Mellon continues in the headlines as more details trickle out.
http://www.pogowasright.org/article.php?story=2008090405500865
SAIC stock owners' private data stolen (BNY Mellon follow-up)
Thursday, September 04 2008 @ 05:50 AM EDT Contributed by: PrivacyNews
About 38,000 people who owned or held options for SAIC stock had their personal financial information stolen due to a data breach through BNY Mellon, a financial services company.
The data loss affects people who owned restricted stock or options in the huge government contractor beginning in 1993, or who owned stock in the company after Feb. 1, 2006.
Source - The Huntsville Times


The economics of Identity Theft Perhaps a spreadsheet to help estimate your potential liability would be useful?
http://www.pogowasright.org/article.php?story=20080903204533780
Certegy Settles Consumer Data Theft Lawsuits
Wednesday, September 03 2008 @ 08:45 PM EDT Contributed by: PrivacyNews
A federal judge has approved a settlement in two class-action lawsuits filed against a St. Petersburg check authorizing company that had more than 8.4 million consumer records stolen and sold to direct marketers.
The settlement provides for a range of credit monitoring services and reimbursement of expenses for those whose identity was stolen. The company, Certegy Check Services, is also reimbursing more than $2 million in legal expenses to the law firms involved in the cases.
... Under the settlement, Certegy is required to pay $2.35 million in attorneys' fees, costs and expenses. Two representative plaintiffs, Linda Beringer and Dana M. Lockwood, were awarded $500 each. Other named plaintiffs were awarded $250 each.
Source - Tampa Tribune
[From the article:
A federal prosecutor said at the sentencing hearing that Certegy had to spend $3.2 million to notify the 5.9 million customers whose private financial information was stolen.
... According to a Web site set up to notify consumers about the settlement, www.datasettlement,com, it provides that all class members who had their personal or financial information stolen can get compensated up to $20,000 for certain unreimbursed identity theft losses caused by the data theft. The losses covered could occur from Aug. 24, 1998, to Dec. 31, 2010.
... The thefts resulted in seven class-action lawsuits, two of which were settled by Wednesday's order.


My students always give me a blank look when I insist they should “Assiduously Eschew Obfuscation” Perhaps a paper on “Translating Privacy Policies” would be useful?
http://yro.slashdot.org/article.pl?sid=08/09/04/1110235&from=rss
Privacy Policies Are Great -- For PhDs
Posted by CmdrTaco on Thursday September 04, @08:50AM from the they-have-many-advanced-degrees dept. Privacy
An anonymous reader writes
"Major Internet companies say that they inform their customers about privacy issues through specially written policies. What they don't say is that more often than not consumers would need college undergraduate educations or higher to easily wade through the verbiage. BNET looked at 20-some-odd privacy policies from Internet companies that received letters from the House about privacy practices. The easiest to read policy came from Yahoo, at a roughly 12th grade level. Most difficult? Insight Communications, which at a level of over 20 years of eduction officially puts it onto IRS Code territory."


Think of it as anti-e-Discovery... (Will this result is a law forbidding users to delete any data?)
http://mobile.slashdot.org/article.pl?sid=08/09/03/2249238&from=rss
Criminals Remote-Wiping Cell Phones
Posted by samzenpus on Wednesday September 03, @07:58PM from the this-phone-will-self-destruct dept. Cellphones IT
An anonymous reader writes
"Crafty criminals are increasingly using the remote wipe feature on the Apple iPhone and other business handsets, such as RIM's BlackBerry, to destroy incriminating evidence, the head of the UK's Serious Fraud Office Keith Foggon has warned. Foggon told silicon.com that the move away from PCs towards using mobile phones [Aside: I'll wager most IT departments have little or no control over employee phones. Bob] was causing a headache for crime fighters who were struggling to keep up with the fast pace of new handsets and platforms churned out by the mobile industry."
[Interesting Comments:
Actually, if you slot a microSD card in a BlackBerry, you can set it up to encrypt the card along with the rest of the device, and it's scrubbed along with everything else if too many wrong passwords are entered in*
*The password and encryption is done device-side, so it even works in Linux.


Speaking of e-Discovery, it's always fun to note that even Billionaire CEOs don't understand it.
http://www.infoworld.com/article/08/09/03/Judge_raps_Ellison_over_missing_emails_1.html?source=rss&url=http://www.infoworld.com/article/08/09/03/Judge_raps_Ellison_over_missing_emails_1.html
Judge raps Ellison over missing e-mails
Oracle CEO failed to preserve e-mails and interview materials that should have been supplied in connection with lawsuit filed in March 2001 against the company
By Chris Kanaracus, IDG News Service September 03, 2008
... Oracle produced only 15 e-mails sent or received by Ellison from Ellison's own files, but pulled more than 1,600 Ellison e-mails from the systems of other company workers, according to Judge Susan Illston.


It will be important to use the correct technical term to explain why Ralph nader won the election, otherwise you could look as dumb as an election commisioner....
http://techdirt.com/articles/20080819/1745382036.shtml
E-Voting Isn't Perfect, But It Takes Less Work to Corrupt Big Elections
from the O(1) dept
Thad Hall, a political scientist at Caltech, complains that e-voting critics rarely make apples-to-apples comparisons between electronic and paper voting systems. They contend that if traditional paper voting systems were subjected to the same kind of close scrutiny that e-voting endures, security experts would find flaws—ballot tampering, ballot box stuffing, and so forth—at least as serious as the problems commonly identified in touch-screen voting machines. Rice computer scientist Dan Wallach responds by pointing to a new paper he's written proposing an elegant way to think about the security of voting systems. Computer scientists use "big-O" notation to describe the complexity of algorithms. He suggests a similar terminology to describe the effort required to compromise voting systems as a function of the size of the election. A security flaw that can be compromised with an effort proportional to the number of voters N is said to be a O(N) flaw. A flaw that can be exploited with an effort proportional to the number of polling places is an O(P) flaw. A flaw that can be exploited with a constant amount of effort, regardless of the number of voters, is an O(1) flaw.
The last kind of attack is the most dangerous because it's feasible for a small number of people—perhaps even a single individual—to do a lot of damage. The reason paper-based elections tend to be better than touch-screen elections isn't that the former don't have flaws. The difference is that attacks against paper-based voting systems are far more likely to be O(N) or O(P)—that is, you have to tamper with a lot of ballots or corrupt a lot of poll workers. In contrast, because they contain re-programmable computers at their hearts, touch-screen voting systems are far more susceptible to O(1) attacks such as a custom-developed virus or a corrupt employee at the e-voting vendor. Because they allow a single individual to do extensive damage, they're much more dangerous than other kinds of attacks, even if carrying them out takes relatively more skill or effort than other attacks with O(P) or O(N) cost. The reason to prefer paper-based voting to touch-screen voting isn't that paper voting is flawless, but that the attacks against them are labor-intensive enough that it's difficult to carry out large-scale attacks without getting caught.


Browsers as the Web 2.0 Operating System
http://tech.slashdot.org/article.pl?sid=08/09/03/2244226&from=rss
Chrome Vs. IE 8
Posted by samzenpus on Wednesday September 03, @09:52PM from the put-em-up dept. The Internet Google Internet Explorer IT
snydeq writes
"Google Chrome and Internet Explorer 8 herald a new, resource-intensive era in Web browsing, one sure to shift our conception of acceptable minimum system requirements, InfoWorld's Randall Kennedy concludes in his head-to-head comparison of the recently announced multi-process, tabbed browsers. Whereas single-process browsers such as Firefox aim for lean, efficient browsing experiences, Chrome and IE 8 are all about delivering a robust platform for reliably running multiple Web apps in a tabbed format in answer to the Web's evolving needs. To do this, Chrome takes a 'purist' approach, launching multiple, discrete processes to isolate and protect each tab's contents. IE 8, on the other hand, goes hybrid, creating multiple instances of the iexplore.exe process without specifically assigning each tab to its own instance. 'Google's purist approach will ultimately prove more robust,' Kennedy argues, 'but at a cost in terms of resource consumption.' At what cost? Kennedy's comparison found Chrome 'out-bloated' IE 8, consuming an average of 267MB vs. IE 8's 211MB. This, and recent indications that IE 8 itself consumes more resources than Vista, surely announce a new, very demanding era in Web-centric computing."


From the people that brought you “Double Secret Probation?”
http://news.slashdot.org/article.pl?sid=08/09/03/181251&from=rss
Don't Share That Law! It's Copyrighted
Posted by timothy on Wednesday September 03, @02:32PM from the there-would-be-these-rules-that-everyone-knows dept. Government The Courts United States
Nathan Halverson writes
"California claims copyright to its laws, and warns people not to share them. And that's not sitting right with Internet gadfly, and open-access hero, Carl Malamud. He has spent the last couple months scanning tens of thousands of pages containing city, county and state laws — think building codes, banking laws, etc. Malamud wants California to sue him, which is almost a given if the state wants to continue claiming copyright. He thinks a federal court will rule in his favor: It is illegal to copyright the law since people are required to know it. Malamud helped force the SEC to put corporate filings online in 1994, and did the same with the patent office. He got the Smithsonian to loosen its claim of copyright, CSPAN to stop forbidding people from sharing its videos, and most recently Oregon to quit claiming copyright on state laws."
Malamud's talk at Google ("All the Government's Information") is also well worth watching.


