Saturday, October 06, 2007

Another server hack. Are they sure it was only one?

De: Theft of credit card data affects tens of thousands of Kartenhaus customers

Friday, October 05 2007 @ 10:19 AM EDT Contributed by: PrivacyNews News Section: Breaches

The Hamburg ticket sales office Kartenhaus informed its customers on Thursday that still unidentified culprits had stolen credit card numbers and billing addresses. Some 66,000 customers who purchased tickets with a credit card from the website between October 24, 2006 and September 30, 2007 were affected. The only exceptions were credit card purchases of tickets to sporting events featuring Hertha BSC, HSV Handball, and Eisbären Berlin.

The parent company, Ticketmaster, advised customers to "check your credit card bills as soon as possible to identify any irregularities or abuse".

Source - Heise

Probably Osama, checking to see that his name was spelled correctly.

UK: Laptop theft sparks ID fears

Friday, October 05 2007 @ 05:42 PM EDT Contributed by: PrivacyNews News Section: Breaches

Hundreds of people have been placed at risk of identity theft after a laptop computer containing personal and financial details was stolen from a car, it was revealed today.

HM Customs and Revenue is investigating the incident after an employee's laptop was stolen from the boot of a car.

The computer contained sensitive financial details of at least 400 people which had been passed to the HMRC by several financial institutions as part of an audit.

Source - Manchester Evening News

Anyone believe this? Clearly, we would have access to the data sent to/from US banks and I doubt most allies would refuse to share. What does that leave unexamined?

SWIFT puts EU data beyond the immediate reach of the US

Friday, October 05 2007 @ 10:05 AM EDT Contributed by: PrivacyNews News Section: Non-U.S. News

The supervisory board of SWIFT has approved the plans for the restructuring of the systems architecture of the financial messaging network the outlines of which had been known for some time. The core of the realignment is the creation of a global data processing center in Switzerland. To this will be added a command-and-control center in Hong Kong. The first step toward the realization of the project that has now been approved by the supervisory board will involve the expansion of the central news platform of SWIFT, in an attempt to aid the setting up of several processing zones.

By engaging in the restructuring effort that is scheduled to be completed by the end of 2009 the financial messaging network based in Belgium is trying to accomplish a score of targets aimed at satisfying the desires of customers. Thus by preventing immediate access by US authorities to international transfer data -- as is currently the case via the network's computing center in the United States -- data privacy concerns are to be dispelled. In addition SWIFT hopes that the new message architecture will boost the processing capacity of the system, improve reliability, lower information transfer costs and, into the bargain, open up new business opportunities in general.

Source - Heise

For your web masters...

The top 10 reasons Web sites get hacked

Experts say the people who actually build Web applications aren't paying much attention to security; a non-profit group is trying to solve that

By Jon Brodkin, Network World October 05, 2007

Ditto Cheap & Effective! (They'll probably fire the guy who thought of it!)

Getting Away Cheap After a Hack

DATE: 05-OCT-2007 By Lisa Vaas

A simple backup plan saved the California ARB from being shut down following a hack of the domain.

... California was caught off-guard when the federal GSA (General Services Administration), which manages all ".gov" domains, moved to knock the domain offline in an attempt to deal with a hacker having rigged redirects to porn pages onto the site for a Marin County transportation agency.

... Specifically, the ARB has a back-up site hosted on a separate domain. It's a simple static page on a free domain, not a mirrored site, that can be preloaded with instructions for employees or visitors on how to communicate outside of their usual domain.

The cost of security?

Financial institutions spending on security, governance

Deloitte & Touche's annual survey has found that 98 percent of financial institutions are putting more emphasis -- and money -- on IT security and governance

By Ellen Messmer, Network World October 05, 2007

... While 38 percent of the organizations surveyed did not measure their security budget on a per capita basis, of those that did, 7 percent said they spend more than $1,000 per person, 7 percent between $501 an $1,000 per person, 14 percent between $251 and $500, 23 percent between $100 and $250, and 11 percent under $100.

"Alice laughed: "There's no use trying," she said; "one can't believe impossible things."

"I daresay you haven't had much practice," said the Queen. "When I was younger, I always did it for half an hour a day. Why, sometimes I've believed as many as six impossible things before breakfast."

Alice in Wonderland.

Kim Jong Il: I'm an Internet expert

Fri Oct 5, 8:35 AM ET

SEOUL, South Korea - North Korean leader Kim Jong Il called himself an "Internet expert" during summit talks with South Korea's president this week, a news report said Friday.

You know, there are firms that specialize in payroll...,1759,2192653,00.asp?kc=EWRSS03119TX1K0000594

Los Angeles School District ERP Snarls Teacher Pay

By Renee Boucher Ferguson October 5, 2007

Thousands of LAUSD employees are overpaid, underpaid or going unpaid because of a faulty ERP system.

Enormous cost overruns associated with botched enterprise resource planning implementations are the stuff of legend in IT circles.

Now there's a new debacle to add to the list. Nine months after the Los Angeles Unified School District launched the SAP HR and Payroll modules—as part of a larger ERP rollout dubbed Business Tools for Schools, or BTS—tens of thousands of LAUSD employees at 700 schools have either gone unpaid or been overpaid or underpaid.

A new source of RIAA lawsuits?

If You Play Your Radio Loud Enough For Your Neighbor To Hear, Is It Copyright Infringement?

from the maybe-so dept

In the past, we've wondered about the business logic of various music performance societies suing restaurants and bars for playing a music without a license. However, we never denied that it was well within their legal rights to go after these places for not getting a license for performance rights. It just didn't seem very smart from the business side of things. Still, it's not hard to go from the question of whether or not restaurants should pay for performance rights when playing music to rather ridiculous situations. Take, for example, the case that reader El Nege points us to in the UK, where a car repair firm is being sued because its mechanics listened to their personal radios too loud.

It's not difficult at all to figure out what's going on here. The mechanics working out in the garage have radios playing while they work, and there's plenty of noise in the garage, so they're likely to turn those radios up. Customers in the enclosed area next to the garage are certainly likely to hear that music... but is it really a public performance? The Performing Rights Society in the UK certainly thinks so, which is why they're suing. The repair firm, Kwik-Fit, has a pretty weak response, saying that it's banned personal radios for ten years. Instead, it should be fighting back on the idea that this is a public performance in any way. Otherwise, you get into all sorts of trouble. If you have the windows open in your home and are listening to your legally owned music (or your TV!) and your neighbor can hear it, is that a public performance? What if you live in an apartment building with thin walls? What about when you're driving with the radio on and the windows open? What if you're in your cubicle and the folks in the cubicles around you can hear the music? At which point do we realize how silly this becomes? It's difficult to see how, with a straight face, anyone in the music industry can claim that any of these situations represents harm done to them.

But if you don't hold the data, you can't mine it! (nor can you have those nifty data spills like TJX!)

Retailers Fighting To No Longer Store Credit Data

Posted by Zonk on Friday October 05, @03:25PM from the just-going-to-get-stolen-anyway dept.

Technical Writing Geek writes with the news that the retail industry is getting mighty fed up over credit card company policies requiring them to store payment data. The National Retail Federation (NRF) has gone to bat for store owners, asking the credit industry to change their policies. The frustration stems from payment card industry (PCI) standards and new security measures going into place across the retail experience. Retailers are now trying to point out that many of the elements of the standard would not be a requirement if they didn't have to store so much payment data. "Even if the NRF's demands were immediately met, it would take several years before retailers could purge their systems and applications of credit card data, he said. Over the years, retailers have collected and stored credit card data in myriad systems and places -- including relatively old legacy environments -- and they are just now realizing the data can be a challenge, he said. Purging it can be a bigger headache because the data is often inextricably linked to and used by a variety of customer and marketing applications; simply removing it could cause huge disruptions."

So much for the reliability of DNA evidence...

Stem Cells Change Man's DNA

Posted by Zonk on Friday October 05, @05:21PM from the oh-man-science-is-weird dept.

An anonymous reader writes "After receiving umbilical cord stem cells to replace bone marrow as treatment for non-Hodgkin's lymphoma, Greg Graves temporarily had three different sets of DNA. Eventually, one of the two sets of cells transplanted into his bone marrow took root, leaving him different DNA in his blood from the rest of his body: 'If you were to do a DNA test of my blood and one from my skin, they'd be different,' Graves said. 'It's a pretty wild thing.'"


Minn. Court: Warrant Needed for Blood Tests in Drunk Driving Cases

Friday, October 05 2007 @ 05:41 PM EDT Contributed by: PrivacyNews News Section: In the Courts

The Minnesota Court of Appeals decided this week that police should have gotten a warrant before ordering a blood test from a suspected drunken driver in Dakota County, a ruling that could add extra steps for police going after intoxicated motorists.

The court said police need more than evidence of alcohol consumption to test blood without a warrant or consent of the driver. The decision, supported by two of the three judges who heard the case, upholds a lower court ruling that threw out a blood-alcohol test for Janet Shriner.

Source - Insurance Journal

There is a trailer

Surveillance Shot of Hollywood Filmmaker Sparks Movie about Spycams

By Kim Zetter EmailSeptember 25, 2007 | 7:40:52 PM

Here's how to make your own movie...

Security Bites Podcast: Hacking via security cameras

By CNET Staff Published: October 5, 2007 11:28 AM PDT

This week, CNET's Robert Vamosi talks with Adrian Pastor, a London-based security researcher who has demonstrated how to hack into a corporate network using a surveillance camera.

Security cameras are everywhere. Popping up on city street corners. Certainly they're on most major corporate campuses. And we've all seen films where the bad guys fool the sleepy, overworked security guard by playing a static image on a security monitor while thieves break into the safety deposit boxes.

But how practical is that? Recently a few security researchers have said it's pretty easy--if the camera streams its images over an IP address. In a paper titled "Owning Big Brother" (PDF), Pastor shows how code entered through an ordinary Web browser, a cross-site scripting attack, can manipulate or even replace the streaming video content with something else. [Attention lawyers! Make your own evidence! Bob]

Pastor says hackers can use the camera as a stepping stone to attack the corporate or government network operating behind the camera.

Here's a movie suggestion...

Videos of Madrid prostitutes and clients put on YouTube

Saturday, October 06 2007 @ 03:15 AM EDT Contributed by: PrivacyNews News Section: Non-U.S. News

A Spanish neighbourhood watch association hopes that the video-sharing website YouTube can help clean up their streets of the prostitution that they say the local government has done nothing to curb.

... Hetaria, an association that defends the rights of prostitutes in Spain, has denounced the residents' actions for breaching the prostitutes' right to privacy. The Spanish Data Protection Agency has announced that it is investigating whether the recording of these videos breaks any privacy laws, especially now that the videos are available on the web. Residents could find themselves facing fines of up to €600,000 (£415,000).

Source - Guardian

If this is legal... - International Book Exchange

BookMooch is a book exchange site that, as you’ll find out when you pay them a visit, has got some really charming graphic work going on. The procedure is simple. Basically, if you’ve got a book or books you no longer want, you can list them on the site and give them away as you get requests. For every book you give away, you’ll receive one point which entitles you to get any book from any BookMooch member. BookMooch is totally free (you have to pay postage of course) and it’s international which means you’ll have a world of books to choose from. Sending a book abroad entitles you to three points, while it only costs the moocher 2 points to get it. If you’re so inclined, BookMooch lets you donate your points to charities, libraries, and African literacy programs among others. Keep a wishlist to be notified when a book you want becomes available.

...shouldn't this be too? - The Digital Marketplace

You’ve got eBay et. al for the selling and buying of boats, shoes, cocktail dresses, old hardware parts, anything really that you can get your hands on. Zipidee wants to be the eBay of digital goods. These are intangible bits, for the most part, that reside in the circuitry of your gadgets—things like mp3’s, e-books, wallpapers, ringtones and audio guides. With Zipidee merchants can create their own virtual stores to sell and list their wares for sale on Zipidee itself or through its widgets. Merch can be rented and sold via downloads or even streams. Prices are set by the seller and sales can be tracked with the analytics dashboard. Zipidee also offers its own DRM which sellers can use to protect their products. For their services, Zipidee will apply a dollar listing fee and they’ll take a small cut of the profits.

How to get arrested at the airport...

T-shirt shows off Wi-Fi muscle

ThinkGeek is selling a T-shirt with a built-in, battery-powered Wi-Fi signal detector that lights up like a cell phone signal strength indicator when it detects a nearby network

By Stephen Lawson, IDG News Service October 05, 2007

Friday, October 05, 2007

They do things differently in the great white north...

Ca: Computer breaches exposed

Thursday, October 04 2007 @ 04:09 PM EDT Contributed by: PrivacyNews News Section: Breaches

Security holes at Alberta's government offices and educational institutions contributed to computer network breaches at Alberta Health and Grant MacEwan College, according to the auditor general.

They were the most serious among dozens of security protocol issues at just about every level of government and the education community. In many, the breaches were as simple as not having proper password policies in place.

But in the cases of Mac-Ewan College and the health department, the breaches potentially exposed their networks. MacEwan left unfettered Internet access to private financial documents, while Alberta Health logged unknown, unauthorized connections during occasional security checks.

Source - Edmonton Sun (Props, Flying Hamster)

Ca: Privacy breach at MacEwan

Friday, October 05 2007 @ 03:36 AM EDT Contributed by: PrivacyNews News Section: Breaches

A city college chose not to inform students and others whose personal credit information was left publicly available through its Internet site, it has confirmed.

MacEwan College was cited in the auditor general’s report this week after a tipster told the AG’s office about the security breach in 2006. It mirrored access problems in 2002-2003, the AG’s report confirmed.

The college chose not to tell those whose personal information was included in the accessible journal entries based on an assessment of risk by its Freedom of Information and Protection of Privacy office, said MacEwan spokesman Gordon Turtle.

Source - Edmonton Sun

“We're the government: Let us show you how it should be done!” Who actually chose that setting? Management or an entry level geek?

