Saturday, October 07, 2006

Another Friday news release...

U.S. Marine Base Probes Missing Laptop

Oct 7, 12:07 AM EDT

LOS ANGELES (AP) -- A laptop computer loaded with personal information on 2,400 residents [not clear if this is the Marine assigned to the housing or the entire family... Bob] of the Camp Pendleton Marine Corps base has been lost, authorities said Friday.

The computer was reported missing Tuesday by Lincoln B.P. Management Inc., which helps manage base housing.

The company and Camp Pendleton are investigating. As of Friday, investigators had not found evidence that the data had been accessed, the base said in a statement.

Authorities would disclose what kind of information was on the computer. [Doesn't anyone proofread any more? Bob]

Lincoln B.P. officials were notifying residents.

"We take this matter very seriously and are working closely with Lincoln Properties to find out what happened and to safeguard the personal information of our Marines, sailors and their families," said Col. James B. Seaton III, the base's commanding officer.

Camp Pendleton is the Marine Corps' largest West Coast expeditionary training facility, located north of San Diego.

Interesting because Florida was actively promoting these records. Do you suppose the bank's legal department was asked to review the purchase? (Shouldn't Fla. Share some of the blame?);jsessionid=0GITFOLJTPWYQQSNDLPSKHSCJUNN2JVN?articleID=193005173

Bank to Pay $50 Million for Buying Personal Data

Fidelity Federal Bank and Trust is ordered to pay $50 million for buying the personal information of thousands of drivers.

By K.C. Jones, TechWeb September 30, 2006

Fidelity Federal Bank and Trust (West Palm Beach, Fla.) has been ordered to pay a $50 million settlement for buying more than half a million names and addresses from the Florida Department of Highway Safety and Motor Vehicles. The Electronic Privacy Information Center (EPIC), which filed an amicus brief in favor of the plaintiffs in the case, announced the decision in late August.

EPIC said the $4 billion-asset bank bought 565,600 names and addresses for use in direct marketing, claiming that the purchase violated the Drivers Privacy Protection Act. The federal law was enacted in 1994 to prevent the distribution of drivers' personal information.

Yet another example of the need for “Virtual Lawyers” -- the legal specialty not synthetic lawyers. Although now that I think of it...

Weblo's world: a crazy online economy

October 6, 2006 5:53 PM PDT

Weblo is an interesting online game that mirrors a few financial aspects of the real world. You can buy virtual real estate (like cities) and collect taxes on developments on your land. You can buy virtual properties on these virtual properties. You can set yourself up as the agent of the virtual version of a real-world celebrity. And you can buy .com domain names inside Weblo's universe.

You buy, of course, so you can sell later, hopefully at a nice multiple to what you paid. Why would somebody want to buy your properties to begin with? So he or she can sell it to the next person, of course. Weblo is a trading game, with a currency of real U.S. dollars. Fortunately prices for Weblo analogs of real-world items are not comparable. For example, I created a record for the CNET building and bought it for about $1.50 (the price included a few pennies of tax, paid to the owner of San Francisco).

I said at the top of this post that Weblo is a game, because that's what it feels like to me. But others would consider it a market, and indeed you can make real money here. Some people, apparently, have bought properties at Weblo's startup prices and flipped them for thousands of dollars. You can cash out of Weblo whenever you want, and transfer your earnings into your PayPal accont.

Because there is nearly a world full of untapped resources on Weblo right now, there's the potential for a real land-grab to start on the system. Un-purchased addresses (like CNET) are less than two bucks. I bought both Adak, Alaska, and Peterborough, New Hampshire, for $5 each. I also tried to buy Alsace, in France, but Weblo figures the prices of states and cities by using an algorithm that incorporates real-world population. Alsace is priced at $1568, well over the $100 that the Weblo PR team fronted me.

If you own a Weblo property, like a building, a state, a site, or the rights to represent a celebrity, you can also develop it -- you can build a Weblo Web page to support it, drive traffic to it from your other Weblo pages or even the "real" Internet. Weblo runs advertising on every page and you'll get a cut of the ad revenues from your properties, as well as a percentage of all properties developed on your real estate (if you're the mayor of a city, you get a taste of all the revenues generated in it). How big a cut you get depends on which of the five Weblo membership levels you're signed up for. Free accounts get 10% of revenues. Top-tier "VIP" accounts ($30 a month) get 50%; paid accounts also pay less for unpurchased Weblo resources.

CEO Rocky Mirza has plans to introduce new resource types. He thinks fantasy sports teams and leagues would be a great fit for his world.

Unfortunately, right now the Weblo site itself is slow, which is not what you want in an online market. When there are fluctuating prices and real money on the line you really need instant response.

I poked around in Weblo and found it strangely rewarding to buy virtual real estate. I'm not holding my breath that I'm going to make any money on these purchases, though. Basically, I think the whole Weblo concept is insane. Mirza has invented an economy from whole cloth. Apparently that's not stopping commerce from occurring, although before investing real money in this economy, I'd want proof of that. And if people are indeed buying into Weblo, that makes Mirza brilliant, not crazy. But I don't know about the rest of us.

See also: Red Herring's take on Weblo.

Allofmp3 Doesn't Really Care If Russia Joins The WTO Or Not

from the try,-try-again dept

The US (thanks mostly to RIAA lobbyists influencing politicians) has been putting pressure on Russia to shut down the infamous as a condition of being admitted to the WTO. However, there's still the same old problem that Russian authorities don't really see Allofmp3 as violating local laws. The company itself has finally put out a statement on the matter basically saying that Russia's position in the WTO is of no concern to them, and they're just going to keep selling music as they've always done. In fact, they've picked up on the idea that all this anger over their existence is helping them on the marketing side (just as every other attempt to shut down online services has done). An Allofmp3 spokesperson is quoted as saying: "[US Trade Representative] Susan Schwab markets us so effectively -- she could already be our press secretary." They then reiterated that they're in complete compliance with Russian law, and that the complaint is really anger over them being a better, cheaper competitor.

Hacker tools (with video) Take a peak! Also a good way to gather evidence?

USB Hacksaw

Released on HAK.5 Episode 2x03 -- The USB Hacksaw is an evolution of the popular USB Switchblade that uses a modified version of USBDumper, Blat, Stunnel, and Gmail to automatically infect Windows PCs with a payload that will retriev documents from USB drives plugged into the target machine and securely transmit them to an email account. Proof of concept code shows how to deliver the payload instantly with a U3 autorun hack borrowed from the USB Switchblade on Windows 2000 or higher computers running as administrator or guest. Automatic propogation to other USB devices is possible however was not shown on Episode 2x03.

