Free isn't always...
http://www.pogowasright.org/article.php?story=20070829190240949
Downloadable Coupons Come With Sneaky Extras, Researcher Says
Wednesday, August 29 2007 @ 07:02 PM CDT Contributed by: PrivacyNews News Section: Businesses & Privacy
Thousands of shoppers clipping downloadable coupons from Coupons.com may be getting more than they bargained for, according to a Harvard researcher who says the site's free software hides deceptively named tracking files on users' PCs, and leaves them there after the software is ostensibly uninstalled.
Coupons Inc., which makes the software and runs Coupons.com, is the same Mountain View, California, firm that last month sued a Fremont, California, man for posting a program that lets consumers print as many copies of a particular coupon as they want, circumventing company limits.
Source - Threat Level (blog)
(h/t, InfoWarrior)
Summary? Least common denominator rule applies?
http://www.pogowasright.org/article.php?story=20070829065459140
Data Breach Disclosure Laws - A State by State Perspective
Wednesday, August 29 2007 @ 07:06 AM CDT Contributed by: PrivacyNews News Section: Breaches
Is your company aware of all the different data-breach-notification laws in the U.S.? Sure, there’s California Senate Bill 1386, but what about the other 35 states that have similar laws? Do you think you’re familiar with the subtle differences between the various state laws?
Okay, let’s test your knowledge. True or false: A breach of data that includes a person’s first name, last name and their credit card account number without the PIN doesn’t require disclosure? If you think that’s always true, look up Kansas Senate Bill 196 and think again. Are you legally required to securely destroy sensitive data on paper? In some states are you. Check out Virginia House Bill 872, for example. Of course, the issue then becomes what to do if certain state laws require disclosure of a specific data breach while other’s do not? Do you only disclose to those customers who you’re legally obligated to notify? That could be a public relations nightmare if the other customers found out -- and they will find out.
Source - SecurityPark.net
Definitious? (Towards a working definition?)
http://www.pogowasright.org/article.php?story=20070830061316632
UK: What is personal data? Information Commissioner updates guidance
Thursday, August 30 2007 @ 06:17 AM CDT Contributed by: PrivacyNews News Section: Non-U.S. News
The Information Commissioner's Office (ICO) published new guidance yesterday that explains its view of what counts as personal data under the Data Protection Act (DPA). Information that is not personal data today may become personal data as technology advances, it says.
A landmark ruling in 2003 challenged long-held assumptions about what constituted personal data. Michael Durant's case against the Financial Services Authority resulted in the courts defining personal data very narrowly, so that data became personal only in certain circumstances.
While only a court can rule on what the definition in the DPA really means, guidance from the ICO is influential. The ICO has now replaced its initial guidance on the implications of the Durant judgment.
Source - Out-Law.com
Ditto?
http://www.pogowasright.org/article.php?story=20070830062934171
The New Surveillance" in Ireland
Thursday, August 30 2007 @ 06:29 AM CDT Contributed by: PrivacyNews News Section: Non-U.S. News
I've written a short piece for the Irish Security Industry Association's Risk Manager magazine about "The New Surveillance" and its growth in Ireland:
The recent trial of Joe O’Reilly for the murder of his wife Rachel attracted huge public interest for a number of reasons – the gruesome nature of the crime and the demeanour of the killer among them. But another cause of this public attention was the way in which the trial revealed the extensive digital footprints we leave behind in our day to day activities. In a first for the Irish courts, the prosecution case was built for the most part on digital evidence – including CCTV footage, mobile phone location data, details of calls and text messages and the content of emails.
Source - IT Law in Ireland (blog)
Article - The New Surveillance" in Ireland (pdf)
Well, that fixes everything!
http://www.pogowasright.org/article.php?story=20070829172556262
(Follow-up) CT: Web Site Established After Laptop Stolen
Wednesday, August 29 2007 @ 05:25 PM CDT Contributed by: PrivacyNews News Section: Breaches
The day after announcing the theft of a computer that contains taxpayer information, the state released a Web site to address the matter.
Source - WFSB
Re-defining the law?
http://www.pogowasright.org/article.php?story=2007083006323235
Umbrella Rulings Can't Cover All Data
Thursday, August 30 2007 @ 06:32 AM CDT Contributed by: PrivacyNews News Section: In the Courts
When is enough preservation too much? Many legal professionals cringed when Magistrate Judge Jacqueline Chooljian of the U.S. District Court for the Central District of California, held that the duty to preserve required the activation of a logging function to enable the retention of serve log data in random access memory, where the information that would be captured by that step was predictably at the heart of a highly contested copyright infringement case. See Columbia Pictures Industries v. Justin Bunnell, Case No. CV 06-1093 FMC(JCx), 2007 U.S. Dist. Lexis 46364 (May 29, 2007).
Critics charge that the decision misconstrues the intent of the 2006 electronic data discovery amendments to the Federal Rules of Civil Procedure, and presages an unwarranted expansion of data preservation requirements.
Source - Law.com
They don't really mean suspects, right? They mean tried and convicted. Think of it as part of the continual obfuscation of language.
http://www.pogowasright.org/article.php?story=20070830063509676
NJ: Legislators want to add serious-crime suspects to database
Thursday, August 30 2007 @ 06:35 AM CDT Contributed by: PrivacyNews News Section: State/Local Govt.
Two decades after a Florida rapist became the first American convicted in a case built on DNA evidence, investigators are routinely turning to a national database that now holds more than 5 million genetic "fingerprints."
Some lawmakers in New Jersey are hoping it can hold even more. They're considering legislation to further expand DNA collection in the state to include anyone convicted of disorderly conduct and those arrested for murder, manslaughter, kidnapping and sex offenses.
Source - NorthJersey.com
Still bad, just not the baddest?
http://www.f-secure.com/weblog/#00001264
Posted by Mikko @ 14:45 GMT Wednesday, August 29, 2007
Sony's USB Rootkit vs Sony's Music Rootkit
Monday's post disclosed our investigation of Sony's MicroVault USM-F fingerprint reader software. Sony's software installs a driver that creates a hidden folder using rootkit techniques.
This raises the question – while the techniques employed are similar – is this case as bad as the Sony BMG XCP DRM case (i.e. the music rootkit)?
In a nutshell, the USB case is not as bad as the XCP DRM case. Why? Because…
The user understands that he is installing software, it's on the included CD, and has a standard method of uninstalling that software.
The fingerprint driver does not hide its folder as "deeply" as does the XCP DRM folder. The MicroVault software probably wouldn't hide malware as effectively from (some) real-time antivirus scanners.
The Microvault software does not hide processes or registry keys. XCP DRM did.
It's also trickier to run executables from the hidden directory than with XCP. However, it can be done.
And lastly, there seems to be a use-case: The cloaking is most likely used to protect fingerprint authentication from tampering. Sony is attempting to protect the user's own data. In the DRM case, Sony was attempting to restrict you – the user – from accessing the music on the CD you bought. So their intent was more beneficial to the consumer in this case.
However – this new rootkit (which can still be downloaded from sony.net) can be used by any malware author to hide any folder. We didn't want to go into the details about this in our public postings, but we suppose the cat's out of the bag now that our friends at McAfee blogged about this yesterday. If you simply extract one executable from the package and include it with malware, it will hide that malware's folder, no questions asked.
We still haven't received any kind of response from Sony International. Sony Sweden did however confirm in a public IDG story that the rootkit is indeed part of their software.
What's going on here. This is the second municipal WiFi net to crash in as many days! (Yesterday Chicago quit)
http://www.sfgate.com/cgi-bin/article.cgi?f=/n/a/2007/08/29/financial/f193633D05.DTL
Earthlink bows out of San Francisco Wi-Fi deal
By LISA LEFF, Associated Press Writer Thursday, August 30, 2007 (08-30) 00:05 PDT San Francisco (AP) --
Despite Earthlink Inc.'s decision to bow out of its deal to help provide free wireless Internet access throughout San Francisco, the mayor here remains committed to the idea.
For my Finance students...
http://it.slashdot.org/article.pl?sid=07/08/29/1924237&from=rss
Internet Bandwidth to Become a Global Currency?
Posted by ScuttleMonkey on Wednesday August 29, @05:11PM from the the-almighty-bit dept.
