Saturday, September 15, 2007

Perhaps a short course in security would help?

Foothill-De Anza College district looks at sensitive data security

Review follows theft of laptop containing Social Security numbers

By Sharon Noguchi, MEDIANEWS STAFF Inside Bay Area Article Last Updated:09/10/2007 02:35:27 AM PDT

Following the theft of a laptop containing 4,725 student names and Social Security numbers, Foothill-De Anza College District is reviewing policies on how staff handles personal and sensitive data.

... Chancellor Martha Kanter added, "We are trying to see if we can provide a secure server for this type of information." [Yes, but will that solve your problem? Bob]

The names, along with grades, Social Security numbers and student identification numbers, were on a laptop stolen from the home of a math professor on Aug. 24.

... Until November 2005, the district used Social Security numbers to identify students. After that, state law required schools and businesses to use other form of identification.

But the law, authored by then-Sen. Debra Bowen, now secretary of state, didn't require institutions to erase the old numbers. According to Linda Foley, founder of the San Diego-based Identity Theft Resource Center, most schools did not because of the difficulty.

Schools would have to notify each student of the change. [or make a list showing the SSAN and the new number... Duh! Bob] Locating all the students, who likely would have changed addresses several times, would be a daunting task, Foley said.

To safeguard information, institutions should keep sensitive data in password-protected files and require passwords for logging on to laptops, [and you should ask the tooth fairy for help! Bob] Foley said. In addition, personal information should be encrypted.

Businesses are more vigilant about encrypting data, she said, because they tend to be concerned about protecting proprietary information.

If TJX, why not you?

Security Bites Podcast: What's behind retail store data breaches

By CNET Staff Published: September 14, 2007 3:24 PM PDT

When you make a purchase at most any retail store, chances are you swipe your credit card through a device that hasn't been updated in 15 years. But that isn't the problem. The card you swipe, and the authentication from Visa, MasterCard and Discover--that's all good and secure. A criminal can break into a store and steal the credit card swipers and maybe get 100 to 200 active credit card accounts. But the serious criminals know to look upstream.

The larger problem involves large retail stores with thousands of chain stores around the country. They pool their credit card data into what are called branch servers, and thieves, gaining access to the corporate network, know to look for these branch servers. That's what happened at TJX and OfficeMax. They lost up to 45 million credit card numbers.

This week,'s Robert Vamosi interviews Neal Krawetz of Hacker Factor, better known for his digital forensics work. Krawetz has looked at the vulnerabilities inherent in large retail store point-of-sale systems. He first noticed the problems back in 1992, and over the years, after contacting Verifone, Visa and Fujitsu Transaction Solutions, and receiving no response, he reluctantly made public his findings in a public report (click for PDF).

If Ameritrade, why not you?

Ameritrade Security Audit Finds Privacy-Busting Back Door

Posted by Zonk on Friday September 14, @05:01PM from the dang-canned-pork dept. Spam Security The Internet Privacy

RalphTheWonderLlama writes "In recent months, online stock brokers have apparently been upset by the sale of their email addresses to spammers. Today TD Ameritrade released details of their investigation into the matter (along with a video message from the CEO and special FAQ). It seems some 'unauthorized code' had exposed client email addresses and possibly other sensitive information from an internal database. 'TD Ameritrade tracked down the break-in while doing an internal investigation into stock-related spam. The company called in forensic investigators and they discovered "unauthorized code" in their system that provided access for the hacker or hackers. According to the advisory, the code has been eliminated from the system. Moglia, speaking in an online video-taped message to customers, said he is "confidant" that they have figured out how the information was taken.'" [Might be better to say, “We've figured out how to stop future data spills...” Bob]

Dang Demi-crats!

Hacked GOP site infects visitors with malware

For the first time, the infamous Storm Trojan horse has moved from e-mail to the Web as a hacked Republican Party site has been spreading the worm

By Gregg Keizer, Computerworld September 14, 2007

A Republican Party Web site has been hacked, and for some time it has been spreading a variation of the long-running Storm Trojan horse to vulnerable visitors, a security researcher said Friday.

First thing, let's kill all the employees!”

Insiders overtake viruses as biggest security worry

CSI reports other incidents, such as laptop and mobile device theft, could soon overtake viruses as the second most reported security hassle

By John E. Dunn, September 14, 2007

Company insiders have overtaken viruses as the most reported security incident, according to the annual report from the respected U.S. Computer Security Institute (CSI).

See, they haven't been here forever...

Google, at age 10, is the official heart of the Internet

by Laurence Benhamou Fri Sep 14, 3:57 AM ET

NEW YORK (AFP) - Born 10 years ago, the Google Internet search engine has grown into the electronic center of human knowledge by indexing billions of web pages as well as images, books and videos.

On September 15, 1997 Larry Page and Sergey Brin, two 24 year-old Stanford University students, registered the domain name of "" The word is a variation of 'googol,' which refers to the number 10 to the power of 100, a term popularized by US mathematician Edward Kasner.

Page and Brin incorporated Google one year later, on September 7, 1998, in a household garage in northern California.

...When Google went public in August 2004 its shared initially sold at 85 dollars. Today its shares are valued at 525 dollars, and Google has a stock market value worth some 164 billion dollars.

In 2006 Google reached 13.4 billion dollars in revenue -- the third part based on Internet ads -- and profits of 3.7 billion dollars.

Everyone said, from the beginning, that this was a stupid strategy. Expect stockholders to go after the entire BoD

SCO Group, noted for Linux litigation, files for bankruptcy

By John Letzing Last Update: 3:44 PM ET Sep 14, 2007

SAN FRANCISCO (MarketWatch) -- SCO Group Inc., the embattled software company best known for litigation targeting distributors of open-source, Linux software, said Friday it has filed for bankruptcy. SCO, which provides Unix-based software to run server computers, said in a prepared release that its board of directors has "unanimously determined that Chapter 11 reorganization is in the best long-term interest of SCO and its subsidiaries, as well as its customers, shareholders, and employees." SCO recently suffered a major setback in its litigation with Novell Inc., when a judge determined in August that SCO does not own rights to Unix software. SCO in 2003 had filed another, high-profile lawsuit against IBM for allegedly distributing parts of what it had thought to be its Unix property in freely-available Linux software code, creating concern among other Linux distributors that they, too, may be sued.

Google won't actually launch this from its server farm, but they are big enough to have their own fleet of satellites... Remember to look up & smile!

New satellite to sharpen Google Earth

Fri Sep 14, 2007 2:58pm EDT By Andrea Shalal-Esa

WASHINGTON (Reuters) - DigitalGlobe, provider of imagery for Google Inc's interactive mapping program Google Earth, said a new high-resolution satellite will boost the accuracy of its satellite images and flesh out its archive.

The new spacecraft, dubbed WorldView I, is to be launched on Tuesday.

Together with the company's existing Quickbird satellite, it will offer half-meter resolution and will be able to collect over 600,000 square kilometers of imagery each day, up from the current collection of that amount each week, Chief Executive Jill Smith told Reuters in a telephone interview.

She said Tuesday's launch -- to be broadcast live on the Internet at -- and the planned launch of a second Worldview II satellite in late 2008, were critical milestones for the company.

Related? Perhaps we'll see a mashup that allows us to highlight maps to show how to get to from A to B

Yahoo Allows You to Mix Maps

14th September 2007

Wow, this is nice. The Yahoo blog has announced MapMixer, a way to overlay your own maps on to Yahoo Maps, and give your overlays Yahoo-Map-Like functionality. You can try it at (you’ll need a Yahoo account.)

You can jump right in by uploading a map but I recommend browsing the existing maps to get an idea of how people are using the feature. Take a look at the Cerritos College map for an example of an overlay that crams a huge amount of information into what was a couple of blank blocks.

Note there’s a “layer opacity” slide bar in the upper right corner of the map that allows you to choose which layer of data is more prevalent. Sometimes the opacity tool is itself hard to find depending on how complicate the overlay is.

There are some limits to what you can do with the overlay. You can switch to satellite zoom without a problem, but I found that for some of the locations, switching to satellite was meaningless as pictures were not available for as close a zoom as the overlay. When the pictures WERE available, the overlay over a satellite image became very interesting (see this Los Angeles Convention Center map to do some zoom experimenting) Of course if you zoomed out too far you’d lose the overlay.

Uploading a map requires logging in to your Yahoo account, specifying an address, and then uploading an image. You can “point match” — specify two matching points on your and Yahoo’s map to allow Yahoo to align them. You can adjust the alignment as well if Yahoo doesn’t get it quite the way you want it. Note that all maps are searchable and public.

This is going to be a great tool for sites that have large areas that aren’t detailed in a mapping program, or businesses who want to create direction/map services with lots of landmarks. From here I’d love to see customized inlay maps — create an overlay, then an persistent inlay (maybe just an uploaded image?) That would provide a building layout, specific parking map, etc.

US tries not to lose ground in the satellite spying bid'ness

September 14, 2007

Documents Describe Use of Satellites in Support of Civil Agencies

Press release: "Today the National Security Archive publishes a collection of documents concerning the use of U.S. reconnaissance satellites to collect data on targets within the United States over the last four decades. This new publication follows the August 15, 2007, revelation in the Wall Street Journal that the United States is planning to expand the use of reconnaissance satellites over the United States in support of civil agencies (those outside of the Defense Department and Intelligence Community) in response to recommendations by an independent study group. Obtained primarily through the Freedom of Information Act and archival research, the declassified documents published today describe a number of uses for which U.S. reconnaissance satellites have been employed, including evaluation of satellite performance, mapping, disaster relief, and assistance to Environmental Protection Agency investigations."

Eventually we will be able to understand Gov. Schwarzenegger - Language Pronunciation Community

When learning a language, one of the most difficult obstacles to overcome is pronunciation. Sure you can say the words, but can you do it without having all of backwater Tennessee gushing out of your vowels and diphthongs? All isn’t lost though. New comer Chuala has dev eloped a user-generated pronunciation dictionary to help you tackle such difficulties as the umlaut and rolled R’s. The site, whose name incidentally stems from the Gaelic meaning ‘I heard a noise,’ requires the Flash media player plug-in. Users can craft their own study guides enlisting exercises and comparison tools on site. Alternatively, if you’d like to express your language abilities, you can record and create exercises and lessons to help others. Sign up now and you’ll have access to more than 7,000 languages, a social network, and advance Chuala player tools. It’s completely free.


September 13, 2007

Constitution of the United States, Pocket Edition

Constitution of the United States, Pocket Edition - "The Constitution of the United States comprises the primary law of the U.S. Federal Government. It also describes the three chief branches of the Federal Government and their jurisdictions. In addition, it lays out the basic rights of citizens of the United States. The Constitution of the United States is the oldest Federal constitution in existence and was framed by a convention of delegates from twelve of the thirteen original states in Philadelphia in May 1787. The Constitution is the landmark legal document of the United States."

  • Constitution of the United States and the Declaration of Independence, Pocket Edition - 23rd Edition, 2007. (S. Doc. 110-51): Text | PDF

For my Marketing class

The eight secrets that make Apple No. 1

A call to PC makers and consumer electronics companies to steal Apple's secrets and start making better products

By Mike Elgan, Computerworld September 14, 2007


Secret 1: Engineering supports design -- no exceptions

Secret 2: Fewer is better

Secret 3: The experience is the product

Secret 4: The product is the product

Secret 5: You can't please everyone, so please people with good taste

Secret 6: Leave the past behind

Secret 7: Product names are important. Really important.

Secret 8: Group affiliation is the driver

Friday, September 14, 2007

Simple CyberWar?

St. Petersburg consulate Web site hacked

According to Sophos and McAfee, two U.S. Department of State Web sites based in Russia could contain malware and should be avoided

By Robert McMillan, IDG News Service September 13, 2007

Security vendors are warning that two U.S. Department of State Web sites based in Russia could contain malware and should be avoided.

The most serious compromise was on the Web site for the U.S. Consulate General for St. Petersburg.

... A State Department spokeswoman said she was unaware of any breach.

... The St. Petersburg consulate site was probably not deliberately targeted [If true, the site is as well protected as the average 12-year-old's Bob] because it was one of about 400 sites infected by the criminals behind the hack, said Ron O'Brien, a senior security analyst with Sophos." The malware writer was looking for vulnerable sites and happened upon that site," he said.

... Separately, McAfee's SiteAdvisor software is now warning Web surfers not to visit the State Department's Moscow embassy Web site. According to a SiteAdvisor alert, this site has been associated with e-mail messages that contained computer viruses.

Y2K! Y2K!,1759,2182767,00.asp

Microsoft Preps for Daylight-Saving Time Headaches

By Peter Galli September 13, 2007

Microsoft is taking steps to ease the transition back from daylight-saving time.

Microsoft is trying to ensure that when daylight-saving time ends and Americans turn the clock back in the first week of November, the experience is seamless.

... For those companies that do business in other parts of the world, the pain is not yet over. As much of the United States and Canada "fall back" in November, there are going to be changes happening in Jordan, Egypt and New Zealand that were not planned in the spring.

I've been suggesting guidelines for years – you don't suppose they'll say “Do no evil?”

Google proposes global privacy standard

By Elinor Mills Story last modified Thu Sep 13 18:46:41 PDT 2007

While Google is leading a charge to create a global privacy standard for how companies protect consumer data, the search giant is recommending that remedies focus on whether a person was actually harmed by having the information exposed.

Google's proposal is scheduled to be presented by Peter Fleischer, Google's global privacy counsel in a speech Friday in Strasbourg, France, at UNESCO's meeting on ethics and human rights. He briefed reporters on Thursday.

The proposal follows the Asia-Pacific Economic Cooperation (APEC) Privacy Framework, which has been endorsed by many of the APEC nations, including Australia and Hong Kong, but not all. China, for instance, does not endorse it, Fleischer said.

... The nine principles of the framework are: preventing harm; integrity of personal information; notice; security safeguards; collection limitations; access and correction; uses of personal information; accountability; and choice.

... However, a privacy advocate dismissed the move as a desperate attempt by Google to appear to be sensitive to privacy issues in the midst of government scrutiny of its proposed $3.1 billion acquisition of online ad firm DoubleClick.

... Google will take its message to the public through a virtual debate it plans to open on YouTube soon, and it will participate in meetings in Montreal on Sept. 24 with global privacy commissioners and in Washington, D.C. in October, Fleischer said.

Related? Good article anyway...

Web ad blocking may not be (entirely) legal

As Web browser add-ons that let people erase ads proliferate, legal experts to wonder when the first lawsuit will be filed.

By Anne Broache and Declan McCullagh Staff Writer, CNET Published: September 14, 2007, 4:00 AM PDT

Advertising-supported companies have long turned to the courts to squelch products that let consumers block or skip ads: it happened in the famous lawsuit against the VCR in 1979 and again with ReplayTV in 2001.

... If ad-blockers become so common that they slice away at publishers' revenues, "I absolutely would expect to see litigation in this area," said John Palfrey, executive director of Harvard Law School's Berkman Center for Internet and Society.

Have they got a deal for you!,0,5087648.column?track=rss

Your loss of privacy is a package deal

David Lazarus Consumer Confidential September 12, 2007

The all-you-can-eat packages of voice, video and Internet services offered by phone and cable companies may be convenient, but they represent a potentially significant threat to people's privacy.

Take, for example, Time Warner Cable, which has about 2 million customers in Southern California. The company offers a voice-video-Net package called "All the Best" for $89.85 for the first 12 months.

But for anyone who has the wherewithal to read Time Warner's 3,000-word California privacy policy, you discover that not only does the company have the ability to know what you watch on TV and whom you call, but also that it can track your online activities, including sites you visit and stuff you buy.

... "All your eggs are in one communications basket," said Beth Givens, director of the Privacy Rights Clearinghouse in San Diego. "If a company wants to, it can learn a great deal about you -- and it probably wants to."

More often than not, it'll also want to turn a fast buck by selling at least a portion of that info to marketers.

... There are red flags to be found in each telecom provider's privacy policy. A close reading of Time Warner's policy reveals:

* Along with knowing juicy details of your calling and viewing habits -- those 900 numbers, say, or that subscription to the Playboy Channel -- the company keeps track of "Internet addresses you contact and the duration of your visits to such addresses."

* Time Warner not only compiles "information about how often and how long" you're online, but also "purchases that you have made" via the company's Road Runner portal, which provides access to thousands of goods.

* On top of that, the company may monitor "information you publish" via the Road Runner portal, which should send a chill through anyone who accesses his or her e-mail through Time Warner's servers.

That's not to say Time Warner or any other service provider is reading people's e-mail or invading users' privacy in any other way. The point is, they're explicitly saying they could.

... No less troubling, you have to wade more than halfway into Time Warner's privacy policy before you're finally informed that the company also reserves the right "to disclose personally identifiable information to others, such as advertisers and direct mail or telemarketers, for non-cable purposes."

... Near the very bottom of Time Warner's privacy policy, the company discloses that it maintains personally identifiable info about people "as long as you are a subscriber and up to 15 additional years." This, it says, is for tax and accounting purposes. [Huh? Bob]

This should be as obvious as the sun rising in the west...

Paper Trails Don't Ensure Accurate E-Voting Totals

Posted by CowboyNeal on Friday September 14, @05:25AM from the keeping-them-honest dept. Security Politics IT

An anonymous reader writes "In an new report from the Information Technology and Innovation Foundation they say that paper trails increase costs and can actually reduce the chances a voters' choices are accurately counted. Congress is considering a 'Voter Confidence and Increased Accountability Act of 2007,' which would mandate 'voter-verified' paper audit trails."

Attention SEC!

Watchdog Seeks Right to Wiretap

By Tai Adelaja Staff Writer Friday, September 14, 2007. Issue 3743. Page 5.

A senior official in the government's financial markets watchdog has called for investigators to be allowed to wiretap phones in an effort to crack down on illegal insider trading, but analysts said the measure would lack teeth due to weak legislation.

Bembya Khulkhachiyev, deputy head of the Federal Service for Financial Markets, said Wednesday that the service was planning to legalize wiretapping but was "not seeking [to take on] criminal investigative functions," Nezavisimaya Gazeta reported.

Khulkhachiyev said that even though the service reported about 800 cases of illegal insider trading to the Interior Ministry per year, they never led to criminal charges being filed.

... Under Russian law, insider trading is illegal if information is passed to a third party who then profits from it. But a loophole in the legislation means that someone who personally profits from privileged information from his own organization may not be acting illegally if that organization does not expressly forbid the practice.

... Alfa Bank strategist Erik DePoy said cases of illegal insider trading were not frequent enough to scare away investors.

Is this surprising?

Online Video Popularity Still Climbing

Posted by CowboyNeal on Thursday September 13, @10:54PM from the better-and-better dept. The Internet Media Entertainment

Ant writes "Macworld reports that people in the U.S. have steadily increased the amount of time they spend watching videos online, as Google's YouTube remains by far their preferred video site, according to a study. In July, almost 75 percent of U.S. Internet users watched videos online, up from 71.4 percent in March, according to comScore Networks. The monthly time spent watching videos went up to an average of 181 minutes per viewer in July from 145 minutes per viewer in March, according to comScore. In July, the average user watched 68 clips, up from 55 clips in March. Overall, almost 134 million U.S. Internet users watched a little over 9 billion video clips in July, up from 126.6 million people and a little over 7 billion clips in March."

Tools & Techniques

Belarc Advisor 7.2t (

Posted by Reverend on 13 Sep 2007 - 20:42 GMT

The Belarc Advisor builds a detailed profile of your installed software and hardware, missing Microsoft hotfixes, anti-virus status, CIS (Center for Internet Security) benchmarks, and displays the results in your Web browser. All of your PC profile information is kept private on your PC and is not sent to any web server.

Download: Belarc Advisor 7.2t View: Belarc Homepage

When tools fail, you need to rely on technique... Or maybe an X-prize for encryption?

Time Running Out for Public Key Encryption

Posted by Zonk on Thursday September 13, @02:04PM from the interesting-times-are-upon-us dept. Security Encryption Supercomputing Science

holy_calamity writes "Two research teams have independently made quantum computers that run the prime-number-factorising Shor's algorithm — a significant step towards breaking public key cryptography. Most of the article is sadly behind a pay-wall, but a blog post at the New Scientist site nicely explains how the algorithm works. From the blurb: 'The advent of quantum computers that can run a routine called Shor's algorithm could have profound consequences. It means the most dangerous threat posed by quantum computing - the ability to break the codes that protect our banking, business and e-commerce data - is now a step nearer reality. Adding to the worry is the fact that this feat has been performed by not one but two research groups, independently of each other. One team is led by Andrew White at the University of Queensland in Brisbane, Australia, and the other by Chao-Yang Lu of the University of Science and Technology of China, in Hefei.'"

Why not? (The bit about comments from non-students is interesting...)

SoCal College Offers YouTube Class

Sep 14, 6:53 AM EDT

CLAREMONT, Calif. (AP) -- Here's a dream-come-true for Web addicts: college credit for watching YouTube.

Pitzer College this fall began offering what may be the first course about the video-sharing site. About 35 students meet in a classroom but work mostly online, where they view YouTube content and post their comments.

... Alexandra Juhasz, a media studies professor at the liberal arts college, said she was "underwhelmed" by the content on YouTube but set up the course, "Learning from YouTube," to explore the role of the popular site.

Class members control most of the class content and YouTube watchers from around the world are encouraged to comment, Juhasz said.

... YouTube is "a phenomenon that should be studied," student Darren Grose said. "You can learn a lot about American culture and just Internet culture in general."

On the Net:

YouTube class:

Thursday, September 13, 2007

What's going on here? A politician doing something smart? What am I missing?

CT: Rell orders confidential data on state laptops encrypted or purged

Wednesday, September 12 2007 @ 11:28 AM CDT Contributed by: PrivacyNews News Section: State/Local Govt.

Gov. M. Jodi Rell, saying that last month's theft of a state computer containing personal information on 106,000 Connecticut taxpayers was "an accident that never should have happened," has ordered tighter controls on the use of restricted or confidential data on state laptops, Blackberries, and other mobile computing devices.

Under a policy the governor announced Monday, all state agencies are to be required to encrypt any data on a mobile device and require additional protections from unauthorized access and disclosure.

Source - Journal Inquirer

[From the article:

One taxpayer whose information was included on the stolen DRS computer, House Majority Leader Christopher G. Donovan of Meriden, told the JI last week that when he called the company recommended to him by DRS he was frustrated when a representative tried to sell him "extra" protection for "something like $199 [That's more like what I expect from governments... Bob]

Oneupmanship in the “I didn't know!” battle.

UK: Lost hospital disk raises fears about protecting personal data

Wednesday, September 12 2007 @ 07:31 PM CDT Contributed by: Wiwoh News Section: Breaches

For the past month or so, Dudley Group of Hospitals NHS Trust has been dealing with a problem that should not have happened - all because a computer hard drive containing sensitive patient information from a trust hospital was sold on the auction site eBay.

Losing disks loaded with confidential data is not a new thing; BT and Glamorgan University's forensics computing laboratory have been finding such hard drives every year as part of their annual survey designed to highlight the problem of people disposing of disks without destroying the data on them.

What is unusual [Unfortunately not very unusual... Bob] about this incident, which came to light in the latest survey, is that no-one knew that the computer was on the hospital network in the first place.

