Saturday, September 30, 2006

Keep dem lawyers busy!

Verizon Uses HP Spying Flap As PR Bait

from the heard-this-one-before dept

Verizon Wireless has filed suit against 20 people it claims fraudulently tricked it into giving away calling records in the HP spying case so they don't "do it again", a company spokesman says. But Verizon's suit doesn't actually name anybody in particular, just "John and Jane Doe I through XX". Yet again, Verizon's trying to cover up its own failure to protect its' customers' data by suing so it looks tough -- and to draw attention away from the fact that it never should have released this information to begin with. Verizon Wireless and other mobile operators have continually obfuscated this issue, just filing lawsuits after they've leaked info they shouldn't have, then blaming the government for somehow not having adequate legislation. Here's an idea for Verizon and its pals to chew on: instead of filing pointless lawsuits after the fact -- never mind filing them against unknown targets -- why not just stop leaking the information? Hopefully that's what they're being asked today on Capitol Hill. Somehow that seems unlikely, though, as instead of looking at regulations to force the phone companies to improve their lax security, some lawmakers are trying to push through laws that would punish the pretexters. That's the equivalent of the phone companies' lawsuits: it looks like lawmakers are doing something (right before election season), when they're not doing anything meaningful at all. [Oh my, how unusual! Bob] Update: Cingular's joined in, too -- but at least they've managed to figure out who to sue.,71882-0.html?tw=rss.index

Cingular Sues PI for Pretexting

Associated Press 16:45 PM Sep, 29, 2006

ATLANTA -- Cingular Wireless, the nation's largest cell phone provider, on Friday sued a private eye caught up in the scandal over the Hewlett-Packard leak investigation, seeking to make him pay for allegedly obtaining customer-call records under false pretenses.

The Atlanta-based company said in federal court papers it wants Charles Kelly, his firm CAS Agency and any of its agents to return all Cingular customer information they may have, give up any profits they made for getting the data and pay unspecified damages for their conduct.

The complaint, which follows a similar suit filed late Thursday by Verizon Wireless, also seeks an injunction against CAS, which is based in Carrollton, Georgia.

... Citing testimony before a House committee, Cingular said the defendants or their agents improperly obtained the customer-call records of CNET reporter Dawn Kawamoto and provided the information to HP as part of the computer maker's probe to root out corporate leaks to the media.

... Kelly was among five private eyes summoned to appear before a congressional hearing to explain their alleged actions. [Makes you wonder why Verizon can't identify its pretexters... Bob]

September 29, 2006

FTC Testifies on Protecting Consumers' Telephone Records

Press release: "The Federal Trade Commission today told the House Committee on Energy and Commerce Subcommittee on Oversight and Investigations that protecting the privacy of consumers' telephone records requires a multi-faceted approach. Joel Winston, Associate Director of FTC's Division of Privacy and Identity Protection, said that coordinated law enforcement efforts targeting pretexters, steps by telephone carriers to protect their records from intrusion, and educating consumers about actions they can take to protect their records, will help safeguard consumers' telephone records."

Our usual Friday Identity Theft disclosure... (You don't have to use a computer to screw up, it just makes the screw up bigger...)

Social Security data disclosed

State mailing error affects 146,000

By Deborah Yetter The Courier-Journal Saturday, September 30, 2006

About 146,000 Kentucky state employees and retirees are at risk of identity theft because a recent state mailing shows their names, addresses and Social Security numbers on the envelopes, officials said yesterday.

The Personnel Cabinet sent the letters this week to notify workers and retirees about state health insurance enrollment.

The Social Security number appears as part of a string of 14 numbers above the individual's name and address in the field visible through the envelope window.

Personnel Secretary Brian Crall said that including the Social Security number was an oversight [lacked oversight? Bob] and won't happen again.

... Lee Jackson, a retired state worker who is president of the Kentucky Association of State Employees, he was shocked to learn about the mistake.

"It's just a comedy of errors by this administration. And it all seems to be directed at state employees," he said.

... How it happened

Crall said the state employees' Social Security numbers got into the mailing through a combination of events involving his office and the vendor used to send the letter.

The letter originally was supposed to contain only a five-digit code that identified which agency the employee works for [I don't suppose that was a contractual requirement? Bob] as part of the address. But when addresses were compiled from a state database, the Social Security number was merged with the five-digit agency code into a 14-digit number, Crall said.

... Crall said he's not seeking to blame anyone but is focused on making sure it doesn't happen again.

"It's one of those things where there's no one specifically at fault," [This is NOT a random event. Someone had to program the computer. Bob] he said. "We'll go forward and we'll learn the lesson."

Charles Wells, executive director of the state employees' association, said the state might consider using state employees to do the work.

"I don't think they did this on purpose," he said of the mailing. "It was an accident. But you do lose a certain amount of control over things when you use an outside vendor." [Only if they clearly outsmart you. Bob]

Useful information from (who else) the WSJ

Friday, September 29, 2006

The Laptop Battery Recall Scorecard

I don't know about you but I'm starting to lose track of all the laptop batteries that have been recalled. So for both our edification here is a list of recent laptop battery recalls with pointers to additional information. Here's to flameless, non-exploding laptops.

HA! -- Great minds think alike. As I was researching this article I came across the Wall Street Journal guide to laptop battery recalls. You might want to monitor that for updates if more batteries are recalled.

New York Frees Ex-Sportingbet Chairman

By Verena Dobnik AP 09/29/06 5:00 PM PT

The former chairman of British gambling company Sportingbet was freed by a New York judge Friday after New York's governor declined to sign a warrant extraditing him to Louisiana, where he is charged with illegal online gambling. Offshore Internet gambling is not a crime in New York, and Gov. George Pataki said the state law did not permit extradition.

...because it's easier to have our laws written in other countries...

September 29, 2006

U.S. Becomes Party to Council of Europe Convention on Cybercrime

Press release: "On September 22, 2006, the President signed the United States' instrument of ratification for the Council of Europe Convention on Cybercrime. Today, the United States became a party to the Convention upon deposit of the instrument of ratification at the headquarters of the Council of Europe in Strasbourg, France. The Convention will enter into force for the United States on January 1, 2007. The Convention entered into force on July 1, 2004. As of September 27, 2006, there were 43 Signatories and 15 Parties to the Convention."

Another Judge Says There's No Trademark Violation In Selling Ads On Trademarked Keywords

from the understanding-trademark-law dept

It seems that companies never stop suing over this particular issue. Despite numerous cases before it, including from Geico and American Blinds, yet another company has sued Google because the company's competitors bought ads on the keyword of their company name, Rescuecom. Of course, this should not be a violation of trademark law. Trademark law is mostly about avoiding confusion for the sake of consumer protection. It's not about giving the trademark owner full rights over the trademark (similar to copyrights or patents). There is also the secondary issue, over whether this is even a Google issue. If it were a trademark violation, then it should be on the company who bought the ad, not Google, who is simply acting as the platform.

