Saturday, May 03, 2008

I don't know if I'd refer to breaches my employees didn't know about. (and other strange things...)

http://www.pogowasright.org/article.php?story=20080502131843517

UK: BP Memo Warns Of "Catastrophic" Risk Of Information Leaks

Friday, May 02 2008 @ 01:18 PM EDT Contributed by: PrivacyNews News Section: Breaches

PogoWasRight.org editor's note: this story contains references to severally previously unreported breached involving BP:

... The memo warns BP's employees of potentially "catastrophic" consequences if staff transfer sensitive data outside the company. Offering examples of such potentially harmful information leaks, the memo cites a U.S. Gulf of Mexico identity theft, the stealing of a U.K. laptop computer containing executive pay details, and the separate near-collapse of an Asia-Pacific deal.

In a Powerpoint presentation attached to the memo, seen by Dow Jones Newswires, the U.K. oil giant mentions a case in which "a laptop containing a number of highly sensitive documents, including salary details of some of BP's most senior executives, was stolen from an employee's car." The employee had gone dining at a restaurant close to BP's Sunbury office, which hosts its U.K. exploration and production activities.

[...]Finally, the document cites how a U.S. Gulf training contractor stole "BP employee identities to secure phones, loans and utilities."

Source - EasyBourse



One for the bookshelf (or I may actually read it)

http://www.pogowasright.org/article.php?story=2008050215505153

Solove: Understanding Privacy

Friday, May 02 2008 @ 03:50 PM EDT Contributed by: PrivacyNews News Section: Other Privacy News

Privacy lawyer Dan Solove has a new book out, Understanding Privacy. Here's the publisher's blurb on it:

Privacy is one of the most important concepts of our time, yet it is also one of the most elusive. As rapidly changing technology makes information more and more available, scholars, activists, and policymakers have struggled to define privacy, with many conceding that the task is virtually impossible.

In this concise and lucid book, Daniel J. Solove offers a comprehensive overview of the difficulties involved in discussions of privacy and ultimately provides a provocative resolution. He argues that no single definition can be workable, but rather that there are multiple forms of privacy, related to one another by family resemblances. His theory bridges cultural differences and addresses historical changes in views on privacy. Drawing on a broad array of interdisciplinary sources, Solove sets forth a framework for understanding privacy that provides clear, practical guidance for engaging with relevant issues.

Understanding Privacy will be an essential introduction to long-standing debates and an invaluable resource for crafting laws and policies about surveillance, data mining, identity theft, state involvement in reproductive and marital decisions, and other pressing contemporary matters concerning privacy.

You can Download the first chapter to get a sense of the book, which can be ordered from Amazon.com or Barnes & Noble



So much turmoil in only 15 years...

http://www.cnet.com/8301-13641_1-9933894-44.html?tag=bnpr

May 1, 2008 4:56 PM PDT

Happy 15th birthday, WWW

Posted by Adam Richardson Post a comment

Fifteen years ago yesterday, the World Wide Web became official and was put into the public domain.


An even more historical (older) computing milestone... (Notice that is remains virus free!) They plan to build a virtual Difference Engine – I hope to get a copy...

http://www.news.com/2300-1041_3-6238822-1.html?part=rss&tag=6238822&subj=news

The Victorian engine that could

May 2, 2008 3:43 PM PDT Caption text by Kara Tsuboi

Calling all history buffs: Charles Babbage's Difference Engine No. 2 is making its North American debut at the Computer History Museum in Mountain View, Calif.

A forward-thinking mathematician and engineer, Babbage designed the Difference Engine in 1847. His intent was to create an automated computing machine, but he was never able to turn his vision into reality.

Fast forward 150 years, and an impassioned Babbage expert and wealthy financier have teamed up to build Babbage's dream via a new exhibit running through next April. (Click here for related video)



Two for my Computer Security students...

http://www.bespacific.com/mt/archives/018245.html

May 02, 2008

NIST Computer Security Division 2007 Annual Report

"The NIST Computer Security Division...release of NIST Interagency Report (IR) 7442: Computer Security Division - 2007 Annual Report. This publication highlights the diverse research agenda that enabled the Computer Security Division to successfully respond to numerous challenges and opportunities in fulfilling its mission to provide standards and technology that protects information systems against threats to the confidentiality, integrity, and availability of information and services."


The HIPAA act was 1996. Guidelines in 2008. Implementation by 2020?

http://www.bespacific.com/mt/archives/018244.html

May 02, 2008

An Introductory Resource Guide to Implementing the Health Insurance Portability and Accountability Act

"NIST announces the release of the public draft of Special Publication 800-66 Revision 1, An Introductory Resource Guide to Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule (Draft). This Special Publication (SP), which discusses security considerations and resources that may provide value when implementing the requirements of the HIPAA Security Rule, was written to help educate readers about information security terms used in the HIPAA Security Rule and to improve understanding of the meaning of the security standards set out in the Security Rule, direct readers to helpful information in other NIST publications on individual topics the HIPAA Security Rule addresses, and aid readers in understanding the security concepts discussed in the HIPAA Security Rule. This publication does not supplement, replace, or supersede the HIPAA Security Rule itself. Comments on Draft SP 800-66 Revision 1 will be accepted through June 13, 2008."

Friday, May 02, 2008

“What, me hurry?” A. E. Newman

http://www.pogowasright.org/article.php?story=20080501195923906

UCSF waited six months before telling patients of data breach

Thursday, May 01 2008 @ 07:59 PM EDT Contributed by: PrivacyNews News Section: Breaches

Information on thousands of UCSF patients was accessible on the Internet for more than three months last year, a possible violation of federal privacy regulations that might have exposed the patients to medical-identity theft, The Chronicle has learned.

The information accessible online included names and addresses of patients along with names of the departments where medical care was provided. Some patient medical record numbers and the names of the patients' physicians also was available online.

The breach was discovered Oct. 9, but the medical institution did not send out notification letters to the 6,313 affected patients until early April, nearly six months later.

.... UCSF had shared information on its patients with a vendor, Target America Inc., which mines electronic databases amassing information about a nonprofit's potential or existing donors.

Source - San Francisco Chronicle

[From the article:

"The breach is a symptom, but the real ethics challenge is the extent to which health care institutions are tracking patients and their families for nonmedical reasons - for fundraising, marketing, advertising," Caplan said. "I don't think people are aware of the degree to which this is occurring, whether it's by a hospital or a nursing home or a hospice."



Do they really mean mimic? If so, why is this good news?

• verb (mimicked, mimicking) 1 imitate in order to entertain or ridicule. 2 (of an animal or plant) take on the appearance of (another) to deter predators or for camouflage. 3 replicate the effects of. Source: Compact Oxford English Dictionary of Current English

http://www.pogowasright.org/article.php?story=20080501171844580

(update) Analysis Reveals No Security Breach, No Personal Data Exposed At CU-Boulder

Thursday, May 01 2008 @ 05:18 PM EDT Contributed by: PrivacyNews News Section: Breaches

The University of Colorado at Boulder today announced that a forensic analysis of a computer suspected to have been compromised last week revealed no malicious software, and no exposure of student and staff private data.

"The analysis by our staff, working closely with the consulting firm of Applied Trust Engineering, revealed an interaction between two incompatible software programs that mimicked behavior consistent with malicious software," said Dan Jones director of IT Security at CU-Boulder.

Source - University of Colorado - Boulder

Related - Not hacked off, or into



The equivalent of asymmetric CyberWar?

http://www.securityfocus.com/news/11515?ref=rss

Radio Free Europe hit by DDoS attack

Dan Goodin, The Register 2008-05-01

Websites run by Radio Free Europe have been under a fierce cyber attack that coincided with coverage over the weekend of a rally organized by opposition to the Belarusian government.

The distributed denial of service (DDoS) attack initially targeted only the RFE's Belarus service, which starting on Saturday was inundated with as many as 50,000 fake pings every second, according the this RFE account. On Monday, it continued to be affected. At least seven other RFE sites for Kosovo, Azerbaijan, Tatar-Bashkir, Farda, South Slavic, Russia and Tajikistan, were also attacked but have mostly been brought back online.



Often level-headed recommendations, backed by actual thought!

http://www.pogowasright.org/article.php?story=2008050110324086

Ca: Appearance before the Standing Committee on Access to Information, Privacy and Ethics on Privacy Act Reform

Thursday, May 01 2008 @ 10:32 AM EDT Contributed by: PrivacyNews News Section: Non-U.S. News

Source - Office of the Privacy Commissioner of Canada



It's simple to redefine the world to achieve a single objective. Limiting that change to a single objective is where the problem lies... Watch me make this New York business subject to Colorado sales tax. Click here: http://www.carnegiedeli.com/

http://news.slashdot.org/article.pl?sid=08/05/02/0239248&from=rss

Amazon Fights Back Against NY Online Sales Tax

Posted by Soulskill on Friday May 02, @05:11AM from the fighting-the-good-enough-fight dept.

The New York Times is reporting on Amazon's lawsuit contesting the recently enacted New York state law which requires online retail outlets to collect sales tax on items sold to the state's residents. Amazon disagrees that it should be required to collect such tax without a physical presence in the state. We discussed the 'Amazon Tax' last month. Quoting:

"The new law is based on a novel definition of what constitutes a presence in the state: It includes any Web site based in the state that earns a referral fee for sending customers to an online retailer. Amazon has hundreds of thousands of affiliates--from big publishers to tiny blogs--that feature links to its products. It says thousands of those have given an address in New York State, although it does not verify the addresses. The state law says that if even one of those affiliates is in New York, Amazon must collect sales tax on everything sold in the state, even if it is not sold through the affiliate."



Strategy is as strategy does... (Get all you can before your RICO conviction shuts you down?)

http://yro.slashdot.org/article.pl?sid=08/05/02/0350227&from=rss

Massive Increase in RIAA Copyright Notices

Posted by Soulskill on Friday May 02, @08:18AM from the harnessing-the-power-of-spam dept.

According to Wired, universities in the US are experiencing a "20-fold increase" in the number of takedown notices from the RIAA in the last ten days. Indiana University reports 80 notices a day, but they say their traffic hasn't increased significantly over the same time period. It will be interesting to see if the affected schools join the legal battle against the RIAA, or cave under the increased pressure.

"University of California at Berkeley's chief information officer Shel Waggener confirmed he'd heard of the spikes and suggested there was a political purpose driving them. 'Public universities are in a unique position since the industry puts pressure on us through state legislatures to try to impose what are widely considered to be draconian content monitoring measures and turn us into tech police forces in support of a specific industry,' Waggener said. The RIAA is also backing legislation in states such as Illinois and Tennessee that would require schools that get a certain number of notices to begin installing deep packet monitoring equipment on their internet and intranets, according to Luker."



Another delusional world?

http://yro.slashdot.org/article.pl?sid=08/05/02/1259231&from=rss

SCO's McBride Testifies "Linux Is a copy of UNIX"

Posted by kdawson on Friday May 02, @09:39AM from the can-you-spell-perjury dept. Caldera The Courts Linux

eldavojohn writes

"Here's a short update on the Novell Vs. SCO case we've been following. Our good friend Darl McBride made some interesting comments in court yesterday. He stated (under oath): 'Many Linux contributors were originally UNIX developers... We have evidence System V is in Linux... When you go to the bookstore and look in the UNIX section, there's books on "How to Program UNIX" but when you go to the Linux section and look for "How to Program Linux" you're not gonna find it, because it doesn't exist. Linux is a copy of UNIX, there is no difference [between them]." This flies directly in the face of what SCO found in extensive investigations in 2002 and contradicts what SCO Senior Vice President Chris Sontag had just finished testifying earlier that day (testimony that McBride did not hear)."



Looks like we are trying to match the UK's “a camera in every pot” strategy...

http://www.pogowasright.org/article.php?story=20080502062810450

D.C. Forging Surveillance Network

Friday, May 02 2008 @ 06:28 AM EDT Contributed by: PrivacyNews News Section: Surveillance

The D.C. government is launching a system today that would tie together thousands of city-owned video cameras, but authorities don't yet have the money to complete the high-tech network or privacy rules in place to guide it.

The system will feature round-the-clock monitoring of the closed-circuit video systems run by nine city agencies. In the first phase, about 4,500 cameras trained on schools, public housing, traffic and government buildings will feed into a central office at the D.C. Homeland Security and Emergency Management Agency. Hundreds more will be added this year.

Source - Washington Post



“Gee, if we actually saved and looked at the logs, we might have to do something!”

http://www.pogowasright.org/article.php?story=2008050110280640

Audit: NJ lacks computer security for personal Medicaid data

Thursday, May 01 2008 @ 10:28 AM EDT Contributed by: PrivacyNews News Section: State/Local Govt.

New Jersey has not monitored access to key personal information in a computer system that tracks care for the poor, leaving no way to know if Social Security numbers and other information about doctors and patients have been misused, a recent state audit found.

The analysis determined that the state Department of Human Services lacks appropriate security policies and procedures for the computer system it uses to process claims for more than 1 million New Jersey Medicaid patients.

The department, according to the analysis, fails to properly monitor access to information such as Social Security and tax identification numbers, Drug Enforcement Agency numbers used to write drug prescriptions, and birth dates.

Source - Newsday



Note: This does not address TSA doing similar “searches” domestically...

http://www.pogowasright.org/article.php?story=20080501135225848

Protecting Yourself From Suspicionless Searches While Traveling (updated)

Thursday, May 01 2008 @ 01:52 PM EDT Contributed by: PrivacyNews News Section: Surveillance

The Ninth Circuit's recent ruling (pdf) in United States v. Arnold allows border patrol agents to search your laptop or other digital device without limitation when you are entering the country. EFF and many civil liberties, travelers’ rights, immigration advocacy and professional organizations are concerned that unfettered laptop searches endanger trade secrets, attorney-client communications, and other private information. These groups have signed a letter asking Congress to hold hearings to find out what protocol, if any, Customs and Border Protection (CBP) follows in searching digital devices and copying, storing and using travelers’ data. The letter also asks Congress to pass legislation protecting travelers’ laptops and smart phones from unlimited government scrutiny.

In the meantime, how can international travelers protect themselves at the U.S. border, short of leaving their laptops and iPhones at home?