ClimateCrisis writes to tell us that internet bandwidth could become a global currency under a new model of e-commerce developed by researchers from Delft University of Technology, Vrije Universiteit, Amsterdam and Harvard's School of Engineering and Applied Sciences. "The application, available for free download at http://TV.seas.harvard.edu, is an enhanced version of a program called Tribler, originally created by the Dutch collaborators to study video file sharing. 'Successful peer-to-peer systems rely on designing rules that promote fair sharing of resources amongst users. Thus, they are both efficient and powerful computational and economic systems,' David Parkes, John L. Loeb Associate Professor of the Natural Sciences at Harvard said. 'Peer-to-peer has received a bad rap, however, because of its frequent association with illegal music or software downloads.' The researchers were inspired to use a version of the Tribler video sharing software as a model for an e-commerce system because of such flexibility, speed, and reliability."
Ditto
http://techdirt.com/articles/20070829/071407.shtml
As Companies Go Public, Power Stays Private
from the inside-out dept
As we've noted several times, the tech IPO came back in a big way this year, most recently evidenced by VMWare's meteoric launch out of the gate. While this is good news for companies and their investors, Kevin Kelleher argues that we're seeing a disturbing trend in the way these deals go down. In many instances, the terms of the deal are such that the general public shareholder has little power in the newly-public company, with most voting power concentrated in the hands of a select few insiders. What's more, in many instances, the companies have sold stakes in themselves to certain outside investors at a price below what was available to the public. It's easy to argue that such moves represent greed and a desire to keep the spoils concentrated, but there may be other reasons for these actions. As the rise of private stock exchanges suggests, public shareholders are increasingly seen as a liability, whether it's due to the threat of shareholder lawsuits or activist investors. Kelleher's concern is for the "little guy", as he puts it, but it's not clear that most investors actually care about things like voting rights. As long as investors understand where they're at, and can weigh the risks accordin
I wait with baited breath...
http://yro.slashdot.org/article.pl?sid=07/08/29/2326214&from=rss
Record Company Collusion a Defense to RIAA Case?
Posted by samzenpus on Thursday August 30, @12:23AM from the fight-the-power dept. The Courts
NewYorkCountryLawyer writes "Is collusion by the record companies a defense to an RIAA case? We're about to find out, because the RIAA has made a motion to strike the affirmative defense of Marie Lindor, who alleged that "the plaintiffs, who are competitors, are a cartel acting collusively in violation of the antitrust laws and of public policy, by tying their copyrights to each other, collusively litigating and settling all cases together, and by entering into an unlawful agreement among themselves to prosecute and to dispose of all cases in accordance with a uniform agreement, and through common lawyers, thus overreaching the bounds and scope of whatever copyrights they might have" in UMG v. Lindor."
Doust thou agree?
http://www.extremetech.com/article2/0,1558,2177284,00.asp?kc=ETRSS02129TX1K0000532
Is RFID for Kids?
By Lance Ulanoff August 29, 2007
It's high time we embraced RFID technology in all its permutations, even personal implants.
I'm surprised by both the debate over RFID (radio frequency identification) and the technology's growing capabilities. RFID has been a boon to corporations with large retail outlets, inventory rooms, warehouses, and more. It's even beginning to bleed into public spaces such as county beaches. Yet it seems all I hear is moaning about the privacy and First Amendment implications. This is growing tiresome, and it's time to set people straight.
RFID chips are a good idea. RFID chips that can help locate people and objects are a better idea. RFID chips implanted in pets and people are the best idea of all. Let me illustrate how committed I am to this idea.
Tools & Techniques
Privacy is a click away with ProxyServers4Free
There are innumerable Internet users who just know that the Internet is used for gaining information as well as keeping in touch with friends and family via email, chat, etc. But do they know that their every move is being tracked? That’s right! Imagine not having your privacy when using your Personal Computer. Not a very pleasing thought, is it? Well, for every problem, there’s always a solution and ProxyServers4Free.com is your answer.
... But, what exactly are proxy servers? Proxy servers are like buffers between your computer and the Internet resources that you access. In other words, the moment you request for certain information, the information first comes to the proxy and then the proxy transfers the same to you. Your IP address is hidden, which in turn would prevent your computer from being unethically accessed via the Internet. The websites that you visit as well as the fact that you are using a proxy server to visit them are both held in confidentiality. This information is not disclosed to anyone.
Humor?
http://www.bespacific.com/mt/archives/015842.html
August 29, 2007
DOJ OIG: Sentinel Audit III: Status of the Federal Bureau of Investigation’s Case Management System
Sentinel Audit III: Status of the Federal Bureau of Investigation’s Case Management System, Audit Report 07-40, August 2007 - PDF (Full Report, 156 pages, released August 29, 2007)
No comments:
Post a Comment