Saturday, February 23, 2008

Does this surprise anyone?

Gov't Not Doing Enough To Protect Identities

Friday, February 22 2008 @ 04:48 PM EST Contributed by: PrivacyNews News Section: Fed. Govt.

Nearly two years after an embarrassing flap in which veterans' personal information was put at risk of identity theft, federal agencies are still not doing all they can to prevent further lapses, investigators have found.

Most of the two dozen federal agencies examined by the Government Accountability Office, Congress' investigative arm, had not implemented five federal recommendations aimed at protecting personal information.

Source - KCRA

Tools & Techniques. Prof. Bob Sprague (Univ. of Wyoming) suggested a couple of “defeating encryption” articles for this blog. The first has been getting a lot of notice...

Researchers Find Way to Steal Encrypted Data


SAN FRANCISCO — A group led by a Princeton University computer security researcher has developed a simple method to steal encrypted information stored on computer hard disks.

...but this one will be a lot more interesting to my forensic class. (I'll have to remember NOT to tell the university what we'll be doing to their wall plugs...) Even has the training videos available online!


Transport a live computer without shutting it down.

... We created this product for our Government/Forensic customers - but it has IT uses as well. Need to move a server without powering it down?

... How to circumvent Whole Disk Encryption

The key: Do not allow the encryption to activate. Low level encryption such as Vista's Whole Disk Encryption (WDE) can halt an investigation. Use HotPlug and Mouse Jiggler to prevent encryption technologies from activating. If you can carry away the computer while it's still logged in, you maintain full access to the hard drive.

Interesting viewpoint. One I've been discussing (debating) for years...

AU: Judge on privacy: Computer code trumps the law

Friday, February 22 2008 @ 05:06 PM EST Contributed by: PrivacyNews News Section: Non-U.S. News

Australian High Court Judge Justice Kirby says computer code is more potent than the law--and that legislators are powerless to do anything about it.

Source - C|net

[From the article:

Technology has outpaced the legal system's ability to regulate its use in matters of privacy and fair use rights, said Kirby, speaking Thursday night at an Internet Industry Association (IIA) event.

A different take on the same question? (Is the answer: The music industry has good lobbyists?)

Can Someone Explain Why It Should Be An ISP's Responsibility To Deal With File Sharing?

from the it's-a-simple-question dept

Last week, we noted that there was some draft legislation in the UK making the rounds that would have ISPs ban people found to have participated in unauthorized file sharing. Some people responded by saying that this was just a draft and there was no chance it was going to go anywhere. However, the UK's Culture Secretary Andy Burnham is now saying that the government is quite serious about pushing this legislation through, and that ISPs would be wise to implement such a system voluntarily before the government acts: "Let me make it absolutely clear: this is a change of tone from the Government. It's definitely serious legislative intent." What he doesn't make clear, however, is why it should be the ISPs' responsibility to prop up someone else's business model. What's next? Will they push automakers to fight back against bankrobbers who use getaway cars?

For those poor individuals with only a few terabytes of music...

SXSW 2008 Music Torrent - 764 artists, 3.5 GB

This is an unofficial torrent of the artists that will be featured at the 2008 South by Southwest music festival in Austin, TX. There is one song from every artist, all in one convenient free download!

For my web site students... - Does the CSS Work For You

Have trouble creating CSS typesets? Well, fret no more because CSSTypeSet is here to save your style sheets from your manhandling paws. This handy new tool is rather simple. You’ve got two screens the first for entering/pasting the text you want to modify; the second is fro viewing your CSS. Below these two screens you’ll find a control panel for changing the style of your text. There are three sliders for spacing letters, words, and lines. You can change the font style and the color using the gradient color wheel. There are also the standard bold, italic and strikethrough options. Once you’ve made all your tweaks, simply copy the CSS from screen number two, and voila, you’re done.

Friday, February 22, 2008

Because there is a market for data on individuals...

Reed Elsevier Buys ChoicePoint for $3.6B

Thursday, February 21 2008 @ 06:43 PM EST Contributed by: PrivacyNews News Section: Businesses & Privacy

ChoicePoint Inc., a 1997 spinoff of credit agency Equifax, is being acquired by the parent of LexisNexis in a cash deal worth $3.6 billion, a major premium for a company that weathered an embarrassing breach of its database, federal investigations and a stock-trading probe of its top two executives. ,p> The deal combines ChoicePoint's data and analytics assets with LexisNexis' technology, a marriage that will strengthen the combined entity's ability to meet growing demand for their services, especially in the insurance field.

...and the industry response.

February 21, 2008

EPIC Raises Issue of Privacy in Response to Reed Elsevier Acquisition of ChoicePoint

Press release: "Reed Elsevier to acquire ChoicePoint for a total cost of $4.1 billion (£2.1 billion/€2.8 billion) payable in cash. This comprises an equity value of $3.5 billion and the assumption of $0.6 billion of net debt. Combination of ChoicePoint with the LexisNexis Risk Information and Analytics Group will create a risk management business with $1.5 billion in revenues and a leading position in the fast growing risk management marketplace...ChoicePoint has a leading position in providing unique data and analytics to the attractive insurance sector (over 50% of Choicepoint's $982 million revenue and 80% of its business operating income from continuing operations in 2007) and highly complementary products and new capabilities in the screening, authentication and public records areas."