Source - EFF

Related - The Register: Your personal data just got permanently cached at the US border



For my Computer Security students

http://www.infoworld.com/article/08/05/01/7-dirty-secrets-of-the-security-industry_1.html?source=rss&url=http://www.infoworld.com/article/08/05/01/7-dirty-secrets-of-the-security-industry_1.html

7 dirty secrets of the security industry

At the Interop conference, Joshua Corman, principal security strategist for IBM/ISS, discussed the misconceptions and half-truths surrounding the security industry

By Tim Greene, Network World May 01, 2008

... "The goal of the security vendor is not to secure, it's to make money," Corman says.

He says that is his "zeroth" dirty secret of the security industry. These are the other seven:

1. Antivirus certifications are misleading.

2. There is no perimeter.

3. Risk analysis threatens vendors.

4. There is more to risk than just weak software.

5. Compliance threatens security.

6. Vendor blind spots allowed the Storm worm outbreak to happen.

7. Security has grown well past do-it-yourself.



Another perspective.

http://money.cnn.com/2008/05/01/news/international/usgas_price/?postversion=2008050109

U.S. gas: So cheap it hurts

Relatively low taxes have kept pump prices far below most other developed nations, which some say is precisely why the current runup is so painful.

By Steve Hargreaves, CNNMoney.com staff writer Last Updated: May 1, 2008: 12:18 PM EDT

Most expensive places to buy gas

Rank Country Price/gal

1. Sierra Leone $18.42

2. Aruba $12.03

3. Bosnia-Herzegovina $10.86

4. Eritrea $9.58

5. Norway $8.73

6. United Kingdom $8.38

7. Netherlands $8.37

8. Monaco $8.31

9. Iceland $8.28

10. Belgium $8.22

111. United States $3.45



This is curious. I'll have to give some thought to new venture capital opportunities...

http://hbswk.hbs.edu/item/5928.html

What is the Future of State Capitalism?

Published: May 2, 2008 Author: Jim Heskett Forum open for comment until May 29

Executive Summary:

Whatever happened to the fears not long ago that global corporations with allegiance to no government would challenge the world economic order? These days, state-owned corporations now dwarf even the largest privately-owned global organizations, says HBS professor Jim Heskett. What is impact on competition? What do you think?



If you haven't downloaded and installed the new Ubuntu (8.04) I recommend that you do. Having a dual-boot option lets me play more often with Linux. This is for those of you who tried it.

http://www.killerstartups.com/Web-App-Tools/Medibuntuorg---Free-Ubuntu-Software/

Medibuntu.org - Free Ubuntu Software

Medibuntu, which stands for “Multimedia, Entertainment & Distractions In Ubuntu,” is a packaging product that distributes software that can’t be included in the regular Ubuntu package. Ubuntu is an open source operating system built around Linux, and is generally designed to be something that can be distributed in any country. Because freedom of speech, patent, copyright, license, or other laws vary in different countries, these laws can often preclude the inclusion of a certain software in the Ubuntu package. Medibuntu.com provides packages of software that was not included in Ubuntu for these types of reasons, and distributes them with professional quality packaging that integrates easily with Ubuntu.

http://www.medibuntu.org/

Thursday, May 01, 2008

It seems to have been a bad week for the citizens of Maryland (or perhaps these reports are a new source of breach disclosure...) ...and I left a bunch out.


This could mean they were hacked, or that they left a terminal logged on in a public space...

http://www.npr.org/templates/story/story.php?storyId=90060908

Gerdau Ameristeel discovers files accessed

Wednesday, April 30 2008 @ 05:31 PM EDT Contributed by: PrivacyNews News Section: Breaches

On April 11, Gerdau Ameristeel notified the Maryland AG's office that during a security check, it had discovered that some files had been accessed without authorization by a third party. Those files contained names, addresses, and Social Security numbers on some employees and their family members.

The notification letter did not indicate the total number of individuals affected, nor indicate whether the unauthorized access was related to any outside intruder or employee conduct.


This is the shortest notification letter (e-mail actually) I've seen. They do point the AG to the letter they plan to send to the victims....

http://www.pogowasright.org/article.php?story=20080430173852778

Columbia Capital laptop stolen during break-in had personal information

Wednesday, April 30 2008 @ 05:38 PM EDT Contributed by: PrivacyNews News Section: Breaches

On April 18, Prokauer Rose, LLP notified [pdf] the Maryland AG that during a break-in at Columbia Capital, LLC property on April 11, a laptop containing a backup of Columbia Capital's limited partners database was stolen.

Information stored on the password-protected laptop included names, addresses, Social Security numbers, banking information, and information on accounts with Columbia Capital.

The total number of individuals affected was not disclosed.


“We don't need no stinking encryption!” (Apparently that is a clause in most outsourcing contracts...) Also note, this is another “third party” with a large number of clients impacted by the theft of the laptop.

http://www.pogowasright.org/article.php?story=20080430174604475

Sterling Commerce employee data on stolen USinternetworking laptop

Wednesday, April 30 2008 @ 05:46 PM EDT Contributed by: PrivacyNews News Section: Breaches

Sterling Commerce, an AT&T company, notified the Maryland AG on April 17 that its employee data was also on the laptop stolen from an employee of business partner USinternetworking, making them the fifth organization to report being affected.

According to the letter by Michael A. Meyer, Senior Vice-President, the stolen laptop contained unencrypted data on "several thousand" Sterling Commerce (America) employees and their dependents, including name, address, date of birth, Social Security number, and premiums and coverage.


How did they keep these breaches under the radar? Perhaps a single point of notice (and a law that covers the entire country) would make this easier for us bloggers?

http://www.pogowasright.org/article.php?story=20080430183346896

Even MORE breaches we never learned about...

Wednesday, April 30 2008 @ 06:33 PM EDT Contributed by: PrivacyNews News Section: Breaches

Let's try batch mode 'em for a while....

  • On January 18, SavaSeniorCare Administrative Services, LLC reported the firm that handles their 401K plans for employees, Windham Brannon, P.C., was burgled on December 31, and computers containing unencrypted personal information on employees and former employees who were residents of Maryland were stolen. The computer was recovered on January 7, and forensic investigation determined that the computer was reformatted within a few hours of the theft, making it impossible to determine whether files had been accessed. Several files reportedly were not overwritten, however, and those did not appear to have been accessed after the theft. [When you reformat a disk, the entire disk is overwritten. Probably an ignorant PR guy (or reporter) but this could be interpreted as “a big lie” Bob]

  • Also on January 18, Mariner Health Care reported that 2,199 of its employees and former employees also had data on the computer stolen from Windham Brannon, P.C.

  • GE Aviation Systems reported that a laptop stolen from an employee's car on December 21, 2007 contained personal information, including SSN, on an unspecified number of employees.

  • Invitrogen learned in December 2007 that a laptop containing current and former employees' names, addresses, and Social Security numbers was stolen from an employee's home. At the time of the theft, the password-protected laptop was secured in a large locked safe; the thieves stole the safe. [Where there's a will there's a way! Bob] Over 1,000 Maryland residents had data on the laptop; total number affected was not disclosed.

  • Non-profit SYDA Foundation reports that the Siddha Yoga web site, operated for SYDA by Merchandizer Software, was hacked on Jan. 4th and customer details acquired. Neither SYDA nor MerchaniZer discovered the problem themselves. SYDA received an email [“from a person” Bob] notifying them of the hack and containing detailed proof of same: names, addresses, credit card numbers, expiration dates, security codes, and passwords for accounts.

  • Bob Davidson Ford Lincoln Mercury, Inc. reports that it sent its payroll processor, ADP, a tape with employee financial info to prepare W-2's. The tape was sent via UPS, but when the package arrived, it was torn and empty.

  • 3M Company reports that an employee's laptop was stolen from his parked car. The laptop contained unencrypted personal info on 1500 individuals, including Social Security numbers.

  • Administrative Systems, Inc. also notified Maryland about the theft of a computer from its office in December. A list of affected clients is appendixed to their notification. Maryland's web site indicates that over 14,000 Maryland residents were affected by the incident. A number of companies were affected by this theft.

  • Walnut Street Securities reports that an employee of Pershing, LLC, which provides account services at WSS branches, misdirected a report containing client account information. The report was erroneously sent to a manager of another WSS branch.

  • The Central Licensing Bureau in Arkansas also had an "oops!" moment. It sent a report containing personal information on 41 individual agents to 27 agencies. Each agency should have received reports on only its own agents.



There was plenty of time to copy the entire hard drive, but I think this is a case where it was improbable any data was stolen. Nice to know they are choosing to err on the side of caution.

http://www.pogowasright.org/article.php?story=20080430175317446

Education Management Corporation laptop with personal employee info stolen; recovered within hours (updated)

Wednesday, April 30 2008 @ 05:53 PM EDT Contributed by: PrivacyNews News Section: Breaches

On March 3, the Education Management Corporation reports [pdf] that 764 current and former employees had personal information -- including Social Security numbers -- on an employee's password-protected laptop that was stolen from the Art Institute of Philadelphia on February 7.

The thief was apprehended 2 1/2 hours later, with the laptop still in his possession.

That wasn't EMC's only security incident, however. According to a second notification letter dated March 13, EMC inadvertently sent the personal information, including SSN, of a dozen Art Institute of Washington students and volunteers to others due to an email blunder.



How is it that no one notices?

http://www.pogowasright.org/article.php?story=20080430131231227

Los Gatos police investigating ID theft from ATM machine

Wednesday, April 30 2008 @ 01:12 PM EDT Contributed by: PrivacyNews News Section: Breaches

Police in Los Gatos say about two dozen people have been victimized in a new spin on ATM thefts.

Investigators say at least 25 people have had their debit card and personal identification numbers stolen while shopping at Lunardi's Supermarket.

Source - InsideBayArea.com

[From the article:

A police spokesman says thieves were able to get the debit card and PIN numbers by switching out an ATM card reader at the store.



Now certain we've seen this one before...

http://www.silive.com/news/advance/index.ssf?/base/news/1209644107324690.xml&coll=1

88,000 patients at risk after computer theft

Desktop and backup hard drive were stolen 4 months ago from SIUH office in Rosebank

Thursday, May 01, 2008 By GLENN NYBACK STATEN ISLAND ADVANCE

STATEN ISLAND, N.Y. -- Computer equipment stolen from an administrative office in Rosebank in December contained personal information about 88,000 patients who have been treated at Staten Island University Hospital.

After four months with no arrests, hospital administrators are just now beginning the process of sending letters to patients whose names, Social Security and health insurance numbers were contained in computer files on a desktop computer and a backup hard drive stolen Dec. 29 from one of the hospital's finance offices at 1 Edgewater Plaza.



SunGard continues to grow... Possibly every college in America?

http://www.pogowasright.org/article.php?story=20080501064351618

Laptop containing VT personal information stolen (Sungard update)

Thursday, May 01 2008 @ 06:43 AM EDT Contributed by: PrivacyNews News Section: Breaches

New identity theft fears for an unknown number of Virginia Tech students, faculty, and staff.

The school says a laptop computer that belongs to an outside company, has been stolen. Virginia Tech Director of News & Information Mark Owczarski tells us that laptop contains personal information belonging to people who were at Virginia Tech in 2000. Owczarski said he did not know whether the affected people were employees or students. [Suggesting that SunGard couldn't tell them? Bob]

The laptop belongs to a company called SunGard Higher Education. According to a SunGard news release, the company says the laptop was stolen from an employee on March 13, 2008.

Source - WSLS



Will Interpol have to eat these words?

http://www.infoworld.com/article/08/04/30/Interpol-Olympics-cyberattack-not-major-threat_1.html?source=rss&url=http://www.infoworld.com/article/08/04/30/Interpol-Olympics-cyberattack-not-major-threat_1.html

Interpol: Olympics cyberattack not a major threat

Executive Director for Police Services at global police organization downplays threat of cyberattack at Beijing games, concentrates on protecting physical security of visitors

By Robert McMillan, IDG News Service April 30, 2008



Should we buy laptops from China? Are those counterfeit Cisco servers more that mere knockoffs?

http://it.slashdot.org/article.pl?sid=08/05/01/1233244&from=rss

DARPA Sponsors a Hunt For Malware In Microchips

Posted by timothy on Thursday May 01, @09:23AM from the double-barreled-microscope-loaded-for-vermin dept.

Phurge links to an IEEE Spectrum story on an interesting DARPA project with some scary implications about just what it is we don't know about what chips are doing under the surface. It's a difficult problem to find invasive or otherwise malicious capabilities built into a CPU; this project's goal is to see whether vendors can find such hardware-level spyware in chips like those used in military hardware. Phurge excerpts:

"Recognizing this enormous vulnerability, the DOD recently launched its most ambitious program yet to verify the integrity of the electronics that will underpin future additions to its arsenal. ... In January, the Trust program started its prequalifying rounds by sending to three contractors four identical versions of a chip that contained unspecified malicious circuitry. The teams have until the end of this month to ferret out as many of the devious insertions as they can."



Hee, hee, hee..

http://yro.slashdot.org/article.pl?sid=08/04/30/1348203&from=rss

Wikipedia Blocks Suspicious Edits From DoJ

Posted by CmdrTaco on Wednesday April 30, @10:00AM from the watching-the-watchers dept. Censorship United States

kylehase writes

"The release of Wikiscanner last year brought much attention to white-washing of controversial pages on the community-generated encyclopedia. Apparently Wikipedia is very serious in fighting such behavior as they've temporarily blocked the US Department of Justice from editing pages for suspicious edits."



My kind of Justice: “Now that we got 'em down, let's kick 'em!” TJX has demonstrated that they are virtually immune from lawsuits, what's left?

http://www.pogowasright.org/article.php?story=20080430074013189

EPIC Urges Commission to Impose Civil Penalties in Data Breach Settlements

Wednesday, April 30 2008 @ 07:40 AM EDT Contributed by: PrivacyNews News Section: Breaches

Today, EPIC filed comments with the Federal Trade Commission urging the FTC to include civil penalties in settlements with TJX, Reed Elsevier, and Seisint. The FTC recently concluded investigations of the companies' weak security policies, and reached preliminary settlements that would impose security and audit responsibilities, but no financial penalties.

