Saturday, October 11, 2008

Now would be a good time for a nice, stealthy cyberwar

World Bank Under Cybersiege In "Unprecedented Crisis"

Posted by kdawson on Friday October 10, @12:34PM from the wolf-really dept.

JagsLive sends in a Fox News report on large-scale and possibly ongoing security breaches at the World Bank.

"The World Bank Group's computer network — one of the largest repositories of sensitive data about the economies of every nation — has been raided repeatedly by outsiders for more than a year, FOX News has learned. It is still not known how much information was stolen. But sources inside the bank confirm that servers in the institution's highly-restricted treasury unit were deeply penetrated with spy software last April. Invaders also had full access to the rest of the bank's network for nearly a month in June and July. In total, at least six major intrusions — two of them using the same group of IP addresses originating from China — have been detected at the World Bank since the summer of 2007, with the most recent breach occurring just last month. In a frantic midnight e-mail to colleagues, the bank's senior technology manager referred to the situation as an 'unprecedented crisis.' In fact, it may be the worst security breach ever at a global financial institution. And it has left bank officials scrambling to try to understand the nature of the year-long cyber-assault, while also trying to keep the news from leaking to the public."

[From the article:

While it remains unclear how much data has been pilfered from the bank, it's a lot. According to internal memos, "a minimum of 18 servers have been compromised," including some of the bank's most sensitive systems — ranging from the bank's security and password server to a Human Resources server "that contains scanned images of staff documents."

One World Bank director tells FOX News that as many as 40 servers have been penetrated, including one that held contract-procurement data.

... "It's about the FBI coming last summer and saying, 'You should take a look at your systems because we think something weird is going on.' [Another “We didn't know” incident Bob] It's about the intruders knowing what information they wanted — and getting to it whenever they wanted to. They took our existing data stores and organized them in a way that they could be easily accessed at will." [and no one at the bank noticed... Bob]

Hey, trust us! We've been in the security business a long time.

UK: MoD loses hard drive with troop and family details

Friday, October 10 2008 @ 08:06 AM EDT Contributed by: PrivacyNews

The Ministry of Defence has begun an investigation into its worst information security breach after a portable hard drive with details of about 100,000 servicemen and women and 800,000 applicants to join the Armed Services was found to be missing on Wednesday.

Sensitive details of the family members of personnel were also among the data stored, including bank details and passport numbers.

The portable hard drive — which is believed not to have been encrypted [“We don't know...” Bob] — was used by EDS, the MoD’s main IT contractor, to test computer equipment. It could have en missing for several days.

Source - TimesOnline Related - The Register: MoD loses most of the armed forces

Similar, but a non-event?

UK: Pensioner's details stolen (Deloitte update 2)

Friday, October 10 2008 @ 12:30 PM EDT Contributed by: PrivacyNews

A LAPTOP containing data on around 100,000 pensioners was stolen last month, it was revealed today.

Source - The Sun

[From the article:

The computer, which contained pensioners’ names, National Insurance numbers and salary details, was in a handbag snatched from an employee of accounting firm Deloitte.

... In a statement, Deloitte said the laptop was protected by a number of security measures, including start-up and operating system passwords and data encryption.

... A spokesman for Deloitte said they did not want to say where the theft took place to reduce the chance of the thieves realising what they had taken.

Strategy: They will copy our “telecomm get-out-of-jail-free” legislation, then in a few years we can start a “We're behind the Brits on Terrorist tracking” campaign and copy their database.

UK Government Says More Spying Needed

Posted by timothy on Saturday October 11, @01:32AM from the need-to-make-up-for-the-losses dept. Privacy Communications Government

An anonymous reader writes

"Our wonderful government here in the UK has decided we're not being surveilled enough, and agreed to spend £12 billion on a programme to monitor every Briton's phone calls, e-mails, and internet usage. According to various sources, upwards of £1 billion has already been spent on the uber-database. Rationale? Terrorism, of course (no prizes for guessing). Needless to say, not everyone is as happy as Larry over this: Michael Parker pointed out how us Brits are being 'stalked.' I'm just looking forward to when the data gets lost."

Let's hope the comments were an afterthought...

Judge Tosses Telco Suit Over City-Owned Network

Posted by kdawson on Friday October 10, @09:23AM from the why-not-sue-the-state-for-building-roads dept.

tsa sends along news of the city of Monticello, Minnesota, which was sued by their local telco, Bridgewater Telephone Company, because the city chose to build a fiber optics network of their own. The judge dismissed their complaint of competition by a governmental organization. Quoting:

"The judge's ruling is noteworthy for two things: (1) the judge's complete dismissal of Bridgewater Telephone Company's complaint and (2) his obvious anger at the underfunding of Minnesota's state courts. Indeed, the longest footnote in the opinion is an extended jeremiad about how much work judges are under and why it took so long to decide this case."

The numbers get bigger, but I still get SPAM

US couple fined $236 million for spamming

Friday, October 10 2008 @ 07:49 AM EDT Contributed by: PrivacyNews

A US couple who sent vast quantities of spam via a small ISP for around four months in 2003 have been fined a whacking $236 million.

According to the IDG newswire, Perez and Suzanne Bartok used a bulk emailing package to send millions of spammed messages to CIS Internet Services in Iowa.

The small ISP said it had to dedicate three servers to blocking the couple's spam, which amounted to an astonishing 500 million emails every day for around four months in 2003.

Source -

Any chance this sets a precedent for those of us who are not “tabloid fodder?”

Lindsay Lohan's Lawyers Battle For Her Privacy In California Courtroom

Friday, October 10 2008 @ 01:50 PM EDT Contributed by: PrivacyNews

Lindsay Lohan's attorneys filed a motion on her behalf this week, seeking a judge's order barring any filming or taping whatsoever of the bisexual actress' upcoming deposition in a lawsuit filed by lover Samantha Ronson.

