Thursday, August 02, 2007

Streisand Effect? Perhaps we need Guidelines?

http://www.pogowasright.org/article.php?story=20070801091104285

Security breach leads to Web fight (updated)

Wednesday, August 01 2007 @ 09:50 AM CDT Contributed by: PrivacyNews News Section: Breaches

A privacy advocate and Washington, D.C.-area law student, Aaron Titus spends part of his spare time looking for online leaks and personal information that could be used for identity theft.

The biggest security breach Titus said he ever came across was a Google search in June that led him to up to about 150,000 names and Social Security numbers through the Louisiana Board of Regents.

... But Titus decided to set up his own Web site — https://ssnbreach.org — in cooperation with the nonprofit, privacy advocate Liberty Coalition to further assist.

Savoie is seeking to have Titus’ new Web site taken down out of concern that additional risk could be created by publicizing all those whose information was available.

Source - 2theadvocate.com

Related - Chronicles of Dissent: What should a “privacy advocate” do? (Commentary)



Tools & Techniques. There are several civilian versions of this software.

http://it.slashdot.org/article.pl?sid=07/08/01/1632250&from=rss

What We Know About the FBI's CIPAV Spyware

Posted by Zonk on Wednesday August 01, @01:42PM from the i-always-feel-like-somebody's-watching-me dept. Security Communications Privacy The Internet

StonyandCher writes "What is CIPAV? CIPAV stands for 'Computer and Internet Protocol Address Verifier'; a lengthy term for powerful spyware the Federal Bureau of Investigation can bring to bear on web-based crime. It was used last month in a case where someone was emailing bomb threats regularly to a Washington high school. An affidavit by an FBI agent revealed some of the workings of CIPAV. 'According to the court filing, this is [some of] what the CIPAV collects from the infected computer: IP address, Media Access Control address for the network card, List of open TCP and UDP ports, List of running programs ... Last visited URL. Once that initial inventory is conducted, the CIPAV slips into the background and silently monitors all outbound communication, logging every IP address to which the computer connects, and time and date stamping each.' In a Computerworld article, the author attempts to dissect CIPAV's purpose and raises a number of questions such as: What happens to the data the CIPAV collects? Does the CIPAV capture keystrokes? Can the CIPAV spread on its own to other computers, either purposefully or by accident? [Interesting question! Bob] Does it erase itself after its job is done?"



Tools & Techniques. “We don't use DRM to stop copying. We use DRM to extort money from non-technical customer (the majority) who must purchase multiple copies of songs or movies if they want to use them on more than one device.”

http://it.slashdot.org/article.pl?sid=07/08/01/2218256&from=rss

The DRM Scorecard

Posted by samzenpus on Wednesday August 01, @08:26PM from the guess-who's-ahead dept. Security Media

An anonymous reader writes "InfoWeek blogger Alex Wolfe put together a scorecard which makes the obvious but interesting point that, when you list every major DRM technology implemented to "protect" music and video, they've all been cracked. This includes Apple's FairPlay, Microsoft's Windows Media DRM, the old-style Content Scrambling System (CSS) used on early DVDs and the new AACS for high-definition DVDs. And of course there was the Sony Rootkit disaster of 2005. Can anyone think of a DRM technology which hasn't been cracked, and of course this begs the obvious question: Why doesn't the industry just give up and go DRM-free?"



Maybe Arnold lost?

http://www.freedom-to-tinker.com/?p=1183#comments

Where are the California E-Voting Reports?

I wrote Monday about the California Secretary of State’s partial release of report from the state’s e-voting study. Four subteams submitted reports to the Secretary, but as yet only the “red team” and accessibility teams’ reports have been released. The other two sets of reports, from the source code review and documentation review teams, are still being withheld.

The Secretary even held a public hearing on Monday about the study, without having released all of the reports. This has led to a certain amount of confusion, as many press reports and editorials (e.g. the Mercury News editorial) about the study seem to assume that the full evaluation results have been reported. The vendors and some county election officials have encouraged this misimpression — some have even criticized the study for failing to consider issues that are almost certainly addressed in the missing reports.

With the Secretary having until Friday to decide whether to decertify any e-voting systems for the February 2008 primary election, the obvious question arises: Why is the Secretary withholding the other reports?

Here’s the official explanation, from the Secretary’s site:

The document review teams and source code review teams submitted their reports on schedule. Their reports will be posted as soon as the Secretary of State ensures the reports do not inadvertently disclose security-sensitive information.

This explanation is hard to credit. The study teams were already tasked to separate their reports into a public body and a private appendix, with sensitive exploit-oriented details put in the private appendix that would go only to the Secretary and the affected vendor. Surely the study teams are much better qualified to determine the security implications of releasing a particular detail than the lawyers in the Secretary’s office are.

More likely, the Secretary is worried about the political implications of releasing the reports. Given this, it seems likely that the withheld reports are even more damning than the ones released so far.

If the red team reports, which reported multiple vulnerabilities of the most serious kind, are the good news, how bad must the bad news be?



Little know tax break (I wonder if the stores still collect the tax?)

http://www.bespacific.com/mt/archives/015607.html

August 01, 2007

2007 State Sales Tax Holidays

"In 21 States, you get periodic "holidays" from paying State sales tax on certain purchases. Thirteen States offer these tax free shopping this coming weekend (August 3-5) on items needed for Back to School. This means no sales tax on clothes, computers, and school supplies. Other States offer State tax free days other times of year for energy efficient products, hurricane supplies, or all products."



I suspect this will go forward... but what do I know?

http://www.technewsworld.com/rsstory/58612.html

Apple's Battery Replacement Tap Dance Provokes Lawsuit

By Erika Morphy MacNewsWorld Part of the ECT News Network 08/01/07 9:29 AM PT

Should iPhone buyers have expected the device to act like an iPod or a cell phone at battery replacement time? That may be a key question if a lawsuit against Apple proceeds to trial. The plaintiff is seeking class action status in his action against the company, charging that it didn't inform consumers they would have to send their iPhones away for professional installation of new batteries.

An Illinois resident has filed a lawsuit against Apple and AT&T alleging the companies were deceptive about the iPhone's battery replacement process. The suit, brought by Jose Trujillo, claims customers were not clearly informed that the iPhone was sealed, and that the device would have to be sent away for battery replacement at an additional cost.

"Unknown to the plaintiff and undisclosed to the public prior to purchase, the iPhone is a sealed unit with its battery soldered on the inside of the device so that it cannot be changed by the owner," reads the complaint. "The battery enclosed in the iPhone can only be charged approximately 300 times before it will be in need of replacement, necessitating a new battery annually for owners of the iPhone."



Streisand Effect: “Look everybody! They rate me a Bad Teacher! I'm not a bad teacher just because all my students say I am – I'm just stupid!”

http://techdirt.com/articles/20070801/092449.shtml

UK Teachers Union Demands YouTube And RateMyTeacher Be Shut Down

from the censorship-to-beat-cyberbullying? dept

Back in May, we wrote about teachers in the UK demanding that "something must be done" about cyberbullying of teachers. It appears that teachers have had enough of the various online pranks and tricks that kids pull on teachers. However, as we pointed out at the time, the "something must be done" cry seems pretty pointless. Kids are always going to find ways to bully each other and teachers, and there's no magic bullet solution. Apparently, the teachers missed that lesson, because they're back with actual suggestions on what can be done. Dave writes in to let us know that a teacher's union in the UK (apparently one of many) has adopted a resolution asking for a ban on sites used for cyberbullying. Reading the details of the resolution shows the only two sites they name are YouTube and RateMyTeacher.com -- both of which have many perfectly legitimate uses and where cyberbullying takes up a tiny fraction of their usage. More importantly, however, shutting down these sites will have absolutely no impact on bullying -- except perhaps encouraging the kids to turn it up a notch, knowing that their tactics have had the desired impact. There are nearly infinite outlets for the cyberbullying to take place, and shutting down one will simply encourage kids to use a different method of cyberbullying. It seems highly unlikely that the teachers will get their way, but it's nice (ok, more like troublesome) to know that a bunch of teachers seem to think that the best way to deal with problems between people is censorship and blaming the tool involved.



Increasing security the government way:

http://www.wired.com/politics/security/news/2007/08/epassport

Scan This Guy's E-Passport and Watch Your System Crash

By Kim Zetter Email 08.01.07 | 2:00 AM

A German security researcher who demonstrated last year that he could clone the computer chip in an electronic passport has revealed additional vulnerabilities in the design of the new documents and the inspection systems used to read them.



Lab rats cause cancer!

http://www.informationweek.com/news/showArticle.jhtml?articleID=201202237

Laser Printers Linked To Health Risk

A study classified 17 out of 62 printers as "high particle emitters" because they released so much toner powder into the air.

By Thomas Claburn InformationWeek August 1, 2007 09:10 AM

Laser printers may be hazardous to your health. According to a study released Wednesday, some laser printers used in home and office environments pollute the air with potentially hazardous toner particles.

The study, scheduled to appear online in the American Chemical Society's Environmental Science & Technology (ES&T) journal, classified 17 out of 62 printers as "high particle emitters" because they released so much toner powder into the air. One of the printers released ultra-fine toner particles at a rate comparable with cigarette smoking, according to the American Chemical Society.



Outline for a student paper?

http://www.activehome.co.uk/computeractive/features/2195373/net-law

Legal issues on the internet

The law governs what you can and can’t do on the internet. But how do you know what is and isn’t legal online?

Iain Thomson, Computeract!ve 01 Aug 2007

While using the internet may make people feel anonymous, in actual fact the reverse is true.

Every email, forum posting, website visit and download can be logged, stored and brought up again at a later date.

To add complexity to the problem the international nature of internet traffic means that other countries’ legal systems may be just as important as UK law if a case is brought.

In this feature we’ll explain how to stay on the right side of the law and avoid many of the common pitfalls people fall into to. Safe surfing is perfectly possible if a few simple guidelines are followed.

[Topics addressed in this article:

Speak no evil Hold your tongue Biting the hand that feeds Downloaders going down

Pornography Remote control crime Be aware, not scared Privacy is dead

Dealing with offensive emails



Get your kids blogging, so they can support you in your old age!

http://news.com.com/8301-10784_3-9753204-7.html?part=rss&subj=news&tag=2547-1_3-0-5

Forget Babysitting and Paper Routes, Teen Turns to SEO

Posted by Stephan Spencer August 1, 2007 6:43 PM PDT

At the BlogHer 2007 Conference in Chicago last weekend, I was a proud dad, on-hand to support my daughter, Chloe, who presented her "Ultimate Neopets Cheats Blog" success story to a packed audience of bloggers, online marketers, and SEO enthusiasts attending the Professional Blogging: Ways and Means session.

In early 2006, when Chloe was 15, she decided to devote a blog to Neopets, a virtual pets site popular with kids the world over.

... By spending just a few hours per month, Chloe earns through Google AdSense between $20 and $30 per day -- and it's sometimes even as much $40. If you do the math, that's somewhere around $700 to $900 a month for very little work.



This has potential but needs more work. Think of Elvis sing the Constitution.

http://digg.com/playable_web_games/Let_them_sing_it_for_you_your_text_sung_by_rock_stars

Let them sing it for you - your text sung by rock stars!

A neat little text-to-speech applet that converts any text into a sound file pieced together using clips from pop and rock songs. There's a pretty eclectic mix of source material in there, try to work out what song each word comes from...

No comments: