recording industry) had sued P2Pnet, an amateur news/blog focusing on file sharing and related issues. It was surprising that she would sue a site that tended to support her position, but her complaint concerned some comments on the site that weren't written by the site's owner, but a visitor (raising plenty of valid questions about liability). The Register now informs us that part of the lawsuit has been dropped, but part of it continues. Sharman itself has dropped out of the case, but Nikki Hemming is still suing the site. This was a classic Streisand Effect case, where almost no one remembered or cared about the specific comments she was upset about -- but which have since received a lot more attention. That's where things get interesting. Hemming's lawyers have updated the lawsuit to claim: "the publicity generated by the lawsuit and subsequent P2Pnet web site hits will counter Newton's legal costs resulting in 'a net profit and ensuring the permanent success of [Newton's] P2P Website.'" It really is a unique strategy: accuse the person you're suing of profiting from the attention you brought him by suing him.



http://digg.com/politics/City_with_strictest_gun_control_in_the_nation_declares_crime_emergency

City with strictest gun control in the nation declares crime emergency

jdh24 submitted by jdh24 16 hours 53 minutes ago (via http://www.breitbart.com/news/2006/07/12/D8IQH9P05.html )

Surprise, surprise.

Wednesday, July 12, 2006

July 12, 2006

Very long article for SlashDot.

http://yro.slashdot.org/article.pl?sid=06/07/11/169230&from=rss

'Naughty Bits' Decision Not So Nice

Posted by timothy on Tuesday July 11, @05:47PM from the expensive-wireless-at-dulles dept.

Many readers found stifling Judge Richard P. Matsch's decision yesterday that Cleanflix, a service selling versions of popular movies edited (some would say censored) to remove violence, nudity and other elements, was in violation of U.S. copyright law for selling these edited versions, while others welcomed the decision as appropriately respecting the intent of those who made the original movies. Read on for the Backslash summary of the conversation, with some of the best comments of the more than 1200 that readers contributed to the story.

While some comments evaluated the decision as a victory for filmmakers as artists rather than merely as copyright holders, some readers aren't so sure that directors' and studios' interests have much to do artistic integrity, and suggest that it's primarily their commercial rather than aesthetic interests being served here. TheFlyingGoat makes a case for this view:



New political tool? Some wise lawyer (an oxymoron?) thought through how to DO something.

http://www.freep.com/apps/pbcs.dll/article?AID=/20060712/NEWS06/607120382/1008/NEWS

GOP charges governor used gas petition to send e-mail

July 12, 2006 BY DAWSON BELL FREE PRESS STAFF WRITER

The state Republican Party claims Gov. Jennifer Granholm used an online petition about gas prices to get the e-mail addresses of signers for campaign purposes. The GOP is seeking information from the petitions. (AL GOLDIS/Associated Press)

... Anuzis initially said Granholm may have violated laws prohibiting the use of government resources for political purposes when he announced his complaint Tuesday morning, and said he was asking Attorney General Mike Cox and Secretary of State Terri Lynn Land to investigate.

But GOP officials softened that claim after Granholm campaign spokesman Chris DeWitt said the gas-price petition e-mail addresses had been obtained under a Freedom of Information Act (FOIA) request made May 26. [In other words, “We can do it too!” Bob]



I wonder if this is just a “left coast” thing, or if governments have a real concern?

http://www.ktvu.com/news/9500597/detail.html

SF Reviewing Contracts With AT&T Over Domestic Spying Controversy

POSTED: 2:06 pm PDT July 11, 2006

SAN FRANCISCO -- City officials are investigating AT&T's alleged cooperation with the National Security Agency and considering possible "consequences" the company could face in its extensive municipal contracts here if it is violating civil liberties, Mayor Gavin Newsom said Tuesday.



http://www.egovmonitor.com/node/6704

Guidance issued on transferring personal information overseas

Source: Information Commissioner Published Tuesday, 11 July, 2006 - 14:01

The Information Commissioner’s Office (ICO) has published updated guidance to companies and other organisations on transferring personal information outside the European Economic Area (EEA).

The two pieces of guidance offer data controllers an overview of the 8th data protection principle and the options for transferring information outside the EEA.

... The updated guidance is available on the ICO website at http://www.ico.gov.uk/eventual.aspx?id=19630



This was inevitable when the actual costs were considered. Strategy is not “following trends”

http://www.eweek.com/article2/0,1759,1987497,00.asp?kc=EWRSS03119TX1K0000594

Study: Outsourcing Boom Is Over

By Stan Gibson July 11, 2006

The outsourcing boom has passed and maturity is setting in, according to a new study from consulting firm DiamondCluster International in Chicago.



Not all hacking is for cash...

http://www.wired.com/news/technology/0,71363-0.html?tw=rss.index

Hacker Spawns a French Watergate

By Bruce Gain 02:00 AM Jul, 12, 2006

PARIS -- A hack of a Luxembourg bank's records is emerging as a key detail of the so-called Clearstream affair here, a national scandal that's pulled top-level politicians, powerful corporate executives and now a white-hat hacking group into its orbit.

... At the heart of the storm is a sophisticated conspiracy to falsely implicate a number of celebrities, high-ranking officials and political candidates in a bribery scandal.

Among the falsified evidence produced by the conspirators before the fraud unraveled were confidential bank records originating with the Clearstream bank in Luxembourg, which were expertly modified to make it appear that some French politicians had secretly established offshore bank accounts to receive bribes. The falsified records were then sent to investigators, with enough authentic account information left in to make them appear credible.



http://www.bespacific.com/mt/archives/011783.html

July 11, 2006

New York Courts to Make "Virtual" Case Files Available on the Internet

Press release: "In Manhattan, the public will have free remote access to a virtual file of civil cases in Supreme Court, including pleadings, preliminary conference and other case-management orders, requests for judicial intervention, notes of issue, orders to show cause and notices of motion. (Due to volume, affidavits, exhibits and other supporting motion papers will not be scanned.) In addition to the online virtual case file, access will be provided simultaneously to case activity information, such as a record of all court appearances and the date of filing of all papers with the County Clerk. Procedures will be implemented to ensure the protection of sensitive or confidential information. The pilot will begin in September, allowing for prior notification and consultation with the bar."



http://www.bespacific.com/mt/archives/011775.html

July 11, 2006

American Lawyer Survey on Law Librarians 2006

Law Librarians Look Beyond Books - "Once endangered, librarians have expanded their role to include such duties as market research and competitive intelligence."



http://www.bespacific.com/mt/archives/011779.html

July 11, 2006

Model State, Regional, and Federal Enterprise Retrieval System

  • "The Automated Regional Justice Information System (ARJIS) is a complex criminal justice enterprise network utilized by 50 local, state and federal agencies in the San Diego region...The ARJISNet secure intranet contains data on the regions crime cases, arrests, citations, field interviews, traffic accidents, fraudulent documents, photographs, gang information and stolen property."

  • "Most Warrants issued by the San Diego County Superior Court are available here online."



http://www.bespacific.com/mt/archives/011780.html

July 11, 2006

VA OIG Audit of Veterans Data Breach

Review of Issues Related to the Loss of VA Information Involving the Identity of Millions of Veterans, Rpt. #06-02238-163, July 11, 2006 (78 pages, PDF)



http://www.bespacific.com/mt/archives/011785.html

July 11, 2006

2006 White House Salary List

Who's Making What In The White House, by Alexis Simendinger, for NationalJournal.com (sub. req'd)

  • "President Bush's most senior aides -- the ones who hold the coveted title of "assistant to the president" -- recently received a $4,200 cost-of-living bump-up in compensation and now earn a top pay rate of $165,200, according to an internal White House list of staff salaries. The list [of 433 positions] was compiled by the administration for the year that ended June 30 and is displayed both alphabetically, and by dollar ranking."



We gotta do something, we gotta do something!”

http://techdirt.com/articles/20060711/1959221.shtml

Congress Now Blaming MySpace For Troubled Children

from the gotta-stop-it dept

On the same day that MySpace becomes the top site online and a bunch of political types try to launch a MySpace for politicians it appears that our elected Congress Critters want to figure out what to do about the MySpace issue. This, right after solving the gambling problem apparently. Earlier this year, we noted some talk in Congress about banning social networks and blogs from schools and libraries that take federal money -- but today even more proposals were discussed. In the discussions today, the same Congress folks who were just blaming video games for everything wrong with kids, are now saying that "MySpace.com has been a center of drug activity, of gang activity, and of Internet predators." After again suggesting that these sites be banned from schools and libraries, they discussed solutions such as forcing some sort of third-party age verification on these sites. That, of course, sounds good to Congress people who don't seem to realize that won't actually do anything other than perhaps push kids to move to some other site adults have even less control over. Oh well. As long as they can head home for election season claiming they're working hard to protect the children, even when their actions tend to make things worse.



http://www.cnn.com/2006/US/07/11/state.hackers.ap/

Hackers target State Dept. computers

Widespread break-ins appear aimed at HQ, East Asian office

WASHINGTON (AP) -- The State Department is recovering from large-scale computer break-ins worldwide over the past several weeks that appeared to target its headquarters and offices dealing with China and North Korea, The Associated Press has learned.

