Saturday, March 29, 2008

Friday is the 'traditional' day to report bad news.

University Reports Data Breach

Friday, March 28 2008 @ 04:25 PM EDT Contributed by: PrivacyNews News Section: Breaches

Antioch University says one of its computer systems that contained personal information on about 70,000 people was breached by an unauthorized intruder three times last year.

... The breached system contains names, Social Security numbers, academic records and payroll documents for current and former students, applicants and employees going back to 1996.

Source - Washington Post

[The article does not indicate why the computers were not secured after the first (or the second) break in, and there is no indication the data was encrypted. Perhaps Antioch does not have a Computer Science Department? Bob]

First a minor hack. Then find someone with good credit. Then do the normal identity theft stuff...

6 are charged in idenitity theft scheme

Friday, March 28 2008 @ 04:23 PM EDT Contributed by: PrivacyNews News Section: Breaches

Six Maryland residents have been indicted in an identity theft scheme that federal prosecutors say netted more than $184,000 in goods and services and more than $1.1 million in credit.

Federal prosecutors said the scam artists gained unauthorized access to an instant credit scoring system used by a cell phone provider. They would enter random Social Security numbers [unclear if this was from a list of SSANs or just random 9-digit numbers... Either way, should someone have noticed? Bob] into the service and find out the credit scores associated with those numbers, then apply for Citibank credit cards.

Source - Baltimore Sun

Follow-up No one is in charge?

Companies Avoid Financial Penalties After Massive Computer Data Breaches

Friday, March 28 2008 @ 01:05 PM EDT Contributed by: PrivacyNews News Section: Breaches

More than a year after millions of T.J. Maxx and Marshalls customers found out their credit card information had been hacked into, the discount stores' operator agreed to have its information audited but avoided paying federal fines.

TJX was one of three firms that agreed to settle charges that it "failed to provide reasonable and appropriate security for sensitive consumer information," federal regulators said yesterday in two unrelated data-breach decisions.

Data broker Reed Elsevier and its Seisint subsidiary also avoided fines but have agreed to obtain third-party audits biennially for 20 years under a separate settlement with the Federal Trade Commission.

... The FTC did not impose financial penalties against the companies because it lacks the authority to do so. The commission has asked Congress for such authority since 2005.

Source - Washington Post

Follow-up This suggests they do not log changes to their computers, let alone prevent them.

Malware Cited in Hannaford Breach

Friday, March 28 2008 @ 11:51 AM EDT Contributed by: PrivacyNews News Section: Breaches

The Associated Press is reporting that Hannaford has confirmed that unauthorized software - malware - installed on internal servers enabled the data breach that compromised up to 4.2 million credit and debit cards. The company does not yet know how the malware got on the servers.

Source - Forbes

Related, but not much more data... I wonder how many more companies have similar problems and haven't detected them yet?

Hannaford: Malware planted on store servers stole card data

The malware intercepted payment card data as the information was being transmitted from Hannaford's point-of-sale systems and sent overseas

By Jaikumar Vijayan, Computerworld March 28, 2008

... The malware then forwarded the stolen card numbers as well as their expiration dates to an overseas destination, according to the letter, which was signed by Emily Dickinson, Hannaford's general counsel.

Now this is plainly dangerous. Battery via computer?

Hackers Assault Epilepsy Patients via Computer

By Kevin Poulsen 03.28.08 | 8:00 PM

Internet griefers descended on an epilepsy support message board last weekend and used JavaScript code and flashing computer animation to trigger migraine headaches and seizures in some users.

... The incident, possibly the first computer attack to inflict physical harm on the victims, began Saturday, March 22, when attackers used a script to post hundreds of messages embedded with flashing animated gifs.

The attackers turned to a more effective tactic on Sunday, injecting JavaScript into some posts that redirected users' browsers to a page with a more complex image designed to trigger seizures in both photosensitive and pattern-sensitive epileptics.

Related? Using technology to... what exactly? Doesn't this increase the schools liability?

Colleges Are Watching Troubled Students

By JEFFREY McMURRAY Associated Press Writer AP foreign , Friday March 28 2008

LEXINGTON, Ky. (AP) - On the agenda: A student who got into a shouting match with a faculty member. Another who harassed a female classmate. Someone found sleeping in a car. And a student who posted a threat against a professor on Facebook.

In a practice adopted at one college after another since the massacre at Virginia Tech, a University of Kentucky committee of deans, administrators, campus police and mental health officials has begun meeting regularly to discuss a watch list of troubled students and decide whether they need professional help or should be sent packing.

... ``If a student is a danger to himself or others, all the privacy concerns go out the window,'' said Patricia Terrell, vice president of student affairs, who created the panel. [...and this is determined how? Bob]

... Virginia Tech has added a threat assessment team since the massacre there. Boston University, the University of Utah, the University of Illinois-Chicago and numerous others also have such groups, said Gwendolyn Dungy, executive director of the National Association of Student Personnel Administrators.

Raises several questions about warrants, satellites, and broad use of surveillance equipment...

'Copter flyover violated privacy, Vt. Supreme Court finds

Saturday, March 29 2008 @ 04:46 AM EDT Contributed by: PrivacyNews News Section: In the Courts

The Vermont Supreme Court held Friday that "Vermont citizens have a constitutional right to privacy that ascends into the airspace above their homes and property," overturning the conviction of a Goshen man on marijuana charges.

The court ruled 4-1 that the aerial surveillance of Stephen Bryant's land constituted a search under Article 11 of the Vermont Constitution and, as such, required a warrant.

Source - Times Argus

[From the article:

The decision held that under the Vermont constitution a person can have a reasonable expectation of privacy by showing that he wants an area to be private — a different standard from the federal one, which follows a doctrine referred to as "open fields."

... The decision held that under the Vermont constitution a person can have a reasonable expectation of privacy by showing that he wants an area to be private — a different standard from the federal one, which follows a doctrine referred to as "open fields."

... "We find the air travel in this case — fifteen to thirty minutes of hovering over defendant's property at altitudes as low as 100 feet — to be distinctly unlike 'passing by a home on public thoroughfares,'" the decision read.

This could be interesting...

EU bankrolls PrimeLife privacy project

Friday, March 28 2008 @ 01:22 PM EDT Contributed by: PrivacyNews News Section: Internet & Computers

The European Union is to invest €10m in a project to develop open source privacy tools so that European citizens can safeguard personal information at online communities like Facebook.

The long-term aim of the PrimeLife project is to provide tools which can manage an individual's private data throughout their lifetime of online activity.

PrimeLife is being coordinated by IBM's research laboratory in Zurich and has 14 other partners, including industry bodies such as the World Wide Web Consortium's Pling, Liberty Alliance, ISO/IEC JTC 1 and the International Telecommunication Union.

Source - Personal Computer World

What that stuff in the fan? Interesting list of claims...