Homeland Security Can't Even Configure Its Mailing List Software Correctly?

from the that-makes-me-comfortable dept

Just after the federal gov't screwed up and shut off, we find out that the Department of Homeland Security misconfigured its email list software causing a deluge of annoying emails to over seven thousand government employees. The list, normally used to broadcast news summaries of security news, apparently was set up so that any reply messages automatically were broadcast to all members. What happened next is familiar to lots of folks on mailing lists, where the "reply all" button is misused. The one difference, though, was that this wasn't a misuse of the reply all button, but on the mailing list automatically sending out anyone's message to everyone on the list. Many security experts on the list are apparently wondering what that says about Homeland Security's ability to deal with cybersecurity issues. Perhaps it was just a little configuration error, but you would think that the folks at the DHS would be a bit more careful about those things.

Well this is getting a lot of press... Seems we backed the wrong horse. Still, I expect a lot of analysis of the transcripts.

RIAA Wins Case, Gloats

from the this-won't-help dept

As we expected this morning, the RIAA has won its lawsuit against a woman for sharing files. This is unfortunate in the long run, as the decision is actually going to hurt the companies the RIAA represents more than if it had lost the case. That's because the RIAA will take this as a validation of its "sue our fans" strategy, rather than realizing it's finally time to try a different model. In the meantime, the woman in the case, Jammie Thomas, never should have let the case go this far as there appeared to be plenty of evidence that she actually did break the law. The RIAA often has weak evidence, but in this case the evidence was much stronger. Unfortunately, that distinction won't be made by most, and they'll simply assume that if the RIAA won this case, it should win many others. The RIAA, of course, wasted no time in gloating about the decision and is using this to push others to settle rather than fighting the RIAA lawsuits. This actually is reasonable advice if, as in this case, you were guilty of breaking the law and the RIAA has the evidence to show it. The problem is that's often not the case -- yet, again, that important point will get lost.

...see what I mean?

Four reasons why the RIAA won a jury verdict of $220,000 today

Posted by Declan McCullagh October 5, 2007 12:51 AM PDT

The Recording Industry Association of American got a chance on Thursday to show everyone just how heavy and intimidating the legal club of copyright law can be.

... I've put some recent documents in the case online here for your perusal.

So why did this verdict happen?

1. The RIAA was able to match a username and IP address with Thomas.

2. The RIAA's jury instructions. Both the RIAA and the defense submitted proposed jury instructions (see my link above). Both are pretty similar because of the constraints of 8th Circuit precedent.

The key difference is that the RIAA offered two suggestions, which would eventually become Jury Instructions 14 and 15, which the defense left out. Once U.S. District Judge Michael Davis sided with the RIAA on that crucial point, which he did, and adopted its suggestions, the recording industry had a much easier time of it. Those two crucial instructions are:

JURY INSTRUCTION NO. 14: The act of downloading copyrighted sound recordings on a peer-to-peer network, without license from the copyright owners, violates the copyright owners' exclusive reproduction right.

JURY INSTRUCTION NO. 15: The act of making copyrighted sound recordings available for electronic distribution on a peer-to-peer network, without license from the copyright owners, violates the copyright owners' exclusive right of distribution, regardless of whether actual distribution has been shown.

3. "Making available." Jury Instruction 15 is more important. It says that the RIAA doesn't need to offer any evidence that rapacious Kazaa users actually downloaded songs from Thomas' computer.

... This is not an outlier, by the way. A Pennsylvania judge came up with the same making-available-is-infringement conclusion in February. Marybeth Peters of the U.S. Copyright Office has argued that "making (a file) available for other users of a peer to peer network to download... constitutes an infringement of the exclusive distribution right, as well of the reproduction right." Judge Davis' interpretation of the law may not be the only one, but it's a defensible one. Here's his reasoning.

4. Copyright law is harsh. Once the jury decided that Thomas was behind the IP address in question, there was almost certainly going to be a stiff fine -- of at least $18,000. In this case, the jury was given these instructions:

JURY INSTRUCTION NO. 22: In this case, each plaintiff has elected to recover "statutory damages" instead of its actual damages and profits. Under the Copyright Act, each plaintiff is entitled to a sum of not less than $750 or more than $30,000 per act of infringement (that is, per sound recording downloaded or distributed without license), as you consider just. If, however, you find that the defendant's conduct was willful, then each plaintiff is entitled to a sum of up to $150,000 per act of infringement (that is, per sound recording downloaded or distributed without license), as you consider just.


Chalk One Up For The Armchair Economists

from the getting-it-right dept

Mike Arrington, over at TechCrunch, has written up a post about "The Inevitable March of Recorded Music Towards Free" which will sound mighty familiar if you're a Techdirt reader. It's pretty much the same thing I've been saying for almost a dozen years at this point, pointing out the economics and inevitable trends facing the music industry -- and also noting why that isn't necessarily a bad thing. While he's dealing with emotional responses in the comments (again, that'll sound familiar...), it's more interesting to watch an "industry analyst" trash Arrington as an "armchair economist" without backing it up... and then getting his own economics totally screwed up. In this case, we need to chalk one up for the "armchair economists."

The analyst, David Card of Jupiter Research (the same analyst who incorrectly said that Radiohead's new offering would only work because the band was well known), dismisses Arrington's economics as "oversimplified analysis," but doesn't explain why it's actually wrong -- and that's because it's not. Card goes on to say that based on Arrington's analysis "software, filmed entertainment, soda at McDonalds, and the classic example, high-end perfume, should all be free," using that statement as a reason to dismiss the economics. But it's actually Card who's way off on the economics here. Like many of the folks who respond emotionally, Card seems to be confusing what he thinks Arrington is saying with what Arrington is actually saying. Specifically, he's confused "should" and "will." Neither Arrington nor I have been saying that music should be free -- but that it will be free based on the economics at play. People who read the "will" as "should" then get bogged down in moral arguments over "should" or "should not" that don't matter. You can say that companies "shouldn't" pollute, but it doesn't change the fact that they "will" pollute. At that point, whining that they shouldn't is meaningless -- you simply have to figure out how to deal with the reality that they will. If you can then take that reality and figure out ways for musicians to make even more money [Which should explain why the “non-artists defend the current model. Bob] (as the economic research and history suggests is likely) than the whole moral issue goes away.

It's not worth going through each of Card's "examples," but if you look at the economic trends in play for each situation, you can see that Arrington is a lot closer to the mark than Card is. For software and filmed entertainment, the inevitable shift is to a service model rather than a product model (which is the same as music). A services model recognizes that the creation (not the distribution) of content is where the marginal costs are. In reality, they've always been services models -- just disguised as product models. In other words, the trends in both cases support Arrington, not Card. As for soda at McDonald's and high-end perfume, neither is a zero marginal cost good -- and both have a number of different economic factors dealing with them. For example, soda at McDonald's is a complementary good that people drastically overpay for as a convenience. There's value in convenience -- and since customers in McDonald's are a "captive market" for soda, there isn't the competitive market to drive the price down. It's too bad that a supposed industry expert would accuse Arrington of getting his economics wrong, and then clearly show both that he didn't understand Arrington's statements -- nor does he understand the economics of other products and trends. It reflects a lot better on the "armchair" economists than the supposed expert.

This is an awful big bite to take all at once...