Friday, October 06, 2006,1759,2025067,00.asp?kc=EWRSS03119TX1K0000594

Former HP Chairman to Surrender

October 5, 2006 By Reuters

SAN FRANCISCO—Former Hewlett-Packard Co. Chairman Patricia Dunn is due to surrender to authorities on Thursday afternoon on felony charges for spying on reporters and company directors, the California attorney general's office said.

Prosecutors have requested Dunn's bail be set at $5,000 or that she be released on her own recognizance, according to her arrest warrant. Dunn, the former company leader charged with organizing a hunt for a boardroom leak, is expected to surrender at a courthouse in Silicon Valley.

California Attorney General Bill Lockyer filed charges on Wednesday against Dunn and four other defendants because of tactics used in HP's effort in 2005 and 2006 to find the source of leaks to the media.

Dunn's attorney, Jim Brosnahan, has said that "these charges are being brought against the wrong person at the wrong time and for the wrong reasons" and that they were false.

"They are the culmination of a well-financed and highly orchestrated disinformation campaign," [First hint we've had that another entity was involved? Could this be the same guys who wrote the Da Vinci Code? Bob] he said.

All five defendants named face four felony charges: conspiracy; fraudulent use of wire, radio or television transmissions; taking, copying and using computer data; and using personal identifying information without authorization. Each count could bring a maximum of three years in jail.

Dunn is due to surrender a day before beginning treatment for recurrent ovarian cancer. Her arraignment date will be set on Thursday, the attorney general's office said.

... Dunn, who appeared last week before Congress to testify about the investigation, has said she regrets the way the probe was handled, but does not accept personal responsibility for any deceptive tactics used.

Understanding transparency, the hard way

posted on Thursday, October 05, 2006 6:40 AM by Ed Cone

On the Internet, nobody knows you're a dog. So goes the old joke about uncertain online identities.

But people will damn sure find out if you are a private eye snooping online for the now-former chairwoman of Hewlett-Packard, or a now-former United States Congressman kinking out via IM with teenage pages.

We live in an age of transparency. Apparently Patricia Dunn and Mark Foley didn't get the memo: Things don't stay hidden on the web.

Morals, ethics, and legalities aside, how could these powerful people make themselves so vulnerable to getting busted? My teenage son seems to understand more about covering his tracks online than the folks running our government and our largest companies.

Dunn's undoing involved, among other things, a tracking cookie left on the computer of private investigator Bryan Wagner as he had his way with online phone records at AT&T, according to this morning's New York Times. Dunn and Wagner are among the five people connected to the HP pretexting case charged yesterday with felonies by the State of California.

Foley may have thought his IMs were disappearing into the ether as soon as they cleared his computer screen. Instead, the messages were saved, and his career was ruined, and the House leadership is left to fight for survival.

We talk a lot a about transparency as a virtue in the age of the web, and hold it up as a marketing technique and a better way to run an enterprise. Sun's blogging CEO, Jonathan Schwartz, is lobbying the SEC to allow more financial information to be disclosed online. Corporations are using all manner of web-techs to speak more directly to stakeholders.

But transparency needs to be understood as more than a slogan or a strategy. It's a reality. It can be imposed on you by the Internet, whether you want to be transparent or not.

Businesses need to maintain some degree of control over information, but HP's board seems to have completely ignored the culture of transparency in favor of the culture of the leak-obsessed Nixon White House. Or, perhaps, the culture of an offshore phishing and pharming operation, judging from the charges, which include, as the NYT reports, "using false pretenses to obtain confidential information from a public utility, unauthorized access of computer data, identity theft and conspiracy to commit each of those crimes."

On the Internet, nobody knows you're a dog, but everyone knows when you're busted. [Great line! Bob]

I love a good summary... I wonder who they could have been investigating to gather this information?

October 05, 2006

DOJ Launches Project Safe Childhood Website

"The new Project Safe Childhood web site provides information to our community partners that will help protect our children from online exploitation and abuse."

  • Refer to Project Safe Childhood Guide (all documents are in PDF), for: chart of federal statutes; list of relevant national programs; list of relevant state and local programs; roster of Internet Crimes Against Children Task Forces and Affiliated Agencies.

Interior Dept again. These are the guys who haven't been able to figure out the royalties owed to Native Americans – even with a US Court breathing down their necks for the past 15(?) years! Question: Would the “average organization's” logs show anything different?

Study: Govt. Staffers Access Explicit Web Sites While at Work

By Jennifer Talhelm AP 10/05/06 8:45 AM PT

The Interior Department has released a report by Earl Devaney, its inspector general, entitled "Excessive Indulgences," that alleges widespread computer abuse by agency employees. Devaney called his findings "egregious" and "alarming," but noted the department since 1999 took just 177 disciplinary actions for inappropriate Internet use.

In one week, several Interior Department workers spent more than 30 minutes on sexually explicit Web sites.

That same week, another computer showed more than 2,300 log entries at two Internet gaming sites for about 14 hours.

Still another was logged into an Internet auction for almost eight hours.

Those were just some of the results of a week-long internal investigation of the 80,000 Interior Department employees with Internet access. The report by the department's inspector general, Earl Devaney, was made public Wednesday.

'Excessive Indulgences'

Devaney called his findings "egregious" and "alarming," but noted the department since 1999 took just 177 disciplinary actions for inappropriate Internet use. Of those, 112 were for accessing pornographic or sexually explicit Web sites.

His report is titled "Excessive Indulgences," and its cover features a photo montage, including a shot of a woman's bare stomach, to illustrate the types of Web sites employees visited.

"Computer users at the department have continued to access sexually explicit and gambling Web sites due to the lack of consistency in department controls over Internet use," he wrote. "Without strong and effective controls, we believe that this activity will continue and possibly increase."

Department officials say they are taking action to cut back on abuses by employees with Internet access.

Employees received a department-wide memo on Sept. 27 reminding them that some of the activities Devaney found "have significant legal and administrative consequences," and violators could be fired or turned over to the police.

Access Not Equal to Authorization

The department is working on blocking inappropriate Internet sites, the memo said. However, it reminded employees that "just because an inappropriate site is not blocked does not mean that it is authorized for access."

Devaney said he wanted to test just how effective the department's rules were for Internet usage. Most of the checks were for employees' visits to sexually explicit, gambling, gaming and auction sites, he said, because they obviously were not work-related and ate up employees' work hours.

Devaney also found, during one week of investigation, more than 1 million log entries in which 7,700 employees visited game and auction sites. More than 4,700 log entries were for sexually explicit and gambling Web sites.

It might be interesting to see the results of these subpoenas...

October 05, 2006

Google Subpoenas Competitors in Defense of Copyright Suit

Following up on articles by Jonathan Band published on, The Google Library Project: The Copyright Debate, and The Authors Guild v. The Google Print Library Project, new today from Bloomberg: "Google Inc. will subpoena information from Yahoo! Inc., Microsoft Corp. and Inc. to help fight copyright lawsuits over its book-scanning project."

[From the article: Google, which doesn't disclose how many books it has scanned, also wants to know the title, authors and copyright status of books already offered through competitors' book projects, according to the documents.

... The cases are The Author's Guild v. Google Inc., 05cv8136 and the McGraw-Hill Cos. v Google Inc., 05cv8881, both U.S. District Court for the Southern District of New York.

A good analogy is like a good analogy!

If Mod Chip Firms Get Fined, Should Pep Boys Start Calling Their Lawyers?

from the analogies dept

Imagine if you bought a car, and you wanted to mess around with it and turn it into a hotrod. While that may not be for everyone, it's a pretty common practice. Car owners are allowed to modify their cars, as long as it remains road safe. However, when it comes to video game consoles, the same sort of thing gets you in an awful lot of trouble. This isn't a new issue. Lawsuits against video game mod chip companies have gone on for years. While Italy has realized that mod chipping should be perfectly legal, many other countries still have a problem with it. The issue, is that while there are plenty of legitimate uses for mod chips, they can also be used to run unauthorized ("pirated") software, and that can violate the ever-infamous anti-circumvention clause of the DMCA. Recently, the feds started cracking down on mod chippers, and the news came out that a court has fined one firm over $9 million for selling mod chips and software that could be used to copy a game. Note, of course, that they were just selling the tool. They weren't the ones actually violating copyright. So why should it be illegal for someone to tinker with their gaming console, even if the tinkering could allow games to be copied? If they actually are copying games, that's one issue to deal with. But, simply selling a modified version doesn't seem like it should be illegal. Just imagine the uproar if the same rules applied to automobiles? Of course, with cars becoming increasingly computerized, it's probably only a matter of time until someone is sued for either modifying their car or selling the tools to do so.

Thursday, October 05, 2006

Dunn Charged With Felony For Spying On Board Members

from the silicon-valley-scandals dept

While California Attorney General Bill Lockyer has been saying for a few weeks that he had enough evidence to indict HP's former chairwoman Patricia Dunn, some had questioned if he ever would do so. That's settled today as Lockyer filed felony charges against Dunn and four others, including HP's senior lawyer Kevin Hunsaker and some of the investigators who took part in the spying process, pretending to be various reporters and board members in order to obtain their phone records. While Dunn has continually failed to accept responsibility or even recognize that what she did was wrong, it may make some wonder if her role really deserves criminal charges. She did want to plug the leak, and it does seem like she either did not care about the means used or made it clear she didn't want to know. However, criminal charges still seem a bit extreme. She may be guilty of allowing this to happen under her watch, in part due to her own obsession with plugging the leaks, but it's not clear that deserves felony charges directly. It was definitely an ethical lapse, and she probably deserved to lose her job, but the possibility of six years in jail seems like somewhat excessive punishment.

AG files criminal charges against Dunn, others

California Attorney General Bill Lockyer files criminal charges against HP's chairman and others involved in leak probe.

By Greg Sandoval Staff Writer, CNET Published: October 4, 2006, 10:54 AM PDT Last modified: October 4, 2006, 3:46 PM PDT

... The others charged were Kevin T. Hunsaker, HP's former senior lawyer; Ronald DeLia, a private detective; Joseph DePante, owner of data-brokering company Action Research Group; and Bryan Wagner, a Colorado man believed to have been an employee of Action Research, according to the filing in Santa Clara County Superior Court. (Click here for PDF of filing or here for PDF of supporting documentation.)

This is the AG's video... Mentions that Patricia Dunn has ovarian cancer.

Video: California AG: HP 'lost its way'

Bill Lockyer says protecting privacy is crucial

...and now, before the test, a short review. A brief timeline of the HP matter.

News Focus: HP's leak probe

Special to ZDNet Published on ZDNet News: September 29, 2006, 6:20 AM PT

Just remember that if you don't answer correctly, I'll consider that a disaster...

Is Euthanasia OK in a Disaster?

Topic: End of Life

Four doctors discuss whether disaster conditions could ever justify euthanasia in a roundtable discussion posted on Medscape Today.

Most of them come down against euthanasia, though they each have unique and compelling reasons. One example:

If we allow exceptions to the prohibition of euthanasia, how should the exceptions be defined and applied? Endless questions would naturally arise, setting the stage for unintended consequences and a dangerous slippery slope. R. Alta Charo, professor of law and bioethics at the University of Wisconsin, speaking of the alleged New Orleans mercy killings, told The New York Times: "But if the killing was intentional, even if it was meant to be merciful, it is something that society draws a 'bright line' against for fear that it will get out of hand."

Via Kevin, M.D.

Somewhat interesting (and long) article

Unwitting Exposure: Does Posting Personal Information Online Mean Giving Up Privacy?

Published: October 04, 2006 in Knowledge@Wharton

... Werbach says privacy is only one way to look at the issue of the amount of information available in cyberspace in what he calls "a world of increasingly universal connectivity." he has written a paper, yet to be published, titled, "Sensors and Sensibilities," in which he examines why the law will gradually evolve to accommodate a radically changed world of not just a burgeoning Internet but of camera-enabled mobile telephones, wireless RFID (radio frequency identification tags) and other sensors that can track individual human activity.

"The reality of today's world is that lots of information is out there, and it gets out there for reasons that often have nothing to do with intentional efforts to convey information about people," Werbach says. He argues in his paper that privacy is not the best lens through which to examine such issues. He says there is a need to rethink entirely what society deems to be norms for behavior. "Privacy is certainly important; there are things that should not be disclosed. But privacy tends to impose a formalistic, hard-edged, legal categorization."

Posted on Wed, Oct. 04, 2006

Privacy group sues FBI for records of electronic surveillance programs

WASHINGTON (AP) - A privacy-advocacy group is suing the U.S. government for records concerning electronic-surveillance tools such as one that appears to be a successor to the FBI's abandoned Carnivore program.

The Electronic Frontier Foundation said it is suing the Department of Justice because the FBI failed to respond in time to its Freedom of Information Act request for records on the DCS-3000 and Red Hook programs.

DCS-3000 is an interception system that the EFF said apparently evolved out of Carnivore, a system later renamed DCS-1000. The FBI developed Carnivore to read e-mails and other online communications among suspected criminals, terrorists and spies, but privacy groups and lawmakers complained it could collect much more than allowed by a warrant.

A Justice Department Inspector General report in March said the FBI had spent about $10 million on DCS-3000 to intercept communications over emerging digital technologies used by wireless carriers before next year's federal deadline for them to deploy their own wiretap capabilities.

The same report said the FBI spent more than $1.5 million to develop Red Hook, ``a system to collect voice and data calls and then process and display the intercepted information'' before those wiretap capabilities are in place.

Diebold's Solution To E-Voting Problems: Beg Poll Workers Not To Touch Touchscreens

from the total-fix,-huh? dept

Remember last week, when Diebold insisted that it would have a total fix in place for the problems they faced in the recent Maryland election? Yeah, well... it appears that isn't going so well. The state ran a daylong test, and found plenty of problems still to overcome -- including the same problems with the e-poll books that caused all sorts of delays during the election. It gets better, too. While Diebold is still working on fixes for the system, they're pushing a workaround for the problem with the e-poll books: attaching mice to the machines and demanding that poll workers ignore the touchscreen and use the mouse instead. Of course, should anyone dare to touch the touchscreen, the devices may malfunction again. Not to worry, says Diebold: "poll workers would be instructed repeatedly not to touch the screens." Of course, during the test itself, those "repeated" instructions didn't stop at least one person from touching the screens and fouling the system up. Beyond the issue of introducing last-minute fixes to a system such as electronic voting machines, without any real chance to understand what other problems those fixes bring up, the idea that the "solution" is to hope that no poll worker actually touches a touchscreen seems pretty ridiculous.

My guess is that this is yet another reason corporations won't rush to Vista...

For Vista, WGA gets tougher

Posted by Ed Bott @ 7:49 am October 4, 2006

For Windows Vista, Microsoft is rolling out a new version of its Windows Genuine Advantage anti-piracy program, complete with a new name: the Windows Software Protection Platform. This time, they mean business.

Technically, it's not a kill switch, but it's arguably a near-death experience for your PC.Let's call it WGA Plus, shall we? The Plus means this software, which is baked into Windows Vista, is even more aggressive about detecting and blocking what it considers software that is running with unauthorized license keys or has been tampered with.

... By choosing "Access your computer with reduced functionality," the default Web browser will be started and the user will be presented with an option to purchase a new product key. There is no start menu, no desktop icons, and the desktop background is changed to black. The Web browser will fully function and Internet connectivity will not be blocked. After one hour, the system will log the user out without warning. It will not shut down the machine, and the user can log back in.

Hacker tools: Might not defeat the WSPP described above

WinZip Serial Number Algorithm Found on NEW Google CodeSearch!!

ryan_merket submitted by ryan_merket 5 hours 40 minutes ago (via )

Just by searching for "keygen", "serial", "name", and some well known cracker groups you can come by the keygen sources (how serial numbers are generated) to some very popular programs. I found WinZip, Photoshop, mIRC, and a few others.

October 4 2006

Introducing SlideShare: Power Point + YouTube

Michael Arrington

SlideShare is a new service launching this morning that lets users upload PowerPoint or Open Office presentationi files and share them online through a You Tube-like interface.

Make programming easier – plagiarize! (We call it “code sharing”)


SearchEngines submitted by SearchEngines 8 hours 55 minutes ago (via )


Wednesday, October 04, 2006

Once upon a time, Japanese manufacturing was known for quality... Any flaw was exhaustively studied. I guess they don't need to do that any more...

Sony May Have Known About Battery Problems

By Keith Regan Part of the ECT News Network 10/03/06 10:58 AM PT

Sony reportedly knew that it's laptop batteries were susceptible to overheating and possibly catching fire but failed to sufficiently study the problem. Apple, Dell, Toshiba, Lenovo and IBM have all issued recalls because of potential fire hazards caused by the batteries. The number of computers recalled worldwide has now reached approximately 7 million.

... A Japanese newspaper, the Yomiuri Shimbun, said Tuesday that Sony first became aware that a Dell laptop computer equipped with one of its batteries caught fire nearly a year ago, in November of 2005. The electronics maker then determined the cause of the problem was metal particles left behind in the batteries during manufacturing.

The newspaper claimed that Sony did not test similar batteries it had made for other PC manufacturers or examine how Dell's notebook wiring may have contributed to the problem. Doing so may have helped avoid the worldwide recall now underway, the report suggested.

You don't suppose this is a Sony problem too?

Exploding Hello Kitty toys recalled

Posted Oct 3rd 2006 8:01AM by Darren Murph Filed under: Misc. Gadgets

Although a Hello Kitty toy might not seem quite as dangerous (read: life threatening) as the notebooks and cellphones we're toting these days, the explosive tendencies have somehow veered from batteries to stuffed animals. In the latest episode of spontaneous combustion, Takara is being forced to recall specific Hello Kitty dolls which featured a heatable disc that could be warmed and stuffed within the lining to keep kids toasty while resting. Apparently the microwavable pad housed a chemical substance (manufactured by ADEKA) not quite stable enough to handle the heat, sparking a lengthy list of of cases where the liquid erupted from its container and provided an uncomfortable surprise to the poor soul embracing the creature's volcanic warmth. It was noted that this has "nothing to do" with the scapegoat-of-the-year (Li-ion cells), but if you (or your offspring) just loves to cuddle with this volatile critter, you should probably ice the situation before it unleashes something a bit more serious than a cat's meow.

Don't they know most organizations wait till Friday?

Disks with personal data missing from Seattle airport

By ELIZABETH M. GILLESPIE Associated Press Writer Oct 3, 11:18 AM EDT

SEATTLE (AP) -- Six computer disks containing personal data on more than 6,900 people who applied for new or replacement identity badges are missing from Seattle-Tacoma International Airport, airport officials say.

Mark Reis, the airport's managing director, said officials do not know whether the disks were misplaced [clearly they were not placed in the safe... Bob] or taken off airport property, but they do not believe any information has been used improperly.

"We have no reason to think that this information has gone anywhere it doesn't belong, [but it isn't where it belongs... Bob] but we felt it was the appropriate thing to do to let people know we couldn't account for the information," Reis told The Associated Press on Monday.

Information on the CDs includes names, dates of birth, Social Security numbers, driver's license numbers, addresses and phone numbers of current and former workers at airlines, airport concessions, the Port of Seattle and other employers at the airport, as well as some people who applied for badges but may not have received them, Reis said.

Although the disks were missing from the office where ID badges are issued, Reis said the missing information was not considered a security risk.

"To use a badge, you have to be able to include the computer chip that's in the badge as well as the biometric information on the badge," Reis said. "None of that information is involved."

The airport's director of security learned about the situation two weeks ago, and officials decided last week they needed to inform people about the missing disks, Reis said.

In a statement posted on its Web site, the Port of Seattle said it has access to the original data, knows whose information was on the missing disks and had mailed notification letters to those affected on Monday.

All told, the disks include information on 6,939 individuals, Reis said.

Reis noted that his personal data was on one of the missing disks, each of which includes about one month of data. The oldest disk dates back to December 2001, while the most recent one is from early 2006, Reis said.

The port advised anyone who learns his or her information is on a missing disk to closely monitor personal financial accounts for any suspicious activity.

In an e-mail to the AP, Transportation Security Administration spokeswoman Jennifer Marty-Peppin said the agency is aware of the situation and works closely with the port, but had no comment on the matter.

---On the Net: Port statement:

Company includes Ohio inmates' health records as part of lawsuit

Associated Press Posted on Tue, Oct. 03, 2006

AKRON, Ohio - County officials say they are outraged that a health care company has included dozens of jail inmates' detailed medical records in court documents available to the public.

The records are typically kept secret under federal privacy laws. NaphCare Inc. included files from 2004 and 2005, which in some cases include a diagnosis and patient's name, as part of its lawsuit against Summit County in northeast Ohio.

Birmingham, Ala.-based NaphCare, which provides health care to inmates in 19 states, said it needed to include the records in the court filing to prove that the county owes the company money for treatment given to the inmates.

The county is disputing more than $700,000 in charges by the company, which sued last month to recover the money.

Some of the 250-plus pages of court records reveal the names of inmates being treated for HIV, the virus that causes AIDS. Other documents identify inmates receiving medications for ailments including heart problems, alcohol withdrawal, sexually transmitted diseases, acne, spontaneous miscarriages and "feminine genital symptoms."

"It wasn't a mistake. It is justified by the statute," said Alex Goldsmith, NaphCare's lawyer. "This is one of the few ways to prove expenditures were made, and in our minds that's an absolute requirement."

Goldsmith says medical records are allowed to be used in the attempt to recoup money under the federal Health Insurance Portability and Accountability Act of 1996, which protects the privacy of individual medical records.

County officials say the records could have been sealed when the lawsuit was filed.

"I'm speechless, to be honest with you," said Karen Doty, the county's law director. "It's appalling and sloppy to say the least."

Coty said the county asked NaphCare before it sued last month for the records but the company refused, citing the federal law.

"We could have taken the extra step to get the records sealed. It's not required by law, but out of an abundance of caution, we will now ask the judge to do that," said Goldsmith, the company's attorney.

The case is pending before Common Pleas Judge Patricia A. Cosgrove.

The jail, required by law to provide medical care, houses an average of 600 inmates a day.

Looks like we could base an article on disclosure guidelines on research like this.

Disclosure Survey

Federico Biancuzzi, 2006-09-05

Federico Biancuzzi surveys statements from some of the world's largest software companies about vulnerability disclosure, interviews two security companies who pay for vulnerabilities, and then talks with three prominent, independent researchers about their thoughts on choosing a responsible disclosure process. In three parts.

Part 1: Vendor statements

SF: What type of disclosure process should independent researchers adopt when they find a vulnerability?

Part 2: the disclosure process

SF: What type of disclosure process should independent researchers adopt when they find a vulnerability?

Part 3: Prominent researchers discuss the disclosure process

SF: When you find an exploitable vulnerability, what makes you choose the type of disclosure process (if any)?

This is a bit of a rant, but it is one I should have written...

A Question of Ethics

Scott Granneman, 2006-09-15

Ethics are of incredible importance in the security field. Scott Granneman looks at recent examples of poor security decisions made at HP, Diebold, Sony, and Microsoft.

For the e-discovery folks as well as security...

Microsoft Office Security, part two

Khushbu Jithra 2006-08-29

... 2. Avenues for MS Office forensic investigation

During the 'analysis' phase of a forensic investigation involving MS Office files, some features which investigators would fancy are explained below. Known to aid the efficiency of the software, these features can turn out to be excellent sources for information for vital evidence.

Forsooth the child of today

will not upon his iPod play

the rhymes his parents had to learn

'cause learnin' ain't da modern way

Oct 3, 9:22 PM EDT

British Co. Launches Modern Poetry Site

LONDON (AP) -- British entertainment company 57 Productions launched a new Web site Tuesday which allows users to download and listen to poetry on their MP3 players and iPods.

The modern poetry site, called iPoems, will be available to the public on Wednesday, 57 Productions spokesman Philip Abraham said.

About 1,000 readings from poetry written in English are available for 95 cents for each audio poem and $1.80 for a video poem. The company offers a free one-month trial membership. After that, subscriptions are $18 a year.

One featured artist is Jean "Binta" Breeze who performs a Caribbean version of Geoffrey Chaucer's "Wife of Bath" tale.

At a London theater, artists, promoters and guests planned to celebrate the launch Tuesday evening, sipping champagne and listening to poets perform.

---On the Net: iPoems,

Fortunately we have a plan to budget for a study to see if there should be a plan to form a committee to determine if we need to take action resolution-wise...” Translation: don't bother us with facts!

GAO: Medicare data network vulnerable

By Grant Gross, IDG News Service October 03, 2006

The communications network used to transmit medical data for the U.S. government's Medicare and Medicaid programs has security vulnerabilities that could expose patients' medical data and other personal information, according to a report released Tuesday.

The report, released by the U.S. Government Accountability Office (GAO), identified 47 weaknesses [Piffle! What are a mere 47 weaknesses when we have data on millions of Americans? Bob] in the way the U.S. Centers for Medicare and Medicaid Services' (CMS) used a WAN (wide-area network) operated by an unnamed contractor. CMS uses the network to transmit claims data -- including patient names, dates of birth, Social Security numbers, addresses and medical information -- to health-care facilities, contractors, financial institutions, and state Medicaid offices.

"A security breach in this communication network could lead to interruptions in the processing of medical claims or to unauthorized access to personally identifiable medical data, seriously diminishing the public's trust in CMS's ability to protect the sensitive beneficiary data it is entrusted with," the GAO said in the report.

I am impressed at how rapidly AOL has progressed into the 1990s

AOL offers new high-speed software

By Elinor Mills Story last modified Wed Oct 04 04:58:32 PDT 2006

AOL on Wednesday launched the beta of a new, free version of its software optimized for broadband use.

The AOL OpenRide software lets people access multiple e-mail accounts from AOL and other providers, send and receive instant messages, browse the Web, listen to music, view photos and watch videos--all through one integrated screen.

OpenRide offers access to the AOL Buddy List and Address Book and, if a contact is not online, the software turns an instant message into a text message or e-mail.

The new software comes after AOL announced plans this summer to offer most of its services for free in an effort to boost online advertising sales. It also stopped marketing its Internet dial-up access service, but continues to maintain and charge for it.

The OpenRide software screen is divided into four parts that change size depending on what the user is viewing. Elements of one window, an e-mail message for example, can be dragged and dropped into another window, such as the contact name on a buddy list.

Attention Corporate Lawyers!

October 02, 2006

Census Reports Half of U.S. Businesses Are Home-Based

Press release, September 27, 2006: "Almost half (49 percent) of the nation’s businesses are operated from home, and more than 6-in-10 owners used their own money to start the business, according to new U.S. Census Bureau reports on characteristics of businesses and business owners."

Don't be silly, why would any company want to speak to their customers?

October 02, 2006

Wiki Tracks Fortune 500 Companies With Blogs

"This is a directory of Fortune 500 companies that have business blogs, defined as: active public blogs by company employees about the company and/or its products."

This could be very challenging for politicians...

Comcast Trials BSOD For Politicians

from the worth-a-shot dept

With campaign season in full swing, there's no shortage of 30-second attack ads that offer very little substantive information about the candidates. Obviously, politicians must feel they work, or they wouldn't keep spending money on them, but as voters have other media options besides the TV and are prone to skip political ads, it's inevitable that the effect of traditional political advertising is wearing off. Comcast is now offering campaigns the opportunity to buy long-form advertisements over its VOD service, ranging in length from 2 to 30 minutes. Of course, these spots won't be viewed by as many people, but a voter who actively seeks out a political commercial is probably the type of voter that candidates want to reach. And remember the popularity of Ross Perot's hour-long infomercials in which he explained the national debt? People will pay attention to political ads that are heavy on information. If politicians just put regular ads on the VOD service, there is little to no chance that anyone will want to watch them, but if they put up content that's informative and interesting -- as other advertisers are learning to do -- people may actually pay attention.

On the other hand... This won't bother politicians, they don't let facts get in the way...

Google May Do Real-Time Politician Fact Checking, But Will Anyone Care?

from the doubtful dept

Google boss Eric Schmidt is talking about new ways that the internet may change politics, beyond its use as another avenue for fund raising or for rallying the donors and the voters. He suggests that one day soon Google or another internet service will offer a real-time fact checker for political statements, or, as he describes it, a "truth predictor," which he then believes will influence elections. Of course, that actually depends on whether or not anyone really cares about fact checking. During the last major election, there were plenty of blogs and sites set up to do near real-time fact checking on all of the bogus statements (and, man, were there a lot of them) that all of the major candidates said. The results, though, were pretty predictable. First, there were so many half-truths, rewriting of history and creative interpretations that those who paid attention simply learned that no one was being particularly honest most of the time. It certainly did little to influence viewpoints in one direction or the other, since the only conclusion you could reach was that all politicians treat facts and truth as mere guidelines, not to get in the way of the point they were trying to make. The second, bigger, issue was that the strongly partisan ("my party can do no wrong") crowd would immediately inflate the intellectual dishonesties of the other side, while explaining away those statements on their own side. In other words, it didn't matter. Real-time fact checking is nice to have -- and, perhaps it would be useful if those asking questions of the politicians could get an instant fact check for the sake of follow up questions (assuming anyone actually asked tough follow up questions), but it hardly seems likely to have that big an impact in a world where partisan rhetoric is all about winning rather than what's actually for the best and "spin" is more important than accountability.

I don't even recognize most of the names, but I'll alert the spouse/power-shopper

Discount with Checkout

10/03/2006 08:41:00 AM

Posted by Dror Shimshowitz, Product Marketing Manager

Here's another way it pays to use Google Checkout: there's a $10 bonus on purchases of $30 or more at participating stores.

“There is no subliminal message hidden in this recording. There is no subliminal message hidden in this recording. There is no subliminal message hidden in this recording.”

Free Relaxing Music and Nature Sounds Tool - Very Cool!

webtech submitted by webtech 7 hours 45 minutes ago (via )

The free relaxing music and nature sounds on this website have been carefully chosen for their ability to aid sleep, reduce stress, and provide a relaxing atmosphere for activities such as yoga, tai-chi, and meditation.

Tuesday, October 03, 2006

Nothing says security experts know anything about the law...

Report shows HP sought expert to help find leak

By Damon Darlin Story last modified Mon Oct 02 22:30:28 PDT 2006

Hewlett-Packard sought the advice of a well-known intelligence specialist, Brian Jenkins of the RAND Corporation, on how to find the source of a boardroom leak, according to a report compiled by HP's law firm and provided to a House subcommittee.

Jenkins, formerly a top investigator with Kroll, the nation's largest detective agency and a firm used by many large corporations, advised HP to use pretexting to obtain private telephone records, according to the report by the law firm, Wilson Sonsini Goodrich & Rosati.

Pretexting is a practice of using questionable methods to obtain private phone records.

... The Wilson Sonsini report is notable for the attempts by the firm's lawyers, Bahram Seyedin-Noor and Bryan Ketroser, to establish when particular company executives had knowledge of pretexting. The method may not be illegal, but the company has acknowledged that it is unethical and should not have been used.

The Wilson Sonsini lawyers were particularly interested in the use of Social Security numbers in the efforts to obtain phone records, but they uncovered no evidence that the company had provided them to private detectives.

The report also shed light on the legal opinion the company sought to verify the legality of using pretexting to obtain phone records.

The Wilson Sonsini report found that HP lawyers relied on a legal opinion prepared by a law clerk, not a lawyer, at a firm associated with Ronald DeLia, the private detective the company had hired to find the source of the leaks.

Corporate leak probes walk a fine line

Debate swirls about the ethics of pretexting, investigating leaks

By Robert Mullins, IDG News Service October 02, 2006

In one telling moment during the recent Congressional hearings on the Hewlett-Packard Co. board scandal, ousted chairman Patricia Dunn offered the "everybody does it" defense. [Ah, the sophistication of the average teenager! Bob]

Asked by one legislator about HP’s hiring private investigators who obtained phone records under false pretenses, a practice called pretexting, to identify who’d leaked confidential information, Dunn replied, "I believe these [pretexting] methods may be quite common at companies around the country."

If so, that is chilling to business ethicist Kirk Hanson.

"As an ethicist I’m horrified that HP’s managers relied on the assertion that it was borderline, but legal, and never asked whether it was ethical," [Don't ask questions if you won't like the answers Bob] says Hanson, executive director of the Markkula Center for Applied Ethics at Santa Clara University, in Santa Clara, California.

If HP adopted what Hanson called "black ops" as standard investigative practices, he wonders how many other companies have done it.

HP, some of its employees and companies it hired to investigate boardroom leaks to news media still face potential civil and criminal liability for their actions. Other companies find themselves in a dilemma over how to control information within the law.

Companies may have a moral or legal responsibility to respect people’s privacy, but they also have a legal and fiduciary responsibility to protect confidential business information. And under the federal Sarbanes-Oxley Act in effect the last four years, they have obligations to investigate certain leaks, Hanson says.

Companies have a right to investigate their own employees if they’re suspected of leaking information. Employees should presume no right to privacy in their use of company computers, e-mail programs or telephones.

One commonly used tactic to probe security breaches doesn’t even involve electronic snooping. Companies exclusively give suspected leakers seemingly important but relatively benign information. If it turns up in the media, the company has identified the leaker.

But Hanson sees a bright line separating how a company can investigate its own employees and how it can investigate outsiders.

The HP reaction to leaks to reporters contrasts with the recent practice of Apple Computer Inc. when proprietary information got out.

Although Apple is known for its devotion to secrecy, it went to court rather than to private eyes when confidential information leaked in 2004. Apple, of Cupertino, California, sued in state court to force two Web sites to reveal sources for stories they posted about a possible new Apple product. A state appellate court ruled May 26 that the writers on those Web sites enjoy the same First Amendment rights as mainstream journalists and, thus, were protected by California’s shield law from having to reveal their sources. Apple dropped the case. It did not reply to a request for comment on this story.

The Sarbanes-Oxley Act requires companies to develop a whistle-blowing reporting system so employees can raise issues about improper behavior within the company, said Hanson. That has prompted companies to develop an investigative capability in the event improper or illegal activity is alleged. "So (under SOX), companies have developed much enhanced investigative capability," he said.

Companies also have to keep confidential information safe because disclosure could be a criminal act or a breach of fiduciary responsibility, said Rob Enderle, senior analyst at Enderle Group, a technology market research firm.

If word leaks that a board is contemplating an acquisition, for instance, the company or people in it could be prosecuted for insider trading if people used that knowledge to make stock trades.

Given the potential liabilities, corporate investigations of leaks are "common," said Enderle. "The stuff with the pretexting goes to the extreme, but looking at company phone records or e-mails, that is very common. Hiring an outside contractor is also common."

In fact, leak investigations enjoy broad support among corporate directors.

In a September telephone survey of 226 board members at publicly traded companies in the U.S., 73 percent said a company's chairman should be empowered to use any legally available means to identify a board-level leaker, according to Ponemon Institute LLC.

About 71 percent of the respondents said it would be okay for a board chairman to review the e-mail messages of other members, in addition to other types of confidential data stored on company computers. Fifty percent said that reviewing telephone records of individuals obtained via pretexting is proper as long as that approach hasn't been outlawed.

But HP’s tactics of tailing reporters, attempting to install a tracer on a reporter’s e-mail program, pretexting numbers of people outside the company and even considering planting spies in newsrooms as janitors or clerical workers is "bizarre" to Rick Belluzzo.

"The reaction by HP was totally out of proportion with the situation," said Belluzzo, chairman and CEO of Quantum Corp., a network storage equipment maker. His résumé includes president of Microsoft Corp. and a 23-year stint at HP, where he rose to the position of executive vice president of its computer division.

While he understands the importance of keeping certain information confidential and making employees and directors sign confidentiality agreements, HP overreacted to information leaks that are sometimes going to happen anyway.

"It’s an impossible task to control information flow. Some leaks are inevitable," Belluzzo said.

Tools & Techniques No reason these tools wouldn't work on board members too

Rethinking IM Privacy For Kids

Posted by kdawson on Monday October 02, @04:29PM from the extra-safe-society dept. Security

mackles writes, "Now that the world has read the despicable instant messages from Rep. Foley, should parents take a second look at monitoring their kids' IMs? After all, it was IM logging that exposed the scandal; would we have found out otherwise? Cost is not an issue, there are free monitoring tools. Should parents tell their kids before they monitor? Parents and their tech-savvy kids are at odds on the topic. From the article: 'As many as 94 percent of parents polled this summer by the research firm Harris Interactive said they've turned to Web content filters, monitoring software, or advice from an adult friend to keep electronic tabs on their children.' The article quotes one 18-year-old as saying, 'A lot of kids are smarter than adults think.'" [Just what we want you to think, sonny. Bob]

It's not (just) stupidity! I'm not sure that's a relief...

Looking Behind Bad Decisions

Q&A with: Max Bazerman Published: January 30, 2006 Author: Manda Sall

Executive Summary:

In a recent HBS Working Paper, HBS professor Max Bazerman and colleagues explore how biases and human psychology impede policy-making efforts that could vastly improve people's lives.

So does the previous article explain this one?

To Protect Our Ports, We've Now Banned Online Gambling

from the say-what? dept

A bunch of politicians have been pushing for this for quite some time, but this weekend, it surprised many people when the Senate was able to squeeze in an anti-gambling bill with an unrelated bill on port security. While the administration has long claimed that online gambling was already illegal, it wasn't entirely clear from the language of existing legislation what was covered and what could be done about it. This new law helps clarify it and tacks on punishment. Of course, it seems reasonable to ask what online gambling has to do with port security. [What are the odds a terrorist can sneak a nuc past Customs? Bob] It also seems reasonable to ask why an activity that millions of adults choose to engage in, and which can easily be regulated (and taxed) should be outright banned. What will be really interesting is seeing what comes next. While all the big online gambling sites have said stuff about stopping bets from folks in the US, it's unlikely they'll really be able (or all that willing) to do so. People will still be online. At the same time, the WTO has already pointed out that the US's attitude towards online gambling is in violation of various agreements -- but it's not like the US is going to bother listening to an organization like the WTO. Still, this ban seems unlikely to work, and only likely to infuriate a bunch of Americans who don't see anything wrong with playing an occasional hand of poker online. And, of course, it's not even worth looking at the various exceptions for the types of gambling (state lotteries and horses) that politicians think are just dandy.

Think of this feature being activated in error (like the alarm on your car) in the middle of a concert/classroom/funeral, etc,1759,2023102,00.asp?kc=EWRSS03119TX1K0000594

Screaming Cell Phones Plan to Cut Down Theft

October 2, 2006 By Marc Jones, Reuters

LONDON (Reuters)—A UK firm is hoping a cell phones security system it has developed which sets off a high pitch scream, permanently locks the handset and wipes all data if stolen, will halt the spiraling rise in phone theft.

... "We also then set a small bomb off, [Logic bomb I hope... Bob] if you like, that completely wipes the data...if it has genuinely been stolen then it renders the phone useless to the thief," he added.

... The system also automatically backs up data held on a device once a day, [so it can be reviewed by MI5 Bob] meaning users can re-load their information onto a replacement handset.

According to the latest UK government statistics, mobile phone theft has risen 190 per cent in recent years, with one third of all UK robberies now solely involving mobile phones.

Insurer Halifax estimates a mobile handset is stolen every 12 seconds in Britain costing UK consumers around 390 million pounds ($735 million) every year.

Competition for e-Bay?

Ugly ads no more: vFlyer makes pretty classifieds

October 2, 2006 9:38 PM PDT

Here's a useful new Web utility: vFlyer, a site that builds nice classified ads for you, and then posts them on classifieds sites, like Oodle. Ads go to the right services: For Sale items get put on classifieds services in the correct zipcode, and job postings show up on job aggregators like SimplyHired.

VFlyer can't auto-post into the two most important person-to-person markets, eBay and CraigsList, but it does have a browser bookmarklet to easily create a CraigsList ad (like this one), and it creates HTML that you can paste into any other site.

The service makes it easy to create a good-looking ad, which appears the same wherever you post it. But there's more to vFlyer than the nice formatting. For example, the service attaches a response page to each ad, which buffers your real email address from potential buyers. (The company makes money by running its own advertisements on the response pages.) You can also track the performance of your ad on the various sites where it's posted.

I guess I don't see the problem.


N.Y. Proposal Would Designate Lawyer Blogs as Advertising

BY STEPHANIE FRANCIS WARD Friday, September 29, 2006

The legal blogs are boiling:

  • "We go around passing rules that make us look like idiots."

  • "We continue to handicap and bring everyone into the trenches."

  • "The small firm can’t afford [this]."

The storm was set off by a proposal that "computer-accessed communications" such as blogs be included in New York’s definition of legal advertising, and therefore require state scrutiny. The proposal, by a committee created by the state’s Administrative Board of Courts, also suggests the state code of professional responsibility extend court jurisdiction to out-of-state legal advertising that appears in New York.

"Could I be disciplined by New York state because there are pay-per-click adverts on my weblog or seminars, and these are interpreted as acts which ‘solicit legal services’?" asked Justin Patten, a solicitor in England who posts at his blog, Human Law.

Who'd a think it? (Definition of commodity: A product or resource that is traded primarily on the basis of price, and not on differences in quality or features.)

Supermarket Giant Now A Microsoft Competitor

from the add-'em-to-the-list dept

There's no doubt that Microsoft is under assault from a variety of attackers including Google, web-based software, and open source. As if it needed any more competition, it now has to do battle against a supermarket chain. Tesco, the UK's largest grocer, is planning on selling its own, private-label software for cheap. The store will offer a range of products including an office suite, an anti-virus tool, personal finance software, a CD/DVD burner, and a photo editing product. The company has also launched a site to sell and support the offering. Of course, Tesco isn't likely to carve a huge stake of the software industry, but the move is indicative of the fact that many of the basic consumer applications are rapidly commoditizing. Microsoft is obviously well aware of the changes going on, and is looking for new ways of distributing its consumer software, but it's hard to see the company coming upon anything that will adequately replace some of its most lucrative cash cows.

Don't you just love a good trouble maker? Esp. one who points out that the Emperor has no clothes...

In A Twist, Now DVD Jon Wants To Give You More DRM

from the still-no-friends-in-Hollywood dept

Back in June, we noted that "DVD Jon" Lech Johansen had quit working with Michael Robertson (of fame), and had joined a new company to reverse-engineer DRM schemes that companies refused to license. He's not wasted much time in starting at the top, as his new company is already offering Apple's FairPlay DRM technology for companies to license. Apple's famously refused to let anybody else put their DRM'ed content on iPods outside a very small circle -- leading some companies like RealNetworks to try and reverse-engineer FairPlay on their own to make iPods compatible with their music services -- while it also refuses to license the technology to hardware manufacturers so it can control what devices consumers use to play back media it sells. Apple's steadfast refusal to license FairPlay creates a nice little lock-in for the company; but it also limits the usefulness of iPods and media purchased from the iTunes Music Store. For instance, the idea of selling TV shows seems to be working well for Apple, but by limiting the devices on which they can be played back, in particular making it somewhat difficult for people to watch the shows on their televisions, they're limiting their audience. Meanwhile, the value of an iPod gets held down since it can't access any media stores, apart from iTMS, selling content with DRM. The obivous solution is to scrap DRM, since it really doesn't help anyone (not to mention it doesn't really work, either), but that doesn't seem like something that will happen anytime soon. In the meantime, DVD Jon's approach, of making proprietary DRM technologies available for license to all comers, is a reasonable replacement. While it seems slightly ironic that DVD Jon's now working to spread DRM, he still shows a better understanding of how to create useful products than many manufacturers and content providers.