Source - EPIC Comments [pdf]



“We have the technology, why not use it?”

http://www.pogowasright.org/article.php?story=2008043016262012

Wiretaps Up by 20 Percent in 2007

Wednesday, April 30 2008 @ 04:26 PM EDT Contributed by: PrivacyNews News Section: Surveillance

According to the 2007 Wiretap report, federal and state courts issued 2,208 orders for the interception of wire, oral or electronic communications in 2007, compared to 1,839 in 2006. (Press release.) As in 2006, no applications for wiretap authorizations were denied by either state or federal courts. The total number of authorized wiretaps has grown in each of the five past calendar years, beginning in 2003. The 2007 Wiretap Report does not include interceptions regulated by the Foreign Intelligence Surveillance Act of 1978 or interceptions initiated by the President outside the exclusive authority of the federal wiretap law and the FISA. See EPIC Wiretapping page.

Source - EPIC.org

[From the report:

In 2007, no instances were reported of encryption encountered during any federal or state wiretap.



http://www.pogowasright.org/article.php?story=20080501063630298

Changing privacy expectations? (commentary)

Thursday, May 01 2008 @ 06:36 AM EDT Contributed by: PrivacyNews News Section: Other Privacy News

As Miriam Simun from our Digital Natives team is off this morning to present our research findings on digital natives and their attitudes towards privacy at the Harvard CRCS Privacy and Security seminar series, news comes from Italy that the Agenzia delle Entrate – the department of revenue - has made available online for all to see citizens’ annual incomes, searchable by anyone with an Internet connection. After a few hours the site was up it got clogged with requests, while protests started to come in for the breach of tax payers’ privacy. The Garante della Privacy intervened later in the day to stop the data from being released online.

What’s interesting about this story is that one might expect general outrage at the revenue department’s initiative to make such highly personal data public. But a quick look at two online opinion polls published by two of the major national newspapers shows that the outrage is not as widespread as it might be believed.

Source - Corinna di Genarro blog

[From the article:

At the time of writing this, sixty four percent of the readers who replied to the poll answered that they saw nothing wrong with the initiative – while 34 percent of respondents replied that making data available online was too much (La Repubblica). A poll by another newspaper, il Corriere della Sera – shows slightly different results, with 52 percent of respondents agreeing with the initiative to make the data available online.



I'm sure this will spread to the Great Lakes, St. Lawrence Seaway, and Cherry Creek Reservoir...

http://www.npr.org/templates/story/story.php?storyId=90060908

Citizenship Checks on Wash. Ferries Stir Controversy

by Martin Kaste Listen Now [4 min 59 sec]

Morning Edition, April 30, 2008 · The U.S. Border Patrol has started regularly checking the citizenship of passengers on certain ferries inside Washington state. Such nationality checks are common in the Southwest, but along the Canadian border, they're still relatively new — and to many people, the checkpoints have come as a shock.

A ferry from Friday Harbor on San Juan Island to Anacortes, a town on the coast, follows a domestic route — it never leaves U.S. waters. Yet, when it arrives in Anacortes, there's a chance that passengers will be greeted by the Border Patrol.

... Washington state's San Juans are a cluster of picture-postcard islands known for small farms, bed-and-breakfasts and whale-watching. They also happen to be close enough to Canada that an illegal immigrant or a smuggler might kayak across and then take a domestic ferry to the U.S. mainland.

... It certainly bugs some people. William Ginsig, who lives on Orcas Island, encountered the checkpoint for the first time a couple of weeks ago.

"When we got there, there was this big guy, came over to the car. I rolled down the window, and he says, 'Oh, you're American, go ahead.' The hysterical part about all this is, my wife is a French citizen," Ginsig says.

... Upset islanders even called Seattle immigration lawyer Matt Adams, director of the Northwest Immigrant Rights Project, to give them a mini legal seminar.

"They can ask you where you're from; they can ask you to show your papers or to show your driver's license or to show your birth certificate — but you don't have to provide that information," Adams says. [So what good does it do them to ask? Bob]

Because these checkpoints are not on the border, people have a greater right to privacy, Adams says.

... "It's a visceral thing," says Howie Rosenfeld, chairman of the county council. "It just seems like we're not the free and brave country that we were. We seem to be sinking into some sort of a fear-based society."



Are we too paranoid for our own good? My guess is they thought she had Leprosy or some other biblical disease and therefore was a tool of the devil.

http://www.phiprivacy.net/?p=330

Apr-30-2008

Fight or flight; Woman ordered to open medical files in order to fly home

Jordan Press writes in The Kingston Whig-Standard:

A Kingston woman who had to hand over personal medical records to get on an Air Canada flight home was expected to finally arrive some time last night.

Patricia Whiteside-Bell stood in line ready to head through the metal detectors at the airport in Fort McMurray, Alta., Saturday night, when she felt she was about to collapse.

Whiteside-Bell has narcolepsy, a condition that causes people to seem like they have suddenly fallen asleep. In her case, the condition causes her to collapse.

She went to the emergency room that night, but when she tried to board a flight the next day, she was denied passage. The airline required her to present the report from her trip to the emergency room. She was told neither a note from the emergency room doctor who saw her after her episode nor a note from her physician in Kingston was sufficient.

Full story - The Kingston Whig-Standard



Because the UK does not have enough cameras...

http://www.timesonline.co.uk/tol/news/uk/article3846958.ece

April 30, 2008

Lollicams - the latest weapon in the battle against bad drivers

A lollipop lady

Nico Hines

Lollipop ladies have been handed a new weapon to tackle abusive or speeding drivers outside schools.

Patrolmen and women are to be given high-tech lollipops with video cameras capable of recording the bad behaviour of the drivers they encounter.

[Okay, I didn't know what they were talking about either. (Wish they'd speak English!) Lollipop are those Stop signs crossing guards use at intersections near schools... There's a picture in the article. Bob]



Perhaps one day software will replace lawyers...

http://www.killerstartups.com/Web-App-Tools/Vlotechcom---Virtual-Law-Office-Solution/

Vlotech.com - Virtual Law Office Solution

State bar associations across the country have published articles about the need for attorneys to offer unbundled legal services in order to offer more affordable and accessible legal services to the public. For those not familiar with the term, unbundled legal services refer to providing legal documents or advice to clients but leaving the filling and execution of the document to the client. Virtual Law Office is a portal that allows attorneys to provide these services and thereby increase their online business while at the same time offering a more affordable legal experience to clients. The software can be used as a stand alone platform for all law office needs or it can be easily integrated with existing infrastructure.

http://www.vlotech.com/



“We were right about Global Warming, but we're going to have Global Cooling for a while first. Give us more research money so we can explain it better.”

http://www.telegraph.co.uk/earth/main.jhtml?xml=/earth/2008/04/30/eaclimate130.xml

Global warming may 'stop', scientists predict

By Charles Clover, Environment Editor Last Updated: 6:01pm BST 30/04/2008

Global warming will stop until at least 2015 because of natural variations in the climate, scientists have said.

Wednesday, April 30, 2008

Anyone think there would be a case if it was your medical records or mine? Only famous people have a right to privacy!

http://www.phiprivacy.net/?p=329

Apr-29-2008

L.A. woman accused of stealing stars’ medical info

Dan Whitcomb reports:

A former hospital worker implicated in the theft of medical records for “Charlie’s Angels” star Farrah Fawcett, Gov. Arnold Schwarzenegger’s wife and some 60 other celebrities and selling them to the media has been indicted on federal charges.

Lawanda Jackson, a former low-level administrative specialist at UCLA Medical Center in Los Angeles, was charged in an indictment unsealed on Tuesday with illegally obtaining medical information for sale. [Shouldn't the tabloid be charged too? Bob]

The indictment does not name the celebrities who Jackson, 49, is accused of snooping on, but the Los Angeles Times has linked her to a scandal over the burgled records of Schwarzenegger’s wife, Maria Shriver, and Fawcett.

Jackson told the paper in an interview for its April 9 edition that she pried into the records because she was “just being nosy” and hadn’t “leaked” the private information to anyone else.

But the indictment, which was handed down by a U.S. District Court grand jury that same day, accuses her of accepting $4,600 from an unnamed “national media outlet” in exchange for the information.

The indictment alleges that the media outlet disguised the payments by writing checks to her husband.

Source - The US Daily



Another 'payback' for Identity Theft...

http://www.phiprivacy.net/?p=328

Apr-29-2008

Identity theft drug scheme spanned 11 states

In an update to a previous story, Scott Daughterty of The Capital reports:

The Garrett County woman didn’t have back pain.

She didn’t visit hospitals in 11 states to get prescription pain killers to help her cope.

Still, federal prosecutors said, the hospitals kept sending her bills demanding payment for those medications and services. One hospital in Washington County even went so far as to seek an arrest warrant for the woman when she refused to pay.

In a new twist on the now-commonplace crime of identity theft, an Edgewater woman used the Garrett County woman’s driver’s license to fraudulently obtain OxyContin, Oxycodone and Percocet from 85 hospitals in late 2006 and early 2007.

Belinda Marie Glock, 33, pleaded guilty April 11 in U.S. District Court in Baltimore to aggravated identity theft and fraud. She was sentenced yesterday to three years and one day in federal prison. She faced up to life in prison.

Full story - The Capital



http://www.usatoday.com/tech/news/computersecurity/2008-04-29-spam-sentencing_N.htm

Man gets prison after for sending spam e-mails

Posted 16h 39m ago |

DENVER (AP) — A Colorado man accused of sending hundreds of thousands of spam e-mails has been sentenced to 21 months in prison after pleading guilty to tax evasion and falsifying e-mail headers.

Thirty-five-year-old Edward "Eddie" Davidson of Louisville was also ordered to pay nearly $715,000 to the Internal Revenue Service. He was sentenced Monday and ordered to report to prison authorities in May.

Federal prosecutors say Davidson's operation used false e-mail headers to disguise the sender. Prosecutors say some of the spam was meant to dupe stock investors and manipulate markets.

Authorities say Davidson made at least $3.5 million sending e-mails for nearly 20 companies. [He gets to keep $2.78 million after paying the IRS? Now I see why they do it. Bob]



Security is as Security does... May be much ado about nothing...

http://techdirt.com/articles/20080429/095514977.shtml

Microsoft Gives Vista Backdoor Keys To The Police

from the meaning-the-crooks-have-it-too dept

It's long been assumed that Microsoft has built in various "backdoors" for law enforcement to get around its own security, but now reader Kevin Stapp writes in to let us know that the company has also been literally handing out the keys to law enforcement. Apparently, they're giving out special USB keys that simply get around Microsoft's security, allowing the holder of the key to very quickly get forensic information (including internet surfing history), passwords and supposedly encrypted data off of a laptop. While you can understand why police like this, the very fact that the backdoor is there and that a bunch of these USB keys are out there pretty much guarantees that those with nefarious intent also have such keys. The second you build in such backdoors, no matter how noble the reason, you can rest assured that they will be used by criminals as well. No matter what, for those of you who didn't already know it, now you have more evidence as to why trusting Microsoft's "security" isn't such a good idea. Update: Some folks in the comments, and Ed Bott, claim that this post is a misreading of the original story. The USB key includes a bunch of standard tools, not access to a "backdoor." The confusion, on my part, was due to the original article claiming that the device "can decrypt passwords and analyze a computer's Internet activity, as well as data stored in the computer." In saying so, it appeared that the device must have access to a backdoor to decrypt the password -- but an update claims that it's merely "password security auditing technologies."

[From the second article:

...a Microsoft spokeswoman said COFEE is a compilation of publicly available forensics tools, such as "password security auditing technologies" used to access information "on a live Windows system."

... Further, she reiterated that the tool is intended for use "by law enforcement only with proper legal authority."



“We were pretty sure that “name” was sufficient to identify anyone – after all, when Mom called I knew just who she meant. But some guy named John Smith objected after being denied online booking rights because his name was similar to the known (and evil) terrorist Jayne Smyth. How silly!”

http://www.bespacific.com/mt/archives/018213.html

April 29, 2008

DHS Announces New Aviation Security and Traveler Screening Enhancements

News release: "The U.S. Department of Homeland Security (DHS) announced today improvements aimed at strengthening aviation security while decreasing the hassle factor for travelers. Among the key improvements, DHS is providing airlines more flexibility to allow passengers to check in remotely who have been unable to do so because they have a name similar to [not the same as... Bob] someone on a watch list. The department also unveiled the Checkpoint Evolution prototype, which begins full operation at Baltimore-Washington International Airport (BWI) today. Each airline will now be able to create a system to verify and securely store a passenger’s date of birth to clear up watch list misidentifications. By voluntarily providing this limited biographical data to an airline and verifying that information once at the ticket counter, travelers that were previously inconvenienced on every trip will now be able to check-in online or at remote kiosks."

[The article mentioned some new technology to be used at Baltimore/Washington airport. Apparently DC Politicians don't like getting on planes with second-class citizens (you and me) who haven't had a vigorous cavity search. Bob]



No need to worry about this until November...

http://it.slashdot.org/article.pl?sid=08/04/29/1712215&from=rss

Hard Evidence of Voting Machine Addition Errors

Posted by kdawson on Tuesday April 29, @01:56PM from the got-some-splainin'-to-do dept. Security Politics

goombah99 writes

"Princeton Professor, Ed Felton, has posted a series of blog entries in which he shows the printed tapes he obtained from the NJ voting machines don't report the ballots correctly. In response to the first one, Sequoia admitted that the machines had a known software design error that did not correctly record which kind of ballots were cast (republican or democratic primary ballots) but insisted the vote totals were correct. Then, further tapes showed this explanation to be insufficient. In response, State officials insisted that the (poorly printed) tapes were misread by Felton. Again further tapes showed this not to be a sufficient explanation. However all those did not foreclose the optimistic assessment that the errors were benign — that is, the possibility that vote totals might really be correct even though the ballot totals were wrong and the origin of the errors had not been explained. Now he has found (well-printed) tapes that show what appears to be hard proof that it's the vote totals that are wrong, since two different readout methods don't agree. Sequoia has made trade-secret legal threats against those wishing to mount an independent examination of the equipment. One small hat-tip to Sequoia: at least they are reporting enough raw data in different formats that these kinds of errors can come to light — that lesson should be kept in mind when writing future requirements for voting machines."