Investigators believe hackers stole sensitive U.S. information and passwords and implanted backdoors in unclassified government computers to allow them to return at will, said U.S. officials familiar with the hacking.

These people spoke on condition of anonymity because of the sensitivity of the widespread intrusions and the resulting investigation.

The break-ins and the State Department's emergency response severely limited Internet access at many locations, including some headquarters offices in Washington, these officials said. Internet connections have been restored across nearly all the department since the break-ins were recognized in mid-June.

"The department did detect anomalies in network traffic, and we thought it prudent to ensure our system's integrity," department spokesman Kurtis Cooper said. Asked what information was stolen by the hackers, Cooper said, "Because the investigation is continuing, I don't think we even know."

Tracing the origin of such break-ins is difficult. But employees told AP the hackers appeared to hit computers especially hard at headquarters and inside the Bureau of East Asian and Pacific Affairs, which coordinates diplomacy in countries including China, the Koreas and Japan.

In the tense weeks preceding North Korea's missile tests, that bureau lost its Internet connectivity for several days. [So they couldn't watch CNN? Horrors! Bob]

China's government was considered by experts a chief suspect in computer break-ins at the Defense Department and other U.S. agencies disclosed last summer.

But China also is home to a large number of insecure computers and networks that hackers in other countries could use to disguise their locations and launch attacks.

The Pentagon warned earlier this year that China's army is emphasizing hacking as an offensive weapon. It cited Chinese military exercises in 2005 that included hacking "primarily in first strikes against enemy networks."

After the State Department break-ins, many employees were instructed to change their passwords. The department also temporarily disabled a technology known as secure sockets layer, used to transmit encrypted information over the Internet.

Hackers can exploit weaknesses in this technology to break into computers, and they can use the same technology to transmit stolen information covertly off a victim's network.

Many diplomats were unable to access their online bank accounts using government computers because most financial institutions require the security technology to be turned on. Cooper said the department has since fixed that problem.



I have no comment whatsoever. I don't want anyone to think I would actually use this technology, Nope. Not me. I'm entirely innocent. This is just to foment intellectual discussion.

http://www.techcrunch.com/2006/07/11/porn-browser-heatseek-launches-yeah-porn-browser/

Porn Browser Heatseek Launches (yeah, porn browser)

Michael Arrington July 11 2006

Heatseek is a pornography focused browser that quietly launched today. The point of this software is to make porn browsing more efficent and more secure. The browser is available on Windows machines only, and is built on top of Internet Explorer.

... The basic version of Heatseek is free, with a premium version available for a one time fee of $20.



If you are not a hacker, this would still look good printed in full color on large format paper and framed.

http://digg.com/security/Intricate_Steps_of_How_to_Hack_Into_a_Computer

Intricate Steps of How to Hack Into a Computer

plugitin submitted by plugitin 12 hours 35 minutes ago (via http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html )

Here is a huge map that pretty much shows you all possible ways to gain entrance into a system. From finding exploits and scanning ports to password cracking. It shows all the likely paths you can take to hack into a computer and/or test out it's security.


http://digg.com/gaming_news/Foolproof_way_to_solve_any_Sudoku_by_yourself%2C_without_even_thinking%21

Foolproof way to solve any Sudoku by yourself, without even thinking!

bentrop submitted by bentrop 15 hours 49 minutes ago (via http://www.instructables.com/id/EJLUBKN48JEPD7QXGR/?ALLSTEPS )

A step by step instruction to solve any Sudoku. All you need is the puzzle, a pencil and an eraser. It's fast and pretty much foolproof. This isn't really a new technique (it's called "candidate elimination" and is almost as old as Sudoku itself) but this is one of the nicest guides explaining it to the casual player.



Should we call it Poli-tech?

http://today.reuters.com/news/newsarticle.aspx?type=technologyNews&storyid=2006-07-12T003919Z_01_N11205930_RTRUKOC_0_US-MEDIA-HOTSOUP.xml&src=rss

Political networkers to get new Web site, HotSoup

Tue Jul 11, 2006 8:39 PM ET

NEW YORK (Reuters) - A team of U.S. political strategists is creating an Internet forum for debating hot-button issues, hoping to connect the politically obsessed the way MySpace.com hooks up hypersocial teens.

HotSoup.com launches in October, shortly before U.S. congressional elections, and aims to draw top political personalities as well as grass-roots community organizers to swap opinions and ideas.