Saturday, August 04, 2007

Look, this isn't going away. Someone will need to address this, either before an election or in the aftermath of another “Hanging Chad” scenario.

Even More Trouble For E-Voting Firms: Source Code Review Finds All Sorts Of Scary Vulnerabilities

from the doesn't-look-good dept

This has not been a good week for e-voting companies. First came the report out of California that the security had problems on every machine tested by independent security experts, followed quickly by security experts finding problems with other machines in Florida. This should come as no surprise. Every time a security expert seems to get a chance to check out these machines, they find problems. What was odd, though, about the announcement on Monday coming out of California, was that the state had only released some of the reports. It left out the source code review. However, late Thursday, the source code reports were finally released and things don't look much better. Apparently all of the e-voting machines are vulnerable to malicious attacks that could "affect election outcomes." The report also points out: "An attack could plausibly be accomplished by a single skilled individual with temporary access to a single voting machine. The damage could be extensive -- malicious code could spread to every voting machine in polling places and to county election servers." This, of course, is what others have been saying for years, and which Diebold always brushes off. Ed Felten has gone through the reports and is amazed to find that all of the e-voting machines seem to have very similar security problems -- and that many problems that Diebold had insisted it fixed in 2003 were still present. Remember how Diebold had used the master password "1111" in their machines? Now their machines use hard-coded passwords like "diebold" and (I kid you not) "12345678." At some point, isn't it time for Diebold (and the other e-voting critics) to stand up and admit that their machines aren't secure and, in fact, were never secure? At the very least, the company owes the world a huge apology -- but somehow, given its past behavior whenever its machines are shown as insecure, that seems unlikely to happen.

Remember, there is no security through obscurity

Sanity check: Did The Wall Street Journal sabotage businesses by publishing tips on how to circumvent IT?

* Date: August 3rd, 2007 * Blogger: Jason Hiner

In the Monday, July 30 edition of The Wall Street Journal, there was a special section on technology that led with the article “Ten Things Your IT Department Won’t Tell You” by Vauhini Vara. If you haven’t read the article, you should take a look because some of your users may have have already seen it, and as a result they may be engaging in activities that put themselves and your IT department at risk.

... Here is the list of the 10 items in Vara’s article:

1. How to send giant files

2. How to use software that your company won’t let you download

3. How to visit the Web sites your company blocks

4. How to clear your tracks on your work laptop

5. How to search for your work documents from home

6. How to store work files online

7. How to keep your privacy when using Web email

8. How to access your work email remotely when your company won’t spring for a BlackBerry

9. How to access your personal email on your BlackBerry

10. How to look like you’re working

Vara breaks down each item into four sections — The Problem, The Trick, The Risk, and How to Stay Safe.

Perhaps someone could translate this from the Canadian?

Ca: Privacy commissioner releases privacy breach guidelines

Friday, August 03 2007 @ 01:48 PM CDT Contributed by: PrivacyNews News Section: Non-U.S. News

New guidelines have been drawn up to help businesses take the right steps after a privacy breach, including notifying people after their personal and financial information has been stolen, lost or mistakenly disclosed, says the privacy commissioner of Canada, Jennifer Stoddart.

Source - CBC News

[The new guidelines as well as a privacy breach checklist and a list of organizations which participated in the consultation process to develop the guidelines are available on the OPC website, ]

Such an interesting question. If you can't record a person without permission, you can't record the person giving you permission.

Newspaper objects to police seizure of newsroom computer


NEW CASTLE, Pa.— The New Castle News said Friday it will file a court protest against the unannounced seizure by authorities of a newsroom computer that police say was used to illegally record phone conversations with two local public officials about a proposed police training facility.

The News’ petition will ask that the city police department return the computer immediately, saying it is important to the daily production of the paper and could be subject to indiscriminate search of sensitive news files.

Sgt. Kevin Seelbaugh confiscated the computer the afternoon of July 25 after District Justice Melissa A. Amodie issued a search warrant to determine if News reporter Pat Litowitz had recorded conversations with Northwest Lawrence Regional Police Chief Jim Morris and Mahoning Township Supervisor Francis Exposito without informing them beforehand.

Morris asked Seelbaugh to seek the search warrant on the basis that a state privacy law requires both parties consent to a recorded phone conversation in Pennsylvania. Violation of the law is a third-degree felony punishable by up to seven years in prison.

Morris learned from his wife, Debbie Wachter Morris, who also is a reporter at The News, that Litowitz recorded a conversation with the chief and also with Exposito.

The phone conversations at issue concerned a story Litowitz was pursuing about a proposed police training facility in Mahoning Township. There was no contention by Chief Morris or Exposito that Litowitz had represented himself as anything other than a reporter for The News.

On July 17, Litowitz initiated a call to Morris, who was unavailable, telling him the subject of his inquiry. Morris later returned the call to Litowitz’s cell phone. Litowitz also talked with Exposito about the story.

Eventually, the story was written by News reporter Nancy Lowry, who also had gathered information about the police training facility. Litowitz played the recorded calls with Chief Morris and Exposito for Lowry so she could use the information in her story.

Lowry said she mentioned the recorded conversations to Wachter Morris, who then told her husband. That’s when Chief Morris contacted New Castle police and the computer was seized, along with several record devices belonging to Litowitz, during an unannounced visit to the newsroom by Seelbaugh.

News publisher Max Thomson said he did not protest the search and seizure at the time because he considered the matter “largely an internal office misunderstanding that could be worked out. Those efforts have failed and the district attorney, for whatever reason, has decided to pursue the case.”

Chief Morris declined to say why he pursued the case against Litowitz and whether he considered their conversation to be off the record.

His wife said that he previously had asked her to inform him if she ever learned that he had been recorded without his knowledge. She said she and her husband had discussed the legality of taping phone conversations, and that she found a law regarding the practice about a year ago.

When I became aware that it was not a legal thing to do, I brought it to my supervisor’s (News managing editor Tim Kolodziej) attention that someone in the newsroom was doing it,” Wachter Morris said.

I gave him (Kolodziej) a copy of the law I got from the Internet and told him if someone in the newsroom was violating it, I felt it should stop, and that if anyone found out about it, we could be in trouble.,” she said.

When I brought the matter to Tim’s attention after he had read the law, he advised the person in front of me (Litowitz) not to do it any more unless he asked permission first.”

Wachter Morris added that she does not believe a conflict of interest existed between her job as a news reporter and the fact that she reported an internal newsroom issue to a law enforcement authority, in this case her police chief husband..

I felt an obligation to both,” she said. “I felt if my husband was the victim of an alleged crime, and I was seeing it happen, I felt obligated to bring it to the attention of my employer and my husband as the victim.”

Litowitz said he recorded the conversations with Chief Morris and Exposito to assure the accuracy of the conversations and to get the details of the story correct. He said he didn’t consider that an illegal practice.

When I introduce myself as a representative of the New Castle News, there is no expectation of privacy,” he said. “That has already been determined by the state courts.”

Litowitz added, “I tape interviews to ensure the highest accuracy of my articles. I want to make sure I am providing the readers with the best information possible. Recording also allows me to focus on the topic at hand and interact with the person I am interviewing. Written notes impede that process.”

He added that he does few interviews by phone, preferring to meet people in person. These interviews also are taped, he said.

Reporter Lowry said she did not consider the taped interviews to be ethically wrong.

Everybody who talks to a reporter knows that the reporter isn’t talking just to be friendly,” she said. “They are talking to gain information. Jim (Morris) knew he was talking to a reporter about a story.”

Lowry added she did not use any of the recorded interviews in her story.

James Manolis, the newspaper’s attorney in the case, said there is some legal precedent that implies the state law requiring two-party consent to a recorded phone conversation is overly broad and doesn’t always apply to journalists.

Part of our argument (to reclaim the computer) is going to be that this statute may not be constitutional in and of itself, and what Mr. Litowitz is alleged to have done may not even constitute a crime under Pennsylvania law,” Manolis said.

And if it doesn’t, then the seizure of this computer and the retention of this computer is something that is not necessary or lawful.”

Publisher Thomson also doubted a crime was committed.

Even if the phone conversation was taped, any public official speaking with a reporter has no reasonable expectation of privacy,” he said. “Beyond that, we are confident that case law holds this particular statute to be so overly broad that it is unenforceable.”

Strategy I: Work towards payment for each time a song is played? (Like the software licensing model – you can't “buy” one copy and use it on many computers...)

Broadcasters Want Cash For Media Shared at Home

Posted by Zonk on Friday August 03, @02:30PM from the gotta-get-it-where-you-can dept. Media The Almighty Buck Politics

marcellizot writes "What would you say if told you that there are people out there that want to make sharing your media between devices over a home network illegal? According to Jim Burger, a Washington, D.C attorney who deals with piracy in the broadcasting industry, certain broadcasters want to do just that. Speaking in a recent podcast, Burger remarked that the broadcasting industry is keen to put controls on sharing media between devices even if those devices are on a home network and even if the sharing is strictly for personal use. When pressed as to why broadcasters would want to do this, Burger replied simply 'because they want you to pay for that right'."

Strategy II: Make them re-purchase everything? (If you download music, this is what you deserve?) Interesting statistics in any case.

Average PC is a smorgasboard for a new MP3-eating trojan

By Jacqui Cheng Published: August 03, 2007 - 02:05PM CT

It's no secret that people like to collect music on their PCs, with music files taking up more and more hard drive space as time goes on. Recent data from Comscore says that as of April of this year the typical computer in the US contains an average of 880 MP3 files, taking up roughly 3GB of hard drive space. Compared to the average number of Word documents (197), PDFs (100), and Excel files (77), music files make up the single most common type of file found on an average computer by a long shot.

But that very hobby could bite an avid MP3 collector in the butt if a new worm makes its way into their computers. A newly-uncovered worm called W32.Deletemusic does exactly what its name implies—it goes through a PC and deletes all MP3 files in sight. And that's it. Simultaneously low-threat and highly annoying, the worm makes its way from computer to computer by spreading itself onto all attached drives of a given PC, including flash drives and removable media. If that media is then removed and inserted into another computer, it continues its music-eating rampage on the new host.

The goal is: Use the Internet for anything/everything?,135467-c,shopping/article.html

Amazon Now Selling Groceries

Limited pilot program lets Amazon shoppers buy produce, fish, and dairy products.

Friday, August 03, 2007 07:00 AM PDT

LOS ANGELES (Reuters) - is going to the farm -- literally -- under a pilot program to sell fresh food like eggs, vegetables and fish.

The company that began in 1995 as the world's biggest bookstore confirmed on Thursday that it kicked off the program, AmazonFresh, in the Seattle, Washington, enclave Mercer Island by invitation only on Wednesday.

"It's up and running," said spokesman Craig Berman. "People are ordering and trucks are delivering." He would not speculate, however, on when the program would be expanded.

"When we feel we are ready to add neighborhoods and add more customers to the invite list, and we can provide those customers with a great experience then we will do so," he said.

Some of the items available on AmazonFresh include a bunch of organic carrots with leafy tops for $1.79 and a 5 ounce steak for $1.99.

Nonperishable items, already sold on, will also be available through AmazonFresh.

Daytime shipping is free with a $50 minimum purchase, while predawn shipping is free with a $25 minimum order. Delivery for purchases below minimums is $9.99. Customers may also pick up their goods at an assigned station.

... The online grocery business is a difficult one, given the perishability of fresh food and the grocery industry's razor-thin profit margins.

I strive to emulate such greatness... (We need a bigger list.)

When insults had class

Sticking in the daggers

Latest Best of Collections

[Some examples”

"A modest little person, with much to be modest about." Winston Churchill

"He can compress the most words into the smallest idea of any man I know." Abraham Lincoln

"He has no enemies , but is intensely disliked by his friends." Oscar Wilde

"He had delusions of adequacy." Walter Kerr

"Some cause happiness wherever they go; others, whenever they go." Oscar Wilde

Friday, August 03, 2007

We went through an Identity Theft slump for a while, but I had faith the Data Spills would return...

Personal information may be stolen at UT

Thursday, August 02 2007 @ 08:11 AM CDT Contributed by: PrivacyNews News Section: Breaches

Personal information of some students and staff at the University of Toledo might have been [No one knows what's going on... Bob] on two hard drives stolen from the Health and Human Services Building, the university announced yesterday.

The hard drives, which are believed to have contained some names, Social Security numbers, and grade changes, were taken from UT’s department of health and rehabilitative services.

Source - Toledo Blade

[From the Blade article:

Ms. Espinosa’s computer is believed to have been taken between June 15 and June 18. Memory cards for the computer also were taken.

Mr. Tatchell’s computer was stolen after May 2, which he told police was the last time he was on campus.

When he returned July 12, the computer was missing, as were his degree plaques from Central Michigan University and University of Utah, which hung on his office wall, according to a UT police report.

No problem, it's only our employees.

Laptop with E.On employee identity info stolen

Thursday, August 02 2007 @ 10:27 AM CDT Contributed by: PrivacyNews News Section: Breaches

A Louisville accounting firm’s laptop with names, Social Security numbers and birth dates of most E.On U.S. employees and some retirees was stolen last month in Chicago, according to letters to potential victims from E.On and the accounting firm.

Mountjoy & Bressler, the accounting firm, and E.On sent letters to potential identity theft victims about a week after the July 20 theft of the computer, which contained 2005 data. The data did not include addresses.

Source - Courier-Journal

It's not as easy to get data in Australia...

Visa confirms data tapes theft

Thursday, August 02 2007 @ 05:39 PM CDT Contributed by: PrivacyNews News Section: Breaches

Visa has confirmed that recent mass credit-card account cancellations at Westpac are related to a data tape theft in late May.

But just which payment gateway or third party vendor lost the tapes remains a mystery. So too does the extent of the security breach and how many card accounts have been affected.

Source - The Sheet

Neither of these article has much information. Perhaps it's hard to get data in Canada too...

Ca: Four laptops stolen from Capital Health

Thursday, August 02 2007 @ 08:41 PM CDT Contributed by: PrivacyNews News Section: Breaches

Four laptop computers, including one containing patient information, were stolen from a Capital Health office in downtown Edmonton, the health region said today.

Source - Edmonton Journal

Ca: Stolen health computer stored 20,000 names

Friday, August 03 2007 @ 06:22 AM CDT Contributed by: PrivacyNews News Section: Breaches

Police and the office of the information and privacy commissioner are investigating a theft of four Capital Health computers - one containing 20,000 patient names, health card numbers, addresses and reason for admittance to hospital.

Source - Edmonton Sun

[Here's the correct link:

... The computers were stolen from a secure desk with a cable lock in a secure downtown building on the evening of May 8.

... The laptops had two levels of password protection, so the risk of anyone accessing the patient data is virtually nil, [Nonsense Bob] Buick reiterated.

But Leroy Brower with the privacy commissioner's office said the data in the laptops was not encrypted, which simply means it wasn't passworded. [Someone should look up terms they don't understand... Bob] Encryption is a higher level of protection.

Sony rides again! Perhaps that plate was made by the Ginsu Knife Company?

Public Notice to Owners of Sony "Cyber-shot" DSC-T5 Digital Still Cameras

2 August, 2007 Sony Corporation Sony Marketing (Japan) Inc. Sony EMCS Corporation

Thank you for your continued interest in Sony Products.

Sony has recently discovered that, with certain units of its Digital Still Camera "Cyber-shot" DSC-T5 released on the market in September 2005, there is the possibility that metal plating on the bottom of the camera unit may warp, causing slight cut or scratch to the skin of the user when it is directly touched.

Tools & Techniques Facilitating CyberStalking?,8599,1649121,00.html

Online Snooping Gets Creepy

By Anita Hamilton Thursday, Aug. 02, 2007

When Nazira Sacasa sent me a press release for a new clothing boutique late last month, she didn't know that I would launch a full-scale web search to learn everything I could about her. But I needed a victim [I like the way this lady thinks! Bob] to test out the new breed of people-search services on the web, and a paid publicity seeker seemed like fair game. And so, after just a few minutes of clicking around, I had found Sacasa's MySpace page, her age, home address and what appears to be quite a lot of information about her family in Florida — all without using Google or any other popular search site.

As recently as six months ago, online snooping was mostly done surreptitiously or under the polite guise of "social networking." Now all subtlety has been cast aside. An estimated 30% of all Web searches are aimed at finding people, according to industry statistics, and upstarts like PeekYou, Pipl, Spock, and Wink are vying for a piece of this potentially huge market. These free sites work by scouring the Web for any virtual footprints you might have on MySpace, Facebook, Friendster, Yahoo!, Flickr and elsewhere, and then creating a fresh profile that organizes all that information on one page. Even recently expanded its phone listings to include business addresses and other contact information culled from all sorts of mail-order marketing lists and business directories.

What makes these sites controversial is that they gather all this information without your permission. The resulting profiles can be embarrassing or simply wrong. And getting those profiles removed or changed can be impossible. While some sites say they will honor your request to have your profile deleted, they steer you toward "claiming" your profile and making corrections to it instead. Even then, you have limited control over the content and the way it is presented. ( got Sacasa's permission to mention the results of our search on her before posting this story.)

One of the most popular people search sites today is ZoomInfo, which in June got 824,000 unique visitors in the U.S., according to comScore Media Metrix. Focused on business profiles, it currently has 37 million of them posted online, which it culls using its own natural language search technology. Inaccuracies abound, as I learned firsthand when I checked my own profile and saw that everything from my telephone number to my full name were flat out wrong. "We're the first to admit that they are not 100% accurate," says ZoomInfo COO Bryan Burdick, who estimates that only 500,0000 — just 1% — of the profiles have been verified by the person they claim to identify. (To remove your profile, email your request and a link to your profile to

The newest people search site to launch is Spock, which received $7 million in venture capital financing last December, and will come out of its invitation-only beta version on Aug. 8. Aside from trolling the big social networks to populate its database, it also searches blogs, Yahoo! profiles, Wikipedia, and company sites to identify both you and other "related" people. (It lists Al Pacino, for example, as being related to Matt Damon and George Clooney.) To improve accuracy, the site lets users vote on all the information it has teased out in tags, such as "male", "Italian-American", "actor" and so on. If it turns out that you are Irish-American, and not Italian-American, for example, your friends (and even strangers) can weigh in and have the offending tag removed. And while anyone can "claim" their existing profile and make corrections, the Spock community gets the final vote on whether the information and links you provide are accurate. [Identity by committee? Bob]

Want to opt out? If politely asking to have your listing removed doesn't work, don't expect a lawsuit to help much either. According to Daniel Solove, a George Washington University law professor and author of the forthcoming book, The Future of Reputation: Gossip, Rumor and Privacy On the Internet (coming out in October from Yale University Press), it's difficult to argue that these sites are either defamatory or a breach of privacy since the information is publicly available on the Internet. "It's very problematic, but it's also very difficult to solve," he says. "On the one hand you have freedom of speech, and on the other you have privacy. Both involve people's freedom."

Solove does question the sites' viability, however. "If these things are highly inaccurate, what's the business model?" [Same the the Tabloids? Bob] says Solove. While advertising revenue for online search as a whole reached $17 billion in 2006, almost none of it comes from searching for ordinary people. (When I type "Nazira Sacasa" or my own name in Google, for example, no ads pop up.) "It's challenging to construct a business model that does not generate revenue," [Not in my experience... Bob] notes Internet analyst David Card of Jupiter Research. Spock aims to get around this problem by offering broader people-search offerings on celebrities, people in the news and general categories like plumbers or singles. Meanwhile, ZoomInfo is selling a premium version of its service to recruiters and businesses. It might help if they got their facts straight first.

But will anything come of it?

Bad Week For E-Voting Machines; Florida Follows California In Issuing Report About Security Holes

from the anyone-else? dept

E-voting firms aren't having a particularly good week. Just days after research commissioned by the state of California showed vulnerabilities in many e-voting systems, a study commissioned by the state of Florida found serious security issues with Diebold's optical scan technology. While the article suggests that this is one of the first times the security has been questioned on optical scan machines (where there is still a paper trail, but these machines are used for counting the votes), there have actually been numerous studies pointing out the problems with Diebold's optical scanners, and how they can easily be hacked. Of course, what's amusing here is that some of the first tests that found the problems with Diebold's optical scanners were done two years ago by a "rogue" elections official in Florida. Of course, back then, the state of Florida didn't launch an immediate investigation. The state hung the elections official, Ion Sancho, out to dry, as the e-voting companies cracked jokes about the vulnerability and teamed up to conspire against him. So, now, years later, we find out that the security vulnerabilities he pointed out then are actually there is anyone apologizing? [Are you kidding? Bob] Doesn't sound like it. In fact, it sounds like Florida politicians are downplaying the security problems with these machines.

Oh joy...

RIAA's Newest Enemy: The Social Network

Submitted by Jason Lee Miller on Thu, 08/02/2007 - 14:40.

They've been railing against peer-to-peer for some time now, and more recently have put the squeeze on webcasters via royalty hikes, but it looks like the Recording Industry Association of America (RIAA) has added a new foe to its ever-expanding list: social networkers.

They must have read Entertainment Media Research's survey, which is limited to British respondents, which showed that 86 percent of (British) Internet users have used a social network, and that 43 percent of them were pirates. Of course, that survey was done in conjunction with a media law firm that represents the music industry.

So I'm sure the numbers aren't loaded at all.

Regardless, after receiving a Digital Millennium Copyright Act (DMCA) violation notice from the RIAA, Facebook promptly ejected Audio, an application developed for the social network that allows users to upload MP3s and share them within the site.

In just a week, the app was downloaded 750,000 times. And the RIAA didn't like that one bit. VentureBeat updates its original article to note that Audio plans to be back online soon, pending some sort of resolution.

Ganging up on the government?

Online map highlights possible changes to planning law

Graham Tibbetts Last Updated: 12:01am BST 03/08/2007

An online map highlighting the locations of more than 100 major new developments that could be forced through under changes to planning law has been launched.

Massive building projects ranging from nuclear power stations, wind farms and incinerators to airports, roads and reservoirs are all pinpointed on the software for the first time.

The map has been produced by the Planning Disaster Coalition, [ ] an umbrella organisation of environmental and conservation groups that represents 5 million people, which is leading the opposition to the Government's planning white paper.

Now who wants to start a blog?

Apparently Web Content Is Hot Again

from the content?--really? dept

Every few years, someone announces that "content is king" online and that the next big success stories are going to be all about the content. Of course, that never actually seems to happen -- perhaps because the content business is a tough one, prone to fads and mostly beholden to a cyclical advertising market. A few years back, some people expected a wave of "blog buyouts" after AOL paid $25 million for Engadget and a bunch of less popular Weblogs Inc. sites. However, not much came of it. Lately, however, Hollywood is turning its eye towards online content, and with it, we're seeing a small wave of online content buyouts. This week first had the announcement that yet another batch of Hollywood insiders were launching an online video property, following the lead of folks like Will Ferrell, who launched similar properties in the last few months. However, what may be more interesting are the content buyouts. First, Discovery Communications, parent of The Discovery Channel, bought the popular TreeHugger blog for $10 million and now HandHeld Entertainment picked up the well-known (and often infamous) eBaum's world for somewhere around $15 million (possibly more with earnouts). None of these deals are really that big, but it makes you wonder if there's going to be a run on various popular independent content sites, and whether or not content really will be king this time around.

Attention cell phone companies!

Google Shows Off Ad-Supported Cell Phone

Posted by Zonk on Thursday August 02, @05:52PM from the gotta-love-freebies dept. Google Communications Technology

taoman1 writes "Today Google showed off a ad-supported cellphone that the company plans to offer for free to interested parties. The product could reach the marketplace within a year, and will offer Google search, email, and a web browser. ' The move would echo another recent product launched by a phone industry outsider, Apple Inc.'s iPhone. But Google's product would draw its revenue from a sharply different source, relying on commercial advertising dollars instead of the sticker price of at least US$499 for an iPhone and $60 per month for the AT&T Inc. service plan. Negotiating the fairest way to split those advertising revenues with service providers could be a big hurdle for Google, one analyst said. Another problem is the potential that consumers could be scared off by the prospect of listening to advertisements before being able to make phone calls, said Jeff Kagan, a wireless and telecommunications industry analyst in Atlanta.'"

Educating the educators

Student disciplined for online postings sues Univ. of Del.

and By The Associated Press 08.02.07

A student suspended and banned from the University of Delaware over concerns about offensive material on his Web site filed a federal lawsuit yesterday claiming that the school had violated his constitutional rights to free speech and due process.

According to Maciej Murakowski, 19, the university makes its Internet server available for students to create their own Web sites, with no restrictions on content other than that it not violate state or federal law, and that it not be used for commercial purposes.

As such, [the school] may not, consistent with the First Amendment, punish any student based on the content of his or her Web site, even though the content may have an adverse emotional impact on some readers,” the lawsuit states.


'Child Safe Viewing Act' Raises Serious Questions

- The Senate Commerce Committee today passed the Child Safe Viewing Act of 2007 (S. 602), which requires the Federal Communications Commission (FCC) to study the "existence and availability" of filtering technologies for audio and video content transmitted over "wired, wireless, and Internet" platforms, as well as other devices. CDT does not oppose a purely fact-finding study, but maintains that a neutral, non-regulatory body such as the National Academy of Sciences would be better suited to such a project. More importantly, CDT is concerned that this legislation may represent a step toward expanding the FCC's censorship authority to include Internet content. August 02, 2007

Research. Good point!

What Keywords Are Being Used On Social Sites?

Filed under: Net-Tech-Tools, Net-Web

Let me risk beating a point into the ground: in order to find things when you search you have to use the proper vocabulary. And on the Internet, the proper vocabulary is changing constantly, especially in the arenas of tech and popular culture. SiteVolume, at, is a nifty little tool letting you know how much vocabulary words are being used across certain social sites like MySpace, Digg, and Flickr.

You can enter up to five words and get a bar graph of how often the words appear on each site. It was interesting comparing the name of Web tools, search engines, and technologies. Especially the word Twitter, which was almost nonexistent some places but which showed up fairly frequently other places (besides Twitter itself, of course.)

How to suck money from cat lovers (Is there one for dogs, birds,goldfish, horses, etc?) - MySpace for Felines

posted 5 Hours 25 Minutes ago by Siri | Visit

I've suggested a business model like this for several years now. I imagined videos that address simple topics (How to calculate Standard Deviation, How to balance you checkbook) on an ad sponsored site. Is this one too expensive? - Online Video Training

posted 7 Hours ago by bigtoga | Visit

... allows the users to learn how to use many programs by a fee of less than $50 dollars!

[They do offer some free:

Another one of those lists I like so much...

Best Freeware Design Software

Image editing, Ilustration, Authoring Tools, Animation, 3D Modeling & CAD.....

Thursday, August 02, 2007

Streisand Effect? Perhaps we need Guidelines?

Security breach leads to Web fight (updated)

Wednesday, August 01 2007 @ 09:50 AM CDT Contributed by: PrivacyNews News Section: Breaches

A privacy advocate and Washington, D.C.-area law student, Aaron Titus spends part of his spare time looking for online leaks and personal information that could be used for identity theft.

The biggest security breach Titus said he ever came across was a Google search in June that led him to up to about 150,000 names and Social Security numbers through the Louisiana Board of Regents.

... But Titus decided to set up his own Web site — — in cooperation with the nonprofit, privacy advocate Liberty Coalition to further assist.

Savoie is seeking to have Titus’ new Web site taken down out of concern that additional risk could be created by publicizing all those whose information was available.

Source -

Related - Chronicles of Dissent: What should a “privacy advocate” do? (Commentary)

Tools & Techniques. There are several civilian versions of this software.

What We Know About the FBI's CIPAV Spyware

Posted by Zonk on Wednesday August 01, @01:42PM from the i-always-feel-like-somebody's-watching-me dept. Security Communications Privacy The Internet

StonyandCher writes "What is CIPAV? CIPAV stands for 'Computer and Internet Protocol Address Verifier'; a lengthy term for powerful spyware the Federal Bureau of Investigation can bring to bear on web-based crime. It was used last month in a case where someone was emailing bomb threats regularly to a Washington high school. An affidavit by an FBI agent revealed some of the workings of CIPAV. 'According to the court filing, this is [some of] what the CIPAV collects from the infected computer: IP address, Media Access Control address for the network card, List of open TCP and UDP ports, List of running programs ... Last visited URL. Once that initial inventory is conducted, the CIPAV slips into the background and silently monitors all outbound communication, logging every IP address to which the computer connects, and time and date stamping each.' In a Computerworld article, the author attempts to dissect CIPAV's purpose and raises a number of questions such as: What happens to the data the CIPAV collects? Does the CIPAV capture keystrokes? Can the CIPAV spread on its own to other computers, either purposefully or by accident? [Interesting question! Bob] Does it erase itself after its job is done?"

Tools & Techniques. “We don't use DRM to stop copying. We use DRM to extort money from non-technical customer (the majority) who must purchase multiple copies of songs or movies if they want to use them on more than one device.”

The DRM Scorecard

Posted by samzenpus on Wednesday August 01, @08:26PM from the guess-who's-ahead dept. Security Media

An anonymous reader writes "InfoWeek blogger Alex Wolfe put together a scorecard which makes the obvious but interesting point that, when you list every major DRM technology implemented to "protect" music and video, they've all been cracked. This includes Apple's FairPlay, Microsoft's Windows Media DRM, the old-style Content Scrambling System (CSS) used on early DVDs and the new AACS for high-definition DVDs. And of course there was the Sony Rootkit disaster of 2005. Can anyone think of a DRM technology which hasn't been cracked, and of course this begs the obvious question: Why doesn't the industry just give up and go DRM-free?"

Maybe Arnold lost?

Where are the California E-Voting Reports?

I wrote Monday about the California Secretary of State’s partial release of report from the state’s e-voting study. Four subteams submitted reports to the Secretary, but as yet only the “red team” and accessibility teams’ reports have been released. The other two sets of reports, from the source code review and documentation review teams, are still being withheld.

The Secretary even held a public hearing on Monday about the study, without having released all of the reports. This has led to a certain amount of confusion, as many press reports and editorials (e.g. the Mercury News editorial) about the study seem to assume that the full evaluation results have been reported. The vendors and some county election officials have encouraged this misimpression — some have even criticized the study for failing to consider issues that are almost certainly addressed in the missing reports.

With the Secretary having until Friday to decide whether to decertify any e-voting systems for the February 2008 primary election, the obvious question arises: Why is the Secretary withholding the other reports?

Here’s the official explanation, from the Secretary’s site:

The document review teams and source code review teams submitted their reports on schedule. Their reports will be posted as soon as the Secretary of State ensures the reports do not inadvertently disclose security-sensitive information.

This explanation is hard to credit. The study teams were already tasked to separate their reports into a public body and a private appendix, with sensitive exploit-oriented details put in the private appendix that would go only to the Secretary and the affected vendor. Surely the study teams are much better qualified to determine the security implications of releasing a particular detail than the lawyers in the Secretary’s office are.

More likely, the Secretary is worried about the political implications of releasing the reports. Given this, it seems likely that the withheld reports are even more damning than the ones released so far.

If the red team reports, which reported multiple vulnerabilities of the most serious kind, are the good news, how bad must the bad news be?

Little know tax break (I wonder if the stores still collect the tax?)

August 01, 2007

2007 State Sales Tax Holidays

"In 21 States, you get periodic "holidays" from paying State sales tax on certain purchases. Thirteen States offer these tax free shopping this coming weekend (August 3-5) on items needed for Back to School. This means no sales tax on clothes, computers, and school supplies. Other States offer State tax free days other times of year for energy efficient products, hurricane supplies, or all products."

I suspect this will go forward... but what do I know?

Apple's Battery Replacement Tap Dance Provokes Lawsuit

By Erika Morphy MacNewsWorld Part of the ECT News Network 08/01/07 9:29 AM PT

Should iPhone buyers have expected the device to act like an iPod or a cell phone at battery replacement time? That may be a key question if a lawsuit against Apple proceeds to trial. The plaintiff is seeking class action status in his action against the company, charging that it didn't inform consumers they would have to send their iPhones away for professional installation of new batteries.