Whistleblower: Voting Machine Company Lied to Election Officials About Reliability of Machines

By Kim Zetter EmailMarch 27, 2008 | 6:20:00 PM

A former technician who worked for Hart InterCivic -- a voting machine company based in Texas -- has alleged that his company lied to election officials about the accuracy, testing, reliability and security of its voting machines. The whistleblower says the company did so because it was eager to obtain some of the approximately $4 billion in federal funds that Congress allocated to states in 2002 to purchase new voting equipment under the Help America Vote Act (aka HAVA).

The technician, William Singer, filed a qui tam lawsuit on the federal government's behalf last year but the lawsuit remained sealed until today, according to the Associated Press, when the U.S. Attorney's office decided it would not join Singer in the litigation

It doesn't take a degree in Computer Science to hack...

Police: Little Chute teen used 'Dummies' book to hack school computers

Teen admits to breach

Gannett Wisconsin Media Posted March 27, 2008

LITTLE CHUTE — Police searching the residence of a 15-year-old boy who admitted hacking into the Little Chute School District's computers found a copy of the book "Internet for Dummies."

"He was self-taught and self-motivated in that regard," said Lt. Ray Lee of the Fox Valley Metro Police Department.

Lee said the boy, a Little Chute High School student, faces a juvenile criminal charge and school discipline.

"He was questioned and he confessed to hacking into the computers so he has been referred to juvenile intake on one count of violating the Wisconsin computer crimes statute," Lee said.

According to search warrant documents filed Feb. 26 in Outagamie County Circuit Court, the district called in a vendor to make repairs and they were able to determine the district's computers were accessed from an outside computer and traced the source to the 15-year-old's home.

Also, a subpoena of internet provider Time Warner Cable records traced IP address to the same Holland Road residence. [See? You can't learn all the tricks from a book. Bob]

Police armed with a search warrant went to the home March 19 and seized the boy's computer equipment along with a copy of "Internet for Dummies."

The school district took its entire computer system down to make repairs, according to the search warrant affidavit.

"It cost the district several thousand dollars and a lot of time to do the fixes," Lee said.

Related – if only to show the flip side.

11-year-old takes school network by the horns

By Ellen Messmer , Network World , 03/27/2008

When Victory Baptist School, a small private school in Millbrook, Ala., was struggling to keep its computer network together last year, an 11-year-old student named Jon Penn stepped in as network manager.

Slideshow: He's 11...and it's his network!

Towards ubiquitous surveillance... No doubt this will be sold as a way to track your teenagers location.

Loopt Embraced by Verizon; Starts to Spread Its Mobile Wings

Mark Hendrickson March 28 2008

Loopt, a mobile social network that can be used to see where your friends are currently located, has partnered with Verizon to put its software on that carrier’s phones. It’s a big win for Loopt since Verizon has more location-aware handsets than any other carrier.

Interesting use of “Computers as a commodity”

Quake-Catcher Aims to be Largest Distributed Seismometer Network

Posted by ScuttleMonkey on Friday March 28, @11:22PM

from the shake-rattle-and-roll dept.

Nature is reporting that a new distributed computing application is looking to monitor earthquake data using the accelerometer in many computing devices. In the long run, "Quake-Catcher" will hopefully be fast enough to give warning before major earthquakes. "If it works, it will be the cheapest seismic network on the planet and could operate in any country. It wouldn't be as sensitive as traditional networks of seismometers, but Lawrence says that's not the point. 'If you have only two sensors in an area, you have to have a perfect system. If you have 15 sensors in a system it [can] be less perfect. One hundred, one thousand, ten thousand -- your need for the system to be perfect becomes much smaller,' he says. 'That's really our approach -- just to have massive numbers.'"

I just like the headline. Article is a simple overview of phishing.

Teach a Man to Phish and He'll Feed on Fools for a Lifetime

By Jack M. Germain TechNewsWorld 03/29/08 1:30 AM PT

Slick (simple) web site hack!

Major Web sites hit with growing Web attack,, and among those affected by hackers using Web programming errors to inject malicious code into sites' search results pages

By Robert McMillan, IDG News Service March 28, 2008

A blossoming Web attack, first reported by security researcher Dancho Danchev earlier this month, has expanded to hit more than a million Web pages, including many well-known sites.

"The number and importance of the sites has increased," wrote Danchev in a Friday blog posting where he reported that trusted Web sites such as,, and have been hit with the attack.

The criminals behind this have not actually hacked into servers, but they are taking advantage of Web programming errors to inject malicious code into search results pages created by the Web sites' internal search engines

Here's how an attack would work: The attacker searches for popular keywords, such as "Paris Hilton," on the Web site's internal search engine. But instead of conducting a normal search, the bad guy tacks an HTML command to the end of his search. This command that opens up an invisible iframe window in the victim's browser that then redirects it to a malicious Web site, which then tries to install fake antispyware or a version of the Zlob Trojan Horse malware on the victim's PC.

In order to boost their Google rankings, Web sites often save a copy of these search results and submit them to Google. When a victim searches Google for the keyword, these cached search results then pop up, with the malicious code now inside them.

More intersting business models...

Another 'Free' Business Model Experiment

from the they're-all-over dept

When we discuss the basic economics having to do with infinite goods, sometimes the debates in the comments accuse me of promoting one "business model" over all others. The truth is quite different. The economics at work are fundamental. Price gets driven to marginal cost. The business models that then result, however, are numerous and varied. The key is simply recognizing that the infinite good works as a resource, increasing the value of all sorts of scarce goods. Thus, you release the infinite goods widely, and sell scarce goods that are made more valuable. How you do that can take all different concepts into account. Just in the music space alone we see so many varied models, from Radiohead's name your own price to Trent Reznor's tiered premium model to Jill Sobule's tiered support model to Maria Schneider's fan-supported production model all the way to things like The String Cheese Incident setting up their own travel agency to help fans follow them around for gigs. The key isn't a single business model. In fact, each of these individual business models might not work for any other artist. But all recognize the promotional power of the music in making something else much more valuable.

And we're seeing that show up in totally unexpected places as well. Take, for example, this recent post on Boing Boing about what's happened with a bunch of experimental video games, developed originally as part of a Carnegie Mellon project. Each game was developed in 7 days and many are given away for free. However, now a company has taken those games and made t-shirts (yes, t-shirts) using images from some of the games. Even better, though, is that with each t-shirt, you get a copy of the video game itself, and the shirts are now for sale at Target. In other words, these games are helping to make the t-shirts more valuable, even though the games themselves are free. It's yet another example of understanding the difference between infinite and scarce goods and how to use one to make money from the other.

Another business model. I wonder if the US rights are available?

Manufacture and Sell Anything — in Minutes

By Ian Mount 03.24.08 | 6:00 PM

Jeffrey Wegesin is a furniture maker. His most popular creation is a curvaceous side table, and even though he has sold only two copies of it, he has already turned a profit. He did it without so much as setting foot in a wood shop. And he is not alone. Wegesin is one of 5,000 merchants who have established accounts with Ponoko, a year-old on-demand manufacturing service in New Zealand. Designers upload their blueprints to Ponoko's servers; when a customer places an order, Ponoko's laser cutters automatically trim wood and plastic to create the product on the spot. Wegesin, a Web designer, sells the tables through the site for $250, not including shipping. He then pays Ponoko $124 for each table to cover the cost of materials and cutting fees. The $252 he's brought in so far may not be much, but because he incurred no up-front costs it comes as pure profit.

Welcome to the age of the instapreneur.

... Zazzle, of Redwood City, California, offers a dizzying array of user-designed products from posters to tennis shoes. StyleShake, a custom-clothing site in London, received 25,000 dress designs in its first three months. Spreadshirt, founded in Leipzig, Germany, hosts 500,000 individual T-shirt shops. "

... Large brands are starting to see the appeal of manufacturing-as-a-service, too. Lexus recently used Blurb, an on-demand publisher, to print 1,800 copies of a book promoting the automaker's green practices. Franchises from Dilbert to the Discovery Channel sell licensed merchandise on CaféPress. Disney has uploaded more than 3,500 of its designs to Zazzle, allowing the company to sell a wider range of products than just the blockbuster Mickey Mouse T-shirts favored by conventional retailers.

... As everyone gains the ability to create and sell anything, the long tail will apply to making things as well as to selling them. may be able to offer near-infinite inventory, but only as long as the products exist. On-demand manufacturing could eliminate that constraint, leading to a world where products are always available, nothing ever gets discontinued, and the virtual shelves are always stocked.

I wonder if this will help with the free version, too? Can't hurt.

80 Excellent Adobe Photoshop Video Tutorials — 80 excellent Adobe Photoshop video tutorials which you can use as a starting point to improve your skills or observe how other professional do their job. This posts present Photoshop video tutorials about speed painting, design of buttons and interfaces, beauty retouching, digital matte painting, photo manipulation, effects and much more.

Friday, March 28, 2008

Another TJX victory!

FTC settles charges against TJX, and Data Brokers Reed Elsevier and Seisint for security failures

Thursday, March 27 2008 @ 12:05 PM EDT Contributed by: PrivacyNews News Section: Breaches

In two unrelated Federal Trade Commission actions, discount retailer TJX and data brokers Reed Elsevier and Seisint have agreed to settle charges that each engaged in practices that, taken together, failed to provide reasonable and appropriate security for sensitive consumer information. The settlements will require that the companies implement comprehensive information security programs and obtain audits by independent third-party security professionals every other year for 20 years.

Source - FTC Press Release

Related - Agreement Containing Consent Order, TJX [pdf], other TJX files
Related - Agreement Containing Consent Order, Reed Elsevier Inc. and Seisint, Inc. [pdf], other Reed Elsevier and Seisint files

Well yes, we knew this... How about more details of what went wrong. (A fairly lucid article from someone who has done their homework)

Hannaford may not have to pay banks' breach costs under PCI, says Gartner

Thursday, March 27 2008 @ 07:39 PM EDT Contributed by: PrivacyNews News Section: Breaches

If Hannaford Bros. Co. was compliant with the Payment Card Industry (PCI) Data Security Standard at the time it was breached, banks and credit unions will have a hard time getting the supermarket chain to pay their breach-related costs, according to a Gartner Inc. analyst.

Source - Computerworld

[From the article:

Hannaford spokeswoman Carol Eleazer today said the company was certified as being compliant with PCI as recently as this February. Hannaford had been similarly certified last year, Eleazer said.

... Under PCI rules, it is these acquiring banks that are directly responsible for ensuring that their merchants are PCI-compliant.

Apparently China wanted to know... Who else would want that information? The article does not suggest these files were on a computer, so someone had to enter the offices, locate the files (nothing else taken?) and carry them out.

UK: Sue Barker's personal details stolen in Olympic security breach at BBC

Thursday, March 27 2008 @ 01:29 PM EDT Contributed by: PrivacyNews News Section: Breaches

Detectives have been called into the BBC after the personal files of the 440 staff - including household name presenters - being sent to the Beijing Olympics were stolen.

Two files, containing the accreditation details of presenters such as Sue Barker and Sharron Davies, the Olympic swimming medallist, disappeared from a sport production office.

Internal security is being reviewed after the theft was discovered at the beginning of the week at Television Centre. The police were called after an internal search failed to find them.

Source - Telegraph

You know, we could assemble a great “Don't do this” guide just from the stories on data breaches. I wonder if anyone learns form the failures of others?

Thief steals records of former, current DHR employees

Thursday, March 27 2008 @ 07:32 PM EDT Contributed by: PrivacyNews News Section: Breaches

A thief has stolen computer records containing identifying information on current and former employees of the state Department of Human Resources, including names, Social Security numbers, birth dates and home contact information, officials said Thursday.

DHR officials say the theft occurred about March 19. An external hard drive that stored a database was removed "by an unauthorized person," according to a statement issued by the agency.

The statement did not say how many employees are affected, but the agency employs about 19,000 people. DHR officials didn't respond to a request for information on the number of employees involved.

Source - AJC

[From the article:

In the meantime, DHR is requiring employees to have password protection on jump and flash drives and portable computers that contain personnel information. [But no encryption? Worthless... Bob]

The agency also instructed workers to secure these items when away from their desks.

Here's a legislative suggestion. Let's fine organizations $10 per individual exposed, with the money going to pay for more “computer cops”

No sure bets in personal data security

Friday, March 28 2008 @ 06:01 AM EDT Contributed by: PrivacyNews News Section: Breaches

When a Maryland dental HMO acknowledged this week that it had accidentally posted the names, addresses and Social Security numbers of 75,000 members on its Web site, the revelation made news.

But the security breach at The Dental Network is just one of more than three dozen filed so far this year with the Maryland attorney general's office[...]

Thirty-nine businesses or groups have reported losses of sensitive information involving about 87,500 Maryland residents in the three months since a state law took effect requiring that people be informed of such incidents, records show.

And though most of the security breaches are much smaller, they underscore how hard it is to completely protect computerized information. [I would say they show that many organizations still don't protect their data... Bob]

Source - Baltimore Sun

Implications of identity theft. (Something had to go right for this guy eventually)

Credit bureau settles Los Gatos cancer survivor's suit

Thursday, March 27 2008 @ 07:41 PM EDT Contributed by: PrivacyNews News Section: Breaches

It's mind-numbing what Eric Drew has been through.

The former Los Gatos High School quarterback and runway model was diagnosed with leukemia seven years ago. A hospital lab technician stole his credit cards before he went into surgery. After that, credit card companies first blanketed him with cards he didn't want, then with threatening letters saying he owed them thousands of dollars. He thought his life was over, and even if survived, he was afraid he was financially ruined because of identity theft.

