Saturday, August 04, 2007

Look, this isn't going away. Someone will need to address this, either before an election or in the aftermath of another “Hanging Chad” scenario.

http://techdirt.com/articles/20070803/034147.shtml

Even More Trouble For E-Voting Firms: Source Code Review Finds All Sorts Of Scary Vulnerabilities

from the doesn't-look-good dept

This has not been a good week for e-voting companies. First came the report out of California that the security had problems on every machine tested by independent security experts, followed quickly by security experts finding problems with other machines in Florida. This should come as no surprise. Every time a security expert seems to get a chance to check out these machines, they find problems. What was odd, though, about the announcement on Monday coming out of California, was that the state had only released some of the reports. It left out the source code review. However, late Thursday, the source code reports were finally released and things don't look much better. Apparently all of the e-voting machines are vulnerable to malicious attacks that could "affect election outcomes." The report also points out: "An attack could plausibly be accomplished by a single skilled individual with temporary access to a single voting machine. The damage could be extensive -- malicious code could spread to every voting machine in polling places and to county election servers." This, of course, is what others have been saying for years, and which Diebold always brushes off. Ed Felten has gone through the reports and is amazed to find that all of the e-voting machines seem to have very similar security problems -- and that many problems that Diebold had insisted it fixed in 2003 were still present. Remember how Diebold had used the master password "1111" in their machines? Now their machines use hard-coded passwords like "diebold" and (I kid you not) "12345678." At some point, isn't it time for Diebold (and the other e-voting critics) to stand up and admit that their machines aren't secure and, in fact, were never secure? At the very least, the company owes the world a huge apology -- but somehow, given its past behavior whenever its machines are shown as insecure, that seems unlikely to happen.



Remember, there is no security through obscurity

http://blogs.techrepublic.com.com/hiner/?p=528

Sanity check: Did The Wall Street Journal sabotage businesses by publishing tips on how to circumvent IT?

* Date: August 3rd, 2007 * Blogger: Jason Hiner

In the Monday, July 30 edition of The Wall Street Journal, there was a special section on technology that led with the article “Ten Things Your IT Department Won’t Tell You” by Vauhini Vara. If you haven’t read the article, you should take a look because some of your users may have have already seen it, and as a result they may be engaging in activities that put themselves and your IT department at risk.

... Here is the list of the 10 items in Vara’s article:

1. How to send giant files

2. How to use software that your company won’t let you download

3. How to visit the Web sites your company blocks

4. How to clear your tracks on your work laptop

5. How to search for your work documents from home

6. How to store work files online

7. How to keep your privacy when using Web email

8. How to access your work email remotely when your company won’t spring for a BlackBerry

9. How to access your personal email on your BlackBerry

10. How to look like you’re working

Vara breaks down each item into four sections — The Problem, The Trick, The Risk, and How to Stay Safe.



Perhaps someone could translate this from the Canadian?

http://www.pogowasright.org/article.php?story=20070803134839179

Ca: Privacy commissioner releases privacy breach guidelines

Friday, August 03 2007 @ 01:48 PM CDT Contributed by: PrivacyNews News Section: Non-U.S. News

New guidelines have been drawn up to help businesses take the right steps after a privacy breach, including notifying people after their personal and financial information has been stolen, lost or mistakenly disclosed, says the privacy commissioner of Canada, Jennifer Stoddart.

Source - CBC News

[The new guidelines as well as a privacy breach checklist and a list of organizations which participated in the consultation process to develop the guidelines are available on the OPC website, www.privcom.gc.ca. ]



Such an interesting question. If you can't record a person without permission, you can't record the person giving you permission.

http://www.tribune-democrat.com/statenews/cnhinsall_story_215112354.html

Newspaper objects to police seizure of newsroom computer

NEW CASTLE NEWS (NEW CASTLE, Pa.)

NEW CASTLE, Pa.— The New Castle News said Friday it will file a court protest against the unannounced seizure by authorities of a newsroom computer that police say was used to illegally record phone conversations with two local public officials about a proposed police training facility.

The News’ petition will ask that the city police department return the computer immediately, saying it is important to the daily production of the paper and could be subject to indiscriminate search of sensitive news files.

