Saturday, January 12, 2008

What happens when you attract smart people?

Dining hall computer hacked at CSU Stanislaus

Friday, January 11 2008 @ 04:04 PM EST Contributed by: PrivacyNews News Section: Breaches

It has not been a good week for edu breaches.....

A dining vendor’s server appears to be the source of a data breach at California State University, Stanislaus in which personal credit and bank card information was exposed, the university says Friday.

Personal information on the server includes credit card numbers, cardholder names, and expiration dates. The number of people whose information may have been compromised is still being investigated as are other elements of the case, the Central Valley university says.

Source - Central Valley Business Times

If true, how would managers stop this?

University of Akron warns students of missing data

Friday, January 11 2008 @ 11:39 AM EST Contributed by: PrivacyNews News Section: Breaches

The University is telling students that it's lost a hard drive containing personal information. The hard drive contains names, addresses and Social Security numbers of more than 800 students and graduates of the College of Education.

The drive was likely inadvertently discarded and destroyed in December.

Source - WKYC

Other than that...

(follow-up) TSA website breach puts travelers at risk; poetic justice for boarding pass hacker

Friday, January 11 2008 @ 10:33 AM EST Contributed by: PrivacyNews News Section: Breaches

By Chris Soghoian, who originally called attention to the problems with the web site:

A scathing new congressional report reveals that security flaws in a TSA website put thousands of Americans at risk of identity theft. The investigation also reveals the no-bid contract to create the site was awarded to the outside firm by a TSA employee who had previously worked there. Was this just business as usual at TSA?

In October 2006, the Transportation Security Administration launched a website to help travelers whose names were erroneously listed on airline watch lists. This website had a number of security vulnerabilities: it was not hosted on a government domain, its home page was not encrypted, one of its data submission pages was not encrypted, and its encrypted pages were not properly certified.

Source - C|net (blog)

Related- Report: Information Security Breach at TSA: The Traveler Redress Website [pdf]
Related - Chairman Waxman Releases Report on Information Security Breach at TSA's Traveler Redress Website

Have we reached the “Outer Limits?” (We control...) I'm will to allow this as long as they pay the bills...

California Utilities to Control Thermostats?

Posted by ScuttleMonkey on Saturday January 12, @05:33AM from the bet-those-will-never-get-tampered-with dept. Power United States

TeraBill writes "It seems that the California Energy Commission is looking to give utilities in the state the power to control the thermostats in private homes via a radio signal. The idea is that during times of significant energy crunch, the utilities could force thermostats to higher temperatures rather than having to implement a rolling blackout. The thermostats have been around for a while and new ones were on display at the CES show in Vegas this week. While I can see the argument for it, we just had a kid take over a tram system with a remote control, so how long before our thermostat gets hacked by the neighbors. And I'd almost rather have the power drop than have someone significantly raise the temperature in my home if I had a computer running there. (UPS and a graceful shutdown versus cooking something.)"

Note that they do not use electronic voting machines, but they count and report electronically... When was the last time New Hampshire had a recount in the primary? (answer below)

New Hampshire to Recount Ballots in Light of Controversy

By Kim Zetter Email January 11, 2008 | 4:37:15 PM Categories: E-Voting, Election '08

Both Republican and Democratic candidates have asked the state of New Hampshire to conduct a hand recount of all primary ballots statewide, citing internet rumors about vote discrepancies and voting machine fraud in the primary results.

... The last time New Hampshire conducted a statewide recount of a presidential primary was in 1980.

Each file MUST have a responsible manager (steward) who must certify what the file contains, how it is used, and how it should be protected (e.g. encrypted). Failures like this should result in some serious disciplinary action – not just an apology.

UI College of Engineering notifies former students of technology miscue

Friday, January 11 2008 @ 03:17 PM EST Contributed by: PrivacyNews News Section: Breaches

The University of Iowa College of Engineering has notified some 216 of its former students that some of their personal information, including Social Security numbers, was inadvertently exposed on the Internet for several months, until the erroneous file location was discovered in early January 2008. The information did not include birth dates, specific grades, or any financial information, such as credit card numbers.

Source - Iowa City Press-Citizen

A fun case to debate?

When Anyone Can Be A Publisher, Defamation And Free Speech Issues Get Trickier

from the old-rules-may-not-apply dept

We've been seeing all sorts of lawsuits lately that show how the rise of technologies like the internet have really caused troubles. Most of these laws were written in a time when it was impossible to imagine a day when anyone and everyone could be their own instant publisher. Take, for example, a divorce case that is suddenly getting a lot of attention, due to legal questions drawn out by the husband's decision to publish a "fictional" account of his marriage on his blog. The wife asked the divorce court to issue an injunction, which it did, claiming that the site is harassment. However, the husband is fighting it, refusing to take down the content, noting that it's a violation of his free speech rights, especially since the order bars him from posting anything at all about his wife. There are a number of complications on top of that. First of all, there's the question of whether or not you can use an injunction to stop speech, even if it's defamatory. Then there's the question of whether or not the speech really is defamatory (made even more confusing by the guy's claim that the story is fictional). We're going to be seeing more and more of these cases, as it's going to take quite some time before people realize that the internet changes the way many people will think about certain types of laws.

On the other hand... (Rodney King! Rodney King!)

China blogger beaten to death

(CNN) -- Authorities have fired an official in central China after city inspectors beat to death a man who filmed their confrontation with villagers, China's Xinhua news agency reports.

The killing has sparked outrage in China, with thousands expressing outrage in Chinese Internet chat rooms, often the only outlet for public criticism of the government.

... The swift action by officials reflects concerns that the incident could spark larger protests against authorities, whose heavy-handed approach often arouses resentment.

... "He was beaten to death for doing something which is becoming more and more common and which was a way to expose law-enforcement officers who keep on overstepping their limits."

Remember, there was an article about hacking the latest Boeing aircraft...

Dozens injured as boy wreaks havoc by playing trains with city's trams

By ALLAN HALL Published Date: 11 January 2008 Source: The Scotsman

A POLISH schoolboy who turned a city's tram network into a giant toy by manoeuvring rolling stock using a TV-style remote control has been arrested after he caused chaos on the public transport system.

Adam Dabrowski, 14, described by teachers as a model pupil and an electronics genius, hacked into the public transport network in Lodz to change the track points derailing at least four trams and leaving dozens injured.

Transport employees said they knew immediately that someone outside their staff had caused the accident. [Clearly impossible (But I bet they hire the kid.) Bob]

Golly gee wilikers, RIAA. Maybe giving away music IS smart.

Radiohead Finds Sales, Even After Downloads

By JEFF LEEDS Published: January 10, 2008

LOS ANGELES — In a twist for the music industry’s digital revolution, “In Rainbows,” the new Radiohead album that attracted wide attention when it was made available three months ago as a digital download for whatever price fans chose to pay, ranked as the top-selling album in the country this week after the CD version hit record shops and other retailers.


EMI Threatens To Leave IFPI

from the change-your-strategy dept

Last November, we noted that the "under new management" major record label EMI was discussing the possibility of scaling back its support for the RIAA and the IFPI, after realizing that many of the group's actions were counter-productive and had helped lead EMI and the other record labels down the wrong path. The moment of awakening for EMI appears to have been Radiohead's experiment. Apparently, EMI is quite serious about this. Reader Jon notifies us that EMI has told the IFPI that it will leave the group at the end of March, if it doesn't shift its strategies towards helping the recording industry, rather than its current strategy, which has clearly not been working. Part of the proposal is that the IFPI merges with the RIAA, rather than having the two act as separate groups -- though, the two often do seem to work together. Either way, this could represent a huge step forward, as it appears that at least one of the major labels has finally realized what plenty of people have realized for nearly a decade: the strategy of focusing on protecting an obsolete business model while suing your biggest fans is more damaging than helpful. Getting EMI to pressure the industry to realign and rethink its strategies is a huge step forward -- even if it's happening about seven or eight years late.


Showdown Looms Over Pirated-Media Directory

Swedish Prosecutors Target Organizers of Pirate Bay, A Huge File-Sharing Guide

By AARON O. PATRICK and SARAH MCBRIDE January 11, 2008; Page B1

One of Hollywood's biggest foes is about to be called on the carpet. After years of steering Web surfers to free entertainment, the organizers of a massive directory of pirated movies, music and software in Sweden could finally face serious legal repercussions.

Based on evidence collected in a 2006 raid on the offices of The Pirate Bay, Swedish prosecutors say that by the end of January they expect to charge the individuals who operate the file-sharing service with conspiracy to breach copyrights.

... A pro-piracy political party has more members than the Greens.

... Sweden, which enjoys some of the world's fastest Internet speeds, strengthened its laws in 2005 to make online theft of movies a crime. But its efforts to crack down have had little success so far. In 2006, shortly after Swedish Justice Department representatives visiting Washington received a stern lecture from U.S. officials about the alleged damage being caused by Pirate Bay, Swedish police raided the site's offices and shut it down.

Although the site was back up within days, the raid inspired hundreds of pro-piracy citizens to take to the streets in protest and led to allegations that the U.S. was interfering in Swedish affairs. Pirate Bay won cult status among file sharers globally, and many Swedes continue to revere its founders as plucky upstarts who dared to take on Hollywood.

... For all the resources the entertainment industry, the U.S. and Sweden have put into the case, the outcome is far from certain. Even if Sweden wins convictions and jail time, the site won't be shut down immediately. Separate legal action would be required to accomplish that, and it might be beyond the reach of Swedish authorities because Pirate Bay says its computer servers have been moved to other countries. "The suspects hide their information all around the world, and I am pretty sure even if they are convicted that wouldn't stop the service," says Swedish prosecutor Hakan Roswall.

... The public delights in the group's attitude toward anybody who sends it cease-and-desist letters, which are often published on the Web site along with Pirate Bay's cheeky replies. Some 157,000 movies, songs and other files can be found on the site, according to the MPAA, and 1.5 million people visit it a day, Mr. Neij says.

This is interesting...

Court Nixes NASA Background Checks

Friday, January 11 2008 @ 03:10 PM EST Contributed by: PrivacyNews News Section: In the Courts

A federal appeals court ruled Friday that NASA should be blocked from conducting background checks on low-risk employees at its Jet Propulsion Laboratory, saying the practice threatens workers' constitutional rights.

The 9th U.S. Circuit Court of Appeals said the 28 scientists and engineers who refused to submit to the background checks "face a stark choice — either violation of their constitutional rights or loss of their jobs."

The decision written by Judge Kim Wardlaw reversed a ruling by U.S. District Judge Otis Wright and sent the case back to him with orders to issue an injunction on the workers' behalf.

Source - Associated Press

For my MATH class, I found a neat equation formatter... - Education Goes High Tech is a place where teachers and students can come together to learn. Study guides, lesson plans, notes, assignments and more can be implemented in this user-friendly educational network. There are two types of accounts: one for teachers and one for students. Teachers are given space to upload, edit and publish a wide variety of educational material including videos, photos, and charts. Other registered educators can then borrow content to share with their own students. Students on the other hand, can sign in to obtain homework, to submit their results and to ask questions. Material created on the site is open to the public and can be accessed via the search bar on site or from each individual teacher’s page. As far as the social aspects go, you’ll find profiles, social bookmarking, and even RSS feeds. There’s no cost associated with this service.

For my web site class...

7 Tools To Make An RSS Feed Of Any Website

Posted by Michael Garrett on September 30th, 2007

... This is why I have compiled a list of online web services which allow anyone to create an RSS feed of any website.