But last week, the 40-year-old Drew announced he'd had a stroke of good fortune.

He settled with TransUnion, a credit reporting company in Chicago, one of six banks and credit card companies he sued under fair-credit and consumer-protection laws.

All Drew would say from his bed at O'Connor Hospital in San Jose - a small grin on his face - was that the money was "considerable" and "unprecedented."

Source - Mercury News

hat-tip, The Consumerist blog

[From the article:

The deal with TransUnion was reached in January. But Drew, who is temporarily living with his parents in Los Gatos because a redwood tree fell onto his San Jose condominium in January, didn't get around until announcing the news until Thursday. He's been undergoing severe joint replacement surgeries, first his hip, then his ankle, and last week, his knee.

Worth a look? Perhaps others could point to these resources?

Privacy made easier

3/28/2008 07:20:00 AM Posted by Jane Horvath, Senior Privacy Counsel

... With that in mind, today we're announcing a revamp of our Privacy Center. The new Center is a one-stop-shop for privacy resources, with various multi-media formats aimed to help you further understand how we store and use data, how to control who you share your data with, and how we protect your privacy.

They will sell this as a medical device (automatically dials 911 when the owner stops breathing) and a security device (works only for the “proper” user) but it could also “report” the DNA scans to insurance companies, governments, and other interested bystanders. Some times there is too much convergence...

NTT DoCoMo steps towards bio-sensing cell phones

Researchers demonstrate technology that could eventually enable phones to monitor owner's health

By Martyn Williams, IDG News Service March 28, 2008

Ah... Another political solution to a technological problem.

Washington state passes RFID antispying law

Skimming personal data off an RFID card could lead to 10-year prison sentence

By Sharon Gaudin

March 27, 2008 (Computerworld) Washington Gov. Chris Gregoire this week signed a bill making it a Class C felony to use radio frequency identification (RFID) technology to spy on someone. ??

Related? Or just a “well, duh” article?

Analyst: Money will fuel mobile spying programs

Programs could ultimately become harder to detect, speaker at Black Hat says

By Jeremy Kirk, IDG News Service March 28, 2008

... Some of the more well-known spy programs are Neo-cal land FlexiSpy. Neo-call is capable of secretely forwarding SMS (Short Message Service) text messages to another phone, transmitting a list of phone numbers called, and logging keystrokes. FlexiSpy has a neat, Web-based interface that shows details of call times, numbers and SMSes, and it can even use a phone's GPS (Global Positioning System) receiver to pinpoint the victim's location.

Interesting method to improve a weak law.

Ca: iOptOut: My Response to the Do-Not-Call Disappointment

Thursday, March 27 2008 @ 01:13 PM EDT Contributed by: PrivacyNews News Section: Non-U.S. News

Regular readers of my work will know that I have been frustrated by Canada's do-not-call list, which contains far too many exceptions and has taken an embarrassingly long time to become operational. In response, today I am launching iOptOut, a website that will allow Canadians to opt-out of further phone calls (and emails) from dozens of organizations with a single click.

I began to develop the site soon after the do-not-call bill became law. The premise is simple - under the law, exempted organizations (which include charities, political parties, polling companies, newspapers, and companies with a prior business relationship) are permitted to make unsolicited telephone calls despite the inclusion of a number in the do-not-call registry. However, organizations must remove numbers from their lists if specifically requested to do so.

Source - Michael Geist's Blog

This is interesting. By extension, I could be next (since I link to a link that links to the link the French don't like...) No doubt Napoleon would say, “Je n'ai aucune idée de ce que vous parlez.”

French court fines user-generated website for privacy breach

Thursday, March 27 2008 @ 02:56 PM EDT Contributed by: PrivacyNews News Section: In the Courts

A Paris court ruled on Thursday that a user-generated website had violated a film star's privacy by hosting a link to a report about him, in a potentially landmark ruling for the French Internet.

The court ruled that made an "editorial" decision to link to a story on a gossip news site about French actor Olivier Martinez and his relationship with singer Kylie Minogue -- and was therefore responsible for its content.

The website -- taken offline following the lawsuit -- allowed users to post links to their favourite stories elsewhere on the web, with the most popular ones automatically displayed at the top spot.

Its creator Eric Dupin was ordered to pay 1,000 euros (1,600 dollars) in damages to Martinez and 1,500 euros in legal costs.

Source - AFP

Could this be done correctly?

Hagens Berman Sobol Shapiro: Heavily Promoted Identity-Theft Protection Company, LifeLock, Sued for Misleading Consumers

Friday, March 28 2008 @ 07:13 AM EDT Contributed by: PrivacyNews News Section: In the Courts

Today an Arizona consumer filed a proposed class-action lawsuit against LifeLock, a heavily promoted company that claims to protect consumers against identity theft. The lawsuit alleges that the three-year-old company defrauds customers by offering services it cannot legally perform, and by touting a $1 million guarantee that the suit alleges is wildly misleading.

Filed in United States District Court for the District of Arizona, the suit seeks to recover money consumers paid to LifeLock.

[...] According to the complaint.... LifeLock will not pay any losses directly to the consumer and does not cover consequential or incidental damages to identity theft. The guarantee is limited to fixing failures or defects in the LifeLock services and paying other professionals to attempt to restore losses.

"The fine print in this $1 million guarantee is so limiting, we think it is almost worthless," said Rob Carey, partner in the law firm Hagens Berman Sobol Shapiro, who is representing consumers. "LifeLock buries the truth beneath a pile of inconsistencies and disclaimers so deep that we believe the intent is to mislead consumers so they don't make claims."

[...] According to the suit, LifeLock's "proven solution" consists of illegally placing and renewing fraud alerts under consumers' names with credit bureaus. Under the federal Fair Credit Reporting Act, however, corporations such as LifeLock are not allowed to place fraud alerts on a consumers' behalf - in fact, according to the complaint, the law was written so as to specifically bar credit-repair companies from improperly using fraud alerts.

Source - PR Newswire

What ever you do, don't fix the problem!

Can The DMCA Be Used To Stifle Speech?

from the we're-about-to-find-out dept

Last summer, we wrote about a very questionable DMCA lawsuit filed by The company lets people download coupons using its own software. The software is designed to limit how many copies of a coupon people can make. The company accused John Stottlemire of violating the anti-circumvention part of the DMCA by offering up some software that would help people get around the copy limit. However, he didn't just offer up software to do it, elsewhere he explained how you could do it manually, just by deleting a couple of files on your computer. That's hardly a "hack." There was no encryption to defeat, just some files to delete. Basically, couldn't be bothered to come up with a system that was actually secure and put in only the weakest of "protections." [Sound familiar? Bob]

Yet, claims that telling people to delete some files is circumventing their copy protection. The EFF (along with the Samuelson Law, Technology & Public Policy Clinic at UC Berkeley) have now filed an amicus brief with the court pointing out the numerous problems with the charges. As the filing notes, the DMCA is focused on people providing a "technology, product, service, device, component, or part thereof," and comments on a website hardly seem to qualify. It also notes that even if the court interprets written comments to be included, the DMCA is specific that it does not diminish any free speech rights. The filing also looks at other problems with the filing, including the company mixing up the difference between access controls and rights controls. Hopefully the judge realizes that this is (yet another) abuse of the DMCA and tosses the case out quickly.

Ineresting article

Slate Magazine - The Education of a 9/11 Reporter — The inside drama behind the Times' warrantless wiretapping story.

[From the article:

For more than an hour, we told Bush's aides what we knew about the wiretapping program, and they in turn told us why it would do grave harm to national security to let anyone else in on the secret. Consider the financial damage to the phone carriers that took part in the program, one official implored.

Out of the mouths of babes...

Mainstream Press Finally Realizing That Kids Want To Share News, Not Read News

from the it-took-them-this-long? dept

In an interesting followup to our earlier post about the state of the news business, Robin writes in to point us to a NY Times article all about how a younger generation of news readers now focus on sharing the news, rather than just consuming it. Mathew Ingram highlights the key sentence in the article, from a college student: "If the news is that important, it will find me." Very few mainstream publications have grasped that concept, even if some folks have been saying the same thing for years. It's time for those in the newspaper business to stop thinking of readers as straight consumers. They're distributors, promoters, creators and analysts of the news as well. Once you recognize that, you start to change how you approach the news business. You certainly get rid of paywalls and registration walls, and you start enabling your users to do more, rather than less, with the news.

Is this an indication of where the Feds are heading? (Not enough details in the story)

RI: Jury Rules Against City In Wiretapping Suit

Thursday, March 27 2008 @ 08:10 PM EDT Contributed by: PrivacyNews News Section: Workplace Privacy

A federal jury returned a verdict against city of Providence authorities for illegally recording the phone calls of their employees at a public safety complex.

City officials said the jury on Wednesday awarded compensatory and punitive damages of about $525,000 to be split among the more than 100 plaintiffs.

Source -

Ignorance or intent?

California Reviews... And Decertifies... More ES&S E-Voting Machines

from the a-lesson-in-weak-security dept

Remember how e-voting firm ES&S was so against letting California's Secretary of State have an independent security team review their e-voting machines? Well, now we know why. The state had already released one damning security report and sued ES&S for giving the state uncertified machines. Now the state has come out with another report on more ES&S machines and the story gets worse and worse and worse. The good news is that California won't certify any of them. The bad news is that ES&S appears to not only be belligerent in not wanting to let California review its machines, but it also seems to be incompetent as well. As Dan Wallach notes in reviewing the report, ES&S appears to have outright ignored issues that the state asked them to address. As for the machines themselves? There seem to be all sorts of problems, including an awful lot of data stored in cleartext rather than encrypted, easily accessible and easily changed or corrupted data, and seldom-used and easily-broken password protection. Physical locks were all easily picked (some within 5 seconds, the rest within a minute). In other words, the security is a near total joke. This, despite the fact that people have been pointing out these kinds of security concerns for over five years. I wonder if the guy from ES&S who showed up a year ago and told us all we had no clue what we were talking about and swearing up and down that the machines were safe will come back and explain these latest results.

This is interesting. I wonder what scared them? (We know it wasn't their customers.)

Comcast agrees not to interfere with file-sharing

Friday, March 28 2008 @ 06:20 AM EDT Contributed by: PrivacyNews News Section: Internet & Computers

Comcast Corp., an Internet service provider under investigation for hampering online file-sharing by its subscribers, announced Thursday an about-face in its stance and said it will treat all types of Internet traffic equally.

Source - CNN

[From the article:

On Thursday, Comcast said that by the end of the year, it will move to a system that manages capacity without favoring one type of traffic over another. [I bet they still sell “unlimited” service, and will still impact the same (high volume) people. Bob]

This seems strategically backward to me. Volunteers will report more “incidents” that the cops must investigate, but the cops are overloaded with paperwork today – why generate more?

AU: Surveillance volunteers need training, says MP

Thursday, March 27 2008 @ 08:12 PM EDT Contributed by: PrivacyNews News Section: Non-U.S. News

The South Australian Opposition says it wants an assurance that volunteers recruited for a new surveillance program will get proper police training.

Police are expected to launch a number of programs for volunteers to carry out surveillance in public areas.

Opposition police spokesman David Ridgway says the plan is good in theory but must be done carefully.

Source - ABC (AU)

I think my hackers would like to try this?

Next time you go to the loo, bring your locked laptop with you

Friday, March 28 2008 @ 06:28 AM EDT Contributed by: PrivacyNews News Section: Internet & Computers

Building off recent research that showed how to extract encryption keys from a computer's memory, a penetration testing company has unveiled a tool that sniffs out passwords, documents, and other sensitive data in a matter of minutes.

DaisyDukes is a memory sniffer that resides on a USB device. A researcher can plug it into an unattended machine that is turned on but has been locked and reboot the machine off a compact operating system contained on the drive. Depending on the user's needs, it can be configured to capture the entire contents of a computer's memory, or sniff out only certain types of data - say a password to access the company network or unlock a user's private encryption key.

Source - The Register

My hacker students need heroes...

Gone in 2 minutes: Mac gets hacked first in contest

CanSecWest's PWN 2 OWN contest was won in 2 minutes -- after the rules were relaxed a bit -- as Charlie Miller hacked a MacBook Air

By Robert McMillan, IDG News Service March 27, 2008

It may be the quickest $10,000 Charlie Miller ever earned.

... Nobody was able to hack into the systems on the first day of the contest when contestants were only allowed to attack the computers over the network, but on Thursday the rules were relaxed so that attackers could direct contest organizers using the computers to do things like visit Web sites or open e-mail messages.

... Miller, a former National Security Agency employee best known as one of the researchers who first hacked Apple's iPhone last year, didn't take much time. Within 2 minutes, he directed the contest's organizers to visit a Web site that contained his exploit code, which then allowed him to seize control of the computer, as about 20 onlookers cheered him on.

He was the first contestant to attempt an attack on any of the systems.

Thursday, March 27, 2008

There seems to be little news on the Hannaford breach. Perhaps it has become to commonplace?

Banks saddled with costs to replace compromised cards

Wednesday, March 26 2008 @ 11:42 AM EDT Contributed by: PrivacyNews News Section: Breaches

The multi-million dollar tab for replacing credit and debit cards that were compromised by the Hannaford Brothers security breach will likely be borne by banks and credit unions that issued the cards.

The Maine-based supermarket chain says it fulfilled its responsibility by identifying and fixing the breach and notifying customers, credit card companies and financial institutions.

Source -

What is an appropriate fine?

CVS, Texas Settle Over Record Dumping

Wednesday, March 26 2008 @ 05:56 PM EDT Contributed by: PrivacyNews News Section: Breaches

Caremark Corp. will overhaul its information security system and pay the state of Texas $315,000 to settle a lawsuit that accused the drugstore operator of dumping credit card numbers, medical information and other material from more than 1,000 customers into a garbage container.

[…] Records allegedly dumped by employees behind the store included credit and debit card numbers and prescription forms that contained customers’ names, addresses, dates of birth and types of medications, Abbott has said.

CVS’s revamped information security program must have administrative, technical and physical safeguards designed to protect the personal information of customers. It also must create a training program to inform new hires of its enhanced security procedures and conduct unannounced compliance checks at some stores, among other measures.

Source - Houston Chronicle

[From the article:

On Monday, the company said it expects full-year revenue of more than $85 billion.

I doubt there is a high percentage of credit card owners in this database. Perhaps the plan is to overwhelm the banks with credit applications?

Privacy breach: Russians exposed on internet

Wednesday, March 26 2008 @ 10:37 AM EDT Contributed by: PrivacyNews News Section: Breaches

Millions of Russians and other CIS citizens have had their private details placed on the internet, in what many say is a massive breach of human rights.

It’s not clear who’s behind the internet site, as the authors have carefully hidden their identity. The site is registered to an apparent false name in California and the server is located in the U.S. city of Saint-Lewis.

For many years secret databases from the Interior Ministry, road police and phone operators have been available on the Russian black market.

Source - Russia Today

When you understand that technologies will converge (global positioning systems, auto “black box” and insurance databases) this should be obvious. Still available for patent: Speeding; failure to slow in a school zone, rolling through a stop sign, failure to signal a turn... Probably the entire list of possible traffic violations.

IBM Patents Real-Time Auto Insurance Surcharges

from the fair's-fair dept

theodp writes "Better think twice before volunteering to tutor underprivileged kids or delivering Christmas gifts to homeless children. Thanks to IBM, you could be rewarded with a hefty car insurance premium increase for your efforts. A new patent was issued to Big Blue last Tuesday for its 'invention' of the Location-Based Vehicle Risk Assessment System, which describes how surcharges will be added to your auto insurance premium when a GPS device reports that you drove into an area in IBM's bad neighborhood database (stay too long and your car is disabled). It's all about assigning insurance costs more appropriately, explains Big Blue, which used the same argument to justify punishing employees for having fat kids."

Sometimes I forget that there are states who don't require notification...

Man sentenced for theft of drive with 1 million bank records

Wednesday, March 26 2008 @ 11:08 PM EDT
Contributed by: PrivacyNews
News Section: Breaches

The following refers to the story we reported here on Mar. 23. Computerworld now adds that Real stole a hard drive containing the database, and that not everyone who had account info on the drive was notified of the theft....

A former programmer at Birmingham, Ala.-based Compass Bank who stole a hard drive containing one million customer records and used some of that information to commit debit-card fraud was sentenced last week to 42 months in prison by an Alabama District Court judge.

Source - Computerworld

[From the article:

The Compass Bank compromise is one of the largest bank-related breaches yet revealed, in terms of the number of customer records that were potentially exposed. The incident, however, appears to have surfaced for the first time only after the Birmingham News carried a story on the sentencing last week.

... As a result, apart from the 250 or so individuals from whose accounts Real fraudulently withdrew money, no other customers were notified of the incident, Bilek said.

Interesting, but this seems a bit “off.” Is it required that government agencies “spin” their programs? Isn't it a bit disingenuous to say that Real ID is under the control of individual states when the Feds dictate the information/evidence states must gather and states must share that information (How else could a Real ID be the basis for access to (federal) government buildings and services?)

Setting the Record Straight on REAL ID -- Part II Privacy

Wednesday, March 26 2008 @ 06:16 PM EDT Contributed by: PrivacyNews News Section: REAL ID

Is REAL ID a threat to privacy? There are critics who will say so. But, these same critics can’t and won’t tell you precisely how REAL ID threatens privacy. There’s a reason for that. They have no evidence. The facts are that REAL ID will actually increase privacy protections for Americans, and in several concrete ways.

Source - Dept. of Homeland Security

If the government is looking at every transaction, is there a market for off-shore, Internet based, financial institutions that don't share information?

Bob Barr: Every bank transaction triggers snooping

Wednesday, March 26 2008 @ 11:59 AM EDT Contributed by: PrivacyNews News Section: Businesses & Privacy

I am not an Eliot Spitzer fan. The now-former New York governor and I have disagreed privately and publicly on any number of issues, mostly involving questions of prosecutorial abuse. Still, I have great concern with the manner in which his fall from grace was orchestrated, and with the federal laws and regulations on which it was based. The sad saga of Spitzer should concern every American, or at least all those who maintain accounts at any financial institution or who engage in any form of electronic financial transactions.

The web of snooping in which federal investigators and regulators are now able to ensnare any person who engages in any form of financial transaction has become so complex and pervasive that almost no person anywhere in the world can escape its clutches.

Source - AJC

“Well it seemed like a good idea right up until the time all those citizens pointed out to our crack law firm that it was probably illegal. We've decided to go without security until we can think of something else to do...”


Wednesday, March 26 2008 @ 01:07 PM EDT Contributed by: PrivacyNews News Section: Non-U.S. News

Airport operator BAA will not be taking fingerprints of passengers using Heathrow's £4.3 billion Terminal 5 (T5) following doubts over the legality of such a move.

BAA had hoped to fingerprint T5 domestic-flight passengers and international passengers transferring on to domestic flights at the west London airport from the start of business at the new terminal on Thursday.

But the Information Commissioner's Office was concerned the fingerprinting could breach the Data Protection Act.

Source - Daily Express

When you have a technology that is “harmless,” there is a tendency to use it more frequently. (The Brits studied the use of “rubber bullets” in Northern Ireland and found an increase in serious injury.)

RCMP boss orders second look at Taser forms after critics slam secrecy

By Sue Bailey And Jim Bronskill, THE CANADIAN PRESS Wednesday, March 26, 2008

OTTAWA - The RCMP, stung by criticism over secrecy, is rethinking its decision to strip Taser reports of crucial information after the public safety minister demanded a second look.

... The force no longer reveals whether Tasered people were armed or not, the precise dates of firings, and whether the device caused any burns, cuts or bruises.

... The Mounties said they correctly withheld information on the forms under provisions of the information law related to personal privacy and police investigations.

Tremblay had no comment when asked if the RCMP broke the law by previously releasing details that it now insists must be protected.

A Canadian Press analysis last November of 563 cases between 2002 and 2005 found three in four suspects Tasered by the RCMP were unarmed.

Technology diffusion. Once the exclusive tools of the military, coming soon to a neighborhood near you! (It sure looks interesting. Ducted fan, so it shows no rotor blades and no wings.)

Aerial Drones To Help Cops In Miami

Posted by Zonk on Wednesday March 26, @01:23PM from the now-we-just-need-a-good-rigger dept. Government Privacy Robotics Technology

Catoonsis writes

"Reuters is reporting that 'Miami police could soon be the first in the United States to use cutting-edge, spy-in-the-sky technology to beef up their fight against crime.' The police force is planning to make use of a small aerial drone, capable of hovering and quick maneuvers, to monitor the Miami-Dade area and alert officers of potential problems. The device, manufactured by Honeywell, is awaiting FAA approval before it can be put into use. This decision is just the latest chapter in the developing relationship between law enforcement and robotic assistants. 'U.S. Customs and Border Protection has been flying drones over the Arizona desert and southwest border with Mexico since 2006 and will soon deploy one in North Dakota to patrol the Canadian border as well. This month, Customs and Border Protection spokesman Juan Munoz Torres said the agency would also begin test flights of a modified version of its large Predator B drones, built by General Atomics Aeronautical Systems, over the Gulf of Mexico.'"


Safer Children in a Digital World: the report of the Byron Review

Published 27th March 2008

On 6th September the Prime Minister asked me to conduct an independent review, looking at the risks to children from exposure to potentially harmful or inappropriate material on the internet and in video games.

  • Safer Children in a Digital World (Full)
    The Full Report also contains a glossary, bibliography, details of the Review process, and a list of key contributors to the Review.

Free is good!

Free Web Version of Photoshop Launches

By AMANDA FEHDAssociated Press Writer Mar 27, 9:45 AM EDT

SAN FRANCISCO (AP) -- The maker of the popular photo-editing software Photoshop on Thursday launched a basic version available for free online.

How could I not include this?

8 Healthy Reasons To Drink Beer — Fighting many of the diseases related to aging may be as simple as raising a glass.

Wednesday, March 26, 2008

Think of this as Identity Theft with “Instant Consequences” (Not the first time this has happened)

Man scammed by Craigslist ad

The Associated Press Monday, March 24, 2008 - Page updated at 07:23 PM

JACKSONVILLE, Ore. — A pair of hoax ads on Craigslist cost an Oregon man much of what he owned.

The ads popped up Saturday afternoon, saying the owner of a Jacksonville home was forced to leave the area suddenly and his belongings, including a horse, were free for the taking, said Jackson County sheriff's Detective Sgt. Colin Fagan.

But Robert Salisbury had no plans to leave. The independent contractor was at Emigrant Lake when he got a call from a woman who had stopped by his house to claim his horse.

On his way home he stopped a truck loaded down with his work ladders, lawn mower and weed eater.

"I informed them I was the owner, but they refused to give the stuff back," Salisbury said. "They showed me the Craigslist printout and told me they had the right to do what they did."

... The trespassers, armed with printouts of the ad, tried to brush him off. "They honestly thought that because it appeared on the Internet it was true," Salisbury said. "It boggles the mind."

... Detectives have contacted Craigslist's legal team to try to trace the ad.

Meanwhile, Salisbury could not even relax on his porch swing.

Someone took it.

I suppose it is better than a “double secret” wiretap...

Indian Blackberry network given 15 days to allow government snooping or shut down

Tuesday, March 25 2008 @ 05:15 PM EDT Contributed by: PrivacyNews News Section: Non-U.S. News

The last we'd heard, the Indian government had ruled out the threat of a Blackberry ban if RIM didn't allow it to snoop on messages, but it looks like some overzealous bureaucrat is getting his way after all: the Department of Telecom has issued a 15-day deadline for RIM to either open up for the G-men or get shut down.

Source - engadget

Future Law?

Corporate employee blogs: Lawsuits waiting to happen?

Posted by Anne Broache March 26, 2008 4:00 AM PDT

A recent libel lawsuit filed against Cisco Systems over one of its employees' personal blogs could spur companies, many of which have encouraged workers to share their writings publicly, to reconsider how much latitude to give them.

... Cisco's legal trouble stems from a Blogspot-hosted blog called Patent Troll Tracker, which Rick Frenkel, who directs the company's intellectual property department, launched last May. His posts focused on patents and patent litigation--an issue that Cisco has pressed Congress to address by overhauling what it views as a broken U.S. patent system.

A few weeks ago, Frenkel revealed his identity, and two patent attorneys in Texas filed suit, accusing him of tarnishing their good names and disparaging a patent case their client had filed against Cisco--all the while allegedly concealing his affiliation with the company.

When WalMart speaks, people listen (if the RIAA does not, what does that indicate?)

Must a CD Cost $15.99?

Posted by kdawson on Tuesday March 25, @03:39PM from the selling-partner-who-does-not-care dept.

scionite0 sends us to Rolling Stone for an in-depth article on Wal-Mart and the music business. Wal-Mart is the largest music retailer selling "an estimated one out of every five major-label albums" in the US. Wal-Mart willingly loses money selling CDs for less than $10 in order to draw customers into the store, but they are tired of taking a loss on CDs. The mega-retailer is telling the major record labels to lower the price of CDs or risk losing retail space to DVDs and video games. (Scroll to the bottom of the article for a breakdown of where exactly the money goes on a $15.99 album sale.)

"[A Wal-Mart spokesman said:] 'The record industry needs to refine their business models, because the consumer is the ultimate arbitrator. And the consumer feels music isn't properly priced.'

[While music executives are quoted:] 'While Wal-Mart represents nearly twenty percent of major-label music sales, music represents only about two percent of Wal-Mart's total sales. If they got out of selling music, it would mean nothing to them. This keeps me awake at night.'

[And another:] 'Wal-Mart has no long-term care for an individual artist or marketing plan, unlike the specialty stores, which were a real business partner. At Wal-Mart, we're a commodity and have to fight for shelf space like Colgate fights for shelf space.'"

For economists, the firm that brought us “All the Worlds Aircraft” and “All the Worlds Warships” now brings us...

March 25, 2008

Jane's Information Services Ranks 50 Most Stable and Properous Countries in the World

UK Times Online: "A one-year investigation and analysis of 235 countries by Jane's Information Services has put the UK joint seventh in the premier league of nations with the US at 22nd and Switzerland, normally associated with wealth and untouchable stability, is rated 17th. Here is the full list..."

Interesting copyright opinion...

Turnitin Found Not To Violate Student Copyrights

from the might-be-a-good-thing-for-Google... dept

Last year, we noted that some students were suing iParadigms, the makers of "Turnitin" the excessively popular plagiarism checker used by many colleges and high schools. The professors feed student papers into the system, and it returns a "score" judging how likely the paper is to be plagiarized. However, it also takes a copy of each paper and includes it in its database for future plagiarism checks. This annoyed quite a few students who felt that this was copyright infringement -- using their papers in a commercial database.

However, a court has now rejected the students' arguments and found that Turnitin does not violate the copyright of the students for a variety of reasons. First there is the fact that students had to agree to the terms of the service to use it -- even if they were forced to by their schools. However, the court finds that this is a problem for the schools, not Turnitin. But, much more interesting is the rationale for why storing those papers is considered "fair use." Among other things, the court found that Turnitin isn't using the papers for their creative meaning and even though it stores the entire document, it doesn't really publish a full copy of it for others to see.

That becomes especially interesting given the current lawsuit concerning Google's scanning of books from various university libraries, as it may be able to note the similarities in this situation to Turnitin's. There are some differences -- and clearly, the publishers will claim that the impact on the commercial value is quite different (despite evidence to the contrary -- but this ruling is likely to help Google's position at least somewhat.

Related? Perhaps running those papers through this site would hide any plagiarism. I can always use it to better communicate with my students... - Who Sed Yur Stoopid

Many of the Clement Greene ilk, aka snobs, bemoan the atrocities done to language on the internet. Literacy, they complain, takes a nose dive and we’re left with utterances and symbols such as %##Rttttdkal, and who can forget those cheezburger cats. The internet makes you dumb. Well, that’s what some say, and Unintelligencer seems to heartily agree. In fact, they’ll help you dumbify your speech so that it fits in with the rest of the Youtube crowd. Paste some text or a feed url into the site, pick your level of idiocy—there are 5 to choose from, a little dumb, idiot, moron, re-re and incomprehensible—and hit the button. Unintelligencer will translate your formerly correct and upstanding discourse into a mix of Trollish, Lolcat Pidgin, Noobian and 4chanese among others. Join the fight against literacy today; stupidize your speech.

[A simple test:

IN: Don't forget! All papers are due on the last day of class.

OUT: No forget! Awl papers am due oan tehz last day of class.

Comcast is a monopoly (in designated areas) will this work for them too?

It's Good To Be A Monopoly: Bell Canada Tells ISPs To Shut Up And Accept Traffic Shaping

from the what-are-you-gonna-do? dept

Remember how Bell Canada had decided to start traffic shaping without telling any of its ISP resellers? Well, in a meeting with those resellers, the company both admitted it and told them there was nothing they could do about it, even if it meant that those ISPs were violating their own terms of service and promises to customers. It's good to be a monopoly, you see. Since those ISPs have nowhere else to go, Bell Canada is able to do whatever it wants to the network, and if those ISPs don't like it, they're pretty much out of luck.

Target? I'll mention this in my Hacking (Computer Security) class...

Forget E-Voting Problems, Now We Have To Worry About E-Census Problems Too

from the new-technology-isn't-always-good... dept

It looks like the US census is the latest process to be prematurely "automated" under the silly belief that computers automatically do everything better. Reports are coming out about how the new computerized census systems aren't just costly, they might also be inaccurate (bonus!). The system involves handheld devices for census-takers, but the devices are apparently not that intuitive. Thus there are additional training costs involved, and no one seems keen on paying for that. There are a few options here, including mostly ignoring the new system (which only cost $600 million in taxpayer money) and going back to a more manual process. However, the company that provided the devices insists the complaints are overblown and with just half an hour of training anyone could understand how to use the devices. Either way, it should be a reminder that any attempt to automate a process that uses the "just add technology!" component probably is going to be something of a disaster.

Tools & Techniques: Convergence means you can show that “slightly used” dog bone in your ad. - Video Classifieds

Move over Craigslist, classified ads just got visual.

Also for my Hacking class

CRS Report: Cybercrime: An Overview of the Federal Computer Fraud and Abuse Statute and Related Federal Criminal Laws

Tuesday, March 25 2008 @ 05:29 PM EDT Contributed by: PrivacyNews News Section: Fed. Govt.


The federal computer fraud and abuse statute, 18 U.S.C. 1030, outlaws conduct that victimizes computer systems. It is a computer security law. It protects federal computers, bank computers, and computers connected to the Internet. It shields them from trespassing, threats, damage, espionage, and from being corruptly used as instruments of fraud. It is not a comprehensive provision, but instead it fills crack and gaps in the protection afforded by other federal criminal laws. This is a brief sketch of section 1030 and some of its federal statutory companions.

In their present form, the seven paragraphs of subsection 1030(a) outlaw:

  • computer trespassing (e.g., hacking) in a government computer, 18 U.S.C. 1030(a)(3);

  • computer trespassing (e.g., hackers) resulting in exposure to certain governmental, credit, financial, or commercial information, 18 U.S.C. 1030(a)(2);

  • damaging a government computer, a bank computer, or a computer used in interstate or foreign commerce (e.g., a worm, computer virus, Trojan horse, time bomb, a denial of service attack, and other forms of cyber attack, cyber crime, or cyber terrorism), 18 U.S.C. 1030(a)(5);

  • committing fraud an integral part of which involves unauthorized access to a government computer, a bank computer, or a computer used in interstate or foreign commerce, 18 U.S.C. 1030(a)(4);

  • threatening to damage a government computer, a bank computer, or a computer used in interstate or foreign commerce, 18 U.S.C. 1030(a)(7);

  • trafficking in passwords for a government computer, a bank computer, or a computer used in interstate or foreign commerce, 18 U.S.C. 1030(a)(6); and

  • accessing a computer to commit espionage, 18 U.S.C. 1030(a)(1).

Subsection 1030(b) makes it a crime to attempt to commit any of these offenses. Subsection 1030(c) catalogs the penalties for committing them, penalties that range from imprisonment for not more than a year for simple cyberspace trespassing to a maximum of life imprisonment when death results from intentional computer damage. Subsection 1030(d) preserves the investigative authority of the Secret Service. Subsection 1030(e) supplies common definitions. Subsection 1030(f) disclaims any application to otherwise permissible law enforcement activities. Subsection 1030(g) creates a civil cause of action of victims of these crimes.

This report is available in abbreviated form – without the footnotes, citations, quotations, or appendices found in this report – under the title Cybercrime: A Sketch of 18 U.S.C. 1030 and Related Federal Criminal Laws, RS20830.

Source - Full Report [pdf] CRS, updated February 25, 2008

Via Secrecy News blog

As they become increasingly rare and valuable, this site will become more and more useful. (Who says the technologies aren't complementary?)

Conservation Book Repair: A training manual by Artemis BonaDea

Illustrated by Alexandria Prentiss Alaska State Library, Alaska Department of Education, 1995

Still trying to work out a “Wine tasting” site where everyone sends me free samples...

March 21, 2008 08:01 AM Eastern Daylight Time

Top Wine Blogs Honored at American Wine Blog Awards

[List and ballot: Bob]

They got cool stuff.

New Digital Collections Page

The Library has launched a redesigned and improved Digital Collections page on its web site.