How to deal with election irregularities? (There is a video of this talk...)

http://blog.wired.com/27bstroke6/2008/04/florida-electio.html

After Records Reveal E-Voting Glitches, Election Official Jokes She'll Stop Keeping Records

By Kim Zetter April 29, 2008 12:06:00 PM

[I'm not sure she's joking... Bob]



I'd wager they will try this again (and again, and again)

http://news.slashdot.org/article.pl?sid=08/04/29/1840250&from=rss

Arizona Judge Shoots Down RIAA Theories

Posted by kdawson on Tuesday April 29, @05:33PM from the schmaking-available dept. The Courts

NewYorkCountryLawyer writes

"In Atlantic v. Howell, the judge has totally eviscerated the RIAA's theories of 'making available' and 'offering to distribute.' In a 17-page opinion (PDF), District Judge Neil V. Wake carefully analyzed the statute and caselaw, and based on a 'plain reading of the statute' concluded that 'Unless a copy of the work changes hands in one of the designated ways, a "distribution" under [sec.] 106(3) has not taken place.' The judge also questioned the sufficiency of the RIAA's evidence pointing towards defendant, as opposed to other members of his household. This is the Phoenix, Arizona, case in which the defendant is representing himself, but received some timely help from his friends. And it's the same case in which the RIAA suggested that Mr. Howell's MP3s, copied from his CDs, were unlawful. One commentator calls today's decision 'Another bad day for the RIAA.'"



For my web site students (who always ask if they can point & click)

http://news.slashdot.org/article.pl?sid=08/04/30/009245&from=rss

NYTimes.com Hand-Codes HTML & CSS

Posted by kdawson on Tuesday April 29, @10:43PM from the all-the-finest-sites dept. The Media The Internet

eldavojohn writes

"The design director of NYTimes.com, Khoi Vinh, recently answered readers' questions in the Times's occasional feature 'Ask the Times.' He was asked how the Web site looks so consistently nice and polished no matter which browser or resolution is used to access it. His answer begins: 'It's our preference to use a text editor, like HomeSite, TextPad or TextMate, to "hand code" everything, rather than to use a wysiwyg (what you see is what you get) HTML and CSS authoring program, like Dreamweaver. We just find it yields better and faster results.'"

Tuesday, April 29, 2008

At first glance, I wondered why they even reported the loss of encrypted data. This is small potatoes, but an interesting twist on obfuscation...

http://www.pogowasright.org/article.php?story=20080428184852570

Concord Regional Visiting Nurse Association reports laptop stolen

Monday, April 28 2008 @ 06:48 PM EDT Contributed by: PrivacyNews News Section: Breaches

The Concord Regional Visiting Nurse Association reported [pdf] to the New Hampshire Department of Justice that a laptop was stolen from a staff member’s vehicle on April 16. The laptop contained birth date and social security numbers for 15 clients.

CRVNA believes that the risk of ID theft is low because of the three layers of security protection used, including encryption.

[The report actually states that the third password was stored in encrypted form – the file itself was unencrypted. Therefore there was no real protection for the data. Bob]



Sub-optimal security from a sub-prime mortgage company? Who'd-a thunk it?

http://www.pogowasright.org/article.php?story=20080428174713905

CO: Hundreds Of Mortgage Files Found In Dumpster

Monday, April 28 2008 @ 05:47 PM EDT Contributed by: PrivacyNews News Section: Breaches

The Arapahoe County District Attorney's Office is advising anyone who has used Cove Creek Mortgage to watch out for identity theft after hundreds of mortgage files were dumped in a public trash bin over the weekend.

Cove Creek's owner had abandoned his Englewood office in January and property managers had not been able to find him, investigators said. On Saturday, the property manager cleaned out his office and put all items from the office -- including complete mortgage files -- into two Dumpsters.

Source - The Denver Channel

[From the article:

David Peters who works in the same complex found the files Monday morning.

"I was taking some other trash out to the garbage can and opened the lid and on there was a couple of laptops," said Peters. "Directly underneath them were files with people's names on it and was like, well this is not right." [Like, well said, Dude! Bob]

... While there are civil laws against dumping such documentation, Chambers said it is not against the law. [Okay, I'm gonna need a lawyer to explain that statement. Bob]



Tools & Techniques

http://news10now.com/content/all_news/115046/police-investigate-multi-state-credit-card-scam/Default.aspx

Police investigate multi-state credit card scam

Updated: 04/28/2008 06:34 PM By: Iris St. Meran

HERKIMER, N.Y. -- Herkimer police have confiscated nearly 100 gift cards and debit cards as well as other items that were taken from Wal-Mart stores on April 8th.

"We were called to the Wal-Mart store regarding suspicious activity involving debit cards and or credit cards. The person was trying to swipe several different cards to obtain a gift cards," said Herkimer Police Investigator Robert Risi.

This resulted in the arrest of Alex Prime and Quincy Thompson both of Brooklyn, New York. Police say the credit and debit card information was taken from around the country and used in the Wal-Mart stores in Rome and Herkimer to buy mostly electronic products.

"During the course of our investigation we found that the back of the debit cards were altered with credit card information that was stolen. We don't know where from, they were stolen but that credit card information was placed on the back of the debit card magnet strip," said Risi.

In order to get a card holder's account information, a device called a skimmer is used. It's about the size of cell phone. A person can just swipe a credit card and have the personal information they need. [Can I get one on e-Bay? Bob]

"The information is then downloaded off the skimmer into a computer and they have the technology to take that information and put it on the magnetic strip of a gift card," said Herkimer Police Captain Scott Scherer.

Herkimer Police say this is the largest fraud investigation they have seen in the area and that Wal-Mart has reported nearly $900,000 lost in merchandise. [At these two stores? Bob] Wal-Mart declined comment during the investigation.

The FBI, Secret Service and U.S. Postal service as well as other police departments are assisting in this investigation.



Another risk of television? “Instead of pulse rate, we get re-runs of 'I Love Lucy'”

http://www.news.com/8301-10784_3-9930441-7.html?part=rss&subj=news&tag=2547-1_3-0-5

Hospital techies urge limits on 'white space' Wi-Fi

Posted by Anne Broache April 28, 2008 2:00 PM PDT

About a decade ago, wireless heart monitors hooked to patients at Baylor University Medical Center in Dallas went on the fritz, causing much scrambling among the building's engineering team.

The culprit, as it turned out, was interference from a nearby broadcast television station, which was testing its digital signal on the same channel where some of the medical devices operated, as detailed in the journal Biomedical Instrumentation & Technology a few years ago. The Federal Communications Commission ultimately cordoned off spectrum just for that purpose, although migrating there was largely voluntary.

Now, hospital administrators and medical device manufacturers fear similar problems could happen again if federal regulators don't place limits on requests by Google, Microsoft, and other high-tech companies to free up spectrum "white spaces" between television channels.



What happens when you just don't trust your government... No doubt encryption vendors will now claim their products offer a green alternative to flying...

http://yro.slashdot.org/article.pl?sid=08/04/29/003253&from=rss

Lawyers Would Rather Fly Than Download PGP

Posted by kdawson on Monday April 28, @08:19PM from the fly-once-to-exchange-keys dept. Privacy Encryption The Courts Politics

An anonymous reader writes

"The NYTimes is running a front-page story about lawyers for suspects in terrorism-related cases fearing government monitoring of privileged conversations. But instead of talking about the technological solutions, the lawyers fly halfway across the world to meet with their clients. In fact, nowhere in the article is encryption even mentioned. Is it possible that lawyers don't even know about PGP?"

The New Yorker has a detailed piece centering on the Oregon terrorism case discussed by the Times.