Perhaps “Class Action as a Class Project” at your neighborhood law school? Just a way to help with tuition...
http://techdirt.com/articles/20080901/1828492144.shtml
Suing Telemarketers And Winning
from the it-is-possible dept
While we've noted the fact that many telemarketers are clearly ignoring things like the Do Not Call list, it appears that more and more people are figuring out that they can fight back on their own. Consumerist has the story of one woman who followed the suggestions at the Kill the Calls website and was able to successfully sue a telemarketer in small claims court... and win. It does sound like a fair amount of work, but for those who have the time and the anger at receiving too many intrusive telemarketing calls, apparently it can work -- even if the company in question sends its chief legal counsel across the country to defend its practices.


Nice overview!
http://www.bespacific.com/mt/archives/019223.html
September 03, 2008
CERT: Understanding Voice over Internet Protocol (VoIP)
Cyber Security Tip ST05-018 - Understanding Voice over Internet Protocol (VoIP): "Because VoIP relies on your internet connection, it may be vulnerable to any threats and problems that face your computer. The technology is still new, so there is some controversy about the potential for attack, but VoIP could make your telephone vulnerable to viruses and other malicious code. Attackers may be able to perform activities such as intercepting your communications, eavesdropping, conducting effective phishing attacks by manipulating your caller ID, and causing your service to crash. Activities that consume a large amount of network resources, like large file downloads, online gaming, and streaming multimedia, will also affect your VoIP service."


Worth getting from the library?
http://books.slashdot.org/article.pl?sid=08/09/03/137236&from=rss
Blown to Bits
Posted by samzenpus on Wednesday September 03, @11:19AM from the read-all-about-it dept. thumbnail
Ray Lodato writes
"Few people would deny that the world has changed significantly since the explosion of the Internet. Our access to immense volumes of data has made our lives both easier and less secure. Hal Abelson, Ken Ledeen, and Harry Lewis have written an intriguing analysis of many of the issues that have erupted due to the ubiquity of digital data, not only on the Internet but elsewhere. Blown to Bits: Your Life, Liberty, and Happiness After the Digital Explosion, published by Addison-Wesley, digs into many of the ramifications of making so much information available to the world at large. As I read through the book, I was alternately fascinated and horrified at what information is available, and how it is being used and abused."


...so the move by Comcast and other ISPs to limit bandwidth is a result of their internal structure, not an upstream bottleneck.
http://arstechnica.com/news.ars/post/20080903-what-exaflood-net-backbone-shows-no-signs-of-osteoporosis.html
What exaflood? 'Net backbone shows no signs of osteoporosis
By Nate Anderson Published: September 03, 2008 - 11:12AM CT
Given recent media coverage, it's easy to believe that P2P and streaming video traffic is a rising hurricane battering upon ISP levees, that ISPs are frantically sandbagging their systems against disaster, that throttling, bandwidth caps, and traffic management are urgent and absolute necessities to keep the storm surge at bay. But new research from Telegeography only confirms what we've been saying for some time: the Internet backbone isn't drowning beneath any kind of exaflood. In fact, backbone capacity has grown faster than Internet traffic in the last year—for the second year in a row.


I'll probably fond a few to amuse my students (and perhaps make a point...)
http://blog.wired.com/underwire/2008/09/review-one-minu.html
Wired.com's Picks From Filminute's Microvideo Short-List
By Hugh Hart September 03, 2008 4:20:00 PM


Economics in the People Republic. No doubt they will make it mandatory for (second class) citizens to take cabs and pay three time todays rates so cabbies can earn a “fair” income.
http://blog.wired.com/cars/2008/09/boston-cabbies.html
Boston Cabbies Wicked Mad About Green Taxi Rule
By Dave Demerjian September 03, 2008 5:18:08 PM
... The police department's hackney division, which deals with all things taxi, has decreed that all cab drivers and operators must convert their fleets to hybrids by 2015.


Hackers love a challenge. I give it three days, max.
http://hardware.slashdot.org/article.pl?sid=08/09/03/1726205&from=rss
Ghostbusters Is First Film Released On USB Key
Posted by timothy on Wednesday September 03, @01:46PM from the free-gozer dept. Movies Data Storage Entertainment
arcticstoat writes
"Are you the USB keymaster? You could be soon if you pick up PNY's new 2GB USB flashdrive, which comes pre-loaded with Ghostbusters. A spokesperson for PNY explained that it comes with a form of DRM that prevents you from copying the movie. 'They have DRM protection,' explained the spokesperson, 'so customers can download the movie onto their laptop or PC if they wish, but they have to have the USB drive plugged in to watch the movie, as the DRM is locked in the USB drive.' The music industry has been playing around with USB flash drives for a few years now, but it hasn't been a massive success yet; will USB movies fare any better?"