Might become a good resource.

Big Think

Friday, January 11, 2008

Big Think, the "Intellectual YouTube" backed by ex-Harvard Prez Lawrence Summers, Launches with Style and Starpower

You need a 3D capable graphics card, but you can watch the video...

The 3D web: try it now…

Boris Written on January 8, 2008 – 5:58 pm

I remember downloading the first VRML browser in 1999. It promised to show me the web in 3D fashion. Unfortunately it never went anywhere. Until now, maybe.

Check this video of a 3D browser built by SpaceTime and demonstrated during CES yesterday. It shows an Apple CoverFlow like interface to many popular websites. In this example eBay is used. The first 10 seconds are boring but don’t look away:

Can you imagine browsing the web like this? What would your site or this blog look like in 3D? What would be the advantage of browsing like this? One thing is for sure; don’t try this on dial-up.

Want to try it yourself? Download SpaceTime 1.0 (Windows only, for now) and let us know how it worked for you.

Friday, January 11, 2008

Will this cause a security upgrade?

UK: Bank boss becomes ID theft victim

Thursday, January 10 2008 @ 09:00 AM EST Contributed by: PrivacyNews News Section: Breaches

The chairman of Barclays bank has become a victim of ID theft after a fraudster stole £10,000 from his account. it has emerged today.

The conman duped call centre staff into issuing a credit card in the name of banking boss Marcus Agius and then used it to withdraw funds at a high street branch.

Source -

This should get lawyers in Canada talking about security. If it works, I may try it here...

Canadian Bar Association Personal Information Advisory

Thursday, January 10 2008 @ 08:52 PM EST Contributed by: PrivacyNews News Section: Breaches

Via The Canadian Privacy Law Blog:

An audit of the CBA online web systems has revealed unauthorized third party access to the system during the recent holiday period.

Immediate steps were taken to further enhance the security of the site, [which implies they knew how to make it more secure but hadn't bothered to actually do anything. Bob] and those whose records were potentially affected are being notified of this unauthorized activity.

The CBA takes the privacy of members very seriously and has taken appropriate steps to ensure that this type of incident does not happen again.

Source - CBA

Related - Michael Geist posted the notification members received:

Your records may have been affected by this unauthorized activity. The files contained personal information relating to online orders (name, address, phone, fax, member number) and encrypted credit card information. We have no reason to believe that the encrypted credit card information was compromised. CBA uses one of the most secure encryption solutions available to protect credit card information. As a precautionary measure, we recommend that members monitor their credit card accounts for suspicious activity.

We can, therefore we must. (After all, bartenders have photographic memories and remember your name forever...)

ID Tech May Mean an End to Anonymous Drinking

Posted by timothy on Thursday January 10, @04:33PM from the say-were-you-going-to-finish-that-martini dept. Privacy

Anonymous Howard writes "If you visit a lot of bars and restaurants, you've likely crossed paths with drivers license scanners — machines that supposedly verify that your license is valid. In actuality, many of these scanners are designed to record your license information in addition to verifying them, and those that authenticate against a remote database are creating a record of when and where you buy alcohol. Not only that, but they're not even particularly effective — the bar code on your license uses an open, documented standard and can be rewritten to change your age or picture. Collecting our driver's license information is one thing, but collecting data about our personal drinking habits is not only a violation of, according to the ACLU representative quoted in the article, privacy and civil liberties, but this 'drinking record' could also create problems for people in civil and criminal lawsuits as proof of alcohol purchases in DUI cases or evidence of alcoholism in divorce lawsuits."

If the states are becoming “Privacy Aware”...

WI: State agency will stop using Social Security info

Thursday, January 10 2008 @ 02:49 PM EST Contributed by: PrivacyNews News Section: Breaches

In a move that would prevent future accidental disclosures of residents' Social Security numbers like the one this week, the state Department of Health and Family Services will begin using randomly generated ID numbers later this year to identify nearly 800,000 Wisconsinites now receiving public assistance, a top department official says.

Source - The Capital Times

...why not the State Department? Think of it as a way to make concerns about taking information from the RFID chip moot.

State Department to ease access to passport data

Thursday, January 10 2008 @ 04:44 PM EST Contributed by: PrivacyNews News Section: Fed. Govt.

According to a release on Wednesday from the State Department, law enforcement officials and private parties may soon be able to request personal passport details. Currently, only State Department staffers who have undergone "background security investigation" handle such requests. The change to the State Department's system of records notice, or SORN, affects records dating as far back to 1925 and addresses amendments introduced in 2007 to the Privacy and Security Act of 1974.

Source - C|net

Related - Notice in Federal Register via Cryptome

Consider in light of the next article...

Who's More Tech Savvy? Employees Or Employers?

from the depends-on-which-technology dept

I came across two separate stories today at about the same time, which seemed to be saying very different things, but seem worth discussing together. The first is about how big companies are increasingly technology savvy in spying on workers in everything that they do (sent in by reader gonzogirl). It notes that while CIOs used to worry about how employees would react to being spied on, these days it's barely a second thought, as it's become almost standard. The other study involves some research suggesting that employees are becoming a lot more tech savvy than their employers and trying to drag them into the 21st century. The researchers behind that report say that employees understand technology much better than their own CIOs.

At first glance, the two reports may seem to contradict each other, but that may not really be the case. It may actually show a lot more about where the priorities are for CIOs of large companies these days: fearful of what employees are doing, rather than looking for ways to help them get things done. Thus, when employees show up with new tools to make them more productive, the response isn't too embrace them, but to fear them (or figure out how they can be monitored). This wouldn't be particularly surprising, but it should be troublesome for those large companies, who are breeding atmospheres of distrust and trying to hold back the innovation needed to boost productivity and compete with more nimble companies.

This requires no further comment from me... But I can't resist. When bureaucracy interferes with functions you have: “government” (No wonder they have problems with computer systems, they still haven't mastered 1870's technology!);_ylt=AtKXxTw_1w1u0aPekkAZkpas0NUE

FBI phone taps cut off over unpaid bills

Fri Jan 11, 3:10 AM ET

The FBI has failed to pay phone bills on time, causing telecommunication firms to temporarily cut off wiretaps used for terrorism investigations, an audit found.

In a review of the FBI's handling of special funds used for secret operations, the Justice Department's inspector general found an archaic payment system that goes through disorganized third-party offices.

A summary of the audit released Thursday noted that a telecommunication specialist pled guilty in June 2006 to stealing more than 25,000 dollars in confidential funds.

The audit found that the employee had taken advantage of the FBI's mismanagement of bills to steal money from refund checks, as the agency even has trouble cashing refunds from overpaid bills.

Good news, bad news? Something worth stealing vs. not a soft target?

Ca: Gun registry posting doesn't violate privacy

Thursday, January 10 2008 @ 12:04 PM EST Contributed by: PrivacyNews News Section: Non-U.S. News

The privacy commissioner has rejected complaints from firearms owners who claimed their privacy was violated by a searchable copy of the federal gun registry posted on the Citizen website.

... Last year, some gun owners filed complaints with Privacy Commissioner Jennifer Stoddart, saying the data could be used by thieves to target homes or businesses known to contain certain types of guns.

However, in a report to Parliament, Ms. Stoddart writes that the complaints were not well-founded and concluded that the RCMP had taken precautions to ensure gun owners would remain anonymous before the data were released to The Citizen.

Source - Ottawa Citizen

Playing the odds, Bruce? I don't agree, but I can see his point.

Steal This Wi-Fi

Bruce Schneier Email 01.10.08 | 12:00 AM

Whenever I talk or write about my own security setup, the one thing that surprises people -- and attracts the most criticism -- is the fact that I run an open wireless network at home. There's no password. There's no encryption. Anyone with wireless capability who can see my network can use it to access the internet.

To me, it's basic politeness. Providing internet access to guests is kind of like providing heat and electricity, or a hot cup of tea. But to some observers, it's both wrong and dangerous.

For my Stat class...

January 10, 2008

Sourcebook of Criminal Justice Statistics, 31st Edition

Sourcebook of Criminal Justice Statistics, 31st Edition: "The Sourcebook of Criminal Justice Statistics brings together data from more than 200 sources about many aspects of criminal justice in the United States. It has been compiled by the Utilization of Criminal Justice Statistics Project since 1973 and is funded by the U.S. Department of Justice, Bureau of Justice Statistics. Ann L. Pastore and Kathleen Maguire are co-directors of the Utilization Project and co-editors of the Sourcebook. The project is located at the University at Albany, School of Criminal Justice, Hindelang Criminal Justice Research Center in Albany, New York." [IWS Documented News Service]

Might be useful... - View Documentaries Online is a site that features what they consider some of the best documentaries around. When you visit the site you can browse through the documentaries by category. There are many categories from environment to religion to business. All of the documentary titles are listed in the categories. You can click on the one that you are interested in watching and watch it right on your computer. There are a total of 659 documentaries so have fun educating watching and learning at the same time at

Searching for “The Next Big Thing!” - New Blog About Startups, Tech News

Can’t get enough of tech and internet news? TheNextWeb will surely fix that. This site reviews, profiles and interviews startups, interesting tech personalities, new products and old ones that are making waves. Several contributors make up the NextWeb team—all experienced developers, slash writers and prodigious consumers of all things tech, also mostly Dutch; however, guest writers are encouraged and often featured on the site as well. You’ll find an interesting mix of tech related news, business news and analysis. Popular items are grouped in the tag cloud on the homepage. Interesting news bits and tips are received from the site’s crew of Webtiprs from all around the world. There’s a search bar and RSS feeds; you can also keep up with Next Web via Twitter and Facebook.

Thursday, January 10, 2008

Oh goodie! We won't have to wait for November.

Errors’ Transposing Votes and Diebold Machines Removed Votes From Obama and Paul

Allegations of vote fraud in New Hampshire’s primary are growing. In what was advertised as a fair and open election in the Live Free or Die state, it appears that concerns of the fraud and data manipulation are viable.

... The results from the Diebold machines, easily hacked in the HBO documentary Hacking Democracy, don’t add up. They claim that Ron Paul had over 2% fewer votes than the hand ballots suggest, and gave Giuliani a .5% boost for 4th place instead. The same ballot machines also show that Hillary faired 5% better than with the hand ballots, taking 1st away from Obama. See this site for more detailed analysis.

Probably too late...

January 09, 2008

Election Technology Council Releases Industry Guidelines for Safeguarding the Vote in 2008

Press release: "The Election Technology Council today announced the release of industry guidelines outlining best practices for election officials to adopt in response to potential and perceived threats to electronic voting systems. In releasing the guidelines, David Beirne, Executive Director of the Election Technology Council, said, “The Council recognizes that no voting technology is invulnerable, and as with other types of voting systems, it is critical for election administrators around the country to build robust procedures for safeguarding the use of electronic voting systems. Misconceptions concerning the operation of electronic voting systems, if left unanswered, can have a corrosive effect on voter confidence if they are not taken seriously and addressed with clear, factual information."


Man gets record sentence for computer sabotage

Wed Jan 9, 2008 9:48am EST

NEW YORK (Reuters) - A computer systems administrator was sentenced to 30 months in prison on Tuesday for trying to sabotage his company's servers out of fear he was about to lose his job, prosecutors said.

The U.S. Attorney's Office in Newark, New Jersey, said Yung-Hsun Lin received the longest ever federal prison term for a criminal attempt to damage a computer system.

He was also ordered to pay $81,200 in restitution to his former employer, pharmacy benefit manager Medco Health Solutions Inc.

Strategy or pure chance?

iPhone Forcing Open Wireless Networks?

Posted by samzenpus on Thursday January 10, @07:14AM from the open-up dept. Cellphones Wireless Networking Apple

fermion writes "Wired asserts that the iPhone Blew up the wireless industry. This article argues that because Apple demanded the opportunity to control thier own phone, and ATT née Cingular agreed, other companies are opening up the networks, and google now has the opportunity to make Android a realty. There are other tidbits. Allegedly Verizon turned Jobs down without even listening to his pitch, a decision they may well regret now that they are hemorrhaging customers. That Motorola and the networks were responsible for the fiasco dubbed the ROKR, something which I believe given how damaged the American version of the RAZR was compared to international version. It also estimates that the iPhone cost upward of $150 million to design, and earns Apple about $200 profit per phone."

The savings on medical insurance claims for the postal workers alone is staggering!

White House Gets Green by Putting Federal Budget Online

Posted by samzenpus on Wednesday January 09, @07:49PM from the won't-someone-think-of-the-trees dept. United States The Internet

coondoggie writes "Looking to save $1 million, 20 tons of paper, or close to 500 trees, the White House said today President Bush's 2009 Federal Budget will for the first time be posted online. The E-Budget will be available for downloading at the Office of Management and Budget Web site on Feb. 4. Typically the White House has paper-bombed congress and anyone else who wanted to read the budget with a tome which can reach 3,000 pages and weighed multiple pounds each."

Related? Imagine sending the budget to your “friends”

Spam your printer from the Web? Researcher shows how

A researcher has found that exploiting a little-known capability present in most Web browsers could allow attackers to take over a network printer

By Robert McMillan, IDG News Service January 09, 2008

Aaron Weaver has made a discovery the world could probably do without: He's found a way to spam your printer from the Web.

Tools & Techniques Could be useful

Belarc Advisor 7.2v (

Posted by Reverend on 10 Jan 2008 - 11:55 GMT

The Belarc Advisor builds a detailed profile of your installed software and hardware, missing Microsoft hotfixes, anti-virus status, CIS (Center for Internet Security) benchmarks, and displays the results in your Web browser. All of your PC profile information is kept private on your PC and is not sent to any web server.

Download: Belarc Advisor 7.2v

View: Belarc Homepage

Interesting idea and it looks like they need help in a few areas...

Free Video 'Legal Consultations' Are Now Available on the Internet!

Released : Wednesday, January 09, 2008 8:05 AM

BOCA RATON, Fla., Jan. 9 /PRNewswire/ -- Law Videos, Inc. has announced the launch of its revolutionary legal information website, The website provides immediate answers to volumes of general legal questions, on a variety of topics, such as personal injury, real estate, criminal law, etc., in a clear, crisp, video format, available entirely free of charge to the user.

Wednesday, January 09, 2008

Simple question: Why did they need SSANs online for this application?

UGA contacting 4,000 after server breached by hacker

Wednesday, January 09 2008 @ 07:50 AM EST Contributed by: PrivacyNews News Section: Breaches

University of Georgia officials are trying to contact more than 4,000 current, former and perspective residents of a university housing complex after a hacker was able to access a server containing personal information, including Social Security numbers.

The security breach happened sometime between Dec. 29 and Dec. 31, the university said Tuesday.

Source - Ledger-Enquirer

Related - Univ. investigates online security breach

[From the second article:

In 2006, administrators told The Red & Black the University will replace all Social Security numbers with another identifying number by 2009 or 2010.

That warm fuzzy feeling...

GAO: Numerous security flaws in IRS computers

Tuesday, January 08 2008 @ 01:54 PM EST Contributed by: PrivacyNews News Section: Fed. Govt.

It's the worst-case privacy nightmare. Hackers get into the Internal Revenue Service's computer system, which has incomes, Social Security numbers and other detailed financial information on practically every American. It hasn't happened yet, but the Government Accountability Office is saying today that the IRS still has "pervasive weaknesses" in security.

Source - Baltimore Sun

Related - Information Security: IRS Needs to Address Pervasive Weaknesses [pdf], GAO-08-211, January 8, 2008

Why is this important? See next article

FCC To Investigate Comcast Filtering; Questions Why Comcast Wasn't Forthcoming

from the what-about-if-it-had-been-a-telco? dept

The FCC hasn't appeared to have much of an issue with the various telcos spouting off about how they need to block certain kinds of traffic. In fact, even when AT&T agreed to keep its network neutral (sort of, but not really), FCC chair Kevin Martin made it clear that he wouldn't hold AT&T to its concessions on network neutrality. However, when a cable company, such as Comcast, starts doing some traffic shaping... well, that's a different story. There was a big fuss last year about Comcast's traffic shaping efforts. While it took a little while, the FCC has now said that it's going to probe Comcast's traffic shaping actions. Now, as we've said from the beginning, if Comcast feels it needs to do this kind of traffic shaping, that's one thing -- but there's simply no good reason (and a number of bad ones) not to be upfront and let its customers know about this. In fact, that appears to be a part of the FCC's thinking, as well, noting that the FCC allows "reasonable network practices" to protect a network, but: "when they have reasonable network practices, they should disclose those and make those public." Martin clearly has no love for cable companies, but how the FCC handles this issue could become important in determining how the FCC deals with other traffic shaping issues in the future.


AT&T and Other ISPs May Be Getting Ready to Filter

By Brad Stone January 8, 2008, 7:07 pm

For the past fifteen years, Internet service providers have acted - to use an old cliche - as wide-open information super-highways, letting data flow uninterrupted and unimpeded between users and the Internet.

But ISPs may be about to embrace a new metaphor: traffic cop.

At a small panel discussion about digital piracy here at NBC’s booth on the Consumer Electronics Show floor, representatives from NBC, Microsoft, several digital filtering companies and telecom giant AT&T said the time was right to start filtering for copyrighted content at the network level.

... Internet civil rights organizations oppose network-level filtering, arguing that it amounts to Big Brother monitoring of free speech, and that such filtering could block the use of material that may fall under fair-use legal provisions — uses like parody, which enrich our culture.

Here's one I don't get. Is there a lot of demand for access to Microsoft's $400 Office suite if Linux comes with several free suites? Will Sir Bill donate the operating system or charge $80 per copy (kinda kills that $100 laptop goal)

OLPC developing dual-boot Windows, Linux OS for laptops

Microsoft is working with OLPC to put a dual-boot system on laptops aimed at kids in developing countries

By Dan Nystedt, IDG News Service January 09, 2008

The One Laptop Per Child Project (OLPC) and Microsoft are working together to develop a dual-boot system to put both Linux and Windows on laptops aimed at kids in developing countries, the head of OLPC said in an interview Tuesday.

Similar (I guess) to the “tax” on blank CDs. 22 million users (out of a population of 33 million) would yield $132 million per year.

Canada's RIAA rejects $5/month fee per Internet user for unlimited access to all copyrighted music

By Rick C. Hodgin Tuesday, January 08, 2008 15:03

The Canadian Record Industry Association (CRIA), Canada's equivalent of the US's RIAA, has rejected a proposal that would've tacked on an additional $5 per Internet account per month to generate revenue for that industry. The additional revenue would've given all paying users unlimited access to copyrighted music, and would've been distributed to labels, artists, producers and everyone involved in the music pipeline. The Internet users could download and exchange music freely with other fee-paying users, thereby getting around the P2P block seen today.

The plan was created by The Songwriters Association of Canada, and presented to the CRIA, the Canadian Independent Record Production Association, and other publishing groups. It is estimated that it would've raised $1 billion per year. [perhaps they can't do math? Bob] The CRIA president, Graham Henderson, said, "We don't want to pursue what amounts to a pipe dream that is presented as a quick fix. We'll lose focus on the real issues that will help us resolve the industry's problem."

[perhaps $25/user/month would work? Bob]

Net music sales in Canada declined by $23 million, or 4 percent, to $608.7 million in 2005, the Canadian Recording Industry Association (CRIA) reported today.

Tools & Techniques Useful for image capture, but Wink is better for building instruction videos...


HyperSnap is the fastest and easiest way to take screen captures from Windows screen, and text capture (TextSnap™) from places where normal text copy is not possible. HyperSnap combines the power of a first-class screen capture application with an advanced image editing utility - wrapped into one easy-to-use tool!

Something for my Stat class?

Tuesday, January 08, 2008

When it is your business, you'd think you'd have a workable procedure... No indication the tape was encrypted. (People still use tapes?)

Iron Mountain loses backup tape with GE Money-Americas clients' info

Monday, January 07 2008 @ 10:51 AM EST Contributed by: PrivacyNews News Section: Breaches

GE Money-Americas has notified the state of New Hampshire that its vendor, Iron Mountain, lost a backup tape containing active account numbers and some Social Security numbers. O ver 1800 NH residents had account numbers on the missing tape, and less than 20 appear to have SSN on the tape. There was no indication of total numbers nationwide.

Summary prepared by based on Notification to NJ DOJ [pdf]

Not much of a manifesto... Not even a complete outline for a student paper – but it's a start!

A Privacy Manifesto for the Web 2.0 Era

Tuesday, January 08 2008 @ 07:39 AM EST Contributed by: PrivacyNews News Section: Internet & Computers

Written by Alec Saunders, co-founder and CEO of iotum, creators of the first conference calling service for Facebook. Alec’s personal blog is about VoIP and web products, technologies and businesses.

[...]... Let’s start by defining what we mean by personal information. Personal information includes any factual or subjective information, recorded or not, in any form, about an individual. For example: name, address, telephone number, gender, identification numbers, income, blood type, credit records, loan records, existence of a dispute between a consumer and a merchant — even intentions to acquire particular goods or services. And let’s not forget health, medical history, political opinions, religious beliefs, trade union membership, financial information and sexual preferences!

Now, what rights should you have? Here are four principles that form a Privacy Manifesto for the Web 2.0 Era.

Source - gigacom

Warm & Fuzzy #1

Boot Record Rootkit Threatens Vista, XP, NT

Posted by kdawson on Monday January 07, @09:41PM from the writing-to-zero dept.

Paul sends us word on a new exploit seen in the wild that attacks Windows systems completely outside of the control of the OS. "Unfortunately, all the Windows NT family (including Vista) still have the same security flaw — MBR [Master Boot Record] can be modified from usermode. Nevertheless, MS blocked write-access to disk sectors from userland code on VISTA after the pagefile attack, however, the first sectors of disk are still unprotected... At the end of 2007 stealth MBR rootkit was discovered by MR Team members (thanks to Tammy & MJ) and it looks like this way of affecting NT systems could be more common in near future if MBR stays unprotected."

Warm & Fuzzy #2

Hackers turn Cleveland into malware server

Monday, January 07 2008 @ 08:36 PM EST Contributed by: PrivacyNews News Section: Breaches

Tens of thousands of websites belonging to Fortune 500 corporations, state government agencies and schools have been infected with malicious code that attempts to engage in click fraud and steal online game credentials from people who visit the destinations, security researches say.

At time of writing, more than 94,000 URLs had been infected by the fast-moving exploit, which redirects users to the uc8010-dot-com domain, according to this search. Security company Computer Associates was infected at one point, as were sites belonging to the state of Virginia, the city of Cleveland and Boston University.

Source - The Register

[From the article:

He said the uc8010-dot-com domain (we don't recommend readers visit the site) was registered in late December using a Chinese-based registrar, indicating the attackers were fluent in Chinese.

An interesting interpretation. In the US, gathering (and organizing) the data should be enough for at least a Copyright... Right?

UK: Database right infringed when staff took customer lists, rules court

Tuesday, January 08 2008 @ 07:18 AM EST Contributed by: PrivacyNews News Section: Breaches

Employees who left a company to start up a rival breached that firm's database rights when they took information with them, the High Court has ruled. The firm failed to prove, though, that the actions breached the company's confidentiality.

[...]Rider and Simpson did not dispute that they had taken a list of Crowson's customers and information about sales to them as well as email addresses from the company.

Crowson claimed that the pair broke an implied duty [Not worth the paper it's written on... Bob] not to remove confidential business information from it, but the High Court ruled that the information they had taken did not qualify as confidential.

For information to be confidential there needs to be an obligation of confidence, [We need that phrase! Bob] and the information must be confidential in nature. Judge Peter Smith said that material did not become confidential just because an employer deemed it so.

Smith said that the information was not confidential, that it was either in the public domain, as in the case of addresses and phone numbers, or it counted as the skills and expertise that an employee would naturally build up, and was therefore not able to be restricted by the employer.

Source -

This must be at epidemic proportions to get the bank's attention.

Citibank limits ATM withdrawals in New York City

Monday, January 07 2008 @ 06:26 PM EST Contributed by: PrivacyNews News Section: Breaches

In response to a series of ATM robberies over the holidays, Citibank has drastically reduced the daily amounts its customers may withdrawal from ATMs. In some cases, customers of Citibank could once withdrawal as much as $2000 per day, depending upon the account. The new limits are around $500 per day for most customers.

Citibank attributes the action to reports of "skimming," the process of copying someone's ATM card and passcode or PIN, over the holidays.

Source - C|net

Another hack....

Dutch public transport card hacked

Tuesday, January 08 2008 @ 07:23 AM EST Contributed by: PrivacyNews News Section: Non-U.S. News

The security of the Dutch OV (public transport) card is at issue following the cracking of its secret code by German computer hackers.

The card, which is intended to replace the 'strippenkart', was due to be introduced throughout the country this year. It is likely that the launch will now be postponed. Because the card's code has been hacked, it would be possible for travellers to journey for free and for their private data to be made public.

Source - Radio Netherlands Worldwide

Another hack... (What happens when you attract bright people...)

Harvard uncovers ID scam that may involve debit cards

Tuesday, January 08 2008 @ 07:25 AM EST Contributed by: PrivacyNews News Section: Breaches

Harvard University police and the Middlesex district attorney's office are investigating a security breach at the school after an undergraduate allegedly manufactured phony driver's licenses and university identification cards that can be used as debit cards and to enter residence halls, the university announced yesterday.

Source - Boston Globe

Perhaps a bunch of hacks?

Digital gifts that keep on giving

Posted by Robert Vamosi January 7, 2008 1:43 PM PST

Care should be taken when plugging holiday gift gadgets into your personal computer and laptop, said security researchers at, Microsoft, and Kaspersky in recent blog posts. Reports of strange files being found on USB storage devices increased over the holiday season. Reporting Monday on the SANS' Internet Storm Center blog, director Marcus Sachs said, "In years past this would have been limited to iPods and USB memory sticks, but now it includes digital photo frames, GPS devices, external hard drives, and of course digital cameras."

Going forward... (Anyone who quotes Machiavelli is worth reading...)

January 07, 2008

UK Report: National Security for the Twenty-First Century

Current notions of defence, foreign affairs, intelligence and development are redundant in the new security environment... National Security for the Twenty-first Century, Charlie Edwards, DEMOS: "The government remains structured around functions and services with separate budgets for defence, foreign affairs, intelligence and development. Whitehall departments, intelligence agencies and the police forces that make up the security architecture have changed very little in the past two decades, despite the end of the Cold War and the attack on the World Trade Centre in 2001. Based on a 12 month research project, this pamphlet sets out an approach to national security drawing on reforms and innovations from governments elsewhere in Europe and the United States and suggests some new ideas designed to shape the future of the national security architecture."

“Hey, we gotta blame somebody!”

(follow-up) Guard: Metro laptops were stolen before Christmas Eve

Monday, January 07 2008 @ 06:11 PM EST Contributed by: PrivacyNews News Section: Breaches

... Murphy insists that the break-in that may have compromised hundreds of thousands of Metro voters’ Social Security numbers didn’t occur on his watch. In fact, it didn’t occur on anyone’s watch, because no one was assigned to watch, he said.

“I would swear on a stack of Bibles, that window was broken out Saturday,” Murphy said, referring to Dec. 22.

Source -

For my web site class... - Quick and Fast Movie Editing

In order to produce stunning videos, no matter how amateur, you’ll need a good video editor. Of the many that are out there, VideoSpin stands out for its streamlined yet powerful interface. It’s light weighing in at only 2.25MB. There are two main functions—editing and publishing. The former section is used for adding music and transitions, putting in texts and making snips here and there. The publishing section connects to the web and allows users to add their videos to video sites like Yahoo or Youtube. If you’re lacking inspiration, VideoSpin gives you expert tips along the way. The download is free.

Wait till the Porn Industry see this!

Making 3D Models from Video Clips

Posted by ScuttleMonkey on Monday January 07, @05:24PM from the fun-toys dept.

BoingBoing is covering an interesting piece of software called VideoTrace that allows you to easily create 3D models from the images in video clips. "The user interacts with VideoTrace by tracing the shape of the object to be modeled over one or more frames of the video. By interpreting the sketch drawn by the user in light of 3D information obtained from computer vision techniques, a small number of simple 2D interactions can be used to generate a realistic 3D model."

Chaos indeed. Perhaps the Colorado election commission can learn a lesson? Nah...

Group Sues To Stop German E-Voting

Posted by kdawson on Monday January 07, @11:18PM from the we-don't-trust-them-either dept. The Courts Politics

kRemit writes "The German hacker group Chaos Computer Club today sued the German State of Hessen to prevent the use of electronic voting machines (Google translation) in the upcoming elections on January 27. This comes as a follow-up to the Dutch initiative 'We don't trust voting machines,' which succeeded in banning the same type of voting machines in the Netherlands."

I'll have to read this closely to see what I did...

January 07, 2008

Spartans in Darkness: American SIGINT and the Indochina War

Via Secrecy News, "this 2002 study was released in response to a Mandatory Declassification Review request filed by Michael Ravnitzky": Spartans in Darkness: American SIGINT and the Indochina War, 1945-1975 by Robert J. Hanyok, Center for Cryptologic History, National Security Agency, 2002.

Ancient history, modern technology?

Thousands follow soldier's fate in WW1 "blog"

Mon Jan 7, 2008 11:31am EST By Mike Collett-White

LONDON (Reuters) - Thousands of people have been following the fate of a British soldier fighting in the trenches of World War One on a Web site publishing his letters home exactly 90 years after they were written.

How to look smart...

How To Solve a Rubik's Cube — Great beginners guide to solving the Rubik's Cube. Has step by step instruction with animation and images. Now you can solve any old cube laying around and impress your friends.

Monday, January 07, 2008

A dare is a dare – hacker love dares...

UK: Clarkson U-turn over identity theft

Monday, January 07 2008 @ 06:21 AM EST Contributed by: PrivacyNews News Section: Breaches

Jeremy Clarkson has admitted he was wrong to brand the scandal of lost CDs containing the personal data of millions of Britons as a "storm in a teacup" - after himself falling victim to a scam.

The Top Gear presenter and self-proclaimed voice of reason printed his own bank details in a newspaper to hammer home the point that his money was still safe and the spectre of identity theft a sham. He also gave instructions on how to find his address on the electoral roll and details about the car he drives.

However, in a rare moment of humility, Clarkson has now revealed he has lost at least £500 - after an unidentified reader copied his details to set up a £500 direct debit payable from his account to the British Diabetic Association. The charity is one of many organisations which does not need a signature to set up a direct debit. [Kinda makes it easy, don't it. Bob]

Source - Sunderland Echo

The Major Verdict in a Recent Identify Theft Case: How It Underlines the Risk for Financial Reporting Companies

Monday, January 07 2008 @ 06:24 AM EST
Contributed by: PrivacyNews
News Section: In the Courts

The U.S. Court of Appeals for the Fourth Circuit recently upheld a sizable verdict against a credit agency for failing to promptly and efficiently aid a victim of identity theft. The decision in Sloane v. Equifax Information Services does not break new doctrinal ground. It does, however, underscore how identity theft could become a headache not only for individual consumers, but large financial reporting companies. The case also highlights the difficulty of determining non-economic damages in cases involving consumer activities.

Source - FindLaw's Writ

ANNOUNCE: Health-related privacy breaches analysis update

Sunday, January 06 2008 @ 12:22 PM EST Contributed by: PrivacyNews News Section: Breaches

The on-site Medical Privacy Project analysis of health- or patient-related breaches has been updated to incorporate incidents reported in the media during 2007. Some of the major findings include:

  • The number of patient-related or health-related incidents reported in the media increased in 2007

  • Of the 354 incidents analyzed for this report, 55 (16%) resulted in fraud or ID theft

  • 80% of incidents that resulted in misuse of the data were attributable to employees who stole or improperly accessed patient or health-related information

Source - Medical Privacy at Risk: Privacy and Security Breaches [pdf] Updated January 2008.


Data “Dysprotection:” breaches reported last week

Monday, January 07 2008 @ 06:20 AM EST Contributed by: PrivacyNews News Section: Breaches

A recap of incidents or privacy breaches reported last week for those who enjoy shaking their head and muttering to themselves with their morning coffee.

Source - Chronicles of Dissent

The dangers of technology?

National Motorists Association Challenges Cities To Prove Red-Light Cameras Are Safer

from the put-up-or-shut-up dept

Over the years, we've had a number of posts about studies showing that red-light cameras tend to increase the number of accidents, even as cities that install them claim that they're doing so for safety reasons. The problem appears to be that red-light cameras cause more people to slam on the brakes at the last second, leading to more rear-ender collisions. Plenty of studies have shown that if you really want safer intersections, the solution is rather simple: increase the length of time for yellow lights and include a pause after a light turns red before the cross-traffic signal turns green. Some cities already do this, but many do not. A big part of the problem is that red-light cameras are big money makers for municipalities, who share the revenue with the makers of the cameras -- who have every incentive in the world to set the traffic lights to encourage more violations, rather than fewer. To give proof to the lie that municipalities are installing red-light cameras for safety reasons, the National Motorists Association is now offering $10,000 to cities (found via The Agitator) if it can't reduce by 50% the number of red-light violations using regular traffic engineering. They're only looking to do this at camera-enforced intersections that still have high numbers of violations. Of course, if the NMA can show such a reduction, the city would then be required to remove its red-light camera systems. What are the chances any city takes the NMA up on this challenge?

Online is good, but nothing feels like a good comic book...

Online Cartoonist Finds Financial Success Offline

Posted by Zonk on Sunday January 06, @10:32PM from the that's-a-lot-of-comic dept. Books The Almighty Buck The Internet

destinyland writes "The first collection of Perry Bible Fellowship comics has racked up pre-sales of $300,000 due to its huge online following. Within seven weeks the volume required a third printing. Ironically, the 25-year-old cartoonist speculates people would rather read his arty comics in a book than on a computer screen, and warns that 'There's something wonderful, and soon-to-be mythic, about the printed page...' He also explains the strange anti-censorship crusade in high school that earned him an FBI record!"