Tuesday, February 27, 2007

We just love hearing the inside dirt...

http://news.com.com/2061-10792_3-6162302.html?part=rss&tag=2547-1_3-0-5&subj=news

Will Tom Perkins slag former HP chair Patty Dunn tomorrow?

February 26, 2007 1:52 PM PST

Attendees at the VentureOne Outlook Conference in San Francisco tomorrow have one good reason for getting there before lunch: an opportunity to hear and see more Hewlett-Packard fireworks.

The lunchtime speaker at the conference is Tom Perkins, a partner emeritus at Kleiner, Perkins, Caufield and Byers and a former HP board member. Tom's topic is "The Evolution of the 'Compliance' Board and the 'Plug to Plug' Compatible Director."

What? Tom was the HP board member who clashed with former chairman Patty Dunn. According to several articles, Perkins objected to Dunn's strict focus on compliance board room procedures as well as Dunn's participation in the pretexting scandal.

Dunn, meanwhile, has said Perkins ran a disinformation campaign against her and attacked her out as part of a personal vendetta. Dunn also noted that, had Perkins complied with boardroom procedures, the spying scandal may never have erupted.

Perkins resigned and then went public about how HP sought the phone records of board members, reporters and other people.

It should beat the usual PowerPoint slide deck tracing progress from mainframes through client-server.



Even if there is no “complete” solution, all of the information is available and most of these review techniques are in place as manual (manager) reviews... at least in the better secured environments.

http://www.intelligententerprise.com/channels/applications/showArticle.jhtml?articleID=197008495

How a Smarter Database Can Protect Your Data

Databases and networks can't tell if hackers and insiders are pilfering data. Appliance- and software-based solutions offer intelligence that helps spot suspicious activity.

By Mark Leon February 2007

Firewalls, intrusion detection systems, authorization and authentication all have their place in securing the enterprise, but these technologies rarely plug a hole that has leaked millions of records with sensitive information since the well-publicized ChoicePoint breach about two years ago, according to the Privacy Rights Clearing House. Data inside a database that is protected by all of the above is still easy plunder for a legitimate user or a hacker successfully masquerading as one.

"The database isn't smart enough to care that you execute the same type of SQL query over one thousand times in a matter of seconds and walk away with a list of social security numbers," explains Noel Yuhanna, analyst with Forrester Re-search. "And the network doesn't care either; it just looks at packets, which may or may not contain the personal information of all your customers." What is lacking, according to Yuhanna, is an end-to-end security solution. Such a solution would be impressive as it would have to address security concerns from the network stack layer all the way up to the application layer. Nothing like that exists, currently, and IT managers would be ill advised to wait for it to materialize.

Chose Hardware or Software

In the meantime, there are point solutions in particular products that can build enough intelligence into your database to let you know when things don't look right. They fall into two categories: appliances that consist of hardware and soft-ware, and software-only solutions. The latter have a cost advantage, starting at around five thousand dollars and they tend to be simple to install. Both let you monitor behavior and trigger an alert on the execution of suspicious queries. The appliances, though more expensive, claim to be less intrusive since they watch network traffic in real time outside the database, adding no CPU cycles to transactional hardware. Tizor's Mantra product is one example of this type. "You can configure monitoring around several dimensions: time, content, location, volume, operation, user, session ..." says Tizor CEO Joel Rosen. "This takes you way beyond the binary, 'Do you have authorization to query the database or not?'"

[Overly simplistic translation for the non-security manager:

time, Why at 3AM?

content, Why all the “workers comp.” Queries?

location, User is in Nigeria?

Volume, 9000 times normal volume?

operation, Why is this user changing mailing addresses?

Any of this will be logged for later review by appropriate manager, but how much later is reasonable? Software allows real-time review and alerts. Bob]



Pro Real ID

http://www.pogowasright.org/article.php?story=2007022607140280

New White Paper Advocates Importance of REAL ID in Establishing and Securing Identity (Press Release)

Monday, February 26 2007 @ 07:46 AM CST - Contributed by: PrivacyNews - Fed. Govt.

Janice Kephart, former counsel to the 9/11 Commission and a nationally recognized border security expert, today announced the release of a white paper that sets out the policy backdrop for the REAL ID Act, explains its content, and discusses what is at risk if it fails. Published by 9/11 Security Solutions, "Identity and Security: Moving Beyond the 9/11 Staff Report on Identity Document Security" emphasizes the need for security at the base of the nation's identity document issuance processes.

Source - PR Newswire

White Paper - Identity and Security: Moving Beyond the 9/11 Staff Report on Identity Document Security [pdf]

[If you get a “You must login” warning, try here: http://911securitysolutions.com/index.php?option=com_content&task=view&id=117&Itemid=38


OR just watch the video interview...

http://www.podtech.net/home/technology/2228/are-you-ready-for-the-real-id-act

Are You Ready For the Real ID Act?

MP4 Video Video | Posted by Dan Verton | February 26th, 2007 3:21 pm

Following through on one of the key recommendations of the 9/11 Commission, Congress in 2005 passed the Real ID Act, which establishes guidelines for more stringent controls on the issuance of personal identity documents, such as state drivers licenses. Here, Dan Verton spoke with Janice Kephart, one of the 9/11 Commission's chief legal advisors, about what this new law, which goes into effect in May 2008, could mean for average citizens and the security of personal identity information.



At first sight, this should be positive. We have been telling managers that unhappy customers not only cost them future sales from the complainer, but from everyone they talk to as well. Now here comes another potentially quantifiable cost.

http://news.findlaw.com/andrews/bt/cmp/20070226/20070226_pioneer.html

Lawyers Can Get Customer-Complaint Info for Class Actions

By DONNA HIGGINS, Andrews Publications Staff Writer

In a ruling that should make it easier to press consumer-rights lawsuits in California, the state high court has held that class-action attorneys do not need the affirmative consent of those who have complained to companies about products in order to get their names, addresses and phone numbers.

Reinstating a trial court decision, the California Supreme Court ruled that allowing the customers to opt out of having their information turned over was sufficient to protect their privacy.

An appellate court had overturned that order, saying the trial court's approach did not do enough to protect the privacy of several hundred people who contacted defendant Pioneer Electronics to complain about allegedly defective DVD players.

But the state high court said the information the plaintiff sought - names, addresses, telephone and fax numbers, and e-mail addresses - was not particularly sensitive and the opt-out approach was adequate.

... A person's name and other identifying information fall within the California Constitution's protection of the right to privacy, and that right cannot be waived without adequate notice, the appeals court said.

It said the "Dear Consumer" letter proposed by the trial court was not sufficient because the recipients do not have an ongoing relationship with Pioneer, so there is no assurance they would actually open and read the letter.



What action will they take against the source for allowing this information to be hacked? From this brief description, the press releases must have been online (and secured?) before they were scheduled for release. (If they don't take action against the source, what does that say about TJX's Sarbanes-Oxley liability?)

http://www.reuters.com/article/internetNews/idUSN2629146920070226

SEC sues firm for hacking company news releases

Mon Feb 26, 2007 2:54PM EST By Paritosh Bansal

NEW YORK (Reuters) - U.S. regulators sued an overseas company and its owner on Monday, alleging they hacked into computer systems to get corporate news releases early and traded on that information, making a profit of $2.7 million.

The Securities and Exchange Commission, in the lawsuit, accused Blue Bottle Ltd. of using the information it received to trade in securities of at least 12 U.S. companies, including AllianceBernstein Holding LP and Symantec Corp..[An “IT Security” firm. Bob]

... The SEC was not immediately available to comment.

The lawsuit says Blue Bottle also traded in securities of companies including Achillion Pharmaceuticals Inc., Allscripts Healthcare Solutions Inc., BJ's Wholesale Club Inc., Brady Corp., CACI International Inc., Hornbeck Offshore Services Inc., LeCroy Corp., Millipore Corp., Odyssey Healthcare Inc. and RealNetworks Inc..