The good news is that in this case, the judge has come out and said clearly that there is no trademark violation in selling ads on trademarked keywords. Unlike in some of the other cases, the judge didn't punt on the issue and very clearly said there is no trademark issue here. Of course, Rescuecom is not happy with the decision and will probably appeal. It has made a statement on the matter that is worth quoting just for the level of hyperbole: "A dangerous precedent has been set that allows a behemoth to pit smaller competitors against one another, while it rakes in the additional revenue. The immense power enjoyed by Google will be compounded by this ugly tactic as advertisers clamor to reach critical online audiences. Rescuecom will not be the last company hurt by this scheme." Of course, much of that statement is wrong. This really is no different than earlier cases, and it is consistent with the purpose of trademark law. It has nothing to do with allowing a behemoth to do anything, and whether or not Google makes money has no real bearing on whether it's a problem for Rescuecom. Furthermore, it's not clear how Rescuecom is "hurt" by this. If it's true that they're hurt by someone else's ad, then it would seem that any competitor's advertisement is hurting them as well -- but last we checked, advertising against your competitors is perfectly legal.

For the e-discovery files

Basic Guidelines: Flash memory data recovery (+freeware tools review)

applehedgehog submitted by applehedgehog 22 hours 15 minutes ago (via )

Stuck with lost data on a USB memory key or Flash card and don't know what to do? Recovering data from flash memory devices is possible, and not too complex, so follow along. The articles says what to do after accidental disk format, unsafe remove, data corruption and so on. Links to freeware tools are provided along with how-to-use briefs.

Do You Need Permission To Take That Photo??

Gregd submitted by Gregd 17 hours 12 minutes ago (via )

"Before you take that photo, you may need permission for the following: Photographing buildings, works of art, or other copyrighted items; Photographing people; Photographing on public or private property. In this short article, attorney Dianne Brinson briefly discusses when permission may be required."

Very slick!

Video: Computer transforms 2D images into 3D

CLIFFosakaJAPAN submitted by CLIFFosakaJAPAN 17 hours 27 minutes ago (via )

Creating 3D animations from regular 2D images has long been thought impossible by researchers since three decades ago. But the time is different now. Researchers at Carnegie Mellon University has announced that they’ve found a way to help computers learn the geometric context of a 2D image automatically

Friday, September 29, 2006

Disappointing. Perhaps I should sell my HP stock...

The Culture of Evasion

Posted by Zonk on Saturday September 23, @02:40PM from the dodging-the-bullet dept. HP Businesses The Almighty Buck

theodp writes "In the wake of Patricia Dunn's resignation, Wired's Fred Vogelstein walked away less than impressed with HP CEO's Mark Hurd's spying mea culpa. He says it smacked more of standard corporate ass covering than leadership, especially coming 3 weeks after the scandal broke. His sentiments are echoed in Computerworld's Culture of Evasion, which was written before Hurd mounted an I-knew-nothing-defense. Hurd claims that he bailed out on a meeting that approved the spying, neglected to read the spying report directed to him, and was clueless about the tracer technology employed in the reporter-baiting false e-mail he personally gave thumbs-up to."

Another spying scandal for Capitol Hill

-- By Walter Shapiro

Hewlett-Packard ex-chairwoman Patricia Dunn got grilled about an unfolding scandal one lawmaker called "a plumbers' operation that would make Richard Nixon blush."

Sep. 29, 2006 | You know a company is in deep trouble when both its general counsel and its chief ethics officer resign on the eve of their congressional testimony -- and then immediately invoke the Fifth Amendment when they are sworn in on Capitol Hill. So it was with Hewlett-Packard on Thursday as most of the major players in the fast-moving Silicon Valley boardroom scandal were scheduled to have their moment of truth (or, at least, what passes as such in Washington) before congressional inquisitors.

There was an immediate letdown as Ann Baskins (the now ex-general counsel) and Kevin Hunsaker (her suddenly departed deputy), along with a half dozen private investigators and telephone snoops, all declined to testify, completely wiping out the initial panel of witnesses. Gone was the hope that Congress would unravel the underlying mystery of how a respected corporation like Hewlett-Packard could launch an internal leak investigation that morphed into a witch hunt -- one that included using flagrant misrepresentation (called by the euphemism "pretexting") to obtain personal phone records, computer spyware to track which employees forwarded e-mails to each other, and elaborate schemes to plant undercover moles in newsrooms.

Before a word of relevant testimony was heard, members of the House Energy and Commerce subcommittee vied with each other to come up with the best one-liners to describe the saga of how Hewlett-Packard besmirched its honor by trampling on privacy rights. Colorado Democrat Diane DeGette likened it to a "made for TV movie." Tammy Baldwin, a Wisconsin Democrat clearly taken with the gumshoe angle, called it a "third-rate detective novel." Florida Republican Cliff Stearns invoked both the Keystone Kops and "Mission Impossible." But Michigan Democrat John Dingell, who has served in the House for more than a half-century, came up with the pitch-perfect analogy when he invoked Watergate to call it "a plumbers' operation that would make Richard Nixon blush were he still alive."

In an irony not lost on both Democrats and Republicans, Hewlett-Packard was being pressed to justify using quasi-legal subterfuge to obtain phone records as the full House was poised to vote to give the National Security Agency blanket permission to continue its warrantless eavesdropping program. Idaho Republican Butch Otter, a conservative with strong libertarian sympathies, wondered how Congress "could claim the moral high ground" on privacy "when some activities of our government have been questioned."

Instead of shocking new disclosures, what Thursday's hearing offered was a character study of Patricia Dunn, the former chairwoman of the Hewlett-Packard board (she resigned last week) and the central player in the leak investigation. When Dunn, now 53, was appointed in early 2005 to succeed Carly Fiorina as the head of the faction-riven Hewlett-Packard board, her elevation was regarded as an up-by-her-own-bootstraps triumph for a woman who had started in business as a secretary for Wells Fargo Investment Advisors.

There is no evidence that Dunn demanded that private investigators skirt the edge of the law (and perhaps go over it) in their efforts to discover which board member was giving the press accounts of the board's internal deliberations. (George Keyworth, Ronald Reagan's former science advisor, was later identified as the leaker.) But internal Hewlett-Packard memos and e-mails suggest that Dunn knew the rough contours of what was being done in the name of the board and did nothing to stop the investigators' subterranean practices.

Dunn, who has survived several bouts of cancer, could have also claimed her rights against self-incrimination. By instead testifying, she took on the task of simultaneously trying to accomplish two semi-contradictory goals: restoring her reputation and saying nothing that would add to her legal jeopardy in the litigation that is certain to flow out of the Hewlett-Packard meltdown. As her lawyer, James Brosnahan, said after the hearing, "Patty Dunn is a fighter. Everyone who thought that she'd go quietly into the night is wrong."

Dunn's defense -- which is based on the supposition that a talented, driven woman could also be obtuse -- came shining through as she described in her opening statement to the committee her dealings with an outside investigator, Ron DeLia, who had earlier invoked the Fifth Amendment. "In my two or three conversations with Mr. DeLia," Dunn said, "I learned that checking telephone records was a standard investigative technique at HP, and that they were drawn from publicly available sources." In reality, DeLia and his shadowy sub-contractors obtained these records through impersonation and other unethical (if perhaps legal) means.