Lohan's attorneys have asked the court that transcripts or any other accounts of the deposition be sealed from being introduced into public records. The motion states that Lohan feats (sic) videotaping the deposition will "unduly embarrass, oppress and burden her because of the private subject matter of the expected testimony and the virtual certainty that, unless access is significantly limited, the transcript and videotape of the deposition will be illegally exploited by the media." [“Illegal” isn't protection enough? Bob]

Source - The Post Chronicle

How to win loyal customers? Oh wait, Many of these content providers aren't Verizon customers. (and soon, none of them will be.) Comments are amusing too.

Verizon To Charge Content Providers $.03 Per SMS

Posted by timothy on Friday October 10, @04:12PM from the but-there's-no-penny-slot dept. Cellphones Communications The Almighty Buck

An anonymous reader writes

"It appears that Verizon is going to start double-dipping by charging both consumers AND content providers for SMS text messages. Verizon has informed content partners that it will levy a $.03 charge for messages sent to customers, effective November 1. From RCRWireless: 'Countless companies could be affected by the new fee, from players in the booming SMS-search space (4INFO, Google Inc. and ChaCha) to media companies (CNN, ESPN and local outlets) to mobile-couponing startups (Cellfire) to banks and other institutions that use mobile as an extension of customer services.'"

One of the promises of the Internet was that anyone could learn any subject from the best teachers in the world. In the US we insist on a “license to teach” and a degree in “remedial grammer school” rather than a degree in the topic being taught.

How US Schools' Culture Stifles Math Achievement

Posted by timothy on Friday October 10, @07:18PM from the expensive-gubmint-babysitting-castles dept. Education Math United States

Zarf writes

"I'd like to file a bug report on the US educational system. The New York Times reports on a recent study that shows the US fails to encourage academic talent as a culture.' "There is something about the culture in American society today which doesn't really seem to encourage men or women in mathematics," said Michael Sipser, the head of M.I.T.'s math department. "Sports achievement gets lots of coverage in the media. Academic achievement gets almost none."' While we've suspected that the US might be falling behind academically, this study shows that it is actually due to cultural factors that are devaluing the success of our students. I suspect there's a flaw in the US cultural system that prevents achievement on the academic front as valuable. Could anyone suggest a patch for this bug or is this cause for a rewrite?"

Good for non-judges too?

October 10, 2008

Federal Law Framework Explored in New Guide

Statutory Structure and Legislative Drafting Conventions: A Primer for Judges, M. Douglass Bellis, Deputy Legislative Counsel, United States House of Representatives, Federal Judicial Center 2008

  • "The Federal Judicial Center has published a guide, Statutory Structure and Legislative Drafting Conventions: A Primer for Judges. It describes the statutory framework of federal law and examines some legislative drafting conventions. It may be useful to judges for statutory interpretation.

TV ain't TV any more. There is a rumor that Apple will produce a fully Internet enabled TV soon.

YouTube beams up 'Star Trek' for long-form video

Posted by Stephen Shankland October 10, 2008 2:48 PM PDT

Google's YouTube has begun testing a dramatic departure in content and advertising, adding 15 50-minute TV episodes from Star Trek, Beverly Hills 90210, and MacGyver and with prominent new ads.

Friday, October 10, 2008

Think of it as an easy way to get back at the boss...

Colorado state Web site dishes out SSNs of top execs

Thursday, October 09 2008 @ 10:34 AM EDT Contributed by: PrivacyNews

The Web site of the Colorado Secretary of State is making available the Social Security numbers and other personal data of numerous CEOs, company chairmen, presidents, board members and other senior executives at some of the country's largest companies, a privacy advocate said.

The documents containing the information were discovered by Betty "BJ" Ostergren a privacy advocate based in Hanover County, Va. For the past several years, Ostergren has been trying to get state and local governments to redact public documents before posting them online.

Source - Network World

[From the article:

Less than two weeks ago, an appeals court in Ohio ruled that a woman whose identity was stolen after an image of a speeding ticket containing her personal information was posted on her county's Web site can sue the official responsible for putting the record online.

We don't need no stinking details!”

Insider theft at AmeriCredit results in ID theft for customers

Thursday, October 09 2008 @ 12:43 PM EDT Contributed by: PrivacyNews

On September 25, AmeriCredit notified the New Hampshire Attorney General's office that a customer service employee at an unspecified facility had removed and misused the personal information of a "small number of customers" to purchase items on credit. Other customers' data were accessed, but may not have been misused.

Despite the safeguards AmeriCredit had in place, they apparently did not detect the breach and first became aware of the problem after a customer contacted law enforcement to report identity theft. The resulting investigation by law enforcement uncovered the breach.

In response to the incident, AmeriCredit reports that:

.... we have secured robust protection and credit monitoring for those who were affected. AmeriCredit has hired ID Experts to provide a one-year membership in their identity theft protection and restoration program. The service includes a dedicated toll free number for members of the affected class to call, a website dedicated to this event, twelve (12) months of credit monitoring, as well as fraud restoration services and a $30,000 insurance reimbursement component should anyone experience identity theft as a result of this incident. More robust measures are being provided to those few individuals whose identity was more likely used by the former employee, including twenty-four (24) months of credit monitoring and additional recovery services. This membership is paid for entirely by AmeriCredit.

Come learn security from us!

Verizon exposes the wrong 1,200 e-mail addresses

Thursday, October 09 2008 @ 06:33 PM EDT Contributed by: PrivacyNews

This should be a vendor's first rule when inviting 1,200 IT pros to a seminar about securing data and protecting personal information: Make sure you protect the personal information of the 1,200 professionals you're trying to impress.

How did Verizon do in that regard on Tuesday? It failed miserably . . . and not just once.

Source - Network World

[From the article:

"Considering their content [about data-breach seminars], I thought it very humorous that the TO: field of the e-mails contained over 1,200 e-mail addresses:

... "You've got to be kidding," he wrote to the Verizon guy shortly thereafter. "I have received seven more duplicates after this response."

Verizon again: "We [are] having issues with our [Microsoft] Exchange server, and I am working with our help desk to correct the problem. I apologize for the inconvenience."

Verizon's "Secure the Information" lecture series includes a segment called, "Are you prepared for data loss?"

I presume that's where the company will be covering the art of the apology.