An Illinois resident has filed a lawsuit against Apple and AT&T alleging the companies were deceptive about the iPhone's battery replacement process. The suit, brought by Jose Trujillo, claims customers were not clearly informed that the iPhone was sealed, and that the device would have to be sent away for battery replacement at an additional cost.

"Unknown to the plaintiff and undisclosed to the public prior to purchase, the iPhone is a sealed unit with its battery soldered on the inside of the device so that it cannot be changed by the owner," reads the complaint. "The battery enclosed in the iPhone can only be charged approximately 300 times before it will be in need of replacement, necessitating a new battery annually for owners of the iPhone."

Streisand Effect: “Look everybody! They rate me a Bad Teacher! I'm not a bad teacher just because all my students say I am – I'm just stupid!”

UK Teachers Union Demands YouTube And RateMyTeacher Be Shut Down

from the censorship-to-beat-cyberbullying? dept

Back in May, we wrote about teachers in the UK demanding that "something must be done" about cyberbullying of teachers. It appears that teachers have had enough of the various online pranks and tricks that kids pull on teachers. However, as we pointed out at the time, the "something must be done" cry seems pretty pointless. Kids are always going to find ways to bully each other and teachers, and there's no magic bullet solution. Apparently, the teachers missed that lesson, because they're back with actual suggestions on what can be done. Dave writes in to let us know that a teacher's union in the UK (apparently one of many) has adopted a resolution asking for a ban on sites used for cyberbullying. Reading the details of the resolution shows the only two sites they name are YouTube and -- both of which have many perfectly legitimate uses and where cyberbullying takes up a tiny fraction of their usage. More importantly, however, shutting down these sites will have absolutely no impact on bullying -- except perhaps encouraging the kids to turn it up a notch, knowing that their tactics have had the desired impact. There are nearly infinite outlets for the cyberbullying to take place, and shutting down one will simply encourage kids to use a different method of cyberbullying. It seems highly unlikely that the teachers will get their way, but it's nice (ok, more like troublesome) to know that a bunch of teachers seem to think that the best way to deal with problems between people is censorship and blaming the tool involved.

Increasing security the government way:

Scan This Guy's E-Passport and Watch Your System Crash

By Kim Zetter Email 08.01.07 | 2:00 AM

A German security researcher who demonstrated last year that he could clone the computer chip in an electronic passport has revealed additional vulnerabilities in the design of the new documents and the inspection systems used to read them.

Lab rats cause cancer!

Laser Printers Linked To Health Risk

A study classified 17 out of 62 printers as "high particle emitters" because they released so much toner powder into the air.

By Thomas Claburn InformationWeek August 1, 2007 09:10 AM

Laser printers may be hazardous to your health. According to a study released Wednesday, some laser printers used in home and office environments pollute the air with potentially hazardous toner particles.

The study, scheduled to appear online in the American Chemical Society's Environmental Science & Technology (ES&T) journal, classified 17 out of 62 printers as "high particle emitters" because they released so much toner powder into the air. One of the printers released ultra-fine toner particles at a rate comparable with cigarette smoking, according to the American Chemical Society.

Outline for a student paper?

Legal issues on the internet

The law governs what you can and can’t do on the internet. But how do you know what is and isn’t legal online?

Iain Thomson, Computeract!ve 01 Aug 2007

While using the internet may make people feel anonymous, in actual fact the reverse is true.

Every email, forum posting, website visit and download can be logged, stored and brought up again at a later date.

To add complexity to the problem the international nature of internet traffic means that other countries’ legal systems may be just as important as UK law if a case is brought.

In this feature we’ll explain how to stay on the right side of the law and avoid many of the common pitfalls people fall into to. Safe surfing is perfectly possible if a few simple guidelines are followed.

[Topics addressed in this article:

Speak no evil Hold your tongue Biting the hand that feeds Downloaders going down

Pornography Remote control crime Be aware, not scared Privacy is dead

Dealing with offensive emails

Get your kids blogging, so they can support you in your old age!

Forget Babysitting and Paper Routes, Teen Turns to SEO

Posted by Stephan Spencer August 1, 2007 6:43 PM PDT

At the BlogHer 2007 Conference in Chicago last weekend, I was a proud dad, on-hand to support my daughter, Chloe, who presented her "Ultimate Neopets Cheats Blog" success story to a packed audience of bloggers, online marketers, and SEO enthusiasts attending the Professional Blogging: Ways and Means session.

In early 2006, when Chloe was 15, she decided to devote a blog to Neopets, a virtual pets site popular with kids the world over.

... By spending just a few hours per month, Chloe earns through Google AdSense between $20 and $30 per day -- and it's sometimes even as much $40. If you do the math, that's somewhere around $700 to $900 a month for very little work.

This has potential but needs more work. Think of Elvis sing the Constitution.

Let them sing it for you - your text sung by rock stars!

A neat little text-to-speech applet that converts any text into a sound file pieced together using clips from pop and rock songs. There's a pretty eclectic mix of source material in there, try to work out what song each word comes from...

Wednesday, August 01, 2007

Everything you ever wanted to know?

July 31, 2007

Oversight Hearing on Privacy in the Hands of the Government

House Judiciary Committee, Subcommittee on Commercial and Administrative Law - Oversight Hearing on Privacy in the Hands of the Government: The Privacy and Civil Liberties Oversight Board and the Privacy Officer for the U.S. Department of Homeland Security, July 27, 2007. [links to witness statements]

1984! 1984! (Is that Prior Art?)

In Microsoft Patent App, TV Watches You

from the we're-watching-you... dept

theodp writes "In a just-published patent application for delivering Advertising that is relevant to a person, nine Microsoft inventors spell out plans for using cameras, remote controls and biometric sensors to detect the identity of the person viewing a TV, cellphone, or computer monitor display. This knowledge, coupled with previously collected info about the person's interests and hobbies, sex, age, locale, profession, subscriptions and memberships, ethnicity, marital status, parental status, pet ownership, and height as well as additional info gleaned from his or her address book, calendar, mail, IMs, to-do lists, notes, purchasing history, historical record of reactions to ads, search history, and media consumption history will then be used to allow advertisers to deliver highly-targeted ads." Of course, this is just an application, rather than a granted patent, but it's hardly a unique idea. People have been discussing such things for years -- it's just that most people recognize it would seriously creep people out if it were ever put in place. Unless, of course, the company gives you $5/month and suddenly the creepy factor subsides.

You think they would try to understand the process before they made law...

German Court Says eBay Should Be Able To Tell A Fake Rolex From A Real One

from the got-any-watch-specialists-on-hand? dept

For many years, various luxury brands have had problems with people selling counterfeit goods on eBay -- leading to a variety of lawsuits. Of course, most of these lawsuits are incorrectly targeted. They're usually filed against eBay, rather than the seller of the goods. eBay doesn't inspect the goods or make any claim to the authenticity of them. That should be up to the buyer and seller to work out. However, a few months ago, it appears that a German court felt differently, and told eBay that it may be liable for fake Rolexes being sold on the site, even if eBay has no real way of knowing what's real and what's fake. The court seemed to indicate that eBay should be able to tell from the price, but that's not necessarily true. In the meantime, it's not clear why this isn't a problem that the market will start to work out by itself. For many, many years you've been able to buy fake Rolexes on the streets of New York City, but Rolex doesn't sue the New York City government for letting this happen. It recognizes that most people know that the Rolex you buy from a street vendor probably isn't real. Along those very lines, Rolex has introduced programs to designate legitimate Rolexes on eBay already -- so this seems like the type of "problem" that could work itself out without making eBay liable, but apparently it's too late for that.

Yeah, we knew that...

Administration Concedes Open Secret: NSA Spying Broader Than Previously Admitted

July 31, 2007

In a letter [PDF] released today, the Director of National Intelligence Mike McConnell admits that the so-called "Terrorist Surveillance Program" (TSP) is only the tip of the iceberg when it comes to the NSA's spying on the American public.

Think of this technology as a way to automate the problems (fraud?) we already have.

July 31, 2007

Florida State Univ. Security Lab Report on Diebold Voting Machine Software

  • "Florida's optical scan voting machines are still flawed, despite efforts to fix them, and they could allow poll workers to tamper with the election results, according to a government-ordered study obtained Tuesday by The Associated Press." [Link]

Not even my introductory Statistics students would believe 56 of 88 was an accident.

In Violation of Federal Law, Ohio's 2004 Presidential Election Records Are Destroyed or Missing

By Steven Rosenfeld, AlterNet. Posted July 30, 2007.

In 56 of Ohio's 88 counties, ballots and election records from 2004 have been "accidentally" destroyed, despite a federal order to preserve them -- it was crucial evidence which would have revealed whether the election was stolen.

[Details of suspicious voting omitted. (Reads like a “how to” manual) Bob]

What's the next Big Thing

July 31, 2007

Highlights Available From 2007 Digital Future Project

Press release: "The role of the Internet in politics has grown with such speed and scope that it is well on its way to becoming the dominant media force in political campaigning, according to the director of the most comprehensive study of the impact of the online technology on America...The Center for the Digital Future will share a highlight of the Digital Future Report on every other Monday of each month."

  • Related news > 50 million - Clicking the News: The daily audience online for news has grown dramatically since 2002 -- a surge fueled by the rise in home broadband connections. Some 50 million Americans now seek out news on the internet on a typical day. In a December 2005 survey, the Pew Internet & American Life Project found that a major segment of broadband users now say the internet is their primary news source, surpassing even television and newspapers as their source of choice. Some 71% of these high-powered news consumers go online for news on the average day, while 59% get news from local TV. Just more than half get news from national TV and radio on the typical day and about 40% turn to local papers."

This has got to be Hollywood's greatest fear – someone changing the rules,,,

Hollywood Pros Get Their Own Damn Channel

By Gary Gentile AP 07/31/07 9:29 AM PT

Looking to escape the tug-of-war power games common to traditional media distribution models, a group of Hollywood creatives have launched My Damn Channel, an ad-supported site for the production and syndication of professionally produced online comedy videos. Main players include "The Simpsons" Harry Shearer and filmmaker David Wain.

You know I like lists.

Make Money Online: 100+ Tools and Resources

July 30, 2007 — 06:39 AM PDT — by Patric Herber

Making money online is a dream for many, but the simple fact is that it’s often just as tough as making money offline. Due to requests, we’ve put together a list of the most popular money making methods today, many of them focused on blogging and peer production.

A word of caution: for the sake of completeness, we’ve included a small number of sites that have been criticized for their ethics. If it sounds too good to be true, it generally is. Commenters are welcome to share their experiences of the various sites.


eJury - Earn $5 to $10 dollars per verdict rendered as a mock juror for practice trials. - Get paid to tutor people online.