"I understood that you could call up and get phone records -- and it is a common investigative technique," Dunn also said. As she continued to repeat her innocent assumption during her nearly five hours of testimony, Oregon Republican Greg Walden finally lost his patience. With a note of puzzlement Walden asked, "You thought that I could call up and get your phone records?" Dunn responded, "I thought you could." Finally, shaking his head with incredulity, he simply inquired, "You're serious?"

In a technical sense, Dunn was an impressive witness. Toward the end of the afternoon, both Republican subcommittee chairman Ed Whitfield of Kentucky and DeGette, the senior Democrat on the panel, had that glazed, weary look that can often be seen in bus stations at 3 o'clock in the morning. Dunn, in contrast, was sitting at the witness table, not a hair out of place, with the kind of strict posture that Emily Post would admire. The only hint of Dunn's nervousness was her tight two-handed grip on her pen.

Dunn's difficulties at Hewlett-Packard may have partly stemmed from her self-imposed tunnel vision and her unswerving belief in corporate hierarchies that left her behaving as if ethics were not her department. In her written chronology provided to the committee, Dunn acknowledged that she had been briefed about a "sting" operation that would somehow expose the leaker by feeding fabricated information to a business reporter covering the company. Asked by DeGette about her feelings as to whether this was proper corporate conduct, Dunn admitted, "This did raise some concerns for me." The Colorado Democrat pressed her on what she did as a result. Dunn's answer was classic bureaucratic buck-passing: "I sent the team to management to get approval for their techniques."

While Dunn spent half the afternoon expressing "regret" in a passive mistakes-were-made fashion, she drew the line there regarding her culpability in the scandal that has left Hewlett-Packard reeling and cost her the chairwoman's seat. "I do not accept personal responsibility for what happened," she flatly declared at one point. While perhaps integral to Dunn's legal strategy, this stubborn response may represent the twilight of the career of a boardroom champion who, as she testified, prides herself on her mastery of corporate governance.

...our other ongoing scandal!

Dear Lenovo Customer,

Lenovo and IBM Corporation, in cooperation with the U.S. Consumer Product Safety Commission and other regulatory agencies, have announced the voluntary recall of certain lithium-ion batteries manufactured by Sony Corporation. In the interest of public safety, Lenovo will offer customers free-of-charge replacement batteries for all recalled batteries. View Battery recall FAQs.

Would HP have done this?

Toshiba to exchange a further 830,000 Sony batteries

Toshiba claims there are no safety issues with the battery pack used in certain notebook PCs

By Martyn Williams, IDG News Service September 29, 2006

Toshiba is offering to replace a further 830,000 laptop batteries containing cells made by Sony, it said Friday. The offer covers computers sold worldwide and is separate from a similar announcement made by the company last week.

Once again, quality control would have been cheaper!

Sony issues global li-ion battery recall

9/28/2006 1:46:55 PM, by Jacqui Cheng

Sony has finally bitten the bullet and issued a worldwide recall of all Sony-manufactured lithium-ion batteries used in notebook computers. Earlier in the day, Lenovo/IBM joined the ranks of Dell, Apple, and Toshiba in issuing a recall for all Sony batteries that ship with their notebooks.

2006: The Year of Living (Less) Dangerously

Staff Writers , CSO Online 28/09/2006 13:07:04

In its fourth edition, The Global State of Information Security 2006 survey reveals that global information executives, still relatively new to security's disciplines, are learning and improving.

Are we getting a bit carried away?

Forwarded email breached student's privacy: commissioner

Last Updated: Thursday, September 28, 2006 | 2:34 PM MT The Canadian Press

The president of Athabasca University breached a student's privacy by forwarding an e-mail to other employees, an adjudicator for Alberta's privacy commissioner has ruled.

The student contacted the president and several other employees asking for permission to resubmit some assignments and rewrite an exam, the privacy office says in a release.

The president spoke with the student, then sent her an e-mail, which contained a sequence of past e-mails, and copied it to a number of employees at the distance-education university.

The adjudicator found the president had the authority to disclose some information, but overstepped the limits of what was necessary.

The university has been ordered to develop a policy about how to deal with information in such situations.

Somehow I don't trust this company.

Diebold Swears Everything Will Work Perfectly In Time For The Election

from the somehow,-I-doubt-it dept

Even if you ignored the history of problems with Diebold's voting machines, and just looked at the problems Maryland had a few weeks ago with Diebold's electronic voting machines, it's pretty difficult to believe that the company will have a "total fix" of the machines in the next few weeks. However, since Diebold's machines have a ridiculously long list of problems for many, many years, combined with Diebold's typically indifferent, misleading or mocking responses to each report of problems, it's shouldn't even be an option to believe that they'll actually be able to deliver glitch free (and secure) machines (note that they're not promising to fix any of the security issues, just a few of the glitches that were seen last time). Also given that last minute changes are likely to introduce new, unexpected, problems since there won't be any real ability to test them, this could just make things worse. Of course, the article about Diebold quotes elections administrator Linda Lamone: "We're not going to use the e-poll books unless Diebold is able to demonstrate to me that they're in tip-top shape." That would be the same Linda Lamone who claimed that no one in her office had ever had computer problems, so you have to wonder what her definition of "tip-top shape" is.

Towards ubiquitous surveillance What legal protections would you have? (Can you hear the Twilight Zone theme? Do do de do, do do de do)

Intel proudly shows off snooping tech

IDF Reads your PC even when it's off

By Tony Dennis in Dullsville, California: Wednesday 27 September 2006, 23:29

IN A LAUDABLE effort to make life much, much easier for IT managers, Intel outlined how it intends to widen the scope of its Active Management Technology (AMT).

AMT can effectively snoop on what's inside your PC.

The principle is simple. Details about a VPro or Centrino based PC are saved into non-volatile memory. But, scarily, this information can be read even if the machine's power switch is in the 'off' position.

Armed with such information an IT manager might want to remotely fix a PC. This can be done using Intel’s Trusted Execution Technology (formerly known as La Grande).

Just how powerful this facility can be, was shown in a demo where a connected laptop was rebooted and its BIOS edited from a management console.

Good stuff. But Intel intends this capability to work over wireless networks not just wired (ie fixed Ethernet) links.

Obviously Intel claims this kind of stuff is mega secure. But what if it were hacked? Or what if they hacked it?

You could potentially be woken up in the middle of the night by the sounds of somebody completely reconfiguring your laptop.

Shall we call this the Boulder Syndrome?

Karr's lawyers say porn case can't continue with no crime scene

posted by: Jeffrey Wolf Web Producer Created: 9/27/2006 9:49 PM MST - Updated: 9/27/2006 9:49 PM MST

SANTA ROSA, Calif. (AP) - Lawyers for John Mark Karr, one-time suspect in the JonBenet Ramsey case, told a judge Wednesday that the child pornography case against their client cannot move forward after key evidence went missing. [Have they looked on e-Bay? Bob]

Sonoma County Superior Court Judge Cerena Wong agreed to consider whether to dismiss the five misdemeanor charges against Karr amid revelations that the sheriff's department lost the computer that allegedly held the pornographic images.

On Wednesday, sheriff's officials and prosecutors revealed that not only was the computer missing, but also their copies of its contents. All that remains is reports from the 2001 investigation and new information about what was contained on Karr's computers.

Thursday, September 28, 2006

The hearings start today, so there will be lots of articles – and perhaps some facts?

Panel subpoenas 5 investigators for HP hearing

Wed Sep 27, 2006 12:35 PM ET

WASHINGTON (Reuters) - The U.S. House Energy and Commerce Committee said on Wednesday that it subpoenaed five private investigators to testify at the Hewlett-Packard Co. data privacy hearing on Thursday.

The five investigators were identified as Bryan Wagner of Littleton, Colorado; Charles Kelly of CAS Agency in Villa Rica, Georgia; Cassandra Selvage, Eye in the Sky Investigations in Dade City, Florida; Darren Brost of Austin, Texas; and Valerie Preston of InSearchOfInc. of Cooper City, Florida, according to a statement issued by the committee.

The statement did not say if the investigators were involved in HP's efforts to obtain confidential telephone records of some board members and journalists by impersonating them, a practice known as "pretexting."

HP Execs Were Warned About Risks Of Spying Methods

from the hear-no-evil,-see-no-evil? dept

The HP spying saga continues. While various people have all said that they never would have moved forward with the "rogue" spying program if they had realized that it was illegal, it's now coming to light that an HP security official warned those in charge of the project that it was "very unethical at the least and probably illegal." On top of that, the employee (prophetically) stated: "If it is not illegal, then it is leaving HP in a position of (sic) that could damage our reputation or worse," followed by the recommendation "that we cease this phone number gathering method immediately and discount any of its information." While Patricia Dunn continues to pretend she wasn't that involved, it increasingly looks like a case of where it may have been more about what she didn't want to know -- so that there was some plausible deniability there. Certainly, people involved with what was going on sensed that it was illegal, and tried to warn those above them. Whether or not Dunn knew the specifics of how things were done, she didn't seem too bothered by it once she did find out, and only seemed to feel bad about it after it became public.

I don't see the logic...

HP's top lawyer leaves

By Margaret Kane Story last modified Thu Sep 28 05:31:39 PDT 2006

Hewlett-Packard General Counsel Ann Baskins has resigned, the company announced Thursday.

The move comes hours before Baskins, among other HP executives, is scheduled to testify before a U.S. House of Representatives subcommittee in an investigation into a spying campaign to probe leaks to the media.

Baskins, who spent much of her legal career with the company, also served as secretary for its board of directors. She has come under scrutiny for her role in HP's leak investigation, which allegedly involved "pretexting," or using fraudulent means to obtain someone else's personal records.

"She has admirably supported our business needs across the globe and will be missed," CEO Mark Hurd said in a press release regarding Baskins. "Stepping down was a very hard decision for her, but by doing so, she has put the interests of HP above her own, and that is to be commended."

HP has acknowledged that it accessed phone records of board members and journalists, including CNET reporters, as part of its leak probe. The company has also followed reporters and tried to trace e-mails in an effort to track down the source of leaks from the board of directors.

The scandal has already cost the jobs of Chairman Patricia Dunn and two other employees.

Uh oh! Is this the kiss of death?,1759,2021446,00.asp?kc=EWRSS03119TX1K0000594

HP Director Says CEO Has Full Support of Board

September 27, 2006 By Reuters

SAN FRANCISCO (Reuters)—A Hewlett-Packard Co. director said on Wednesday Chief Executive Mark Hurd has the full support of the board and that there have been no discussions whether Hurd might resign amid the controversy over the company's investigation into boardroom leaks.

"Mark has just got tremendous support from the board," Robert Ryan, an HP director since 2004 and former chief financial officer of medical device maker Medtronic Inc., said in a telephone interview. "There have been absolutely no discussions about Mark's resignation." [I bet there have been discussions about firing him! Bob]

Ryan's comments come a day ahead of expected testimony from Hurd, former Chairman Patricia Dunn, and Ann Baskins, HP's general counsel, before a U.S. House of Representatives subcommittee investigating HP's use of private phone records and other tactics to ferret out the source of board leaks to the media in 2005 and 2006.

Ryan, who said the board room leak scandal investigation had actually brought directors closer together, [to ensure their stories agree... Bob] said that the board and the directors know mistakes were made.

"The company and the board want to acknowledge they made a mistake," Ryan said. "It's not in anybody's interest to rationalize it."

Former Chairman Dunn had undertaken an investigation into board room leaks that began in 2005, and tactics used by firms hired by HP included tailing a director and a journalist, going through individuals' trash and impersonating journalists and directors to gain access to private phone records.

Dunn resigned from the board last week and Hurd assumed the additional title of chairman. He had approved a plan for HP investigators to send an e-mail from a fictitious senior HP executive to a reporter in an effort to find out the source of board leaks, but has said he was unaware that tracer technology would be attached to it.

"I think Mark is exactly the right CEO," Ryan said.

HP CEO: Pretexting probe a 'rogue'

In an advance copy of his testimony, Hurd said the end came to justify the means

By Robert Mullins, IDG News Service September 28, 2006

Hewlett-Packard chief executive officer Mark Hurd blamed the scandal that has besieged his company on "a rogue investigation" [as in “investigating a rogue” not as in “unauthorized,” since the board initiated and approved it. Bob] that got out of hand, in an advance copy of his Congressional testimony released by a House Subcommittee on Wednesday.

"How did such an abuse of privacy occur in a company renowned for its privacy? The end came to justify the means," Hurd wrote. "The investigation team became so focused on finding the source of the leaks that they lost sight of the privacy of reporters and others. They lost sight of the values HP has always represented."

Former HP Chairman Patricia Dunn, forced to resign Sept. 21 because of the scandal, defended in her testimony her decision to investigate the leaks of confidential board discussions to the news media.

In her testimony, Dunn wrote that she knew investigators were obtaining the phone records of people it was investigating. Lawyers for HP and for an investigation firm carrying out the probe assured her the tactics were legal, she wrote.

"I was fully convinced that HP would never engage in anything illegal," she wrote. "Given that attorneys were unambiguously overseeing the investigation ... reinforced my understanding that the investigations were being handled appropriately."

Both are among several witnesses expected at a hearing before the Oversight and Investigations Subcommittee of the House Energy and Commerce Committee on Thursday in Washington. The committee is looking into the practice of "pretexting," or using false pretenses to gain access to confidential records. Investigators hired by HP to find the source of leaks engaged in pretexting to get hold of the phone records of directors, HP employees and reporters who cover the Palo Alto, California, technology company.

Hurd, echoing comments he made in a news conference last Friday at HP's headquarters, said he was determined to get to the bottom of this episode and to try to restore HP's image.

"I pledge that HP will take whatever steps are necessary to make sure nothing like this ever happens again," he wrote, "and that this company will regain not just its reputation ... but its pride."

Although much of the criticism of the scandal surrounds the tactics used by the investigators, Dunn wrote in her testimony that equal consideration should be given to the leaks from within the company that damaged HP.

