Saturday, August 16, 2008

Tools & Techniques Sounds like a fun hack! (Until the Secret Service asks if you hate Dick Cheney) File this one with the insecure voting systems... Interesting that the MIT students who hacked a subway pass (risk: loss of revenue) were slapped with an injunction but the professor's hack (mass murder) is ignored.

University of Massachusetts professor hacks heart device to expose risks

Jessica Fargen By Jessica Fargen Friday, August 15, 2008

A UMass professor has found a way to remotely control an implantable heart defibrillator, proving that hell-bent hackers could some day terrorize the millions of people who rely on the devices to regulate their hearts.

With a homemade $1,000 radio transmitter, researchers were able to reprogram a pacemakerlike device and deliver high-energy shocks that could do all sorts of mischief, from causing a fatal heart attack to extracting personal information such as names and Social Security numbers.

But Kevin Fu, a University of Massachusetts at Amherst professor, said don’t worry yet. [We can protect you for only $19.95! Bob]

... A spokeswoman for Medtronic, one of the top pacemaker producers, said although the risk of any patient harm is low, the company takes seriously security risks, such as the one exposed by the researchers.

“This was a very, very controlled environment,” said spokeswoman Tracy McNulty. “It’s never happened in the real world. [How would they know? Bob] You would literally have to be standing on top of somebody to make this work.” [Apparently they haven't read the article Bob]

... “There’s a lot of work that goes into ensuring the devices are safe from manipulation,” she said. [But nothing as elaborate as actual testing... Bob]

As common citizens become more common, we need better ways to keep them under control.

U.S. May Ease Police Spy Rules

More Federal Intelligence Changes Planned

By Spencer S. Hsu and Carrie Johnson Washington Post Staff Writers Saturday, August 16, 2008; A01

... Under the Justice Department proposal for state and local police, published for public comment July 31, law enforcement agencies would be allowed to target groups [Watch out fer them Democrats! Bob] as well as individuals, and to launch a criminal intelligence investigation based on the suspicion that a target is engaged in terrorism [Suspect any who votes Republican? Bob] or providing material support to terrorists. They also could share results with a constellation of federal law enforcement and intelligence agencies, and others [The media? Bob] in many cases.

Another indication that a global legal system is needed?

New magazine-sharing site escapes copyright laws abroad

Posted by Stephanie Condon August 15, 2008 5:31 PM PDT

... There is a hitch in the case against Mygazines, however. Mygazines is registered in the Caribbean island of Anguilla and hosted in Sweden, by the notorious PRQ. The Stockholm-based PRQ is owned by the founders of BitTorrent tracker site Pirate Bay and is known for hosting other dubious sites.

With its domain name registered abroad and its servers beyond U.S. borders as well, Mygazines seems to have slipped around the jurisdiction of U.S. copyright law. Even though publishers could pursue legal action against the site for material available in the U.S., there'd be no way to get representatives for the company to court or to collect damages.

Sometimes you have to point out the obvious (especially to the oblivious)

Do We Really Want Congress Choosing Which Business Models Are Best?

from the lobbyists-aren't-pushing-for-the-public-good dept

One of the most disappointing things in watching how Congressional Reps respond to entertainment industry lobbyists is that they seem to accept that the RIAA and MPAA's interests really are about helping "content creators" rather than simply putting in place laws that prop up an increasingly obsolete business model. Braden Cox recently came out with an interesting paper that highlights the fact that lobbyists are almost always either trying to protect their own business model, or make it difficult for other companies' business models to succeed. Yes, this is incredibly obvious, but it's an important reminder of something that is often missed by our politicians.

More specifically, it also explodes the myth that "the tech industry" has a single opinion on most policy issues. The report notes, basically, that different companies support different policies entirely based on their business models. It also notes that any effort by Congress to protect one particular business model is equally likely to harm another business model. In effect, any effort by politicians to prop up one is making an explicit choice over which business models are "best." And, for obvious reasons, we should all be pretty worried when Congress critters put themselves in the position of deciding which business model is best.

Tim Lee then does a nice job following up to show how things like the DMCA are an explicit choice by Congress to say that proprietary software business models are better than open software business models -- even though most in Congress don't recognize this fact. Isn't it time that we let the market decide what the best business models are instead of Congress?


AT&T Says It May Inject Its Own Ads In Your Surfing... And You'll Like It

from the oh-really? dept

Various ISPs have long made extra cash by selling your clickstream data to various tracking outfits. But in the last few months, it's come out that many have been either testing or considering taking things a step further by inserting their own ads based on your surfing history, using technology from firms like NebuAd and Phorm. Both of those companies have run into some trouble lately, as there are serious questions as to the legality of such practices, which have gotten the attention of folks in Congress.

While most ISPs have shied away from giving too detailed answers to Congress, apparently AT&T has decided to take a different stance. While the company says it has not tried any such ad insertion technology, it vehemently defends the idea, claiming that it would implement it "the right way" and that it "could prove quite valuable to consumers and could dramatically improve their online experiences, while at the same time protecting their privacy."

This is an old line that's been used before about these types of services: that it somehow enhances your surfing experience by throwing less crappy ads at you. Of course, this is based on the somewhat faulty assumption that people actually care about most banner ads, no matter how relevant. Also, it's hard to see how it "protects" a customer's privacy, when the whole point of these programs is to make use of your surfing details (which most people believe is private) to make your ISP more money.

Related, Legislating human behavior? If that worked, we'd have one law: “Do no evil”

The Pirate Bay Sees Boost in Italian Traffic Following ‘Block’

Written by enigmax on August 15, 2008

... “Since the block we’ve increased traffic from Italy,” he says. “We gained 10 places on Alexa in Italy, and our own stats show a 5% increase in traffic from Italy (which has been quite stable before),” which is understandable considering the masses of worldwide press coverage this week, a fact not lost on brokep:

Another iPhone paradigm changer? Interesting pricing model anyway...

August 14, 2008

Listen To Your Home Music Library On Your iPhone With Simplifymedia

... And now with an iPhone version of the application, you can wirelessly listen to your home (or friends' home) computer music on-the-go. It's amazing!

... Download the Simplify Media app from the App Store [iTunes Link - free for first 100,000 users - $3.99 after that].

Friday, August 15, 2008

Ode to Personal Data

How do I store thee? Let me count the ways.

I store thee on the page, the disk and any other media

My computer can reach, all being out of sight

(with apologies to Elizabeth Barrett Browning)

New and expectant mothers' information in a lost diary

Posted by Evan Francen at 8/14/2008 11:00 PM

A hospital trust has apologised to hundreds of new and expectant mothers after a midwife lost a diary containing their names and addresses.

[Evan] This is the first breach that I recall involving a handwritten diary [Where is your HIPAA data? Bob] on The Breach Blog. I wanted to include this breach because I want to emphasize that information security as a discipline is holistic. Information security aims to reduce the risk of unauthorized disclosure, modification and destruction of information, no matter what form (electronic, printed, handwritten, spoken, etc.).

Could this be stretched to include all “behavior based” advertising?

Class action suit hits Facebook and affiliates with breach of privacy

Friday, August 15 2008 @ 05:33 AM EDT Contributed by: PrivacyNews

The biggest and most significant legal action against now-leading social network Facebook was filed on Tuesday, and will actually test the theory of whether its Beacon behavior sharing program constituted a criminal conspiracy.

On Tuesday, a group of 18 California residents including some who publicly complained last year that Facebook's controversial Beacon feature was sharing too much of their personal online habits with the rest of the world, sued Facebook and many of its more prominent Beacon partners, including Blockbuster and They're not only claiming Facebook and its partners conspired to invade their privacy, but they're citing a California penal code that may have been originally intended to outlaw information-gathering Trojan horse programs, in a move which could leave Beacon's participants criminally liable.

Source - Beta News

[From the article:

What Beacon did -- and what nobody is disputing -- is deploy a Web browser-based scheme that waited until it received an indication that its user was doing something on a Beacon affiliate's Web site, such as purchasing an item or looking through a given catalog page or watching a video. There was a particular event code for each action, and that code was then transmitted to Facebook. Although users were supposed to be notified that this was happening by way of pop-ups, the lawsuit claims, no such pop-ups generally appeared.

The next Class Action?

Time Warner Cable Box Rental Inspired Antitrust Lawsuit

Posted by timothy on Friday August 15, @07:43AM from the but-they-lobbied-hard-for-this-territory dept. The Courts Television The Almighty Buck United States

EmagGeek writes

"Matthey Meeds, a real-estate agent, was so irritated about having to pay the monthly rental fee that on Tuesday he filed an antitrust suit against Time Warner Cable and its 84 percent owner, Time Warner Inc. The suit alleges that, by linking the provision of premium cable services to rental of the cable box, the companies have established illegal tying arrangements. 'Time Warner's improper tying and bundling harms competition,' Meeds' lawsuit states. 'Since the class can only rent the cable box directly from Time Warner, manufacturers of cable boxes are foreclosed from renting and/or selling cable boxes directly to members of the class at a lower cost.' I pay Comcast over $25/mo for my two DVRs. I'd love to just be able to buy them or build my own. I can't wait to see how this unfolds."

Lots of harm but no foul? (They must have tenure.)

University computers invaded by hackers

Thursday, August 14 2008 @ 12:47 PM EDT Contributed by: PrivacyNews

Hackers gained access to the University of Otago staff email server recently and used it to send out an estimated 1.55 million spam emails in 60 hours, after tricking four staff members into revealing their login details.

... The staff members responded to "spear phish" emails which claimed to be from the IT department and asked people to reconfirm their user names and passwords or their email access would be withdrawn.

Source - Otago Daily Times

[From the article:

The four staff members who revealed their passwords had not been disciplined, he said. [They must be covered by the ADA... Bob]

"The information security office has a policy of having a good discussion with campus users whose accounts have been compromised . . . [Are brass knuckles involved? Bob]

(The future of research?) The only way to check all possible legal issues (for example) would be to assemble a world-wide team of computer law experts, right?

Getting Insight Into The Challenges Created By Digital Nomads

from the join-in dept

If you haven't been paying attention to the Techdirt Insight Community lately, I wanted to let you know of a fun new project that's taking place there. It's new series of expert discussions in the Insight Community, sponsored by Dell, about the various challenges created by the rise of "digital nomads." With a growing number of people being able to work from anywhere with just a computing device and an internet connection, both companies and individuals are finding a variety of new challenges -- from how to strike that work/life balance, to keeping a team on the same page, to dealing with security issues, to just dealing with the basic challenges of carrying stuff around and finding connectivity. We're putting the best content together and creating something of a living digital whitepaper with input from a variety of folks. If you're a member of the community, log in and contribute. If you're not a member, join now and contribute your insight (and maybe earn some money for your efforts).

Related? Apparently even the big boys don't have the resources (or the will?) to check the laws in the countries they do business in...

Indian Court Demands Google Hand Over Anonymous Blogger's Identity

from the anonymity-not-allowed dept

It would appear that Google is discovering some of the differences in the legal system in India as compared to the US. Just after we wrote about how Google (along with Microsoft and Yahoo) were sued over ads, there are some stories coming out about how an Indian court has ordered Google to hand over the identity of an anonymous blogger who was criticizing an Indian company, Gremach Infrastructure Equipments & Projects Ltd. While anonymous speech is somewhat protected (within certain limits) in the US, that's not the case in many other countries. As the link above notes, this may force Google to change the way it does business in India.

In some ways, this is just another example of a problem that many folks have been asking about for years. On a borderless web, how do you know whose jurisdiction covers what? If the blogging all occurred on US servers hosted by a US company, should they be covered by US laws... or Indian laws? Or, even, some other country entirely? If you agree that once it's on the internet, it can be covered by laws in other countries, you end up with a bad result: the worst, strictest laws suddenly become the laws everywhere. That's a ridiculous outcome, but it's exactly where things go when you start suing an American company concerning content hosted in America under laws from another country.


Google, Microsoft And Yahoo Sued In India For Not Preventing Sex Selection Ads

from the misunderstanding-liability dept

India unfortunately doesn't have the equivalent of section 230 of the CDA, which prevents service providers from being sued for the actions of their users. That's why Google, Microsoft and Yahoo are all facing a lawsuit over certain types of ads in India. Apparently it's illegal in India to advertise any technique or product designed to influence the sex of a child. However, such ads have been appearing on all three sites. The problem, though, is that the liability should be on those who are actually buying the advertising. They're the parties who are really breaking the law. Yet, because Google, Microsoft and Yahoo are easier targets (and have a lot more money), that's who gets targeted.

“Of course we over-react – it's what we do best!”

August 15, 2008

UK Police Seize War on Terror Board Game

They said -- and it's almost to stupid to believe -- that:

the balaclava "could be used to conceal someone's identity or could be used in the course of a criminal act".

Don't they realize that balaclavas are for sale everywhere in the UK? Or that scarves, hoods, handkerchiefs, and dark glasses could also be used to conceal someone's identity?

... Buy yours here; I first blogged about it in 2006.

Shocking! Does this establish a precedent for Yahoo? Will they be expected to challenge all take down notices? (If not, why not?)

YouTube Stands Up To IOC Over Free Tibet Video

Posted by timothy on Friday August 15, @05:10AM from the good-light-on-a-bad-light dept. Censorship Google Government The Courts

Ian Lamont writes

"The International Olympic Committee has withdrawn a DCMA takedown notice that targeted a two-minute long YouTube video of a Students for a Free Tibet protest at the Chinese consulate in New York. The video shows protesters gathering outside the building at night and projecting images of the Olympic symbol, 'tank man,' Tibetan riot footage and clips of victims of the Chinese police crackdown in Tibet. After receiving the request, YouTube contacted the IOC and asked if it really planned to pursue a claim. The IOC retracted the notice and the video was reposted within hours. Stanford Law School's Center for Internet and Society praised YouTube for 'going out of its way to do more than it's required to do under the law to protect free expression.'"


Sharing 2999 Songs, 199 Movies Becomes ‘Safe’ in Germany — Prosecutors in a German state have announced they will refuse to entertain the majority of file-sharing lawsuits in future. It appears that only commercial-scale copyright infringers will be pursued, with those sharing under 3000 music tracks and 200 movies dropping under the prosecution radar.

Why those stupid [insert name of stupid political party here] bastards! How could they be so ignorant!

30% of Americans Want "Balanced" Blogging

Posted by timothy on Thursday August 14, @05:01PM from the why-do-you-hate-america's-children? Dept. The Media Censorship Government The Internet United States Politics

Cutie Pi writes

"In a recent Rasmussen poll looking at the public's attitudes toward a possible revival of the fairness doctrine by the Democrats, a surprisingly large percentage of those polled seek fairness doctrine mandates (originally intended for public airwaves) to cover the Internet as well. It is encouraging that a minority of people feel that way, but Democrats say 'hands-off the Internet ... by a far smaller margin than Republicans and unaffiliated voters. Democrats oppose government-mandated balance on the Internet by a 48% to 37% margin. Sixty-one percent (61%) of Republicans reject government involvement in Internet content along with 67% of unaffiliated voters.'"

Related Why those stupid [determine name of stupid political party and enter here] bastards! How could they be so ignorant!

Subpoena seeks to unmask anonymous bloggers

Thursday, August 14 2008 @ 12:39 PM EDT Contributed by: PrivacyNews

McALESTER, Okla. Police detectives seeking the identities of bloggers who criticized McAlester officials on an online message board delivered a subpoena to the site's operator, who says he won't cooperate with investigators.

Two police detectives delivered the subpoena on Aug. 12 to Harold King, who operates the Web site McAlester Watercooler. The subpoena orders King to provide details by Aug. 16 on 35 bloggers posting under pseudonyms on King's site.

Source - First Amendment Center

[From the article:

A list of 35 names is a witch hunt,” King told the McAlester News-Capital.

King said he researched posts under those pseudonyms and found one common denominator: All had written critically about District Attorney Jim Miller.

Tools & Techniques: For the hacking database

Hot Wire Your Car

From Wired How-To Wiki

Nine times out of ten, the words "hot wire" summon images of car thievery. Of course, anyone who's been stranded in a hostile environment without their car keys knows better. Here's the trick to getting your vehicle moving again.

The second report is interesting...

August 14, 2008

New GAO Reports: Drug Control, TSA Has Developed a Risk-Based Covert Testing Program

  • Drug Control: Cooperation with Many Major Drug Transit Countries Has Improved, but Better Performance Reporting and Sustainability Plans Are Needed, GAO-08-784, July 15, 2008 - "Each year, criminal organizations transport hundreds of tons of illegal drugs from South America to the United States through a 6 million square mile "transit zone" including Central America, the Caribbean, the Gulf of Mexico, and the eastern Pacific Ocean. Since fiscal year 2003, the United States has provided over $950 million to support counternarcotics efforts in transit zone countries, which historically lacked the capacity to interdict drugs."

  • Transportation Security: TSA Has Developed a Risk-Based Covert Testing Program, but Could Better Mitigate Aviation Security Vulnerabilities Identified Through Covert Tests, GAO-08-958, August 08, 2008 - "Without systematically recording reasons for test failures, such as failures caused by screening equipment not working properly, as well as reasons for test passes, TSA is limited in its ability to mitigate identified vulnerabilities..."

[Find the report at:

Thursday, August 14, 2008

Interesting that they have to scramble and that so many people are under suspicion – apparently everyone uses the same password (that technique earns you a “F” in Computer Security 101)

Security Flap Slams Wells Fargo Over Data Breach

Thursday, August 14 2008 @ 06:07 AM EDT Contributed by: PrivacyNews

In the wake of news that a Wells Fargo bank access code had been used to steal thousands of consumers' personal information, the bank has launched a full-scale investigation into the crime.

The code was used to access information from MicroBilt, which describes itself as the "single source industry leader in risk management information" and provides consumer information to Wells Fargo and other banks and businesses, between May and June, Wells Fargo spokeswoman Mary Berg told

MicroBilt only notified Wells Fargo on July 1, and both companies told that they suspended their dealings by mutual agreement.

Source -

[From the article:

Data breaches are expensive, and loan applications staff [Translation: all of them. Bob] at Wells Fargo are now under a microscope.

... "We're looking into how someone got hold of that access code." [Other than the thousands of people we gave the code to... Bob]

... "MicroBilt sent us a list of about 7,000 names and, after we took out any duplicate names, the list worked [out] to about 5,000," she added. [This suggests to me that more bogus requests were made than legitimate ones... Bob]

... The breach at MicroBilt occurred because, like other companies that offer business to business (B2B) services, it uses authentication that generally is considered good enough, Eric Skinner, chief technology officer of security vendor Entrust (NASDAQ: ENTU), told

"They looked around, saw what everybody else was using and used the same thing," Skinner said. "It's not unusual that they don't have banking-grade security applications in place."

Private companies would never use captured personal information inappropriately, they say so in their Privacy Statements.

Confidential Data of 17,000 Germans Sold to Call Centres

Thursday, August 14 2008 @ 06:11 AM EDT Contributed by: PrivacyNews

An investigation has been launched in Germany after a CD containing the personal details of 17,000 individuals was anonymously handed to the Schleswig-Holstein Consumer Association. According to the Association the data, which was sold to a number of call centres, appears to have originated from the lottery operator Süddeutsche Klassenlotterie (SKL).

... The records on the CD include not only details of names, addresses, phone numbers and dates of birth, but also full bank account details.

Source - (free reg. required)

Can you say “liability?”

NZ: Slingshot error puts customer privacy at risk

Thursday, August 14 2008 @ 06:30 AM EDT Contributed by: PrivacyNews

New Zealand internet service provider Slingshot claims to be "a better place", but that is really not the case after the shocking incident that occurred today.

Media Fetish reported earlier that Facebook was experiencing an issue where users would sign in with their username and password but gain access to a strangers account rather than their own. I can now reveal that this issue was not the fault of Facebook, but instead was caused by an error with Slingshot.

Customers of Slingshot found that this issue was not just occurring on Facebook, but on many various websites where a log-in was required. These websites ranged everywhere from buying and selling site TradeMe to the University of Otago's 'Blackboard' service. It is not yet known whether any online banking services were affected.

.... After today's incident it has also become apparent that the Bebo error Media Fetish reported on in May was also highly likely to be caused by the ISP Slingshot, rather than the social networking site itself.

Source - Media Fetish blog

August 13, 2008 3:46 PM PDT

E-mail messages tell story of Clinton's failed bid

Posted by Stephanie Condon

... Joshua Green, who wrote the article, said he collected "stacks" of material from unnamed sources. He notes in the article that "paranoid dysfunction breeds the impulse to hoard. Everything from major strategic plans to bitchy staff e-mail feuds was handed over."

Green said none of his sources expressed any concern over breaking any sort of disclosure agreements they may or may not have had with the campaign over their correspondences.

... Some politicians have already made moves in recent years to cut back on sending easily retrievable communications. New Jersey Gov. Jon Corzine in July 2007 announced he would no longer be using e-mail, after state Republicans filed a lawsuit forcing him to release his e-mail correspondence with a union president.

How to interpret this? The new boss wants to review everything or they will take the program to the dark side? Should be interesting to watch.

Air Force Suspends Cyber Command Program

Posted by CmdrTaco on Wednesday August 13, @11:34AM from the less-qq-more-pewpew dept. The Military The Internet

AFCyber writes

"The Air Force on Monday suspended all efforts related to development of a program to become the dominant service in cyberspace, according to knowledgeable sources. Top Air Force officials put a halt to all activities related to the establishment of the Cyber Command, a provisional unit that is currently part of the 8th Air Force at Barksdale Air Force Base in Louisiana, sources told Nextgov. An internal Air Force e-mail obtained by Nextgov said, 'Transfers of manpower and resources, including activation and re-assignment of units, shall be halted.' Establishment of the Cyber Command will be delayed until new senior Air Force leaders, including Chief of Staff Norton Schwartz, sworn in today, have time to make a final decision on the scope and mission of the command."

Why new laws?

UK: Government publishes new, wider Data Retention Regulations

Thursday, August 14 2008 @ 05:54 AM EDT Contributed by: PrivacyNews

The Government has published a draft law that mandates the retention of data by internet service providers (ISPs) and telecoms companies. The proposed Regulations will replace an earlier law that applied to non-internet data only.

If approved by both Houses of Parliament, the Electronic Communications Data Retention (EC Directive) Regulations 2008 would come into force on 15th March 2009. They will revoke the 2007 Regulations of the same name and complete the UK’s implementation of an EU Directive.

Source -

[From the article:

The Home Office confirmed that access to 12 months' worth of call, text, email and internet records will be open to all bodies covered by phone tap law the Regulation of Investigatory Powers Act (RIPA). That includes local councils, health authorities and the Post Office.

Because apparently there is not enough obfuscation in the current system.

UK: £68m 'snooping' database: Little impact on serious crime

Wednesday, August 13 2008 @ 04:44 PM EDT Contributed by: PrivacyNews

Powers to snoop on the UK's email and internet records will be of limited use in tackling serious crime, the government has admitted.

Home Office proposals for phone, email and internet records - including VoIP - to be kept for 12 months are expected to cost taxpayers up to £68m to set up and £39m per year to run.

Source -

Thanks to Brian Honan for the link.

Just how poor are US ISPs? They will find out when Japan does to them what it did to the automotive industry. (How can they not see this as a business opportunity?)

US Broadband Won't Catch Up With Japan's For 101 Years

Posted by timothy on Wednesday August 13, @01:06PM from the all-other-things-being-equal-which-they-never-are dept. Networking

An anonymous reader writes

"Internet speeds of users nationwide shows that the United States has not made significant improvements in deploying high-speed broadband networks in the past year, and if the average US Internet speed continues to improve only at the same rate it did from 2007 to 2008, the country won't catch up with Japan's current download speed for another 100 years, according to findings released by the Communications Workers of America's (CWA's) Speed Matters campaign."

With enough statistical mangling, nearly anything can be presented as plausible, but that's not enough to cover up my envy of Asian broadband speeds.

[From the article:

The 2008 median real-time download speed in the U.S. is a mere 2.3 megabits per second. This represents a gain of only 0.4 mbps over last year’s median download speed. It compares to an average download speed in Japan of 63 mbps, the survey reveals.

How does this differ from use of binoculars? The technology is newer.

Police Turn to Secret Weapon: GPS Device

Thursday, August 14 2008 @ 06:02 AM EDT Contributed by: PrivacyNews

... Across the country, police are using GPS devices to snare thieves, drug dealers, sexual predators and killers, often without a warrant or court order. Privacy advocates said tracking suspects electronically constitutes illegal search and seizure, violating Fourth Amendment rights of protection against unreasonable searches and seizures, and is another step toward George Orwell's Big Brother society. Law enforcement officials, when they discuss the issue at all, said GPS is essentially the same as having an officer trail someone, just cheaper and more accurate. Most of the time, as was done in the Foltz case, judges have sided with police.

Source - Washington Post

Rick: How can you close me up? On what grounds?

Captain Renault: I'm shocked, shocked to find that gambling is going on in here!

[a croupier hands Renault a pile of money]

Croupier: Your winnings, sir.

Captain Renault: [sotto voce] Oh, thank you very much.


Captain Renault: Everybody out at once!

Casablanca (1942)

Il: Under 'Big Brother Law,' telecom firms would tell all to police

Thursday, August 14 2008 @ 06:07 AM EDT Contributed by: PrivacyNews

The Knesset's law committee was shocked to discover yesterday that the police have been abusing the so-called "Big Brother Law" by forcing telecom companies to give them subscriber information beyond that allowed by law.

Cellcom officials told the Constitution, Law and Justice Committee of police attempts to circumvent the Knesset via regulations under this law.

Source -

Another way to get on lists.

Privacy Impact Assessment for the Screening of Passengers by Observation Techniques (SPOT) Program [pdf]


Fliers without ID placed on TSA list

Thursday, August 14 2008 @ 05:50 AM EDT Contributed by: PrivacyNews

The Transportation Security Administration has collected records on thousands of passengers who went to airport checkpoints without identification, adding them to a database of people who violated security laws or were questioned for suspicious behavior.

The TSA began storing the information in late June, tracking many people who said they had forgotten their driver's license or passport at home. The database has 16,500 records of such people and is open to law enforcement agencies, according to the TSA.

Source - USA Today

Will this become the standard?

2nd Circuit allows anonymous lawsuit over alleged sexual assault

Thursday, August 14 2008 @ 05:48 AM EDT Contributed by: PrivacyNews

A federal appeals court has reinstated the lawsuit of a woman whose sexual-assault claim was tossed out because she insisted on proceeding anonymously.

The 2nd U.S. Circuit Court of Appeals said yesterday’s ruling in Sealed Plaintiff v. Sealed Defendant #1 may be used as a precedent.

Source - Opinion [pdf]

This article is 'Consumer Oriented' and assumes that Customer Service (“immediate” password reset) is more important than security. This is not how the business world works. A simple verification technique I used (many years ago) was to call the employee (would also work with customers) on their office phone. New employees or those outside the office were verified via their managers.

Password Resets Worse Than Reusing Old password

Posted by samzenpus on Wednesday August 13, @08:26PM from the one-password-when-you're-born dept. Security IT

narramissic writes

"We all know well the perils of password reuse. But what about the information used to reset passwords? Many sites use a standard set of questions — your mother's maiden name, the name of your best friend, what city you grew up in, or what brand your first car was. And you probably have a standard set of responses, making them easy to remember but not very secure. 'The city you grew up in and your mother's maiden name can be derived from public records. Facebook might unwittingly tell the name of your best friend. And, until quite recently, Ford with its 25% market share had a pretty good chance of being the brand of your first car,' says security researcher Markus Jakobsson. But 'password reset does not have to be a weak link,' says Jakobsson. 'Psychologists know that people's preferences are stable — often more so than long term memory. And very few preferences are recorded in public databases.'"

Attention all Cellphone users! (perhaps we could have these printed on a card to hand to offenders?)

Top 10 Cell Phone Etiquette Rules People Still Break — Do we really still need to talk about this? You ’d think with over a decade of experience under our belts along with our inherent delusions of hyper sophistication that we’d have figured things out by now. But the sad truth remains: cell-phone douche-baggery is worse than ever!

Every now and then, someone demonstrates brilliance by doing the obvious rather than doing “what everyone else is doing.” Not a formal study (hint, hint) but still interesting...

Game Developer's Response To Pirates

Posted by samzenpus on Wednesday August 13, @10:08PM from the scuttle-the-console dept. The Internet Games

cliffski writes

"A few days ago, indie PC games developer Positech publicly called for people pirating their games to explain why, in an open and honest attempt to see what the causes of gaming piracy were. Hundreds of blog posts, hundreds more emails and several server-reboots later, the developer's reply is up on their site. The pirates had a lot to say, on subjects such as price, DRM, demos and the overall quality of PC games, and Positech owner Cliffski explains how this developer at least will be changing their approach to selling PC games as a result. Is this the start of a change for the wider industry? Or is this the only developer actively listening to the pirates point of view?"

Tools & Techniques with emphasis on tools. I've wondered why no one had done this before (except at the Radio Shack 'individual chip' level) At last I can build my combination grapefruit spoon/phaser! – A New Breed Of Tech Company

What do you call a tech company that doesn’t sell you a specific product? You call it Bug Labs. They sell consumers the components they’ll need to create their own consumer electronics. For instance, say you want to build your own mp3 player, you’ll find the tools you need here. Don’t panic, you don’t need to know how to assemble things from scratch. Each component is easily coupled with other ones, so you don’t need a soldering iron to put things together. They also carry the software you’ll need to make sure your tools work perfectly. If you are out of ideas on what to build, you’ll be able to get some through the site. The forums are stuffed with people who love to build their own components, just like you. There’s even a wiki section, for you to write about some of the things you’ve created with your Bug Labs components.

Tools & Techniques Encryption is easy (and you don't need to jump through all the hoops in this article.)

Encrypt Your USB Drive with TrueCrypt — TrueCrypt allows you to make all kinds of encrypted containers, but one of the most interesting is a hidden partition.

So much for the Apple is irrelevant crowd.

Apple's Market Cap Exceeds Google

Posted by samzenpus on Thursday August 14, @03:45AM from the big-apple dept. The Almighty Buck Businesses Google Apple

Lawrence Person writes

"Mac Daily News was one of many Apple-followers to note that Apple Inc.'s market capitalization exceeded Google today. That means that the combined value of all Apple's outstanding shares of stock exceeded the combined value of all Google's outstanding shares of stock. Apple's stock is worth $157 billion and change vs. Google's $156 billion. Other companies Apple has surpassed in market cap include Cisco, HP, and Intel. Also, Apple is now worth 3 times the value of Dell Computer, despite Dell's founder and CEO declaring over a decade ago that if he ran Apple, he'd 'shut it down and give the money back to the shareholders.'"

Related How did they do it, you ask?

August 14, 2008 7:35 AM PDT

HSBC could order 200,000 iPhones

Posted by Liam Tung

Global banking giant HSBC is considering ditching the BlackBerry and adopting Apple's iPhone as its standard staff mobile device, a move that could result in an order for some 200,000 iPhones.


Facebook: #1 Globally — They day has finally come. The social network site has vaulted over rival MySpace in worldwide audience growth, thanks to tools that translate content into many languages.

[From the article:

Of Facebook's 132 million users, nearly 63% are outside North America. The site, which had been translated into 20 languages including French, Spanish, and Mandarin, has recently added 69 more.

Wednesday, August 13, 2008

Something fishy here...

Employees at Charter told data was stolen

Wednesday, August 13 2008 @ 05:45 AM EDT Contributed by: PrivacyNews

Cable television operator Charter Communications Inc. is alerting employees, including some in Massachusetts, that their personal information was involved in a security breach that occurred when a number of laptop computers were stolen last month from a Charter media facility in Greenville, S.C.

“There was a break-in in our Greenville, S.C., office, and a number of employee laptops [probably not employee owned... Bob] were taken,” said Marty Richmond, a spokesman for St. Louis-based Charter. “In the process of identifying the information contained on the laptops, [We had no record of the information on the laptops... Bob] we discovered the personal information of about 9,000 current and former employees.”

Source - Telegram

[From the article:

Mr. Richmond declined to say how the laptops were used, why they contained the information [Probably another “we don't know” Bob] and whether the records were encrypted. [If they were encrypted, there was no need to disclose this breach. Bob]

... No customer information was involved, he said. [Interesting that “a number” of computers were being used ONLY to process employee information. Perhaps customer data is handled in India? Bob]

The breakouts are interesting...

Report Details Impact of Identity Theft in California

Tuesday, August 12 2008 @ 10:39 AM EDT Contributed by: PrivacyNews

A comprehensive study exploring the identity theft crisis in California was released today by Identity Theft 911®, a leading provider of identity management solutions. In addition to detailing the increasing diversity of identity-related fraud, the white paper highlights steps that state officials and businesses are taking to combat this growing problem.

... According to study's analysis of the Federal Trade Commission's (FTC) complaints, nearly 1.5 million Californians were victims of identity theft in 2007, which is equivalent to 15 Rose Bowl stadiums of spectators having their identities stolen in one year. While stealing phone and utility services, and taking money through checking account takeovers or illegal money transfers, account for a vast majority of identity fraud-related activity, the report finds that certain groups in California are responsible for the continued increase in fraud cases in the state.

Source - The Earth Times Press Release California white paper: On the front lines of identity theft

Related Not sexy enough?

August 12, 2008

Study: State AGs Fail to Adequately Protect Online Consumers

News release: "State attorneys general received thousands of consumer complaints of online fraud and abuse in 2006 and 2007 and yet, with the exception of several notable standouts, brought few significant cases in response, according to a report released today from the Center for American Progress and the Center for Democracy and Technology, Online Consumers at Risk and the Role of State Attorneys General."

Related? (The chart is interesting)

August 12, 2008

Google Reports Virus Email Activity At All Time High In July 2008

Official Google Enterprise Blog: "In July, our Postini datacenters saw the biggest volume of email virus attacks so far in 2008, with a peak of nearly 10 million messages on July 24. One of the more prominent attacks in the month involved a spoofed UPS package-tracking link that was intended to lure recipients into clicking on it and downloading malware. Our zero-hour virus protection technology first started catching these emails on July 20."

Speaking of hacking... (Notice the number of “How to be an ethical hacker” ads surrounding this article...

Hackers hacked at infamous DefCon gathering

Published: 07:12 EST, August 12, 2008

... A standing-room crowd cheered admiringly as Tony Kapela and Alex Pilosov showed them how they were "pwned" by a simple technique that could be used to "steal the Internet."

... "It's a nearly invisible exploitation," Kapela said while revealing a hack that exploits fundamental Internet routing procedure to hijack online traffic unnoticed. "A level of invisibility that is unparalled."

The beauty of the technique presented by Alex Pilosov and Kapela is that hackers don't need to break into websites or plant malicious computer code to control and tamper with data travelling the Internet, the presentation showed.

Instead, the Internet is duped into sending people's data to hackers.


Russia and Georgia Engaged In a Cyberwar

Posted by kdawson on Tuesday August 12, @03:10PM from the who-shot-first dept. Security Government The Internet The Military

doctorfaustus writes

"I first picked this up in bits and pieces last week off Daily Rotation. A more in-depth story is available at ZDNet, which reports 'a week's worth of speculations around Russian Internet forums have finally materialized into a coordinated cyber attack against Georgia's Internet infrastructure. The attacks have already managed to compromise several government web sites, with continuing DDoS attacks against numerous other Georgian government sites, prompting the government to switch to hosting locations to the US, [Does that make us Allies or Innocent bystanders? What does the Geneva Convention say about CyberWar? Bob] with Georgia's Ministry of Foreign Affairs undertaking a desperate step in order to disseminate real-time information by moving to a Blogspot account.' There is a question whether the computer work is being done by the Russian military or others. ZDNet's story offers further analysis of the attacks themselves and their origins. Some pretty good reporting."

And reader redbu11 contributes the news that Georgia seems to be censoring access to all Russian websites, as confirmed by a Georgian looking glass/nslookup tool. The access is blocked on DNS level (Italy censored the Pirate Bay in the same way). Here are a couple of screenshots (in a language other than English) as of Aug 12th 5:40 pm: nslookup — FAIL, nslookup — OK.

ComputerWorld guy CWmike adds "In an intriguing cyberalliance, two Estonian computer experts are heading to Georgia to keep the country's networks running amid an intense military confrontation with Russia. Poland has lent space on its president's Web page for Georgia to post updates on its ongoing conflict with Russia. Estonia is also now hosting Georgia's Ministry of Foreign Affairs Web site."

Maybe it's not CyberWar

Kids, not Russian government, attacking Georgia's Internet, says researcher

Posted by Robert Vamosi August 13, 2008 6:00 AM PDT


Military Spends $4.4M To Supersize Net Monitoring

Posted by CmdrTaco on Tuesday August 12, @12:45PM from the because-its-august dept. The Military Security

coondoggie writes

"Bigger, better, faster, more are the driving themes behind the advanced network monitoring technology BBN Technologies is building for the military. The high-tech firm got a $4.4 million contract today from the Defense Advanced Research Projects Agency (DARPA) to develop novel, scalable attack detection algorithms; a flexible and expandable architecture for implementing and deploying the algorithms; and an execution environment for traffic inspection and algorithm execution. The network monitoring system is being developed under DARPA's Scalable Network Monitoring program which seeks to bolt down network security in the face of cyber attacks that have grown more subtle and sophisticated."

Related? Fortunately the US would never do anything like this... Oh, wait!

Swedish surveillance law 'breaks EU rules'

Wednesday, August 13 2008 @ 05:49 AM EDT Contributed by: PrivacyNews

A lawyer at the European University Institute in Florence has reported Sweden's new surveillance law to the European Commission.

Lawyer Robin Lööf believes the law -- which allows the National Defence Radio Establishment (Försvarets Radioanstalt - FRA) to intercept all calls, emails and phone text messages crossing Swedish borders -- to be in clear breach of fundamental rights governing the movement of goods and services in the European Union.

Source - The Local

Related Tools & Techniques (Why should the hackers be the only ones who know how easy this is?) Perhaps this should be a class project...

Tap a Phone Line

In the real world, setting up a wiretap is actually a snap. Regardless of which side of the law you're on, here are the steps to becoming a landline hacking super sleuth:

One of my students mentioned these in a presentation. I had forgotten them – thought it might be worth a reminder... (See, I do learn/relearn in these classes)

Generally Accepted Privacy Principles

What happens when Digital Rights Management gets too aggressive?

Massive VMware Bug Shuts Systems Down

Posted by CmdrTaco on Tuesday August 12, @09:49AM from the at-least-it-only-shut-down-the-virtual-ones dept. Bug Technology

mattmarlowe writes

"Imagine if Red Hat released a version of Linux, and after it was deployed, customers noticed that any processes with a start date of today would refuse to run? Well, that's what happened to VMware... a company that wants nearly all server applications running in virtual machines within a matter of years."

Supposedly a fix will be available... in 36 hours.

[From the article:

Apparently, there is some bug in the vmware license management code. VMware is scrambling to figure out what happened and put out a patch.

There is a major discussion going on in the vmware communities about it:

How does the IOC “own” this video? What could China offer (or threaten) to induce them to take this action?

YouTube Yanks Free Tibet Video After IOC Pressure

Posted by CmdrTaco on Tuesday August 12, @11:16AM from the ioc-is-not-very-nice dept. Censorship Politics

RevWaldo writes

"The International Olympic Committee filed a copyright infringement claim yesterday against YouTube for hosting video of a Free Tibet protest at the Chinese Consulate in Manhattan Thursday night. The video depicts demonstrators conducting a candlelight vigil and projecting a protest video onto the consulate building; the projection features recent footage of Tibetan monks being arrested and riffs on the Olympic logo of the five interlocking rings, turning them into handcuffs. YouTube dutifully yanked the video, but it can still be seen on Vimeo. (Be advised; there is some brief footage of bloody, injured monks.)"

Are we going mad? Is there something in the water in Massachusetts that makes people ignorant? “I don't understand it, therefore it's evil!”

Home Science Under Attack In Massachusetts

Posted by kdawson on Tuesday August 12, @02:10PM from the and-the-yellow-phthalate-too dept.

An anonymous reader tips a guest posting up on the MAKE Magazine blog by the author of the Illustrated Guide to Home Chemistry Experiments. It seems that authorities in Massachusetts have raided a home chemistry lab, apparently without a warrant, [hard to get with no hint of a crime... Bob] and made off with all of its contents. Here's the local article from the Worcester Telegram & Gazette.

"Victor Deeb, a retired chemist who lives in Marlboro, has finally been allowed to return to his Fremont Street home, after Massachusetts authorities spent three days ransacking his basement lab and making off with its contents. Deeb is not accused of making methamphetamine or other illegal drugs. He's not accused of aiding terrorists, synthesizing explosives, nor even of making illegal fireworks. Deeb fell afoul of the Massachusetts authorities for... doing experiments... Pamela Wilderman, the code enforcement officer for [the Massachusetts town of] Marlboro stated, 'I think Mr. Deeb has crossed a line somewhere. This is not what we would consider to be a customary home occupation.' Allow me to translate Ms. Wilderman's words into plain English: 'Mr. Deeb hasn't actually violated any law or regulation that I can find, but I don't like what he's doing because I'm ignorant and irrationally afraid of chemicals, so I'll abuse my power to steal his property and shut him down.'"

For those of us old enough to remember 78s... Grab them before the ghost of Mozart claims copyright and shuts him down! Some in ARABIC, JAPANESE, and GREEK

Digitizing Rare Vinyl

Posted by kdawson on Tuesday August 12, @10:55PM from the quarter-taped-to-the-tone-arm dept. Music

eldavojohn writes

"While the RIAA is busy changing its image to a snake eating its own tail, one man is busy digitizing out-of-print 78s. 'There's a whole world of music that you don't hear anymore, and it's on 78 RPM records,' he stated to Wired. Right now, you can find about 4,000 MP3s on his site, with no digital noise reduction implemented yet."

For you Kindle users? This might be useful, but I'm not sure it searches better than a Google Advanced Serch, limited to PDF extensions. – Find PDF Books

If you have ever tried to search for books using the most common search engines, then you know that actually finding one can be tough. Thankfully, there is Through this search engine, you’ll be able to search the web for PDF files, and nothing else.

... One great thing about the site is that you can preview the files before downloading them. This allows you to see if the book you found is the one you were looking for. The preview loads really quickly and should serve as an alternative for anyone who doesn’t want to download the texts, and needs them for quick reference. Allowing to preview the files is a great feature that makes the site a lot more useful.

Free is good! Warning! Don't give this to your kids! It could turn them into GEEKS! Carnegie Mellon University does some neat things every once in a while...


Alice is an innovative 3D programming environment that makes it easy to create an animation for telling a story, playing an interactive game, or a video to share on the web. Alice is a freely available teaching tool designed to be a student's first exposure to object-oriented programming. It allows students to learn fundamental programming concepts in the context of creating animated movies and simple video games. In Alice, 3-D objects (e.g., people, animals, and vehicles) populate a virtual world and students create a program to animate the objects.


August 12, 2008 4:29 PM PDT

Do you remember where you were when this happened?

Posted by Charles Cooper 17 comments

Sometimes when you look at the calendar, well, it's better not to look in the first place.

So it is that today marks an anniversary guaranteed to freak out a good percentage of you who remember this event: Twenty-seven years ago today IBM introduced its first personal computer. Twenty-seven years! Take a deep breath and say thanks for the memories, I guess. (Hey, it's better than the alternative!)

Tuesday, August 12, 2008

If I read this correctly, someone used Wells Fargo's password (no indication access was better protected) to access the “consumer credit” vendor's database. This is the first I've see this kind of third party breach. I might ask why no one noticed 7000 extra transactions. (Who got the bill?)

Wells Fargo code used to illegally access consumer data

Monday, August 11 2008 @ 06:00 PM EDT Contributed by: PrivacyNews

Wells Fargo Bank NA is in the process of notifying some 7,000 individuals that a thief may have accessed their Social Security numbers and other personal information by illegally using the financial services firm's access codes.

The bank learned of the compromise on July 1 when MicroBilt Corp., a reseller of consumer data, notified it of suspicious transactions made using the Wells Fargo access codes, a spokeswoman for the San Francisco-based bank said today. The codes are used by Wells Fargo employees to gain access to consumer credit data.

Source - Computerworld

[From the article:

... The compromise was first reported by The Breach Blog

... McCorkell told Ayotte that the bank lacks contact information for all but about 2,400 [since the bank was not accessing this data, they would have no record of the individual... Bob] of the affected individuals. The bank is in the process of finding addresses for the others, it added.

Harris County seems to have a lot of breaches. This is merely the latest.

Lost or stolen Harris County Hospital District flash drive

Posted by Evan Francen at 8/11/2008 9:04 AM

"A low-level Harris County Hospital District administrator probably violated federal law when she downloaded medical and financial records for 1,200 patients with HIV, AIDS and other medical conditions onto a flash drive that later was lost or stolen"

Note how quickly an encryption program can be implemented when management is motivated.

TSA Reinstates Verified Identity Pass, Inc. Clear(R) Registered Traveler Enrollment

Monday, August 11 2008 @ 06:05 PM EDT Contributed by:PrivacyNews

The Transportation Security Administration (TSA) announced today that Verified Identity Pass -- operator of Clear(R) -- has met program encryption standards for enrollment computers and may resume Registered Traveler enrollment immediately.

This change comes after Verified Identity Pass reported an unencrypted Clear(R)-owned laptop computer containing data of approximately 33,000 customers was missing from San Francisco International Airport. The laptop was later recovered by Clear(R) officials at the airport. It was voluntarily surrendered to TSA officials for forensic examination. The results of that exam remain under review.

Source - Marke*censored*ch

[Note that the URL listed here has been *censored* -- Apparently we are to be protected from reality when someone (or their program) detects some unacceptable word or phrase in the URL. Without comment, here is the actual URL for that article:

Related If the thief had replaced it before it was discovered missing, it would have been a perfect crime...


Monday, August 11 2008 @ 01:55 PM EDT Contributed by: PrivacyNews

Authorities said today they believe a laptop that went missing from a locked office at San Francisco International Airport last month then reappeared more than a week later was stolen, not misplaced.

Source -

Related: Did the thief add some “applicants” to the laptop before returning it, or is Clear sucking in data from other sources?

TSA Vendor Who Lost Laptop Apologizing To People Who Didn't Even Apply

from the good-record-keeping dept

We recently wrote about how TSA-approved vendor, Verified Identity Pass, had lost a laptop containing all sorts of unencrypted data on people who had applied to be a part of the TSA's "fast pass" Clear program (letting you skip the long security lines for a $100/year). While the laptop was eventually found (in the same place it was lost), the company insists that no data on the laptop was compromised, and has sent out emails to applicants for Clear. But, it appears that at least something is amiss as David Weinberger received one of the emails despite never having applied for the program. So apparently they're just informing people at random now. Or someone else applied in Weinberger's name. Makes you feel very secure, doesn't it?

“We have rules for limiting your access, but the program varies the rules for each user.”

Twitter Limits Following to 2,000 — In an attempt to stop spammers, Twitter users can now only add up to 2,000 followers before being limited and receiving this error message: "You are unable to follow more people."

[From the article:

Twitter user “jpostman” sent me a link to an update from one of Twitter’s technical support staff verifying that there are limits that change for each person.

For your security manager? (And my students)

Stepping Through the InfoSec Program

Posted by samzenpus on Monday August 11, @01:59PM from the read-all-about-it dept. Security

Ben Rothke writes

"For those who want to stay current in information security, Stepping Through the InfoSec Program is a great book to read after The Pragmatic CSO: 12 Steps to Being a Security Master. While The Pragmatic CSO provides a first-rate overview of the higher-level steps to being a CSO and building an information security program, Stepping Through the InfoSec Program provides the low-level details and nitty-gritty elements on just how to do that."

Keep reading for the rest of Ben's review.

Security in the cloud – a topic my Security Engineering class is tackling with interesting results!

What Do You Do When the Cloud Shuts Down?

Posted by CmdrTaco on Tuesday August 12, @08:22AM from the more-to-think-about dept. The Internet Data Storage

jbrodkin writes

"Can you trust your data to the cloud? For users of an online storage service called The Linkup, formerly known as MediaMax, the answer turned out to be a resounding "no." The Linkup shut down on Aug. 8 after losing access to as much as 45% of its customers' data. "When we looked at some individual accounts, some people didn't have any files, and some people had all their files," The Linkup CeO Steve Iverson admits. None of the affected users will get their lost data back. Iverson called it a "worst-case scenario.""

[From the article:

The Linkup Web site has a message saying the service is no longer available and urges visitors to try out another storage site called The Linkup had about 20,000 paying subscribers, according to the Industry Standard.


MobileMe Mail and Gmail Go Down Simultaneously — For a period of several hours on 11-Aug-08, both MobileMe Mail and Google's Gmail were both inaccessible for many users, although Gmail reportedly remained accessible for those retrieving email via IMAP and a standalone email client. MobileMe's outage was not accompanied by any acknowledgment but after a few hours it was back up.

Related (to Gmail)

New Tool to Automate Cookie Stealing from Gmail, Others — If you use Gmail and haven't yet taken advantage of a feature Google 
unveiled last week to prevent hackers from hijacking your inbox, now would be an excellent time to do that. A security researcher at the Defcon hacker conference in Las Vegas demonstrated a tool he built that allows attackers to break into your inbox ..

We are moving toward 1984. Do we have a duty to spy on our neighbors? Will techies be required to search your hard drives when the computer is being repaired?

Maine considers making techs report child porn

Monday, August 11 2008 @ 12:18 PM EDT Contributed by: PrivacyNews

State lawmakers will consider a proposal that would require computer repair technicians to report any child porn they discover to law enforcement officials.

The Legislature’s Judiciary Committee is drafting the bill that would impose a requirement similar to those in place for doctors, teachers and commercial film developers, who are already required to report any form of suspected child abuse or pornography.

Source - Bangor Daily News

[From the article:

The Legislature’s Judiciary Committee is drafting the bill that would impose a requirement similar to those in place for doctors, teachers and commercial film developers, who are already required to report any form of suspected child abuse or pornography.

Sen. Bill Diamond, D-Windham, said it makes sense that all professionals [Geeks is professionals? I doubt it. Bob] should be held to the same standard when it comes to reporting possible abuse.

Intruding on your personal social network? Perhaps you should surrender your 'little black book' too...

Who Owns Your Online Networking Contacts?

Posted by kdawson on Monday August 11, @03:35PM from the nothing-personal dept. Social Networks Businesses

Ben Morris writes

"A recent judgement in the UK courts has forced a former employee to hand over details of his business contacts built up through while he was employed by his former company. The decision is one of the first in the UK to show the tension between businesses encouraging their employees to use social networking websites, and trying to claim that the contacts should remain confidential when they leave."

[From the article:

The defence was that Hays encouraged employees to use the site, so once these contacts were in the public domain they were free for him to use. The court didn’t agree and the defendant was ordered to disclose all documents, including invoices and emails, that showed any use by of his LinkedIn contacts by him and any business obtained from them.

Related: This was inevitable. How to get out of jury duty?

August 11, 2008

National Law Journal: Vetting Jurors via MySpace

"As personal information becomes more widely available on blogs, MySpace, Facebook and other social networking Web sites, the Internet has become an important tool for jury consultants and trial lawyers. Such sites are a treasure trove of information about potential and seated jurors that can be used in picking the right jurors, bouncing potential jurors and even influencing jurors during trial and in closing arguments. Jury consultants have begun turning to private investigators, some of whom have started niche businesses offering Internet jury research and "personality profiling" of jurors." [National Law Journal, August 11, 2008 - subscription req'd]

How to use proxies. Bypass all those silly restrictions.

Access Pandora From Anywhere in the World

... Well one solution is to mask your identity by using a proxy server. Pandora blocks users by non-U.S. IP addresses. If you connect to a server in the U.S. and use it as an internet providing middle-man between your PC and Pandora, Pandora won't know the difference. To Pandora's servers, you look like you are the middle-man. Proxies make it possible to rock out to Pandora from anywhere in the world.

Using a proxy to access restrictive web applications on foreign soil isn't just for Pandora. There are web proxies for every state in the United States and almost any country around the world. [Who would you like to be today? Bob] Hiding behind a proxy's IP means access to foreign music stores and other web sites normally blocked to your area. You can even simulate foreign access, or out-of-LAN access, to your own web projects by utilizing proxies.

A new technology needs a new word. Plus ca change, plus c'est la meme chose (Didn't know I “par laid Franche” did ya?

Don’t fall victim to “smishing”

Written by Press Release Monday, 11 August 2008

... Smishing (SMiShing) is a form of phishing via SMS (Short Message Service). With Smishing the scammer will send the potential victim a text message on their cell phone posing as a financial institution and direct them to a fraudulent website or direct them to call an 800-number where they will again try to obtain personal or account information.

Ethics Amusing (to me), with lots of quotes I can use! (Unfortunately, he includes a slide show)

The “Wicked Quadrant” - Thoughts on a Possible Theoretical Construct to Understand Unethical Behavior in e-Discovery

... Some judges I know think that that attorney incompetence in e-discovery is so widespread as to present an ethical crises for the whole profession.

... Most people I have talked with about this problem agree that the failure of the legal profession to keep up with technology can be blamed on two things: (1) the personality and intelligence type of most lawyers; and, (2) the failure of law schools to even try to adapt.

... Most lawyers are not strong in math, science, or engineering. There are exceptions, of course; we call them IP lawyers.

... “The Law” attracts people who are gifted with a particular kind of liberal arts logic intelligence that inclines them to “computer-phobia.”


Why lawyers don't like Linux

by Sam Varghese Tuesday, 12 August 2008

... But, surprisingly, over the past three months two members of the legal profession have taken the time to pen what they, no doubt, consider to be serious objections to the use of FOSS.

In one case, I went into detail about the article and pointed out some of the areas in which it was deficient in reasoning.

This time, I didn't think it worth bothering to do so, because the article contains quite ridiculous claims - and the Groklaw website author, Pamela Jones, has shot down the credibility of the author in a much more forensic manner than I ever could.

Research tool: I'm not as 'concerned' about wikipedia as some of my fellow teachers.

Search Wikipedia The Pro Way — I thus have found some of the best and most accurate Wikipedia search engines to help you get the most accurate information whenever you need it. Here are just some of them (in no particular order):

At last! Something for my math students! - Get Your Calculus On

Calculators are great if you just need a result. They don’t teach you how they got to it. That’s where shines. The site will allow you to solve any type of math problem you’ll come across throughout your school life. Whether you need to learn the fundamentals of adding, or find it hard to solve a particularly nasty integral, you’ll be able to get some basic know-how form the site. To use the site to all its extent, you should read through the help section to understand the basic commands. Once you get that out of the way, a whole new world of math problem solving opens up for you. Just tell the site the problem you can’t solve and it’ll solve it for you, and tell you how to do it too. The step by step process should be good for even the slowest person to understand the basic concepts behind some of math’s most important operations. I tried a basic integral and it solved it really fast, and the step by step explanation was immaculate.

Free is good!;_hbguid=e66bb489-4165-429d-89d4-8c330119601f&d=top-news

Wed, Aug 06, 2008

Free laptop-tracking software now available

Researchers create open-source software that tracks stolen laptops; but it lacks key features, proprietary developers say

By Meris Stansbury, Assistant Editor, eSchool News

... First is cost. Adeona can be downloaded free of charge. Second is privacy. Adeona's developers say it preserves privacy, because no one besides the owner (or an agent of the owner's choosing) can use Adeona to track a laptop.

Skynet is coming!

First All-Drone USAF Air Wing

Posted by ScuttleMonkey on Tuesday August 12, @03:28AM from the going-for-the-high-score dept. The Military Robotics

bfwebster writes

"Strategy Page reports that the United States Air Force has announced its first air wing that will consist entirely of unmanned craft. The 174th Fighter Wing has flown its last manned combat sorties; its F-16s will be entirely replaced by MQ-9 Reapers. Reasons cited include costs (maintenance and fuel) and the drone's ability to stay in the air up to 14 hours, waiting for a target to show itself."

BIGGEST THEFT EVER? When you quote in the devalued Zimbabwe dollar, this sounds HUGE! (This is a Google search link to a defunct page.)

5 years for computer theft

The Herald, Zimbabwe - Aug 8, 2008

TWO men who stole six computers worth over $2 quadrillion donated by President Mugabe to Kuwadzana High School in Banket have been slapped with five-year ...