It's the little things that trip you up.

FL: Police arrest identity theft suspect

Friday, October 10 2008 @ 07:40 AM EDT Contributed by: PrivacyNews

Police say a seasoned identity thief finally got caught because she tried to run her crime in this small community.

Stuart Police arrested Jermica Sykes and her boyfriend, Chad Knight, on charges of identity theft.

... "It was a pretty sophisticated operation," says Detective Sergeant Bill Pecci. "Jermica was able to access different accounts over the internet and working with multiple people around the state was able to obtain date of birth, social security numbers, account information for people everywhere and ultimately get credit cards sent to an address where they could receive them, and she also made new checks, checkbooks under these people's name."

.... Police say there could be 4,500 victims.

Source -

[From the article:

Investigators say Sykes then rented two apartments at two different complexes, Pineapple Cove and Coquina Cove, also claiming to work for the Miami-Dade Corrections Department.

The complexes are both managed by the same company. [and they actually looked at the data they collected! Amazing! Bob]

The landlords got suspicious, went inside the apartment at Pineapple Cove and found evidence of identity theft.

... Sykes told police she was making about $16,000 a month for selling the stolen information.

Tools & Techniques: A well done article!

High-tech bank robbers phone it in

Posted by Robert Vamosi October 9, 2008 4:37 PM PDT

Your ordinary bank robber can now steal hundreds of account numbers from ATMs without so much as lifting a finger. Instead, he skims.

Skimming is the physical use of secondary readers to capture the magnetic tracks on the backs of credit and debit cards. On ATMs, skimmers and secondary keypads are used to capture account numbers and PINs. Often, the ATM transaction goes through, and the customer doesn't realize that the account has been compromised until later.

Two risks these high-tech criminals face are being caught fitting a faux cover over an ordinary ATM card slot and keypad, then later retrieving the skimmers in order to get the account information.

With the arrest last week of "Chao," a Turkish ATM skimmer, comes new information on the lifestyles of modern bank robbers, including details on new devices that send captured account data via SMS to their smartphones.

For about $8,000, skimmers can have their own ATM overlay capable of transmitting 1,856 cards via SMS. Bulk pricing is available. And if they don't want the information sent card by card, they can dial into the device and download the data at their convenience. [Ain't technology wonderful!? Bob]

You're probably saying, "wait, I'd notice the compromise." Not so fast. These guys are good. Very good. See the photos of a compromised ATM machine on Or watch this video to see how ATM skimming with SMS was accomplished last year in Pennsylvania.

Skimming got its start in South Africa, [News to me... Bob] and since 2004, there have been a handful of noteworthy cases in the United States, affecting ATMs in Seattle, San Francisco, Los Angeles, and Austin, Texas. Late last year, Citibank replaced debit cards for its Manhattan customers because of a skimming operation there.

Last February, during a presentation by Billy Rios and Nitesh Dhanjani at the Black Hat conference in Washington, I saw a photograph of a warehouse full of ATM card input overlays from one of the criminal enterprises they stumbled upon. You want black? They got black. You want beige? They have that. What about white or gray? Covered.

Industry standardization of ATM readers makes it easier for criminals to copy, so a bank robber needs only to match the look and style. A second photo showed boxes of keypad overlays. Large. Small. Again, you need only to match the look and style.

Once the account information is captured, the criminals tend to burn it onto blank magnetic stripe cards (ISO standard 7810), then use it at ATMs worldwide.

How are they able to fool so many people? In a blog on ZDNet, Dancho Danchev speculates that there might be some collusion with individuals working with ATM manufacturers. His blog is full of details from a site offering these overlays.

There is a downside to having the SMS service. As with a cell phone, the devices need batteries, which wear out. [Solar Power! Bob] And some SMS transmissions simply fail. Still, if a criminal gets 1,500 bank account numbers, I don't think they're going to mind.

Tools & Techniques: The used book store at the local libray has a couple hundred LPs for 50 cents each. Here is a step by step conversion guide... (I wonder if my students know what LPs are?)

Convert LPs Into MP3s

Thursday, October 09, 2008

This one of those “I'm not a lawyer, so what's the legal theory” questions: What is the difference between a hacker making this available deliberately and a governmant or corporation making it available through negligence or ignorance?

Hacker's list of online accounts spooks users

Wednesday, October 08 2008 @ 09:26 AM EDT Contributed by: PrivacyNews

WHEN Australian web users learned from the Herald that details of their online accounts had been posted on a hacker's website for all to see, they were suspicious, then alarmed, then furious at the hacker who compromised their identities.

Email addresses, matched with user names and passwords for online memberships, were offered by the hacker for anyone wanting to try their hand at identity theft or even financial fraud.

Source - Stock Journal

Related You must steal thousands of records to make any real money. Oh, wait – that's easy!

Stolen card details sold for only $1.50

Thursday, October 09 2008 @ 06:47 AM EDT Contributed by: PrivacyNews

Stolen credit and debit card details have been found on sale for as little as $1.50.

An investigation by the Sydney Morning Herald has found that that almost anyone on Internet can buy stolen payment card details for as little as US$1.50 a time for Aussie details, and US$2.50 a time for US and English cardholder information.

For accounts in Britain and the United States, the salesmen claim even to be able to bypass some of the latest anti-fraud protection, including Verified by Visa. Some hackers also offer free samples of the stolen data, although key information is kept hidden to preserve its resale value.

Source - SC Magazine

[From the article:

Yuval Ben-Itzhak, chief technology officer with Finjan, said: “Our research team spotted this not inconsiderable trade in stolen payment card data back in the late spring, which we published details of in our Q2 Web Security Trends report in July.

“At that time, however, the going rate was around $15 a pop, so the rate has clearly fallen, perhaps because of the glut of this kind of data being sold on the Internet.”

Right now he has a 47-44 chance of a Presidential Pardon.

Lawmaker's son indicted in Palin e-mail hacking

Wednesday, October 08 2008 @ 09:19 AM EDT Contributed by: PrivacyNews

A federal grand jury has indicted the son of a Democratic Tennessee state lawmaker in connection with the hacking of the e-mail account of Republican vice presidential candidate Sarah Palin.