Interesting comments on this “military justice blog” and a good set of links...

http://www.pogowasright.org/article.php?story=20080428092427548

Government computers and expectation of privacy

Monday, April 28 2008 @ 09:24 AM EDT Contributed by: PrivacyNews News Section: In the Courts

In the first part of its opinion in United States v. Larson, __ M.J. ___, No. 07-0263/AF (C.A.A.F. Apr. 25, 2008), CAAF rather easily rules that an Air Force major had no expectation of privacy in his government computer, which he used to set up a rendez-vous with a civilian police detective who was posing on the computer as a 14-year-old girl and on which pornographic images were stored. The computer was located in a private office assigned to Major Larson and the office was capable of being locked. "[B]ut other Air Force personnel, including the fire department and the command's facility manager also had keys to his office." Id., slip op. at 5. The computer itself was government property that had been provided to Major Larson "to accomplish official business." Id. Major Larson "could secure the computer with a personal password, but a system administrator could still access the computer." Id. [There is a trend to have employees purchase and use their own computers. This could be interesting... Bob] When Major Larson "logged on to the computer, he was required to click a button accepting conditions listed in a banner, which stated that the computer was Department of Defense property, was for official use, and that he consented to monitoring." Id., slip op. at 5-6. "The military judge found that, while Appellant 'reasonably understood that he was allowed to send personal e-mail or visit the internet as long as it didn't interfere with [his] duties,' this did not change the fact that the government owned the computer and had a right to access it." Id., slip op. at 6.

Source - CAAFlog

[From the article:

The actual practices of the network administrator may either support or refute a reasonable expectation of privacy. See Larson, slip op. at 10. [This is scary. Your prosecution or defense could rest on the understanding of entry level employee... Bob]



How could I resist an article with this title?

http://www.technewsworld.com/rsstory/62779.html?welcome=1209472608

The Art of Cyber Warfare, Part 1: The Digital Battlefield

By Jack M. Germain TechNewsWorld 04/29/08 4:00 AM PT

Computer network attacks are often perpetrated by gangs of criminal hackers attempting to break into a system for financial gain. However, cyber attacks for political purposes could just as easily be -- and sometimes are -- perpetrated. A country's national security could be severely threatened should a team of hackers successfully crack certain computer systems.

... FBI reports from last year show that 108 countries have dedicated cyber attack capabilities, he added. Kellerman also serves on the Commission on Cyber Security for the 44th Presidency and is a former senior data risk management specialist for the World Bank Treasury Security Team.

... Beginning April 27, 2007, about 1 million computers worldwide were reportedly used to conduct denial-of-service attacks on Estonian government and corporate Web sites. Over a three-week period, the attacks swamped Estonia's computer network with so much traffic that the government there was forced to shut them down. [Imagine a similar outcome with the attack limited to Wall Street... Bob]


Related?

http://www.bespacific.com/mt/archives/018206.html

April 28, 2008

Law Enforcement Strategy to Combat International Organized Crime

News release: "Attorney General Michael B. Mukasey announced a new strategy in the fight against international organized crime that will address this growing threat to U.S. security and stability. The Law Enforcement Strategy to Combat International Organized Crime (the strategy) was developed following an October 2007 International Organized Crime Threat Assessment (IOC Threat Assessment) and will address the demand for a strategic, targeted and concerted U.S. response to combat the identified threats. This strategy builds on the broad foundation the Administration has developed in recent years to enhance information sharing, and to secure U.S. borders and financial systems from a variety of transnational threats."



I thought SCO was dead months age.

http://yro.slashdot.org/article.pl?sid=08/04/29/1141231&from=rss

SCO v. Novell Goes to Trial Today In Utah

Posted by timothy on Tuesday April 29, @08:41AM from the smell-of-napalm-in-the-morning dept.

I Don't Believe in Imaginary Property writes "The day many have been waiting for has finally arrived, the day SCO gets torn apart in court by Novell. Each side gets 10 hours, and Novell managed to get them to agree to a stipulation (PDF) that should make things go a lot faster. With any luck, we will soon have an official ruling that SCO does not own much of anything and then we just have to wait for SCO to exhaust its appeals. This would've been over a long time ago, but SCO filed for bankruptcy on the eve of trial, stopping the clock. One can only wonder what trick they will try to pull this time."



Backgrounder... Why social networks are important.

http://www.techcrunch.com/2008/04/28/morgan-stanleys-march-internet-trends-report-social/

Morgan Stanley’s March Internet Trends Report: Social Applications Dominating

Michael Arrington April 28 2008

[From the Key takeaways:

  • YouTube + Facebook page views > Google or Yahoo page views (and may be bigger than both combined)

  • 6/10 top internet sites are social (youtube, live.com, facebook, hi5, wikipedia, orkut); none were on the list in 2005

  • >50% of Facebook users log in daily, 95% of Facebook users have used at least one third party application

  • 14 million photos uploaded daily on Facebook [Still hard to find the truly incriminating ones... Bob]

  • Google + Yahoo = 61% of U.S. Online Ad Revenue



Most interesting because of their first “do not use” recommendation – Adobe Reader. That;s not the only pakage you might be using...

http://lifehacker.com/384545/superior-alternatives-to-crappy-windows-software

Superior Alternatives to Crappy Windows Software

... it's time to replace stinky Windows software with its superior (but lesser-known) alternative.



Interesting that the author views this as a genealogy source...

http://www.researchbuzz.org/wp/2008/04/28/what-happened-at-the-old-bailey/

What Happened At the Old Bailey?

28th April 2008, 10:40 pm

If you have English ancestry, an interest in your family’s history, and some patience, do I have a site for you. It’s a Web site aggregating the proceeding of the trials at the Old Bailey (the Central Criminal Court in England) from 1674-1913. This site covers almost 200,000 trials.

http://www.oldbaileyonline.org/index.jsp



Perhaps they don't teach “the logic of the Internet” in Law School?

http://techdirt.com/articles/20080428/194905972.shtml

RIAA Now Decides That Not Enough People Have Heard Of Project Playlist

from the reverse-attention-whores dept

There they go again. The RIAA and MPAA keep picking totally random, mostly unknown, startups and suing them -- giving them all sorts of free publicity. They did it years ago with Napster and more recently with The Pirate Bay. And yet... they keep doing it. In the latest example, the RIAA is suing a company called Project Playlist, which offers apps for MySpace and Facebook that let you play music found elsewhere online. There are a bunch of similar offerings out there (some of which I think are even more well known). If this case goes forward, it could be quite interesting, as again it's hard to see how Project Playlist is the liable party. It just lets users point its player to mp3 files that are found on other sites. Those files may be infringing, but Project Playlist is just the player. It would be like suing Sony for making a Walkman on the assumption that most tapes used in Walkmen include infringing copies of songs.



There are worse things than driving while talking on a cell phone...

http://news.yahoo.com/s/afp/20080428/od_afp/francetransportroadoffbeat_080428160657;_ylt=AsuwTTk49y11A7uxfiyPwH.s0NUE

French police stop video-watching man driving at 200 km an hour

Mon Apr 28, 12:06 PM ET

French police said Monday they had caught a man driving on a motorway at 200 kilometres (125 miles) an hour while watching a video.

The 21-year-old was watching the video on a mobile viewer placed on the dashboard of his vehicle when police stopped him Sunday on the highway near the western city of Tours, police said.

... Police impounded his car and confiscated his licence while he awaits a court appearance.