October 04, 2007

New Paper on Google's Law

Google's Law, Working Paper (2007), by Greg Lastowka, Rutgers University, Assistant Professor of Law: "Google has become, for the majority of Americans, the index of choice for online information. Through dynamically generated results pages keyed to a near-infinite variety of search terms, Google steers our thoughts and our learning online. It tells us what words mean, what things look like, where to buy things, and who and what is most important to us. Google’s control over “results” constitutes an awesome ability to set the course of human knowledge. As this paper will explain, fortunes are won and lost based on Google’s results pages, including the fortunes of Google itself. Because Google’s results are so significant to e-commerce activities today, they have already been the subject of substantial litigation. Today’s courtroom disputes over Google’s results are based primarily, though not exclusively, in claims about the requirements of trademark law. This paper will argue that the most powerful trademark doctrines shaping these cases, “initial interest confusion” and “trademark use,” are not up to the task they have been given, but that trademark law must continue to stay engaged with Google’s results."

This is quite interesting. I'll clip a few of the points I like...

The Future of Web Startups

October 2007

... 3. New Attitude to Acquisition

Another thing I see starting to get standardized is acquisitions. As the volume of startups increases, big companies will start to develop standardized procedures for acquisitions, so they're little more work than hiring someone.

... 4. Riskier Strategies are Possible

... 5. Younger, Nerdier Founders

... 8. College Will Change

If the best hackers all start their own companies after college instead of getting jobs, that will change what happens in college. Most of these changes will be for the better.

Chicago police demonstrate the value of those millions spent on terrorism protection!

Chicago Crime Cams Nab Beer Drinker As Reminder of Big Brother System

By Ryan Singel EmailSeptember 24, 2007 | 4:56:37 PMCategories: Surveillance

Chicago police are constantly monitoring their multi-million dollar surveillance cameras to bust black people drinking beer in brown paper bags on the street, as part of a tactic to remind the city's ethnic neighborhoods that they live in a panopticon, according to the San Francisco Chronicle.

In contrast, San Francisco's budding network of 248 surveillance cameras is not monitored until after a crime has been reported.

Earl Gardner lounged on the street near his home just west of downtown Chicago, a 24-ounce can of Crazy Stallion beer in his hand.

A mile away, police Officer Al Garbauski slid a computer mouse to maneuver a camera that was perched a block from Gardner. Zooming in tight, Garbauski saw malt liquor meet mouth and sent an officer to arrest Gardner for drinking in public.

"I didn't appreciate it, not one bit," the 55-year-old Gardner said the other day. "The liquor store was closed when I got out (of custody)."

...and this is actually great for Security!

VMware and the mainframe

Posted by Jon Oltsik October 4, 2007 11:48 AM PDT

Enterprise Strategy Group's resident expert on all things server virtualization, Mark Bowker, tells me that there were 15,000 people at VMworld a few weeks ago. Not a surprise, the industry is gaga over server virtualization as more users look to turn physical servers into consolidated virtual partitions.

The irony here is that while the server virtualization chatter focuses on VMware, Xen, Citrix, and Microsoft, the venerable IBM zSeries (i.e. mainframe) will likely be one of the biggest beneficiaries of this virtualization frenzy.

The reason for this is fairly simple. Server virtualization is all about rationalizing IT assets and costs. Why have a bunch of Intel servers running at 10 percent utilization when you can consolidate them on a single server running at 80 percent utilization?

When things become rare, they become more valuable and therefore more desirable. Or am I wrong?

China Blocking RSS Feeds

Duncan Riley October 4 2007

The Chinese Government has added a blanket ban on all RSS feeds, according to a report at Ars Technica.

There have been reports previously that Feedburner feeds have been blocked, but to-date information delivered by RSS feeds has generally gone uncensored, providing Chinese viewers information that would otherwise be blocked if attempting to visit a regular webpage or blog.

A quick test of WebSitePulse’s Great Firewall testing tool indicates that the TechCrunch feed is blocked.

The number of broadband internet users in China will surpass the United States within the next 12-18 months; China is fast becoming one of the most important online marketplaces in the world.

I think this will be both amusing (to us Auditors) and educational (to corporate legal departments)

Qualcomm explains failure to provide evidence

In its court proceedings against Broadcom, Qualcomm didn't disclose more than 200,000 e-mails showing its participation in a standards-setting process

By Nancy Gohring, IDG News Service October 04, 2007

Court documents filed by Qualcomm this week describe a disjointed legal team with communication failures and internal engineers who were forgetful and ignorant of basic principles of technical standards-setting procedure.

The documents seek to defend Qualcomm's contention that it wasn't involved in a standards-setting process relevant to a patent infringement case it brought against Broadcom.

Think of my blog as the answers to my “What's happening today” question... (By the way, this is an old argument. Rupert Murdock defines his business as communications – hence TV, Radio, magazines, books and newspapers are products to deliver content.)

It's Time To Redefine News

from the about-time dept

Last week, we suggested that newspapers need to stop defining themselves as newspapers. That's defining themselves by a specific product, not the benefits people get from the offering. Instead, we felt that newspapers should start thinking of themselves as news organizations -- more broadly defining what they do. However, that leaves open a really important question about how do you then define "news." We recently covered the somewhat controversial report about how user-curated news aggregation sites tend to highlight different stories, compared to editor-managed news sites -- which really does open up the question of what really is news for people these days. Luckily, Jeremy Wagstaff has taken a fantastic stab at answering that question with a new column on how "news" is being redefined. He notes that the entire concept of "news" no longer fits with what many journalists think news is. It used to be about delivering important information from the source to the people who could make use of that information. News, he notes, is simply information. It's information that is new and/or useful and interesting to each individual. And, in a hyper-connected world with so much information flowing all the time, there's "news" all around, but it's different for everyone and it doesn't involve having a single professional determine what is news.

"What we're seeing with the Internet is not a revolution against the values of old media; a revolution against the notion that it's only us who can dictate what is news. What we're seeing is that people get their news from whoever can help them answer the question they're asking. We want the headlines, we go to CNN. But the rest of the time, "news" is for us just part of a much bigger search for information, to stay informed.

So, if we're redefining newspapers as news organizations and then redefining news itself as the information that's most important to any individual at that time, it starts to open up a lot of possibilities for where newspapers should be headed (though, it doesn't seem like many are looking in that direction).

Why would they assume so much risk? Are the potential profits that great?

Microsoft's HealthVault Lets Consumers Stash Vital Records Online

By Erika Morphy CRM Buyer Part of the ECT News Network 10/04/07 3:59 PM PT

Microsoft's new HealthVault portal allows consumers to store their health records in one place. It also allows users to research related healthcare information. "It is a completely new way for people to manage their health information and to learn about topics that are important to them," Lee Shapiro, president of Allscripts, told TechNewsWorld.

... Privacy Issues

In its rollout, Microsoft took care to address the natural concerns about privacy surrounding such an initiative. This data could be easily seen as a mother lode of riches by class action attorneys, insurance companies or hackers capitalizing on the growing trend of medical identification theft.

... However, there are a number of potential pitfalls that could send the data into the wrong hands, including unsecure PCs on which the consumers would first store their health data before transferring it to the HealthVault and the question of how much of the data will be accessible to the partners and the steps they will take to protect it.

As a life-long science-fiction fan, this is depressing. When we landed on the moon, the chant was “We're Number One!” Now “We're Number Three!” Unless you add in the EU, then “We're Number 4!” and the Russians? “We're Number 5!” Anyone want to bet we could be knocked out of the top ten by Iceland?

The New Moon Race

Posted by Zonk on Thursday October 04, @06:29PM from the make-the-jump dept. Moon Space Science

An anonymous reader writes " has a pictoral and editorial look at the quickly-heating second race to the moon. A Japanese orbital probe is expected to reach orbit of the satellite sometime today, just one of the dozens of projects now aiming to exploit Earth's orbital partner for scientific and business gains. ' The next lunar visitor may come from China. The Chang'e-1 spacecraft is scheduled to lift off near the end of October. It is slated to study the moon's topography in 3D and also investigate its elements. Chang'e-3 is a soft lunar lander that is scheduled to fly in 2010 ... If all goes as planned, the United States and India [“We're Number 6!” (and we're outsourcing all space exploration to India?) Bob] will have astronauts on the moon by 2020, China by 2022, and Japan and Russia by 2025.'"

Trivial (or at least common) assertion, but the comments are interesting... (It used to be that when “SAS” made comments like this, a new product “solution” followed. I'm waiting...)

SAS CEO Blasts Old-School Schooling

Posted by CowboyNeal on Friday October 05, @12:46AM from the stuck-in-the-past dept. Education Communications Technology

theodp writes "What does SAS CEO Dr. Jim Goodnight have in common with 47% of high school dropouts? A belief that school is boring. Marking the 50th anniversary of Sputnik with a call for renewed emphasis on science and technology in America's schools, Goodnight finds today's kids ill-served by old-school schooling: 'Today's generation of kids is the most technology savvy group that this country has ever produced. They are born with an iPod in one hand and a cell phone in another. They're text messaging, e-mailing, instant messaging. They're on MySpace, YouTube & Google. They've got Nintendo Wiis, Game Boys, PlayStations. Their world is one of total interactivity. They're in constant communication with each other, but when they go to school, they are told to leave those 'toys' at home. They're not to be used in school. Instead, the system continues teaching as if these kids belong to the last century, by standing in front of a blackboard.'"

Plan your Christmas shopping...

Black Friday ads already popping up online

By Nicole Maestri Thu Oct 4, 2:52 PM ET

NEW YORK (Reuters) - Those door busting deals that U.S. retailers are planning for the Black Friday holiday shopping weekend are already starting to appear online.

Numerous Web sites have cropped up in recent years that publish what they claim are copies of the newspaper ads retailers will run for Black Friday -- the day after Thanksgiving that marks the ultra-competitive launch of the holiday shopping season.

A visit to ( shows the scan of an Ace Hardware Black Friday ad, which was posted on September 15.

Something for the talented students at the Art Institute? - Digital Art Community

View5 Digital Art Community is the first custom built, online community aimed to help digital artists find their way into industry. Designed for digital artists, by digital artists. View5 is a place for artists to display their talent and get tips, advice and all kinds of help in digital design. The users can submit their work to their own profile for everyone to view, leave comments and even rate their art out of 5. They have a recruitment section, which will be filled with the latest job vacancies from top design agencies, and a great forum filled with online talent to socialize with.

Thursday, October 04, 2007

Blame the machine! It should have known what you should have done and not allowed you to do what you did! (See why top management wants to eliminate all employees?)

Mass. accidentally sends out disks with personal information

Thursday, October 04 2007 @ 07:10 AM EDT Contributed by: PrivacyNews News Section: Breaches

State regulators inadvertently distributed disks containing personal data, including Social Security numbers, of 450,000 licensed professionals in the state.

The problem occurred when the state began using new software to distribute the names and addresses of professionals licensed by the Division of Professional Licensure and the Division of Health Professions Licensure.

... The new software, which the state began using on Sept. 11, failed to delete the Social Security numbers of those on the lists -- including engineers, nursing home administrators, certified public accountants and other professionals -- when transferring the information to disks.

When a staff member discovered the error, officials said they immediately contacted all those who had been sent the disks, requesting the disks not be used and be returned immediately.

Of the 28 disks mailed out, all but two have been recovered.

Source - Boston Globe

Soon the ads will say such encouraging things as, “Hey! Old fart! Wanna buy some Depends?”

Camera sums up your life for marketers

Wednesday, October 03 2007 @ 01:38 PM EDT Contributed by: PrivacyNews News Section: Businesses & Privacy

Here's something for you privacy advocates: a security camera that determines your age, gender and, possibly one day, your social class.

It's called FieldAnalyst and it's from NEC. The system homes in on faces of people who pass by the video camera. It then rapidly compares the image against samples in a database. It then spits out what it believes is your approximate age is and your gender.

Source - C|net (blog)

Accidental my foot! “Dis vas a varnung to Aaanold! Act more Republican, or else!”

Feds Accidentally Turn Off California Gov't Websites

from the sorry-about-that dept

Every once in a while you hear stories of companies having problems with their domain names, often because someone forgot to re-register the domain name or possibly because of a routing problem. However, you don't really expect that to happen to a government website. However, after a California county agency had its gov't website hacked, the feds back in Washington DC accidentally turned off all of the domain, causing quite a bit of confusion among California state gov't employees. It gets even better. Apparently, it happened around noon Pacific Time which is 3pm back on the east coast. Yet, as the article notes: "Unfortunately that was about 3 in the afternoon and folks back East were already going home, so it took us some time to get hold of the right people in the General Service Administration to get this address reinstated." Sure, I can understand time zone differences... but 3pm isn't exactly quitting time. Must be great to be a government employee, huh? Shut down an entire state government's email and web domains without realizing it... and head out the door by 3pm.

Will this be as big as I think?,1759,2191625,00.asp?kc=EWRSS03119TX1K0000594

Court Rules Against Target in Web Site Accessibility Lawsuits

By Evan Schuman, Ziff Davis Internet October 3, 2007

A judge rules that the retailer needs to stand trial for having a Web site that is insufficiently accessible.

When a federal court judge issued rulings Oct. 2 that the $60 billion retailer Target needed to stand trial on charges that its Web site is not sufficiently accessible to visually-impaired shoppers, it sent a strong signal to much of the e-commerce space.

Oh Margaret Thatcher, what hast thou wrought...

Schools must warn of Gore climate film bias

Last updated at 17:36pm on 3rd October 2007

Al Gore's film An Inconvenient Truth has been called unfit for schools because it is politically biased and contains serious scientific inaccuracies and 'sentimental mush'.

Schools will have to issue a warning before they show pupils Al Gore's controversial film about global warming, a judge indicated yesterday.

The move follows a High Court action by a father who accused the Government of 'brainwashing' children with propaganda by showing it in the classroom.

Stewart Dimmock said the former U.S. Vice-President's documentary, An Inconvenient Truth, is unfit for schools because it is politically biased and contains serious scientific inaccuracies and 'sentimental mush'.

Dribs and drabs from the RIAA trial...,1,6490676.story?ctrack=1&cset=true

Woman brings computer to piracy case

Associated Press October 4, 2007

... Before Thomas' demonstration, Doug Jacobson, an expert testifying for the record companies, said songs on one of Thomas' computer drives were copied at a pace so fast it suggested piracy. Many appeared just 15 seconds apart, which Jacobson said was faster than if she'd copied CDs she owned onto the computer.

But each song Thomas copied in court, over the objection of record company lawyer Richard Gabriel, took less than 10 seconds to land on the computer.

RIAA anti-P2P campaign a real money pit, according to testimony

By Eric Bangeman | Published: October 02, 2007 - 11:40PM CT

Duluth, Minnesota — During an occasionally testy cross examination, a Sony executive said what many observers have suspected for a long time. The RIAA's four-year-old lawsuit campaign is costing the music industry millions of dollars and is a big money-loser for the record labels.

Another wise and just court?

Court Slaps Down Software And Business Model Patents

from the a-sense-of-sanity-returning-to-patents? dept

It seems like barely a week goes by without another good story of the courts reigning in the worst abuses of the patent system. While patent reform issues languish in Congress, the courts are doing an excellent job correcting a lot of patent abuses. Just as the Supreme Court is looking at yet another patent case, the Court of Appeals for the Federal Circuit (CAFC) seems to be putting some limits on business model and software patents. This is somewhat amusing, as it was a CAFC decision about a decade ago in the State Street case that opened the floodgates to business model patents. Prior to that, it was widely believed that you couldn't patent "business methods," but the ruling at CAFC said that wasn't true at all. The real travesty of the situation was that the guy who wrote the decision had been a former patent attorney who had written the last major update to patent law -- with almost no Congressional oversight. In other words, one patent attorney almost singlehandedly changed a large part of patent law without Congress even realizing it. However, with the Supreme Court smacking down CAFC patent decisions left and right, it appears that the folks at CAFC are now recognizing that perhaps it needs to bring a little sanity back to the patent system. A little over a month ago, that meant raising the bar for "willful infringement," and now it means raising the bar for business model and software patents.

This case involved a guy who was trying to patent the concept of "mandatory arbitration involving legal documents." The USPTO denied the patent. After a failed appeal, the guy went to court, and CAFC is also saying that his concept does not deserve patent protection, with this being the key quote: "The routine addition of modern electronics to an otherwise unpatentable invention typically creates a prima facie case of obviousness." In other words, simply taking a common process and automating it on a computer should be considered obvious -- and thus, not patentable. This doesn't rule out business model or software patents by any means -- but it at least suggests that the courts are beginning to recognize that the patent system has gone out of control. The court also specifically addresses its own earlier State Street decision, suggesting that people had been misinterpreting it to mean any business model was patentable -- when the USPTO and the courts should still be applying the same tests to see if the business models are patentable. It then notes that a business model on its own shouldn't be patentable unless it's tied to some sort of product, and then states: "It is thus clear that the present statute does not allow patents to be issued on particular business systems -- such as a particular type of arbitration -- that depend entirely on the use of mental processes."

All in all, this is a very good decision that could take us even closer to stomping out innovation-destroying software or business model patents completely.

If you wanted to test a machine's functions, wouldn't you want the actual machine? (Sounds like a test designed by people who didn't want to actually exert themselves.)

GAO Wants to Test Controversial Florida Voting Machines

By Kim Zetter EmailOctober 02, 2007 | 6:47:35 PM

The Government Accountability Office, which has been looking into what happened to about 18,000 votes in a controversial Florida election, released a preliminary report today saying it can't exclude the possibility that voting machines were responsible for the undervotes in that race.

... The report, published here provides details about how the GAO has conducted its investigation so far, including the documents and software it has examined.

... Florida election officials conducted tests on the machines after the election, including a source code review, and concluded there was nothing wrong with the machines. But the testers only tested 5 machines out of nearly 1,500 that were used in the 2006 election. They tested an additional 5 machines that were never used in the election. The GAO, not surprisingly, concluded that this was insufficient.

The testers also didn't do hands-on testing of the machines. Instead they used automated scripts to simulate voting on the machine, which failed to address the issue of touch problems with the screens. The scripts they used were also insufficient in that they tested only a small number of voting scenarios. Some critics have suggested that something about the pattern in which voters cast votes on the machine triggered a bug in the machine that caused it to not record votes cast for Jennings.

It's unclear if any of those problems caused the undervotes. But it is clear, at least to the GAO, that there haven't been sufficient tests to rule out problems with the machines.

I couldn't find any basic algebra videos...

October 03, 2007

UC Berkeley Releases Entire Course Lectures Free on YouTube

Press release – "Further expanding public access to its intellectual riches through the most popular Web destinations, the University of California, Berkeley, announced today (Wednesday, Oct. 3) that it is making entire course lectures and special events available, free of charge, on YouTube. UC Berkeley is the first university to make videos of full courses available through YouTube. Visitors to the site at can view more than 300 hours of videotaped courses and events. Topics range from bioengineering, to peace and conflict studies, to "Physics for Future Presidents," the title of a popular campus course. Building on its initial offerings, UC Berkeley will continue to expand the catalog of videos available on YouTube."

Unethical? I don't think so, in fact I like this. Do your research, make your trade, then tell everyone what your found out. Perfectly legal, right? (Targeting all those “too good to be true” companies should have been obvious to any investor.)

Owner Mark Cuban Trades Stocks on Sharesleuth's Advance Info

By Patricia B. Gray Email 09.25.07 | 2:00 AM

... "The company was not on our radar because they were such a small producer," says Lynn Hicks, business editor of the Des Moines Register, the closest major newspaper to the Xethanol plant. "It's a New York company that happened to have a small plant in Iowa, which we didn't think was worth digging into based on our readers' interests."

So Carey did it for them. A former business reporter for the St. Louis Post-Dispatch, he spent months probing deep into the archives of federal and state agencies. He traveled to Hopkinton, Iowa, to take snapshots of one of Xethanol's plants, and to Delaware and Washington, DC, where he pored over corporate filings and regulatory documents.

On August 7, 2006, Carey posted his findings on his Web site, Frankly, his report does not make for scintillating reading. The writing is cornhusk-dry. (Sample: "He said in an SEC filing that the shares were contributed through a settlement among the shareholders of Xeminex.") The design is rudimentary, a long strip of black text against a stark white background, broken up only by the occasional photo. And at 6,000 words (more than twice the length of this article), the piece could tax the attention span of even the most dedicated stock watcher.

But the exposé torpedoed Xethanol. On the day Carey posted it, online financial message boards lit up with links to the story, and by the next day the company's stock had dropped 14 percent. Three months later, share prices had fallen from $6.91 to $2.90, erasing some $100 million in shareholder value. Lawyers pounced, filing no less than eight class-action shareholder lawsuits in federal courts against the company. Louis Bernstein, Xethanol's CEO during those turbulent months in the fall of 2006, says he spent most of his time managing the fallout from Sharesleuth. "I was constantly defending the company to shareholders, brokers, and analysts," he says. "For three months, it took up most of my day." (Bernstein resigned in November 2006, and current executives at the company declined to be interviewed.)

Since the Xethanol takedown, Sharesleuth has become required reading for a small but influential cadre of securities analysts, stockbrokers, money managers, and journalists. In the week after posting a scoop, Carey says, the site typically draws upwards of 40,000 unique viewers a day. "Sharesleuth provides some of the checks and balances that are missing in the market these days," explains Yolanda Holtzee, a money manager in Seattle who says she follows the site. "Companies can — and do — hire promoters to boost their stocks all the time, but there are fewer and fewer journalists and regulators who dig deep to find out if these companies are delivering on all their promises."

But don't expect reporters to thank Carey. In old media circles, Sharesleuth is considered just as compromised as the companies it covers. The beef: Sharesleuth is funded by Mark Cuban, the infamous founder and Dallas Mavericks owner. Cuban finances the site by shorting the stocks of the companies Carey investigates in his stories. And Cuban trades before Carey publishes. (Short sellers are betting a stock will fall; they borrow the stock from a broker and sell it, with the promise to buy the stock later — hopefully, at a lower price — and return it to the broker.) Carey and Cuban disclose the financing technique on the site, but that hasn't stemmed the criticism. On his blog, The New York Times' Andrew Ross Sorkin dubbed the strategy "about as basic an ethical violation as there can be, whether that stake is disclosed or not." Blogger Gary Weiss, a former BusinessWeek reporter, accuses Cuban of "soiling investigative journalism to line his pockets." Fred Brown, vice chair of the ethics committee of the Society of Professional Journalists, a trade group, warns that "Mr. Cuban is eating the fruit of the poison tree."

Completely unrelated? An amusing look at the legal arguments. (Might make a fun student paper...)

From Watergate to videogate

By Eric J. Sinrod Story last modified Wed Sep 26 04:00:03 PDT 2007

You may have read about the recent controversy involving the New England Patriots after a team official was caught videotaping opposing team defensive signals.

Wednesday, October 03, 2007

Aren't all systems hackable?

Eircom contacts customers in wireless-security scare

Tuesday, October 02 2007 @ 01:40 PM EDT Contributed by: PrivacyNews News Section: Breaches

Eircom is to contact up to 250,000 of its customers regarding a security issue relating to the companies wireless modems.

It has emerged that hackers can tap into certain models of the Netopia series routers without the account holders knowledge or consent.

The security breach affects the Netopia 3300 and 2247 series routers.

Source - Evening Echo

Wouldn't regular deletion of keys (normal course of business) make this impossible? No one uses the same key forever, do they?

UK: Law requiring disclosure of decryption keys in force

Tuesday, October 02 2007 @ 01:46 PM EDT Contributed by: PrivacyNews News Section: Non-U.S. News

Users of encryption technology can no longer refuse to reveal keys to UK authorities after amendments to the powers of the state to intercept communications took effect yesterday.

The Regulation of Investigatory Powers Act (RIPA) has had a clause activated which allows a person to be compelled to reveal a decryption key. Refusal can earn someone a five-year jail term.

Part III of RIPA was in the original Act but was not activated. The Home Office said last year that it had not implemented the provision because encryption had not been as popular as quickly as it had predicted. It launched a consultation which culminated in Part III being made active on 1st October.

Source -

I'll get a copy at the library...

Book: The Future of Reputation: Gossip, Rumor, and Privacy

Tuesday, October 02 2007 @ 12:13 PM EDT Contributed by: PrivacyNews News Section: Internet & Computers

Dan Solove has a new book out that readers may be interested in, The Future of Reputation: Gossip, Rumor, and Privacy. From the jacket:

Teeming with chatrooms, online discussion groups, and blogs, the Internet offers previously unimagined opportunities for personal expression and communication. But there’s a dark side to the story. A trail of information fragments about us is forever preserved on the Internet, instantly available in a Google search. A permanent chronicle of our private lives—often of dubious reliability and sometimes totally false—will follow us wherever we go, accessible to friends, strangers, dates, employers, neighbors, relatives, and anyone else who cares to look. This engrossing book, brimming with amazing examples of gossip, slander, and rumor on the Internet, explores the profound implications of the online collision between free speech and privacy.

Daniel Solove, an authority on information privacy law, offers a fascinating account of how the Internet is transforming gossip, the way we shame others, and our ability to protect our own reputations. Focusing on blogs, Internet communities, cybermobs, and other current trends, he shows that, ironically, the unconstrained flow of information on the Internet may impede opportunities for self-development and freedom. Long-standing notions of privacy need review, the author contends: unless we establish a balance between privacy and free speech, we may discover that the freedom of the Internet makes us less free.

More: Concurring Opinions

One possible scenario: They are keylogging everything you do...

October 02, 2007

Amazon Makes You Lie to Log Off

Are e-commerce websites making it harder and harder for users to log off? That's certainly a trend one reader has seen evidence of, including confirmation from Amazon that the best way to sign out from your account is to lie to them about who you are.

"Over the last few months it has become very difficult to sign out of a session from sites like Amazon and PayPal," the reader wrote. "The 'Sign Out' or equivalent link that for years was at the top of nearly every page is now missing from nearly all pages of those sites. Even the most obvious page where a sign out link should be -- the page acknowledging completion of an order -- offers no way to log out. Amazon and PayPal have turned things upside down and instead of closing a session, they now want us to remain logged in after leaving their site. Why would they do that? What good does it do Amazon and PayPal when their customers minimize the browser or surf to another site while signed in?"

The reader was particularly bothered by what appears to be the only procedure now for logging out of an Amazon account. "Amazon offers a moronic - i.e., counterintuitive -- solution to signing out. You have to find a page on the site that has 'If you're not (your name), click here' and click on it, thereby saying you're not you. [Does this suggest that everything “you” just purchased was actually the work of an identity thief? Bob] This convoluted procedure is too bizarre to be unplanned or mere Webmaster gaffe, so something's going on."

Another excuse to talk security with the CEO! Alert your Security Geek! CEOs typically aren't the most security aware people in the organization. (Fortunately, their secretaries usually handle the email.)

Oct 3, 1:15 AM EDT

E-Mail Attackers Target Corporate Execs

NEW YORK (AP) -- During a two-hour period on June 24, something unusual and a bit worrying turned up in e-mail security firm MessageLabs Inc.'s filters: 514 messages tailored to senior executives of corporate clients that contained malicious programs designed to steal sensitive company data.

On Sept. 12 and 13 it happened again, but this time the firm captured 1,100 messages in a 16-hour wave. The messages, which included executives' names and titles, were from a purported employment service and offered attachments supposedly containing information on potential job candidates.

The attachments were Microsoft Word documents - a common file type erroneously believed to be safe by most computer users - that if not intercepted would have deposited Trojan horses, or malicious programs disguised as benign ones, onto targeted computers.

... "All of a sudden somebody new hit the scene," said Mark Sunner, MessageLabs' chief security analyst. Who that was isn't clear because technical tricks disguised the e-mails' origin, he said. But it's likely the person or group responsible came from the digital underground centered in Eastern Europe, where malicious-program writers and organized crime have long worked hand-in-hand online to steal and sell data for use in fraud schemes.

The newcomers appear to be after corporate secrets, he said. They have sought, specifically, to infiltrate the computers of chief executives, chief financial officers, chief technology officers and other senior managers - and on occasion their assistants. And the Trojan horses were primarily designed to help the attacker gather Microsoft Office files from the "My Documents" directory of infiltrated PCs.

More for starting a security discussion...

Cyber Security Awareness Month: Do You Know Where Your Firewall Is?

