Hackers gain private information on all 642,720+ Second Life users
indyhouse submitted by indyhouse 13 hours 36 minutes ago (via [Article follows]
Linden Labs has forced a password reset for every one of its 642,720+ residents after it was revealed hackers gained access to the entire user database. Customer service will not begin to address password issues until Monday, September 11. (the news story link is a "blog" because that is the "official" lines of communications from Linden Labs
Urgent Security Announcement
Friday, September 8th, 2006 by Robin Linden
On September 6 we discovered evidence that an intruder was able to access the Second Life database through the web servers. The exploit was shut down on the afternoon of September 6 when we discovered it.
Detailed investigation over the last two days confirmed that some of the unencrypted customer information stored in the database was compromised, potentially including Second Life account names, real life names and contact information, along with encrypted account passwords and encrypted payment information.
No unencrypted credit card information is stored on the database in question. Unencrypted credit card information has not been compromised. [Note that they do not say the encrypted information wasn't compromised. I wonder how good their encryption is? Bob]
As a precaution we have invalidated all Second Life account passwords. In order to log-in to Second Life you will have to create a new password. Please access the log-in page at https://secondlife.com/password, and click on the “Forgot Password” link. An email will be sent to the email address you have registered with us. (Don’t forget to check your spam filter!) Please click through the link in that email, answer the security question, and create a new password.
Passwords cannot be changed over the phone at this time. Phone support for password issues will be available starting Monday, September 11.
It must be difficult for a board of directors to provide useful guidance to a company when they can talk themselves into doing something like this...
Update: Criminal charges 'likely' in HP case
Charges are "likely" over the alleged spying scandal, but HP Chairwoman Patricia Dunn says she will not resign
By Robert Mullins, IDG News Service September 08, 2006
California Attorney General Bill Lockyer says criminal charges are likely in the scandal surrounding alleged spying involving the board of Hewlett-Packard Co. (HP), but a spokesman for Lockyer said the investigation could take "months."
Meanwhile, the HP board will hold a special meeting via conference call on Sunday to discuss the fallout from the issue, HP spokeswoman Emma Wischhusen told IDG News Service.
Chairman Patricia Dunn says she will not resign over the scandal and that she was "appalled" that contractors hired to investigate news leaks used potentially illegal methods, according to news reports.
Chief Executive Officer Mark Hurd, in a letter to company employees that was released late Friday, urged them to keep focused on their work. "The media coverage and speculation regarding the recent actions of the HP Board … have nothing to do with the strategy or operations of Hewlett-Packard," he said.
Hurd, who emphasized that he was speaking as CEO and not as a board member, added: "There has been a long history of leaking company information with the HP board that clearly needs to be resolved."
HP is on the defensive after the disclosures this week that phone records of HP board members and journalists were hacked to see who on the board discussed with reporters confidential board strategy sessions earlier this year. The company disclosed in a U.S. Securities and Exchange Commission filing Wednesday that investigators, in order to identify the leaker, had used "pretexting," a method in which false pretenses are used to gain online access to others' phone records.
The investigation determined that director George Keyworth was the source for a Cnet.com story in January about HP's strategy.
Keyworth was asked to resign from the board in May but refused. Board member Thomas Perkins, a renowned Silicon Valley venture capitalist, did resign in May in protest over concerns with the HP board's handling of investigations into leaks of confidential information.
The news that the phone records of nine reporters who cover HP were hacked has outraged some in the journalism profession.
"HP. Does that stand for Hewlett-Packard or 'Hackers of Privacy?'" asked Christine Tatum, president of the Society of Professional Journalists, a professional and advocacy organization for journalists, in a statement Friday.
"Journalists are not the only ones who should be concerned with this issue," said Tatum, who is a business writer for the Denver Post. "Pretexting could be used against disgruntled customers, employees or debtors."
HP's response that it was "dismayed" that phone records were hacked strikes Tatum as insufficient: "This [pretexting] practice amounts to identity theft and a national corporation should be held accountable."
Dunn, in an interview in the Wall Street Journal Friday, said that while she ordered the investigation of board news leaks, she did not know the investigators hired to conduct the probe used pretexting.
"I was appalled. And I'm going to apologize," to those journalists, she told the Journal. Because she was also subject to investigation, she said she could not have known what methods the investigators used. [That sentence makes no sense... Bob]
But while she does not plan to resign, Dunn will take into consideration what the board thinks she should do. "I serve entirely at the pleasure of the board,'' Dunn told the Journal. "If they determine it no longer is in the interest of shareholders [for me to remain on the board] I will do so.''
The criminal investigation of the case continues.
"There has been no final decision [on charges] but we are confident that a crime was committed," said Lockyer spokesman Thomas Dressler. "The attorney general does not want to sacrifice thoroughness for expediency. The investigation could take a couple of months."
Charges could be filed under a California law prohibiting gaining unauthorized access to computer data or under another law prohibiting identity theft through unauthorized use of personal information, published reports say.
A bill to specifically outlaw pretexting is on Governor Arnold Schwarzenegger's desk awaiting his signature. The governor has until the end of September to sign or veto the bill, spokesman Darrel Ng told IDG News Service. Schwarzenegger hasn't taken a position on the pretexting bill, but only because it is one of hundreds of bills passed during the recently concluded session of the California Legislature, Ng said.
Use Of Pretexting Was Embarrassing... Or Getting Caught Was Embarrassing?
from the looks-like-it-was-the-getting-caught-part dept
As the HP board spying scandal continues to get worse, HP's chairwoman, Patricia Dunn has finally spoken out publicly on the matter, saying that the use of pretexting for board members and reporters has been a "major embarrassment." After being quiet for a few days, that's all she can come up with? She also refused to resign, but says if the board wants her to, she will. However, her statements highlight how problematic the situation really is. She continues to distance herself from the problem. Just as the company originally tried to make it out that the leak of info was worse than illegally obtaining records by pretending to be someone else, Dunn isn't taking any responsibility for the scandal at all. She claims that she wasn't spying on the board, because she had the backing of the board in the investigation -- even though this contradicts the statements of other board members. She says she's not happy, but she called for the investigation, despite a huge number of more pressing priorities. She says she doesn't even know the name of the investigating firm, saying she had people at the company hire it for her. She says she believed that the investigating company had been told that "everything done would be not only legal but fully compliant with HP's high standards for both ethics and business practices," but she knew about the use of pretexting much earlier than this. She knew about it in May when she exposed the board member who leaked, and Tom Perkins specifically called her out on the use of it. If she's embarrassed now, it's not because of the use of pretexting, which Perkins made clear to her was "illegal, unethical, and a misplaced corporate priority." If she were embarrassed back then, she would have apologized then. Instead, it certainly appears that the embarrassment is about being caught and having this info exposed. Yes, she should be embarrassed, but so should HP's shareholders and employees to discover how their board has handled this mess. Update: And just to make this more fun, California's Attorney General is now saying that criminal charges are likely going to be filed concerning the spying. They just want to complete their investigation. Update 2: And, now the FCC is getting involved as well.
Looks like the old records retention policy needs a brush up.
Chase Tosses Personal Information On Credit Card Holders
September 7, 2006
Personal information on 2.6 million past and current Circuit City (CC) credit card holders was mistakenly thrown out as trash. Chase Card Services said it mistakenly tossed out computer tapes with the personal information of Circuit City card holders. It said it believes the tapes, inside a locked box, were compacted, destroyed and buried in a landfill.
... Chase said it has begun notifying customers and is monitoring affected accounts and has not identified any misuse of personal information. A free, one-year credit monitoring service is being offered to individuals whose social security number was on the thrown out tapes.
Does this mean AJAX is a capitalist tool?
Forbes Reviews AJAX Apps for Small Businesses
Posted by Zonk on Friday September 08, @03:25PM from the better-than-the-cleaning-product dept. Software The Internet IT
prostoalex writes "Forbes magazine evaluates the variety of AJAX-powered Internet-based applications and their suitability for small businesses. The office suite replacements Forbes magazine chose are Google-centric: Google Calendar, Spreadsheets, Notebook and Gmail are the winners of their respective categories. Pageflakes and YouOS are tied for the leader's spot in 'Webtops' category."
Posted by Zonk on Saturday September 09, @06:28AM from the heading-out dept. Businesses IT
punkish writes "India is becoming more attractive to information technology workers from Western countries. Some local IT companies, such as Infosys Technologies in Bangalore, are now able to offer salaries and other perks that are comparable to what Western IT talent would find in their home countries. [Does this indicate the end of the labor cost advantage? I think not! Bob] Infosys, which is currently training 126 Americans at its cutting-edge complex in Mysore, expects to employ 300 Americans by the end of 2006 and add a large contingent from Great Britain next year."
Perhaps someone gets it after all!
When "Free" Downloads Are Also Legal
FindLaw By Cecily Mak,
Free music is now becoming more and more acceptable and mainstream - and believe it or not, it is legal.
(I haven't seen an online link yet.) If you publish a guide like this, isn't it likely to come back and bite you when your employees ignore the suggestions?
Theft of 900 bank customer files prompts e-privacy primer
Last Updated Fri, 08 Sep 2006 16:03:29 EDT CBC News
Thieves got the files of 900 Ottawa area bank customers when they stole a Bank of Montreal laptop in May.
In response to that and similar crimes, the bank and Ontario's information and privacy commissioner jointly released a brochure on Thursday to educate the public on how to keep sensitive information private and safe on portable electronic devices such as laptops, PDAs and cellphones.
The brochure, called Reduce Your Roaming Risks: A Portable Privacy Primer, says such popular devices are "golden eggs" for criminals who steal other people's personal information and use it to commit crimes such as credit card fraud.
Check out webcitation.org — a project run at the University of Toronto. The basic idea is to create a permanent URL for citations, so that when the Supreme Court, e.g., cites a webpage, there’s a reliable way to get back to the webpage it cited. They do this by creating a reference URL, which then will refer back to an archive of the page created when the reference was created. E.g., I entered the URL for my blog (“http://lessig.org/blog”). It then created an archive URL “http://www.webcitation.org/5IlFymF33”. Click on it and it should take you to an archive page for my blog.
Creating a new legal system doesn't happen every day...
September 07, 2006
Armed Services Cmte. Hearing on White House Military Commissions Legislation
Follow-up on yesterday's posting, Administration's Proposed Legislation to Create Military Commissions, the House Armed Services Committee Release, Hearing on Military Standards and Commissions Utilized in Trying Detainees, September 7, 2006
Chairman Hunter Opening Statement (pdf)
Witness statements: Mr. Steven Bradbury, Acting Assistant Attorney General, Department of Justice (pdf); Major General Scott C. Black, USA, The Judge Advocate General of the Army (pdf); Rear Admiral Bruce E. MacDonald, USN, The Judge Advocate General of the Navy (pdf); Major General Charles J. Dunlap, Jr., USAF, Deputy Judge Advocate General of the Air Force (pdf); Brigadier General James C. Walker, USMC, Staff Judge Advocate to the Commandant U.S. Marine Corps (pdf)
Samsung Lets The World Know Its Phones Are Breakable
from the just-reminding-you dept
Psst... have you seen the video about how to easily the Samsung Ultra Edition mobile phone can break? Neither had we. In fact, there didn't seem to be much talk of it at all. But now a lot of people are going to hear about how breakable the Samsung Ultra Edition is, as the company has foolishly said it may take legal action against the creator of the video. What does Samsung think it could possibly accomplish with this? There's no way to suppress the video, now that it's been released; there's no meaningful monetary reward that it could get. There's simply no possible outcome other than alerting more people to the video and the alleged weakness of its phones. Eventually, companies will come to understand the Streisand effect, and fire the lawyers who keep encouraging them to make stupid legal decisions.
EMI Demands IP Addresses From Everyone Who Downloaded Beatles/Beach Boys Mashup
from the DJ-Dangermouse-Part-II dept
EMI, it appears, just doesn't learn. Two years ago, DJ Dangermouse (now gaining a ton of fame for the ridiculously popular Gnarls Barkley tune Crazy) created a mashup of the Beatles' White Album and Jay-Z's Black Album, called the Grey Album. It was a big hit, and probably attracted some fans of one artist to the music of the other. One thing it clearly did not do, is hurt the sales of either artist. It was clearly not a replacement for the music of either one. But, EMI and Capitol Records, who own the rights to the Beatles music, apparently didn't understand that. Their lawyers went nuts sending out cease and desist letters. Jump forward to a few weeks ago, when producer Clayton Counts, mashed up the Beatles' Sgt. Pepper's Lonely Hearts Club album with the Beach Boys Pet Sounds. Considering the history of the two albums, and the constant comparisons between the two, this seems like a natural "mashup" project. So, what happens? As Boing Boing points out, EMI and Capitol Records have pulled the same stunt, sending out a nastygram cease-and-desist letter, which you pretty much had to expect. However, rather than just demanding that Counts take down the music, the letter (which, of course, is meaningless from a legal standpoint), also demands the IP addresses of anyone who might have streamed or downloaded the songs. Counts is ignoring the cease-and-desist, and it's anyone's guess if the label will pursue this issue, but it again raises issues about lawyers making business decisions without thinking through the actual impact on their business.
Is this worth following?
Police blotter: Cops raid Usenet provider over porn
By Declan McCullagh Story last modified Fri Sep 08 16:55:21 PDT 2006
"Police blotter" is a weekly CNET News.com report on the intersection of technology and the law.
What: An Internet service provider files a civil rights lawsuit after being raided by Pennsylvania police in January 2004.
When: U.S. District Judge Mary McLaughlin in the eastern district of Pennsylvania rules on August 30.
Outcome: A partial victory for both sides, with the lawsuit proceeding but some of the company's claims rejected.
What happened, according to court documents and news reports:
Voicenet Communications and subsidiary Omni Telecom were raided in January 2004 as part of an Bucks County, Pa., investigation into child pornography. During the raid, servers and other computer hardware were, according to the companies, "illegally seized" and business operations were substantially impaired.
The servers included data distributed through Usenet, a sprawling and decentralized collection of discussion groups called newsgroups. Discussion topics include everything from soc.history to rec.aviation, sci.nanotech, and alt.sex.exhibitionism.
Some newsgroups feature sexual discussions and a few include erotic photographs and videos. Because the volume of daily Usenet posts is far too vast for any human to read, ISPs are almost never aware of the contents of individual messages.
Voicenet and Omni Telecom claim that the raid went too far--akin to the police raiding a phone company and hauling away its switches and networks as part of an investigation into prank phone calls. Their civil rights lawsuit claimed violations of federal law, state law, and--because their customers were precluded from continuing in discussions--the First Amendment.
The raid was closely watched by other Internet and Usenet providers at the time, because of the nature of Usenet: A post by any user is automatically distributed to thousands of servers at corporations, ISPs, and universities. That means, in other words, if one Usenet provider is liable for illegal content on its servers that it doesn't even know exists, any provider could be potentially liable as well.
In her order last week, U.S. District Judge Mary McLaughlin permitted the case to go forward but with some caveats. She sided with Voicenet on some points and the Bucks County district attorney on others.
Excerpt from Judge McLaughlin's opinion:
The plaintiffs, Usenet newsreader and Internet service providers, have sued several Commonwealth and local law enforcement officials under (federal civil rights laws) for violations of their constitutional and statutory rights in connection with the execution of a search warrant on the plaintiffs' premises on January 21, 2004.
The defendants have moved to dismiss counts II through VI of the complaint, which allege deprivations of rights under the Communications Decency Act, the Electronic Communications Privacy Act, Pennsylvania's Internet Child Pornography Law, the Commonwealth Attorneys Act, and the Fourth and Fourteenth Amendments...The defendants have not moved to dismiss count I, for deprivation of freedom of speech under the First and Fourteenth Amendments, or count VIII, for violation of the Commerce Clause. These claims go forward...
The Court will grant the defendants' motion in part, and deny it in part. Specifically, the Court will dismiss the plaintiffs' due process claims based on alleged violations of the ICPL and the Commonwealth Attorneys Act. The Court will also dismiss the plaintiffs' ECPA claim. The CDA claim may go forward, but only to the extent that the plaintiffs seek declaratory or injunctive relief; the defendants are entitled to qualified immunity from damages because the plaintiffs' rights under the CDA were not clearly established at the time of the alleged violation. The Fourth Amendment claim may go forward because it is too early for the Court to determine whether all of the defendants reasonably relied on the search warrant in question.
The CDA provides, in relevant part: "No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider." The CDA further provides: "No cause of action may be brought and no liability may be imposed under any State or local law that is inconsistent with this section."
In count II of the complaint, the plaintiffs allege that the defendants violated their rights under the CDA by enforcing against them...a state statute that criminalizes the knowing distribution and possession of child pornography. The defendants have moved to dismiss count II on the grounds that: 1) the CDA does not confer an enforceable right, privilege, or immunity...and 2) to the extent that the CDA does confer an enforceable right, it provides immunity from only civil, not criminal, liability.
Despite the defendants' arguments, the Court is persuaded that the plaintiffs have stated a...claim based on a violation of their rights under the CDA. The Court finds that all of the defendants are entitled to qualified immunity from money damages, however, because the plaintiffs' rights were not clearly established at the time of the actions giving rise to this litigation.
Thank God someone has the foresight to preserve our cultural heritage.
Original Simpsons Cartoons Free for Download
TheWalkingDude submitted by TheWalkingDude 22 hours 42 minutes ago (via http://www.simpsoncrazy.com/downloads/shorts.shtml )
The Simpsons began as a series of animated shorts on The Tracey Ullman Show. You can download all 48 episodes here.