Sgt. Kevin Seelbaugh confiscated the computer the afternoon of July 25 after District Justice Melissa A. Amodie issued a search warrant to determine if News reporter Pat Litowitz had recorded conversations with Northwest Lawrence Regional Police Chief Jim Morris and Mahoning Township Supervisor Francis Exposito without informing them beforehand.

Morris asked Seelbaugh to seek the search warrant on the basis that a state privacy law requires both parties consent to a recorded phone conversation in Pennsylvania. Violation of the law is a third-degree felony punishable by up to seven years in prison.

Morris learned from his wife, Debbie Wachter Morris, who also is a reporter at The News, that Litowitz recorded a conversation with the chief and also with Exposito.

The phone conversations at issue concerned a story Litowitz was pursuing about a proposed police training facility in Mahoning Township. There was no contention by Chief Morris or Exposito that Litowitz had represented himself as anything other than a reporter for The News.

On July 17, Litowitz initiated a call to Morris, who was unavailable, telling him the subject of his inquiry. Morris later returned the call to Litowitz’s cell phone. Litowitz also talked with Exposito about the story.

Eventually, the story was written by News reporter Nancy Lowry, who also had gathered information about the police training facility. Litowitz played the recorded calls with Chief Morris and Exposito for Lowry so she could use the information in her story.

Lowry said she mentioned the recorded conversations to Wachter Morris, who then told her husband. That’s when Chief Morris contacted New Castle police and the computer was seized, along with several record devices belonging to Litowitz, during an unannounced visit to the newsroom by Seelbaugh.

News publisher Max Thomson said he did not protest the search and seizure at the time because he considered the matter “largely an internal office misunderstanding that could be worked out. Those efforts have failed and the district attorney, for whatever reason, has decided to pursue the case.”

Chief Morris declined to say why he pursued the case against Litowitz and whether he considered their conversation to be off the record.

His wife said that he previously had asked her to inform him if she ever learned that he had been recorded without his knowledge. She said she and her husband had discussed the legality of taping phone conversations, and that she found a law regarding the practice about a year ago.

When I became aware that it was not a legal thing to do, I brought it to my supervisor’s (News managing editor Tim Kolodziej) attention that someone in the newsroom was doing it,” Wachter Morris said.

I gave him (Kolodziej) a copy of the law I got from the Internet and told him if someone in the newsroom was violating it, I felt it should stop, and that if anyone found out about it, we could be in trouble.,” she said.

When I brought the matter to Tim’s attention after he had read the law, he advised the person in front of me (Litowitz) not to do it any more unless he asked permission first.”

Wachter Morris added that she does not believe a conflict of interest existed between her job as a news reporter and the fact that she reported an internal newsroom issue to a law enforcement authority, in this case her police chief husband..

I felt an obligation to both,” she said. “I felt if my husband was the victim of an alleged crime, and I was seeing it happen, I felt obligated to bring it to the attention of my employer and my husband as the victim.”

Litowitz said he recorded the conversations with Chief Morris and Exposito to assure the accuracy of the conversations and to get the details of the story correct. He said he didn’t consider that an illegal practice.

When I introduce myself as a representative of the New Castle News, there is no expectation of privacy,” he said. “That has already been determined by the state courts.”

Litowitz added, “I tape interviews to ensure the highest accuracy of my articles. I want to make sure I am providing the readers with the best information possible. Recording also allows me to focus on the topic at hand and interact with the person I am interviewing. Written notes impede that process.”

He added that he does few interviews by phone, preferring to meet people in person. These interviews also are taped, he said.

Reporter Lowry said she did not consider the taped interviews to be ethically wrong.

Everybody who talks to a reporter knows that the reporter isn’t talking just to be friendly,” she said. “They are talking to gain information. Jim (Morris) knew he was talking to a reporter about a story.”

Lowry added she did not use any of the recorded interviews in her story.

James Manolis, the newspaper’s attorney in the case, said there is some legal precedent that implies the state law requiring two-party consent to a recorded phone conversation is overly broad and doesn’t always apply to journalists.

Part of our argument (to reclaim the computer) is going to be that this statute may not be constitutional in and of itself, and what Mr. Litowitz is alleged to have done may not even constitute a crime under Pennsylvania law,” Manolis said.

And if it doesn’t, then the seizure of this computer and the retention of this computer is something that is not necessary or lawful.”

Publisher Thomson also doubted a crime was committed.