Source -

What are the odds he was the only one doing this? Should be some interesting details if we get to see the trial transcripts...

San Francisco man accused of selling stolen credit card numbers

By The Tribune-Review Tuesday, September 11, 2007

A man who used the Internet alias "Iceman" stole credit card and identity information from tens of thousands of people by hacking into the computers of financial institutions and credit card processing centers, federal authorities said today.

Max Ray Butler, 35, of San Francisco, was indicted by a federal grand jury in Pittsburgh on three counts of wire fraud and two counts of transferring stolen identity information.

Butler was charged in Pittsburgh because he sold more than 100 credit card numbers and related information to a western Pennsylvania resident who is cooperating with the investigation, said Margaret Philbin, spokeswoman for U.S. Attorney Mary Beth Buchanan of Pittsburgh.

Authorities said Butler also operated a Web site that served as an online forum for people who steal, share or use others' credit card information illegally in a practice is known as "carding."

... The criminal complaint, which was unsealed Tuesday, details a wide-ranging ring that Butler allegedly ran from June 2005 until he was arrested last week.

... Witnesses told agents they were present as Butler moved to various hotel rooms where he would use a high-powered antenna to intercept wireless communications. That enabled him to hack into the computers and otherwise gain the confidential credit card information from financial institutions and credit card processing centers.

... Butler faces up to 40 years in prison and a fine of $1.5 million if convicted on all charges.

The markup technique is interesting...

FISA Fest at Georgetown Law

Wednesday, September 12 2007 @ 07:28 AM CDT Contributed by: PrivacyNews News Section: Surveillance

A symposium held at Georgetown University’s Law Center on Sept. 10th was a veritable FISA fest for those interested in the complicated issues involving the Foreign Intelligence Surveillance Act. Hosted by the Law Center's new National Security Center, the symposium was organized by two of the most knowledgeable people on the planet in the arcane world of FISA law: James A. Baker, Lecturer at Harvard Law and still titular head of the Justice Dept's office that presents requests for warrants to the secret court that okays electronic surveillance and searches of those suspected of espionage, terrorism, or other acts of foreign intelligence; and David S. Kris, a former Associate Deputy Attorney General who was most responsible for tearing down "The Wall" between national security and criminal investigations, and who is the co-author of a weighty new tome, National Security Investigations and Prosecutions, destined to become the Bible for FISA nerds.

... In the meantime, David Kris has produced the single most valuable document ever created for the FISA nerd: a copy of the law as originally written in 1978, with all the changes enacted since Sept. 11, 2001, with each change helpfully color-coded (in SIX different colors!) so that you can keep track of what was added or subtracted when. I have been wallowing in it for the past 24 hours and highly recommend it.

Source - POGO (Project on Government Oversight)

(Props, Fergie's Tech Blog)

Is this the replacement for Carnivore? (Is it true that Democrats are defined as Terrorists?)

NSF-Funded "Dark Web" to Battle Terrorists

Posted by ScuttleMonkey on Wednesday September 12, @03:07PM from the whos-watching-the-watchers dept. The Internet Technology

BuzzSkyline writes "The National Science Foundation has announced a new University of Arizona project, which they call the Dark Web, intended to monitor all terrorist activity on the Internet. The project relies on 'advanced techniques such as Web spidering, link analysis, content analysis, authorship analysis, sentiment analysis and multimedia analysis [to] find, catalog and analyze extremist activities online.' The coolest part of the project is a tool called Writeprint, which 'automatically extracts thousands of multilingual, structural, and semantic features to determine who is creating "anonymous" content' with an accuracy of 95%, according to the release."

Interesting argument

Fair Use Worth More Than Copyright To Economy

Posted by samzenpus on Wednesday September 12, @08:48PM from the make-more-money dept. The Internet The Almighty Buck IT

Dotnaught writes "The Computer and Communications Industry Association — a trade group representing Google, Microsoft, and Yahoo, among others — has issued a report (PDF) that finds fair use exceptions add more than $4.5 trillion in revenue to the U.S. economy and add more value to the U.S. economy than copyright industries contribute. "Recent studies indicate that the value added to the U.S. economy by copyright industries amounts to $1.3 trillion.", said CCIA President and CEO Ed Black. The value added to the U.S. economy by the fair use amounts to $2.2 trillion."

Worth look at this one!

Bossie Awards Honor Open Source Software

Posted by ScuttleMonkey on Wednesday September 12, @03:46PM from the something-for-everyone dept. Software IT

The Alliance writes "InfoWorld has announced the 2007 Bossie Awards for the Best of Open-Source Software. Awards were given to 36 winners across 6 categories. Honorees include (among others) SpamAssassin, ClamAV and Nessus in security, Wireshark and Azureus Vuze in networking, and ZFS for storage. Interestingly, they split the operating system winners across two distributions, with CentOS winning for server OS and Ubuntu for desktop."

Sound familiar?

When Ethics and IT Collide

Posted by CmdrTaco on Wednesday September 12, @11:47AM from the you-got-peanut-butter-in-my-chocolate dept. Security

jcatcw writes "IT workers have access to confidential data, and they can see what other employees are doing on their computers or the networks. This can put a good worker in a bad predicament. Bryan, the IT director for the U.S. division of German company, discovered an employee using a company computer to view pornography of Asian women and of children. He reported it but the company ignored it. Subsequently the employee was promoted and moved to China to run a manufacturing plant. That was six years ago but Bryan still regrets not going to the FBI. Other IT workers admit using their admin passwords to snoop through company systems. In a Ponemon Institute poll of more than 16,000 U.S. IT practitioners, 62% said they had accessed another person's computer without permission, 50% read confidential or sensitive information without a legitimate reason, and 42% said they had knowingly violated their company's privacy, security or IT policies. But in the absence of a professional code of ethics, companies struggle to keep corporate policies up to date."

Something for both e-Discovery and the IT shop.

Everything You Need To Know To Get Started With Content Management Systems

Free and low-cost enterprise wiki tools and open-source content management systems are plentiful. Here's a quick guide to the available options.

By Peter Hagopian, InformationWeek Sept. 10, 2007

It can be easy to dump thousands of dollars into a content management system that no one in your company will want to (or can figure out how to) use. Here are some solutions that keep costs in check but deliver a useful, easy-to-use system with lots of capabilities.

In this article, we'll give an overview of the concepts behind enterprise content and document management, take a look at some practical applications for different types of organizations, and then discuss specific software packages, such as MediaWiki, Drupal, and others, that can be easy to use but also pack lots of functionality.

When (free) Open Office just won't do?

September 12, 2007 9:42 AM PDT

Microsoft says college students can 'steal' Office

Posted by Ina Fried

For college students who want Office 2007, but don't want to pay Microsoft a fortune, the software maker is offering another option: Steal it.

Well, actually Microsoft isn't encouraging piracy. Rather it is launching a promotion, dubbed "Ultimate Steal," in which college students can get the ultra high-end Ultimate edition of Office for just $60.

If nothing else, the free (downloadable) CD might be worth it...

Top 10 Wikipedia Tricks

Without a doubt, Wikipedia is one of the most useful and amazing sources of information on the internet—but chances are you aren't using it to its full potential. Thanks to its freely available content base, lots of Wikipedia-related projects have sprung up that offer easy access to information every which way you need it. Whether you want to do a quick lookup on your mobile phone to settle a debate at the bar, mind map related articles, integrate Wikipedia lookups into your media player and instant messenger or simply need better and quicker search tools, check out our list of top 10 Wikipedia tricks.

Somehow this fits exactly into the Marketing class I'm teaching...

Wednesday, September 12, 2007

Should be some useful ideas...

Australian Law Reform Commission Review of Australian Privacy Law

Tuesday, September 11 2007 @ 06:35 PM CDT Contributed by: PrivacyNews News Section: Non-U.S. News

Just a pointer:

The Australian Law Privacy Reform published its lengthy "Review of Australian Privacy Law." See their site for downloading options (all free).

Die RIAA, die!

Canadian Newspaper Gives Away Free Music Downloads

from the that's-the-spirit dept

Earlier this year, there was a huge fuss over the UK's Daily Mail newspaper's promotion giving away the new Prince CD for free with a copy of the newspaper. It seemed like a pretty good way of dealing with the troubles facing both the newspaper industry and the recording industry -- offering a new way of financing music combined with a new way to promote and distribute music, all the while helping give people a reason to actually buy a newspaper. It was so reasonable that it freaked out the recording industry, music stores and even other newspapers. However, it appears that some newspapers have decided to go even further. Michael Geist lets us know that over the weekend, the Vancouver Sun put up a freely downloadable compilation of songs from Nettwerk Music. You may recall Nettwerk as being the Canadian record label that seems to actually understand that the trick isn't in fighting against consumers (or in suing them), but in giving them what they want. Thus, it's not really a huge surprise that it would be this label that took part -- allowing well known acts like Sarah McLachlan and the Barenaked Ladies to take part in this promotion. What's a little strange is that the promotion only lasted for one day. However, it is good to see more newspapers (and bands) at least experimenting with this type of model. It has a long way to go, but through this experimenting the next generation of music business models are going to be discovered.

Legal writing 101,24897,22398199-15318,00.html

Watchdog bitten in Google case

Susannah Moran September 11, 2007

THE consumer watchdog suffered a blow in its mammoth court case against Google, when a judge said yesterday its court documents were almost "incomprehensible", "opaque" and "somewhat repetitious".

The Australian Competition and Consumer Commission was ordered to write out summaries of its key allegations against various Google companies to clarify its case.