HP's board was notorious for its leaks to news media and such disclosures made it difficult for the board to deal with important issues candidly, she wrote.

Dunn explained that board deliberations on the selection of a replacement for former CEO Carly Fiorina in 2005 were leaked. She cited a BusinessWeek magazine story "disclosing opinions about various candidates and revealing details about ... the search process."

"If you were a top CEO candidate, would you want to work for a company whose board could not be trusted to keep such information confidential? HP is very lucky to have been able to recruit Mark Hurd under such circumstances," Dunn wrote. [Did she answer her own question? Bob]

"I wish fervently that none of this had ever happened," Dunn continued. "But boards have an unquestionable obligation to take steps to prevent [leaks]. That certain steps taken during the investigation went well beyond what was appropriate does not undermine the importance of the board's mission in this matter."

Hurd also outlined several steps the company is taking internally to clarify its privacy policy for employees and to emphasize it in employee training programs.

Why doesn't this give me a warm fuzzy feeling? Because they have this reputation for accurate programming? Because they couldn't recognize that the systems lacked security?

Sep 26, 2006 1:53 pm US/Mountain

Election Commission To Manually Program Machines

(CBS4) DENVER The Denver Election Commission has decided not to use part of its controversial new voting system for the November election.

In the August primary election many voters were given wrong ballots. Election judges also complained the training on the machines was confusing.

As a result, 50 card activators which produce cards that are programmed to load the voting machines with the correct ballot for each voter, will not be used in November.

Instead, the election commission will manually program the machines.

How to Cheat at Managing Information Security

Posted by samzenpus on Wednesday September 27, @03:47PM from the keep-it-secure dept. Security

Ben Rothke writes "Mark Osborne doesn't like auditors. In fact, after reading this book, one gets the feeling he despises them. Perhaps he should have titled this book 'How I learned to stop worrying and hate auditors'. Of course, that is not the main theme of How to Cheat at Managing Information Security, but Osborne never hides his feeling about auditors, which is not necessarily a bad thing. In fact, the auditor jokes start in the preface, and continue throughout the book."

Read the rest of Ben's review.

Judge Refuses To Convict Hacker

Posted by samzenpus on Wednesday September 27, @11:45PM from the he-said-he-was-sorry dept. The Courts Security

Jake96 writes "A judge in Wellington, New Zealand, declined to convict a man who ran an unrequested security audit on a bank's phone systems and was charged with 'intentionally accessing a computer system knowing he was not authorized to,' according to an article in the New Zealand Herald."

[From the article:

Macridis has a significant number of previous fraud convictions and it appeared he was trying to obtain money through virtue of his technical knowledge, Mr McGilivray said.

In his defence, Macridis told the court he had worked as a security consultant on a casual basis for the past 11 years. He said he had previously done extensive work for Telecom and completed assignments for the Police and the Department of Internal Affairs.

... He said Macridis used his talents to identify security risks and he had identified a grave risk to the Reserve Bank and its customers.

He did not pass the information on to others and did not use it for personal gain. "In my view his intentions were honourable."

Judge Mill said conviction would be out of proportion with Macridis' actions and he discharged him without conviction.

What's a First Amendment? (read the comments!)

Traveler Detained for Anti-TSA Message

Posted by samzenpus on Thursday September 28, @05:42AM from the don't-screw-around-at-the-airport dept. Privacy United States

scifience writes "A traveler frustrated with recent changes to airport security procedures found himself detained in Milwaukee after writing a message critical of the TSA's leader on a plastic bag presented for screening. The message, which read "Kip Hawley is an Idiot," resulted in a confrontation with law enforcement, the traveler being told that his right to freedom of speech applied only "out there (pointing past the id checkers) not while in here [the checkpoint]." The story, which is detailed in a rapidly-growing thread on a discussion forum catering to frequent flyers, has attracted the interest of the ACLU, an AP reporter, and many others. The incident raises a number of interesting questions and concerns regarding just where our rights end."

Six charged in breakup of AOL identity theft ring

Men are accused of harvesting AOL e-mail addresses and infecting victims' PCs with malicious software

By Robert McMillan, IDG News Service September 28, 2006

Six men have been charged with orchestrating a phishing scheme that targeted AOL users, the U.S. Department of Justice said Wednesday.

The men are accused of harvesting thousands of AOL e-mail addresses and then infecting victims' PCs with malicious software that would prevent them from logging on to AOL without entering their credit card numbers, bank account numbers, and other personal information.,1759,2021228,00.asp?kc=EWRSS03119TX1K0000594

IBM Goes for SCO KO

September 27, 2006 By Steven J. Vaughan-Nichols

IBM swung a haymaker at SCO on Sept. 25. The corporate giant asked the U.S. District Court in Salt Lake City for summary judgment against all of SCO's claims.

The SCO vs. IBM case is more than three years old. Although The SCO Group has had little success in persuading the court or the buying public that IBM did indeed take SCO's Unix intellectual property and place it within Linux, the company has stayed its course.

In the last year, however, SCO has suffered more than just reverses in the court of public opinion. On June 28, Magistrate Judge Brooke Wells ruled largely in favor of an IBM motion and threw out the vast majority of SCO's claims against IBM.

Now, SCO, in turn, has also filed at least one motion for partial summary judgment.

Will these attempts to knock each other out of the ring before the court date of Feb. 26, 2007, come to anything? While those who wish SCO and its Linux legal cases would just skulk off into the darkness hope that this will spell the end of the IBM/SCO case, the experts don't see it happening that way.

Read the full story on Linux-Watch: IBM goes for an SCO KO

Update: Attackers targeting new PowerPoint bug

Trojan found in Microsoft's presentation software, says McAfee

By Robert McMillan, IDG News Service September 27, 2006

One day after patching a widely exploited flaw in its Internet Explorer browser, Microsoft Corp. has a new bug to worry about, this time in PowerPoint.

... Schmugar has blogged about the issue .

Microsoft issued a security advisory on the matter Wednesday, saying that the issue affects users of Microsoft Office 2000, Microsoft Office 2003, and Microsoft Office XP, as well as Microsoft PowerPoint 2004 for Mac. Microsoft's advisory can be found here.

As a workaround, Microsoft suggests that users open and view files using PowerPoint Viewer 2003. This software "does not contain the vulnerable code and is not susceptible to this attack," the advisory states. The PowerPoint viewer can be downloaded here.

September 26, 2006

DOJ's Privacy Technology Focus Group Publish Privacy Technology Recommendations

Press release: "In 2005, the Bureau of Justice Assistance (BJA), Office of Justice Programs (OJP), U.S. Department of Justice (DOJ), in partnership with DOJ's Global Justice Information Sharing Initiative (Global), and the IJIS Institute (IJIS), chartered a group of public and private sector specialists to focus on privacy technology, charging the group to examine the use and exchange of personally identifiable information (PII) in the context of justice information systems and in the dissemination and aggregation of justice and public safety data. The focus group identified prominent issues in privacy policy and technology, narrowed issues to readily addressable areas, outlined tangible, targeted technology solutions, and developed specific recommendations for action. The results of their recommendations were published in a formal report, Privacy Technology Focus Group: Final Report and Recommendations, and a companion Executive Summary addressing access and authentication, data aggregation and dissemination, identity theft, and personal safety and protection."

