...because...

http://www.pogowasright.org/article.php?story=20081006060206128

Data “Dysprotection:” breaches reported last week

Monday, October 06 2008 @ 06:02 AM EDT Contributed by: PrivacyNews

A recap of incidents or privacy breaches reported last week for those who enjoy shaking their head and muttering to themselves with their morning coffee.

Source - Chronicles of Dissent

Possibility: Jets are ready to roll

Possibility: Another way to make Iran stop and think

Possibility: French like headlines showing how statesmanlike they are.

Probability: French like headlines showing how they support Iran (can we have more contracts, please?)

http://www.reuters.com/article/topNews/idUSTRE4940N120081005?rpc=64

France urges Israel not to attack Iran

Sun Oct 5, 2008 1:48pm EDT

JERUSALEM (Reuters) - French Foreign Minister Bernard Kouchner has urged Israel not to launch a military strike against Iran's nuclear program, an Israeli newspaper reported on Sunday

Open Source Intelligence

http://www.bespacific.com/mt/archives/019480.html

October 05, 2008

Sunlight Foundation Releases First Online Foreign Agent Lobbying Database

News release: "...the Sunlight Foundation is releasing a beta version of FARAdb, which digitizes disclosures filed by lobbyists representing 15 foreign countries required by the Foreign Agent Registration Act. These reports are filed twice a year by firms hired to lobby Congress and the executive branch by foreign governments, political parties, individuals and organizations–including for-profit companies. The lobbying firms disclose specific details about which government officials, including members of Congress and their staffs, were contacted by lobbyists for each client, and gives details about what specific issues were discussed. The firms must also disclose all the campaign donations made by their employees who lobby for foreign clients."

Tools & Techniques: Who profits?

http://news.slashdot.org/article.pl?sid=08/10/05/201205&from=rss

A Wikipedia Conspiracy and the Wall Street Meltdown

Posted by kdawson on Sunday October 05, @05:14PM from the controlling-the-public-discourse dept. The Media The Almighty Buck The Internet

PatrickByrne writes

"This is The Register's world-class investigative piece concerning one aspect of the meltdown on Wall Street ('naked short selling') and how the criminals engaged a journalist to distort Wikipedia to confuse the discourse. The article explicitly and formally accuses a well-known US financial journalist, Gary Weiss, of lying about his efforts to distort a Wikipedia page under assumed names, and accuses the Powers That Be in Wikipedia (right up to and including Jimbo Wales) of complicity in protecting Weiss. This is not another story about a 15-year-old farm kid in Iowa pretending to be a professor. This is like the worst Chomskian view of Elites manipulating mass opinion. But it is all documented."

We discussed the alleged Wikipedia manipulation when The Register first wrote about it last December. The submitter is the CEO of Overstock.com and a major player in this drama from the beginning.

Tools & Techniques: Vulnerabilities in a connected world.

http://www.schneier.com/blog/archives/2008/10/new_cross-site.html

October 6, 2008

New Cross-Site Request Forgery Attacks

Interesting:

CSRF vulnerabilities occur when a website allows an authenticated user to perform a sensitive action but does not verify that the user herself is invoking that action. The key to understanding CSRF attacks is to recognize that websites typically don't verify that a request came from an authorized user. Instead they verify only that the request came from the browser of an authorized user. Because browsers run code sent by multiple sites, there is a danger that one site will (unbeknownst to the user) send a request to a second site, and the second site will mistakenly think that the user authorized the request.

If a user visits an attacker's website, the attacker can force the user's browser to send a request to a page that performs a sensitive action on behalf of the user. The target website sees a request coming from an authenticated user and happily performs some action, whether it was invoked by the user or not. CSRF attacks have been confused with Cross-Site Scripting (XSS) attacks, but they are very different. A site completely protected from XSS is still vulnerable to CSRF attacks if no protections are taken.

Paper here.

Toos & Techniques: No encryption system protects data forever.

http://it.slashdot.org/article.pl?sid=08/10/05/192258&from=rss

Encrypted Images Vulnerable To New Attack

Posted by kdawson on Sunday October 05, @04:04PM from the bye-bye-deniability dept. Security Encryption IT

rifles only writes

"A German techie has found a remarkably simple way to discern some of the content of encrypted volumes containing images. The encrypted images don't reveal themselves totally, but in many cases do let an attacker see the outline of a high-contrast image. The attack works regardless of the encryption algorithm used (the widely-used AES for instance), and affects all utilities that use single symmetric keys. More significant to police around the world struggling with criminal and terrorist use of encryption, the attack also breaks the ability of users to 'hide' separate encrypted volumes inside already encrypted volumes, whose existence can now for the first time be revealed."

The discoverer of this attack works for a company making full-disk encryption software; their product, TurboCrypt, has already been enhanced to defeat the attack. Other on-the-fly encryption products will probably be similarly enhanced, as the discoverer asserts: "To our knowledge is the described method free of patents and the author can confirm that he hasn't applied for protection."

Business models: It all depends on your strategy. Keeping customers in line or giving them what they want. (It also make them a takeover terget.)

http://news.cnet.com/8301-1035_3-10058498-94.html?part=rss&subj=news&tag=2547-1_3-0-5

Verizon bets big on network infrastructure

Posted by Marguerite Reardon October 6, 2008 4:00 AM PDT

From Verizon CIO Shaygan Kheradpir's 38th floor apartment on the Upper East Side of Manhattan with panoramic views of the East River, I saw first-hand the fruits of the company's $23 billion gamble to build a new fiber network directly to customers' doorsteps and a glimpse into where the strategy will lead next.

Kheradpir had invited a handful of journalists to his swank pad to show off the latest enhancements to Verizon's Fios TV service. The new features, which include everything from new widgets for getting weather and local traffic to a specially designed ESPN fantasy football application to remote control of DVRs, are rolling out across Verizon's Fios footprint right now with New York, Verizon's largest market, expected to get the enhancements starting October 9th.

While its cable competitors look for ways to curb their customers' usage of their networks by either slowing down certain applications or metering usage, Verizon plans to spend about $23 billion through 2010 to take fiber directly into people's homes to actually increase the amount of bandwidth people consume. The company also recently spent $9 billion on 700Mhz spectrum in the Federal Communications Commission's auction, which it plans to use to build a new fourth-generation wireless broadband network, again with the hope that people will choose bandwidth-intensive applications.

... So far, Verizon's gamble appears to be paying off. In areas where it sells Fios TV, Verizon has been able to steal customers from cable and satellite providers. And as of the end of June this year, Verizon had increased its Fios TV penetration rate to 19.7 percent from 13.3 percent in 2007. In total, the company has 1.4 million Fios TV subscribers.

Verizon is also getting high marks from customers. In a recent J.D. Power and Associates survey, Verizon Fios TV ranked higher than cable or satellite in terms of customer satisfaction. Specifically, customers said Fios TV's picture clarity and programming exceeded their expectations. AT&T, which provides its U-Verse service, also got high marks for its IPTV offering.

Verizon's goal is to attract 4 million customers by 2010, giving it a market penetration of about 25 percent. And it hopes to attract about 7 million Fios Internet customers, for a penetration rate of 35 to 40 percent.

Wager with self: After months of 'effort' and millions in treasure, the final report will not mention the On/Off switch.

http://yro.slashdot.org/article.pl?sid=08/10/06/0237238&from=rss

Senate Votes To Empower Parents As Censors

Posted by kdawson on Monday October 06, @08:05AM from the you-are-what-you-block dept.

unlametheweak recommends an Ars Technica report that the US Senate has unanimously passed a bill requiring the FCC to explore what "advanced blocking technologies" are available to parents to help filter out "indecent or objectionable programming." "...the law does focus on empowering parents to take control of new media technologies to deal with undesired content, rather than handing the job over to the government. It asks the FCC to focus the inquiry on blocking systems for a 'wide variety of distribution platforms,' including wireless and Internet, and an array of devices, including DVD players, set top boxes, and wireless applications."