Wednesday, February 14, 2007

The cost of lost data?

http://www.theregister.co.uk/2007/02/14/nationawide_fined/

Nationwide fined £980,000 over stolen laptop

By Lester Haines Published Wednesday 14th February 2007 14:25 GMT

The Financial Services Authority (FSA) has fined The Nationwide Building Society £980,000 for the loss of a laptop which contained "confidential customer data" on 11 million customers. [I calculate that a almost 9 Pence (they no longer use shillings, right?) per customer. Pretty cheap! Bob]

The laptop was stolen from a Nationwide employee's home. Although he quickly reported the theft, according to the BBC, he didn't tell his employers what was on the machine until after a three-week holiday, [His employers should have known! Bob] at which time Nationwide started an investigation.

... The FSA found Nationwide was not aware the laptop "contained any confidential customer information at all".

... The FSA further noted: "The failure to manage or monitor downloads of very large amounts of data onto portable storage devices meant that Nationwide had limited control over information held in this way or how it was used."



Long, but amusing. Would this even be an issue if the councilman had not done this anonymously?

http://www.mediainfo.com/eandp/news/article_display.jsp?vnu_content_id=1003545352

Lawsuit in New Jersey Raises Issues for Many News Sites

By Steve Yahn Published: February 13, 2007 10:25 PM ET

NEW YORK "AntiBrennan," as he branded himself, was happily blasting away at his contentious, litigious arch-enemy on NJ.com, raining down such pejoratives as a "litigation terrorist," "Billy the Baby," and a "paranoid-delusional, over-paid-under-worked sicko."

But then NJ.com -- a joint venture of New Jersey newspapers including the Star Ledger, The Trenton Times and The Jersey-Journal -- revealed his name in what he claims in a new legal action was a clear violation of the online site's users' agreement. Yesterday the lawsuit was filed on his behalf by Public Citizen Litigation Group, a public interest legal organization founded by Ralph Nader.

The facts in the case, which could have nationwide repercussions for newspaper-owned Internet Service Providers (ISPs), are straightforward, albeit filled with much small-town intrigue.

William J. Brennan is a firefighter who had been employed with the Teaneck Fire Department. Brennan was a frequent poster on NJ.com's Teaneck message board, where he often lodged complaints against the Teaneck Council, including Councilman Michael Gallucci. Prior to mid-December, 2005, Brennan had been involved in approximately 10 lawsuits involving the Township of Teaneck, as well as some Teaneck council members.

Meanwhile, until early last year, "AntiBrennan" was a mystery, one of several anonymous commentators who posted very critical statements about Brennan on the Teaneck message board of NJ.com.

But last January, Brennan returned the favor, posting a message on the Teaneck board that named 41-year-old council member Michael Gallucci as "AntiBrennan," portraying him as a mean-spirited, vicious and spiteful person who did not have the community's best interests at heart.

Brennan's stinging criticism struck a nerve, and within short order Gallucci was forced to resign from the council, on which he had served for 11 years. Newspapers suggested that comments by "AntiBrennan" that blamed the Teaneck fire department for the deaths of four children in a fire were the prime cause.

Subsequently Gallucci had been so shamed in the community, he claimed, that he was forced to sell his house at a loss. Even though Gallucci's family, friends and professional life revolved around Teaneck, he moved his wife and children out of the city. He has difficulty returning to this day, often sending his wife and sister-in-law into Teaneck on his behalf.

How firefighter Brennan learned that "Anti-Brennan" was in fact council member Michael Gallucci is at the heart of the latter's lawsuit filed yesterday by Public Citizen Litigation Group, which has been involved in Internet free speech issues and developing the right to anonymous speech online.

NJ.com’s general counsel issued a statement in the immediate aftermath of the complaint being filed, saying: “We believe that the complaint does not accurately reflect the law and we are confident that our client will prevail.”

It turns out that Brennan learned the true identity of "AntiBrennan" after NJ.com released Gallucci's email address in response to a subpoena from firefighter Brennan's attorney. The subpoena was issued pursuant to an employment discrimination case Brennan brought against the Township, in which Gallucci was a defendant in his capacity as a Council member. That case had nothing to do with Gallucci's anonymous comments; it was a coincidence that "AntiBrennan" happened to be a party in that lawsuit. Gallucci's name was on the list.

NJ.com did not notify Gallucci that it was about to reveal his identity to Brennan. Gallucci only learned about the subpoena when Brennan posted a message on NJ.com, which identified Gallucci and chastised him for his anonymous messages.

And then the firestorm of criticism of Gallucci began almost immediately.

As part of the waves of public attacks on Gallucci, on January 6, the day after Brennan posted the true identity of Gallucci on the Teaneck board, the Mayor of Teaneck issued a press release stating that she would formally call for Gallucci's resignation if he had not resigned by January 10, Gallucci's complaint states.

The same complaint says that on January 7, The Record published an article about Gallucci in which his anonymous username was revealed and his anonymous postings were reprinted. On January 10, digging in deeper, The Record criticized Gallucci's conduct and suggested that the sooner he resigned from the council, the better.

On January 10, Gallucci tendered his letter of resignation.

The reason that the quick release of Gallucci's true identity is so vital to the case, his lawyers argue, is that it violates the clearly stated precepts of Dendrite International v. Doe, a case ruled on in New Jersey Superior Court in 2001 in which it was decided that there are certain "higher standards" that have to be met before an ISP can release the true identity of an anonymous poster.

In response to the subpoena, the Gallucci complaint argues, NJ.com released AntiBrennan's identifying information to Brennan "without complying with the process set forth" in Dendrite.

NJ.com allegedly did not:

-- Consult with or inform Gallucci of the release of his confidential information.

-- Post a message on its message board notifying Gallucci of the imminent release of his personal identifying information.

-- Give Gallucci an opportunity to challenge the subpoena or to protect his identity.

Further, says the complaint, "NJ.com knew or should have known that Dendrite forbids the enforcement of a subpoena against anonymous Internet speakers without notice to the anonymous speaker."

The complaint alleges that the importance of Dendrite is magnified by NJ.com's Privacy Policy and User Agreement, which users must accept before posting comments on NJ.com's message boards. The Privacy Policy tells users that NJ.com will not release a user's confidential information unless legally required to do so. NJ. Com was not legally required to comply with Brennan's subpoena, the complaint alleges, until it had given Gallucci notice and an opportunity to challenge the release of his identity.

The bottom line, says the complaint: "In releasing Mr. Gallucci's confidential information without providing Mr. Gallucci with an opportunity to challenge the subpoena, NJ.com violated the terms of its Privacy Policy, which forbids NJ.com to release information pursuant to a subpoena unless legally required to do so."

The argument of Public Citizen, which brought the lead opinion in Dendrite, is that disclosure is not legally required until the process of notice and opportunity to object has been met.

Public Citizen's Jennifer Soble, the lead attorney for Gallucci, said this situation is highly analogous to when a newspaper is asked or subpoenaed to identify a source of one of its print news stories. "Newspapers routinely fight to protect the identities of their confidential sources in the face of subpoenas," she notes. "Like a source, Mr. Gallucci was promised that his identity would remain confidential, and he rightfully expected that NJ.com would not release his identity without allowing him to challenge an attack on his anonymity."

Soble added that it is the common practice of many Internet Service Providers to send users a letter or email when their identities have been subpoenaed, and to allow the user to formally challenge the subpoena in court.

Charging that NJ.com knew or should have known that disclosure of the confidential information associated with the AntiBrennan username to Brennan would result in embarrassment to Gallucci, and given the emotional and economic harm it has caused, Gallucci is suing for NJ.com for money damages as well as declaratory relief seeking to broaden a final decision to apply to other ISPs in similar situations.

NJ.com’s general counsel issued a statement in the immediate aftermath of the complaint being filed, saying: “We believe that the complaint does not accurately reflect the law and we are confident that our client will prevail.”



Not as much hype as before the Y2K “disaster.”

http://hosted.ap.org/dynamic/stories/D/DAYLIGHT_SAVING_BUG?SITE=VALYD&SECTION=HOME&TEMPLATE=DEFAULT

Time Change to Bring Computer Glitches

By BRIAN BERGSTEIN AP Technology Writer Feb 13, 9:05 PM EST

Daylight-saving time ends in North America and Europe on Sunday [March 11th Bob] at 2 a.m. locally. Clocks move back one hour to standard time.

For three weeks this March and April, Microsoft Corp. warns that users of its calendar programs "should view any appointments ... as suspect until they communicate with all meeting invitees." Wow, that's sort of jarring - is something treacherous afoot?

Actually, it's a potential problem in any software that was programmed before a 2005 law decreed that daylight-saving time would start three weeks earlier and end one week later, beginning this year. Congress decided that more early evening daylight would translate into energy savings.

Software created earlier is set to automatically advance its timekeeping by one hour on the first Sunday in April, not the second Sunday in March (that's March 11 this year).



One of my favorites!

http://www.pogowasright.org/article.php?story=20070213175359501

Featured Story: PogoWasRight.org has new RSS feeds

Wednesday, February 14 2007 @ 05:21 AM CST - Contributed by: PrivacyNews - Other Privacy News

Feeling overwhelmed by all the privacy news each day? It's understandable. Since this site opened in March 2006, we have already posted 7000 news stories on a variety of privacy issues.

To help you find just what you're looking for, we now have news feeds to enable those who want to get just targeted privacy news topics. The all-headlines feed remains for the news junkies and those who want to be sure they don't miss anything, but now you can get just the breach news headlines, federal government and privacy headlines, surveillance-related headlines, etc.

Please visit our home page [ http://www.pogowasright.org/index.php ] to see all the RSS feeds available and to build your own tailored set of feeds. And while you're on the site, don't forget to check out all the other sections and resources we have available.



Looks like a viable (if evil) strategy.

http://arstechnica.com/news.ars/post/20070213-8832.html

Leaked letter shows RIAA pressuring ISPs, planning discounts for early settlements

2/13/2007 11:59:18 AM, by Eric Bangeman

The RIAA is asking for additional cooperation from ISPs in getting customers targeted by the RIAA's file-sharing sting to cooperate, according to a letter recently leaked to P2P attorney Ray Beckerman. In it, the RIAA lays out its vision for how it would like ISPs to cooperate with its efforts to identify and sue those accused of sharing music over P2P networks. This includes communicating a standing offer of a $1,000 settlement discount should the subscriber settle before a lawsuit is filed against him or her. The letter also discloses plans for a settlement web site that will launch later this year.

MediaSentry, the RIAA's investigative arm, typically identifies suspected copyright infringers by IP address. One of the record labels whose music was discovered in a shared folder then becomes the lead plaintiff in a John Doe lawsuit. Via the discovery process, the ISP is then forced to turn over the name and address of the account owner who was using the IP address at the time of the alleged infringement. At that point, the John Doe case is discontinued and the label sues the individual fingered by the ISP.

Bypassing the courts

The RIAA wants to do an end run around this process, getting ISPs to start the collection agency work by sending out letters to the owners of IP addresses allegedly used for infringement. If the recipient of a such a letter contacts the RIAA, the labels get their positive ID and the chance to extract a sizable settlement without having to resort to the legal system.

... ISPs are cautioned against letting their customer service staff provide misinformation to subscribers. They are told to "refrain from issuing opinions about the validity of the copyright claims." The RIAA also asks to be promptly notified if an ISP believes it has mistakenly identified a customer in an attempt to avoid further embarrassments.

... Ill communication

The last request contains a troubling admission by the RIAA: "We are taking this step to address the occasional problem we have had where an ISP does not maintain the log files and cannot later exculpate a subscriber who claims to have been misidentified." In other words, the RIAA has targeted the wrong people in the past due to its heavy reliance on US ISPs to accurately identify people with shared music folders on Kazaa or other P2P networks.



Nobody thought it was perfect, did they? (Fast, Good, Cheap – pick two)

http://it.slashdot.org/article.pl?sid=07/02/13/1922237&from=rss

"Very Severe Hole" In Vista UAC Design

Posted by kdawson on Tuesday February 13, @04:07PM from the she-said-he-said dept. Security Windows IT

Cuts and bruises writes "Hacker Joanna Rutkowska has flagged a "very severe hole" in the design of Windows Vista's User Account Controls (UAC) feature. The issue is that Vista automatically assumes that all setup programs (application installers) should be run with administrator privileges — and gives the user no option to let them run without elevated privileges. This means that a freeware Tetris installer would be allowed to load kernel drivers. Microsoft's Mark Russinovich acknowledges the risk factor but says it was a 'design choice' to balance security with ease of use."



Why would they subpoena her? Do they suspect employee leaks? Their time would be better spent trying to find “the code IBM stole” -- still missing after all these years.

http://yro.slashdot.org/article.pl?sid=07/02/14/020204&from=rss

SCO Vs. Groklaw

Posted by kdawson on Tuesday February 13, @10:15PM from the timely-break dept.

Conrad Mazian points us to an article in Forbes reporting that the SCO Group is trying to subpoena Pamela Jones of Groklaw. Except they can't find her. A few days ago PJ posted a note on Groklaw saying that she is taking some time away from the blog for health reasons; she didn't mention any SCO deposition. SCO's lawyers apparently believe that "Pamela Jones" does not exist and that Groklaw is penned by a team of IBM lawyers.



Possibly poor reporting, but this article really confuses me. What are they trying to accomplish?

http://www.cavalierdaily.com/CVArticle.asp?ID=29293&pid=1546

Report supports call for national database of academic records

Lumina Foundation for Education, NCHEMS issue report on state files of students' academic data, noting benefits of possible national database system

Stephanie Kassab, Cavalier Daily Senior Writer

The Lumina Foundation for Education, a private, independent foundation, recently released a report regarding the use of student unit record databases, or state records that contain information from college and university registrars on student enrollment. While plans to create a national SUR database have generated concerns over student privacy issues, the study highlights the possible benefits of doing so.

... "The benefit is you can create national statistics without having to create a federal database," Ewell said, adding that while there is no technical reason why it cannot be done, there are political reasons.



Except of course for those run by or for politicians.

http://politics.slashdot.org/article.pl?sid=07/02/14/0226222&from=rss

Illinois Bill Would Ban Social Networking Sites

Posted by kdawson on Wednesday February 14, @02:38AM from the including-Obama's dept.

AlexDV writes "Library blogger Michael Stephens is reporting that an Illinois state senator, Matt Murphy (R-27, Palatine), has filed a bill that 'Creates the Social Networking Web site Prohibition Act. Provides that each public library must prohibit access to social networking Web sites on all computers made available to the public in the library. Provides that each public school must prohibit access to social networking Web sites on all computers made available to students in the school.'

Here is the bill's full text.

This local effort harks back to an attempt last May to get federal legislation banning school and library use of social networking sites (Wikipedia summary here). The DOPA bill passed the House but died in the Senate.



Does this mean that once information is published (on many sites?) the worms can't be put back in the can? Reflects reality, but I suspect it won't stand.

http://www.eff.org/news/archives/2007_02.php#005122

February 13, 2007

Eli Lilly Loses Effort to Censor Zyprexa Documents Off the Internet

Judge Rescinds Injunction Against Wiki, Other Websites

New York - A U.S. District Court judge today refused Eli Lilly's request to ban a number of websites from publishing leaked documents relating to Zyprexa, Eli Lilly's top-selling drug. Although the judge rejected the First Amendment arguments made by a variety of individuals eager to publish the documents, the court concluded that "it is unlikely that the court can now effectively enforce an injunction against the Internet in its various manifestations, and it would constitute a dubious manifestation of public policy were it to attempt to do so." The order is a victory for the Electronic Frontier Foundation (EFF), which represents an anonymous individual who was previously barred by the court's earlier orders from posting links to the Zyprexa documents on the zyprexa.pbwiki.com wiki.

The Zyprexa documents were leaked from an ongoing product liability lawsuit against Eli Lilly. The internal documents allegedly show that Eli Lilly intentionally downplayed the drug's side effects, including weight gain, high blood sugar, and diabetes, and marketed the drug for "off-label" uses not approved by the Food and Drug Administration (FDA). The documents were the basis for a front-page story in the New York Times in December of last year, and electronic copies are readily available from a variety of Internet sources. EFF's client posted links to one set of copies on a wiki devoted to the controversy that were part of extensive, in-depth analysis from a number of citizen journalists.

... For the full order: http://eff.org/legal/cases/zyprexa/zyprexa_judgement.pdf

For more on the Eli Lilly Zyprexa litigation: http://www.eff.org/legal/cases/zyprexa/



Duty to use?”

http://law.enotes.com/decision-blog/

Decision of the Day Blog

The Fifth Sets Another Criminal Free

February 13th, 2007 by Robert Loblaw

U.S. v. Gunera, 05-20544 (5th Cir., Feb. 13, 2007)

What’s happening on the Fifth Circuit? Yesterday the Court issued a rare criminal reversal on Fourth Amendment grounds, and today, the Court vacates a conviction because the indictment was time-barred. Defendant Arthur Gunera, an alien and felon who had already been deported twice, returned to the U.S. illegally in 1992. He came to authorities’ attention in August1999, when he submitted an application for Temporary Protected Status, which would allow him to remain here legally. Although Gunera did not disclose his prior deportations and felony conviction, this information was available on a central database, so his application was denied. Gunera was also asked to submit a set of fingerprints, which he never did.

Nothing else happened until November 2004, when Gunera was arrested for illegal reentry. He moved to dismiss the indictment, arguing that the statute of limitations expires five years after an alien is “found” in the United States. Here, Gunera was “found” when he voluntarily submitted his TPS application. But the district court denied the motion, concluding that Gunera’s failure to disclose his past and provide fingerprints meant that he was not “found” within the meaning of the law. Gunera was convicted after a bench trial.

On appeal, the Fifth Circuit reverses. The Court explains that the information showing that Gunera had illegally reentered the country was readily available to the government once Gunera filed his TPS application, notwithstanding his lack of candor. Because the statute of limitations had run by November 2004, the indictment must be dismissed. So Gunera is a free man, though he’ll likely be deported immediately.



Nothing earth-shattering, but a reasonable overview?

http://www.infosecwriters.com/texts.php?op=display&id=538

Targeted Cyber Attacks - The Dangers Faced by your Corporate Network

by Sarah Testa on 12/02/07

Cyber attack is the name given by (usually sensationalist) articles and documents describing crimes that occur in a virtual world as opposed to tangible attacks such as war. A targeted cyber attack is when the attacker specifically targets someone or a company. A successful attack will typically allow the attacker to gain access to the victim’s assets, allowing stealing of sensitive internal data and possibly cause disruption and denial of service in some cases. One example of a targeted cyber attack is an attack in an industrial espionage case where documents were stolen by penetrating a victim’s database server. Another example can be the actions of a jealous boyfriend spying on his girlfriend’s online activities by hacking into her instant messenger or email account. Increasingly, the results of cyber attacks can be felt in a tangible world – victims of such attacks typically suffer financial losses and might also lose credibility.

http://www.infosecwriters.com/text_resources/pdf/Cyber-Attacks_STesta.pdf




Al Gore, your ride is waiting!

http://digg.com/gaming_news/Japanese_Pikachu_Snow_Plow_Robot_I_choose_you_pictures_included

Japanese Pikachu Snow Plow Robot - I choose you!

(pictures included)

This pokemon snow plow robot was designed in Japan with cameras in its eyes so that it could plow the driveway for the elderly. Or for kids who would rather play games indoors than shovel the driveway. it ways 880 pounds and will be $8300 when it comes out in 5 years. that gives me 5 years to make a Raichu robot to beat out the competition!

http://www.thelastboss.com/post.phtml?pk=2204



Beyond ringtones! Next: Hook in your iPod!

http://digg.com/mods/Custimize_Your_Car_Horn

Custimize Your Car Horn

Horntones FX-550 is a device that ties into your car's existing horn and allows you to play any audio file. When this product is released in April it will retail for $149.99 US, you can pre-order the Horntones on February 15.

http://www.uberreview.com/2007/02/horntones-customize-your-honk.htm/

Posted by at
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)