September 27, 2006

New on

  • The Government Domain - Information Checks and Balances, by Peggy Garvin

Not again! (Post hoc, ergo propter hoc?)

Judge Agrees With RIAA; Says Illegal Activity On Morpheus Meant It Induced Infringement

from the not-that-surprising dept

While it's often referred to as the "Grokster" case, the lawsuit actually involved a few different companies, including Streamcast, the maker of Morpheus. Last year, when the Supreme Court ruled in the case, they did not (contrary to what the entertainment industry will tell you) outlaw file sharing apps. All the court did was say that if the maker of the app could be shown to have induced the infringement, then a court could find them liable for copyright infringement. Then, it sent the case back to the lower court to review its original decision (which had said that the software makers were not liable for the actions of their users). While Grokster ended up "settling," Streamcast was unable to reach a settlement and decided that it would go back to the lower court and make the case that they did not induce infringement.

It appears, however, that the judge didn't buy it. He's granted summary judgment to the record labels, saying that there's "overwhelming" evidence of Streamcast's intent. Given the market in the days when Morpheus was popular, it wouldn't be surprising to find some evidence that could be construed as "inducing" infringement. However, from the quotes in the Associated Press article (and, perhaps there's more in the actual ruling), it sounds like the judge felt that the evidence of "massive infringement" on the system was evidence of inducement. While the RIAA must love that, it's very troublesome. Just because a tool is widely misused, that's hardly evidence that the maker of the tool intended for it to be used illegally, or that it actively "induced" illegal behavior. And, even then, inducement should be a higher standard than just intent. There may very well be evidence that Streamcast induced illegal behavior, but the presence of illegal usage (even lots of it) using their tool is not the same as inducement. It will be interesting to see how Streamcast responds, but it seems likely that it will end up shutting down completely (though it has its other lawsuits to deal with as well). However, if judges start ruling that the presence of noticeable illegal activity is enough evidence to suggest inducement, that's a dangerous view, and completely rolls back the Supreme Court's Betamax decision that showed VCRs were legal if they had substantial non-infringing uses.

Sounds like the data stream is being controlled by a computer. I wonder why AT&T didn't thing of that in the 1950s... Oh wait, they were busy proving that the Internet wouldn't work!

One phone number to rule them all

Wed 27 Sep 2006

GrandCentral is a brilliant new web app that lets you consolidate all of your phone numbers into one number, meaning someone can call you on your GrandCentral phone number and all of your phones (cell phone, work phone, home phone) will ring. And then it gets interesting.

If you don't want every one of your phones ringing each time someone calls your free GrandCentral number, you can set rules by friends, family, work, and others, defining where the calls should be directed. When a user leaves a message, you can listen to it online or directly on your phone. The remaining set of features on GrandCentral are a little mind-blowing, in that "I'd never thought of that, but how am I now living without it?" sort of way.

When you pick up a call that's been forwarded with GrandCentral, you can choose to answer it, send it to voicemail (which will be done automatically if you don't answer), or send it to voicemail and listen in on the message as it's being left in real time (just like you're listening to someone leave a message on an answering machine). You can interrupt a "ListenIn" message at any time and join the conversation by pressing star (*).

If you're on a call and you decide that you want to record your conversation, just hit 4 at any time. You can also record personalized greetings based on contact groups and upload your own MP3s to be played in place of your ring.

All of this can be done with GrandCentral's free account, though there are a few limitations to the free account (none of which severely hinders the service). As you can tell, after spending the morning playing around with it, I'm pretty impressed with this service. The only problem I've had with GrandCentral so far is that making calls from the online interface (which, similar to Jajah, connects to your phone, then the phone of the person you're calling); it seems like a simple part of the functionality, but who knows - maybe I'm doing something wrong (I'm not).

I'm not ready to tell all of my contacts to start calling my GrandCentral number just yet, but I may in time. If you give it a try, let us know what you think about it in the comments.

I'm not sure I buy it, but then I keep telling people video is BIG.;_ylt=AsXQJZ155uruUrQA1UsLHXes0NUE;_ylu=X3oDMTA3cjE0b2MwBHNlYwM3Mzg-

Study: 107M viewed online video in July

Wed Sep 27, 7:34 PM ET

NEW YORK - More than 100 million Americans, or three out of every five Internet users, viewed video online in July, a new study finds.

Toward ubiquitous surveillance... Technology for spying on your neighbors?

September 27, 2006

How to use your PC and Webcam as a motion-detecting and recording security camera

Windows Security

This tutorial will take you step-by-step through setting up your PC and Webcam to act as a motion-detecting and recording security camera system. And the software required to do this is open source (free).

Wednesday, September 27, 2006

Is it Friday?

GE Laptop With 50,000 Employee Names, Data Stolen From Hotel

By Rachel Layne

Sept. 26 (Bloomberg) -- General Electric Co. said an employee's laptop computer containing the names and Social Security numbers of 50,000 current and former GE workers was stolen from a locked hotel room earlier this month.

“We believe this was a random criminal act,'' GE said in a Sept. 22 [Friday Bob] letter sent to the affected employees that was obtained by Bloomberg News. There's no indication the data on the laptop and its external hard drive were accessed, company spokesman Russell Wilkerson said today.

GE, which is working with law enforcement officials, isn't disclosing the location or day of the theft because the incident is still under investigation, Wilkerson said. General Electric immediately began notifying the employees whose names were on the laptop and offered them one free year of the company's identity- theft and credit-protection monitoring service, Wilkerson said.

General Electric, based in Fairfield, Connecticut, has about 318,000 current employees and at least 440,000 former workers, based on the tally of pension plan participants in its annual report. Its businesses include GE Consumer Finance, the world's largest private label credit card issuer.

Winning Legally: Using the Law to Create Value, Marshal Resources, and Manage Risk

Harvard Business School Note 806-138

Describes the four components of legal astuteness: the attitudes, proactive approach, judgment, and knowledge necessary to manage the legal aspects of business effectively. Identifies a number of legal tools legally astute managers can use during different phases of business development to create and capture value and manage risk. This is a rewritten version of an earlier note.

Purchase this note:

September 26, 2006

Podcasting Software MT-Podcast Offered for Free to Hobbyists

Filed under: Multimedia-Audio

I don’t know too much about this software, but thought it might be interesting to pass along. MagneticTime, at , is offering their MT-Podcast product free to hobbyist bloggers. (The name is a little unfortunate; glancing at it you might think the product is just for Movable Type. But actually MT stands for MagneticTime.)

MT-Podcast uses text-to-speech software to create podcasts from text files (or, I suppose, blog entries.) If you’re interested in trying it for your site, e-mail . “Eligible bloggers” (words from the press release) will be sent instructions. If you want more information about MT-Podcast, you can check out an early 2006 press release, but I don’t see a specific page devoted to it on MagneticTime’s Web site. Did I miss it?