Intriguing Making Copyright disappear?

Yet Another Example Of Innovation Without Patent Protection

from the must-be-magic dept

Lately, there's been a growing body of research on industries like fashion and restaurants that thrive without the aid of patent or copyright protections. In these industries, the lack of legal barriers allows innovative ideas to spread rapidly within the industry, while informal social mechanisms like reputation ensure that innovators get proper credit for their creativity. Ed Felten points out a paper by Yale law student Jacob Loshin that explains how the magic industry has thrived without resorting to legal protections for new inventions. Instead, the magic community uses social norms to reward those who discover new magic tricks and punishes those who disclose them to non-magicians. Because magicians rely so much on their professional network of other magicians to learn about new tricks, new equipment, and new performance opportunities, maintaining a good reputation within the magic community is essential to the career of a successful magician. A magician who uses another magician's trick without giving the originator proper credit, or who reveals secrets to non-magicians, is shunned by other magicians. That kind of ostracism can be a much better (not to mention cheaper) way of disciplining wayward members than getting the lawyers involved. While it's absolutely true that the specific circumstances surrounding the magic industry don't necessarily apply to other industries, between this, the fashion industry and the restaurant industry, we're seeing time and time again that innovation can thrive and mechanisms (whether social norms or business models) are quickly presented to reward the innovators -- even if those innovations can (and often are) quickly copied.


Microsoft's Consent-or-Die Patent

Tuesday, September 11 2007 @ 02:03 PM CDT Contributed by: Wiwoh News Section: Businesses & Privacy

"Maybe you shouldn't get too attached to those new Windows Live services. On Tuesday, the USPTO granted Microsoft a patent for Privacy policy change notification, which describes how to threaten users will the loss of their account, access to web sites and services, and all of the content they provided should they refuse to consent to changes in privacy policy to allow personal information collected earlier with a promise of confidentiality to be shared in the future with third parties. Also described is a 'Never Notify Me' option so you won't have to worry your pretty little head over privacy policy changes."

Source - Slashdot


Online Billing, Part 1: Leaving the Paper Trail Behind

By Jack M. Germain E-Commerce Times Part of the ECT News Network 09/11/07 4:00 AM PT

Perhaps the most significant savings that paperless billing could achieve would benefit the environment directly. Electronic bills would cut down on the consumption of trees. If all U.S. households viewed and paid their bills online, the reduction in paper would save 16.5 million trees a year, according to a recent report published by Javelin Strategy and Research.

This is a very interesting idea.

Swedish Company Trials Peer-to-Peer Cellphones

Posted by Zonk on Tuesday September 11, @01:01PM from the we-can-hear-everybody-now dept. Networking Communications Technology

Dr_Barnowl writes "A company named TerraNet is going through a trial period for a p2p based mobile telephony system. Phones are used to route calls onto other phones, constructing mesh networks of 'up to 20km'. The BBC reports on the natural tendency of the big telecoms providers to want to squash this. I can see other problems though. The advantages in an environment with sparse cell coverage are obvious, but network effects mean that the number of connections in a heavily populated mesh grow exponentially. What happens to your battery life when your phone becomes a node? And while the company is optimistic that they have a viable technology model from IP licensing, the demand for devices supporting this is going to be proportional to the number of devices that it can connect you to."

I wonder if any of my Security students would like to intercept satellite signals (for purely academic reasons of course)

September 11, 2007

EFF Wins Protection for Security Researchers

Court Blocks DirecTV's Heavy-Handed Legal Tactics

San Francisco - In an important ruling today, the 9th U.S. Circuit Court of Appeals blocked satellite television provider DirecTV's heavy-handed legal tactics and protected security and computer science research into satellite and smart card technology after hearing argument from the Electronic Frontier Foundation (EFF).

The cases, DirecTV v. Huynh and DirecTV v. Oliver, involved a provision of federal law prohibiting the "assembly" or "modification" of equipment designed to intercept satellite signals. DirecTV maintained that the provision should cover anyone who works with equipment designed for interception of their signals, regardless of their motivation or whether any interception occurs. But in a hearing earlier this year, EFF argued that the provision should apply only to entities that facilitate illegal interception by other people and not to those who simply tinker or use the equipment, such as researchers and others working to further scientific knowledge of the devices at issue.

For the full opinion from the 9th Circuit:

For more on this case:

Honesty is good

Maintenance Note

Tuesday, September 11 2007 @ 06:06 PM CDT Contributed by: PrivacyNews News Section: Other Privacy News

From the Dysmanagement Team:

Sometime in the next few days, this site will be moving to a new server. So if we seem to disappear, clear cache and we should reappear. If we don't reappear and if you are a conspiracy theorist, run for your favorite tinfoil hat. If you're not a conspiracist, just figure we screwed up. :)