Monday, August 27, 2007

Okay, Bioshock is clean but Sony rides again! Class Action lawyers take a number please!

http://www.f-secure.com/weblog/#00001263

Double Whammy! Another Sony Case (And it's Not BioShock)

Posted by Mika @ 10:58 GMT Monday, August 27, 2007

Hypothetical: Imagine that you visit your local mall and browse around for stuff to buy. And you decide to buy a new CD from your favorite artist and you also buy a brand new cool USB stick thingy on an impulse. You go home and stick the CD into your laptop's CD drive. It prompts you to install some software. You do so and while you are listening to the music, you open the USB stick package and start experimenting with your new toy. It has a fingerprint reader so you install the software for that as well. Guess what… you might have just installed, not one, but two different rootkit-like software on your laptop.

We received a report that our F-Secure DeepGuard HIPS system was warning about a USB stick software driver. The USB stick in question has a built-in fingerprint reader. The case seemed unusual so we ordered a couple of USB sticks with fingerprint authentication. We installed the software on a test machine and were quite surprised to see that after installation our F-Secure BlackLight rootkit detector was reporting hidden files on the system.

... This USB stick with rootkit-like behavior is closely related to the Sony BMG case. First of all, it is another case where rootkit-like cloaking is ill advisedly used in commercial software. Also, the USB sticks we ordered are products of the same company — Sony Corporation.

... Note that over the weekend there was news about a suspected rootkit in the PC version of the game Bioshock. This news proved not to be true, but since BioShock apparently uses copyright protection software made by Sony there was lots of initial commotion.



Unusual for attacks to have a geographic relationship

http://www.pogowasright.org/article.php?story=20070826084116741

Central Indiana has been hit by identity theft in recent months

Sunday, August 26 2007 @ 08:41 AM CDT Contributed by: PrivacyNews News Section: Breaches

This year, several Indiana universities, including Goshen College and Notre Dame and Purdue universities have suffered various kinds of security breaches.

Source - Reporter-Times



Because I'm too lazy to list them all...

http://www.pogowasright.org/article.php?story=20070826184434981

Data “Dysprotection:” breaches reported last week

Monday, August 27 2007 @ 05:30 AM CDT Contributed by: PrivacyNews News Section: Breaches

A recap of incidents or privacy breaches reported last week for those who enjoy shaking their head and muttering to themselves with their morning coffee.

Source - Chronicles of Dissent



Sure you've worked here for 29 years, but we don't know who you are!

http://www.pogowasright.org/article.php?story=20070827052711572

IE: Fury over roll-out of biometric testing for hotel staff

Monday, August 27 2007 @ 05:27 AM CDT Contributed by: PrivacyNews News Section: Non-U.S. News

THE national privacy watchdog has expressed concern at the growth in 'Big Brother'-style clock-in systems that read workers' physical data after another hi-tech attendance procedure was launched at a major hotel.

Ireland's Data Protection Commissioner Billy Hawkes issued his warning after it emerged that the Gresham Hotel in Dublin is the latest employer to introduce a 'biometric' system. Workers claim they were not consulted about the introduction of the system that reads handprints.

Source - Independent.ie



Interesting thought, but the banks would hate it...

http://www.pogowasright.org/article.php?story=20070826180822165

Hoofnagle: Identity Theft: Making the Known Unknowns Known

Sunday, August 26 2007 @ 06:08 PM CDT Contributed by: PrivacyNews News Section: Breaches

Abstract of article:

There is widespread agreement that identity theft causes financial damage to consumers, lending institutions, retail establishments, and the economy as a whole. Surprisingly, there is little good public information available about the scope of the crime and the actual damages it inflicts. The publicly available data on identity theft come mainly from survey research. Methodologically, these survey polls of the public suffer from being both under and over-inclusive in measuring the problem. As a result, low estimates attribute tens of billions of dollars in costs to the economy and consumers, the highest estimates place losses in the hundreds of billions.

To identify proper interventions and appropriately allocate resources we need comprehensive, hard data on the scope and effect of identity theft. One way to provide concrete data is to require lending institutions to publicly report figures on identity theft. Such public reporting will help identify the relative need for intervention and the likely efficacy of interventions. These disclosures are necessary to provide a sound baseline for investment by businesses and action by regulators. They are also warranted because the public pays the price of identity theft directly when they are the victim, and indirectly through higher fees, interest rates, and because the losses are tax subsidized.

The author hypothesizes that if lending institutions reported limited information about identity theft, it would reveal that identity theft is both more prevalent and economically damaging than currently acknowledged, in part because of the rise of synthetic identity theft, a form that cannot be measured by victim surveys because they are unaware of the crime. Furthermore, the disclosure requirement would birth an anti-identity theft market, and the prevalence and severity of the crime would decrease dramatically as institutions compete to offer the safest financial products to consumers.

Source - Download Full Article (free reg. req.)

(Props CL&P Blog)



It's an idea!

http://www.pogowasright.org/article.php?story=20070826175035673

NZ: Events & Materials for Privacy Awareness Week, 26 August-1 September 2007

Sunday, August 26 2007 @ 05:50 PM CDT Contributed by: PrivacyNews News Section: Non-U.S. News

Events planned are: Monday, 27 August - Computer Society, Auckland; Tuesday, 28 August - Privacy & Technology in the 21st Century Forum (registrations full, except for media); Wednesday, 29 August - Computer Society, Christchurch; Thursday, 30 August new case notes; National Community Law Centres' hui, Auckland; Friday, 1 September privacy officers' training requirements Check out our quiz.

Source - Privacy Commissioner's Site



Like Animal House – We're on “Double Secret Probation” “Unlimited bandwidth means what we say it means...”

http://yro.slashdot.org/article.pl?sid=07/08/27/0040220&from=rss

Comcast Cuts Off Users Who Exceed Secret Limit

Journal written by SEWilco (27983) and posted by kdawson on Monday August 27, @02:22AM

from the we-won't-tell-you-and-we-won't-tell-you-why dept.

ConsumerAffairs.com has an article up spotlighting Comcast's tendency to cuts off heavy Internet users without defining in their AUP exactly what the bandwidth limit is. Frank Carreiro of West Jordan, Utah, got cut off by the mystery limit and started a 'Comcast Broadband dispute' blog.



In case someone outside the US reasoned well?

http://www.bespacific.com/mt/archives/015818.html

August 26, 2007

FLARE: Foreign Law Research

Foreign Law Research: "FLARE is a collaboration between the major libraries collecting law in the United Kingdom: Institute of Advanced Legal Studies, Bodleian Law Library, Squire Law Library, British Library, and School of Oriental and African Studies. It is working to improve the coverage and accessibility of foreign legal materials at the national level and to raise expertise in their use."



Non-obvious strategy: Why would anyone want Gateway?

http://www.infoworld.com/article/07/08/27/Acer-buys-Gateway_1.html?source=rss&url=http://www.infoworld.com/article/07/08/27/Acer-buys-Gateway_1.html

Acer to acquire Gateway for $710 million

Deal puts Acer in third spot in PC market, blocks Lenovo's intention of scooping up Packard Bell

By Sumner Lemon and Dan Nystedt, IDG News Service August 27, 2007



Worth a look!

http://www.killerstartups.com/Web-App-Tools/feedmarklet--Feed-Aggregator--Bookmarklet/

FeedMarklet.com - Feed Aggregator + Bookmarklet

FeedMarklet’s a handy tool which creates instant RSS feeds. This bookmarklet feed aggregator mashup requires no registration.



Attention L3's! (So this is what the ABA does...)

http://www.bespacific.com/mt/archives/015821.html

August 26, 2007

U.S. Supreme Court Coloring and Activity Book

"About the Book - "Have fun and learn about the Supreme Court! It's a coloring book with a surprising educational twist. This 32-page coloring book features expertly rendered illustrations depicting significant Supreme Court Justices of the United States to color in--including all current sitting Justices. The U.S. Supreme Court Coloring and Activity Book is perfect for the children of lawyers and judges, or for teachers looking for a new resource for Law Day or Constitution Day."



How my math students learn the shortcuts! (Humor)

http://soapbox.msn.com/video.aspx?vid=777094f2-a127-46f2-af96-80c8d5233bfa

No comments: