Saturday, August 05, 2006

I am rather surprised. This seems to be the only hacker/computer crook/identity theft story this week! Come on guys, don't let us down!

http://www.eweek.com/article2/0,1759,1999367,00.asp?kc=EWRSS03119TX1K0000594

Cyber-Thieves Steal $700K Via ATM Hacking

August 4, 2006 By Chris Preimesberger

Cyber-thieves who hacked into the ATM information of at least 800 retail customers in California and Oregon have stolen as much as $700,000 from personal accounts during the last two months, according to police reports.

People who used ATM cards to purchase items at Dollar Tree, a national retail toy store chain, in Modesto and Carmichael, Calif., and Ashland, Ore., have turned in reports of unauthorized withdrawals in the computer-based scam.

Federal and local investigators would not discuss with eWEEK how the thieves stole the information. [Trust us, it can't happen to you? Bob] How many shoppers have been victimized is also an open question.



http://hbswk.hbs.edu/item/5469.html

What Happens When the Economics of Scarcity Meets the Economics of Abundance?

Published: August 4, 2006 Author: James Heskett

Forum open for comment until Thursday, August 31. — 0 Comments — Post a comment

Executive Summary:

The "Long Tail," a term coined by Chris Anderson—and the title of his new book—describes the item popularity curve. Does the Long Tail represent a paradigm shift for business and consumer behavior? What are its implications for management going forward? Key concepts include:

* Chris Anderson first coined the term "the Long Tail" in Wired magazine.

* In a long-tail world, everything digital is available at all times.

* Anderson describes three conditions critical to potential long-tail profits, all of which are provided by the Internet combined with creative new software and hardware.

An entire generation brought up to regard many things in life—including communication and most intellectual property—as limitless and free is coming of age. They will join generations of their elders who studied college courses on the economics of scarcity and believe that "there is no such thing as a free lunch."

... Life in the Long Tail is a busy routine involving the downloading of anything digital from the Internet; paying for some things, such as iTunes, but sharing and trading many others; creating and maintaining blogs, some of which are more frequently visited today than network television shows; contributing and editing items on the ever-changing open-network encyclopedia, Wikipedia; and when watching television (rarely), doing it when and where it is convenient to do so, through such devices as TiVo and cell phones. It is a world where everything digital is available at all times. And because of the very low cost of maintaining and distributing inventory, everything is likely to remain available forever, enabling the occasional gem of intellectual property to survive "in print" or in circulation. It is a world of non-zero-sum thinking.

... In the Long Tail, money is made by such things as avoiding inventory, producing to order, letting customers do the work, pricing creatively and flexibly to various customers, utilizing a variety of distribution methods, sharing information, trusting the market to do your job, and understanding the "power of free" combined with money-making services or products.

... To read more: Chris Anderson, The Long Tail: Why the Future of Business Is Selling Less of More (New York: Hyperion, 2006).



http://michaelzimmer.org/2006/08/04/others-online-opt-in-web-surveillance/

Others Online: Opt-In Web Surveillance

Posted on Friday, August 4th, 2006 at 8:35 am

A new service called Others Online makes obvious what Google Toolbar and other browser tools do in the background: track users web browsing activities. From their site:

Others Online is a free toolbar that shows you people relevant to your Web browsing and other interests, on every page you visit. We show you the interests you have in common, their Web pages (blog, MySpace profile, Web site, etc.) and online status, all on their terms. We’ll even connect you by IM or email.

…Every time you search the Web, you’ll see people that have associated themselves to those keywords, plus you’ll see any other interests you share. It’s like “Google for people”!

In a nutshell, users sign up, create a profile like most other social networking site, download the toolbar, and then start browsing the web like usual. Others Online then collects information about the websites visited (including the URL and relevant content keywords embedded in the URL), and then shows other users who share a similar profile and browsing habits.

Sorta cool to be able to find other people searching for the same stuff I am, such as “web surfing surveillance”. But my concern is that products like this, even though opt-in, work to normalize web surveillance, playing into the “I’ve got nothing to hide” meme that justifies wholesale surveillance of our daily activities. The more users become comfortable with the surveillance of their online activities, the less likely they will be able to identify abuses of that surveillance.

A couple of other points on this particular service:

  • Their privacy policy states that “When you sign up for an Others Online Account, we ask you for personal information (such as your birth date, gender, email address, country, post code and an account password)….” But that the “service is anonymous – we do not request your name or your physical address.” This isn’t entirely true, since research (such as Latanya Sweeney’s amazing work) has shown that 87 percent of Americans can be personally identified by records listing only their birth date, gender and ZIP code. Anonymity is not guaranteed simply by not collecting one’s name and address.

  • Another note in the privacy policy states that “We may combine the information you submit under your account with information from third parties in order to provide you with a better experience and to improve the quality of our services.” Who knows what kind of “information from third parties” they’re talking about, but this is just the kind of data mining and data aggregation practices that Sweeney (and folks like Dan Solove) warn us about.

  • While you can clear your entire search history, it doesn’t seem to be possible to selectively delete certain searches or browsing activities from their database. Users must remember to logoff the service is they don’t want others to know they’ve been watching Pat Benetar videos on YouTube.



I wonder if you could do this for a living...

http://michaelzimmer.org/2006/08/03/audit-remove-yourself-from-data-collection-databases/

Audit & Remove Yourself from Data-Collection Databases

Posted on Thursday, August 3rd, 2006 at 8:20 am

Wired’s 27B Stoke 6 blog has posted some helpful info on how to audit and remove yourself from of some common data-collection databases (and annoying mailing lists):

  • If you have ever applied for health, life or disability insurance on your own, it’s likely the information about your health and lifestyle that you had to provide ended up in a database run by the MIB Group. The easiest way to check your record is by phone at 866.692.6901. The group will then mail you your report if they have one.

  • ChoicePoint, the folks who sold 145,000 data reports to Nigerian identity theft scammers in 2004, sells auto and home-insurance risk scores (among other things) and you can check your file for free once a year via their web page

  • ChexSystems keeps tabs individual’s banking habits and sells that data to banks vetting new customers. Give them a call at 800.428.9623. They also run a system that keeps track of people who have reportedly passed a bad check. Track down that report here or make their phone jingle with this number: 800.262.7771.

  • Acxiom, another big data broker, will let you opt-out of their marketing database for free if you call 501-342-2722 and press 5. You can also ask them to send you a form that lets you check the non-marketing information they have on you. They won’t let you opt-out of this, and they will charge you $5 for the privilege. Be aware it could take them months to send out the report.

  • Stop some direct mail via the Direct Marketing Association’s web page. It’s free if you print it out and mail it in to them for hand processing, but costs $5 if you just want to do it online. That’s how much they like this opt-out list. DO NOT join the DMA’s phone or email opt-out list. That’s just begging for spam and telemarketing calls.

  • Stop almost all credit card and life insurance direct mail solicitations (this won’t stop ones from your own bank) by calling 1-888-5-OPTOUT.

  • And of course, the ever handy Do Not Call list is here.



Is this worse than the Patriot Act? If I remember correctly, this version was “designed” by the US immediately after 9/11 as a “we'll never get this past the US Senate” wish-list and governments with more control over their people were asked to make it law in their countries and insist (via this treaty) the US match their laws. Good strategy, bad ethics.

http://news.com.com/2100-7348_3-6102354.html

Senate ratifies controversial cybercrime treaty

By Declan McCullagh Story last modified Fri Aug 04 12:23:12 PDT 2006

The first and only international treaty designed exclusively to combat computer crime won approval late Thursday from the U.S. Senate.

The Council of Europe Convention on Cybercrime "will enhance our ability to cooperate with foreign governments in fighting terrorism, computer hacking, money laundering and child pornography, among other crimes," Sen. Richard Lugar, the Indiana Republican who is chairman of the Senate Foreign Relations Committee, said in a statement.

The treaty is intended to harmonize computer crime laws, especially those in smaller or less developed nations that may not have updated their legal framework to reflect the complexities of the Internet. It requires participating countries to target a broad swath of activities, including unauthorized intrusions into networks, fraud, the release of worms and viruses, child pornography and copyright infringement. [because that's high on the terrorist list. Bob]

... But one portion, which provoked the most controversy, deals with international cooperation. It says Internet providers must cooperate with electronic searches and seizures without reimbursement; the FBI must conduct electronic surveillance "in real time" on behalf of another government; that U.S. businesses can be slapped with "expedited preservation" orders preventing them from routinely deleting logs or other data.

What's controversial about those requirements is that they don't require "dual criminality"--in other words, Russian security services investigating democracy activists could ask for the FBI's help in uncovering the contents of their Yahoo Mail or Hotmail accounts, or even conducting live wiretaps.

... The Senate did not consider an optional separate section dealing with Internet-based hate speech that would have required participating nations to imprison anyone guilty of "insulting publicly, through a computer system" certain groups of people based on characteristics such as race or ethnic origin.

... In a letter to senators last summer (click here for PDF), the Electronic Privacy Information Center attacked the treaty for offering only "vague and weak" privacy protections. One section, for example, would force participating nations to have laws forcing individuals to disclose their decryption keys so that law enforcement could seize data for investigations, EPIC wrote.


http://www.govtech.net/magazine/story.php?id=100439

CSIA Applauds Ratification of Cybercrime Treaty

August 4, 2006 News Release

The Cyber Security Industry Alliance (CSIA) today commended the U.S. Senate for its ratification of the Convention on Cybercrime adopted through the Council of Europe.

Signed by the United States in November 2001, the Convention on Cybercrime is the first and only international, multilateral treaty specifically addressing the need for cooperation in the investigation and prosecution of computer network crimes. It requires global law enforcement cooperation with respect to searches and seizures and provides timely extradition for computer network based crimes covered under the treaty.


http://techdirt.com/articles/20060804/1629200.shtml

Add Bad Internet Legislation To List Of US Imports

from the made-in-somewhere-else dept

Having apparently decided that homegrown internet legislation isn't sufficiently bad, the Senate has approved the Council of Europe Convention on Cybercrime, which essentially establishes rules and a framework for international cooperation on cybercrime investigation and harmonizes computer crime laws. US laws already contain many of the convention's stipulations, but one significant change is that it forces law enforcement groups and businesses of one country to cooperate with foreign governments without the requirement of "dual criminality" -- meaning that they're obliged to help foreign law enforcement investigate crimes even if the targets of the investigation have broken no laws in their country. For instance, the FBI must now help, say, French security services investigate internet crimes that happen there, while those French services must comply with US requests to do things such as wiretap a network there in regards to a crime committed in the US. Given the ongoing controversy regarding the US governments' wiretapping here in its own country, it seems more than a little problematic to give it carte blanche to force foreign governments to help it carry out similar activities overseas, while offering those countries the same privileges here. While it's certain that cybercrime is an international problem, and criminals like child pornographers and hackers act with little regard for geographic borders, simply throwing things open so widely seems more likely to drastically raise the possibility of abuse of civil liberties and skirting of laws than do anything tangible to stop crime.



Is 5GB a big increase? Many already offer 2GB...

http://www.techzonez.com/comments.php?shownews=18880

AOL to offer 5GB free storage to everyone

Posted by Reverend on 04 Aug 2006 - 23:48 GMT

AOL will offer all web users 5GB of free online storage starting in September.

... The service also offers shared files for online collaboration and scheduled automatic backup.



Outrageous! Who holds the copyright?

http://slashdot.org/article.pl?sid=06/08/04/1238239&from=rss

Domesday Book Goes Online

Posted by Zonk on Friday August 04, @11:25PM from the not-doomsday-that's-in-a-ghostbusters-episode dept. The Internet Books

Accommodate Students writes "The Domesday Book has gone online. As one of the earliest public records goes online, anyone with an internet connection will be able to access this important document. Amongst other interesting facts, the BBC is reporting that the Book can still be used today in court for property disputes. In an interesting development, the National Archives are making online searches free, but downloads of data will cost £3.50 (approx $6.50 US). Similar launches of historical websites in the past have struggled to keep up with server loads in their first days and weeks, so it remains to be seen whether the Domesday Book online will be more or less fragile than the parchment originals."



See what a different culture Japan is?

http://techdirt.com/articles/20060804/1146237.shtml

Dear Possible Identity Thief, Please Delete The Data We Accidentally Leaked

from the like-that'll-work dept

About a year ago, we noted that some of Japan's nuclear secrets had been made available on the popular Japanese file sharing system, Winny. The government decided the best way to deal with this wasn't to better secure their systems... but to simply beg people not to use Winny. Apparently, that hasn't worked, because now a bunch of medical records have leaked through the system as well. The hospital in question has responded, again by begging, but this time asking various ISPs to send their customers a letter asking them to delete the info. Perhaps we underestimate people in Japan, but doesn't this only seem likely to call more attention to the data from those who will use it for malicious purposes?



http://www.bespacific.com/mt/archives/012041.html

August 04, 2006

Special Report on Department of Defense's Cyber Crime Center

Special Report | Computer forensics: The new DNA



How dare you suggest that the marketplace could replace our bureaucracy!

http://www.usatoday.com/news/opinion/editorials/2006-08-03-our-view_x.htm

Mad cow watch goes blind

Updated 8/3/2006 8:44 PM ET

Creekstone Farms, a Kansas beef producer, wants to reassure customers that its cattle are safe to eat by testing them all for mad cow disease. Sounds like a smart business move, but there's one problem: The federal government won't let the company do it.