David Kernell, 20, of Knoxville, Tenn., the son of state Rep. Mike Kernell, was scheduled to be arraigned Wednesday before U.S. Magistrate Judge C. Clifford Shirley, according to a statement from the Justice Department.

Source - Wired

Oh what a wicked web we weave...

Spammer Perjury is Worth Prosecuting

Posted by CmdrTaco on Wednesday October 08, @12:01PM from the love-a-little-alliteration dept.

Slashdot regular Bennett Haselton summarizes his essay by saying

"Spammers really do lie more often under oath than other parties in court (surprise). Judges and prosecutors could promote respect for the law by cracking down on it, and maybe make a dent in spam in the process."

Read on to learn of his experiences with (shocking!) spammers who lie in court

A new twist.

Before the RIAA Can Sue a Student, Mom and Dad Can Call a Lawyer: An Interesting Innovation Affords Some Notice to Students Accused of Illegal Downloading

Wednesday, October 08 2008 @ 06:25 PM EDT Contributed by: PrivacyNews

.... Most recently, the University of California at Santa Cruz has invoked its obligations to the students and their parents under federal educational privacy laws as grounds for delaying compliance with an RIAA subpoena.

In the case, UMG Recordings v. Doe, a Northern California federal court agreed with UC Santa Cruz in part - stating that the university needed time to notify parents and students of the RIAA probe, before it divulged any names to the recording companies. Now, parents and students will have time to decide whether to retain an attorney, and find one if needed, and parents can assist students regarding the legal proceedings.

Source - FindLaw

Because we don't have an “annoying but harmless” database? (No doubt lawyers are entered for “aiding and abetting”)

Maryland Police Put Activists' Names On Terror List

Posted by timothy on Wednesday October 08, @05:46PM from the bad-incentive-to-remain-peaceful dept.

aaandre writes with word of a Washington Post story which begins:

"The Maryland State Police classified 53 nonviolent activists as terrorists and entered their names and personal information into state and federal databases that track terrorism suspects, the state police chief acknowledged yesterday. The police also entered the activists' names into the federal Washington-Baltimore High Intensity Drug Trafficking Area database, which tracks suspected terrorists. One well-known antiwar activist from Baltimore, Max Obuszewski, was singled out in the intelligence logs released by the ACLU, which described a 'primary crime' of 'terrorism-anti-government' and a 'secondary crime' of 'terrorism-anti-war protesters.'"

According to the article, "Both [former state police superintendent Thomas] Hutchins and [Maryland Police Superintendent Terrence] Sheridan said the activists' names were entered into the state police database as terrorists partly because the software offered limited options for classifying entries." Reader kcurtis adds "The State Police say they are purging the data, but this is one more example (on top of yesterday's news that datamining for terrorists is not feasible due to false positives) of just how badly the use of these lists can be abused."

Changing concepts. In the Cloud, storage cost isn't based on volume...

Google broadens e-mail archiving service

Posted by Elinor Mills October 8, 2008 4:02 PM PDT

Appealing to organizations burdened by federal rules requiring electronic message retention, Google is offering hosted e-mail archiving for up to 10 years for $45 per user per year. The service works with a company's existing e-mail infrastructure and has no storage limit.

Now this could be useful!

Finally! Google to Offer RSS Feeds for Web Search Results

Written by Marshall Kirkpatrick / October 8, 2008 1:20 PM

A rumor that's been floating around the web lately is that Google will offer RSS feeds for new results in basic web search. Today Search Engine Land confirmed that Google will "soon" offer this functionality. Why is this big news? Because there's no better way to keep track of new mentions of a company, person or concept online than through RSS.

Tools & Techniques

Recovering Blurred Text Using Photoshop and JavaScript

Posted by timothy on Wednesday October 08, @06:31PM from the careful-how-you-hide-stuff dept. Security

An anonymous reader writes

"There's been a lot of talk about recovering blurred or pixelated text, but here's an actual implementation using nothing but Photoshop and a little JavaScript. Includes a Hollywood-esque video showing the uncovered letters slowly appearing."

Pure evil: Send this to your dieting friends.

10 Ways to Eat More Bacon

Wednesday, October 08, 2008

If the data is properly encrypted, is this “breach report” necessary?

Laptop stolen containing UND Alumni info of 75,000-plus alums, donors, others

Tuesday, October 07 2008 @ 04:50 PM EDT Contributed by: PrivacyNews

A laptop computer containing sensitive personal and financial information on more than 75,000 UND alumni, donors and others was stolen last month from a vehicle belonging to a software vendor retained by the UND Alumni Association.

The laptop has not been recovered, but the sensitive information, including individuals’ credit card and Social Security numbers, was protected by a data encryption system and other security controls, according to the Alumni Association.

Source - G

Privacy and Buggy Whips. Symbols of a bygone age?

'Overplayed' privacy concerns rile Symantec boss

Tuesday, October 07 2008 @ 01:19 PM EDT Contributed by: PrivacyNews

Consumers ought to accept that loss of privacy is the price they pay for using internet service, according to Symantec chief exec John Thompson.

Echoing Scott McNealy's opinion that "you have no privacy, get over it," the Symantec boss expressed surprise that information such as IP addresses is regarded as sensitive.

"Some people think of everything as private, including information such as IP addresses. I don't get that," Thompson told El Reg.

Source - The Register

If X plus Y plus Z then Terrorist! (But we don't know what X, Y and Z are...)

Counterterrorist Data Mining Needs Privacy Protection

Tuesday, October 07 2008 @ 04:54 PM EDT Contributed by: PrivacyNews

In a sweeping new report that examines the balance between security and privacy, The National Research Council (NRC) recommends that the U.S. government rethink its approach to counterterrorism in light of the privacy risks posed by unchecked data mining and behavioral surveillance.

The NRC report, "Protecting Individual Privacy In The Struggle Against Terrorists," is the culmination of three years of discussions and research aimed at providing the government with a framework for thinking about existing and future information-based counterterrorism programs. Former U.S. Secretary of Defense William Perry co-chaired the study committee.

Source - InformationWeek

[From the article:

A live audio Webcast should be available at the National Academies site. [Now a downloadable Podcast Bob]

A foretaste of things to come. “It's Ron Paul, with 2,056 of the 1400 votes cast!”

Florida Primary Recount Reveals Grave Voting Problems One Month Before Presidential Election

By Kim Zetter October 07, 2008 | 8:00:00 PM

A month of primary recounts in the election battleground of Palm Beach County, Florida, has twice flipped the winner in a local judicial race and revealed grave problems in the county's election infrastructure, including thousands of misplaced ballots and vote tabulation machines that are literally unable to produce the same results twice.

You be the Spin Doctor: Does this suggest that people are more curious about Obama than McCain? Are McCain supporters less likely to own/use a computer? Are Obama supporters more gullible? Are McCain supporters trying for a “can of Spam in every pot?”

Obama Beats McCain In Spam Landslide

Posted by CmdrTaco on Wednesday October 08, @08:50AM from the well-isn't-that-unfortunate dept.


An anonymous reader writes

"The New York Times runs an article about the spammers' choice of presidential candidate. From the article: "According to Secure Computing Corp., spammers were nearly seven times more likely to slap Obama's name in the subject line than McCain's during September. The bulk of Obama's lead in the spam wars came from a massive blitz early in the month." Secure Computing released additonal numbers for the past weeks, and McCain was able to close the gap in the latest spammers' poll."

Tools & Techniques: One component of a small business model for computer leasing & support. (There are several tools like this one.) - Remote Access & Support Software

Instant Housecall is a software solution geared toward corporations and individuals that lets I.T. helpdesks provide remote support by viewing and controlling personal computers, regardless of where the user is located.

They offer three versions of their software:

- Free Edition - free for personal use:

- Express Edition - full featured remote support for small businesses and one-man I.T. shops

- Professional Edition - full featured remote support and unattended remote access with full branding capability

... Remote access for customers is implemented by invitation only. This means that the company’s representative leaves his calling card on the customer’s desktop in order to make it simpler for them to get remote access from the corporation.

Perhaps we should outsource?

Report Warns U.S. Could Lose Space-Spy Dominance

By Noah Shachtman October 07, 2008 | 6:42:00 PM

America has become so lousy at building spy satellites that "the United States is losing its preeminence in space," a Congressional intelligence report declares. What's worse, this decline comes as "emerging space powers such as Russia, India and China" are getting better and better at snooping from above.

The gloomy report, approved last Friday by the House's technical and tactical intelligence subcommittee, was originally obtained by CQ scoopster Tim Starks. "A once robust partnership between the U.S. Government and the American space industry has been weakened by years of demanding space programs, the exponential complexity of technology, and an inattention to acquisition discipline," the document states.

NASA's woes get most of the headlines — especially since the U.S. civilian space program may be forced to depend on Russia to get into orbit. But the American military space effort has been a wreck for quite some time, too. Misty, a super-secret satellite program had to be canceled last year. Since 1999, the military has spent nearly $10 billion to produce a set of so-called "Future Imagery Architecture" eyes in orbit. When they finally managed to launch one in 2006, it died instantly — and then had to be shot down, before it plummeted to Earth. Earlier this year, the once-secretive, once-proud Pentagon agency that oversees spy satellites, the National Reconnaissance Agency, had some of its authority stripped away. More recently, a high-level military commission recommended shuttering the office entirely.

Part of the problem is that the United States has "no comprehensive space architecture or strategic plan [for] current and future national security priorities," the report states.

Golbal Warming! Global Warming! The definition of an “Ice Age” is: “There be glaciers!” So we are coming out of an Ice Age and moving into an “Inter Glacial Period” (there is no catchy name for a non-Ice Age, but we have had them before...) If you asked the average citizen if he would prefer living in a Ice Age or not, my guess is he would say “Not!” So is global warming bad?

99% of Alaska's Glaciers Are Melting — Most of Alaska's glaciers are retreating or thinning or both, a new book by the U.S. Geological Survey reports. About 5 percent of Alaska's area is covered by more than 100,000 glaciers — that's about 29,000 square miles (75,000 square kilometers), or more than the entire state of West Virginia.

Tuesday, October 07, 2008

Wasn't this obvious? Statements like this are not fact, they are Public Relations

"We have no evidence that the data have been misused..."

Monday, October 06 2008 @ 02:32 PM EDT Contributed by: PrivacyNews

The next time you read a statement that a breached entity has found no evidence of data misuse, remember this: data may have been misused even though entities are unaware of it.

Tim Wilson of Dark Reading provides a current example of why entities should inform customers, this one involving the T-Mobile breach that affected 17 million customers. The company found no evidence of data misuse and based on the recovery of the device and their own investigation, never informed the customers in 2006. But Der Spiegel found that the data were for sale on the internet.

You can read more in Dark Reading.

Another report of the obvious?

University Security Breaches on the Rise Again

Monday, October 06 2008 @ 02:30 PM EDT Contributed by:PrivacyNews

The number of security breaches at colleges and universities has risen for the second year in a row, but the cause of the increase is still unclear, says Adam Dodge, who runs Educational Security Incidents, a Web site that tracks information breaches as they are reported.

According to Mr. Dodge, security breaches have already occurred this year at about 150 institutions, up from 112 colleges that reported such incidents in 2007. Only 65 institutions said they were affected by security breakdowns in 2006.

Source - Chronicle of Higher Education

California white paper: On the front lines of identity theft

Texas white paper: Officials face a colossal challenge

Arizona White Paper finds Arizona in a class by itself.

Another report. (Years must be getting shorter...)

Data breaches best 2007 record

Posted by Robert Vamosi October 6, 2008 3:04 PM PDT

There have been 516 large security breaches this year to date, according to the ID Theft Resource Center, with 30,382,786 consumers potentially exposed.

That number is significant, because it's greater than the record number of breaches reported in 2007, said the ITRC, which released its report (PDF) last week. Part of the rise is the result of increased disclosure to consumers affected by breached organizations, as required by state laws. The ITRC also attributed the increase to its ability to access state attorney general notification lists; these often contain breaches that were not reported via media or other sources.

Tools & Techniques There are many type of systems (passports, voting machines, toll payment) that rely on proprietary security features. There are no penalties for bad security. Something is wrong with this process.

UK: Oyster card hack details revealed

Monday, October 06 2008 @ 11:54 AM EDT Contributed by: PrivacyNews

Details of how to hack one of the world's most popular smartcards have been published online.

The research by Professor Bart Jacobs and colleagues at Radboud University in Holland reveals a weakness in the widely used Mifare Classic RFID chip.

This is used in building entry systems and is embedded in the Oyster card used on London's transport network.

Source - BBC

If Brazil can make it work, why can't Florida?

Linux-Based E-Voting In Brazil

Posted by kdawson on Tuesday October 07, @05:36AM from the watch-and-learn-grasshopper dept. Government Linux Business Politics

John Sokol writes

"I just heard from a good friend and Linux kernel hacker in Brazil that they have just finished their municipal election with 128 million people using Linux to vote. They voted nationwide for something like 5,000 city mayors. Voting is mandatory in Brazil. The embedded computer they are using once ran VirtuOS (a variant of MSDOS); it now has its own locally developed, Linux-based distro. These are much nicer, smaller, and cheaper than the systems being deployed here in the US. Here is a Java-required site with a simulated Brazilian voting system. It's very cool; they even show you a picture of the candidate you voted for."

No doubt this will sell well to a small segment of the market. We'll have to see if it causes any problems.

Ford To Introduce Restrictive Car Keys For Parents

Posted by kdawson on Tuesday October 07, @12:21AM from the no-you-cannot-borrow-my-keys dept. Transportation Technology

thesandbender writes

"Ford is set to release a management system that will restrict certain aspects of a car's performance based on which key is in the ignition. The speed is limited to 80, you can't turn off traction control, and you can't turn the stereo up to eleven. It's targeted at parents of teenagers and seems like a generally good idea, especially if you get a break on your insurance."

The keys will be introduced with the 2010 Focus coupe and will quickly spread to Ford's entire lineup.

Got brains? - Open Innovation Philanthropy

Philoptima is an open innovation platform that has a very specific aim, namely connecting grant makers with researchers so that these individuals can collaborate and find solutions for different community problems. Philoptima helps foundations, donors, and other grant makers clearly describe a community challenge and create a cash prize to spur innovative ideas to help solve the problem in question.

Using the featured Open Innovation Philanthropy system, prize makers can deal with a wide variety of community problems by connecting them to consultants, researchers, and experts offering best-practice solutions using an internet-based open innovation platform.

The site itself is split into several subsections, and the ones named “Prize Makers” and “Researchers” provide a good overview of the services on offer along with concise information on the system’s implementation. For its part, a “Find a Consultant” section is also included, and those looking for expert advice can register in order to receive assistance. Registration is free, and it simply entails furnishing the organization’s name along with contact information.

...but of course no one will actually read them.

October 06, 2008

GPO Launches Congressional Reports Browse Feature

Congressional Reports: Browse - "To browse a current catalog of congressional reports available on GPO Access, click on the link for the appropriate Congress and session below. Catalogs are available for the 110th Congress. Links are included with each congressional report listed in the catalog, which retrieve the text of the corresponding document as an ASCII text or PDF file. If a congressional report is not listed in the catalog, it is not available electronically via GPO Access at this time."

Big events in the night sky got me thinking...

Small Asteroid On Collision Course With Earth

Posted by kdawson on Monday October 06, @08:11PM from the big-kaboom dept. Space News

musatov writes

"There's talk on The Minor Planet Mailing List about a small asteroid approaching Earth with a 99.8% probability of colliding. The entrance to the Earth's atmosphere will take place October 7 at 0246 UTC (2:35 after this story goes live) over northern Sudan, releasing the energy of about a kiloton of TNT. The asteroid is assumed to be 3-4 meters in size; it is expected to burn up completely in the atmosphere, causing no harm. As a powerful bolide, it may put on quite a show in the sky. For those advanced enough in astronomy to observe, check the MPEC 2008-T50 and MPEC 2008-T64 circulars. NASA's JPL Small Body Database has a 3D orbit view. The story has been already picked up by CNN and NASA."

Related ...and sure tnough...

The Professional Pilots Rumour Network

The Tel Aviv Observatory are warning of a possible meteor shower in the vicinity of Tehran & a number of other sites within Iran, sometime in the near future. The Observatory is concerned that eyewitnesses might misinterpret the event as some type of hostile military action. They wish to assure the Iranians that there is no cause for alarm...

For the Visual Communications students

Huge Collection of Photoshop Tutorials from A-Z — From digital photography to basic design.

Not rated PG, but funny.

The Economist Magazine Sums Up The Financial Crisis... — If you feel at a loss for words to describe the now global financial cover, this spoof cover for September's Economist says it all, "Oh f**k!" Download the large version, suitable for framing or desktop wallpaper, inside..

For god's sake, don't show this to my wife!

Pimp My Pony: Gear for the Equestrian Commute

By William Snyder Email 09.22.08

Monday, October 06, 2008


Data “Dysprotection:” breaches reported last week

Monday, October 06 2008 @ 06:02 AM EDT Contributed by: PrivacyNews

A recap of incidents or privacy breaches reported last week for those who enjoy shaking their head and muttering to themselves with their morning coffee.

Source - Chronicles of Dissent

Possibility: Jets are ready to roll

Possibility: Another way to make Iran stop and think

Possibility: French like headlines showing how statesmanlike they are.

Probability: French like headlines showing how they support Iran (can we have more contracts, please?)

France urges Israel not to attack Iran

Sun Oct 5, 2008 1:48pm EDT

JERUSALEM (Reuters) - French Foreign Minister Bernard Kouchner has urged Israel not to launch a military strike against Iran's nuclear program, an Israeli newspaper reported on Sunday

Open Source Intelligence

October 05, 2008

Sunlight Foundation Releases First Online Foreign Agent Lobbying Database

News release: "...the Sunlight Foundation is releasing a beta version of FARAdb, which digitizes disclosures filed by lobbyists representing 15 foreign countries required by the Foreign Agent Registration Act. These reports are filed twice a year by firms hired to lobby Congress and the executive branch by foreign governments, political parties, individuals and organizations–including for-profit companies. The lobbying firms disclose specific details about which government officials, including members of Congress and their staffs, were contacted by lobbyists for each client, and gives details about what specific issues were discussed. The firms must also disclose all the campaign donations made by their employees who lobby for foreign clients."

Tools & Techniques: Who profits?

A Wikipedia Conspiracy and the Wall Street Meltdown

Posted by kdawson on Sunday October 05, @05:14PM from the controlling-the-public-discourse dept. The Media The Almighty Buck The Internet

PatrickByrne writes

"This is The Register's world-class investigative piece concerning one aspect of the meltdown on Wall Street ('naked short selling') and how the criminals engaged a journalist to distort Wikipedia to confuse the discourse. The article explicitly and formally accuses a well-known US financial journalist, Gary Weiss, of lying about his efforts to distort a Wikipedia page under assumed names, and accuses the Powers That Be in Wikipedia (right up to and including Jimbo Wales) of complicity in protecting Weiss. This is not another story about a 15-year-old farm kid in Iowa pretending to be a professor. This is like the worst Chomskian view of Elites manipulating mass opinion. But it is all documented."

We discussed the alleged Wikipedia manipulation when The Register first wrote about it last December. The submitter is the CEO of and a major player in this drama from the beginning.

Tools & Techniques: Vulnerabilities in a connected world.

October 6, 2008

New Cross-Site Request Forgery Attacks


CSRF vulnerabilities occur when a website allows an authenticated user to perform a sensitive action but does not verify that the user herself is invoking that action. The key to understanding CSRF attacks is to recognize that websites typically don't verify that a request came from an authorized user. Instead they verify only that the request came from the browser of an authorized user. Because browsers run code sent by multiple sites, there is a danger that one site will (unbeknownst to the user) send a request to a second site, and the second site will mistakenly think that the user authorized the request.

If a user visits an attacker's website, the attacker can force the user's browser to send a request to a page that performs a sensitive action on behalf of the user. The target website sees a request coming from an authenticated user and happily performs some action, whether it was invoked by the user or not. CSRF attacks have been confused with Cross-Site Scripting (XSS) attacks, but they are very different. A site completely protected from XSS is still vulnerable to CSRF attacks if no protections are taken.

Paper here.

Toos & Techniques: No encryption system protects data forever.

Encrypted Images Vulnerable To New Attack

Posted by kdawson on Sunday October 05, @04:04PM from the bye-bye-deniability dept. Security Encryption IT

rifles only writes

"A German techie has found a remarkably simple way to discern some of the content of encrypted volumes containing images. The encrypted images don't reveal themselves totally, but in many cases do let an attacker see the outline of a high-contrast image. The attack works regardless of the encryption algorithm used (the widely-used AES for instance), and affects all utilities that use single symmetric keys. More significant to police around the world struggling with criminal and terrorist use of encryption, the attack also breaks the ability of users to 'hide' separate encrypted volumes inside already encrypted volumes, whose existence can now for the first time be revealed."

The discoverer of this attack works for a company making full-disk encryption software; their product, TurboCrypt, has already been enhanced to defeat the attack. Other on-the-fly encryption products will probably be similarly enhanced, as the discoverer asserts: "To our knowledge is the described method free of patents and the author can confirm that he hasn't applied for protection."

Business models: It all depends on your strategy. Keeping customers in line or giving them what they want. (It also make them a takeover terget.)

Verizon bets big on network infrastructure

Posted by Marguerite Reardon October 6, 2008 4:00 AM PDT

From Verizon CIO Shaygan Kheradpir's 38th floor apartment on the Upper East Side of Manhattan with panoramic views of the East River, I saw first-hand the fruits of the company's $23 billion gamble to build a new fiber network directly to customers' doorsteps and a glimpse into where the strategy will lead next.

Kheradpir had invited a handful of journalists to his swank pad to show off the latest enhancements to Verizon's Fios TV service. The new features, which include everything from new widgets for getting weather and local traffic to a specially designed ESPN fantasy football application to remote control of DVRs, are rolling out across Verizon's Fios footprint right now with New York, Verizon's largest market, expected to get the enhancements starting October 9th.

While its cable competitors look for ways to curb their customers' usage of their networks by either slowing down certain applications or metering usage, Verizon plans to spend about $23 billion through 2010 to take fiber directly into people's homes to actually increase the amount of bandwidth people consume. The company also recently spent $9 billion on 700Mhz spectrum in the Federal Communications Commission's auction, which it plans to use to build a new fourth-generation wireless broadband network, again with the hope that people will choose bandwidth-intensive applications.

... So far, Verizon's gamble appears to be paying off. In areas where it sells Fios TV, Verizon has been able to steal customers from cable and satellite providers. And as of the end of June this year, Verizon had increased its Fios TV penetration rate to 19.7 percent from 13.3 percent in 2007. In total, the company has 1.4 million Fios TV subscribers.

Verizon is also getting high marks from customers. In a recent J.D. Power and Associates survey, Verizon Fios TV ranked higher than cable or satellite in terms of customer satisfaction. Specifically, customers said Fios TV's picture clarity and programming exceeded their expectations. AT&T, which provides its U-Verse service, also got high marks for its IPTV offering.

Verizon's goal is to attract 4 million customers by 2010, giving it a market penetration of about 25 percent. And it hopes to attract about 7 million Fios Internet customers, for a penetration rate of 35 to 40 percent.

Wager with self: After months of 'effort' and millions in treasure, the final report will not mention the On/Off switch.