Probable cause?

Untraceable Messaging Service Raises a Few Eyebrows

Posted by ScuttleMonkey on Tuesday September 26, @11:39PM from the taking-the-pry-out-of-privacy dept. Communications Security

netbuzz writes "A messaging service called VaporStream announced today at DEMOfall will allow any two parties to communicate electronically without leaving any record of their interaction on any computer or server. Messages cannot be forwarded, edited, printed or saved. After they're read, they're gone."

Good on ya!

Sep 27, 7:56 AM EDT

MySpace Launches Voter-Registration Plan

By ANICK JESDANUN AP Internet Writer

NEW YORK (AP) -- The youth-heavy online hangout is launching a voter-registration drive to engage its members in civics. In partnership with the nonpartisan group Declare Yourself, MySpace is running ads on its highly trafficked Web site and giving members tools such as a "I Registered To Vote On MySpace" badge to place on their personal profile pages.

September 26, 2006

Defendant in Pellicano Wiretap Case Acquitted


LOS ANGELES, Sept. 25 — A former telephone company worker accused of lying to a grand jury investigating the Pellicano wiretapping scandal was acquitted of most of the charges against her on Monday, dealing a sharp setback to federal prosecutors.

The defendant, Joann Wiggan, was suspected of providing information from her job at Pacific Bell (now AT&T) that was used by the private detective Anthony Pellicano to wiretap people, including the actor Sylvester Stallone.

Prosecutors said Ms. Wiggan had funneled the information to Ray Turner, a onetime phone company repairman who stands accused in the larger federal case against Mr. Pellicano of installing his wiretaps. Mr. Turner has pleaded not guilty in that case, which is scheduled for trial in February.

Prosecutors hastened to draw a distinction between the two cases. “The charges against Ms. Wiggan are completely different from those contained in the separate indictment against Anthony Pellicano,” said Daniel A. Saunders, an assistant United States attorney. “Today’s verdict does not impact the prosecution or the ongoing investigation of Mr. Pellicano and his associates.”

Ms. Wiggan was accused of five counts of perjury after she repeatedly denied in October and January that she had ever used her company voice mail, or spoken with Mr. Turner, over several years. Records showed more than 1,000 calls to her voice mail and scores of calls and messages between the two from 1999 until 2002.

After less than two days of deliberation, a jury acquitted Ms. Wiggan of four counts of perjury. A mistrial was declared on a fifth count, and prosecutors said they would consider whether to retry her on it.

We've been saying this for years!

Survey: Brands Marred by Poor Online Transactions

By John P. Mello Jr. Part of the ECT News Network 09/27/06 4:00 AM PT

Brand image is closely tied with the experience that a consumer has with a business, said Cliff Hopkins, senior director of marketing for PayPal Merchant Services. "Anything that detracts from a customer's shopping experience on a merchant's Web site will detract from that merchant's brand association in the mind of the customer," he added.

Transaction failures at a company's Web site can have a significant negative impact on the business' brand, according to a survey released Monday by TeaLeaf Technology and Harris Interactive

... "An astounding 91 percent of online consumers who experienced any type of problem when conducting an online transaction said they are at least somewhat likely to question the ability of a company to keep their private data secure if they encounter an online issue," it continued.

September 25, 2006

New on

What Does It Say When The World's Largest Patent Holder Sees Problems With The System?

from the seems-telling dept

The world's most prolific patent filer, IBM, is taking steps to address what it sees as significant flaws in the patent system. Under a new policy, the company will be more open about what patents it holds, post filed patents to the web before they're accepted by the patent office, and stand opposed to broad, business-model patents that don't represent any technical innovation. CEO Sam Palmisano nicely lays out the business case for patent reform, "The larger picture here is that intellectual property is the crucial capital in a global knowledge economy. If you need a dozen lawyers involved every time you want to do something, it's going to be a huge barrier. We need to make sure that intellectual property is not used as a barrier to growth in the future." The company acknowledges that by posting its patent applications to the web, years in advance of when the patent is accepted, it's tipping off its competitors as to what technologies the company is working on. But ceding this competitive advantage is a small price to pay, if the overall technology market grows because of it. In fact, having competitors develop competing and complementary technologies to IBM's is critical to developing a thriving ecosystem. In this light, it shouldn't be surprising that a company with a history of innovation, like IBM, lead the way on patent reform. The current system is fraught with risks, including the possibility that less innovative firms will use the patent weapon to extract money from it, rather than actually bringing innovative products to market. Of course, it doesn't seem like IBM will slow down their own patent applications any time soon. There's still a defensive case for filing patents as inoculation against future lawsuits. But it's good to see such an influential company moving in this direction. Hopefully more of its peers will follow suit.

What The Future Of Newspapers Has To Do With Microwaved Hamburgers

from the making-the-big-shift dept

For a while now, newspapers have been worrying about how to survive in this age of the internet. All too often, the results are backwards or just too narrowly focused. There's been some buzz around Michael Kinsley's Time opinion piece about whether or not newspapers have a future, where he notes that they obviously do, but it's a future where things need to change. This idea is echoed (and more) by Vin Crosbie, who has a long opinion piece talking about how confused some newspapers are, believing that as long as they throw their content online, they're in the "new media" business. Crosbie points out that doing so is "as much new-media as microwaving hamburgers is new cuisine." So what is the answer? Well, Crosbie believes its in really personalizing content. That is, finally recognizing that not only is the internet different than paper, it lets you do new and useful things that simply couldn't be done on paper. Instead of just copying the offline experience, make it much, much better. He also notes that this means including articles from other sources, rather than being so focused on internally generated content. Of course, we're still seeing newspapers that still won't even link to another source, so it may be a while before they customize their viewing experiences by pointing people elsewhere. However, what's silly is this still assumes that you have a captive audience, when that's no longer the case. People (especially younger users) are used to surfing around, and the key for the newspaper is to learn how to be the hub for all of that -- but to do so, they need to actually add value. It's similar to the story we had earlier today about the differences between NBC and Google. It's not about coming up with a single program for everyone, but figuring out how to come up with the perfect program for any one person specifically.

“Hi! We're Microsoft and you can trust us to secure your computer against any hacker!”

Microsoft sues over source code theft

By John Borland Story last modified Wed Sep 27 04:48:12 PDT 2006

Microsoft has filed a federal lawsuit against an alleged hacker who broke through its copy protection technology, charging that the mystery developer somehow gained access to its copyrighted source code.

For more than a month, the Redmond, Wash., company has been combating a program released online called FairUse4WM, which successfully stripped anticopying guards from songs downloaded through subscription media services such as Napster or Yahoo Music.

Microsoft has released two successive patches aimed at disabling the tool. The first worked--but the hacker, known only by the pseudonym "Viodentia," quickly found a way around the update, the company alleges. Now the company says this was because the hacker had apparently gained access to copyrighted source code unavailable to previous generations of would-be crackers.

"Our own intellectual property was stolen from us and used to create this tool," said Bonnie MacNaughton, a senior attorney in Microsoft's legal and corporate affairs division. "They obviously had a leg up on any of the other hackers that might be creating circumvention tools from scratch."