  • EPIC: "Reed-Elsevier, corporate parents of Lexis-Nexis, has made a move to acquire Choicepoint, the databroker. Consumer privacy will be seriously affected if the merger is approved without any privacy safeguards. The previous Google-Doubleclick merger involving two large databases of personal information similarly raised privacy as well as antitrust issues. Choicepoint is a large player in the commercial databroker market and has been the target of an EPIC privacy complaint and an FTC investigation and fine for the privacy harms its business practices cause. For more see EPIC's page on Choicepoint."

If TJX isn't liable and Visa is contractually immune, who is left holding the bag?

Banks: Losses From Computer Intrusions Up in 2007

Thursday, February 21 2008 @ 06:49 PM EST Contributed by: PrivacyNews News Section: Breaches

U.S. financial institutions reported a sizable increase last year in the number of computer intrusions that led to online bank account takeovers and stolen funds, according to data obtained by Security Fix. The data also suggest such incidents are becoming far more costly for banks, businesses and consumers alike.

Source - Security Fix blog

Is this the future?

Librarian Takes Sprint Nextel & Wells-Fargo To Small Claims Court And Wins

Thursday, February 21 2008 @ 10:04 PM EST Contributed by: PrivacyNews News Section: Breaches

Last December, Theodore Karantsalis received a letter from Sprint, where he was a customer, telling him that someone who banks with Wells-Fargo—where he's not a customer—was presented with his invoice and personal data when they logged into their Wells-Fargo Checkfree account. The customer contacted Sprint, and Sprint contacted Karantsalis. Karantsalis decided that he'd deal with the issue on his own instead of bringing a lawyer into it or throwing his hands up in frustration, so he took both companies to small claims court.

Source - The Consumerist

[From the article:

Is the objective to make the consumer whole, in the sense of getting them to the point financially where they would have been the data privacy booboo never happened?

Is it to make it much more likely that the wrong will never be repeated, sparing other consumers of the headache? Is it to make money for the consumer? Is it, dare I say, to make moneys for the law firms?

The recent TJX lawsuits, for example, could be said to have failed for their consumer plaintiffs on all of those objectives, other than making money for the law firms and even that money was rather paltry

speaking of whom...

Insurance Company Reimburses TJX Almost $19 Million For Data Breach

Friday, February 22 2008 @ 06:21 AM EST Contributed by: PrivacyNews News Section: Breaches

In the middle of a better-than-expected earnings report from TJX on Wednesday, the retailer whose databreach of 100 million cards was the worst in credit card history reported that it was paid somewhat less than $19 million by its insurance company.

Referring to $178 million the chain had set aside to deal with data-breach-related costs, TJX said that on Jan. 26, 2008, "TJX reduced the reserve by $19 million, primarily due to insurance proceeds with respect to the computer intrusion, which had not previously been reflected in the reserve, as well as a reduction in estimated legal and other fees as the Company has continued to resolve outstanding disputes, litigation and investigations."

Source - StoreFrontBackTalk

We were discussing this last night. It's not “can you...” it's “how quickly can you...”

Cell Phone Encryption Exploit Demonstrated

Posted by Soulskill on Friday February 22, @02:09AM from the wiretapping-on-the-cheap dept.

Saxophonist brings us a story from Forbes about security researchers who demonstrated a new method for breaking the encryption on GSM cellular signals. The presentation was made at the recent Black Hat conference, and it's notable for the fact that the technique only requires "about half an hour with just $1,000 in computer storage and processing equipment." The researchers also claim to have found a faster method, which they intend to market for $200,000 - $500,000. Quoting: "Undetectable, 'passive' systems like the one that Muller and Hulton have created aren't new either, though previous technologies required about a million dollars worth of hardware and used a "brute force" tactic that tried 33 million times as many passwords to decrypt a cell signal. All of that means, Hulton and Muller argue, that their cheaper technique is simply drawing needed attention to a problem that mobile carriers have long ignored--one that well-financed eavesdroppers may have been exploiting for years. 'If governments or other people with millions of dollars can listen to your conversations right now, why shouldn't your next-door neighbor?' Muller says."

...and we'd also like to know...

ASU May Require Mental Illness Disclosure

POSTED: 12:11 pm MST February 20, 2008

MESA, Ariz. -- An Arizona State University committee considering ways to improve campus safety in the wake of recent campus shootings may suggest that students be required to disclose their mental health histories.

Lawmakers and university administrators in other states, particularly Virginia and Florida, have been pushing measures to open students' private psychological records to schools and police.

The debate continues.

Electronic voting and partial audits

Posted by Michael Horowitz February 21, 2008 10:15 AM PST

On February 16th fellow CNET blogger Robert Vamosi wrote an item headlined "With improvements, e-voting could be good, says researcher." I think that e-voting is a very bad thing and that no "improvements" will ever convert it to a good thing. But I'm not an expert on the subject, so I asked Rebecca Mercuri, a specialist in computer security and electronic voting, if she would like to respond to the claim made by the "researcher" in question. Mercuri has appeared many times on the Personal Computer Show to discuss electronic voting, which is where our paths previously crossed. Her response is below.

Thursday, February 21, 2008

...and people wonder why CEOs get the big bucks.

TJX reports soaring profits one year after breach disclosure

Wednesday, February 20 2008 @ 05:38 PM EST Contributed by: PrivacyNews News Section: Breaches

TJX on Wednesday reported a 47 percent spike in quarterly profits, aided by a reduction in the reserve that was created to pay for costs associated with the retailer's record breach. [The pittance they had set aside was more than they actually needed. Bob]

The Framingham, Mass.-based company said its profit for the quarter ending Jan. 26 rose to $301 million, or 66 cents per share, from $206 million, or 43 cents per share, over the same quarter one year ago.

Source - SC Magazine

If they don't know where the data is being stolen, this could be a tough nut to crack...

MS: Debit Card Scam Grows To 260 Victims...Still No Solid Leads

Wednesday, February 20 2008 @ 11:22 PM EST Contributed by: PrivacyNews News Section: Breaches

DeSoto County investigators have been working to solve a debit card scam for four months. As of right now, they've got more than 260 victims in DeSoto County alone and they're no closer to finding who's responsible.

Some victims had every dime stolen from their bank accounts in just a few days.

"We're still having as many as 3 to 4 [victims] come in a day," said Commander Mark Blackson of the DeSoto County Sheriff's Dept.

Every day he comes into work there are more victims with the same story.

"I've just been contacted by my bank, my credit card, they're saying there are fraudulent charges, from Naples Florida or Miami or Austin, Texas," he said.

Source - WREG

Perhaps if they change to criminalizing “receiving un-taxed goods”

Supreme Court strikes down law targeting online cigarette sales

Posted by Declan McCullagh February 20, 2008 12:02 PM PST

The U.S. Supreme Court has struck down a Maine law that slapped severe restrictions on sales of cigarettes via mail order and the Internet.

In their opinion (PDF) on Wednesday, the justices said a 1994 federal law trumped the Maine statute restricting sales and shipments of tobacco.

The argument is that the laptop is a “container.” My question is, what are you looking for and how will you recognize it? Will a “Happy Hanuka” e-mail, written in “one a them fur'in languages” result in a cavity search?

Searching Laptops at the Border and In Airports: A Disturbing Practice That Imperils Fourth and First Amendment Rights

Wednesday, February 20 2008 @ 01:56 PM EST Contributed by: PrivacyNews News Section: Fed. Govt.

FindLaw columnist and National University of Ireland - Galway visiting law professor Anita Ramasastry discusses the First and Fourth Amendment issues raises by U.S. government searches of laptops and other electronic devices at international borders and international airports. Ramasastry discusses the recent suit by two public interest groups to enforce a Freedom of Information Act (FOIA) request to disclose government policy regarding this category of searches. She also covers the handful of federal cases, in the U.S. Courts of Appeals for the Fourth and Ninth Circuits, that have taken on the First and Fourth Amendment issues involved when laptops are searched.

Source - FindLaw's Writ

If they are selling data they collected from public sources, what makes it illegal?

Nixon sues Web site operator for offering sensitive consumer data

Wednesday, February 20 2008 @ 12:58 PM EST Contributed by: PrivacyNews News Section: In the Courts

Missouri Attorney General Jay Nixon is suing a Texas Web site operator in Jackson County Circuit Court for running a site that aggregates consumer data, in some cases including sensitive information including Social Security numbers and physical descriptions.

Nixon claimed that paying users of can access wide-ranging personal information, which can [not “Must” Bob] turn into a treasure trove for criminals.

"This Web site is a gold mine for identity thieves and needs to be shut down as soon as possible to protect the privacy of Missourians," Nixon said in a written statement Wednesday. "My office has already seen proof of how this site can be used to destroy the credit of innocent consumers in at least one prominent identity theft case."

Source - Kansas City Business Journal

Looking for that warm, fuzzy feeling? Look elsewhere!

Federal Government to American Public: our data is DEFINITELY not safe

Wednesday, February 20 2008 @ 02:22 PM EST Contributed by: PrivacyNews News Section: Breaches

The number of security breaches on government computers has quadrupled in the last 2 years – from just over 3,500 in fiscal 2005 to just over 13,000 in fiscal 2007.

Maybe that’s because government computer security isn’t getting any better: a new report (PDF) from the GAO has the snappy title: “Information Security: Although Progress Reported, Federal Agencies Need to Resolve Significant Deficiencies.” It notes that in virtually all cases, federal computer systems have significant security holes.

Source - The Snitch blog

This suggests the (Canadian) government shouldn't have collected the data in the first place. Something that would never happen in the US...

Ca: Privacy watchdog orders pawnshop database destroyed

Wednesday, February 20 2008 @ 04:08 PM EST Contributed by: PrivacyNews News Section: Non-U.S. News

Alberta's privacy commissioner has ordered the city of Edmonton and city police to stop collecting personal information from pawn shops and second-hand stores.

Information and Privacy Commissioner Frank Work has also ordered that a database established to store the information be destroyed.

Source - Edmonton Journal

Of course, the government is not the only one gathering information into databases (right TJX?)

Ca: Alberta Commissioner forbids license scanning

Wednesday, February 20 2008 @ 09:14 PM EST Contributed by: PrivacyNews News Section: Non-U.S. News

In a long awaited decision, the Information and Privacy Commissioner of Alberta has ordered a nightclub to cease scanning drivers licenses. The practice is an unreasonable collection of personal information [Does that phrase appear anywhere in US law? Bob] and is not justified under the Personal Information Protection Act.

From the decision [pdf], the Commissioner didn't see the connection between the collection of drivers license information and the supposed purposes for collecting it:

Source - Canadian Privacy Law Blog

Microsoft is already doing this, so naturally Google had to compete... (Also see next article)

Google to Store Patients' Health Records

Thursday, February 21 2008 @ 04:50 AM EST Contributed by: PrivacyNews News Section: Medical Privacy

Google Inc. will begin storing the medical records of a few thousand people as it tests a long-awaited health service that's likely to raise more concerns about the volume of sensitive information entrusted to the Internet search leader.

The pilot project to be announced Thursday will involve 1,500 to 10,000 patients at the Cleveland Clinic who volunteered to an electronic transfer of their personal health records so they can be retrieved through Google's new service, which won't be open to the general public.

Source - Associated Press

...and nothing could go wrong...

Privacy group sounds alarms over personal health records systems

Wednesday, February 20 2008 @ 08:49 PM EST Contributed by: PrivacyNews News Section: Medical Privacy

In some cases, people whose health care information is stored in online personal health records (PHR) systems may be exposed to serious data privacy risks, according to a warning issued by a privacy advocacy group.

That's because not all PHR systems are covered by the federal Health Insurance Portability and Accountability Act, the World Privacy Forum said in a 16-page report released today (download PDF). The WPF contended that as a result, many of the privacy protections offered under the HIPAA statute don't apply to the personal health care data being maintained in such systems.

Source - Cpmputerworld

Another way to play with Linux

andLinux is a complete Ubuntu Linux system running seamlessly in Windows 2000 based systems (2000, XP, 2003, Vista [32-bit only]).

... andLinux is not just for development and runs almost all Linux applications without modification.

For you early adapters... (Or those who want to get into the conversion business)

How to Convert Your HD-DVD Discs to Blu-Ray

Posted by ScuttleMonkey on Wednesday February 20, @03:58PM from the but-what-about-how-to-do-it-on-linux dept. Media Hardware

eldavojohn writes

"Are you one of the few who boarded the HD-DVD Titanic ship headed to the bottom of ocean to join BetaMax? Fret no longer, friend, simply convert those and pretend like you never invested in the wrong technology! All you need is a Windows machine with a fast processor, an HD-DVD drive, a Blu-Ray burner, 30GB of free disk space, at least, though 40GB or more is recommended and an internet connection to download the software! Or you can sit and be the crazy guy who continues to argue that HD-DVD is the superior technology whether it's true or not."

Someone should find this useful... Shouldn't they? - The Law Library

If you work with the law study it or find it interesting you should visit . PLoL, The Public Library of Law is a search engine that helps users find the law research materials they need. At you can search for Cases from the U.S. Supreme Court, from all 50 states, federal statutory law and codes. At you can search through: regulations, court rules, constitutions, legal forms, and more. When searching for information you can choose the state you are looking for as well. There is also an advanced options filter that allows you to choose start and end dates. You can also choose the Jurisdiction for the State Supreme and Appeals Court as well as the U.S. Supreme Court and Federal Circuit Courts. makes it easy for you to find the information you are looking for. Searching for cases on general search engines can prove to be difficult, makes it easy.

...and if one was interesting...

Explosion of New Free Legal Databases

Sue Altmeyer, Electronic Services Librarian, | February 18, 2008 - 11:48

It's great to snuggle down for an evening with the classics...

Look for 'Kojak,' 'Vice,' others online

Wed Feb 20, 7:25 AM ET

LOS ANGELES - "The A-Team," "Kojak" and other blasts from television's past will be streamed online, NBC Universal said Tuesday.

Wednesday, February 20, 2008

Is there a “Vampire Hacker?”

Lawsuit targets Lifeblood

Tuesday, February 19 2008 @ 02:46 PM EST Contributed by: PrivacyNews News Section: Breaches

A lawsuit has been filed against Lifeblood, Mid-South Regional Blood Center, after laptop computers with personal information of roughly 321,000 blood donors came up missing and are presumed stolen.

The suit, filed Monday in Shelby County Circuit Court by Collierville resident and blood donor Robert M. Saino, asks a judge to certify it for class action status. It seeks money damages that would amount to multimillions if awarded.

Source - Commercial Appeal

Imported (for the gourmet vampire?)

Irish blood donor records stolen in New York

Tuesday, February 19 2008 @ 04:01 PM EST Contributed by: PrivacyNews News Section: Breaches

A computer containing over 171,000 confidential blood donor records and other files from the Irish Blood Transfusion Service has been stolen.

The data, which the Blood Service says was securly encryped, was given to the New York Blood centre in December on a computer disk.

Source - RTÉ.ie

Counter-surveillance? Anti-stalker tool?

Who Is Googling You?

Sites Let Consumers Find Out Who Searches For Them

UPDATED: 11:41 am EST February 19, 2008

BOSTON -- Fifty million times a day, someone Googles someone else's name, Boston television station WCVB reported. A new technology can help people figure out who is searching for them.

Video: Who's Googling You?

The station said the technology raises privacy concerns for people who think those searches should be anonymous.

One user, Elizabeth Yekhtikian, said she gets an e-mail from at least once a day alerting her that she's been Googled.

... "I can check on the site and it shows me with little maps where the searches are coming from, and from exactly which town, within which state or part of the country or the world," said Yekhtikian.

The Nigerian money scam morphs into a new form (again)

Paid for Receiving Bank Transfers

Posted by Sean @ 17:22 GMT

Here's a screenshot of a site that we discovered back in December, BGI-Funds:

When you aren't free to choose, you have consented?

Interesting Wiretap Decision from the Tenth

Tuesday, February 19th by Robert Loblaw

U.S. v. Verdin-Garcia, 06-3354 (10th Cir., Feb. 19, 2008)

Fans of the HBO series The Wire will appreciate this Tenth Circuit criminal appeal, which involves a massive drug conspiracy that the government pieced together using 3000 wiretapped calls over a three-month period. But after meticulously putting together its case against drug kingpin Fidencio Verdin-Garcia and one of his top henchman, the government faced one last challenge at trial. How were prosecutors going to prove that the voices on the incriminating calls belonged to the defendants?

The two defendants refused to comply with a court order to turn over a voice sample, so instead the government used recordings of their prison phone calls. The defendants moved to suppress this and other evidence, with Verdin-Garcia arguing that the prison recordings violated Title III of the Wiretap Act because the government did not have his prior consent. But the Tenth rejects this argument, explaining that prisoners are advised that their calls may be monitored or recorded. Because Verdin-Garcia used the prison telephone despite these warnings, his consent to be recorded is implied. [Obviously, he should have used another phone... Bob]

Someone needs to come up with an Open Source citation scheme...

1.8 Million US Court Rulings Now Online

Posted by samzenpus on Tuesday February 19, @01:18PM from the star-wars-kid-v.-lol-cats dept. The Courts

I Don't Believe in Imaginary Property writes

"For a long time now, lawyers and any serious law students have been bound to paid services like LexusNexis for access to case law, but that is slowly changing. Carl Malamud has posted free electronic copies of every U.S. Supreme Court decision and Court of Appeals ruling since 1950, 1.8 million rulings in all, online for free. While the rulings themselves have long been government works not subject to copyright, courts still charge several cents per page for copies and they're inconvenient to access, so lawyers usually turn to legal publishers which are more expensive but more convenient, providing helpful things like notes about related cases, summaries of the holdings, and information about if and when the case was overturned. This free database is not Carl's first, either. He convinced the SEC to provide EDGAR, and helped get both the Smithsonian and Congressional hearings online."

I think there's a big market for these guides – if they are written from there “Here's How...” rather than the “You Can't...” perspective... (Lawyers as enablers – what a concept!)

SFLC's Legal Guide On Free Software

Posted by kdawson on Tuesday February 19, @09:13PM from the law-for-the-rest-of-us dept. Programming

An anonymous reader writes

"Last week the Software Freedom Law Center published A Legal Issues Primer for Open Source and Free Software Projects. The primer, written for developers, has sections on copyrights, trademarks, patents, and organizational structure. Linux-Watch has reviewed the guide, saying 'I think any open-source developer or open-source group administrator must read this paper.'"

What happens when our favorite teen hacker grows up and needs a job? (Think he'll get sued much?)

doubleTwist makes DRM-stripping, sharing easy as pie

By Jacqui Cheng | Published: February 19, 2008 - 01:15PM CT

DVD Jon is growing up. He's no longer helping geeks free their media from DRM—he wants to make it easy enough for our parents to use, too. Through a new venture called doubleTwist, DVD Jon (Jon Lech Johansen) and partner Monique Farantzos have already released a desktop and web application that makes stripping DRM from some of the world's most popular formats—including Windows Media DRM and iTunes' FairPlay—as easy as drag-and-drop.

"When you receive an e-mail, you can read it on your Blackberry, web mail, or Outlook. E-mail just works," said Farantzos in a statement. "With digital media such as video from a friend’s cell phone or your own iTunes playlists, it’s a jungle out there. It can be an hour-long exercise in futility to convert files to the correct format and transfer them to your Sony PSP or your phone. [...] Our goal is to provide a simple and well integrated solution that the average consumer can use to eliminate the headaches associated with their expanding digital universe."

Looking ahead. (Not sure I like “Reality Mining” so much)

TR Picks 10 Emerging Technologies of 08

Posted by kdawson on Tuesday February 19, @10:50PM from the what-will-be dept. Science Technology

arktemplar suggests Technology Review for their annual list of 10 emerging technologies that the editors believe will be particularly important over the next few years. Quoting:

"This is work ready to emerge from the lab, in a broad range of areas: energy, computer hardware and software, biological imaging, social interactions. Two of the technologies — cellulolytic enzymes and atomic magnetometers — are efforts by leading scientists to solve critical problems, while five — surprise modeling, connectomics, probabilistic CMOS, reality mining, and offline Web applications — represent whole new ways of looking at problems. And three — graphene transistors, nanoradio, and wireless power — are amazing feats of engineering that have created something entirely new."

Some ideas for the e-discovery team

e-Discovery Teams: Self-Organization and Development of Evidence Preservation Protocols

Not extensive, but has potential... - A Directory of Open Source Software

Open Source Guide or osGuide, is a directory of open source software on the net. The site works via user submissions—if you’ve got any open source apps or tools you’d like to see represented, it takes only a couple of seconds to submit. Simply fill out the appropriate form indicating the name, version and license type along with a description and image link. All entries are categorized by type, e.g. audio, database and games. Additionally, you can further filter results using the tabs labeled Windows, Linux, and Mac Downloads. Clicking on any item takes you to the source site. OsGuide also features a discussion forum.

Yesterday I missed that High School students were included in this...

MS Ropes In Developing Developers With Free SDK Giveaway

By Walaika Haskins TechNewsWorld 02/19/08 1:26 PM PT

Microsoft on Monday announced a new student program Monday dubbed "DreamSpark." The new program will give college and high school students around the world access to the software giant's development applications at no charge.

Tuesday, February 19, 2008

It could happen to you!

Harvard Site Hacked and Then Leaked on BitTorrent

Posted February 18th, 2008 by Alex Ion

... The Pirate Bay are already tracking a 125MB zip file that is supposed to be a server backup of the site with a full directory structure, before the hit. It contains three databases, joomla.slq the main database, contacts.sql which is a database of contacts and hgs.sql which may not be that important. Another bad thing is that the file is supposed to contain passwords, too.

There's lying, and then there's lying... Comcast tries to have it both ways... “It is better to look good than to feel good.”

Comcast Cheating On Bandwidth Testing?

Posted by kdawson on Tuesday February 19, @08:06AM from the tuning-for-the-benchmark dept. Networking

dynamo52 writes "I'm a freelance network admin serving mainly small business clients. Over the last few months, I have noticed that any time I run any type of bandwidth testing for clients with Comcast accounts, the results have been amazingly fast — with some connections, Speakeasy will report up to 15 Mbps down and 4 Mbps up. Of course, clients get nowhere near this performance in everyday usage. (This can be quite annoying when trying to determine whether a client needs to switch over to a T1 or if their current ISP will suffice.) Upon further investigation, it appears that Comcast is delivering this bandwidth only for a few seconds after any new request and it is immediately throttled down. Doing a download and upload test using a significantly large file (100+ MB) yields results more in line with everyday usage experience, usually about 1.2 Mbps down and about 250 Kbps up (but it varies). Is there any valid reason why Comcast would front-load transfers in this way, or is it merely an effort to prevent end-users from being able to assess their bandwidth accurately? Does anybody know of other ISPs using similar practices?"

Interesting. I hope they appeal to clarify the law... Someone (the judge?) seems to understand the process fairly well.

US Court shuts down leaked doc emporium

Nick Juliano Published: Monday February 18, 2008

Wikileaks, the Web site that has revealed countless government secrets, has been forced offline by a California judge.

The site, which allows whistleblowers to post documents anonymously, is being sued by a Swiss banking group implicated in money laundering in documents obtained by Wikileaks. The BBC reports:

However, the main site was taken offline after the court ordered that Dynadot, which controls the site's domain name, should remove all traces of wikileaks from its servers. The court also ordered that Dynadot should "prevent the domain name from resolving to the website or any other website or server other than a blank park page, until further order of this Court." Other orders included that the domain name be locked "to prevent transfer of the domain name to a different domain registrar" to prevent changes being made to the site.

Versions of Wikileaks from Great Britain and other countries are still accessible.

In taking Wikileaks offline, the US joins China and Thailand in censoring the watchdog site.

Tools for the obsessive stalker?

TMZ targets celebs with Webcams

It would seem that the 24-7 Hollywood gossip machine couldn't get any more invasive, but live Webcams are adding a whole new dimension to celebrity tracking.

By Stefanie Olsen Staff Writer, CNET Published: February 19, 2008, 4:00 AM PST

On L.A.'s famous Melrose Avenue, Pink's Hot Dogs serves up chili cheese dogs to throngs of hungry people every day, including actor regulars like Danny DeVito and Laurence Fishburne. That puts the hot spot in the crosshairs of Hollywood's newest gossip-hound trend--live Webcams.

Probably not a feature you look for on spring break...

Smile, you're on a bar Webcam

Around the country, bars are tapping the Internet to let people know when they're hopping--or dreadfully quiet.

By Stefanie Olsen Staff Writer, CNET Published: February 19, 2008, 4:00 AM PST

On a recent Friday evening at the Key West bar Hog's Breath, Mike Murphy was enjoying a Miller Lite and potato skins in the company of his wife and friends.

... Bar Webcams are a growing phenomenon in cities like Boston, Denver, Chicago, San Diego, Minneapolis, and even tourist spots like Key West. Of course, Webcams have been around for a long time.

... The idea is simple: with a Webcam installed in a bar or restaurant, potential customers can call up the live video stream online or by mobile phone so they can survey the crowd before venturing out.

Open is good! (No doubt politicians will find reasons to stop this...)

Kansas Capitol Notebook: New Web site will list every state expense

By JIM SULLINGER and DAVID KLEPPER The Kansas City Star Posted on Sat, Feb. 16, 2008 10:15 PM

TOPEKA | The Internet has opened up more information about government than was possible in your grandparents’ generation.

You can listen to city council meetings and legislative sessions, for example, on computers in streaming audio or video.

Now the state is about to take a giant leap forward. A Web site opening March 1 will allow people to examine any payment made by the state to a vendor.

If a state agency buys coffee and rolls for a meeting, you’ll be able to see who was paid for it and how much.

What's happening nearby and what are people in New York saying about it?

Google News Getting More Local (Localer?)

18th February 2008, 11:15 pm

... You can do zip code news searches by using the Google News advanced search form at (Don’t try to do the searches from the main search form; you’ll get really wonky results.)

... By the way, if you want you can search for news about one zip code — say, 82001 — in media from another state — say, New York.

For my web site students (in particular, those who keep forgetting their thumb drives) - Simple Online Presentations

PowerPoint isn’t your only recourse for making web presentations. There are actually, a number of options, one of which being Thumbstacks. Thumbstacks lets you make presentations right in your browser. It’s easy and intuitive with its what you see is what you get drag and drop editor, and cross browser capabilities. There are ready made themes and styles for fast and consistent presentation building. As it is web based, Thumbstacks presentations can be easily shared via links or remote, real time meetings, without the need for plug-ins or Java. Thumbstacks also integrates with Flickr so you can easily pull in photos from your account. Soon to come are charts, a Google maps plug-in and slides.

My web site students gotta have music! (I gotta have lists!)

Top 10 Free Programs to make the most out of your MP3 Collection 71

Posted by Shankar Ganesh on February 18, 2008

Humor (Illustrates one method hackers use to select a target.)

Airport Security ftw!

Microsoft Giving Away Free Developer Software To Students

... Students will go to Microsoft’s Channel 8 site to download any of the software, following a third-party authentication process to verify they are a current student.

Monday, February 18, 2008

End of an era. (Remember, the telephone had its first public demonstration the week Custer rode to the Little Big Horn...

Most Analog Cellular to Fade Away Next Week

The biggest U.S. mobile operators, AT&T Wireless and Verizon Wireless, will close down their analog networks on Monday.

PC World Friday, February 15, 2008; 12:19 AM

“Hello, We'd like to buy an aircraft carrier, could you spread the cost over these credit cards?”

Chinese hacker steals user information on 18 MILLION online shoppers at

Sunday, February 17 2008 @ 03:01 PM EST Contributed by: PrivacyNews News Section: Breaches

According to, South Korea’s oldest and largest online shopping site ( has claimed it was attacked by a Chinese hacker who made off with the user information on 18 million members and a large amount of financial data. It is further claimed that delayed 20 hours after the attack before comfirming the loss of information. Korean users rebuked the website for being too slow to act. It was confirmed that the attack was launched through China’s internet.

Source - The Dark Visitor editor's note: as the original source is not in English, we are including this item but can't be sure what the original said. The Web Hacking Incidents Database also reports this incident.

Note that this one took far longer than 20 hours to reveal, yet no comment from the press...

LA: Outbreak of ID fraud doubted

Monday, February 18 2008 @ 06:20 AM EST Contributed by: PrivacyNews News Section: Breaches

Kenner officials recently alerted more than 8,000 Food Bank recipients by letter that a computer containing their personal information was stolen in October, city officials said.

A flat-screen computer was stolen from the Food Bank, in the 1600 block of Rev. Richard Wilson Drive, formerly Third Street, in late October, said Deborah Miller Yenni, an attorney working for Kenner. There is no indication anyone's identity has been stolen or personal information compromised, she said. [How would anyone victimized know who to contact to report the crime to? Bob]

The computer had on it a list of about 9,000 recipients of the Food Bank with their personal information, such as names, addresses and in some cases Social Security numbers.

Source -


Data “Dysprotection:” breaches reported last week

Monday, February 18 2008 @ 06:15 AM EST Contributed by: PrivacyNews News Section: Breaches

A recap of incidents or privacy breaches reported last week for those who enjoy shaking their head and muttering to themselves with their morning coffee.

Source - Chronicles of Dissent

A call for Open Source?

A Look at the State of Wireless Security

Posted by Soulskill on Sunday February 17, @01:30PM from the tubes-of-the-ether dept.

An anonymous reader brings us a whitepaper from Codenomicon which discusses the state and future of wireless security. They examine Bluetooth and Wi-Fi, and also take a preliminary look at WiMAX. The results are almost universally dismal; vulnerabilities were found in 90% of the tested devices[PDF]. The paper also looks at methods for vendors to preemptively block some types of threats. Quoting:

"Despite boasts of hardened security measures, security researchers and black-hat hackers keep humiliating vendors. Security assessment of software by source code auditing is expensive and laborious. There are only a few methods for security analysis without access to the source code, and they are usually limited in scope. This may be one reason why many major software vendors have been stuck randomly fixing vulnerabilities that have been found and providing countless patches to their clients to keep the systems protected."

Can they still sell “unlimited service?”

Comcast tweaks Terms of Service in wake of throttling uproar

By Eric Bangeman | Published: February 07, 2008 - 02:07PM CT

Months after third parties were able to demonstrate that Comcast was throttling some BitTorrent (and Lotus Notes, since fixed) traffic, the cable giant has quietly changed its terms of service. Comcast updated the ToS on January 25—the first update in two years, according to company spokesperson Charlie Douglas—to more explicitly spell out its policies on traffic management.

According to Section III of the revised ToS, Comcast "uses reasonable network management practices that are consistent with industry standards." The company points out that it is not alone in the practice, saying that "all major" ISPs engage in some form of traffic shaping.

Tools & Techniques

Hacking the lobby telephone

Posted by Robert Vamosi February 17, 2008 5:41 AM PST

WASHINGTON--Two security researchers at ShmooCon demonstrated on Saturday how a laptop connected to a VoIP telephone could, in some cases, expose a business' internal network to outsiders.


Hacking public information kiosks

Posted by Robert Vamosi February 17, 2008 6:15 AM PST

Public information kiosks are supposed to allow users to find out more about a company or government agency, and that's all. But on Saturday afternoon, Shanit Gupta, a senior consultant at McAfee Foundstone, demonstrated several ways that he and others have been able to map the internal network on a system running XenApp, formerly Citrix Presentation Server.

Now I can illustrate political absurdity in an appropriate medium. (For my web site students) - Make Your Own Comic Strip

Pixton lets you create your own comic strip without having to draw anything by hand. Select from a ton of pre-made characters, customize them as you see fit, and put them in different poses and add text to make a coherent storyline. Once you complete a strip, it’s published on Pixton for everyone to see. Pixton also includes a feature that lets other people add to your comic strip to expand upon your storyline while your original is saved. You must be a registered user to take advantage of all of Pixton’s features. Signing up is free and allows you to participate in contests and rate other people’s work.

For all my students (don't tell the bookstore!)


The Best Way to Rent Textbooks

Onlyu because the first one is from Boulder

February 16, 2008, 12:37 PM

The Best Sandwiches in America

Unranked, unimpeachable, and incomplete, Esquire’s coast-to-coast list of the finest meals on sliced bread. No burgers allowed.

Sunday, February 17, 2008

Another “We didn't notice” event.

ZA: Internet security breach at Vodacom

Saturday, February 16 2008 @ 03:46 PM EST Contributed by: PrivacyNews News Section: Breaches

The country’s biggest cellphone company has been forced to fix an embarrassing security breech, which allowed Internet users access to customers’ confidential call records.

Vodacom admitted that customers faced a “potential vulnerability” after being alerted by the Sunday Times about the loophole in one of its websites.

Almost three million people are registered on Vodacom4me, a website run by the cellular service provider, where customers can manage their accounts online, check call records and costs, send messages and download ring tones.

The blooper enabled people to gain access to other customers’ private call records, including the numbers they dialled, the cost of calls made, their names and addresses.

Source - The Times

For this scheme to work, no one can notice that the machines have been swapped.

Ca: Debit hackers make 'huge' haul

Saturday, February 16 2008 @ 03:25 PM EST Contributed by: PrivacyNews News Section: Breaches

An elusive gang of thieves is raking in possibly "huge" amounts of cash through stealth and the manipulation of retail debit card terminals.

... The gang -- believed to be an Eastern European organized crime group -- has popped up in and around Toronto but Caplan has linked it to a particularly effective scheme in use in the Ajax-Pickering area of Durham.

The thieves are going into large retailers such as grocery supermarkets at late hours and stealing the point-of-sale debit terminals, sometimes replacing them with dummy machines.

Source - CNews

Even better than a “sin tax” this allows the secret police to ask for your “papers” at any time. I expect to see them add licenses for sneakers, blue jeans, long hair, t-shirts supporting the 'other' party, and use of the Queens atmosphere (breathing) soon!

£10 government permit plan to deter smokers

This article appeared in the Guardian on Friday February 15 2008 on p4 of the UK news section. It was last updated at 08:52 on February 15 2008.

A ban on the sale of cigarettes to anyone who does not pay for a government smoking permit has been proposed by Health England, a ministerial advisory board.

Snuggly explains it so even a congressman can understand it.

A Fuzzy Bear Explains Complicated Wiretapping Fight

February 16, 2008 - 1:20pm — MacRonin

Barbie, G.I. Joe or a not-to-be named NPR show could easily think the wiretapping debate that gripped Congress this week is complicated. Goodness knows quite a few journalists and pundits have butchered it.

Luckily, there's Snuggly the Security bear to explain it all.

Why are advertisers willing to pay big bucks to place ads on the Oprah show?

Free Business Book Is Web Sensation

By HILLEL ITALIE AP National Writer Feb 16, 3:20 PM EST

NEW YORK (AP) -- The Oprah touch doesn't just work for traditional books. More than 1 million copies of Suze Orman's "Women & Money" were downloaded after the announcement last week on Winfrey's television show that the e-book edition would be available for free on her Web site,, for a period of 33 hours.

At least one of my Web Site students each term goes for food. - Yummy Meals Everyday

Heads up foodies, there’s another tasty morsel of a website in town. It’s called Tasty Planner and it deals in much yummy-ness. It’s a site for sharing tried and true recipes that you love. It’s fairly comprehensive—recipes can be searched by keywords, latest recipes, top chefs, top rated recipes, etc. Once you sign up, start collecting recipes. You’ll get your own personal recipe box to fill with recipes that whet your palate. Simply drag and drop the recipes into the box to store. Tasty Planner also generates grocery lists for you based on the recipes chosen. You can customize the list, of course, and add the gallon of milk or wet naps as you choose. Shopping lists can be printed out or tote them around on your iPhone. Your recipes are welcome too—just make sure they’re yours and not the sue-happy neighbor across the street.

...another for the web site class (Two versions) - Easy Image Resizer

Image resizing can be a pain if you don’t have the right tools.

... If you simply want to add a few effects, there are a number from which to choose: Equalize, Grayscale, Sharpen, Spread, Gaussian Blur, Oil Paint, Rotate, Polaroid, Crop, Brightness, Contrast, or Raised Frame. PicResize supports JPEG, GIF, and PNG. And you don’t have to pay a thing to use it.

Interesting web sites...

New York university to share its Abraham Lincoln letters online

February 16, 2008 - 9:29AM

Barely a year into the Civil War, President Abraham Lincoln suggested buying slaves for $400 apiece under a "gradual emancipation" plan that would bring peace at less cost than several months of hostilities.

(e-mail also available)

The Law Library of Congress

RSS (Really Simple Syndication) is a technology that allows organizations to deliver news to a desktop computer or other Internet device. By subscribing to RSS feeds, users can easily stay up-to-date with areas of the Library's site that are of interest. The Law Library of Congress now offers RSS feeds for use in an RSS reader or RSS-enabled Web browser. Library feeds consist of headline, brief summary, and a link that leads back to the Library's Web site for more information. Available feeds cover: Law Library News and Events, Law Library Webcasts, Legal Research Reports, and the Global Legal Monitor.

To add a Law Library RSS feed, copy and paste the links below into your feed reader: