Saturday, July 05, 2008

You thought it would be bad to have someone run up charges on your credit card. How would you like this on your medical records?


ID fraud reported at hospital

Officials at South Coast Medical Center are still trying to figure out how a woman was admitted under a 72-hour psychiatric hold using another woman’s identity — and insurance card.


Kofl said it is the first known incident [it's the unknown that worry me... Bob] of insurance identity theft in the Adventist Health chain of 18 hospitals.

Full story - Coastline Pilot

[From the article: Hospital officials were shocked to learn the patient and the woman whose insurance was billed for the $13,000 hospital stay were not the same. [Almost as shocked as realizing they weren't going to be paid. Bob]

... The hospital had no way of knowing the woman was using another person’s insurance card, Kofl said.

The patient had a valid insurance card [Perhaps “valid looking?” Bob] and the address matched what was in the system,” she said.

What goes around comes around?

Daily Mail publisher is red-faced after laptop with personal data is stolen

Friday, July 04 2008 @ 09:30 AM EDT Contributed by: PrivacyNews

Daily Mail publisher Associated Newspapers has admitted that a laptop containing financial and personal details of thousands of staff, suppliers and contributors has been stolen.

...Even those who no longer work for either Associated Newspapers, which also publishes the Mail on Sunday and the Evening Standard, and regional newspaper publisher Northcliffe Media have been affected and contacted.

... The letters from the Associated Newspapers group finance director, Simon Dyson, and his Northcliffe counterpart, Martyn Hindley, tell recipients that their "name, address, bank account number and bank sort code were the sensitive data lost" when the laptop was stolen last week.

Source - Guardian

So, can I legally install an anti-virus program that blocks, detects and/or removes it?

Bavarian Police Can Legally Place Trojans On PCs

Posted by kdawson on Friday July 04, @12:34PM from the trust-us-we-would-never-abuse-this-power dept. Government Privacy Security

An anonymous reader writes

"The Bavarian Parliament passed a law that allows Bavarian police to place 'Remote Forensic Software' (Google translation) on a suspect's computer as well as on the computers of a suspect's contacts. They may break into houses in secret to install the RFS if a remote installation is not possible; and while they are there a (physical) search is permitted too. The RFS may be used to read, delete, and alter data."

The translation says that RFSs may be used in cases of an "urgent threat to the existence or the security of the Federation or a country or physical, life or liberty of a person... Even where there is a reasonable assumptions on concrete preparatory acts for such serious offenses."

Strange that none of the defense lawyers paid as much attention to what was being blogged about this case as the Judge did.

NC Judge Takes "A Fresh Look" At RIAA Subpoenas

Posted by ScuttleMonkey on Friday July 04, @05:56PM from the doing-their-part dept. The Courts Education

NewYorkCountryLawyer writes

"When some North Carolina State students recently brought to the attention of the Court the apparent illegality of the RIAA's investigations by unlicensed investigators, they also caught the attention of the judges. After reading these new papers, District Judge Louise W. Flanagan, who admits that she's been routinely signing the RIAA's ex parte discovery orders in the past, has indicated that she is now going to take 'a fresh look' at the RIAA's tactics. She issued a stay of the subpoena, ordering NC State not to respond to it, and referred the motions to dismiss the cases to a Magistrate Judge for him to take that 'fresh look' at what has been going on."

Mot that anyone will ever read it...

Google Changes Home Page, Adding Link to Privacy Policy

By Saul Hansell UPDATED | 7/4, 10:07 AM

The word “privacy” now appears on Google’s home page, with a link to the company’s privacy policy.

With that one word, the Web search giant heads off the growing controversy over whether its previous practice ran afoul of a California law, the California Online Privacy Protection Act of 2003, which requires the operator of a commercial Web site that collects personal information to link to its privacy policy from its home page.

I see this as an interesting question for the White Hat club

Best Way To Get Back a Stolen Computer?

Posted by kdawson on Friday July 04, @10:26AM from the aiding-lawn-forcement dept. Social Networks

davidphogan74 writes

"I have some stolen computers checking in with a server we have (software pre-loaded), and I have full access to the systems. What's the best way to deal with this situation? The local police (to the theft) have been contacted several times and seem to be clueless. I personally have no financial interest in these computers, I just don't like atom-thieves. What's the best way to handle knowing the IPs, email addresses, MySpace sites, the Google login, etc. when working with law enforcement? The officer I spoke with (who genuinely seemed to care) didn't know an IP address from a mailing address, so I called others. Nobody cared. Anyone have any ideas?"

e-Discovery Even with the small amount of data listed here, and assuming reasonable compression, 12 terabytes seems small to me.... (Do you suppose they will print the log for them?)

YouTube Ordered To Release User Data

Viacom Had Sought Access to Database In Copyright Battle

By Ellen Nakashima Washington Post Staff Writer Friday, July 4, 2008; Page D01

... On Tuesday, U.S. District Judge Louis L. Stanton granted Viacom's request that YouTube release its 12-terabyte "logging" database -- a database that is larger than the Library of Congress's collection of about 10 million books, to Viacom. Every minute, 13 hours of video are uploaded to YouTube servers. The site logs hundreds of millions of views a week.

The database contains the unique login ID of the viewer, the time he began watching, the Internet Protocol, or IP, address of the user's computer and the identification of the video. That database is the only existing record of how often each video has been viewed during various time periods, the opinion said. Its data can recreate the number of views of a video for any particular day.

Friday, July 04, 2008

You must make a conscience effort to look for ALL sensitive information, ask yourself if you really need it and if so, how you will protect it.

NV: Juror data breach is reported

Friday, July 04 2008 @ 05:33 AM EDT Contributed by: PrivacyNews

In a District Court security breach, a contracted vendor released personal information on about 380 potential jurors to an employee's private e-mail address, court officials said Thursday.

Clark County court officials said the people affected were notified by letters sent out Monday. Court officials did not specify whether the breach was intentional or accidental. They also didn't specify when the incident occurred.

The information was transferred from the printing company that prepares jury summons notices to an unidentified employee's e-mail account.

Source - Las Vegas Review-Journal

[From the article: Court officials said they have since removed all personal identifiers from the jury summons list... [Probable that no one even thought of doing this before the incident. Bob]

“We're your government and we're here to protect you!”

Passport record system open to abuse, IG finds

Thursday, July 03 2008 @ 05:37 PM EDT Contributed by: PrivacyNews

A State Department passport record system that holds personal data on more than 120 million Americans is wide open to abuse and unable to prevent or detect unauthorized access, investigators said Thursday.

The review by the department's inspector general was ordered after revelations in March that State Department employees and contractors had accessed the files of presidential candidates Hillary Clinton, John McCain and Barack Obama.

The IG report found a much broader problem.

Source - McClatchy

[From the article:

Investigators surveyed the records of 150 high-profile Americans, whose names were selected from Forbes and Sports Illustrated magazine lists and Internet search engine Google's most-searched names.

Of the 150 — who weren't named in the report — 127, or 85 percent, had had their passport files accessed a total of 4,148 times, strongly suggesting attempts at unauthorized access.

... Investigators said they were unable to determine precisely how many individuals had access to the system or how many breaches had occurred.

If not a trend at least a more common scenario

Irrigation Controller Stolen, Wirelessly Rescues Itself

Posted by kdawson on Friday July 04, @08:46AM from the visionary-solutions-to-water-management-through-technology dept.

wooferhound sends along an amusing piece about thieves who got run over by technology and never knew what hit them. "A Rain Master Eagle-i Irrigation Controller recently stolen out of a housing development just outside of Tucson traveled nearly 80 miles before rescuing itself. The smart controller is now back in place on the wall where it was originally pinched... In this day and age, something that may look passive like an irrigation controller may not be so passive. The thieves didn't realize they were removing equipment that features 2-way wireless communications via the Internet. Three weeks later, the unexpected happened. The Maintenance Supervisor noticed a signal coming in from the stolen controller. He thought it was kind of odd that it was up and running... Whoever had stolen it had plugged it back in."

Repeat after me: Passwords do not provide adequate security.


Posted by hitechpo on July 3, 2008 at 4:30pm

For this blog, I wanted to give you some instructional material. Some of this stuff has been around for awhile, but there is some new stuff out there specifically, a new version of pass-the-hash toolkit. In a nutshell, the instructions that follow will allow you to gain full control of a windows domain without ever lifting a finger at cracking a password.

... Some rules to follow to prevent this type of attack are: lock down your workstations. Do not allow users to have local admin rights. Make sure they are not able to download programs they aren't supposed to. If you can, go to the computer that needs support instead of connecting remotely - don't be lazy. Utilize your network devices to assist in filtering and providing access control levels to your systems and assist in remote access control.

Still think it can't happen in your organization? What does this say about the effectiveness of Data Breach disclosure laws?

12,000 Laptops Lost Weekly At Airports

Posted by timothy on Thursday July 03, @06:02PM from the dignity-lost-even-more-often dept. Portables Security Transportation United States Hardware

kthejoker writes

"Apparently companies are even worse about losing our data than we suspected. From the article: 'According to a study of 106 major US airports and 800 business travelers published by the Ponemon Institute and Dell Computer, about 12,000 laptops are lost in airports each week. Only 30 percent of travelers ever recover the lost devices. Nearly half of the travelers say their laptops contain customer data or confidential business information.' Kinda scary..."

[From the article:

Sixty-five percent of the business travelers admit that they do not take steps to protect the confidential information contained on their laptops when traveling on business, according to the study. Forty-two percent say they don't back up their data before going on a trip. Fewer than 20 percent of respondents said they have whole disk encryption or file encryption on their machines.

[The Study:

Crooks in the computer age: Another Estonia? Would Tony Soprano be able to do (conceive) this?

July 3, 2008 1:35 PM PDT

Hundreds of Lithuanian Web sites defaced

Posted by Robert Vamosi

Last weekend, several hundred Lithuanian Web sites were defaced with pro-Soviet and anti-Lithuanian slogans, according to The New York Times.

Last Friday, Lithuanian government sites were warned of an impending Web attack and mounted appropriate defenses. Several hundred commercial sites did not do so and over the weekend took the brunt of the attack. By Monday, most all of the sites had been restored.

... Early evidence suggests a group of criminal hackers may have organized the attacks. The IPs used in the attacks appear to be from a variety of nations, but Reston, Va.-based iDefense told the Washington Post that one site,, appeared to have organized the protest.

Fairly dull, but someone to quote?

Lt. Col. John Bircher Answers Your Questions

Posted by timothy on Thursday July 03, @03:35PM from the questions-that-dan-savage-won't-touch dept.

A few weeks ago, you asked questions of Lt. Col. John Bircher, head of an organization with a difficult-to-navigate name: the U.S. Army Computer Network Operations (CNO)-Electronic Warfare (EW) Proponent's Futures Branch. Lt. Col. Bircher has answered from his perspective, at length, not just the usual 10 questions, but several more besides. Read on for his take on cyberwar, jurisdiction, ethics, and more.

Don't you love it when a Judge “get it?”

Lawyer Seriously Slapped Down For SLAPP Attempt Against Librarian Blogger

from the ouch dept

We've covered the concept of SLAPP (Strategic Lawsuit Against Public Participation) suits plenty of times before. These are bogus lawsuits filed to try to bully a critic into shutting up. In one such case, involving an incredibly broad subpoena against a librarian blogger compiling information on the potential link between mercury and autism, a magistrate judge has seriously smacked down the lawyer who filed the subpoena.

... Shoemaker has not offered a shred of evidence to support his speculations. He has, he says, had his suspicions aroused because she has so much information. Clearly he is unfamiliar with the extent of the information which a highly-competent librarian like Ms. Seidel can, and did, accumulate

All this, and it's free! This looks verrry interesting. All the normal “suite” applications, plus graphic design and image manipulation tool, flowcharts and diagrams, even project management. (and for us Math teachers -- for mathematical formula editing.

Review of KOffice 2.0 Alpha 8 – On Windows

Posted by timothy on Friday July 04, @05:28AM from the didn't-see-that-coming-did-you dept. KDE Software Windows Linux

4WebChimps writes

"As featured previously on Slashdot, the KOffice project is working towards a cross-platform, open source office suite for Linux, Windows and Mac OS X. The most recent release, KOffice 2.0 Alpha 8, achieved that goal by being the first release for all three operating systems simultaneously. Want to try KOffice on Windows? TechWorld has a review (with screenshots) of KOffice on Windows, including the installation process which is as simple as clicking a few buttons (the online installer does the rest). Hopefully it won't be long before KOffice sits alongside as a usable cross-platform open source productivity suite."

976 free movies, including several episodes of Flash Gordon Conquers the Universe. How can you go wrong!

Download Movies - Classic Movies and B-Movies For FREE!

Or, you could watch brief excerpts to choose you TED video

Announcing the Top 10 TEDTalks

Thursday, July 03, 2008

Fast detection, zero prevention?

Univ. of Nebraska - Kearney hacked

Wednesday, July 02 2008 @ 10:07 AM EDT Contributed by: PrivacyNews

Officials at the University of Nebraska at Kearney discovered a security breach involving nine university computers in early June, and this week, letters are going out to individuals who may be affected.

"The computers involved in the incident were immediately secured, [Translation: “Turned off” Bob] and the university took additional steps to prevent unauthorized external access to any campus computers," said Deborah Schroeder, UNK assistant vice chancellor for Information Technology.

"The university has conducted a thorough investigation," Schroeder said. The incident took place on Sunday, June 8, and was discovered Monday morning, June 9. [Very quick, considering Bob] Of the nine computers involved, five contained names and partial or complete social security numbers.

The breach, which originated in the Republic of Slovenia, was confined to computers in the College of Natural and Social Sciences. Computers involved included two each in the biology, history and psychology departments; and one each in the mathematics, computer science and sociology departments. The files included advisees in the Department of History in 2002 and 2003, deciding students in Fall 2001 and Fall 2002, and students in the online Master of Science in Biology program since Spring 2005. In all, 2,035 letters are being mailed. No academic records were affected.

Source - U. Nebraska at Kearney Press Release

[From the article: "Since 2005, we have assigned the NU-id to all students and employees. We no longer use the Social Security number as a personal identifier. [Yet, they are still on these computers... Bob]

Note: This likely is the result of an earlier breach. (Hannaford?) Because there seems to be no way to detect someone listening in on the transmission of card data and PIN numbers via unencrypted wireless...

MA: Customers warned of data grab

Thursday, July 03 2008 @ 05:03 AM EDT Contributed by: PrivacyNews

Freedom Credit Union is warning customers of a security breach whereby debit card data was electronically captured by individuals who may have used it in a counterfeit scheme.

"We have been notified [I.e. They didn't detect it Bob] that your Debit card number was one of several obtained during the arrest and indictment of individuals in Eastern Europe and the United States," reads a June 27 letter from Freedom Credit Union to certain customers.

Source - The Republican

Attention lawyers who still believe they do not need to encrypt emails to their clients! (or that passwords provide adequate security.)

WV: Lawyer suspended for e-mail snooping

Thursday, July 03 2008 @ 05:08 AM EDT Contributed by: PrivacyNews

A Charleston lawyer has been suspended from the State Bar for two years after he admitted snooping in another law firm's e-mails because he suspected his wife was having an affair with her client.

... The opinion also states that Markins' misconduct caused OFN "professional embarrassment" and made it the target of potential lawsuits. The firm had to report a security breach to its major clients because Markins not only viewed confidential personal and financial information intended only for OFN partners, but also confidential client information.

Source - Charleston Gazette

[From the article:

The opinion also states that Markins' misconduct caused OFN "professional embarrassment" and made it the target of potential lawsuits. The firm had to report a security breach to its major clients because Markins not only viewed confidential personal and financial information intended only for OFN partners, but also confidential client information.

... Markins had discovered that the password to the e-mail account of any OFN lawyer was the lawyer's last name, [That goes beyond ignorant, all the way to STUPID! Bob] according to the opinion.

... When an OFN lawyer suspected someone had improperly accessed her e-mail account, the firm hired a computer systems engineer to investigate. [Isn't that like hiring someone to look up applicable laws after the trial? Bob]

Interesting question. Sex tapes seem to be the weapon of choice in divorce/pal-amony cases...

TMZ allowed to repost portion of actor's sex tape

Wednesday, July 02 2008 @ 12:42 PM EDT Contributed by: PrivacyNews

From the well-wait-a-minute dept.:

The AP reports that actor Verne Troyer's ex-girlfriend says that she allowed celebrity Web site TMZ to broadcast snippets of the tape and because of her statement, a federal judge has allowed TMZ to reinstate a post featuring snippets of the tape.

So she can waive his rights to privacy? I don't understand this -- Dissent.


WI: Consenting adults, hidden camera: Can that be legal?

Wednesday, July 02 2008 @ 01:48 PM EDT Contributed by: PrivacyNews

Does agreeing to get naked with someone mean it is lawful for them to film you in the buff without your consent?

That's the issue before the Wisconsin Court of Appeals in a case brought by a man convicted of secretly taping his girlfriend in the nude at her home.

Source - Capital Times

Related? Have you ever viewed a YouTube video?

Court Ruling Will Expose Viewing Habits of YouTube Users

Wednesday, July 02 2008 @ 05:54 PM EDT Contributed by: PrivacyNews

Yesterday, in the Viacom v. Google litigation, the federal court for the Southern District of New York ordered Google to produce:

all data from the Logging database concerning each time a YouTube video has been viewed on the YouTube website or through embedding on a third-party website

The court’s order erroneously ignores the protections of the federal Video Privacy Protection Act (VPPA), and threatens to expose deeply private information about what videos are watched by YouTube users.

Source - EFF

How to commit computer crime...

How Cybercriminals Steal Money - Google Tech Talks

July 2, 2008 - 4:26pm — MacRonin

Google Tech Talks June, 16 2008

[The video:

How to be a Social Engineer

Social Engineering 101: Focus On Informal Conversations

from the just-don't-promise-to-protect-the-info dept

In the past, we've covered plenty of stories about social engineering to get people to admit stuff they shouldn't -- suggesting you really just need to ask people to give up personal info and they will (sometimes giving them a gift helps, but just asking alone will often do the trick). The latest study does go a little deeper, however, suggesting that the more informal the setting, the more likely people are to cough up info. For example, it found that when those asked for confidential information were promised that it wouldn't be misused they were less likely to hand over the info. Instead, if there were no promises about what would be done with the info at all, people felt that it was more informal and were more willing to give up the info. Another experiment asked people to reveal "bad" activities to a website. In one test, the website was made to look like a university website, and in another an informal site with the title "How BAD are U??" Not surprisingly, the latter got a lot more people to cough up the details of bad behavior. In that case, I'd even wonder if the "competitive" nature of the question (suggesting that you should want to be "badder" than others) also helped contribute to the openness of individuals.

How to look stupid...

If You Must Make A Hidden Camera, Don't Make It Look Like Garbage

from the just-a-suggestion dept

Here's one for the "didn't quite think that through, did you" files. Gizmodo points us to the news that British authorities trying to prevent illegal trash dumping put a hidden camera at a popular dumping site. The only problem was that they disguised the hidden camera (which cost somewhere around $20,000 -- I have no clue why it cost so much) as a trash bag, and neglected to tell the folks in charge of cleaning up the site. So, yes, they threw out the hidden camera. Whoops.

Now this is interesting! A business model that allows retail futures trading... Selling to people with a negative (realistic?) view of the future. (Is this so smart it must be a con?) - Lock In Current Gas Prices

Gas prices getting you down? The oil barons maybe unwilling to make amends, but not to worry, there is some relief to be had. And it comes in the form of a new website dedicated to the gas crises called MyGallons. MyGallons lets users buy gas credit at current prices. Users, in turn, are betting that gas prices will continue to rise and that their purchase will ultimately save them money. It's akin to playing with futures in the stock market. You're hedging the price you pay for gas. The current trend seems to make MyGallons a godsend for consumers leary of paying over $4.50 for a gallon of gas. Gas is a necessity in the states, and coupled with the rising cost of food and other consumer goods, most people welcome any savings they can get. There is a catch to MyGallons, however. Users must pay an annual fee of $29.95 in addition to various overdraft and processing fees. In the end, you might only save a handful. It's currently available in over 200,000 location nationwide.

There is no need to hack, if the solution is built in from the start...

GUIDE: Using Linux to Beat Comcast's BitTorrent Throttling

posted by soulxtc in guides

For those savvy enough to have switched over to Linux, this step-by-step guide will prove once again that Linux really does offer users almost complete control over their OS.

Should be interesting...

FTC Recruiting Identity Theft Victims

Posted by samzenpus on Wednesday July 02, @07:13PM from the study-while-they-steal dept. The Internet

coondoggie writes

"In an effort to buttress its enforcement and better understand the scourge that is identity theft, the Federal Trade Commission said today its plans to conduct a wide-ranging study of victims of the crime. The FTC is looking for people harmed by the crime and said the survey will examine the remedies available to victims under the Fair and Accurate Credit Transactions Act of 2003 (FACT Act). Among other things, the FACT Act gave consumers the right to place fraud alerts on their credit files if they are, or suspect they may become, victims of identity theft; block information on their credit reports that resulted from identity theft; and obtain copies of their credit reports free of charge."

The University is adding huge touchscreen displays. This one needs much less hardware, so I suspect will see many more applications like this... (Interesting video embed technique, too)

July 01, 2008

Hologram Google Earth

Check out this cool display and interface with Google Earth:

The technology comes from UbiqWindow and lets a computer screen be projected in mid-air. They have devised a touchless way to interact with the "hologram", and Google Earth is a great way to show off its capabilities. it's not a 3D projection, just 2D. But, it sure looks cool. via Google Earth Design

It is important to “get it”

Domino's Pizza Tries To Cash In On "Dark Knight" Online Buzz, Fails

Hilary Lewis | July 1, 2008 10:58 PM

From The Business Sheet: The Dark Knight is probably the most successful example of viral marketing for a film yet: Its trailers have quickly become Internet sensations.

Yesterday Domino's Pizza tried to capitalize on this magic: Warner Bros released another trailer for The Dark Knight...on a cross-promotional Web site sponsored by the pizza-delivery company.

At first we wondered how the clip, which includes no mention of pizza or even the Domino's logo would sell pies...and then we checked out the web site (Dark Knight Vault). It turns out only people who've placed an online order for Domino's Pizza in the past 48 hours can see the trailer. Pretty smart!

At least it would be if people couldn't also watch the clip on YouTube, as we (and 24,250 other people and counting) just did.

The trailer, from YouTube, is embedded below. In the words of /Film, "The trailer is actually pretty good (unlike Domino's Pizza)."

Related Is this “getting it”

Jul 2, 2:35 PM EDT

Police wnt u to fight crime w/txt msgs

By MITCH STACY Associated Press Writer

TAMPA, Fla. (AP) -- Police in the 1970s urged citizens to "drop a dime" in a pay phone to report crimes anonymously. Now in an increasing number of cities, tipsters are being invited to use their thumbs - to identify criminals using text messages.

Watch as the monopoly dies...

Study claims Windows usage market share could fall below 90% — A new study released by Net Applications indicates that a decreasing percentage of the Internet population is using Windows as their operating system. It appears that Mac OS X could soon be listed in the double digit-range, while Windows could fall below the 90% mark.

Wednesday, July 02, 2008

At last! A case where the organization breached can't say, “We have no reports that the data has been used.” Note that they still weasel-word the press release, despite the evidence.

Baptist Health alerts patients to ID theft

Wednesday, July 02 2008 @ 06:49 AM EDT Contributed by: PrivacyNews

Baptist Health has sent letters warning about 1, 800 patients that the hospital system’s records may have been breached, the Arkansas Democrat-Gazette has learned.

The notification came after the arrest of a Baptist Health employee at a Wal-Mart store on 25 counts of financial identity fraud.

Source - Arkansas Democrat-Gazette

[From the article: Among the items found during a search connected with the arrest of Hill was personal information for 24 other people, including “screen shots” — printouts showing the exact appearance of the images on a computer screen — that showed victims’ personal information.

This technique is well documented on a number of YouTube videos. What made them think they could ignore it?

Fingerprint payment already hacked

Wednesday, July 02 2008 @ 07:57 AM EDT Contributed by: PrivacyNews

Equipment used to let customers at an Albert Heijn supermarket in Breukelen pay by fingerprint has already been fooled by a rubber copy, news agency ANP reports, quoting website Webwereld..... Albert Heijn said the system was being tested so the company could learn from mistakes and make improvements.

Source -

[From the article: A man went through the till system with a rubber copy of someone else’s fingerprint on his own finger. Neither the system nor the till operator noticed, ANP said.

We don't need no stinking security...” A. Victim

July 1, 2008 11:28 AM PDT

Researchers: 637 million browser users at risk

Posted by Robert Vamosi

... Overall the authors found that roughly 40 percent of users were using insecure versions of Web browsers. Among the least compliant were users of Internet Explorer, which currently dominates the Internet browser market.

[The paper:

Good morning, Mr Phelps...” You can almost hear the theme music in the background... (Should make e-Discovery a joy...) - Self Destructive Electronic Messages

In spy movies self destructive messages and notes are a veritable staple; in real life, you probably don’t have that luxury or thrill of auto-exploding secret messages, at least not until now. With Privnote, you can send Mission Impossible style notes to friends, colleagues, and contacts. Now, of course, your messages won’t actually blow up or burn; however, the link to the note is destroyed once it is clicked, so it can only be seen once. If someone else happens to intercept the note before the intended recipient gets to it, that person will know. Privnote will also send you a notification as soon as the message is read. Should you regret sending a note, you can destroy it yourself before any eyes have a chance to glimpse it. Privnote is absolutely free to use.

Quotes & Statistics

Diary of a deliberately spammed housewife

What happened when 'Penelope Retch' answered her spam e-mail By Ellen Messmer , Network World , 07/01/2008

... The idea of the Spammed Persistently All Month (S.P.A.M.) experiment — which fittingly started on April Fool's Day — was to have 50 volunteers from around the world answer every spam message and pop-up ad on their PC.

... Each S.P.A.M. volunteer saw an average of 70 spam messages arrive in their in-box each day, with men receiving about 15 more per day than women.

[The Report: The Global SPAM Diaries.

[The blogs:

[A related podcast: Download today's podcast

This question will be resolved in November. We can only hope that the election will be resolved too...

Vendor misinformation in the e-voting world

July 1st, 2008 by Dan Wallach

Last week, I testified before the Texas House Committee on Elections (you can read my testimony). I’ve done this many times before, but I figured this time would be different. This time, I was armed with the research from the California “Top to Bottom” reports and the Ohio EVEREST reports. I was part of the Hart InterCivic source code team for California’s analysis. I knew the problems. I was prepared to discuss them at length.

Wow, was I disappointed.

Always informative...

Privacy commissioner probes cloud computing

Ann Cavoukian’s office looks at services to host software and data over the Internet and raises questions about the protection of users’ information. Consider her key identity management suggestions

By: Shane Schick ComputerWorld Canada (29 May 2008)

... In a white paper published Wednesday, Ontario Information and Privacy Commissioner Ann Cavoukian discussed the changing landscape for individual information as software moves to Web-based services from companies such as Google, IBM or Amazon. The 30-page document provides an overview of cloud computing as well as the technological building blocks Cavoukian says are necessary to protect data from those who shouldn’t see it.

I love list and I love blogs, how could I resist?

July 01, 2008

The Top 100 Law and Lawyer Blogs

Criminal Justice Degree Guides: "The Top 100 Law and Lawyer Blogs Law blogs, also known as blawgs, are plentiful these days. In fact, there are probably thousands to choose from and more appear each week. For that reason, it may be difficult for you to narrow down which ones are worth a regular read. Whether you are a lawyer, law student or merely interested in the subject, we’ve attempted to cut through the chaff and provide you with what we regard as the top 100 law and lawyer blogs listed below. It was very difficult to choose only 100 blogs from the myriad of successful law blogs. In an effort to remain fair, you will find a variety of subjects covered with the following blogs. Not only are high-profile general law blogs included, niche blawgs are also offered for your consideration. Since it would be impossible to rank them according to importance, they are categorized according to subject and then alphabetized."

For my website class - Easy Widget Creation Tool

Widgenie is a data visualization tool geared at non-tech folks. It allows bloggers, businessmen, housewives, priests, anyone basically, to create widgets or visual information charts for publishing on the web’s most popular sites like Facebook, Wordpress and iGoogle. Users can import data from Excel spreadsheets, CSV files and data feeds from Widgenie’s partner sites. After the data is input, it can be customized via a drag and drop editor—no coding whatsoever is required. Colors, size, headings, fonts and more can all be customized according to user preferences. All changes can be previewed within Widgenies viewing window. On the social side, you’ve to a community forum called ‘Inside the Lamp’ where you can find tips, advice and buzz about new widgets and tool developments. There are tutorials to guide you through making your own widgets, and if you need extra help you can always consult the Widgenie community.

Think what this could do for education... Students “forced” to write about what they learn – even if they don't know they are learning.

July 1, 2008 10:16 PM PDT

The writing organization: knowledge management made easy

Posted by Tim Leberecht

... Make it mandatory for every employee to keep an internal blog and post at least once per week. Depending on their role, employees can blog about customer experiences, sales tactics, strategy, product improvements, organizational design, competitors, market trends, and even gossip. Potential productivity losses are outweighed by the value of knowledge that is being generated and shared.

And what is productivity anyway these days? "Productivity (...) is exactly the wrong thing to care about in the new economy," writes Kevin Kelly in his "Maxims for the Network Economy": "In the coming era, doing the exactly right next thing is far more fruitful than doing the same thing twice." Blogging helps identify the right thing. [Hear that, readers? Bob]

[How can you resist a “Maxim” like: The surest way to smartness is through massive dumbness. Bob]

We need a guide that explains exactly, step-by-step, what our students should not do...

Expensive Books Inspire P2P Textbook Downloads

Posted by timothy on Tuesday July 01, @02:50PM from the psst-can-I-borrow-your-con-law-book-for-a-bit dept. Education Books The Internet Technology

jyosim writes

"A site called Textbook Torrents is among the many sites popping up offering free downloads of expensive textbooks using BitTorrent or other peer-to-peer networks. With the average cost of textbooks going up every year, and with some books costing more than $100, some experts say that piracy will only increase."

Having just completed graduate school, I can attest that quite a few books are in that more-than-$100 range, and that they're heavy besides. But the big-name textbook publishers are much less interested than I am in open textbooks, even if MIT has demonstrated that open courseware is feasible, and Stanford and other schools have put quite a bit of material on iTunes.

Tuesday, July 01, 2008

Who's the leader of the club

that lost your i-den-ti-ty

M-I-C, K-E-Y


(Not new)

Disney Shareholders Notified Personal Information Was Compromised

POSTED: 8:15 am EDT July 1, 2008

ORANGE COUNTY, Fla. -- Some of Disney's shareholders have been notified their personal information has been compromised.

Bank of New York Mellon, which manages stocks for Disney shareholders, sent out a letter saying a box of data containing people's personal information was lost as it was being moved to a storage facility. The incident happened in February, but shareholders are just receiving the letters.

Do you suppose Hannaford gave each issuing bank a list of the cards compromised? (Perhaps through the Credit Card companies?) If so, how do they know this activity is due to a specific breach? It could be another breach, (or someone using the list of compromised cards...)

Hannaford data breach fallout continues (update)

Monday, June 30 2008 @ 05:18 PM EDT Contributed by: PrivacyNews

The fall out from the Hannaford data breach that began last year continues.

Approximately 7,000 individuals who have Ocean National Bank ATM/Debit Cards are having them replaced because there has been recent illegal activity on them reported.

“At the time (of the breach) we gave Ocean customers the opportunity to have their debit cards re-issued,” said Kathy Schirling, a senior vice president with Chittenden Bank, a sister institution of Ocean’s. “We knew it was a significant inconvenience to customers who do online banking and decided to hold off doing a full re-issue and only give new cards to those individuals who requested them.”

With new illegal activity taking place, bank officials decided now is the time for a total re-issue, Shirling said. A letter was sent to all Ocean customers dated June 25, advising them of that decision.

Source -

For my Security students. It's not just lost laptops that cause data breaches...

Cracking Physical Identity Theft

Monday, June 30 2008 @ 06:21 PM EDT Contributed by: PrivacyNews

A researcher performing social engineering exploits on behalf of several U.S. banks and other firms in the past year has “stolen” thousands of identities with a 100 percent success rate.

Joshua Perrymon, hacking director [What a great job title! Bob] for PacketFocus Security Solutions and CEO of RedFlag Security, says organizations typically are focused on online identity theft from their data resources, and don’t think about how the same data can literally walk out the door with a criminal posing as an auditor or a computer repairman. He once walked out of a client site carrying their U.S. mail tray with 500 customer statements inside it, he says.

Source - Dark Reading

Don't mess with Texas!

Dallas Judge Gives Woman 38 Years For ID Theft

Monday, June 30 2008 @ 06:17 PM EDT Contributed by: PrivacyNews

A woman who stole thousands of dollars from North Texas nursing home patients and fast food customers and employees will face the longest identity theft sentence in Dallas County history.

Source - CBS

[From the article:

The degree of theft was so large that the case was one of the first to qualify as a first-degree felony under a new Texas law.

Prosecutors had sought a life sentence against Parker. Defense attorneys were asking for probation. It's believed Parker received the harsher sentence because she has more than two dozen prior felonies on her police record. [Yeah, that could have something to do with it... Bob]

Attention Hackers! Here's the script: “Hello Dell? Someone stole my laptop and I need you to erase it immediately! My name is [insert victim's name here]”

Dell says it will delete data from stolen laptops

Monday, June 30 2008 @ 05:24 PM EDT Contributed by: PrivacyNews

Dell Inc. is joining a long list of other computer makers that offer a service designed to track lost or stolen laptops and delete sensitive data if the finder connects the machine to the Internet.

Source - CNN Money

[From the article:

Dell will charge business customers less than $100 per machine for three years of the service...

... A study commissioned by Dell estimated that up to 12,000 laptops are lost in U.S. airports each week. The Ponemon Institute said half the 864 business travelers it surveyed carry confidential company information on their laptops and about two-thirds don't take steps to protect the data.

Research tool Talking points

ITRC mid-year report card on breaches

Monday, June 30 2008 @ 05:05 PM EDT Contributed by: PrivacyNews

The Identity Theft Resource Center’s mid-year press release should come as no surprise to regular readers of and this blog. ITRC reports that the total number of data breaches through June 27 is 342, more than 69% greater than the same time period in 2007.


Additional reports available on ITRC’s web site enable additional analyses. Inspection of Type of Incident x Year x Sector suggests the following patterns for 2007 and 2008 data:

  • The number of Accidental Exposures appears to be increasing somewhat from 2007 to 2008, but not uniformly across sectors: the Educational sector may account for most of the increase.

  • The number of incidents involving Data on the Move also appears to be increasing somewhat in 2008, but most of the increase is due to increases in the Business and Health/Medical sectors; the Educational sector is showing a decrease relative to 2007.

  • The number of Hacking incidents appears to be increasing significantly from 2007, with both the Banking/Financial and Business sectors accounting for the increase.

  • The number of incidents involving Insider Theft by mid-2008 is already double the total number for all of 2007, with all sectors except the Government/Military sector showing an increase in this type of incident.

  • The number of incidents involving Subcontractors at mid-year is almost equal to the total number for all of 2007; Business, Educational, and Military/Government sectors are all on a rate to double the number of incidents they reported last year.

Source - Chronicles of Dissent blog

Perhaps a case for the law school crowd?

Company snoops ex-CEO's Yahoo Mail account, faces lawsuit

Monday, June 30 2008 @ 12:50 PM EDT Contributed by: PrivacyNews

Less than two weeks ago, the US 9th Circuit Court carved out a large space for privacy in the workplace by indicating that personal messages sent via work equipment were off limits to search unless the employer had a policy of regularly accessing the equipment. In the process, they gave protection to the contents of electronic messages, while accepting that information such as the recipients' identity were necessarily public. That decision may play a role in determining the outcome of a case brewing in Connecticut, in which a fired employee is suing his former employer for accessing his personal Yahoo account. The case, however, has a number of significant complications that may leave everyone involved looking bad.

Source - Ars Technica

Problems with the Cloud?

RMS and Clipperz Promoting Freedom In the Cloud

Posted by CmdrTaco on Monday June 30, @11:16AM from the can-i-see-what-you-see dept. Privacy

mbarulli writes

"Clipperz and Richard Stallman recently launched a joint call for action to bring freedom and privacy to web applications. 'The benefits of web apps are many, but quite often users lose their freedom to study, modify and discuss the source code that powers those web apps. Furthermore, we are forced to trust third parties with our data (bookmarks, text documents, chat transcripts, financial info ... and now health records!) that no longer resides on our hard disks, but are stored somewhere in the cloud.' Clipperz and RMS urge web developers to adopt the new AGPL license and build their applications using a 'zero-knowledge architecture,' a framework for web services that has been derived from Clipperz online password manager. A smooth path toward web apps based on free software that know nothing about you and your data."

Quite interesting. Hundreds of petabytes of data?

Inside Microsoft’s Internet Infrastructure & Its Plans For The Future

Om Malik, Monday, June 30, 2008 at 6:30 PM PT

A few minutes after she delivered a speech at our Structure 08 conference [More videos here Bob] in San Francisco, I caught up with Microsoft’s corporate VP of global foundation services, Debra Chrapaty, for a video chat.

Research: Keep track of your competition...

Competitive Intelligence - A Selective Resource Guide

By Sabrina I. Pacifici, Published on June 1, 2008

Selected Web, Blogs, News, Video Search and Alerts

Think of it as project Gutenberg for music... Anyone want to record this copyright-free music under a GPL so we can put it online?

Provider of Free Public Domain Music Re-Opens

Posted by kdawson on Tuesday July 01, @04:58AM from the music-wants-to-be-free dept. Censorship Music

Chip Zoller writes

"This community took note when the International Music Score Library Project shut down last October, and when Project Gutenberg stepped in to help three days later. I would like to alert you all that our site, IMSLP, has re-opened to the public for good after a 10-month hiatus. All the news updates in the interim can be found linked to the main page. We take great pride in re-opening as it demonstrates our willpower to make the masterpieces of history free to the world; and moreover to make manifest that we will not be bullied by publishers sporting outrageous claims of copyright in a country where they clearly are expired."

Monday, June 30, 2008

When will they ever learn...


UK: Patient files stolen with laptop

A laptop containing the personal details of several thousand patients has been stolen from the car of a senior hospital manager, who is now suspended.

A patient told the BBC he received a letter saying the computer was taken on 18 June in Scotland from the car of a Colchester University Hospital manager.

The unencrypted details included names, dates of birth, postcodes and treatment plans.

Full story - BBC

Related, with some info on what universities are doing...

Increase in Stolen Laptops Endangers Data Security

Monday, June 30 2008 @ 06:29 AM EDT Contributed by: PrivacyNews

Patrick A. Grant was stolen in April. A thief walked away with a laptop containing the University of Virginia biochemist's name and Social Security number, as well as those of more than 7,000 other professors, staff members, and students. The machine belonged to a university employee who had taken it off campus — and then it was simply taken.

Source - Chronicle of Higher Education

[From the article:

The next month, Mr. Grant discovered that criminals had amassed at least $22,000 in debt under his name.

Mr. Grant believes the laptop theft, or a series of campus computer-hacking incidents years ago, led to his victimization.

"My suspicions lie with" both, he says, adding that he knows of no other circumstances in which his confidential data were exposed. [but not everyone complies with the data breach laws... Bob]


Data “Dysprotection:” breaches reported last week

Monday, June 30 2008 @ 06:40 AM EDT Contributed by: PrivacyNews

A recap of incidents or privacy breaches reported last week for those who enjoy shaking their head and muttering to themselves with their morning coffee.

Source - Chronicles of Dissent

If you haven't seen it on HBO, it is worth a look.

HBO Film: Hacking Democracy Deibold/Global Voting Solutions watch! — How can we have a democracy if we cannot secure our voting system? This full length movie examines how we count our votes. They found that it is a very corrupt innacurate system that allows a corrupt system to continue to run. Al Gore in 2002 was defeated but they uncovered a rigging of the system & was not due to machine failure. Negative votes...


Unisys Security Index Reveals Identity Theft and Financial Fraud Remain Top Global Concerns for Consumers

Monday, June 30 2008 @ 06:21 AM EDT Contributed by: PrivacyNews

Fears about identity theft and financial fraud are top global concerns for consumers, according to the latest results of the Unisys Security Index. Identity theft is the primary security concern cited among respondents in nine out of 14 countries, while misuse of credit or debit card information ranks as the first or second greatest fear in 12 out of the 14 countries.

Source - Earth Times , press release

[From the article:

French consumers are least concerned worldwide, with fears at or near the lowest level of concern in all four areas. France’s score as a whole is a mere 76.

[The index is at:

Security – an historical perspective (Actually make some good points)

Cyber-Security Lessons From the 15th Century

By Brian Chess and Taylor McKinley E-Commerce Times Part of the ECT News Network 06/30/08 4:00 AM PT

Three lessons from the days of knights and castles still apply:

1. Design with security in mind, and make sure your construction techniques don't compromise your design.

2. Building right is not enough. Active security defenses are a must.

3. The job never ends. Staying secure means continual evolution.

Hey kids! Have we got a deal for you!” (Isn't this “encouraging crime?”)

June 30, 2008 4:00 AM PDT

Get a ticket, get a free gadget

Posted by Holly Jackson 1 comment

Break the law, get a free headset?

It might sound a little odd, but online retailer has decided to make that idea the focus of a new marketing and educational campaign related to the new hands-free legislation that takes hold Tuesday in California and Washington.

In effect, if you get ticketed for talking on your cell phone without a headset while driving, pony up the $20 or $50 (depending on how many times you've been caught), then send documentation of your offense to

The most surprising part? You'll be making a hefty profit by breaking the law. According to CEO Mike Faith, will, for a limited time at least, give away the Plantronics Discovery 925, which retails at $149.99.

Easy to see how this will be abused -- “Dude, my blood alcohol level is higher than yours!”

How Drunk Are You? Just Ask Your iPod

By Donald Baker MacNewsWorld Part of the ECT News Network 06/30/08 4:00 AM PT

... The iBreath can actually be used as a portable breathalyzer test. Blowing into the attached tube is all that is required to get a measurement of your blood alcohol content (BAC) within seconds.

The device apparently measures accurately to within 0.01 percent BAC with a maximum limit of 0.12.

Surprise, surprise, surprise!” G. Pyle

Your Online Profile Actually Tells a Lot About You

Posted by timothy on Sunday June 29, @09:43PM from the explains-my-dating-life dept. The Internet Science

An anonymous reader writes

"Despite all the media reports that your Facebook profile is giving the wrong impression, a psychological study shows people really can understand your personality from your online profile. Turns out you're not giving the wrong impression with your profile; you're giving the right impression to the wrong people. You can actually learn more about someone's Agreeableness from their online profile than from a first date."

Something tells me facial recognition isn't quite perfected. Remind me to get a Richard Nixon mask so the cameras can tell “I am not a crook!”

Magazine Photos Fool Age-verification Cameras

Posted by timothy on Sunday June 29, @02:11PM from the porn-magazine-photos-doubly-so dept. Security Technology

gregor-e writes

"Japan has scheduled a full-scale rollout of visual age-verification on cigarette vending machines. Unfortunately for them, a Sankei Sports news reporter has determined that this system can be fooled by holding up a magazine photo of an adult."

We have the technology (watch the video) now all we need to do is convince King Soopers that they need this...

How you will shop in the "Supermarket of the future" watch! — A German supermarket is encouraging customers to scan and ring up their shopping using mobile phones, and check out without the help of a cashier. It is one of the number of innovations at the new "Future Store" - as Steve Rosenberg discovered when he went along to do his weekly shopping.

Ah yes, just as the Founding Fathers intended...

Tech Giants Pooling Cash To Buy Patents

Posted by timothy on Monday June 30, @07:28AM from the oh-wsj-you-tease dept. Patents Businesses The Almighty Buck

theodp writes with a link to a Reuters report, based on a WSJ story, that

"Verizon, Google, Cisco, and HP are among the companies that have joined a secretive group called the Allied Security Trust. Each of the companies will reportedly put $5 million in escrow to allow AST to snap up intellectual property on their behalf before it falls into the hands of parties that could use it against them. Patents will be resold after AST member companies have granted themselves a nonexclusive license to the underlying technology. According to AST CEO Brian Hinman, a former VP of IP and Licensing at IBM, the arrangement will keep member companies out of antitrust trouble."

(The WSJ's story itself is more detailed, but it's subscriber-only.)

Automating politics

Se: Snoop law politicians in email storm

Monday, June 30 2008 @ 06:16 AM EDT Contributed by: PrivacyNews

Members of parliament who either abstained from voting or voted in favour of Sweden's divisive new eavesdropping law had received a total of almost half a million protest emails by Sunday evening.

The MPs began receiving an a avalanche of emails after newspaper Expressen published a protest form on its website for readers to fill in.

Source - The Local

[From the article:

Once completed, the forms are automatically forwarded to all parliamentarians who supported the new law or failed to turn up in parliament for the vote.

Former Justice Minister Thomas Bodström told Expressen that there was "more action in the parliament than there has been for ten years".

I'm sure I've seen other sites like this, but it never hurts to have options...

University Readers

We make it easy to prepare and use custom course materials - digital and print - at a savings your students will love.

Course Packs You choose the content, we clear the copyrights, print, and deliver.

Custom Textbooks Transform your course materials for large classes into a professional book.

Original Works Publish and distribute an original textbook with ISBN and 20% royalties.

Another anniversary of note

40 Years After Carterphone Ended AT&T Equipment Monopoly

Posted by timothy on Sunday June 29, @06:54PM from the decision-rings-true dept. Communications

fm6 writes

"Wednesday was the 40th anniversary of the Carterfone Decision which brought to an end AT&T's monopoly on telephone terminal equipment. Ars Technica has an opinionated but informative backgrounder on this landmark, which pretty much created the telecommunications world as we currently know it."