Saturday, February 02, 2008

Someone was thinking. That's a dangerous precedent to set.

CA: Stolen laptop puts IDs at risk

Friday, February 01 2008 @ 07:12 AM EST Contributed by: PrivacyNews News Section: Breaches

Fresno County officials have warned thousands of CalWorks clients that they could be at risk for identity fraud after the theft of a laptop computer late last year.

The computer was taken from a county office but belonged to Supportive Services Inc., a nonprofit agency.

The county Department of Employment and Temporary Assistance refers some CalWorks clients to that agency for child care-related assistance.

The laptop, which was encrypted with several passwords, [I've seen that phrase before, but I have no idea what they are trying to say. Passwords are not encryption. Bob] stored documents with personal information for up to 6,600 CalWorks clients who had been referred to the agency since 1999, according to the county.

... Hornback said notices were mailed to clients because state officials determined the level of encryption on the computer was insufficient to prevent data from being accessed. [Whatever they did, it wasn't adequate. That's the bottom line. Bob]

Source - FresnoBee

Would this law have changed the TJX dynamic? I don't think so...

MA: New law addresses personal information breaches

Saturday, February 02 2008 @ 06:55 AM EST Contributed by: PrivacyNews News Section: State/Local Govt.

Massachusetts recently became the 39th state to enact a data security breach notification law, the “Breach Notification Law,” to deal with security breaches of personal information of Massachusetts residents.

This news story reviews the provisions of the new law.

Source - Boston Herald

Perhaps they will pay more attention when Hillary wins the Republican primary?

Election Software Lost in Transit Found -- But More Chips Go Missing

By Kim Zetter EmailJanuary 31, 2008 | 1:35:06 PMCategories: E-Voting, Election '08

As I reported last month, 174 EPROM chips loaded with software that runs on Diebold optical-scan voting systems were lost in California after they were sent via Federal Express from the secretary of state's office to San Diego County election officials. Two cardboard shipping tubes that were supposed to contain the chips arrived empty in San Diego, with one of the tubes missing its lid.

It turns out that 156 of the chips were found in Santa Barbara, but 18 are still missing. Authorities say that a couple of other CA counties have now discovered that they're missing chips as well.

How they protect our Privacy

DHS Privacy Report Released

Friday, February 01 2008 @ 05:30 PM EST Contributed by: PrivacyNews News Section: Fed. Govt.

The Privacy Office of the Department of Homeland Security released the July 2006-July 2007 Privacy Report [pdf]. The Homeland Security Act of 2002 requires that the Chief Privacy Officer prepare a report to Congress on an annual basis on the activities of the Department that affect privacy, including complaints regarding program activities.

Source - Privacy Coalition

For those of us keeping score...

February 01, 2008

Privacy Rights Clearinghouse: A Chronology of Data Breaches

A Chronology of Data Breaches, updated January 30, 2008

Are we sure this isn't cyberwar?

updated 6:18 p.m. EST, Fri February 1, 2008

Third undersea Internet cable cut in Mideast

(CNN) -- An undersea cable carrying Internet traffic was cut off the Persian Gulf emirate of Dubai, officials said Friday, the third loss of a line carrying Internet and telephone traffic in three days.

Possibly useful? Likely to stir up a discussion

Webcasts from Data Privacy Day 2008 Available Online

Friday, February 01 2008 @ 07:59 AM EST Contributed by: PrivacyNews News Section: Other Privacy News

Webcasts of the Jan. 28 conference at Duke University, Data Privacy in Transatlantic Perspective: Conflict or Cooperation?, are available online for free viewing with Real Player:

Welcome and Opening Remarks by Francesca Bignami and Gilbert Merkx and Panel: The Past and Present of Data Privacy
Moderated by Leonardo Cervera Navas.
Panelists are Howard Beales, Peter Hustinx, and Stefano Rodota

Panel: Consumer Privacy Through Notice and Consent
Moderated by Sarah Ludington.
Panelists are Annie Anton, Giovanni Buttarelli, Fred Cate, Kathryn Ratte, and Peter Swire

Panel: Privacy and National Security
Moderated by Frank Schmiedel
Panelists are Florence Audubert, Francesca Bignami, Anne Klinefelter, John Kropf, and Thomas Zerdick

Panel: Global Data Flows and National Privacy Standards
Moderated by Richard Purcell
Panelists are Joe Alhadeff, Damon Greer, David Hoffman, Jane Horvath, Campbell Tucker

hat-tip - Leonardo Cervera

Perhaps variations on this theme could also be programmed – like only allowing photographs of politicians when they look honest, or photos of Brittany Spears being a great mom...

January 31, 2008 9:19 PM PST

Tessera buys camera detection software firm

Posted by Stephen Shankland

LAS VEGAS--Tessera Technologies has agreed to acquire FotoNation, a start-up that sells software cameras can use for tasks such as detecting and tracking faces, fixing flash-induced red-eye, and triggering the shutter only when subjects are smiling and not blinking.

If ignorance of the law is no excuse, can ignorance of the technology be an excuse?

Judge Grills E-Mail-Deleting Texas DA

By LIZ AUSTIN PETERSON The Associated Press Friday, February 1, 2008; 6:47 PM

HOUSTON -- An embattled prosecutor facing a contempt charge for deleting e-mails was grilled Friday by a federal judge who said he should have known better than to erase material he had been ordered to turn over.

... "I didn't think I was hard-deleting anything," Rosenthal said. "I thought the system maintained whatever I deleted in a separate part of the information technology system that could be retrieved to satisfy the subpoena."

Okay, this has apparently slipped by me. Tax increases I expect, an IRS satellite I missed.

Senators raise privacy issues about federal mileage tax proposal

Friday, February 01 2008 @ 08:47 AM EST Contributed by: PrivacyNews News Section: Fed. Govt.

Members of a U.S. Senate committee have raised the issue of privacy in response to a recommendation by a federal transportation commission to replace the federal fuel tax with a mileage-based tax.

Taxes collected on vehicle miles traveled – or VMT – would require a satellite-based technology to read how many miles a vehicle travels in a given state, members of the National Surface Transportation Policy and Revenue Study Commission said Thursday, Jan. 31, during a hearing before the Senate Environment and Public Works Committee.

Source - Land Line (hat-tip, Flying Hamster)

Strategy is bad only when it doesn't work...

Super Bowl Intellectual Property Insanity: No Big Screen Super Bowl Parties, Trademarking 19-0

from the the-big,-big-game dept

Well here are a couple stories to leave you with as we head into Super Bowl weekend. Every year it seems there's some insanity concerning the NFL somehow trying to abuse intellectual property rights above and beyond what they're designed for. Remember, the NFL thinks that it can tell reporters how to report on a game, while also forcing them to advertise for NFL sponsors. It also has been known to issue bogus DMCA notices. And, of course, don't forget that not only has the NFL bullied people into believing that you can't use the phrase "The Super Bowl" in an advertisement, after many advertisers switched to the euphemism "The Big Game" to appease the NFL, it tried to trademark "The Big Game" as well.

This year, the big news (as submitted by a lot of you), but first by Ryan, is that the New England Patriots have applied for a trademark on "19-0" to represent the undefeated season the team will have if it wins this season. The NY Post, snarky as ever, filed for a trademark on 18-1 in response, supporting the home town NY Giants. This, of course, seems rather ridiculous. What would happen in future seasons if some other team was able to go 19-0? There's also the question of hubris in declaring yourself 19-0 before that final game. On that note, you can already pre-order a book about the 19-0 season, even though it hasn't been completed yet.

That's not all, though. Last year, we had a story that got tremendous attention about the NFL stopping churches from having Super Bowl parties, if they had a TV that was bigger than 55". There was a lot of fuss about it, and you would think that, perhaps, the NFL would let it slide this year. Not so. Ethan Bauley writes in to let us know that, once again, the NFL has been going around stopping churches from holding Super Bowl... er... The Big Game... er... "Best Commercials Of The Year, Interrupted By Some Game" parties, for having TVs that are too big.

So, remember, as you watch the... event... this weekend, to do so on a TV smaller than 55", do not refer to it as "The Super Bowl" or "The Big Game," make sure to notice the photojournalists wearing sponsors' clothing, and certainly do not put a fair use clip on YouTube. And, perhaps, cheer on the Giants in their effort to make the 19-0 trademark question a hypothetical, rather than practical, question.

Have I discovered “the next big thing” for computer stores?

Computer shop sales pitch: 'We remove Vista' (PIC) — Shop manager Aaron Kaplan said they were prompted to put it up because so many people were having problems with Windows Vista, including compatibility issues with older software and trouble adjusting to the interface.

This is interesting. I don't think I've mentioned it here before...


eNotes features study guides, critical material, and group forums on more than 20,000 works of literature and other academic subjects.

[Warning: You can waste a lot of time browsing here. There is too much interesting stuff! Bob]

For my web site class... - All In One Video Search

Did it ever happen to you that you were looking for a video in, say, YouTube, and regardless of how much you searched you didn’t seem to get across it? Did you ever feel stupid when you said ‘Oh, well, let’s try Veoh for a change’ and there it was, staring at you from the #1 in the search results page? Well, those days are over for good, because thanks to you can beat the strange shifts in audience and liking that make people upload stuff to one of the video portals and not to the next. This site is a Search Engine that simultaneously searches the largest video portals: YouTube, LiveVideo, DailyMotion, iFilm, Veoh, and presents you with the combined results so you need only make one click as opposed to a gazillion, when searching each portal separately.

Conduct your own surveillance! - Webcams Around the World is a site that aggregates webcams from around the world. When first entering this site you see a Google map with small cam icons in several colors, each of which stands for one kind of webcam (traffic, business, nature, cities, etc.). When clicking into the icon, a small screen opens up where you can see that particular webcam in real time, plus it opens the original site from which the webcam came from. Data on webcams is submitted by users, plus you can limit your search by kind of webcam. Users can also search a specific location to take a look at what the available webcams in that specific area are, or browse the tag cloud to find out what the hottest topics are. Other than the default English in which the site is displayed, it is also available in Spanish and Italian. - Typography News for Perfectionistas

As happens with all design-related sites, is dangerously addictive, so be warned. This sleekly designed site is an online catalogue of typography, which aggregates different kinds of typefaces from top design artists and studios so that users can create their bookmarks, which will be stored in their profile, which in turn becomes their online type portfolio. Downloads are not available from this site, but since all entries are linked to the design studio that created them and some allow downloading you might get some freebies, however the best types are generally for sale. The site also aggregates tutorials and links to blog posts and articles that are somewhat related to typography design and trends, plus a comprehensive directory of links to sites that share the interest for typefaces and typeface design.

Friday, February 01, 2008

Even third world terrorists can commit Identity Theft. (but you can't change behavior that quickly)

Debit-card ring may be linked to Tamil terrorists

Thursday, January 31 2008 @ 07:39 AM EST Contributed by: PrivacyNews News Section: Breaches

A routine traffic stop this week has unravelled an international debit card fraud ring, has led to 373 criminal charges and possibly has broken up a Tamil Tiger terrorist fundraising and money laundering operation, police said Wednesday.

All because four men ran a stop sign in a Scarborough, Ont., last Monday, Det. Peter Trimble said.

"That's not too smart a thing to do when you're driving a van full of stolen bank cards," he said. "And they had been drinking and had open liquor in the car, which also isn't very smart."

Source -

The “personal liability” side of data spills. Do you suppose this is covered by malpractice insurance?

MN: Doctor Loses Flash Drive With Patient Information

Thursday, January 31 2008 @ 12:13 PM EST Contributed by: PrivacyNews News Section: Breaches

Parents with fertility problems know that it's a very private struggle. Couples often don't even tell close friends or relatives they're having trouble having a baby.

That's why the loss of patient information at the University of Minnesota's Reproductive Medicine Center has leaders there especially worried.

Dr. Theodore Nagel, a doctor at the fertility clinic, lost a flash drive that he used to back up his computer. The drive holds details of infertility treatments for 3,100 patients going back to 1999.... No financial or social security information was on the drive.

Source - WCCO (hat-tip, ESI)

I missed it...

Voter Privacy Is Gone -- Get Over It

Thursday, January 31 2008 @ 12:01 PM EST Contributed by: PrivacyNews News Section: Other Privacy News

Last month published an enlightening article that unfortunately got lost in the holiday shuffle and didn't get a lot of play. It's worth reading so I want to highlight it here.

The article examines a voter registration data broker named Aristotle, which buys voter registration lists from counties and states. It then combines that information with highly personal and detailed information about voters that it mines from various other sources before reselling the data to candidates, political operatives, and commercial entities.

Source - Threat Level blog

A privacy sound bite... (20 second video)

Thursday, January 31, 2008

Senator Feingold Puts Protect America Act in a Nutshell

Courtesy of Matt Stoller, this gem of a clip shows Senator Russ Feingold (D-Wis.) explaining the Protect America Act (PAA) in a nutshell.

"L'audace, l'audace, toujours l'audace!"

Threats From Everywhere in 'Cyber Storm'

By TED BRIDIS Associated Press Writer Jan 31, 2:01 PM EST

WASHINGTON (AP) -- In the middle of the biggest-ever "Cyber Storm" war game to test the nation's hacker defenses, someone quietly targeted the very computers used to conduct the exercise.

The surprising culprit? The players themselves, the same government and corporate experts responsible for detecting and fending off attacks against vital computer systems, according to hundreds of pages of heavily censored files obtained by The Associated Press. Perplexed organizers sent everyone an urgent e-mail marked "IMPORTANT!" instructing them not to probe or attack the game's control computers. [“Hey! In a real attack, this would never happen.” Bob]

... Among the mock disasters confronting officials in the previous exercise: Washington's Metro trains shut down. Seaport computers in New York went dark. Bloggers revealed locations of railcars with hazardous materials. Airport control towers were disrupted in Philadelphia and Chicago. Overseas, a mysterious liquid was found on London's subway. [Why not “a cable in the Suez Canal was cut...” Bob]

... In one scenario, after mock electronic attacks overwhelmed computers at the Port Authority of New York and New Jersey, an unspecified "major news network" airing reports about the attackers refused to reveal its sources to the government. [Thank god for waterboarding! Bob] Other simulated reporters were duped [by both sides? Bob] into spreading "believable but misleading" information that confused the public and financial markets, according to the government's documents.

Have I posted this before?

January 31, 2008

Minimizing the Effect of Malware on Your Computer: FTC Offers Information on Protecting, Reclaiming Your Computer

"Criminals are hard at work thinking up creative ways to get malware on your computer, warns the Federal Trade Commission. With appealing Web sites, desirable downloads, and compelling stories, these criminals try to lure consumers to links that will download malware, especially on computers that don’t use adequate security software. Then, they use the malware – malicious software – to steal personal information, send spam, and commit fraud. A new publication from the FTC has information that could help consumers protect their computers against malware and reclaim their computer and electronic information if malware is already on their computer. The publication, Minimizing the Effects of Malware, provides tips on spotting malware, and urges consumers to act immediately if they suspect their computer is affected by malware."

Another resource

Resource: Identity Theft Prevention and Identity Management Standards

Thursday, January 31 2008 @ 04:50 PM EST Contributed by: PrivacyNews News Section: Businesses & Privacy

Courtesy of ANSI:

IDSP Final Report - Summary This 20 page summary is an excerpt from Volume I [pdf]

Volume I: Findings and Recommendations This 134 page volume comprises the Panel’s findings and recommendations for areas needing new or updated standards, guidelines, best practices or compliance systems. [pdf]

Volume II: Standards Inventory This 124 page volume comprises the Panel’s complete catalog of existing standards, guidelines, best practices and compliance systems. [pdf]

IDSP Webinar Powerpoint Presentation Jan. 31, 2008 Webinar

Is this a wise investment? Possibly, but I don't think Microsoft is the one to turn them around... Anyone want to join me in a counter-bid?

Feb 1, 7:44 AM EST

Microsoft Offers $44.6B for Yahoo


SAN FRANCISCO (AP) -- Microsoft Corp. has pounced on slumping Internet icon Yahoo Inc. with an unsolicited takeover offer of $44.6 billion in its boldest bid yet to challenge Google Inc.'s dominance of the lucrative online search and advertising markets.

Speaking of big bucks (although I think this quite doable)

Fixing US Broadband Would Cost $100 Billion

Posted by Zonk on Thursday January 31, @04:02PM from the let's-get-started dept. The Internet Networking The Almighty Buck United States Technology

I Don't Believe in Imaginary Property writes "According to a new report from EDUCASE (pdf), it would cost $100 billion to wire the US with fiber optics and keep our infrastructure from falling behind the rest of the world. Specifically, they recommend what has worked in many other countries — government investment and unbundling — which are often criticized by free market groups, even though those policies have resulted in faster, better connections for smaller total costs. Ars Technica mentions in their analysis of this report that the President will be releasing a report on US broadband today, too."

Dilbert nails me! (What did I ever do to Scott Adams?)

For my web site class - Multi-Media Lightbox

Although there are already many Javascript modal windows or lightboxes available on the net, Multibox is offering something different. Multibox from Phatfusion is a lightbox which supports image, videos, mp3s, html, and flash. What you get are slick looking framed pictures with html texts, quicktime movies, Real player clips, .wmv files, and more. Multibox allows for overlays with semitransparent backgrounds, containers, show numbers, class name of the description, and content color. It is compatible with Firefox, IE and Safari and it works on Windows as well as Macs. To use it you'll need mootools version 1.11. It is free to download. - Making Charts Sexy

Tired of those old, standard charts that bore you to tears? Rich Chart Live aims to revolutionize the way you look at charts. Rich Chart Live is a newly released web-based charting product that creates sexy charts using Flash. You don’t need to download anything, just a browser will work--and any operating system. Charts created using the application have attractive visuals and are interactive. Simply input the information manually, or copy and paste from any spreadsheet. You can publish your creation for the whole world to see, or export to Flash or PowerPoint. You can even embed to blogs or websites with a simple copy and paste job. Now there’s no excuse to bore your clients or boss with ugly charts. It’s free to use or you can purchase the full edition (minus the RCL’s corner logo) for $39 a month. - Create Forms in Minutes

So forms may not win you awards, and no one really pays too much attention to them anyhow, but they often do play an important role on websites. FormStyleGenerator is just the tool you need to design and create forms without any hassle. It takes only three steps. First, you've got to design it. You pick the background style and color, the borders (color and size and perimeters), font and text (style and size and weight), label and font, and mouse event. Once you've got all that sorted out, preview your form and then download it. Step three: apply. You find the style to apply to Input, TextArea, Slect and Buttons form elements. And that's it, your form is ready to go.

Thursday, January 31, 2008

“Hey, if we pretend we don't know what is on these computers we can downplay the nastiness of this data spill.” (It's either that or they truly don't know what their employees are doing.)

CA: Stolen computers may hold hospital billing information

Wednesday, January 30 2008 @ 06:39 PM EST Contributed by: PrivacyNews News Section: Breaches

... PHNS, a Texas-based insurance-billing firm that handles business operations for Tuolumne General Medical Facility, formerly Tuolumne General Hospital, under contract with the county, said up to 200,000 people, most in California, may be affected..... The theft of four laptop computers and a desktop computer late last year at a PHNS office in Cerritos spurred the warning.

... Authorities have recovered two of the computers. Schunder said company computer experts determined neither of the computers' information had been breached.

Billing information, not patient information, like medical records, was stored on the computers.

Neither of the computers recovered had Social Security numbers on them, Schunder said. He was uncertain if the other machines did, but said the information would have been hidden through encryption. [Good to hear... Bob]

Source - Union Democrat

[From the article:

Nearly 800 former and present Tuolumne General medical customers should receive letters by this week informing them their billing information may have fallen into the hands of thieves. [Shouldn't they notify all 200,000? Bob]

... The investigation delayed an immediate announcement about the thefts, said Larry Schunder, president of PHNS's business process outsourcing division. [Why? Didn't the thieves know they had stolen the computers? What purpose could it possibly serve? Bob]

What happens when a Company is the victim of ID Theft? (If the money is greater, this may become the crime of choice.)

Puritan Stone suffers company ID theft

Thursday, January 31 2008 @ 05:50 AM EST Contributed by: PrivacyNews News Section: Other Privacy News

Operators have been warned to ensure they keep their documentation up to date and can account for all their work after a Flint-based operator contacted CM to say it is the victim of identity theft. Puritan Stone runs seven trucks in the North Wales region, but has been receiving calls and letters from companies in Italy, Poland, Bulgaria and Greece asking about loads it is supposed to have delivered.

Bailiffs seeking payment of VAT for transactions on the Continent have also visited Puritan's office in Flint and the company has received a summons to appear in court in Greece in relation to a driver's unpaid wages of €6,000 (£4,450).

Source - Road Transport

Is this more of the same thinking that causes organizations to delay announcing theft of data to “aide the investigation?” What is the real goal here?

Australian Police Chief Seeks Terror Reporting Ban

Posted by samzenpus on Thursday January 31, @12:02AM from the ignorance-is-bliss dept. Censorship Government

DJMajah writes " reports that Australian Federal Police chief Mick Keelty has called for a media blackout on reporting of terrorism investigations and cases before trial in a speech to the Sydney Institute last night. Although he doesn't believe public institutions be immune from public accountability, he goes on to say that public discussion should be delayed until information is made available by the courts or legal proceedings are complete. This all comes after last years widely reported case of Dr. Mohammed Haneef who was detained then later deported from Australia on evidence described as weak — and seen by some including Haneef as a conspiracy."

Is this a real reaction (at last) from lawmakers or just 'election year' lip service?

MD: Tougher penalties, prosecution for ID theft

Wednesday, January 30 2008 @ 12:02 PM EST Contributed by: PrivacyNews News Section: State/Local Govt.

... Together with Delegate Susan Lee, I served as co-chairperson of the task force. The panel met six times between Aug. 22 and Dec. 6, 2007 to hear testimony from federal, state and local agencies, business and consumer advocates, law enforcement and citizens who have felt the impact of ID theft.

. Among the task force recommendations, which will be considered by the 2008 session, are proposed laws to:

  • Increase penalties for felony ID fraud from a maximum of five to 15 years imprisonment and from $25,000 to $50,000 fine

  • Prohibit a person from knowingly and willfully removing, taking, possessing or receiving mail without the permission of the intended recipient or the United States Postal Service

  • Make unauthorized possession of credit card skimming or re-encoding devices illegal [No doubt they will grandfather in those who already have these devices – like security managers with door cards. Bob]

Source - Community Times

...and this one? (Once they checked to be sure Tony Soprano wasn't behind it, it became possible to push for an investigation?)

(follow-up) NJ: Lawmakers call for probe into theft of Blue Cross laptop

Wednesday, January 30 2008 @ 05:01 PM EST Contributed by: PrivacyNews News Section: Breaches

Several state lawmakers today called for an inquiry into a data breach that exposed the personal information and Social Security numbers of more than 300,000 Horizon Blue Cross/Blue Shield subscribers contained in a stolen laptop computer.

.... Senate President Richard Codey (D-Essex) said he would refer the case to the state's inspector general.

Meanwhile, Assemblyman Gary Chiusano (R-Sussex), who sits on the Financial Institutions and Insurance Committee, plans to introduce legislation to force Horizon to pick up any legal costs or damages resulting from any identify theft crimes stemming from negligence in the matter.

Source -

Practicing for cyberwar? Is the threat of loss of access to eBay sufficient to keep a country in line?

Millions in Middle East Lose Internet

Posted by samzenpus on Thursday January 31, @02:54AM from the no-web-for-you dept. The Internet

Shipwack writes "Tens of millions of internet users across the Middle East and Asia have been left without access to the web after a technical fault cut millions of connections. The outage, which is being blamed on a fault in a single undersea cable, has severely restricted internet access in countries including India, Egypt and Saudi Arabia and left huge numbers of people struggling to get online. Observers say that the digital blackout first struck yesterday morning, with the Egypt's communications ministry suggesting it was caused by a cut in a major internet pipeline linking it to Europe."

There are many reports under this link, but I want to ask a question about the first one. If I'm returning from Canada and somehow (large hammer) my RFID tag was damaged, do I become a stateless person? Will I be allowed into the country anyway? Will they provide a replacement document – with functioning RFID tag? If so, how am I different from a terrorist trying to gain entry?

Dept. of Homeland Security Privacy Impact Assessment Updates

Wednesday, January 30 2008 @ 09:47 AM EST Contributed by: PrivacyNews News Section: Fed. Govt.

Use of Radio Frequency Identification (RFID) Technology for Border Crossings, January 22, 2008 (PDF, 25 Pages – 222 KB) U.S. Customs and Border Protection (CBP) employs Radio Frequency Identification (RFID) Technology that is to be used in cross border travel documents to facilitate the land border primary inspection process. A unique number is embedded in an RFID tag which, in turn, is embedded in each cross border travel document. At the border, the unique number is read wirelessly by CBP and then forwarded through a secured data circuit to back-end computer systems. The back-end systems use the unique number to retrieve personally identifiable information about the traveler. This information is sent to the CBP Officer to assist in the authentication of the identity of the traveler and to facilitate the land border primary inspection process. Multiple border crossing programs use or plan to take advantage of CBP's vicinity RFID-reader enabled border crossing functionality including CBP's own trusted traveler programs, the pending Department of State's (DoS) Passport Card, the Mexican Border Crossing Card, the proposed Enhanced Driver's License (EDL) offered by various states, tribal enrollment cards that could be developed by various Native American Tribes, and the proposed Enhanced Driver's Licenses being developed within the various provincial authorities in Canada.

...and the problems will likely be in Florida. (Who would you like to win and by how much?)

January 30, 2008

Experts Respond to Questions On Potential E-Voting Problems and 2008 Election asked two experts whether states are ready for the 2008 election?

  • Todd Rokita, Indiana Secretary of State: "States will be ready when voters cast their ballot for our next U.S. president. This will be no small feat given the uncertain landscape they are facing. With presidential primaries beginning in early January, major changes to our electoral system could still happen before November 2008."

  • Dr. Robert A. Pastor, director of the Center for Democracy and Election Management at American University, Washington, DC.: "While there has been some progress in the five years since passage of the Help America Vote Act (HAVA) in 2002, most states have not fully implemented, let alone embraced, the reforms needed to restore full confidence in the electoral system. So a number of problems are still likely to occur in this year’s primary and general elections."

Very cool! I see this expanding to more languages, quickly! - You Too Can Code

CodeIDE is a web-based application that lets you code. If you’re not exactly proficient in the language of code, perfect. If you want to learn, but are daunted but the utter un-sexiness of code. No problem. CodeIDE is designed precisely for novices and those in the intermediate range of coding wisdom.. CodeIDE is multilingual; it knows all coding languages and lets you choose whatever language you want to code in be it Basic, or C++, or klingon (well, maybe not so much klingon). Need a little help with code? Chat with fellow coders and get some advice. Sign up and you’ll get access to a wide array of tools and features. There’s even a wiki and forum for you to get informed .

Wednesday, January 30, 2008

“We don't need no stinking security!”

A swiped Blue Cross laptop puts data at risk

Wednesday, January 30 2008 @ 06:43 AM EST Contributed by: PrivacyNews News Section: Breaches

Horizon Blue Cross/Blue Shield of New Jersey is notifying more than 300,000 [Because this employee phoned each of them every day? Bob]of its members that their names, Social Security numbers and other personal information were contained on a laptop computer stolen in Newark earlier this month.

The health insurance giant, which serves more than 3.3 million people across the state, said there was no reason to believe any of the information was compromised because it was protected by password [This is code for “We have no idea how to secure data.” Bob] and other security features -- although the data was not encrypted. [This is proof of my previous statement. Bob]

.... The laptop, which Rubino said was stolen Jan. 5, was being taken home by an employee who regularly works with member data. The data contained no medical information -- only names, addresses and in some cases, Social Security numbers.... . He said the computer was programmed to destroy the data as of Jan. 23. [I'll believe that when I see the mushroom cloud... Bob]

Source -

[From the article:

Rubino would not provide specific details about the theft, but said the laptop was not taken during a robbery. [Huh? Bob]

... Rubino said it was not unusual for employees to work with data outside the office.

... "There are a number of security procedures that have to be in place. In this case, unfortunately, they were not," he said.

“Gee, we have a policy that says we should be secure...”

MT: Hacker steals Davidson Cos. clients' data

Wednesday, January 30 2008 @ 06:56 AM EST Contributed by: PrivacyNews News Section: Breaches

A computer hacker broke into a Davidson Companies database and obtained the names and Social Security numbers of virtually all of the Great Falls financial services company's clients.

The database included information such as account numbers and balances, said Jacquie Burchard, spokeswoman for Davidson Companies. However, the hacker didn't get access to the accounts.

The computer hacker accessed information on 226,000 current and former clients, Burchard said.

Source - Great Falls Tribune

[From the article:

The computer break-in occurred earlier this month, Burchard said. Authorities investigating the crime asked the company to keep the news extremely confidential during the early stages of the investigation.

... Davidson Companies has many procedures and policies in place to protect client information, Johnstone added. [but apparently no security tools were actually implemented. Who would be deterred by a policy? Bob]

In September, the company hired an outside firm to test to see if it could hack into the company's computer system, he said. The firm wasn't able to. [Wouldn't you like to know who that was? Bob]

A very unusual story. Someone who thinks! Good on ya!

Jan 30, 8:23 AM EST

Swedish Bank Stops Digital Theft

STOCKHOLM, Sweden (AP) -- A gang of Swedish criminals was seconds away from completing a digital bank heist when an alert employee literally pulled the plug on their brazen scam, investigators said Wednesday.

The would be bank robbers had placed "advanced technical equipment" under the employee's desk that allowed them to take control of his computer remotely, prosecutor Thomas Balter Nordenman said in a statement.

The employee discovered the device shortly after he realized his computer had started an operation to transfer "millions" from the bank into another account, Nordenman said.

"By pulling out the cable to the device, the employee managed to stop the intended transfer at the last second," he said.

The foiled heist happened in August at a bank in Uppland county, north of Stockholm, police said. They announced it only Wednesday after seven suspects, all from the Stockholm region, were arrested this week while allegedly preparing another heist.

Some details are emerging, but we will probably never know enough to understand how he did it.

Rogue trader simply sidestepped defenses

Robert Lemos 2008-01-29

A low-level trader caused the largest individual trading loss in banking history by simply using his knowledge of trading operations, some fake e-mail messages and, occasionally, colleagues' passwords to sidestep the bank's suspicion, according to media reports and a statement by French bank Société Générale.

... Starting in 2005, Kerviel began taking small positions on the trend in the European stock market without taking the countervailing position which would have offset the risk. The trader dodged financial controls by taking positions that did not trigger a margin call and which did not require immediate confirmation, the bank said in its statement. Since Kerviel bet on the European market's rise, the trader brought in significant profits until 2008, when the stock market began its decline.

When his activities arouse suspicions, Kerviel produced faked e-mails from the bank's clients to make it appear that the trades were legitimate, according to a New York Times article. Prosecutors in France continue to investigate Kerviel and could charge him with forgery, breach of trust and breaking into a computer system, the NY Times article stated. Kerviel did not steal from the bank itself, rather sought bigger profits so that his own bonus would be higher. Société Générale has called Kerviel a "computer genius." [Only in relation to the managers who never noticed what he was doing... Bob]

The bank has come under increasingly criticism for its lack of awareness of Kerviel's activities.

Tools & Techniques Any security pro should tell you the same thing.

The Biggest Security Threat for 2008 and Beyond: End Users

By Mike Wittig TechNewsWorld 01/30/08 4:00 AM PT

Safeguarding organizations against insiders with malicious intent requires effectively enforcing data access policies and auditing user activity with sensitive and confidential data and systems. The stories that have surfaced about company insiders stealing sensitive data worth millions of dollars -- if not billions -- is a nonstop cycle.

Study after study continues to reveal a fundamental truth about the shifting landscape of IT security today: The biggest threat to proprietary systems and information is not the traditional cyber-criminal writing malicious code in a virtual location, but rather trusted employees.

Savvy administrators recognize that because end users are privy to an organization's sensitive data, they represent a significant risk factor. However, mitigating this threat is something that security pros continue to struggle with. While no single "silver bullet" solution exists, there are steps organizations can take to ensure that corporate policies are effectively enforced and insider threat is neutralized.

Tools & Techniques Should you tell your employees about these?

January 29, 2008

World Privacy Forum's Top Ten Opt Outs

"In this Top Ten Opt Outs list, some opt outs can be done by phone, some have to be sent in a letter via postal mail, and some can be accomplished online. Some opt outs last forever, some have time limits, and others can be changed at will. If an opt out is on this list, it is because we thought it might be important enough to be worth whatever annoyance it may pose. Not every opt out is right for everyone, and not everyone will necessarily want to opt out. It is a personal choice. Take a look at the list...and see if any of the opt outs appeal to you, or might make a difference to you in some way."

Very Interesting: Access Control meets cultural taboos

Aboriginal Archive Uses New DRM

Posted by kdawson on Tuesday January 29, @06:07PM from the serving-the-suser-for-a-change dept. Social Networks

ianare writes "An application that gives fresh new meaning to 'digital rights management' has been pioneered by Aboriginal Australians. It relies on a user's profile to control access to a multimedia archive. The need to create profiles based on a user's name, age, sex and standing within their community comes from traditions over what can and cannot be viewed. For example, men cannot view women's rituals, and people from one community cannot view material from another without first seeking permission. Images of the deceased cannot be viewed by their families. These requirements threw up issues surrounding how the material could be archived, as it was not only about preserving the information into a database in a traditional sense, but also about how people would access it depending on their gender, their relationship to other people, and where they were situated."

Boy, that Bruce Schneier is a smart guy..

If You're Watching Everyone, You're Watching No One

from the try-to-focus dept

The idea has become so commonplace that it's almost a cliche: security and privacy are opposites, and we as a society need to decide how much privacy we're willing to give up to get more security. That's been the basic message of the Bush administration over the last few months as they've begun talking about ambitious new plans to monitor more and more of our private communications. But Bruce Schneier points out that the dichotomy is false one. Many of the privacy-invading programs now being discussed don't actually provide more security. Confiscating shaving cream and nail files at the airport doesn't make anyone safer. Neither does creating a national ID card, because terrorists rely on surprise, not anonymity. The fundamental issue is that real security involves focusing resources on identifying and stopping the tiny fraction of the population that is engaged in criminal and terrorist acts. The vast majority of people pose no threat to anyone, and it's a waste of resources to monitor them. Programs focused on the general public, such as the TSA's airport searches, national ID cards, and Internet-wide surveillance are a bottomless drain on law enforcement resources [and therefore taxpayer wallets... Bob] that will turn up far more false positives than real leads. Abandoning them won't just enhance Americans' civil liberties, but it will also free up resources for the sort of difficult, in-depth police work that really does stop terrorist attacks.

Inevitable? Is this because the RIAA thinks no one understands the law?

Magistrate Suggests Fining RIAA Lawyers

Posted by kdawson on Tuesday January 29, @06:48PM from the just-fine dept. The Courts Music

NewYorkCountryLawyer writes "Angered at the RIAA's 'gamesmanship' in joining multiple 'John Does' in a single case without any basis for doing so, a Magistrate Judge in Maine has suggested to the presiding District Judge in Arista v. Does 1-27 that the record companies and/or their lawyers should be fined under Rule 11 of the Federal Rules, for misrepresenting the facts. In a lengthy footnote to her opinion recommending denial of a motion to dismiss the complaint (PDF, see footnote 5), Judge Kruvchak concluded that 'These plaintiffs have devised a clever scheme to obtain court-authorized discovery prior to the service of complaints, but it troubles me that they do so with impunity and at the expense of the requirements of Rule 11(b)(3) because they have no good faith evidentiary basis to believe the cases should be joined.' She noted that once the RIAA dismisses its 'John Doe' case it does not thereafter join the defendants when it sues them in their real names. [Divide and conquer Bob] Arista v. Does 1-27 is the same case in which student attorneys at the University of Maine Law School, "enthusiastic about being directly connected to a case with a national scope and significance", are representing undergrads targeted by the RIAA."

Making the world safe for the feeble minded? (Perhaps he should apply for a disability since the stress is work related...)

Cop Gets Investigated Because MySpace Friend Links To Porn

from the you-have-to-be-kidding dept

Rich Kulawiec writes in to let us know about a ridiculous situation in Florida, that has some similarities to the ridiculous Julie Amero situation. Basically, a bunch of school officials and local newspaper folks are freaking out about the potential for students to access porn and are blaming the wrong people while displaying stunning levels of ignorance.

The basics of the situation are pretty straightforward. A cop who works at a middle school in Florida has a MySpace account, that he set up with the approval of the police department and the school, hoping it would allow him to connect with the kids he's supposed to be protecting. One of his many, many friends on MySpace happened to link to a porn site on their own profile. So, because one friend out of a huge list of friends happens to link to a porn page, the cop is now under investigation with the local paper dramatizing the situation by noting that students could (gasp!) get to porn "in just three clicks." Apparently, they're investigating whether the officer is criminally liable for exposing children to inappropriate content -- yes, because someone on his friend's list linked to porn. Under that definition, an awful lot of people are probably guilty.

Ah, but the story gets better (or worse, actually). You see, after some investigation, people noticed that the school's own website actually linked directly to a porn site itself -- which would seem a lot worse than what the police officer did. In this case, the school had a list of "resources" and one of the links was on a domain that had expired and was taken over by a porn site. Now, using the logic that the school used in having the police officer investigated, shouldn't the school officials also be investigated? Apparently not. Instead, they're angry about the changing domain and are looking at "legal recourse."

So, to summarize: If you happen to work at a school and have a MySpace profile where one friend of many links to a porn site via his own MySpace page: potentially illegal exposure of porn to children. If you work at a school and set up a website that directly links to porn: you're a victim who should be suing the website in question. Very logical.

Do you suppose he was getting a Doctorate in Big Brotherness? (If not, then what?)

Anonymous? We Know Who You Are

Tuesday, January 29 2008 @ 09:40 AM EST Contributed by: PrivacyNews News Section: Internet & Computers

Steven J. Murdoch has published an extremely interesting paper as part of a dissertation for his work at the University of Cambridge. He has examined the use of covert channels and how they can be detected. In particular, Murdoch has looked at anonymity systems, or systems intended to hide your identity, and suggests ways in which it may be possible to glean valuable information simply from observation. ["You can observe a lot just by watchin'." Yogi Berra Bob]

The bottom line: While an anonymity system may hide your actions from trivial or even traditional examination, it may not provide the level of anonymity you believe it does if scrutinized seriously. Further, while many such systems use covert channels -- or channels other than those expected -- to communicate, those methods may not always work. If the protocol the covert channel alleges to be safe is fully examined, covert transmissions may stand out as non-standard. Murdoch's paper is well worth the read.

Source - Microsoft Certified Professional Magazine Related - Murdoch: Covert channel vulnerabilities in anonymity systems [pdf, 1.8 mb], December 2007

Another paper...

Warrantless wiretaps, redux

Tuesday, January 29 2008 @ 03:35 PM EST Contributed by: PrivacyNews News Section: Fed. Govt.

A recurring theme in this blog over the last year has been how the sweeping surveillance technology envisioned by the 2007 US Protect America Act introduces fundamental technical vulnerabilities into the nation's communications infrastructure. These risks should worry law enforcement and the national security community at least as much as they worry civil liberties advocates. A post last October mentioned an analysis that I was writing with Steve Bellovin, Whit Diffie, Susan Landau, Peter Neumann and Jennifer Rexford.

The final version of our paper, "Risking Communications Security: Potential Hazards of the Protect America Act," will be published in the January/February 2008 issue of IEEE Security and Privacy, which hits the stands in a few weeks. But you can download a preprint of our article today at [PDF]. Remember, you saw it here first.

Source - Exhaustive Search blog (Props, Slashdot)

Another slow mover. Is there a downside I'm missing or are these countries more forgiving of businesses?

AU: Privacy Commissioner calls for mandatory reporting of major data security breaches

Wednesday, January 30 2008 @ 06:48 AM EST Contributed by: PrivacyNews News Section: Non-U.S. News

In the wake of recent significant data breaches in the United Kingdom, the Australian Privacy Commissioner, Karen Curtis, has reiterated her call for compulsory notification of major data security breaches by Australian organisations.

"While reporting would need to be proportional to the severity of the breach, it would provide organisations with a strong market incentive to adequately secure their databases," Ms Curtis said.

.... Ms Curtis's call for mandatory reporting was made in a 786-page submission by her Office to the Australian Law Reform Commission (ALRC) in response to its Discussion Paper 72: "Review of Australian Privacy Law".

Source - Office of the Privacy Commissioner of Australia Press Release

They speak English there too, but came up with yet another plan.

NZ: Data breach rules years away

Tuesday, January 29 2008 @ 05:54 PM EST Contributed by: PrivacyNews News Section: Non-U.S. News

Privacy Commissioner Marie Shroff says she is likely to give voluntary guidelines that set out the way in which organisations should respond to the theft or accidental disclosure of customers' personal information 18 months to two years to take effect, before deciding whether mandatory rules are required.

Source - Stuff

(hat-tip, Identity and Privacy Blog)

This could be handy for my friends with small consulting businesses... I bet there are free versions out there. - Track Time and Money

For professionals like lawyers and consultants or freelancers, one of the hardest tasks to manage is time and getting what you’re worth for that time. Lately, a host of time management and invoicing software has cropped up on the nets. T ime59 is one of the newer ones. Time59 was developed by a tech developer who ran into the very problem of timekeeping and management. Like other web-based time management tools, Time59 lets you manage multiple projects with multiple hourly rates and invoice them. If you’re not mathematically inclined, Time59 will do the math for you—simply enter your hours and expenses. There’s email and a client contact information manager for clients and potential clients. Everything can be done on the web with Time59—you can email invoices as PDF files, clients can pay you, you can keep track of activity and payment entry. What’s more, all your data is secure and automatically backed up. Time59 even works with most mobiles, so you can track you time on the go, whereever you are. You can try Time59 at no cost for one month. After 30 days is up, Time59 costs only $19.99 a year.

Tools and Join

Tuesday January 22, 1:17 pm ET

New Website Brands Reflect Industry Leadership and Commitment to Providing the Web's Ultimate Reference Resources

... The new services can be accessed through the home page at: or directly at and

Wicked Widgets? I may give this to my web site class, but probably on the last day of class so they aren't too distracted from the basics...

Sprout: The Online WYSIWYG Editor for Flash

Mark Hendrickson January 29 2008

A new application called Sprout, launching in private beta at DEMO today, promises to make the creation of Flash applets a whole lot easier.

Sprout is a browser-based, WYSIWYG editor for Flash with an interface reminiscent of Photoshop or Dreamweaver. Designers can use it to create, publish and track Flash widgets, websites and mashups, thereby obviating the need for them to work with programmers who would cost time and money, and who might not execute designs satisfactorily.

[There is a demo video Bob]

Tuesday, January 29, 2008

Apparently, filling out a form is too complicated for T Rowe Price, so they hired an outside firm to do it? Have they no computer geeks on staff?

T. Rowe Price warns of computer thefts

Monday, January 28 2008 @ 09:31 AM EST Contributed by: PrivacyNews News Section: Breaches

T. Rowe Price Retirement Plan Services alerted 35,000 current and former participants in “several hundred” plans that their names and Social Security numbers were contained in files on computers that were stolen, said Brian Lewbart, spokesman.

The machines were taken from the office of CBIZ Benefits and Insurance Services Inc., which prepares the 5500s for T. Rowe Price, he said.

Source -

[From the article:

Other personal information, such as addresses, and birth dates, was not on the computers. [No problem, look at below... Bob]

D.C.: 38,000 Social Security Numbers Potentially Exposed After Theft

Tuesday, January 29 2008 @ 05:57 AM EST Contributed by: PrivacyNews News Section: Breaches

A hard drive containing the Social Security numbers of nearly 40,000 Georgetown students, alumni, faculty and staff was reported stolen from the office of Student Affairs on Jan. 3, potentially exposing thousands of students to identity theft.

The external hard drive, located on the fifth floor of the Leavey Center, was used to back up a computer that contained billing information for various student services, including activities fees and student health insurance, according to David Lambert, vice president and chief information officer for University Information Services..... The hard drive was not encrypted

Source -

[From the article:

According to the MPD report, the hard drive was valued at $100. [See why many police departments don't get too excited about lost hardware? Bob] why should we limit wiretapping to the NSA?

UK: Phones tapped at the rate of 1,000 a day

Tuesday, January 29 2008 @ 06:15 AM EST Contributed by: PrivacyNews News Section: Non-U.S. News

Britain is in danger of becoming a "surveillance state" as authorities including councils launch bugging operations against 1,000 people a day.

Councils, police and intelligence services are tapping and intercepting the phone calls, emails and letters of hundreds of thousands of people every year, an official report said.

Source -

[From the article:

Councils are among more than 600 public bodies with the power to monitor people's private communications.

I learn something new every day...

Is It Constitutional for the Senate to Retroactively Immunize From Civil Liability the Telecoms?

Tuesday, January 29 2008 @ 06:04 AM EST Contributed by: PrivacyNews News Section: Fed. Govt.

FindLaw columnist and Cardozo law professor Anthony Sebok discusses a possible Takings Clause problem that will arise if the Senate goes through with its plan to provide immunity to telecommunications companies that illegally provided information about customers' communications to the government. Sebok notes that in other contexts, such as that of the 9/11 Victims Compensation Fund, the government would never consider taking away rights to sue without affording compensation, in part because there would be a Takings Clause barrier to doing so. Is this case different? Sebok considers precedent as to whether the customer privacy rights that were allegedly compromised by the telephone companies count as property rights that have properly vested and accrued.

Source - FindLaw's Writ

How long before they raise taxes to pay for all this...

UK: Costs set to rule out register of fingerprints

Monday, January 28 2008 @ 08:16 PM EST Contributed by: PrivacyNews News Section: Non-U.S. News

The future of the UK's identity card scheme was thrown into further confusion last night after it emerged that the Home Office is looking to scrap one of its key components - a national register of fingerprints.

Source - Guardian

[From the article:

The use of iris scans has already been quietly dropped.

Erased is not always erased and deleted is not always deleted. Any questions?

The Art of Redacting Privileged Data

Monday, January 28 2008 @ 08:34 AM EST Contributed by: PrivacyNews News Section: Other Privacy News

In the old days, redacting privileged data from a document was simple. I would pull out my black Sharpie, cross out privileged words, and record the redaction on a privilege log. Attorneys produced redacted documents with full confidence that their client's privileged information would remain concealed. In today's age of electronic data discovery, attorneys can no longer retain the same confidence.

Source -

This should be fun...

Lawsuit Challenges Government's Withholding of Documents Concerning Pre-Dawn Immigration Home Raids in New Jersey

Monday, January 28 2008 @ 05:14 PM EST Contributed by: PrivacyNews News Section: In the Courts

Seton Hall Law School’s Center for Social Justice (CSJ) and the Brazilian Voice filed suit today in federal court under the Freedom of Information Act (the FOIA) to compel the Department of Homeland Security (DHS) to release documents regarding its practice of executing pre-dawn, warrantless raids of immigrants’ homes throughout the state of New Jersey.

Source - Seton Hall Law

Is this idea as stupid as I think it is? “We don't know how to make money, so give us some of yours...”

Canadian Songwriters Propose Collective Licensing

Posted by ScuttleMonkey on Monday January 28, @05:29PM from the all-about-just-gettin-paid dept. Music The Internet

aboivin writes "The Songwriters association of Canada has put forward a proposition for collective licensing of music for personal use. The Right to Equitable Remuneration for Music File Sharing would legalize sharing of a copy of a copyrighted musical work without motive of financial gain, for a monthly fee of $5.00 applied to all Canadian internet connections, which would be distributed to creators and rights holders. From the proposal: 'File sharing is both a revolution in music distribution and a very positive phenomenon. The volunteer efforts of millions of music fans creates a much greater choice of repertoire for consumers while allowing songs — both new and old, well known and obscure — to be heard. All that's needed to fulfill this revolution in distribution is a way for Creators and rights holders to be paid.'"

Ditto? (This is long and rambling, so I cut it short...)

U2 Manager Says Google And Its Hippie Friends Should Pay The Recording Industry

from the still-haven't-found-what-i'm-looking-for... dept

While the IFPI and the RIAA have been actively pushing for ISP liability for file sharing, it appears some in the industry are taking it even further. U2's manager for 30-years, Paul McGuinness, gave a talk at the Midem conference where he blamed Silicon Valley's "hippie values" for creating the problem, and demanding that tech companies of all stripes start paying the recording industry. He's talking not only about ISPs, but also Google, Apple, Microsoft, Facebook and basically every other successful tech company. There are so many problems with this, it's difficult to know where to begin, but let's tackle a few of the quotes:

First he blames these companies who have "built multibillion dollar industries on the back of our content without paying for it."

Tools & Techniques: For the stalker in you? - Find All About that Special Someone

123 People is a people search engine which takes on stalkerish proportions. Type in any name and 123 will pull up contact information—phone numbers, email addresses, images, and any media available, i.e. videos, profiles, tags, and weblinks. If you’ve got videos on Youtube, a LinkedIn profile, a Wiki article, even a Facebook or Google account, 123 People will find it. It’s quite useful actually for detecting a person’s web presence. If you’re a registered user, you can interact more with the site. You may add tags, ratings and comments to existing profiles; you can also build your own profile and put limits as to how much people can actually add to your profile. Searches can be focused on tags or people in Switzerland, the US, the UK, Germany and Austria more specifically, or the world in general. Registration is free.

For my web site class... - Easy Image Resizing

Finding a decent image editor that doesn’t compromise image quality and doesn’t cost an arm and a leg is not easy. Reshade is a new image resizing tool that manages to produce excellent image results. There’s a web-based version which is absolutely free as well as a client app that costs $149. Both have an excellent easy-to-use and intuitive user interface that’s not too facile for the pro and perfect for amateurs. With the web-based freeware, however, you’ll have to sacrifice some of the input processing power but it supports both computer-stored images and URLs. You can resize with a simple click and drag or manually enter it in. Features such as edge control, smooth defects, accuracy, etc make for the perfect picture. There’s also a free trial version of the client app.

So my web site class can make even cooler sites...

Stanford's New Website Converts Your Photos to 3D

Posted by ScuttleMonkey on Monday January 28, @04:46PM from the please-be-kind-to-their-servers dept.

An anonymous reader writes to tell us that Stanford has a new website that not only shows you how cool their new 3-d modeling system is, but actually allows you to give it a try with your own photos. The system can take a 2-d still image and estimate a detailed 3-d structure which you can navigate.

"For each small homogeneous patch in the image, we use a Markov Random Field (MRF) to infer a set of "plane parameters" that capture both the 3-d location and 3-d orientation of the patch. The MRF, trained via supervised learning, models both image depth cues as well as the relationships between different parts of the image. Other than assuming that the environment is made up of a number of small planes, our model makes no explicit assumptions about the structure of the scene; this enables the algorithm to capture much more detailed 3-d structure than does prior art (such as Saxena et al., 2005, Delage et al., 2005, and Hoiem et el., 2005), and also give a much richer experience in the 3-d flythroughs created using image-based rendering, even for scenes with significant non-vertical structure."