The U.S. Department of Agriculture — invoking an obscure 1913 law intended to thwart con artists from peddling bogus hog cholera serum to pig farmers — is blocking companies from selling the testing kits to Creekstone.

USDA is doing the bidding of large cattle barons afraid that Creekstone's marketing will force them to do the same tests to stay competitive.

... Not only is USDA blocking Creekstone, the department said last month that it's reducing its mad cow testing program by 90%.

... The department tests only 1% of the roughly 100,000 cattle slaughtered daily. The new plan will test only 110 cows a day.

... OPPOSING VIEW: Our safeguards are working



NSA Wiretapping explained in song

http://www.newsday.com/news/opinion/ny-wh-nsawiretapping,0,1906650.flash

Friday, August 04, 2006

You can't get kids attention when they walk with their iPod stuck in their ears, imagine how much better it will be when they are driving SUVs on the highway... Next year: VIDEO!

http://today.reuters.com/business/newsArticle.aspx?type=ousiv&storyID=2006-08-03T153001Z_01_WEN3256_RTRIDST_0_BUSINESSPRO-APPLE-AUTOMAKERS-DC.XML

Apple in deals to connect iPod in new car models

Thu Aug 3, 2006 11:30 AM ET By Michele Gershberg

NEW YORK (Reuters) - Apple Computer Inc. on Thursday said it has teamed up with three major automakers to link its popular iPod music player with car stereos, laying down a new challenge to a fragmented radio industry.

Ford Motor Co., General Motors Corp. and Japan's Mazda Motor Corp. will offer an easy iPod connection in the majority of their brands, allowing drivers to charge the digital music player and store it in a glove compartment as they listen to its songs.



http://www.consumeraffairs.com/news04/2006/08/irs_privacy.html

New IRS Online Payment System Raises Privacy Fears

By Martin H. Bosworth ConsumerAffairs.Com August 3, 2006

The Internal Revenue Service (IRS) is creating a new system for delinquent taxpayers to set up payment agreements via the Web, rather than by phone or mail.

The Online Payment Agreement Application will enable tax preparation organizations to help their clients set up payment plans through back taxes, whether through automatic monthly debit or payroll deduction.

... In March, the IRS announced plans to enable tax preparers to sell taxpayers' personal information(http://www.consumeraffairs.com//news04/2006/03/irs_data_sales.html) to unrelated third-party groups. The change to IRS privacy regulations would enable tax preparers to sell financial information to data brokers and other interested groups if they obtained the taxpayer's written consent.

The announced IRS changes led to severe criticism by consumer advocates and letters of objection from attorneys general(http://www.consumeraffairs.com//news04/2006/04/ags_irs_data.html) in 46 states and the District of Columbia. California Attorney General Bill Lockyer said that the proposed rules would "erode consumer privacy and the security of sensitive personal information."

During hearings held before the Senate Finance Committee on changes to the tax code, a report(http://www.consumeraffairs.com//news04/2006/04/gao_tax.html ) by the Government Accountability Office (GAO) indicated widespread errors and failures on the part of many tax preparation organizations when it came to filing tax returns, including taxpayer overpayments and failure to note deductions.



http://www.bespacific.com/mt/archives/012028.html

August 03, 2006

Justice Ginsburg Orders Release of FBI NSL Gag Records

Following up on the controversy of the FBI case involving demands for Connecticut library patron records, last night AP reported that Justice Ruth Bader Ginsburg ordered the release of all records related to the FBI NSL gag order and Connecticut librarians.



http://www.bespacific.com/mt/archives/012035.html

August 03, 2006

WiFi TV Offers Viewers Access to Hundreds of Channels From 50 Countries

"You can watch Wi-Fi TV in most places around the world (including the USA) for free on any Internet enabled device."

Thursday, August 03, 2006

http://www.networkworld.com/community/?q=node/6499

Ruling will have reporters acting like drug dealers

By Paul McNamara on Wed, 08/02/2006 - 9:09am

... From this morning's New York Times, whose reporters are at the heart of the ruling: "The case arose from a Chicago grand jury’s investigation into who told the two reporters, Judith Miller and Philip Shenon, about actions the government was planning to take against two Islamic charities, Holy Land Foundation in Texas and Global Relief Foundation in Illinois. Though the government contended that calls from the reporters tipped off the charities to impending raids and asset seizures, the investigation appears to be focused on identifying the reporters’ sources. No testimony has been sought from the reporters, and there has been no indication that their actions are a subject of the investigation."



So when your child says, “I want to be just like you daddy!” Have him arrested?

http://www.govtech.net/magazine/story.php?id=100395

Half of Identity Theft is Committed by Someone You Know

August 1, 2006 News Release

Fifty-three percent of identity theft victims last year reported their identity stolen by a friend, a relative, an employee, or an acquaintance. In an effort to educate consumers on identity theft, the National Crime Prevention Council (NCPC), best known for its icon McGruff the Crime Dog, has added new public service advertising (PSA) radio spots to its identity theft prevention initiative.



It looks like consumers reeeeealy don't like this “feature”

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9002095&source=rss_topic84

Windows Genuine Advantage: What it is, how to ditch it

It's not easy to remove Microsoft's anti-piracy program, but it can be done

Scot Finnie



Translation? Once we own you, we'll have to fix all that evil software and it's not worth it.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9002113&source=rss_topic84

Warner Bros. drops Zango deal over ethics certification

Ththththat's all, folks!

July 31, 2006 (IDG News Service) -- Warner Bros. Entertainment Inc. has axed a deal to provide content to Zango Inc., a controversial advertising software maker.

Warner Bros. made the deal with Zango earlier this year despite ongoing criticism of the company, formerly named 180solutions Inc. But last week, Warner Bros. terminated the agreement, saying Zango had declined to seek independent certification that its software meets ethical guidelines.



Are these next few articles indication of a trend? I think so...

http://www.technewsworld.com/rsstory/52174.html

Apple Strikes Content Deals With TBS, Warner Bros.

By Jennifer LeClaire www.MacNewsWorld.com Part of the ECT News Network 08/02/06 10:34 AM PT

Apple this week announced that it has secured deals with Turner Broadcasting System and Warner Bros. to add video content from those companies to the iTunes Music Store. TBS will provide programming from CNN, Adult Swim and Cartoon Network. Warner Bros. will add episodes of hit series such as "Friends" and animated classics like "The Jetsons."


http://digg.com/videos_educational/Entire_Top_Gear_Series_Available_for_Free_at_BBC2

Entire "Top Gear" Series Available for Free at BBC2

Harvey_Mushman submitted by Harvey_Mushman 22 hours 25 minutes ago (via http://www.bbc.co.uk/bbctwo/programmes/?id=top_gear )

Last week the BBC demanded video host YouTube remove many copies of its Top Gear TV service from its website. That was because, this week, the BBC made Top Gear available in its entirety on-line at BBC2.


http://digg.com/business_finance/Lucasfilm_tells_YouTube_to_put_all_removed_Star_Wars_content_back_online

Lucasfilm tells YouTube to put all removed Star Wars content back online.

Teague submitted by Teague 8 hours 49 minutes ago (via http://blogs.starwars.com/lucasonline/54 )

YouTube removed all parody/fanfilm/spoof Star Wars content two days ago due to copyright violation. This morning, in an incredibly awesome PR move, Lucasfilm contacted YouTube, and told them to put it all back online - every last one.


http://digg.com/videos_educational/20_Video_Lectures_of_MIT_Computer_Course_-_FREE_Download

20 Video Lectures of MIT Computer Course - FREE Download

ozguralaz submitted by ozguralaz 23 hours 50 minutes ago (via http://swiss.csail.mit.edu/classes/6.001/abelson-sussman-lectures/ )

"The complete MIT course (video) available for download. These twenty video lectures by Abelson and Sussman are a complete presentation of the course, given for Hewlett-Packard employees."



...and is this why? [I wonder if I could sell a research project titled: “Why Cable TV is doomed!”]

http://techdirt.com/articles/20060802/087205.shtml

Why MSN's Lead In Video Is Unlikely To Matter

from the fast-starter dept

In thinking about the surge in online video, the name that invariably comes to mind is YouTube, in part because the company gets tons of hype, but also because the site has actually transformed the experience of watching television (defined broadly). Considering all the hype about YouTube, it may come as a surprise that the video service from MSN is actually seen as a leader in the space, at least in terms of advertising and revenue. MSN's approach has been, simply, to go out and sign a bunch of exclusive contracts with content providers and then to distribute popular shows with advertising. Essentially, the company has the same business model as a conventional TV station, which is the reason it hasn't gotten anywhere near as much buzz as YouTube. And since the conventional TV channel is dying, there's reason to believe that with its current model, MSN will have a hard time holding on to its gains. There's certainly no guarantee that YouTube will emerge as a victor in the online video battle, but just as AOL's promise of exclusive content gave way to a more anarchic web, the same is likely to happen with video.


Here's that AOL story...

http://techdirt.com/articles/20060802/0959233.shtml

About Time: AOL Goes Free

from the last-walls-come-tumbling-down dept

After much speculation, AOL announced today that it would finally bite the bullet, and become a free portal, complete with free AOL email addresses for anyone who wants one. The company says it now wants to exploit the "explosive rise in broadband usage and online advertising", though, of course, it's already missed out on much of the explosion. At least now the company can be meaningfully compared to competitors, and those on the inside can get better measures of their success. As for marrying content with distribution, the initial goal of the AOL-Time Warner merger, there they still have some work to do.



In Great Britain he's “Sir Bill” -- what will he become in China? “That nice barbarian-running-dog-imperialist guy?”

http://www.infoworld.com/article/06/08/03/HNbillgatesinfluential_1.html?source=rss&url=http://www.infoworld.com/article/06/08/03/HNbillgatesinfluential_1.html

Bill Gates makes China's influential foreigner list

World's richest man joins Karl Marx and Nikita Khruschev on a list of non-Chinese making the greatest impact on China

By Steven Schwankert, IDG News Service August 03, 2006



Education is where you find it.

http://www.usatoday.com/tech/news/computersecurity/hacking/2006-08-01-college-hack_x.htm

Colleges are textbook cases of cybersecurity breaches

Updated 8/1/2006 11:24 PM ET By Mary Beth Marklein, USA TODAY

A high volume of security breaches on college campuses, including about a dozen reports this summer, underscores a growing concern among privacy advocates: Colleges and universities aren't up to speed when it comes to safeguarding information on their networks.

"We're leaking data like a sieve," says Indiana University law professor Fred Cate, who directs a cybersecurity research center that was created after two incidents last year.

... In the past 18 months, colleges were the source of one-third to half of all publicly disclosed breaches, reports by privacy and cybersecurity groups suggest. That's a larger share than financial services, government, retail or health care.

Privacy advocates say the breaches come at a time when higher education is under growing pressure to collect student data. Most recently, a federal commission's draft report recommends that the Department of Education track data on individual college students.



I wonder if this was inspired by that Leonardo DiCaprio movie...

http://news.com.com/2100-7348_3-6101475.html

FBI calls for hacker help

By Joris Evers Story last modified Wed Aug 02 15:47:04 PDT 2006

LAS VEGAS--The FBI needs help from hackers to fight cybercrime, an agency official said Wednesday.

"We need your expertise and input as we develop strategies to battle cybercrime in the 21st century," Daniel Larkin, a unit chief in the FBI's cybercrime division, said in his opening address at the annual Black Hat security conference here.

As cybercrime has continued to become more sophisticated and organized, federal agencies have increasingly sought to partner with the private sector. Earlier this year, FBI Director Robert Mueller used the RSA Conference to send out a similar message.

... "I am a recovering technophobe; I used to be really afraid of you all. But I realize that you all are really important." [Schmoozing? Bob]

Black Hat draws an increasing number of attendees from law enforcement agencies. This year, Larkin estimated, one in 10 attendees might represent federal agencies, he said. "Be nice to them. They are here to help you; they are here to team up," he said.



“Those who do not read history are doomed to repeat it.”

http://www.bespacific.com/mt/archives/012019.html

August 02, 2006

Genocide, War Crimes and Crimes Against Humanity

From Human Rights Watch: Genocide, War Crimes and Crimes Against Humanity - A Topical Digest of the Case Law of the International Criminal Tribunal for the Former Yugoslavia Related Material

  • "This unique 861-page book organizes the decisions of the International Criminal Tribunal for the former Yugoslavia by topic, including genocide, crimes against humanity, war crimes, individual criminal responsibility, command responsibility, affirmative defenses, jurisdiction, sentencing, fair trial rights, guilty pleas and appellate review. In selected cases, the book also applies key aspects of the law to the facts of the case."

  • Download full text of the book (PDF, 861 pages)



How do you shut down all commercial aviation?

http://www.bespacific.com/mt/archives/012022.html

August 02, 2006

9/11 Live: The NORAD Tapes

9/11 Live: The NORAD Tapes, by Michael Bronner, Vanity Fair: "Obtaining 30 hours of never-before-released tapes from the control room of NORAD's Northeast headquarters, the author reconstructs the chaotic military history of that day..."



Okay, it's a Volkswagon ad, but it is pretty... [Reminds me of The Graduate]

http://digg.com/software/Amazingly_High_Resolution_Yet_Very_Rapid_Video_Streaming

Amazingly High Resolution, Yet Very Rapid Video Streaming

BiggDigg submitted by BiggDigg 9 hours 45 minutes ago (via http://www.dvlabs.com/)

This site hosts an extremely high quality video on the main page that starts playing after mere seconds and plays straight through perfectly. This video distribution mechanism is amazing.



Free power due to global warming, but if we stop using coal and oil will we precipitate an Ice Age? Oh, right... We are still in an Ice Age.

http://money.cnn.com/2006/08/01/technology/towerofpower0802.biz2/

How Australia got hot for solar power

Down under, they're all over alternative energy - starting with a 1,600-foot tall "solar tower" that can power a small city.

Business 2.0 Magazine By Todd Woody, Business 2.0 Magazine assistant managing editor August 2 2006: 9:17 AM EDT

Wednesday, August 02, 2006

Another freebie!

http://www.jonhs.net/freemovies/

Free Movies, Documentaries, Cartoons, Music & Comedy

100% handpicked content chosen to inform, educate, shock and entertain you.



One way or another, the machines will know you...

http://hardware.slashdot.org/article.pl?sid=06/08/01/2124246&from=rss

UCSD Biometric Vending Machine

Posted by ScuttleMonkey on Tuesday August 01, @06:19PM from the tracking-your-soda-habits dept.

dice writes to tell us that grad students at the University of California, San Diego (UCSD) are creating the first biometric vending machine. The current machine comes equipped with a barcode scanner, a fingerprint reader, and a web cam for facial recognition. One student dubbed it the "most over-designed soda machine in the world." The project, code-named "SodaVision" is the brainchild of associate professor Stefan Savage, but it was the students who really made it come to life. And yes, it runs Linux.



http://english.yna.co.kr/Engnews/20060801/660000000020060801201147E2.html

2006/08/01 20:11 KST

Personal data of over 95,000 S. Koreans leaked via Google

SEOUL, Aug. 1 (Yonhap) -- The personal data of around 95,000 South Koreans remains vulnerable to abuse and misuse at Google Inc., the world's largest online search engine, the Information Ministry said Tuesday.

According to the ministry, which conducted the screening for a week from July 24, the citizen registration numbers of 95,219 people were found to have been compromised on Google's database.

The registration number is one of the most important pieces of identification data, as it can confirm a person's birth date, gender and place of birth.

The ministry said that it will ask for Google to remove the personal data immediately.

The move comes amid rising concern that personal information is not well protected in cyberspace in South Korea, which boasts the world's highest Internet penetration rate.

The ministry said that it screened Google's database and confirmed that those in their 20s were most vulnerable to having their information misused.

The age group accounted for 29.7 percent of the confirmed cases, followed by those in their 30s and 40s, and teenagers, the ministry said.



http://www.infosecwriters.com/texts.php?op=display&id=483

Bluetooth Security

by Colleen Rhodes on 01/08/06

In the past, the only way to connect computers together for the purpose of sharing information and/or resources was to connect them via cables. This can be not only cumbersome to set up, but it can get messy real quick. Bluetooth provides a solution to this problem by providing a cable-free environment. According to the official Bluetooth website, www.bluetooth.com, Bluetooth wireless technology is a short-range communications technology intended to replace the cables connecting portable and/ore fixed devices while maintaining high levels of security. The key features of Bluetooth technology are robustness, low power, and low cost. The Bluetooth specification defines a uniform structure for a wide range of devices to connect and communicate with each other.

... This document is in PDF format. To view it click here.



Tools & Techniques

http://michaelzimmer.org/2006/07/31/privacy-protected-web-search-with-ixquick/

Privacy-protected web search with Ixquick

Posted on Monday, July 31st, 2006 at 10:21 pm

In response to growing concerns over search engine privacy, the metasearch engine Ixquick has announced it will permanently delete all personal search details gleaned from its users from their log files.



Think of it as an “Is our e-business being screwed” test.

http://www.infoworld.com/article/06/08/02/HNnetneutralitytest_1.html?source=rss&url=http://www.infoworld.com/article/06/08/02/HNnetneutralitytest_1.html

Researcher creates net neutrality test

Software can tell if computers are treating some types of TCP/IP traffic better than others

By Robert McMillan, IDG News Service August 02, 2006

A Seattle-based security researcher has devised a way to test for net neutrality. Dan Kaminsky will share details of this technique, which will eventually be rolled into a free software tool, on Wednesday at the Black Hat USA security conference in Las Vegas. The software can tell if computers are treating some types of TCP/IP traffic better than others -- dropping data that is being used in VOIP (voiceover Internet Protocol) calls, or treating encrypted data as second class, for example.



If I read this right, it will also be a way to identify commercial software/documents and filter them from all the data captured as part of e-discovery...

http://www.extremetech.com/article2/0,1558,1997512,00.asp?kc=ETRSS02129TX1K0000532

Update: Altnet Collecting 'File Fingerprints' In Anti-Piracy Database

August 1, 2006 By Mark Hachman

Altnet, a peer-to-peer distributor of licensed content, is expected to announce on Wednesday a global database of "unique identifiers" designed to help bust piracy.

The "Global File Registry" will contain a list of unique identifiers, a sort of digital fingerprint, that the company will apparently make open to others hoping to look for an autmoated way to detect copyrighted files. The tool will even allow content owners to disconnect specific users of GFR-subscribed peer-to-peer networks without input from either the user or the network.



http://www.bespacific.com/mt/archives/012002.html

August 01, 2006

GPO New Electronic Titles Now Available for July 2006

New Electronic Titles (NET) are now available for July 2006. These files are accessible from the New Titles section of the Catalog of U.S. Government Publications (CGP).



This is worth a look. I can see lots of uses for governments.

http://www.bespacific.com/mt/archives/012003.html

August 01, 2006

San Diego County Regional Crime MAPS Online

To look for incidents, "use this screen...to select a jurisdiction (city, unincorporated area in the county, neighborhood, or political district) and a location of interest. The location can be a school, hospital, ZIP code, tourist attraction, major shopping center, neighborhood, address, or intersection."



You might need to wait for the rush to end...

http://digg.com/linux_unix/Free_book_The_Easiest_Linux_Guide_You_ll_Ever_Read

Free book: The Easiest Linux Guide You’ll Ever Read

jrepin submitted by jrepin 1 day 5 hours ago (via http://www.suseblog.com/?p=141)

The author Scott Morris says: "After several months of writing and revising, I have made available the Easiest Linux Guide You ’ll Ever Read. It is a book geared towards people who are competent with using Windows, who have never attempted to use Linux but are interested in giving it a try."

Tuesday, August 01, 2006

Hummm...

http://www.securityfocus.com/columnists/412?ref=rss

E-mail privacy in the workplace

Mark Rasch,

... A number of U.S. states require that, before you can record the contents of an "oral" or telephonic communication (or before you can "intercept" such a communication) you must have the consent of all parties to the conversation. Such is the law in Massachusetts (Mass. Ann. Laws ch. 272), Michigan (§99 Michigan, Mich. Comp. Laws §750.539c), Nevada (Nev. Rev. Stat. Ann. §200.620 - by court decision, and N. H. Rev. Stat. Ann. §570-A:2) South Carolina (S.C. Code Ann. §16-17-470), and Washington State (Wash. Rev. Code § 9.73.030).

Some states expressly extend this "all party consent" philosophy to "electronic" communications. This includes California (Conn. Gen. Stat. §52-570d:), Delaware (Del. Code Ann. tit. 11, §2402(c)(4)), Florida, (Fla. Stat. ch. 934.03), Hawaii, (Haw. Rev. Stat. §803-42), Illinois (720 ILCS 5/), Louisiana (La. Rev. Stat. §15:1303), Maryland (Md. Code Ann., Courts and Judicial Proceedings §10-402), Montana ( Mont. Code Ann. §45-8-213) and Pennsylvania (18 Pa. Cons. Stat. §5703).


Even better!

http://news.com.com/2010-1022_3-6100542.html?part=rss&tag=6100542&subj=news

Company laptops, privacy and you

By Eric J. Sinrod Story last modified Tue Aug 01 04:00:07 PDT 2006

Yes, it is true, the great weight of law holds that employees generally should not have privacy expectations when it comes to their work-related electronic communications, especially when they have signed computer policies that explicitly state this to be the case.

However, in a recent twist, a federal court has held that employees may be able to assert that the attorney-client privilege applies to their communications with their attorneys on company laptops under certain circumstances.

In the case Lara Curto v. Medical World Communications, a federal trial judge in New York affirmed the holding of a magistrate that a particular employee had not waived the attorney-client privilege concerning documents retrieved from company laptops she had used during the course of her employment.

The plaintiff employee had been employed by Medical World Communications (MWC) from August 1995 to October 2003. In connection with her work, the plaintiff signed MWC's "E-mail/Computer Privacy Policy" that was contained within the company employee handbook. The policy specifically states that employees do not have any expectations of privacy in their communications on MWC's computer system; the computer system belongs to MWC; the computer system only can be used for business purposes; and MWC is entitled to access and review communications on the computer system.

Starting in May 2002, the plaintiff worked primarily out of her home office. She was assigned two company laptops in succession for work-related purposes. The plaintiff used the laptops to create, send and retrieve electronic communications with her own private attorney. She deleted these communications before she returned the laptops to MWC.

Almost two years later, MWC hired a forensic consultant who was able to restore and retrieve some of the deleted communications between the plaintiff and her private attorney. The plaintiff claimed that these restored and retrieved communications were governed by the attorney-client privilege, and had to be returned and not kept by MWC. MWC, on the other hand, argued that the plaintiff had no expectation of privacy in these communications, as reflected in the policy that she had signed, and thus she had waived any potential privilege. The matter came to a head for resolution by the magistrate by the trial judge assigned to the case.

The magistrate ultimately ruled that the plaintiff had not waived her right to assert the attorney-client privilege with respect to the communications with her private attorney, notwithstanding the policy. The magistrate found significant, among other factors, that MWC had not actively enforced the policy previously, other than on just a few prior occasions, and thus had created a "false sense of security" which "lull(ed) employees into believing that the policy would not be enforced."

Moreover, the magistrate found that the plaintiff had taken reasonable precautions to prevent inadvertent disclosure of her communications with her attorney by sending the subject e-mails through her own personal AOL account, which did not go through MWC's servers, and because she had deleted the communications before returning the laptops (she did not know that those e-mails would be restored and retrieved).

... Specifically, the trial judge held that whether a company enforces its monitoring policies or not "goes right to the heart" of whether the plaintiff's conduct was such that she waived the protection of the attorney-client privilege. Because she was using an AOL account, deleted her communications, and the company before did not regularly enforce its policy, the plaintiff's conduct did not rise to the level of waiver.


Controversy? Surely everyone agrees...

http://www.technewsworld.com/rsstory/52111.html

FDA Contemplates Over-the-Counter 'Plan B' Drug Sales

AFX News Limited 07/31/06 8:00 PM PT

The Food and Drug Administration may consider allowing sales of the so-called morning-after pill without a prescription. So far the FDA has rejected plans for nonprescription sales of the drug, citing concern about young teens' use of the pills without a doctor's guidance. Now, the FDA is reportedly considering a plan to sell the drug over the counter with age restrictions.



http://www.technewsworld.com/rsstory/52112.html

Wireless Broadband for the Home Fueling Gaming, MP3 Sales

By Gene J. Koprowski4 TechNewsWorld 08/01/06 5:00 AM PT

"Our vision of the digital home is one where a variety of digital devices use wireless home networking technologies to seamlessly interact with each other and with the available broadband and digital services," said David Mercer, vice president of Strategy Analytics. "This vision is being realized."



http://www.infoworld.com/article/06/07/31/HNbanksecurity_1.html

Banks face Web security deadline

Majority of banks are unprepared to meet Dec. 31 deadline for complying with guidelines

By Jaikumar Vijayan, Computerworld July 31, 2006

For some bank IT managers, last fall's release of federal guidelines on validating the identities of online users helped catalyze ongoing efforts to adopt so-called strong authentication measures.

But a majority of U.S. banks appear unprepared to meet the Dec. 31 deadline for complying with the guidelines, several analysts said last week. They placed much of the blame for the current lack of preparedness on the fact that the guide-lines aren't mandatory and don't specify what form of strong authentication banks should implement.



Now you can find the identity theft data you need much faster!

http://www.bespacific.com/mt/archives/011991.html

July 31, 2006

Reporters Committee Releases Update of State Open Government Guide

"The Open Government Guide is a complete compendium of information on every state's open records and open meetings laws. Each state's section is arranged according to a standard outline, making it easy to compare laws in various states."



Tools & Techniques

http://techdirt.com/articles/20060731/2254225.shtml

Bot-On-Bot eBay Scamming

from the when-the-bots-takeover dept

It's one of the oldest eBay scams in the book: sell something you don't have, pocket the money and walk away. However, these days, for it to work you need to have at least a decent eBay feedback reputation. A few years ago, this would work out with the scammer acting as a legit eBay user for a few months, buying and selling various cheap items, building up a decent profile... and then putting up some big expensive item for the scam payoff. Again, however, the times are changing and that process is too involved -- so the next generation of scammers has move on to eBay scamming automation. They use bots to scan eBay and buy $0.01 "buy it now" items. Apparently, many of the sellers who offer such things use bots themselves to manage all those offers -- including the near automatic "good feedback" stamps of approval. So, the bots talk to the bots, and any new scamming user can build up a nice looking feedback page with tons of successful deals -- all at just a penny a shot. The bots can create tons of new users as well, all of which are quickly building up good eBay reputations. Then, they can waltz in with the real scam and drop the account, and move right on to the next "primed" account their bot has set up for them. So far, there's no evidence that the bots on both sides may be controlled by the same scammers -- but each side benefits by getting a near automatic feedback boost.



http://technology.guardian.co.uk/news/story/0,,1834036,00.html?gusrc=rss&feed=20

YouTube overtakes MySpace

The rise and rise of YouTube

Mark Sweney MediaGuardian.co.uk Monday July 31, 2006

YouTube has established itself at the top of the league of the new generation of community websites by becoming even more popular than MySpace, according to research.

The video sharing site has taken a 3.9% share of global internet visits a day compared with 3.35% for MySpace, according to internet analysis company Alexa.



Perhaps this is the way to go. I bet Microsoft would like everyone to upgrade their software!

http://news.yahoo.com/s/ap/20060731/ap_on_hi_te/cingular_older_phones

Cingular to charge $5 for older phones

By BRUCE MEYERSON, AP Business WriterMon Jul 31, 5:52 PM ET

About 4.7 million Cingular Wireless subscribers with older phones will have to pay $5 extra each month as the company tries to prod them to get new handsets so it can devote its entire network to one type of signal.



I've been suggesting something like this for years. Who'd a thunk the first mover would be Boston? Of course my plan didn't rely on donations.

http://www.nwfdailynews.com/articleArchive/jul2006/bostonwifi.php

Boston plans to have nonprofit run citywide Wi-Fi network

By MARK JEWELL AP Business Writer 2006-07-31

BOSTON (AP) - The city is considering an unusual approach to creating a citywide, low-cost wireless Internet network: putting a nonprofit organization, rather than a private service provider, in charge of building and running the system.

Monday, July 31, 2006

Wow! This works on so many levels... (1) The promise of the Internet (reliable communications even during nuclear war) has been realized! (2) We ain't afeared o' no North Korean nuke-missile! (3) Space is becoming busy again, we need more space for the monitors.

http://politics.slashdot.org/article.pl?sid=06/07/30/174236&from=rss

Cheyenne Mountain Shutting Down

Posted by Zonk on Sunday July 30, @01:32PM from the stargate-shut-down dept. Space United States Politics Technology

WilliamSChips writes "The United States military has announced that they are shutting down the facility at Cheyenne Mountain, home to the high-tech NORAD which tracks every object in the sky. NORAD's operations will be moved to the nearby Peterson Air Force base. The mountain facility is being placed on standby in case they need it again." From the article: "The Cheyenne Mountain center, at the eastern foot of the Rockies near the base of Pikes Peak, was constructed underground in the mid-1960s. Fearing nuclear attacks at the time, the United States built sites such as the Cheyenne Mountain complex. The Navy prepared a floating White House aboard the communications cruiser USS Northampton, in case the president needed to be evacuated from U.S. soil. Another protective bunker was created near White Sulphur Springs, W.Va., for members of Congress."



Most users would not be into the whole “Learn everything about your attacker” scene. They only want, “Stop it! Go away!” Is there an outsource market for this?

http://it.slashdot.org/article.pl?sid=06/07/30/179220&from=rss

Fun Things To Do With Your Honeypot System

Posted by Zonk on Sunday July 30, @02:27PM from the more-than-just-keeping-bees dept. Security IT

An anonymous reader writes "Whitedust is running an interesting article on honeypots and their uses. From the article: 'Most papers deal with the potential gains a honeypot can give you, and the proper way to monitor a honeypot. Not very many of them deal with the honeypots themselves... Honeypots can be used to ensnare and beguile potential hackers; entice them to give you more research information, and actively defend your production network."" From the article: "Once an attacker has taken all the trouble to set up shop on your honeypot, he'll probably want to see what else there is to play with. If your honeypot is like most traditional honeypots, there's not much for an attacker to do once he gets in. What you really want if for the attacker to transfer down all the other toys in his arsenal so you can have a copy as well. Giving an attacker additional targets with various operating systems and services can help him decide to give you his toys. The targets can be real, but you'll get almost as much mileage if they're simulated. A good place to start is to put a phantom private network up hung off the back of the honeypot."



http://hardware.slashdot.org/article.pl?sid=06/07/30/2124225&from=rss

50th Anniversary of the First Hard Drive

Posted by Zonk on Sunday July 30, @06:33PM from the whirrr-click dept. IBM Data Storage

ennuiner writes "Over at Newsweek Steven Levy has a column commemorating IBM's introduction of the first hard drive 50 years ago. The drive was the size of two refrigerators, weighed a ton, and had a vast 5MB capacity. They also discuss the future of data storage." From the article: "Experts agree that the amazing gains in storage density at low cost will continue for at least the next couple of decades, allowing cheap peta-bytes (millions of gigabytes) of storage to corporations and terabytes (thousands of gigs) to the home. Meanwhile, drives with mere hundreds of gigabytes will be small enough to wear as jewelry."



Think of it like those recoverable document revisions (or not quite redacted passages) in Word. Another technique the e-discovery people will need to perfect and automate.

http://yro.slashdot.org/article.pl?sid=06/07/31/0044201&from=rss

Microsoft Adds Risky System-Wide Undelete to Vista

Posted by Zonk on Sunday July 30, @09:43PM from the choose-wisely dept. Windows Privacy Microsoft IT

douder writes "Windows Vista will have a new 'previous versions' feature when it ships next year. According to Ars Technica, the feature is built off of the volume shadow copy technology from Windows XP and Windows Server 2003. Now turned on by default, the service stores the modified versions of a user's documents, even after they are deleted. They also report that you can browse folders from within Explorer to see snapshots of what they contained over time. It can be disabled, but this seems like a privacy concern." From the article: "Some users will find the feature objectionable because it could give the bossman a new way to check up on employees, or perhaps it could be exploited in some nefarious way by some nefarious person. Previous versions of Windows were still susceptible to undelete utilities, of course, but this new functionality makes browsing quite, quite simple. On the other hand, it should be noted that 'Previous Versions' does not store its data in the files themselves. That is, unlike Microsoft Office's 'track changes,' files protected with 'Previous Versions' will not carry their documentary history with them."



Convergence

http://hosted.ap.org/dynamic/stories/V/VERIZON_WIRELESS_MUSIC?SITE=VALYD&SECTION=HOME&TEMPLATE=DEFAULT

Verizon Wireless to End Music Download Fee

By BRUCE MEYERSON AP Business Writer Jul 31, 1:39 AM EDT

NEW YORK (AP) -- Verizon Wireless is eliminating the monthly $15 fee for its music download service in conjunction with the launch of a cell phone featuring an iPod-like click wheel and a memory card that can hold up to 1,000 songs.



http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=112499&source=rss_news50

Learn the Science of Compliance to Survive

Douglas Schweitzer July 31, 2006 (Computerworld)

... Not only is data required to be retained for a specific time period, but it is also to be done in a secure fashion, as per legislation like the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act, the Sarbanes-Oxley Act, the Federal Information Security Management Act and California's SB 1386.

... New accountability regulations are forcing businesses (and their executives) to ensure that not only is company data accurate, but also that consumer data is adequately secured. [Except on laptops? Bob]

With the growing number of regulations, those in charge of privacy and security compliance need comprehensive and practical information about the issues they must address -- and it's often up to them to find that information. [Guidelines would be useful! Bob] Compliance with regulatory requirements means that businesses have to dedicate personnel to the task, in effect maintaining a staff just for that purpose. The extent of the hours to be committed is especially evident, for instance, in the portion of the Sarbanes-Oxley Act that requires that records of electronic communications be tamperproof and that electronic storage media be kept in nonrewritable, nonerasable formats. Here, electronic communications includes not only e-mail, but instant messaging and some phone communications as well.

... The National Institute of Standards and Technology offers an introductory resource guide for implementing HIPAA, which can be found at http://csrc.nist.gov/publications/nistpubs/800-66/SP800-66.pdf. The Federal Trade Commission offers advice for complying with the financial privacy requirements of Gramm-Leach-Bliley at www.ftc.gov/bcp/conline/pubs/buspubs/glbshort.htm. A growing number of consultancies have arisen that do nothing but guide companies through the thicket of compliance.



If you were managing this, rather than reacting to the unexpected, you would plan to make theft of a laptop a trivial event. Why would you plan to put all the company's data on every laptop? (see the story above)

http://www.eweek.com/article2/0,1759,1996020,00.asp?kc=EWRSS03119TX1K0000594

Preparation Eases the Pain of Stolen Laptops

July 30, 2006 By Matt Hines

... Before the end of the current session, the U.S. House of Representatives is expected to vote on the passage of the Financial Data Protection Act of 2005, which aims for more stringent reporting requirements for businesses that lose or mishandle sensitive customer data.

Much as similar laws passed by individual states have pushed the problem into the spotlight, the bill, if passed, is likely to force companies to be even more open about their technology-related missteps.

... "Nobody wants to be on the 6 o'clock news, and the reality is that we do lose equipment every year," said Bill Jenkins, director of IT for Unicco, a provider of facility management services in Newton, Mass.

"And no matter how hard you try to educate your users, some people will always do stupid things and walk around with data they shouldn't, even when you've told them not to do so." [Manage it! You can always prevent or at least detect employees (anyone) moving thousands of records to their laptop. Bob]

... According to a report issued by the FBI, roughly one in 10 laptops will eventually be lost or stolen. [Can this be true? Bob]

... Executives at Pointsec Mobile Technologies, which markets endpoint device encryption applications, said enterprises must start with an internal policy that dictates how sensitive every piece of information is and how that specific data and the device it resides on must be protected.



“I can do that heart transplant for $19.95!” Dr. Earl Scheib

http://www.latimes.com/business/la-fi-outsource30jul30,0,2330630.story?coll=la-home-headlines

U.S. Employers Look Offshore for Healthcare

As costs rise, workers are being sent abroad to get operations that cost tens of thousands more in the U.S.

By Daniel Yi Times Staff Writer July 30, 2006

... Carl Garrett of Leicester, N.C., will fly to a state-of-the-art New Delhi hospital in September for surgeries to remove gallstones and to fix an overworn rotator cuff. His employer, Blue Ridge Paper Products Inc. of Canton, N.C., will pay for it all, including airfare for Garrett and his fiancee. The company also will give Garrett a share of the expected savings, up to $10,000, when he returns.

... Blue Ridge, which employs 2,000 and funds its own health plan, began studying the idea out of frustration with rising rates at local hospitals, company officials said. Blue Ridge's healthcare costs have doubled in the last five years, to about $9,500 a year per employee.

"The hospitals have a monopoly. They don't care, because where else are patients going to go?" said benefits director Bonnie Blackley. "Well, we are going to go to India."

Every year, tens of thousands of Americans travel abroad for cheaper tummy tucks and angioplasties. This "medical tourism" has typically been reserved for uninsured procedures or uninsured patients.

... A coronary artery bypass surgery costs about $6,500 at Apollo Hospitals in India, Milstein estimated.

The average price in California is $60,400.