Even if the phone conversation was taped, any public official speaking with a reporter has no reasonable expectation of privacy,” he said. “Beyond that, we are confident that case law holds this particular statute to be so overly broad that it is unenforceable.”



Strategy I: Work towards payment for each time a song is played? (Like the software licensing model – you can't “buy” one copy and use it on many computers...)

http://politics.slashdot.org/article.pl?sid=07/08/03/1747253&from=rss

Broadcasters Want Cash For Media Shared at Home

Posted by Zonk on Friday August 03, @02:30PM from the gotta-get-it-where-you-can dept. Media The Almighty Buck Politics

marcellizot writes "What would you say if told you that there are people out there that want to make sharing your media between devices over a home network illegal? According to Jim Burger, a Washington, D.C attorney who deals with piracy in the broadcasting industry, certain broadcasters want to do just that. Speaking in a recent podcast, Burger remarked that the broadcasting industry is keen to put controls on sharing media between devices even if those devices are on a home network and even if the sharing is strictly for personal use. When pressed as to why broadcasters would want to do this, Burger replied simply 'because they want you to pay for that right'."


Strategy II: Make them re-purchase everything? (If you download music, this is what you deserve?) Interesting statistics in any case.

http://arstechnica.com/news.ars/post/20070803-average-pc-is-a-smorgasboard-for-a-new-mp3-eating-trojan.html

Average PC is a smorgasboard for a new MP3-eating trojan

By Jacqui Cheng Published: August 03, 2007 - 02:05PM CT

It's no secret that people like to collect music on their PCs, with music files taking up more and more hard drive space as time goes on. Recent data from Comscore says that as of April of this year the typical computer in the US contains an average of 880 MP3 files, taking up roughly 3GB of hard drive space. Compared to the average number of Word documents (197), PDFs (100), and Excel files (77), music files make up the single most common type of file found on an average computer by a long shot.

But that very hobby could bite an avid MP3 collector in the butt if a new worm makes its way into their computers. A newly-uncovered worm called W32.Deletemusic does exactly what its name implies—it goes through a PC and deletes all MP3 files in sight. And that's it. Simultaneously low-threat and highly annoying, the worm makes its way from computer to computer by spreading itself onto all attached drives of a given PC, including flash drives and removable media. If that media is then removed and inserted into another computer, it continues its music-eating rampage on the new host.



The goal is: Use the Internet for anything/everything?

http://www.pcworld.com/article/id,135467-c,shopping/article.html

Amazon Now Selling Groceries

Limited pilot program lets Amazon shoppers buy produce, fish, and dairy products.

Friday, August 03, 2007 07:00 AM PDT

LOS ANGELES (Reuters) - Amazon.com is going to the farm -- literally -- under a pilot program to sell fresh food like eggs, vegetables and fish.

The company that began in 1995 as the world's biggest bookstore confirmed on Thursday that it kicked off the program, AmazonFresh, in the Seattle, Washington, enclave Mercer Island by invitation only on Wednesday.

"It's up and running," said spokesman Craig Berman. "People are ordering and trucks are delivering." He would not speculate, however, on when the program would be expanded.

"When we feel we are ready to add neighborhoods and add more customers to the invite list, and we can provide those customers with a great experience then we will do so," he said.

Some of the items available on AmazonFresh include a bunch of organic carrots with leafy tops for $1.79 and a 5 ounce steak for $1.99.

Nonperishable items, already sold on Amazon.com, will also be available through AmazonFresh.

Daytime shipping is free with a $50 minimum purchase, while predawn shipping is free with a $25 minimum order. Delivery for purchases below minimums is $9.99. Customers may also pick up their goods at an assigned station.

... The online grocery business is a difficult one, given the perishability of fresh food and the grocery industry's razor-thin profit margins.



I strive to emulate such greatness... (We need a bigger list.)

http://www.boreme.com/boreme/funny-2006/class-insults-p1.php#

When insults had class

Sticking in the daggers

Latest Best of Collections

[Some examples”

"A modest little person, with much to be modest about." Winston Churchill

"He can compress the most words into the smallest idea of any man I know." Abraham Lincoln

"He has no enemies , but is intensely disliked by his friends." Oscar Wilde

"He had delusions of adequacy." Walter Kerr

"Some cause happiness wherever they go; others, whenever they go." Oscar Wilde

No comments: