Saturday, October 04, 2008

Now this is just scary. Singing and dancing Congresspeople? (Think the Village People singing to the tune of YMCA: “Bail out Wall Street!”

Congressmen finally allowed on YouTube

Posted by Stephanie Condon October 3, 2008 3:05 PM PDT

Members of Congress can finally use Web sites like YouTube, after committees in both the House and Senate adopted new rules allowing members to post content outside of the .gov domain, as long as it is for official purposes.

Such an interesting world...

iPhone Antitrust and Computer Fraud Claims Upheld

Posted by ScuttleMonkey on Friday October 03, @06:05PM from the everybody-hates-the-big-guy dept. The Courts Apple

LawWatcher writes

"On October 1, 2008, a federal judge in California upheld a class action claiming that Apple and AT&T Mobility's five-year exclusive voice and data service provider agreement for the iPhone violates the anti-monopoly provisions of the antitrust laws. The court also ruled that Apple may have violated federal and California criminal computer fraud and abuse statutes by releasing version 1.1.1 of its iPhone operating software when Apple knew that doing so would damage or destroy some iPhones that had been 'unlocked' to enable use of a carrier other than AT&T."

Interesting, but not always comprehensible...

Oregon Judge Says RIAA Made 'Honest Mistake,' Allows Subpoena

Posted by Soulskill on Friday October 03, @07:41PM from the no-harm-no-foul-right? Dept. The Courts Music

NewYorkCountryLawyer writes

"In Arista v. Does 1-17, the RIAA's case targeting students at the University of Oregon, the Oregon Attorney General's motion to quash the RIAA's subpoena — pending for about a year — has reached a perplexing conclusion. The Court agreed with the University that the subpoena, as worded, imposed an undue burden on the University by requiring it to produce 'sufficient information to identify alleged infringers,' which would have required the University to 'conduct an investigation,' but then allowed the RIAA to subpoena the identities of 'persons associated by dorm room occupancy or username with the 17 IP addresses listed' even though those people may be completely innocent. In his 8-page decision (PDF), the Judge also 'presumed' the RIAA lawyers' misrepresentations were an 'honest mistake,' made no reference at all to the fact, pointed out by the Attorney General, that the RIAA investigators (Safenet, formerly MediaSentry) were not licensed, rejected all of the AG's privacy arguments under both state and federal law, and rejected the AG's request for discovery into the RIAA's investigative tactics."

A nifty little summary for my Computer Security students. Thanks, Gary.

Beware of Online Brand Scams and Frauds

By Richard E. Peirce E-Commerce Law & Strategy October 3, 2008

Gas in Parker Colorado is 10 – 20 cents a gallon cheaper than it is in Centennial. Should I drive there to fill my tank?

CostToDrive estimates gas costs for road trips

Posted by Josh Lowensohn October 3, 2008 3:29 PM PDT

... A smart tool called CostToDrive ... calculates how much a trip is going to cost you based on how far you're traveling, combined with the fuel efficiency of your car and average price of gas. Assuming you have to fill up when your tank is about empty, it tells you precisely where to go to get the cheapest gallon too.

... See also AAA's Trip Gas Price finder, which is a little less exact with the pricing (but does round trips) and which supports multiple stops but is the hardest of the bunch to use.

Since it is impossible to overcome my wife's shopping addiction, I am debating using a tool like this. Unfortunately, she spend more when there's blood (bargins) in the water...

(Oh look! DVDs at 20% off!) - Online Shopping Resources

Bargain hunters are going to relish visiting the GoToDaily website, a portal where finding the best ways to save money when shopping is the order of the day. The site collects together free coupon codes and promotional coupons that can be used straightaway in order to shop more and pay less.

You can browse through the site using the provided navigation menu. This includes a “Popular categories” section that comprises items such as “Clothing & Accessories” and “Computer & Software”, and a list of featured stores. The latter category is made up of retailers such as Dell, Office Depot and American Eagle Outfitters. A keyword cloud is included as well.

The site also highlights the most popular coupons on the main page, and a link titled “Use this coupon” is featured for extra convenience.

Another aspect which merits mentioning is that those who register can actually create an online network of friends with whom exchange advice and tips when it comes to picking out the best deal in town.

Huh... This actually works! - Downloads Made Easy

Talk about having a self-explanatory name. A site like this is mainly geared towards individuals who wish to download files of any ilk (movies, the latest music, you name it) without having to deal with programs like Halite, Utorrent or any of the existing P2P applications, or for those who are looking for torrent files and don’t know where to find them.

The mechanics of the site are as follows. You simple key in the relevant word or words and a set of corresponding links is produced. The search engine itself is powered by Google, and it comes complete with refinement labels that will make it easier to narrow down the results this search tool can wield. For instance, if you are looking for a specific soundtrack (let’s say “The Dark Knight” soundtrack) you type in your keywords and click on the “Songs” tag. This way you won’t have to browse through endless files which are relevant to your search query but which fall into different categories.

Friday, October 03, 2008

Remember, it is NOT the auditor's job to detect security breaches.

Auditor reports that Alberta government computer system hacked

Thursday, October 02 2008 @ 08:31 PM EDT Contributed by: PrivacyNews

Weak computer security across the Alberta government allowed sophisticated hackers to worm their way into the system, auditor general Fred Dunn reported Thursday.

Dunn says the hackers, possibly high-tech criminals from Asia or Eastern Europe, left tell-tale signs that they had been inside Alberta’s computer network.

... Work also says there is although there’s evidence that some systems have been compromised, there’s no indication if any information has actually been accessed.”

Source - Edmonton Sun

[From the article:

Dunn says his department found that hacking into government computers was “easier than it should have been.”

He says 400 computer systems were targeted in his review, but they stopped after checking 69 systems.

“The problems we were finding were too frequent and too severe that we said, `we’ve got to stop,”’ he said. “They immediately engaged outside expertise to start the correction.”

... But the cabinet minister responsible for data security immediately challenged the auditor general’s findings.

“I don’t agree there was a problem,” said Heather Klimchuk, minister of Government Services. “I agree we can always improve and make things better. Nothing is ever perfect.” [Because a politician with no information in front of him is always wiser than an auditor with all the data. Bob]

“We didn't know!”

Forever 21: Assessor Missed 5-Year-Old Transaction Data (follow-up)

Friday, October 03 2008 @ 04:10 AM EDT Contributed by: PrivacyNews

As more details drip out from Forever 21's data breach of almost 100,000 payment cards, the chain now says it had been certified PCI compliant, despite having stored complete card information from as far back as 2003.

"The files were inadvertently retained within other data files and this was not uncovered by the assessor," a statement from the chain said. (Our story from last week has been updated with the new information, along with a link to the earlier report of the breach.)

Source - StorefrontBacktalk

[From the article:

This is proving to be a frightening trend, with retailers believing they are compliant and much later on discovering various pockets of forbidden data scattered through their network.

In Forever 21's case, it only learned of the breach when the U.S. Secret Service called. Even after that heads up, the chain said it was unable to verify that it had been breached until the Secret Service walked executives through the incident and gave them more information (months later).

... One of the problems in this case—and it could be argued it's a problem with PCI itself—is that it's up to the retailer's IT person to map out the networks for the assessor. If the IT manager isn't aware that someone from marketing had run a credit card experiment two years ago and that the files were never deleted (meaning that there might be live credit card data sitting in a marketing folder that IT would have no reason to ever look at), then IT can't tell that to the assessor.

In other words, the assessor has almost no chance of finding that data, making the certification much less meaningful.

More on the local breach reported yesterday.

"illegal hacking" exposes Foothills Park & Recreation District patron information

Posted by Evan Francen at 10/2/2008 12:04 PM

Words of wisdom from a victim?

Estonia posts its cybersecurity strategy

Posted by Robert Vamosi October 2, 2008 4:17 PM PDT

Eighteen months after a denial-of-service attack, the Estonian Ministry of Defense has posted a detailed report (PDF) on the attacks. While focusing on specific steps the nation needs to take to prevent another attack, the report contains global recommendations as well.

For your security manager

October 02, 2008

National Institute of Standards and Technology Guide to Bluetooth Security, and Security Testing

Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology, September 2008

  • Special Publication 800-121, "Guide to Bluetooth Security, has been finalized. It describes the security capabilities of technologies based on Bluetooth, which is an open standard for short-range radio frequency communication. The document gives recommendations to organizations employing Bluetooth technologies on securing them effectively."

  • Special Publication 800-115, "Technical Guide to Information Security Testing and Assessment, has been published as final. It seeks to assist organizations in planning and conducting technical information security testing and assessments, analyzing findings, and developing mitigation strategies. The publication provides practical recommendations for designing, implementing, and maintaining technical information security assessment processes and procedures. SP 800-115 provides an overview of key elements of security testing, with an emphasis on technical testing techniques, the benefits and limitations of each technique, and recommendations for their use."


October 2, 2008 5:08 PM

Personal secrets your iPhone could reveal

... As Nokia's cellphone anthropologist puts it, all over the world people take three things with them when they leave the house: keys, money and phone.

The result: an easily lost or stolen device with a lot of private and sensitive data on. And a book released this week called iPhone Forensics (published by O'Reilly) gives an insight into the surprising amount of personal information a smartphone can store. Or give away.


October 02, 2008

Director of National Intelligence Announces New Security Policy for Information Systems

News release: "A groundbreaking new policy from the Office of the Director of National Intelligence changes how the intelligence community and, by influence, the entire federal government will build, validate and approve information technology systems. The policy requires common security controls and risk management procedures – a unified approach to enhance collaboration. Intelligence Community Directive 503 covers a lot of ground, but two key details stand out: There will be a single certification and accreditation process, which means all systems must follow the same authorized security requirements. Systems managers, the policy adds, should accept security risks when necessary to yield a decision advantage from timely and accurate intelligence. Those measures will make it easier for the IC to adopt cutting-edge technology. They also foster reciprocity as well as information sharing. If one IC element certifies a system or major application, then others in the community can trust that it is secure without spending more time and money to duplicate tests."

Another of those “add on” laws so the book is bigger when it gets thrown at you. Should be very difficult to prove, there is no way to detect someone using “passive” scanning tools.

California outlaws RFID tag skimming

Thursday, October 02 2008 @ 02:09 PM EDT Contributed by: PrivacyNews

California governor Schwarzenegger has signed a law making the illegitimate reading of RFID tags illegal, but blocked a measure making the unauthorised tracking of kids equally so.

RFID Journal reports that anyone skimming an RFID tag issued by a government agency, health insurance company, employer or library could find themselves in prison for up to a year, or facing a $1,500 fine, though you're OK if you read it by accident, for a medical emergency or if you're a law-enforcement official. [or an Academic? Bob]

Source - The Register

Related? Will new Jersy also fall to Ron Paul? Don't worry, the report will become available no later than November 5th...

Judge Suppresses Report On Voting Systems

Posted by kdawson on Friday October 03, @08:20AM from the tell-me-but-don't-tell-them dept. The Courts Government Politics

Irvu writes

"A New Jersey Superior Court Judge has prohibited the release of an analysis conducted on the Sequoia AVC Advantage voting system. This report arose out of a lawsuit challenging on constitutional grounds the use of these systems. The study was conducted by Andrew Appel on behalf of the plaintiffs, after the judge in the case ordered the company to permit it. That same judge has now withheld it indefinitely from the public record on a verbal order."

Hack the vote! Rub my bald spot with wool and Ron Paul will win with 104% of the vote!

Can Static Electricity Generate Votes?

Posted by timothy on Thursday October 02, @08:39PM from the dc-elections-crack-me-up-and-barry-too dept. Government Hardware Politics

artgeeq writes

"A recent local election in Washington, DC, resulted in 1500 extra votes for a candidate. The board of elections is now claiming that static electricity caused the malfunction. Is this even remotely possible? If so, couldn't an election be invalidated pretty easily?"

Business Models Decimals (better still fractions) of a penny per arrow? Kids will buy millions of them on Dad's credit card.

South Korea's Free Computer Game Business Model Hits the US

Posted by Soulskill on Thursday October 02, @11:01PM from the nickel-and-dime dept. The Almighty Buck Games

Anti-Globalism writes with this excerpt from AFP via Yahoo! News:

"Seoul-based 'free-to-play' computer game titan Nexon on Wednesday blasted into the US videogame arena with a 'Combat Arms' online first-person shooter title that makes its cash from optional 'micro-transactions' by players. The game makes its money from players that buy animated helmets, outfits, emblems or other virtual items to customize in-game characters. To keep the battlefield even, players earn experience or advanced weaponry by skill so people essentially can't pay for power. ... Startups and established game makers including Japanese goliath Sony are venturing into the free computer game market, according to DFC Intelligence analyst David Cole. 'It looks like it could be very big,' Cole told AFP. 'It's one of the things everybody seems to be looking at. The challenge is it is a very new model and it remains to be seen whether customers used to a free model will be tight when it comes to actually spending money on it.'"

Business Model Get you satire to market while it's hot! I suggest we call it the “Yankovic technique”

Weird Al To Release Songs As He Records Them

Posted by timothy on Friday October 03, @04:59AM from the pitch-perfect-parodies-piecemeal dept. Music Media Entertainment

slapout writes

"Weird Al has announced that with the Internet he can now release his songs for sale as he records each one rather than waiting for a whole album to be produced."

For my website students - Create & Customize Videos

Vidified is a video site that enables members of the online community to share their very own mashups. The premise is quite simple, as the featured videos enable the site user to place his face inside them. The videos that make up the site were either created by the Vidified team or purchased. The site also includes videos that have been submitted by members of the community for others to use.

Hack the grapes! (Sounds like an April Fools story to me.)

Ultrasound Machine Ages Wine

Posted by samzenpus on Thursday October 02, @02:07PM from the I'll-take-the-cheap-stuff dept.

Inventor Casey Jones says his creation uses ultrasound technology to recreate the effects of decades of aging by colliding alcohol molecules inside the bottle. Mr. Jones said, "This machine can take your run-of-the-mill £3.99 bottle of plonk and turn it into a finest bottle of vintage tasting like it costs hundreds. It works on any alcohol that tastes better aged, even a bottle of paintstripper whisky can taste like an 8-year-aged single malt." The Ultrasonic Wine Ager, which looks like a Dr. Who ice bucket, takes 30 minutes to work and has already been given the thumbs up by an English winemaker. I know a certain special lady who is about to have the best bottle of Boone's Farm in the world.

Thursday, October 02, 2008


CO: Parks Web site hacked; personal information may be compromised

Wednesday, October 01 2008 @ 05:26 PM EDT Contributed by:PrivacyNews

The Foothills Parks and Recreation District is contacting customers who may have had their personal information stolen by someone who illegally accessed the district's computer network.

Executive Director Ronald Hopp says the access happened sometime in the past week and on Monday they determined that some customer information, including credit card information, may have been compromised. The district noticed unusual activity last week which they believe was caused by a virus introduced to cover up the actions of the intruder.

Source -

The cost of a security breach...

TX: Discarded Records Could Cost Company $2 Million

Thursday, October 02 2008 @ 05:09 AM EDT Contributed by: PrivacyNews

A lawsuit just filed by the Texas Attorney General says more than 44 people in San Antonio were victims of violations of the Identity Theft Enforcement and Protection Act.

Because of what the News 4 Trouble Shooters found in their dumpster, the drug treatment facility could face more than $2 million in civil penalties.

Source - WOAI

Related Details from the Breach Blog

Texas AG gets tough with Treatment Associates of Victoria

How could managers miss this? Oh, wait – not managers – bureaucrats! Thank god they're not in charge of anything important like Naval Research!

Sysadmin Steals Almost 20,000 Pieces Of Computer Equipment

Posted by samzenpus on Thursday October 02, @07:57AM from the was-that-wrong dept. The Courts The Military News

coondoggie writes

"Now this is some serious computer theft. We're talking 19,709 pieces of stolen computer equipment from the US Naval Research Laboratory in Washington, DC. The theft included everything from PCs and printer toner to hard drives, software and other office equipment amounting to over $120,000, according to court documents and published reports."

For your Security Manager: Training for those who insist on using a “not very secure” email system. (Wouldn't you rather use a system that isn't regularly hacked, Gov. Palin?)

Check if Your Gmail is Hacked with Activity Monitor

Sep. 30th, 2008 | by Aibek

For your Security Manager's Manager

Does patch management need patching?

Report says 90 percent of successful exploits these days involve vulnerabilities for which a patch has been available for six months or longer

By Rick Cook, CSO October 02, 2008

... "For the overwhelming majority of attacks exploiting known vulnerabilities, the patch had been available for months prior to the breach," Verizon says on page 15 of its 2008 Data Breach Investigations Report . " Also worthy of mention is that no breaches were caused by exploits of vulnerabilities patched within a month or less of the attack."

Chinese discovered in China! Word finally reaches NY Times! ...and other obvious facts.

Huge System for Web Surveillance Discovered in China

Wednesday, October 01 2008 05:24 PM EDT Contributed by: PrivacyNews

A group of Canadian human-rights activists and computer security researchers has discovered a huge surveillance system in China that monitors and archives certain Internet text conversations that include politically charged words.

The system tracks text messages sent by customers of Tom-Skype, a joint venture between a Chinese wireless operator and eBay, the Web auctioneer that owns Skype, an online phone and text messaging service.

Source - New York Times

On the other hand... (Perhaps they should hire teachers who can read?)

Sweden condemns surveillance in schools

Thursday, October 02 2008 @ 04:59 AM EDT Contributed by: PrivacyNews

Sweden’s Data Inspection Board (Datainspektionen – DI) has demanded that seven schools change their use of surveillance cameras in a decision it hopes will set a precedent for schools across the country.

... Six of the schools were told they could no longer use any of their surveillance cameras when school is in session on the weekdays.

But Tensta high school, which today has 60 surveillance cameras in place, will be allowed to keep one camera in operation during school hours.

Source - The Local

[From the article:

The ruling follows an investigation by the Board revealed that seven different school were currently deploying surveillance cameras in a way which violated Swedish regulations governing the use of the cameras.

... In the article, Gräslund writes that the Board’s decision is “a wake-up call for all schools in Sweden which use or are considering using surveillance cameras indoors during the day” and claims that there is widespread ignorance about rules governing surveillance, which occurs regularly and is often an invasion of privacy.

“Stupid is as stupid does.” F. Gump

Man Uses Remote Logon To Help Find Laptop Thief

Posted by samzenpus on Thursday October 02, @12:48AM from the cyber-bloodhound dept.

After his computer was stolen, Jose Caceres used a remote access program to log on every day and watch it being used. The laptop was stolen on Sept. 4, when he left it on top of his car while carrying other things into his home. "It was kind of frustrating because he was mostly using it to watch porn," Caceres said. "I couldn't get any information about him." Last week the thief messed up and registered on a web site with his name and address. Jose alerted the police, who arrested a suspect a few hours later. The moral of the story: never go to a porn site where you have to register. [Well, DUH! Bob]

Related Would James Bond have made this mistake?

October 1, 2008

MI6 Camera -- Including Secrets -- Sold on eBay

I wish I'd known:

A 28-year-old delivery man from the UK who bought a Nikon Coolpix camera for about $31 on eBay got more than he bargained for when the camera arrived with top secret information from the UK's MI6 organization.

Allegedly sold by one of the clandestine organization's agents, the camera contained named al-Qaeda cells, names, images of suspected terrorists and weapons, fingerprint information, and log-in details for the Secret Service's computer network, containing a "Top Secret" marking.

He turned the camera in to the police.

Elvis lives! Note that the headline isn't: “Hackers create an Elvis Passport” They cloned the King's!

Hackers Clone Elvis' Passport

Posted by samzenpus on Thursday October 02, @05:30AM from the don't-mess-with-the-king dept. Security Privacy Government Technology

Barence writes

"Hackers have released source code that allows the 'backup' of RFID-protected passports, although the tool can potentially be used to create fake or cloned documents. The Hacker's Choice, a non-commercial group of computer security experts, has released a video showing a cloned passport being approved by a security scanner at a Dutch airport. When the reader scans the passport, it is revealed to belong to one Elvis Aaron Presley, complete with picture. Reports of the hackers serenading security staff with 'Are You Clonesome Tonight' are unconfirmed."

Still inadequate? Read th comments!

Credit Card Security Standard Issued

Posted by samzenpus on Thursday October 02, @03:27AM from the do-it-like-this dept. Security

alphadogg writes

"The Payment Card Industry Security Standards Council, the organization that sets technical requirements for processing credit- and debit-cards, Wednesday issued revised security rules, while also indicating next year it will focus on new guidelines for end-to-end encryption, payment machines and virtualization. PCI adherence has been pushed big time in the industry to help avoid more big breaches such as the one involving TJX. Those familiar with the standard say it could be expensive to implement and that there are some things those using wireless LANs will need to pay especially close attention to."

Interesting summaries of e-Discovery rulings. (Even to non-lawyer me...)

More “Must Read” 2008 Cases - Part One in a Three Part Series

Interesting business model? Imagine getting paid in beer! - Information On Dublin Pubs

The aptly-named ProperPint website is an online resource that provides users with fully up-to-date information on Dublin-based pubs and happening nightspots. The site has an unobtrusive layout and upon directing your browser to this startup you will be greeted with a concise navigation menu. The items that make it up include “Browse Dublin Pubs”, “Add a New Pub” and a “Google Earth Pubs” link that will help you visualize the pubs of your choice in a straightforward fashion.

Moreover, the site includes a “Write a Pub Review” section that will let any user offer his opinion on any existing nightspot in the Dark Pool city. There is also a “20 Most Popular Pubs” category that showcases notable venues based on the ratings that have been submitted by visitors of the site. Finally, the site also boasts a “Most Recent Pubs” section that charts those pubs that have recently opened their doors.

It is also interesting to point out that when writing a review it is possible to pose questions such as “I would like to work in this pub, who should I contact?” and related considerations.

Geeky stuff...

Free version of Hyper-V now available

Microsoft aims to catch up to VMware; follows its lead in releasing a free, low-footprint version of its software

By Elizabeth Montalbano, IDG News Service October 01, 2008

Something for my website class (Maybe I'll broadcast my classes!) - Broadcast Your Own Radio Station

The premise behind the website is quite simple: members can broadcast their own programs online. The main page of the site lists already existing radio broadcasts by random users, whereas a “Top 10” chart is likewise featured. This chart provides instant access to the 10 top radios that broadcast using the web service.

A supple navigation menu is also provided, and it enables users to browse through the existing radios by genre. Some of these include “Music & DJ”, “Talk Show” and “Religious”.

Information on the current users of can also be procured using this navigation menu. It is possible to inform oneself about listeners in general as well as finding out more about the current disc jockeys and radio managers.

Guidance is given on a plethora of issues that range from how to install both Winamp and ShoutCast to advanced tricks and tips in order to maximize your online time and reach a wider audience.

Lastly, the site provides links for those who want to do some online music-related shopping, as items such as instruments can be procured along with music software under the “Store” heading

Something to intimidate my Excel class?

Advanced Excel for Scientific Data Analysis

Posted by samzenpus on Wednesday October 01, @01:02PM from the read-all-about-it dept.

cgjherr writes

"If the recent financial meltdown has left you wondering, 'When does exponential decay function stop?' then I have the book for you. Advanced Excel for Scientific Data Analysis is the kind of book that only comes along every twenty years. A tome so densely packed with scientific and mathematical formulas that it almost dares you to try and understand it all. A "For Dummies" book starts with a gentle introduction to the technology. This is more like a "for Mentats" book. It assumes that you know Excel very well. The first chapter alone will have you in awe as you see the author turn the lowly Excel into something that rivals Mathematica using VBA, brains, and a heaping helping of fortitude."

Read on for the rest of Jack's review.

Wednesday, October 01, 2008

A student, do you think?

Hacker compromises data on 11,000 at U. of Indy

Wednesday, October 01 2008 @ 04:49 AM EDT Contributed by: PrivacyNews

A hacker attacked the University of Indianapolis' computer system and gained access to personal information and Social Security numbers for 11,000 students, faculty and staff, the school said.

The 4,300-student university's information technology staff and outside computer security experts are investigating the breach, which was discovered Sept. 18 when another institution warned the school.

Source - Chicago Tribune

[From the article:

"We don't know that anything was done with this information, just that there was a compromise," university spokesman Scott Hall told The Indianapolis Star on Tuesday. [Typical ignorance! Bob]

... "Our investigation leaves no doubt that this was a professional job by hackers from outside, and it was well beyond our control," [Bulls**t! You had no control – not the same! Bob] Pitts said in the e-mail.

... Investigators believe the attack may have originated outside the United States because a foreign language was found embedded in programming code [Ach du lieber! Bob]

Still making headlines. Is this better than releasing all the bad data at once? Machiavelli thought not...

248,000 in N.C. affected by lost personal data (BNY Mellon update)

Tuesday, September 30 2008 @ 01:32 PM EDT Contributed by:PrivacyNews

About 248,000 North Carolinians are among those whose personal information was included in tapes lost by the Bank of New York Mellon, the state Attorney General's Office said today.

The company is notifying people affected by the security breach and offering them two years of credit monitoring for free.

Source - The News & Observerf

More evidence that governments are starting to enforce industry standards by law, regulation or edict.

UK: Virgin Media slammed by Data Protection Commissioner

Wednesday, October 01 2008 @ 06:00 AM EDT Contributed by: PrivacyNews

Virgin Media, which in June lost an unencrypted CD containing the bank details of 3,000 customers, has been found to be in breach of the Data Protection Act.

Virgin Media, which alerted the Information Commissioner to the problem in the first place, was ordered by the ICO to encrypt all portable and mobile devices that store and transmit personal information. Any company processing personal information on behalf of Virgin Media must also use encryption. [...and will use this order to justify increasing their charges to Virgin Media... Bob]

Source - CIO

Attention Security Managers!

New Denial-of-Service Attack Is a Killer

Posted by kdawson on Wednesday October 01, @08:08AM from the fighting-a-resource-war-with-an-unfair-advantage dept. Security The Internet

ancientribe writes

"Hacker RSnake blogs about a newly discovered and deadly denial-of-service attack that could well be the next big threat to the Internet as a whole. It goes after a broadband Internet connection and KOs machines on the other end such that they stay offline even after the attack is over. It spans various systems, too: the pair of Swedish researchers who found it have already contacted firewall, operating system, and Web-enabled device vendors whose products are vulnerable to this attack."

Listen to the interview (MP3) — English starts a few minutes in — and you might find yourself convinced that we have a problem. The researchers claim that they have been able to take down every system with a TCP/IP stack that they have attempted; and they know of no fix or workaround.

Would you like a Diplomatic Passport from Grand Fenwick? (Or would you like to be that other mouse from the Magic Kingdom?)

September 30, 2008

How to Clone and Modify E-Passports

The Hackers Choice has released a tool allowing people to clone and modify electronic passports.

Hey! We're doing important stuff here. We'er not interested in your opinion, so don't bother us!

US House Limits Constituent Emails

Posted by kdawson on Tuesday September 30, @04:49PM from the just-the-fax-ma'am dept. Government United States Politics

Plechazunga passes along this note from The Hill:

"The House is limiting e-mails from the public to prevent its websites from crashing due to the enormous amount of mail being submitted on the financial bailout bill. As a result, some constituents may get a 'try back at a later time' response if they use the House website to e-mail their lawmakers about the bill defeated in the House on Monday in a 205-228 vote."

This would be easily countered if DHS could point to ANY terrorist discovered by searching a laptop... Still nothing addresses search and seizures by TSA domestically..

Bill Would Rein In Laptop Searches at the Border

Wednesday, October 01 2008 @ 04:55 AM EDT Contributed by:PrivacyNews

Random, intrusive searches of the contents of laptop computers at the border would be outlawed by legislation introduced on September 26 by Senators Feingold, Cantwell, Wyden, and Akaka. The Traveler's Privacy Protection Act (S. 3612) would require U.S. Customs and Border Patrol officials to have a "reasonable suspicion" of a crime before they could search a laptop computer and other data storage devices; a court order based on probable cause would be needed to seize a device. Travelers could be present while electronic devices were searched, discriminatory searches would be barred, and strict time limits for searching would be imposed. The bill, which limits its protection to residents of the US, would displace recently-disclosed Customs policies permitting suspicionless laptop searches at the border that could last for weeks.

Source - Related - Text of Bill S. 3612 [PDF]

Related What exactly are we looking for? Terrorist training camps? Large concentrations of camels? Mosques?

Satellite-Surveillance Program to Begin Despite Privacy Concerns

Wednesday, October 01 2008 @ 05:02 AM EDT Contributed by:PrivacyNews

The Department of Homeland Security will proceed with the first phase of a controversial satellite-surveillance program, even though an independent review found the department hasn't yet ensured the program will comply with privacy laws.

Source - WSJ

Related (Ve vas only following orders!)

September 30, 2008

Over 16,000 Pages of FBI File on Martin Luther King Posted Online

Internet Archive: "The FBI's entire main (Headquarters) file on Martin Luther King, Jr. All 121 parts - 16,600+ pages - posted online for the first time, by The Memory Hole. The 121 parts have been put into 12 zip files. To access them, click here."

Related ...and useful on its own.

September 30, 2008

Online Guide - How to Read an FBI File

How to Read an FBI File by Phil Lapsley, author of The History of Phone Phreaking: "Maybe you found an FBI file on the web, maybe you got it through a web site like Get Grandpa's FBI File or Get My FBI File, maybe you found it at the National Archives, or maybe it was up in the attic in great-aunt Mildred's possessions. If you're like most people, after you read it you probably had a bunch of questions. FBI files are filled with jargon, abbreviations, file numbers, codes, blacked out chunks of text, and odd little codes in the margin. Very puzzling! If you're serious about trying to understand the stuff in that file, this document is for you. Its goal is to help you understand the contents of your FBI file. (For convenience, let's say "your file" even though the file may be about someone else." [Michael Ravnitzky]

One measure of success?

Ca: Website, phones jammed on Day 1 of do-not-call list registration

Wednesday, October 01 2008 @ 06:07 AM EDT Contributed by: PrivacyNews

So many people were trying to sign up their phone numbers Tuesday on the first day of registration for the federal do-not-call list, the website crashed at one point and the phone lines were busy.

Source -

Is this (evidence/justification) that Google will be offering: “g-Market” -- an Open Source alternative to the NY Stock Exchange!

September 30, 2008 4:10 PM PDT

Google's stock plummets to $249 due to 'erroneous orders'

Posted by Harrison Hoffman

Privacy isn't a category (yet)

September 30, 2008

Redesigned Global Legal Monitor Launched

"The Law Library of Congress is pleased to announce the launch of the redesigned Global Legal Monitor. The Global Legal Monitor has transformed from a monthly published PDF to a dynamic continuously updated website. The new Global Legal Monitor has the ability to view legal developments by topic (more than one hundred so far) and by jurisdiction (over one hundred and fifty). The content of the Global Legal Monitor can also be searched through its advanced search interface."

Outsourcing and Cloud Computing share the same security problems.

Outsourced--And Out Of Control

Tuesday, September 30 2008 @ 10:03 AM EDT Contributed by: PrivacyNews

As the economy sinks and budgets are squeezed, outsourcing looks more and more like a thrifty necessity. But when it comes to the data security of those far-flung offices, businesses may find they get what they pay for.

A study released Tuesday, compiled from surveys of information technology managers and users in 10 countries, reveals an alarming gap between the information-security practices of developed countries and those of emerging markets like China, Brazil and, to a lesser degree, India.

Source - Forbes

Other countries are enlarging their pipes – we try to limit usage by making them more difficult/expensive to use. Economics 101 suggests they are right and we are wrong.

The Facts & Fiction of Bandwidth Caps

Posted by kdawson on Tuesday September 30, @02:44PM from the consequences-we-at-least-hope-were-unintended dept. The Internet

wjamesau writes

"What's the deal with broadband caps, like Comcast's 250GB/month data transfer limit, which goes into effect tomorrow? Om Malik at GigaOM has a whitepaper laying out the facts and fiction about Comcast's short-sightedness (which other carriers are mimicking), and how it will impact the future Internet: 'Given the growth trend due to consumers' changes in content consumption, today's power users are tomorrow's average users. By 2012, the bill for data access is projected to be around $215 per month.' Ouch."

The white paper is embedded at the link using Scribd; for a PDF version you'll have to give up an email address.

Very cool!

Towards a Wiki For Formally Verified Mathematics

Posted by kdawson on Tuesday September 30, @06:14PM from the preparing-the-ground-for-our-robot-overlords dept. Math Social Networks Science

An anonymous reader writes

"Cameron Freer, an instructor in pure mathematics at MIT, is working on an intriguing project called (video from O'Reilly Ignite Boston 4): a math wiki which only allows true theorems to be added! Based on Isabelle, a free-software theorem prover, the wiki will state all of known mathematics in a machine-readable language and verify all theorems for correctness, thus providing a knowledge base for interactive proof assistants. In addition to its benefits for education and research, such a project could reveal undiscovered connections between fields of mathematics, thus advancing some fields with no further work being necessary."

For my students, few speak English well. - Learn Foreign Languages Easily

With the arrival of the Internet, learning a language has never been easier. Now the Cosmo Trainer folks are making their contribution towards the cause with their site. Basically, the visitor can specify both his native language and the language he wishes to work on. After that, the user can choose the vocabulary he wishes to train. Featured vocabularies include “Colors”, “Food”, “Human Body” and “Numbers” to name but four. Once this has been dealt with, it’s finally time to get down to some linguistic action and training.

It is nice to see startups like this one come along. As a Spanish King once commented, a man is as realized as the number of languages he has mastered, an opinion that has been shared by an endless number of artist and writers (Goethe springs to mind). As such, online resources like this one play a role in the realization of people and the breaking down of barriers that should not be overlooked. Check it out.

...for the watercooler crowd... (read carefully...)

September 30, 2008

Online Guide: History of U.S. Government Bailouts

Pro Publica: "With the flurry of recent government bailouts, we decided to try to put them in perspective. The circles below represent the size of U.S. government bailout, calculated in 2008 dollars. They are also in chronological order. Our chart focuses on U.S. government bailouts of U.S. corporations (and one city). We have not included instances where the U.S. government aided other nations. Check out how the Treasury did in the end after initial government outlays."


Obama 286 McCain 190 Ties 62

Tuesday, September 30, 2008

“We have met the enemy and he is us.” (In other words, protest loudly to convince the citizenry that you aren't the ones doing it.)

Hu: ‘Octopus-like shadow secret service’ does Fidesz’ bidding: minister

Tuesday, September 30 2008 @ 07:22 AM EDT Contributed by: PrivacyNews

The latest scandal in Hungary, whose background reads like the plot of a John Grisham novel, threatens to shake up the foundations of the country’s still young democracy and political power relations.

The National Security Office (NBH) informed the public that it had uncovered an “octopus-like shadow secret service” that had not only infiltrated companies and state authorities, but also hacked into their computer systems and databases and gained access to private, business and state secrets. Secret Services minister György Szilvásy, who is in charge of the NBH, referred to emails, bank secrets, telephone lists and strictly confidential information held by tax authority APEH, the Customs and Finance Guard, the police apparatus and the NBH itself.

Source - The Budapest Times

Oh drat! I wasn't ready to use it yet. Now I have to fall back to plan B.

CSRF Flaws Found On Major Websites, Including a Bank

Posted by kdawson on Monday September 29, @09:58PM from the wherever-you-look dept.

An anonymous reader sends a link to DarkReading on the recent announcement by Princeton researchers of four major Web sites on which they found exploitable cross-site request forgery vulnerabilities. The sites are the NYTimes, YouTube, Metafilter, and INGDirect. All but the NYTimes site have patched the hole.

"... four major Websites susceptible to the silent-but-deadly cross-site request forgery attack — including one on's site that would let an attacker transfer money out of a victim's bank account ... Bill Zeller, a PhD candidate at Princeton, says the CSRF bug that he and fellow researcher Edward Felton found on represents ... 'the first example of a CSRF attack that allows money to be transferred out of a bank account that [we're] aware of.' ... CSRF is little understood in the Web development community, and it is therefore a very common vulnerability on Websites. 'It's basically wherever you look,' says [a security researcher]."

Here are Zeller's Freedom to Tinker post and the research paper (PDF).

Good for Admins, bad for everyone else? Something for the amateur surveillance crowd too. - Manage Your Computer From Anywhere

Yoics is a California-based company that stands as a purveyor of networking solutions. Its objective is to transform network configuration and management, and as such it has developed a solution that allows devices to be accessed and managed from any Internet connected browser. This is achieved through the Yoics Now! proxy, a feature of the available Yoics desktop. This proxy turns any networked computer into a device which can be remotely accessed, all the while dispensing with complicated router configurations.

The different categories that make up the site are grouped together on the right-hand side of the main page for browsing convenience. By way of example, these include sections that deal with the aforementioned Yoics Proxy and remote desktop, along with self-explanatory categories like “Tutorials” and “Downloads”. The latter includes software applications both for Windows and Mac setups. Another section that merits mentioning is the one entitled “Yoics Now! Configuration” as it provides comprehensive guidance on the different products and applications that can be integrated with the existing solution such as Yawcam and TVersity.

[This is interesting: Surveillance webcam for iPhone.

Wouldn't this decrease the probability that anyone would actually look at the signs? Hasn't anyone patented advertising on government “publications?” (H & R Block ads on the 1040?)

State Considers Advertising on Amber Alerts

by Christine Pelisek September 24, 2008 12:37 PM

The Schwarzenegger administration is considering advertisements on freeway signs used for Amber Alerts and other emergencies.

The advertisements would be posted on 674 electronic roadside message boards according to the LA Times. The funds raised – estimated at millions - would go towards the financially strapped highway fund.

A no lose case for Microsoft? If they win, they can show how they go after evil doers. If they lose, they can use the same type of ads for their products. (These ads work best on porn sites and other “high risk” websites.)

Microsoft, Washington state sue over 'scareware' pop-up ads

Posted by Elinor Mills September 29, 2008 11:01 AM PDT

... The lawsuit filed by the Attorney General's office alleges a Texas firm sent incessant pop-up ads that falsely claimed the computer had critical errors in its registry and directed people to a Web site where they could download free scanning software to find the problems.

The software then reports 43 critical problems and offers to sell a fix for $39.95. However, the software, dubbed "Registry Cleaner XP," does nothing but lull the consumer into a false sense of security, officials said.

For my College Algebra students. Muahahahah

The 23 Toughest Math Questions

Posted by kdawson on Tuesday September 30, @08:08AM from the innumerate-need-not-apply dept.

Math Technology coondoggie sends in a Network World post that begins

"It sounds like a math phobic's worst nightmare or perhaps Good Will Hunting for the ages. Those wacky folks at the Defense Advanced Research Projects Agency have put out a research request it calls Mathematical Challenges, that has the mighty goal of 'dramatically revolutionizing mathematics and thereby strengthening DoD's scientific and technological capabilities.' The challenges are in fact 23 questions that, if answered, would offer a high potential for major mathematical breakthroughs, DARPA said."

Some of the questions overlap with the Millennium Prize Problems of the Clay Mathematics Institute, which each carry a $1M prize.

Monday, September 29, 2008


Data “Dysprotection:” breaches reported last week

Monday, September 29 2008 @ 05:41 AM EDT Contributed by: PrivacyNews

A recap of incidents or privacy breaches reported last week for those who enjoy shaking their head and muttering to themselves with their morning coffee.

Source - Chronicles of Dissent

Got statistics? Data will become available for technological and mathematicl mis-interpretation.

September 28, 2008

Web 2.0 and E-Government Facilitate Transparency and Access

W. David Stephenson - Automated Data Feeds Make Smart Regulation Possible Now: "The District of Columbia, long plagued by corruption, began a transparency initiative under former Mayor Anthony Williams. It shifted into high gear under Mayor Adrian Fenty, and CTO Vivek Kundra. They now publish, on a real-time basis, more than 260 different data streams of statistics as varied as violent crime, building starts, and even requests to fill potholes. All of those statistics are available for anyone to analyze and interpret, and current uses range from tracking development around the new Nationals Park to showing crime reports on a Google Map."

Build your own cloud.

The devilish details of desktop virtualization

Early adopters of virtual desktop infrastructure report compelling benefits, significant hurdles, and a cloudy view into ROI

By Tom Kaneshige September 29, 2008

A tool for amateur Big Brothers. Would you expect this to work when actors recite their lines? (Technology isn't really needed – if their lips move, they're lying,) - Find Out If Politicians Are Lying

RealScoop is a startup that will let anybody find out how truthful is a politician or any other public figure. In principle, RealScoop employs voice analysis technology to analyze statements made by such individuals. The resulting system goes by the name of “Believability Meter”, and it goes through each second of a provided celebrity video and displays real-time results using different colors. Basically, the statements which are most believable are green, and those that are questionable are first yellow, then orange and finally red.

Scoops are suggested by members of the online community, and these can be accessed from the main page. The site itself presents various categories where scoops can be placed, namely “Entertainment”, “News” and “Sports”. Of course, a subsection named “Elections ‘08” is featured and it is safe to say that it is the one that generates the most interest.

When viewing a specific category, it possible to order the featured scoops by date, number of views, score and received comments.

All in all, RealScoop is an interesting application that will no doubt fuel more than a fair share of debates both online and offline.

Interesting reading? (Perhaps only for bloggers)

September 28, 2008

New on Book Review - We're All Journalists Now

LLRX Book Review by Heather A. Phillips - We're All Journalists Now: The Transformation of the Press and Reshaping of the Law in the Internet Age - Heather A. Phillips highlights attorney John Gant's contention that one's title, income, and employer are at best side issues in determining who is a journalist in the day-to-day realities of issuing press passes as well as in larger policies such as the extension of shield laws.

Building an alternative to NASA

China's first spacewalk team feted with parade

By GILLIAN WONG Associated Press Writer Sep 29, 12:11 AM EDT


SpaceX Did It -- Falcon 1 Made it to Space

By Aaron Rowe September 28, 2008 | 6:26:14 PM

Related Is this why? Worth a trip to the library in any case...

Parag Khanna: Embrace the Post-American Age

By Daniel H. Pink 09.22.08

Perhaps a class for my students... (Last Quarter we engineered security for a Wiki)

Roll custom social networking sites with Elgg 1.0

By Mayank Sharma on September 23, 2008 (7:00:00 PM)

Elgg is an open source application for rolling out a social network. It installs like any Web-based software, but instead of a blog or a wiki, it gives you all the components of a social networking site -- your own MySpace! It's popular with educational institutes and used by several universities across the world, in addition to powering social networks of companies such as Swatch. The new Elgg 1.0, released last month, is modular in design, making it easier for developers to build social networks around the platform.

The pendulum swings yet again...

Wall Street's Collapse Is Computer Science's Gain

Posted by timothy on Sunday September 28, @03:12PM from the portable-skills dept. Education The Almighty Buck IT

dcblogs writes

"Thanks to Wall Street's implosion, the chairman of Stanford University's Computer Science Department says he is seeing more interest from students in computer science. Ditto at Boston College. Computer science enrollments crashed after the dot-com bust as students turned to hedge fund majors. And are computer science grads getting jobs? The professor at one university program that graduates about 45 students a year with CS degrees, wrote in a comment: 'Last year 87% of our seniors were employed before graduation. The median starting salary was $58,500. A majority of CIS students had multiple job offers. From where I sit, there is a huge demand for entry level IT professionals in IS and in CS.'"