Senate Votes To Empower Parents As Censors

Posted by kdawson on Monday October 06, @08:05AM from the you-are-what-you-block dept.

unlametheweak recommends an Ars Technica report that the US Senate has unanimously passed a bill requiring the FCC to explore what "advanced blocking technologies" are available to parents to help filter out "indecent or objectionable programming." "...the law does focus on empowering parents to take control of new media technologies to deal with undesired content, rather than handing the job over to the government. It asks the FCC to focus the inquiry on blocking systems for a 'wide variety of distribution platforms,' including wireless and Internet, and an array of devices, including DVD players, set top boxes, and wireless applications."

Sunday, October 05, 2008

Want better Privacy laws? Get the attention of someone (even a not-so-nice someone) in the public eye.

F1 chief seeks new privacy laws after orgy case

Sunday, October 05 2008 @ 05:50 AM EDT Contributed by: PrivacyNews

Motor racing chief Max Mosley wants Europe to toughen up media privacy laws after he was awarded 60,000 pounds in damages because a newspaper published details of his role in a sado-masochistic orgy.

The head of Formula One's governing body will Monday ask the European Court of Human Rights to force newspapers to notify individuals before publishing information about private lives, Mosley's lawyer said in a statement Saturday.

Source - Reuters

Simple (trivial) column about Identity Theft, but again it suggests there isn't a good comprehensive guide availbale for victims. Anyone want to write one?

Identity theft victims have rights to records

Posted by Sheryl Harris/Plain Dealer Consumer Affairs Reporter October 05, 2008 03:28AM

Categories: Consumer affairs Sheryl Harris writes this column in The Plain Dealer on Sundays.

PLAIN DEALING A weekly column about consumer affairs

... The Miami, Ohio, police, with whom you filed your police report, said T-Mobile did not provide it with any records about the account. You also said you had requested records, to no avail.

Company spokeswoman Michelle Webb, however, said by e-mail that T-Mobile would have provided the information if you'd requested it under provisions of the Fair Credit Reporting Act.

... As part of a standard investigation, she said, the company does examine the numbers called against a consumer's other phone accounts or credit report to determine if the account was activated by an unknown party.

You can never be too paranoid.

Will ParanoidLinux Protect the Truly Paranoid?

Posted by kdawson on Saturday October 04, @04:30PM from the tinfoil-laptop-carrying-case dept. Linux Business Privacy

ruphus13 writes

"There are still places on the world where having anonymity might mean the difference between life and death. Covering one's tracks is considered to be of such paramount importance that we are now witnessing the rise of a Linux distro catering to the most paranoid. The 'alpha-alpha' version of ParanoidLinux is now out. But is this the best way to protect oneself? Couldn't it be easily circumvented? The article asks, 'Why is it necessary to put the applications and services designed to protect anonymity, to encrypt files, to make the user nameless and faceless, all together, in one distribution? Let's think in a truly paranoid manner. Wouldn't it be far easier for a nefarious government organization to target that distribution's repositories, mirror that singular distribution's disk images with files of its own design, and leave every last one of that distribution's users in the great wide open?' What should truly paranoid user do?"

Related This makes things easier for their e-warfare divisions

Report Says China Will Demand Source Code

Posted by kdawson on Sunday October 05, @04:53AM from the said-the-spider-to-the-fly dept.

An anonymous reader alerts us to a two-week-old story that hasn't gotten much traction in the press to date. A Japanese newspaper and the AP report that China plans to demand source code from hardware manufacturers, and ban the sale of products from companies that don't comply. China is calling this an "obligatory accreditation system for IT security products." The plan is to go into effect next May, according to sources.

"Products expected to be subject to the system are those equipped with secret coding, such as [a] contactless smart card system developed by Sony Corp., digital copiers, and computer servers. The Chinese government said it needs the source code to prevent computer viruses taking advantage of software vulnerabilities and to shut out hackers. [Riiight.. Bob] However, this explanation is unlikely to satisfy concerns that disclosed information might be handed from the Chinese government to Chinese companies. There also are fears that Chinese intelligence services could exploit such confidential information by making it easier to break codes used in... digital devices."

1) Choose your business plan, then 2) IMPLEMENT IT (Step two is as important as step one) Apparently Paramount didn't tell the IT guys how many DVDs they shipped...

"Iron Man" Release Brings Down Paramount's Servers

Posted by kdawson on Saturday October 04, @11:35PM from the super-hero-effect dept. Media Movies Entertainment

secmartin writes

"Shortly after the release of Iron Man on Blu-ray on October 1, people started complaining of defective discs; the problem turned out to be that all the Blu-ray players downloading additional content brought down Paramount's BD-Live servers, causing delays while loading the disc. Which really makes you wonder what will happen when they decide to shut down this service in a couple of years."

An undeclaired tech war that isn't getting much press...

Amazon Kindle 2 Leaked, Sony Reader To Get Touch Screen

Posted by Soulskill on Saturday October 04, @01:24PM from the upgrades dept.

suraj.sun writes with news that the e-book reader market is getting more competitive. The Boy Genius Report got its hands on pictures of the Kindle 2, successor to Amazon's first e-book gadget. The new version is a bit bigger, with edges that are less awkward, and it has a revamped key layout. On the same day these pictures were found, Sony announced that a new model of its Reader would be getting a touchscreen, allowing users to "turn the page by swiping their finger across the screen" and "annotate text using a touchscreen keyboard." The advances for each gadget may help them regain market share against the iPhone, which, according to Forbes, has eclipsed both in popularity as a reading device. Hopefully the competition for sales and the work being done by the OLPC Project will help to drop prices as well.

Another Cloud tool. Might be a good way to ensure you have your presentation with you when you travel...

280 Slides

Every college bookstore should stock these!

Saturday, October 04, 2008

Worst USB Gadget Yet: USB Drive Full Of Beer

Someone from tchotchky seller CNK Promotions sent me a note hawking a new line of attention-grabbing "LIQUID-FILLED USB DRIVES," with the "option of 3D 'floaters'." The example pasted into the e-mail was this awesome -- I mean awful -- Budweiser drive. Capacities range from 128 MB to 8 GB, and prices from $8.84 each to $40 depending on capacity, options and how many you order.