In a Web posting early Wednesday morning, Viodentia denied using any copyrighted Microsoft code, and released yet another version of his tool.

"FairUse4WM has been my own creation, and has never involved Microsoft source code," the developer wrote. "I link with Microsoft's static libraries provided with the compiler and various platform SDK (software development kit) files."

This latest round of copy-protection headaches comes at a delicate time for Microsoft. In a few months, the company plans to launch its own digital music subscription service, called "Zune," paired with an iPod device rival of the same name. The package will compete with services from Microsoft's traditional partners, such as Napster and Yahoo.

The Zune service and device will use their own flavor of digital rights management, and this will not be directly compatible with Microsoft's partners' products, despite being based on the same Windows Media technology. The company is taking great pains to assure its partners that their PlaysForSure-branded products are still state of the art.

Two-pronged approach

At the moment, Microsoft is taking a two-pronged technical and legal approach to FairUse4WM that goes beyond the scope of its earlier DRM battles.

On the technical side, it is pursuing much the same strategy as in the past: studying the hacker's tool and trying to update its Windows Media technology to block it.

Indeed, the company's Windows Media copy protection technology was designed from the start to support swift updates that would address inevitable cracks. [Translation: The software isn't foolproof... Bob] That has long been part of the technology's draw for record labels and movie studios, which are fearful that content protection flaws will lead to films and music being swapped freely online.

Microsoft's copy protection has been cracked before and then quickly fixed. Company representatives said that the FairUse4WM tool, despite its developer's success in breaking through the company's first patch, is simply triggering the same kind of security review that has happened in the past.

"This particular circumvention doesn't change that reality at all, or affect the underpinnings of the system," said Marcus Matthias, a senior product manager at Microsoft. "This is not quite as 'cat and mouse' as some people might have you believe."

The crack's unusual longevity has caused ripples of worry inside the digital media community, however. One service provider, the British network BSkyB, even temporarily canceled movie downloads.

Representatives from other services say Microsoft's previous rights-management security updates have been successful and expect this effort ultimately to be no different.

"One of the great features of the Windows Media DRM is its renewability," said Bill Pence, chief technical officer at Napster. "When the DRM system is compromised, we can incorporate updates with minimal impact on users, and we expect to do the same with the current patch."

Using courts to track a cracker

However, the federal "John Doe" lawsuit, along with "dozens" of legal letters sent to Internet sites that are hosting the allegedly copyright-infringing tool, is a decidedly different tack for Microsoft.

The copyright lawsuit was filed in Seattle federal court last Friday, without a name attached. Just as in the recording industry's many lawsuits against accused file swappers, it targets an unknown individual or individuals, whose true identity will be sought in the course of the case.

For now, that means going to the Internet service providers for Web sites where the original FairUse4WM tool was released, in hopes of tracking down an IP address or other digital traces that might lead to the developer, MacNaughton said.

Microsoft is also contacting other Web sites that have posted the FairUse4WM tool, asking them to remove the software, on the grounds that it contains copyrighted company code.

Company representatives declined to speculate on exactly how "Viodentia" gained access to copyrighted source code. The code in question is part of a Windows Media software development kit, but is not easily accessible to anyone with a copy of that toolkit, Microsoft said.

So far, little is known about the developer, who has used the pseudonym "Viodentia" in several online postings at a site called "Viodentia" could not immediately be reached for comment.

After spending an unaccustomed month of grappling with the problem, Microsoft representatives stopped short of promising their latest Windows Media update will be impregnable--although certainly, the hope is that a third patch won't be needed. Viodentia's newest release, posted online Wednesday, will test the strength of the company's latest approach.

"Any time we put out an update, it is our hope that it will be as efficacious as possible," Matthias said. "It is our hope that the technical mitigations that we've put in place will do something to impede this circumvention."

Analysts say that "Viodentia" hasn't proved that Microsoft's DRM tools are fundamentally flawed, but has shown that the business of keeping it, or any rights management system, secure is increasingly becoming a full-time job.

"Any DRM out there is going to be cracked," GartnerG2 analyst Michael McGuire said. "More important is how the technology service reacts. Someone has to be keeping an eye online all the time now, looking for the next time."

Of course, the Congressman knew nothing about this...

Top aide to N.H. congressman resigns

By ANNE SAUNDERS, Associated Press Writer Tue Sep 26, 7:18 PM ET

A top aide to U.S. Rep. Charles Bass resigned Tuesday after disclosures that he posed as a supporter of the Republican's opponent in blog messages intended to convince people that the race was not competitive.

Operators of two liberal blogs traced the postings to the House of Representatives' computer server. Bass' office traced the messages to his policy director, Tad Furtado, and issued a statement announcing Furtado's resignation Tuesday.

"Tad Furtado posted to political Web sites from my office without my knowledge or authorization and in violation of my office policy," [Policy: Don't embarrass me! Bob] said Bass, who apologized to the bloggers and said he referred the matter to the House Committee on Standards of Official Conduct.

... "You see this all the time on political blogs, some elaborate act where someone says, 'Now, I hate to say something against a Democrat, but,'" Clawson told the Concord Monitor. "So you develop an eye for it. And this poster definitely tripped all the wires."

... House ethics rules state that congressional staff time and equipment may not be used for campaign purposes, and that criminal and financial penalties can be assessed. The rules also say congressmen are responsible for their staff members' actions.

I doubt it, but it sure looks quotable...

Trade body: India outsourcing firms could process 30 percent of US bank transactions by 2010

By The Associated Press 2006-09-26

NEW DELHI (AP) - India's outsourcing industry has the potential to process up to 30 percent of banking transactions in the United States by 2010, but tightening data security is key to realizing that aim, a trade body said Tuesday.

Currently, outsourcing centers in India process about 8 percent of U.S. banking transactions, as financial institutions have increasingly shifted back office work and other software-related jobs to India, where wages are low.

I hope this is in time for my database class. It will be fun to have my students tear it apart an rewrite it correctly!;_ylt=AvG7Ogf3i.ac6piGPhwefnSs0NUE;_ylu=X3oDMTA3cjE0b2MwBHNlYwM3Mzg-

New law to create online budget database

By NEDRA PICKLER, Associated Press Writer Tue Sep 26, 12:07 PM ET

President Bush said Tuesday that Americans will now be able to "Google their tax dollars," as he signed a law to create an online database for tracking about $1 trillion in government spending on grants and contracts.

The law is aimed preventing wasteful spending by opening the federal budget to greater scrutiny.

... "Information on earmarks will no longer be hidden deep in the pages of a federal budget bill, but just a few clicks away," Bush said in a signing ceremony.

... Senate leaders had tried to pass the bill in early August but Rep. Ted Stevens, R-Alaska, and Sen. Robert Byrd (news, bio, voting record), D-W.Va., blocked passage by lodging secret "holds" on the bill. The bloggers tracked down those responsible for the delay and the senators let the bill advance under the pressure.

The law calls for the Web site to go online by Jan. 1, 2008. It will list federal grants and contracts greater than $25,000, except for those classified for national security reasons.