By Ryan Singel EmailOctober 01, 2007 | 4:28:27 PM

Monday is the start of Cyber Security Awareness Month in the United States, and security giant McAfee and the National Cyber Security Alliance released a report (.PDF) showing that for many, taking basic precautions towards keeping one's computer safe is still a perplexing job.

For instance, some 87% believe they have anti-virus software installed, but only some 50 percent have actually updated its virus signature files in the past week. Oddly, more people actually have anti-virus software installed (94%) than actually know they have it installed. The same goes for firewalls -- some 81% actually have a firewall, while 73% think they have it. But only 64% actually have it turned on.

Well, it is Cyber Security Awareness Month...

StopBadware: Trusted Web sites are being hacked and don't even know it

StopBadware report warns: In a Web 2.0 world it's becoming easier to sneak badware onto a legitimate site, compromising trusted Web sites

By Robert McMillan, IDG News Service October 03, 2007

It's getting harder and harder to know who to trust on the World Wide Web, according to online safety advocates

On Tuesday, the group released its 2007 Trends in Badware report, saying the bad guys are finding new ways to place their malicious software on our computers -- often by compromising Web sites that we trust.

Marketing? This would be funny if it didn't reiterate the lack of adequate procedures (or even management thought?) too common today.

Thomas & Friends Customers Sent Lead Tainted Toys As Apology For Lead Tainted Toys

If you returned a recalled Thomas & Friends toy to RC2, you probably received an apology and a "bonus gift." We hope you didn't give the toy to your kid, because some of the "bonus gifts" have been recalled for lead contamination.

There will be a lot of blog commentary on this trial...

Sony-BMG Exec Tells Two Whoppers In File-Sharing Trial

from the say-what? dept

Wired's Threat Level blog has been doing some excellent work covering the first RIAA file-sharing case to go to trial, in my home state of Minnesota. In the latest post, reporter David Kravets quotes a couple of whoppers in the testimony of Sony BMG exec Jennifer Pariser. First, Pariser claims that "Selling music is the only way a record company makes money." That's just silly. While record sales are certainly a major source of revenue for record labels, there are lots of other revenue streams out there: concert tickets, merchandise, online subscriptions, endorsement deals, advertising revenue, and so forth. Just yesterday we had an excellent example of a band experimenting with offering name-your-own-price downloads coupled with a premium "discbox." And even some of Pariser's fellow record label execs have begun acknowledging that relying so heavily on music sales is a bad business strategy. At least I can see why Pariser might have thought it was a good legal strategy to pretend that record sales are the only conceivable revenue source for the music industry. Her other claim is even more puzzling: when asked if it's legal to make just one copy of a song you've legally purchased, she apparently said that was "a nice way of saying, 'steals just one copy.'" Not only is that flatly untrue as a matter of law, but saying it also seems like a lousy legal strategy, because (as Kravets points out) some of the jurors probably own MP3 players and won't like being accused of stealing. It's also worth mentioning that this is something the industry keeps flip-flopping on. Sometimes (like when they're arguing before the Supreme Court) they say that of course iPods are legal. Other times they call anyone who rips their CD collections for personal use thieves.

“Yes, that's what we wrote, but it's not what we mean...”

AT&T vows to use Terms of Service for good, not censorship

By Ken Fisher | Published: October 02, 2007 - 10:44AM CT

Yesterday we reported on AT&T's controversial Terms of Service, which in broad legal language gives AT&T the right to terminate a customer's service for activity which AT&T deems "damaging" to its reputation. As we noted yesterday, the legal language is particularly vague and appears to give AT&T broad discretion in deciding what constitutes "damage."

... However, an AT&T spokesperson tells Ars Technica that the company has no interest in engaging in censorship but stopped short of saying that AT&T could not in fact exercise its ability to do so.

"AT&T respects its subscribers' rights to voice their opinions and concerns over any matter they wish. However, we retain the right to disassociate ourselves from web sites and messages explicitly advocating violence, or any message that poses a threat to children (e.g. child pornography or exploitation)," the spokesperson told Ars Technica. "We do not terminate customer service solely because a customer speaks negatively about AT&T."

Is it illegal for sex offenders to be on social networks?

New Jersey subpoenas Facebook over sex offenders

Tue Oct 2, 2007 5:47pm EDT

NEW YORK (Reuters) - New Jersey State Attorney General Anne Milgram said on Tuesday her office has subpoenaed Facebook to discover whether convicted sex offenders in the state have profiles on the popular social networking site.

Milgram issued the subpoena on Monday to Facebook along with letters to 11 other social networking sites asking them to compare member accounts against a list of sex offenders.

... A joint 50-state investigation is looking into Facebook, MySpace and other social networks over concerns they may fall short in protecting young users.

Brave New World

Political dirty tricks 2.0: Outsourcing voter suppression calls?

Posted by Chris Soghoian October 2, 2007 5:20 PM PDT

During my blog posts this week, I'll be focusing on ways in which the Internet can be used to disrupt elections and the political process. On Friday, I'll be giving a talk on the subject at the Anti Phishing Working Group eCrime Researchers Summit on the subject of Political Phishing.

In today's post: What happens when voter suppression calls get outsourced to India? How will law enforcement track down the evildoers, and what will this mean for our elections?

Research tool or comedy link?

October 02, 2007

2008 Presidential Candidates Page

"CQ MoneyLine has created a shortcut for users to quickly access information on all the major presidential candidates this cycle. To visit this page, click here."

Most interesting: In the latest MicroCenter ad, their computers come with Microsoft Vista (various levels depending on the model) but their higher end machines come with “downgrade rights to Microsoft Windows XP Professional” and on their lower end laptops you can “Upgrade” to XP for a mere $50. Hummmm...

Microsoft Offers Licenses For Fake Windows XP Copies

To qualify, users of illegitimate versions of Windows XP Pro must pledge to use only genuine Microsoft software going forward and agree to have their software infrastructure audited.

By Paul McDougall InformationWeek October 2, 2007 01:00 PM

Free entertainment

Search Engine for Radio Stations

2nd October 2007

Looking for Internet radio stations? You can browse or do keyword searches with the new search engine iheard, at .

The front of the site has a directory with the usual categories (jazz, rock, folk, oldies, talk) and a couple of unexpected (ambient, eclectic.) (There’s a much more detailed category page if you want one.) There’s also a keyword search. I did a search for one of my favorite Internet radio stations, Groove Salad, and got three results. Results include brief description, genre, a play button, and (painfully small) icons that indicate the software you’ll need to play the station (Real, WinAmp, etc.)

Click on the name of the station for a little more information about the station, but it’s not clear where the ratings are coming from and sometimes the descriptions are just too minimal.

If you don’t know what you want to listen to and can’t even think of something to search, you can always check out the most popular stations or even the stations organized by language. I just wish a bit more information was offered…

Attention Students! Uploading photos of your professor is NOT AMUSING! (Uploading photos of MY PROFESSORS, is!)

BeFunky To Cartoonize Yourself

Frank Gruber October 1, 2007

BeFunky, a startup which was founded as a spin off of the more manually artist driven IamCartoon project, offers a few fun little applications to allow users to easily create and customize photos as cartoons and create personal avatars.