Opt out is adequate?

http://blog.wired.com/biotech/2007/02/emergency_medic.html

Bodyhack

by Kristen Philipkoski, with Randy Dotinga and Scott Carney Monday, 26 February 2007

Emergency Medicine Research: No Permission Required

Topic: Informed Consent

You're unconscious, suffering from cardiac arrest on the floor of a shopping mall. The paramedics rush to the scene and promptly begin to… enroll you in a randomized trial to determine if a new type of CPR-based treatment is better than the traditional one.

The only way you can get out of this involuntary research project is to wear a wristband saying you've opted out. And the only way you'd have a wristband was if you happened to know about the project in the first place.

Otherwise, you may get randomized to the new, untested way of doing things -- and it could kill you. (Or you might get randomized to the old, tested way of doing things -- and it could kill you too, since it doesn't appear to work very well.)

If you live in one of about a dozen regions around the U.S. and Canada, this scenario could happen to you. It's all thanks to a waiver of "informed consent" regulations, which require people to give an OK before research is done on them.

The upcoming cardiac arrest research project appears to be the first of its kind to be launched since a study drew intense criticism -- and a federal rethink in the U.S. -- by forcing unknowing trauma patients to get transfusions of fake blood. (Here's a Wired News story about that.)

I'm writing a story about the new project for Wired News. I'll be blogging this week about what I've heard from various bioethicists and medical experts.



Don't confuse me with facts...

http://it.slashdot.org/article.pl?sid=07/02/27/0056212&from=rss

How IT Increases Productivity

Posted by kdawson on Monday February 26, @09:55PM from the many-balls-in-the-air dept.

Several readers wrote to tell us about a groundbreaking study reported in Computerworld. Researchers at Boston University and MIT analyzed how IT makes people more productive at an individual level. They gathered more than 125,000 email messages, 5 years of project data, and survey responses to see what factors predicted revenue generation and completed projects. Abstracts for the original articles are available. Among the surprises: IT didn't necessarily make projects faster but it did dramatically increase productivity by facilitating multitasking; and IT-supported social networks predicted productivity better than experience did.



Still too large, but eventually we will be able to put a tag in each cell. THEN we will have control of the world!

http://news.wired.com/dynamic/stories/J/JAPAN_POWDER_CHIP?SITE=WIRE&SECTION=HOME&TEMPLATE=DEFAULT

Feb 23, 3:53 AM EST

Hitachi Shows Off Powder-Sized Smart Tag

By YURI KAGEYAMA AP Business Writer

TOKYO (AP) -- Tiny computer chips used for tracking food, tickets and other items are getting even smaller. Hitachi Ltd., a Japanese electronics maker, recently showed off radio frequency identification, or RFID, chips that are just 0.002 inches by 0.002 inches and look like bits of powder. They're thin enough to be embedded in a piece of paper, [like currency? Bob] company spokesman Masayuki Takeuchi said Thursday.


Related. Who will rule the world? “You can't tell everyone we've been lying about the security thing...”

http://www.infoworld.com/article/07/02/26/HNblackhatrfid_1.html?source=rss&url=http://www.infoworld.com/article/07/02/26/HNblackhatrfid_1.html

Battle brewing over RFID chip-hacking demo

Card maker HID calls foul over Black Hat presentation

By Paul F. Roberts February 26, 2007

Secure card maker HID Corp. is objecting to a demonstration of a hacking tool at this week's Black Hat Federal security conference in Washington, D.C. that could make it easy to clone a wide range of so-called "proximity" door access cards.

HID has sent a letter to IOActive, a security consulting firm, accusing Chris Paget, IOActive's director of research and development, of possible patent infringement [That should terrify hackers Bob] over a planned presentation, "RFID for beginners," on Wednesday, a move that could lead to legal action should the talk go forward, according to Jeff Moss, founder and director of Black Hat.

... His RFID cloner was on display at the recent RSA Security Conference in San Francisco, where he demonstrated for InfoWorld how the device could be used to steal access codes from HID brand proximity cards, store them, then use the stolen codes to fool a HID card reader.

Paget's presentation at Black Hat Federal will go deeper, providing schematics and source code that attendees could use to create their own cloning device, and discussing vulnerable implementations of RFID technology in a wide variety of devices, Paget told InfoWorld at RSA earlier this month.

... HID is also concerned that Paget's demonstration will popularize the vulnerabilities [There is no security in obscurity OR What your customers don't know WILL hurt them. Bob] in its proximity cards and endanger its many customers.

... Asked why HID hasn't addressed the issue in more recent proximity card systems, after knowledge of RFID threats became common, Carroll said that doing so would cause "major upheaval" [Translation: revolt Bob] among customers.



Was it the WiFi Police? How does one know that a wireless Internet connection exists? This guy could have been typing his homework onto a word processor!

http://techdirt.com/articles/20070226/004000.shtml

Is It Still Theft Of Service If It's Using The Free WiFi At The Library?

from the someone-please-explain dept

In the past, we've made it pretty clear why we have a hard time believing that there's anything wrong with using an open WiFi network -- even as there are an increasing number of stories of people getting arrested and fined for doing so -- usually with the claim that it's "theft of services." However, it's difficult to see how it can possibly be considered theft of services when it's done from a place that's giving away the WiFi for free. The latest case, sent in by John, involves a 21-year-old who had his laptop confiscated after he was caught using a library's free WiFi from his car. The police officer quoted in the case, makes it sound like it's a no brainer that using the WiFi in a library from your car is clearly illegal -- but there's no explanation for why (or why it's then okay to confiscate the guy's laptop to "inspect what he may have been downloading.") Also, if it's so suspicious for someone to be using a laptop in their car, what happens when more people get access to wireless broadband and sit in their cars using their laptops via a completely legitimate EVDO or HSDPA connection? Will the police come and confiscate those laptops as well?


Other places to commit this crime?

http://digg.com/software/Find_a_Wi_Fi_hotspot_in_your_area_with_Hotspotr

Find a Wi-Fi hotspot in your area with Hotspotr

As with other Wi-Fi finders, you can search for hotspots by entering a city, ZIP code or place, then get maps, driving directions, phone numbers, etc. Hotspotr also lets you rate and review existing hotspots based on criteria like wireless quality, food/drink quality, availability of AC outlets and so on. (via Lifehacker)

http://hotspotr.com/wifi



Hey, if it works here, can e-voting machines be hacked to display “Vote for Hillary?”

http://it.slashdot.org/article.pl?sid=07/02/26/1614216&from=rss

Konami Slot Machines Flashing Subliminal Messages?

Posted by ScuttleMonkey on Monday February 26, @01:29PM from the we-are-NOT-very-sorry dept. Bug Software Games

shadowspar writes "A Canadian province has pulled several models of Konami slot machines out of service after a news investigation revealed that they briefly flash a jackpot result on the screen every time they are played. Konami claims that the 'subliminal' jackpot images are unintentional and the result of a bug, but other US and Canadian jurisdictions are looking at pulling the machines as well."



Why doesn't this headline read: “Wizardly lawyers spell e-Bay”

http://www.timesonline.co.uk/tol/news/uk/article1437673.ece

Potter author sues eBay over pirate books

Jack Malvern February 26, 2007

In fiction his enemies are evil wizards and magical beasts, but Harry Potter’s latest adversary is a real corporation with a turnover of more than £2 billion.

J. K. Rowling, Harry’s creator, is suing the online auction hosting service eBay after unscrupulous sellers used the Indian version of the website to sell unauthorised versions of her books.

Rowling is not the first person to sue the website for breach of copyright, but she has won a unique victory by obtaining an injunction that prohibits eBay from listing illegal copies of her work. The court order is a setback for eBay because it is the first time the company has been obliged to police its sellers’ auctions for copyrighted material.



Surprise?

http://www.bespacific.com/mt/archives/014059.html

February 26, 2007

Pew Internet and American Life Project Survey of Wireless Internet Access

"The Pew Internet & American Life Project has just released a report that 34% of internet users have logged onto the internet using a wireless connection either around the house, at their workplace, or some place else. The report profiles these wireless users and describes their intensive use of the internet, especially in exchanging emails and getting news online."



No surprise

http://www.bespacific.com/mt/archives/014065.html

February 26, 2007

Comprehensive Study Examines Quality of 615 House and Senate Web Sites, Finds Quality Disappointing

"The 2006 Gold Mouse Report: Recognizing the Best Web Sites on Capitol Hill marks the third time that the Congressional Management Foundation has evaluated all Member, committee, and leadership Web sites and recognized the best Congressional Web sites with Mouse Awards."

  • Press release: "A new report card on congressional Web sites from the Congressional Management Foundation (CMF) says the overall quality is "disappointing" with over a third of the congressional Web sites earning a substandard or failing grade. There was also recognition and praise for the best Web sites on Capitol Hill with the announcement of the winners of the Gold, Silver, and Bronze Mouse Awards."



Research tool?

http://www.bespacific.com/mt/archives/014058.html

February 26, 2007

Site Offers Free Searching and Viewing of Major Broadcast News Videos

"The Tyndall Report monitors the weekday nightly newscasts of the three American broadcast television networks: ABC World News with Charles Gibson, CBS Evening News with Katie Couric and NBC Nightly News with Brian Williams...The Tyndall Blog monitors and comments on each night's newscasts and links to the stories that the networks aired."


More research?

http://www.bespacific.com/mt/archives/014066.html

February 26, 2007

Searching U.S. Law School Websites

John Doyle's (of Washington & Lee Law School Library) Searching U.S. Law School Websites.


Ditto

http://www.bespacific.com/mt/archives/014053.html

February 26, 2007

Free, Open Source Site Covering Congressional Bills, News, Gossip and Elected Officials

"OpenCongress brings together official government information with news and blog coverage to give you the real story behind what's happening in Congress. Small groups of political insiders and lobbyists know what's really going on in Congress. Now, everyone can be an insider. OpenCongress is a free, open-source, non-profit, and non-partisan web resource with a mission to help make Congress more transparent and to encourage civic engagement. OpenCongress is a joint project of the Sunlight Foundation and the Participatory Politics Foundation."

  • "OpenCongress brings together, for the first time in one place, all the best data on what's really happening in Congress: Official Congressional information from Thomas, made available by GovTrack.us: bills, votes, committee reports, and more. News articles about bills and Members of Congress from Google News. Blog posts about bills and Members of Congress from Google Blog Search and Technorati. Campaign contribution information for every Member of Congress from the website of the non-profit, non-partisan Center for Responsive Politics, OpenSecrets.org. Congress Gossip Blog: a blog written by the site editors of OpenCongress that highlights useful news and blog reporting from around the web. The blog also solicits tips, either anonymous or attributed, from political insiders, citizen journalists, and the public in order to build public knowledge about Congress."



Think of it as a specialized ringtone for police cruisers...

http://www.engadget.com/2007/02/26/cop-computers-yell-doh-when-they-spot-uninsured-drivers/

Cop computers yell "D'oh!" when they spot uninsured drivers

Posted Feb 26th 2007 2:53PM by Paul Miller Filed under: Misc. Gadgets

Some Thames Valley, UK cops claim it helps reaction times to have their onboard computer yell out Homer's "D'oh!" when it picks up on uninsured drivers, Jack Nicholson's "Here's Johnny" from The Shining when a stolen car zips by, and Dan Aykroyd's "People like this are a menace to decent society" for crime-linked cars. No word if this newfound reaction time is negated by an ensuing Simpsons-laced quote fest, punctuated with SNL reminiscence.

Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)