Saturday, October 18, 2008

I wonder if any other corporate asset gets “lost” as frequently as backup tapes? Perhaps in ancient times, cash was “lost” in transit, but we went to electronic funds transfer and that rarely happens today. Perhaps electronic transfer of backup data would solve this problem?

Lost backup tape contains Regal Entertainment Group personal data

Friday, October 17 2008 @ 08:46 PM EDT Contributed by: PrivacyNews

On September 17, ID Experts notified the New Hampshire Attorney General's Office that a backup tape belonging to Regal Entertainment Group that contained personal data was lost on August 29, 2008.

In its notification to those affected, the company writes:

We recently learned that individual employees violated established procedures during a routine exercise and lost some supplier's and other individual's data which was contained on a system backup tape. Our investigation indicates that some of your personal information, including your Social Security number, name, and address may have been included in the lost backup tape. However, it is important to note that absolutely no customer or guest data was exposed.

The bulk of the notification to the state and those affected outlines the free services Regal is offering those affected and what people can do to protect themselves after the fact, but apart from indicating that 120 NH residents were affected, their disclosure does not indicate how many individuals were affected total and whether the data on the backup tape were encrypted. Nor do they explain how the employees violated procedure.

Breach Blog makes a few good points...

More than 3000 affected by 11 day exposure

Posted by Evan Francen at 10/17/2008 1:07 PM

... inadvertently posted on the Web site on Sept. 29 during a site upgrade

[Evan] This is a good reason why we use change control and a good reason why an integral part of change control is information security involvement. On the surface, a web site upgrade may seem innocent enough, but the risk can be enormous. Everything accessible (on purpose or on accident) on or through a web site is public. Be very careful that ONLY public information is accessible and test the dickens out of it.

The mistake wasn't discovered until Oct. 9, when the file was immediately removed

[Evan] It is not clear how the file was discovered or by whom

... "This is an unfortunate example of human error; however, once we discovered that personal information was posted, ISA took aggressive action to correct the problem, to notify the affected individuals and to prevent this type of disclosure from happening again," said Kevin Ortell, interim chief information officer for ISA.

[Evan] I think this is bigger than a simple "human error". I'm guessing its more like business process error that left the door open to human error.

This takes virtual business to a new level!

Fed Blotter: Alleged Hackers Charged With Highway Robbery, Literally

By Kevin Poulsen EmailOctober 17, 2008 | 4:43:45 PM

In this week's Fed Blotter, Nicholas Lakes and Viachelav Berkovich are charged with computer fraud for a man-in-the-middle attack that allegedly let them run a profitable trucking company without the hassle of driving a truck.

For over three years the Russian immigrants repeatedly hacked a Department of Transportation website called, which maintains a list of licensed interstate trucking companies and brokers, according to an affidavit (.pdf) filed by a department investigator. There, the pair would temporarily change the contact information for a legitimate trucking company to an address and phone number under their control.

The men then took to the web-based "load boards" where brokers advertise cargo in need of transportation. They'd negotiate a deal, for example, to transport cargo from American Canyon, California, to Jessup, Maryland, for $3,500.

But instead of transporting the load, Lakes and Berkovich would outsource the job to another trucking company, the feds say, posing as the legitimate company whose identity they'd hijacked. Once the cargo was delivered, the men allegedly invoiced their customer and pocketed the funds. But when the company that actually drove the truck tried to get paid, they'd eventually discover that the firm who'd supposedly hired them didn't know anything about it.

The men allegedly pulled in nearly $500,000 in the scheme before Smokey caught up with them. They're charged (.pdf) with computer, mail and wire fraud in a federal indictment in Los Angeles.

This could be useful for my students and for the school - Online Survey Software Tool

This company provides tools for creating surveys of very different denomination, and there are different plans to choose from. The features of these are described in the section that goes by the corresponding name. Basically, free surveys come with multi-lingual support (which means that every element at play can be set in the language the user chooses), and a track response feature (useful for seeing exactly who answered the survey and how).

Extra features that are part of the different plans available include tools for filtering results and image upload as answer choices, along with a bigger degree of customization. For instance, the user can brand surveys by including its own logo, and create custom themes that can also be saved and used later on.

You can find more about the features of each specific plan along with pricing information by setting your browser to The site also features sample surveys that are illustrative of the services on offer and how they can make for reaching an immediate public in an effective way.

I looked, but the don't have PERL... - Video Community For Learning Languages

Self-dubbed as “the first global video community for learning languages”, Lingorilla stands as a useful resource that takes full advantage of the latest technological developments that the Internet has brought along.

The approach of the site is very commendable, because (as any linguist can tell you) the one and true manner of picking up a language is actually living in the country where it is spoken. To a certain extent, what Lingorilla does is to bring the country to you by providing a live sampler of how is the language spoken. And it is not only a matter of pronunciation – facial gestures and expressions are also an intrinsic part of any language, and through Lingorilla you will have access to that.

Further resources include quizzes for testing your progress, and learning documents that can be consulted whenever you wish. Flashcards for expanding your vocabulary are likewise featured.

The site also has a social network flavor to it since you can make friends from all over the globe, and join in the existing language groups. It is also possible for you to create a group of your own. [COBOL anyone? Bob]

Geeky Stuff

BSDanywhere Announces First Release

Posted by ScuttleMonkey on Friday October 17, @04:05PM from the anywhere-that-has-an-optical-drive-that-is dept. Operating Systems BSD

The call of ktulu writes

"Good things come to those who wait. After eight months of work the relatively new project BSDanywhere has announced its first final release 4.3. BSDanywhere is a bootable Live-CD image based on OpenBSD. It consists of the entire OpenBSD base system (without compiler) plus enlightenment desktop, an unrepresentative collection of software, automatic hardware detection and support for many graphics cards, sound cards, SCSI and USB devices as well as other peripherals. Give it a spin."

Also geeky

Mainframe OpenSolaris Now Available

Posted by ScuttleMonkey on Friday October 17, @12:27PM from the better-late-than-never dept. Sun Microsystems IBM Operating Systems

BBCWatcher writes

"When Sun released Solaris to the open source community in the form of OpenSolaris, would anyone have guessed that it would soon wind up running on IBM System z mainframes? Amazingly, that milestone has now been achieved. Sine Nomine Associates is making its first release of OpenSolaris for System z available for free and public download. Source code is also available. OpenSolaris for System z requires a System z9 or z10 mainframe and z/VM, the hypervisor that's nearly universal to mainframe Linux installations. (The free, limited term z/VM Evaluation Edition is available for z10 machines.) Like Linux, OpenSolaris will run on reduced price IFL processors."

Interesting. I'll put even more emphasis on CSS in my website class

Opera Develops Search Engine For Web Developers

Posted by Soulskill on Saturday October 18, @02:06AM from the web-devs-need-love-too dept. The Internet

nk497 writes

"The Metadata Analysis and Mining Application (MAMA) doesn't index content like a standard search engine, but looks at markup, style, scripting and the technology behind pages. Based on those existing MAMA-ed pages, 80.4 per cent of sites use cascading style sheets (CSS), while the average web page has 47 markup errors and 16,400 characters. Should you want to know which country is using the AJAX component XMLHttpRequest the most, MAMA can tell you that it's Norway, with 10.2 per cent of the data set."

Friday, October 17, 2008

These articles suggest the FBI “infiltrated” the site. Earlier stories claimed they created the site. Either way, the site passed stolen card numbers to crooks. Perhaps “infiltrated” results in fewer lawsuits?

Fraudsters' website shut in swoop

Thursday, October 16 2008 @ 06:35 PM EDT Contributed by: PrivacyNews

A website used by criminals to buy and sell credit card details and bank log-ins has been shut down after a police operation, the BBC has learned.

International forum Darkmarket ran for three years and led to fraud totalling millions of pounds.

Nearly 60 people connected with the site have been arrested in Manchester, Hull and London, as well as Germany, Turkey and the US.

Source - BBC Related - Computerworld: FBI says Dark Market sting netted 56 arrests

Not a case of “We didn't know” rather “We don't care” OR “It's only taxpayers”

Inspector General Report: Two IRS Applications Leave Taxpayer Data at Risk

Thursday, October 16 2008 @ 06:48 PM EDT Contributed by: PrivacyNews

The Internal Revenue Service left taxpayer data exposed by deploying two major computer systems despite knowing that they harbor security vulnerabilities, according to a report released publicly today by the Treasury Inspector General for Tax Administration (TIGTA).

Source - Dark Reading

[From the article:

The IRS discovered the flaws both during the software development process and during the security testing after the systems were deployed, but still went ahead with the partial rollout.

Not “We can, therefore we must” but “We wanna, therefore we gonna”

Can Private Companies Helping the NSA Be Watchdogs, Too?

Thursday, October 16 2008 @ 06:51 PM EDT Contributed by:PrivacyNews

Companies that secretly helped the government's secret anti-terrorism surveillance operations without requiring valid legal orders have found their reputations sullied, their billboards re-decorated and their lawyers busy fending off suits seeking billions in damages. Just ask AT&T.

But given that the government's spooks will continue to rely on private companies -- especially telecoms -- to help with their secret intelligence efforts, could these companies actually serve as a watchdog protecting the country from intrusive, lawbreaking spying?

Jon Michaels, an acting professor at UCLA Law School, thinks they could.

The key, according to Michaels' article in the California Law Review, is making such companies tell the appropriate Congressional committees and inspectors general in regular reports when they transfer information about Americans to the government's spy agencies. Congress also much find a clear way to punish companies which cooperate informally and immunize those who follow legal orders.

Source - Threat Level

One of the little problems with Cloud Computing. You don't have a “service Level Agreement” so you have to plan for outages. (Stop thinking “sole source”)

Extended Gmail outage hits Apps admins

Google has offered no explanation as to what is causing the ongoing Gmail problem nor why it will take the company so long to restore service

By Juan Carlos Perez, IDG News Service October 16, 2008

... At around 5 p.m. Eastern Time on Wednesday, Google announced in the official Google Apps discussion forum that the company was aware of a problem preventing Gmail users from logging into their accounts and that it expected a solution by 9 p.m. on Thursday.

I'm calling this the “Ron Paul for President” scenario. (Perhaps the “Anyone Else” scenario?)

E-voting report: Several states still vulnerable

With election less than three weeks away, study predicts that voting systems in numerous states will fail on November 4

By Grant Gross, IDG News Service October 16, 2008

... The report details which states have not taken precautions against fraud or technical errors associated with e-voting machines and other voting systems:

-- Ten states -- Colorado, Delaware, Kentucky, Louisiana, New Jersey, South Carolina, Tennessee, Texas, Utah, Virginia -- received failing grades in three of four voting security areas.

Related? Ask the Ron Paul design team...

October 16, 2008

Designing a Malicious Processor

From the LEET '08 conference: "Designing and implementing malicious hardware," by Samuel T. King, Joseph Tucek, Anthony Cozzie, Chris Grier, Weihang Jiang, and Yuanyuan Zhou.


Hidden malicious circuits provide an attacker with a stealthy attack vector. As they occupy a layer below the entire software stack, malicious circuits can bypass traditional defensive techniques. Yet current work on trojan circuits considers only simple attacks against the hardware itself, and straightforward defenses. More complex designs that attack the software are unexplored, as are the countermeasures an attacker may take to bypass proposed defenses.

We present the design and implementation of Illinois Malicious Processors (IMPs). There is a substantial design space in malicious circuitry; we show that an attacker, rather than designing one specific attack, can instead design hardware to support attacks. Such flexible hardware allows powerful, general purpose attacks, while remaining surprisingly low in the amount of additional hardware. We show two such hardware designs, and implement them in a real system. Further, we show three powerful attacks using this hardware, including login backdoor that gives an attacker complete and highlevel access to the machine. This login attack requires only 1341 additional gates: gates that can be used for other attacks as well. Malicious processors are more practical, more flexible, and harder to detect than an initial analysis would suggest.

This would never happen in an English speaking country!

Nation-Wide Internet Censorship Proposed for Australia

Posted by timothy on Friday October 17, @05:51AM from the unarmed-populace dept. Censorship Government The Internet Politics

sparky1240 writes

"While Americans are currently fighting the net-neutrality wars, spare a thought for the poor Australians — The Australian government wants to implement a nation-wide 'filtering' scheme to keep everyone safe from the nasties on the internet, with no way of 'opting out': 'Under the government's $125.8 million Plan for Cyber-Safety, users can switch between two blacklists which block content inappropriate for children, and a separate list which blocks illegal material. ... According to preliminary trials, the best Internet content filters would incorrectly block about 10,0000 [SIC] Web pages from one million."

Related – let them access the data, then arrest them. (We've always had the technology to do this, but the volumes and related delays made it impractical.)

Tool To Allow ISPs To Scan Every File You Transmit

Posted by timothy on Thursday October 16, @06:03PM from the in-case-they-run-out-of-human-tools dept. Privacy The Internet

timdogg writes

"Brilliant Digital Entertainment, an Australian software company, has grabbed the attention of the NY attorney general's office with a tool they have designed that can scan every file that passes between an ISP and its customers. The tool can 'check every file passing through an Internet provider's network — every image, every movie, every document attached to an e-mail or found in a Web search — to see if it matches a list of illegal images.' As with the removal of the alt.binary newgroups, this is being promoted under the guise of preventing child porn. The privacy implications of this tool are staggering."

Is this likely to become common as manufacturers/vendors try to protect the performance or even the “look & feel” of their products?

Android Also Comes With a Kill-Switch

Posted by CmdrTaco on Thursday October 16, @11:28AM from the now-that's-not-very-open dept. Google Cellphones

Aviran writes

"The search giant is retaining the right to delete applications from Android handsets on a whim. Unlike Apple, the company has made no attempt to hide its intentions, and includes the details in the Android Market terms and conditions, as spotted by Computer World: 'Google may discover a product that violates the developer distribution agreement... in such an instance, Google retains the right to remotely remove those applications from your device at its sole discretion.'"

If neighborhoods, why not counties? Perhaps we could patent the process of selecting unique names for babies and then appending family names?

Lawsuit Claims Mapmaking Firm Owns Your Neighborhood

By Marty Graham Email 8 hours ago

A mathematician who pioneered a fractal-based urban-mapping technique is embroiled in a copyright battle that raises legal questions about whether a company can claim ownership of the definition of neighborhoods: their specific locations and boundaries. The dispute highlights a growing movement to quantify the amorphous tendrils connecting communities.

Bernt Wahl had the idea in 2004 to use a blend of mathematical modeling and old-fashioned shoe leather to map out unofficial neighborhoods — areas like Bernal Heights in San Francisco, or New Orleans' French Quarter — whose borders are drawn mostly in the minds of the inhabitants.

Since then, he's produced maps defining more than 18,000 neighborhoods in 350 U.S. and international cities, which are used in everything from search localization to epidemiology. The Federal Deposit Insurance Corp. is currently using Wahl's maps to better understand which neighborhoods are being slammed hardest by the mortgage crisis.

Vermont-based mapping company Maponics is now suing Wahl to keep him from creating any more neighborhood maps "derived from or containing parts of" the original maps he produced four years ago, which defined 7,000 neighborhoods in 100 cities. Wahl did that work as a contractor for a real estate web portal, which then sold the copyright to Maponics. Because American's biggest metropolitan areas were included in the original batch of maps, the lawsuit could effectively bar Wahl from the mapmaking business for good.

Thursday, October 16, 2008

This is an interesting idea... Sort of like government sponsored flu shots...

UK: Police fund tracking software for at-risk laptops

Wednesday, October 15 2008 @ 06:46 PM EDT Contributed by: PrivacyNews

Nottinghamshire Police has begun providing funds for people who live in burglary hotspots to install theft-recovery software on their laptops.

The police force is paying for licences for Absolute Software's ComputraceOne, which connects the company's monitoring centre to a machine every 24 hours, and every 15 minutes if it is reported stolen.

Source - ZDnet Thanks to Brian Honan for this link.

[From the article:

Absolute Software said that, even if a thief tries to wipe the system, the application self heals and allows the tracking process to continue. It is loaded on the hard drive of a computer, while support for the ComputraceOne agent is embedded in the Bios. [Think: Rootkit! Bob] If the hard drive is reformatted or replaced, the ComputraceOne agent support in the Bios rebuilds the necessary application files on the hard drive as required by the customer.

Other police forces, including West Midlands Police, have used the software and have been able to return several laptops.

Legal reasoning? Perhaps something was lost in translation.

UK Court Rejects Encryption Key Disclosure Defense

Posted by samzenpus on Thursday October 16, @03:59AM from the do-not-pass-go dept. Security

truthsearch writes

"Defendants can't deny police an encryption key because of fears the data it unlocks will incriminate them, a British appeals court has ruled. The case marked an interesting challenge to the UK's Regulation of Investigatory Powers Act (RIPA), which in part compels someone served under the act to divulge an encryption key used to scramble data on a PC's hard drive. The appeals court heard a case in which two suspects refused to give up encryption keys, arguing that disclosure was incompatible with the privilege against self incrimination. In its ruling, the appeals court said an encryption key is no different than a physical key and exists separately from a person's will."

[From the article:

The contents may or may not be incriminating: the key is neutral."

Is this a model for future laws? I don't think so, but I've only skimmed it. My guess is they only beat California because of TJX.

October 15, 2008

Massachusetts Issues Comprehensive ID Theft Prevention Regulations & Executive Order

News release: "In keeping with the Patrick Administration’s commitment to protecting consumers, the Office of Consumer Affairs and Business Regulation (OCABR) last Friday issued a comprehensive set of final regulations establishing standards for how businesses protect and store consumers’ personal information. Additionally, Governor Patrick has signed an executive order requiring all state agencies to immediately take steps to implement security measures consistent with the requirements established by OCABR's regulations for private companies. The order calls for the adoption of uniform standards across government that protect the integrity of personal information and further the objectives of the identity theft prevention law."

In order to protect you from those who would invade your privacy, we need to invade your privacy, because only by acting like terrorists can we stop terrorists. (“In order to liberate the village, we had to destroy it.”)

Every Email In UK To Be Monitored

Posted by samzenpus on Thursday October 16, @12:08AM from the what-are-you-writing dept. Privacy Government

ericcantona writes

"The Communications Data Bill (2008) will lead to the creation of a single, centralized database containing records of all e-mails sent, websites visited and mobile phones used by UK citizens. In a carnivore-on-steroids programme, as all vestiges of communication privacy are stripped away, The BBC reports that Home Secretary Jacqui Smith says this is a 'necessity'."

Canada's Privacy Commissioner seems to take privacy seriously. Would that the UK listened to their colonies – they might still have some.

Ca: Consultation on Covert Video Surveillance Draft Guidance Document

Thursday, October 16 2008 @ 03:54 AM EDT Contributed by: PrivacyNews

The Privacy Commissioner of Canada has prepared a draft guidance document that sets out good practice rules for private sector organizations that are either contemplating or using covert video surveillance.

Through our experience in investigating complaints about covert video surveillance under the Personal Information Protection and Electronic Documents Act (PIPEDA), we have identified a need to educate organizations on the obligation to ensure that covert video surveillance is conducted in the most privacy sensitive way possible. Although the use of covert video surveillance may be appropriate in some circumstances, we view the technology as being inherently intrusive.

Source - Office of the Privacy Commissioner of Canada

Geek stuff...

October 16, 2008

How to Write Injection-Proof SQL

It's about time someone wrote this paper:


Googling for "SQL injection" gets about 4 million hits. The topic excites interest and superstitious fear. This whitepaper dymystifies the topic and explains a straightforward approach to writing database PL/SQL programs that provably guarantees their immunity to SQL injection.

Only when a PL/SQL subprogram executes SQL that it creates at run time is there a risk of SQL injection; and you'll see that it's easier than you might think to freeze the SQL at PL/SQL compile time. Then you'll understand that you need the rules which prevent the risk only for the rare scenarios that do require run-time-created SQL. It turns out that these rules are simple to state and easy to follow.

I'd gloat about this, but my blog provides ample evidence that in my case, it didn't work.

Internet Use Can Be Good For the Brain

Posted by samzenpus on Thursday October 16, @07:57AM from the wasting-time-not-your-brain dept. The Internet Science

ddelmonte writes

"This Washington Post article examines a test conducted at UCLA. The test had two groups, young people who used the Internet, and older people who had never been online. Both groups were asked to do Internet searches and book reading tasks while their brain activity was monitored. "We found that in reading the book task, the visual cortex — the part of the brain that controls reading and language — was activated," Small said. "In doing the Internet search task, there was much greater activity, but only in the Internet-savvy group." [Perhaps older folk think of the Internet as a book? Bob] He said it appears that people who are familiar with the Internet can engage in a much deeper level of brain activity. "There is something about Internet searching where we can gauge it to a level that we find challenging," Small said. In the aging brain, atrophy and reduced cell activity can take a toll on cognitive function. Activities that keep the brain engaged can preserve brain health and thinking ability. Small thinks learning to do Internet searches may be one of those activities."

Dilbert on Computer Crime... Sorta...

Wednesday, October 15, 2008

The Privacy Foundation seminar: Looks like a good one!

Privacy & Legal Ethics: Ethical Concerns for Lawyers Counseling Privacy Data Breaches

FRIDAY, October 24, 2008

Panel I: The Technical/Business Environment Surrounding The Legal Ethics of Privacy Data Breaches

Panel II: Applicable Ethical Rules Governing Lawyers Advice for Privacy Breaches

Round Table Discussion: Navigating The Ethical Minefield of Privacy Breaches

Registration: Diane Bales, Law Coordinator

Reservations required by October 21, 2008 to: or 303.871.6580

Registration Fee: Seminar $20 (lunch is included) CLE Credit $20 (Seminar & CLE is $40) CLE: Ethics – Granted

It's not the Privacy Foundation, but finding parking is easier...

Can't attend the Conference of Data Protection and Privacy Commissioners? Listen to it here....

Wednesday, October 15 2008 @ 05:59 AM EDT Contributed by: PrivacyNews

The 30th International Conference of Data Protection and Privacy Commissioners begins today in Strasbourg, and one of our readers alerts us that if you go to, there's a live stream of the conference sessions.

Bruce Schneier, Simon Davies and others are on one of the panels, which begins at 8:15 EST today.

Crime right out of the box!

Chip and pin scam 'has netted millions from British shoppers'

A sophisticated "chip and pin" scam run by criminal gangs in China and Pakistan is netting millions of pounds from the bank accounts of British shoppers, America's top cyber security official has revealed.

By Henry Samuel in Paris Last Updated: 9:25AM BST 15 Oct 2008

Dr Joel Brenner, the US National Counterintelligence Executive, warned that hundreds of chip and pin machines in stores and supermarkets across Europe have been tampered with to allow details of shoppers' credit card accounts to be relayed to overseas fraudsters.

These details are then used to make cash withdrawals or siphon off money from card holders' accounts in what is one of the largest scams of its kind.

In an exclusive interview with The Daily Telegraph, America's counterintelligence chief said: "Previously only a nation state's intelligence service would have been capable of pulling off this type of operation. [Any indication that wasn't the case here? Bob] It's scary."

An organised crime syndicate is suspected of having tampered with the chip and pin machines, either during the manufacturing process at a factory in China, or shortly after they came off the production line.

In what is known as a "supply chain attack", criminals managed to bypass security measures and doctor the devices before they were dispatched from the factories where they were made.

The machines were opened, tampered with and perfectly resealed, said Dr Brenner, "so that it was impossible to tell even for someone working at the factory that they had been tampered with." They were then exported to Britain, Ireland, the Netherlands, Denmark and Belgium.

Something for your Security Manager?

Flash Cookies, a Little-Known Privacy Threat

Posted by kdawson on Tuesday October 14, @02:43PM from the flashblock-considered-mandatory dept.

Wiini recommends a blog posting exploring Flash cookies, a little-known threat to privacy, and how you can get control of them. 98% of browsers have Macromedia Flash Player installed, and the cookies it enables have some interesting properties. They have no expiration date; they store 100 KB of data by default, with an unlimited maximum; they can't be deleted by your browser; and they send previous visit information and history, by default, without your permission. I was amazed at some of the sites, not visited in a year or more, that still had Flash cookies on my machine. Here's the user-unfriendly GUI for deleting them, one at a time, each one requiring confirmation

Don't they know laws only apply to second class citizens?

McCain Campaign Protests YouTube's DMCA Policy

Posted by kdawson on Wednesday October 15, @08:11AM from the sauce-for-geese dept. Republicans Politics

Colz Grigor writes

"It appears that CBS and Fox have submitted DMCA takedown notices to YouTube for videos from the McCain campaign. The campaign is now complaining about YouTube's DMCA policy making it too easy for copyright holders to remove fair-use videos. I hope they pursue this by addressing flaws in the DMCA."

I think it's not so much the “Google-ization” of Youtube, but the trend away from scheduled tv to video on demand.

YouTube Passes Yahoo As #2 Search Engine

Posted by timothy on Tuesday October 14, @01:27PM from the your-safe-search-is-showing dept. Google The Almighty Buck The Internet The Media Entertainment

Dekortage writes

"According to the latest ComScore rankings, YouTube's search traffic for August surpassed Yahoo's. The latter dropped roughly 5% in traffic from July. Among other things, this means that Google now owns both of the top two search engines. AdAge further speculates on Google's experimental 'promoted videos' cost-per-click advertising on YouTube, suggesting the obvious: more money."

The worlde, she is a-changin'.

Australian State May Give Students Linux Laptops

Posted by kdawson on Tuesday October 14, @07:02PM from the keep-it-cheap dept. Education Linux

Whiteox writes

"The Australian Prime Minister's plan to equip high schools with 'one laptop per child' may go open source. Kevin Rudd's $56 million digital revolution will include 'laptops [that will] run on an open source operating system with a suite of open source applications like those packaged under Edubuntu. This would include Open Office for productivity software, Gimp for picture editing and the Firefox internet browser.' So far this has been considered for New South Wales and I think other states may follow."

Gary Alexander sent me this one. I can't wait to say “I told you so!”

Rice Students Challenge Electronic Voting Machines

Electronic voting machines expert discusses November elections

By News Report October 13, 2008

... "What we've found is that it's very easy to insert subtle changes to the voting machine," Wallach said. "If someone has access and wants to do damage, it's very straightforward to do it."

The good news, according to Wallach, is "when looking for these changes, our students will often, but not always, find the hacks."

e-Discovery I love it when a Judge gets it.

e-Discovery Teams Can Meet the Challenges of the “Zubulake Duty” and Control Excessive Costs

United States District Court Judge Shira A. Scheindlin, one of the leading jurists in the field of electronic discovery, is credited with first establishing what has become known as the Zubulake duty. Judge Scheindlin (shown right) contends that all attorneys who litigate have an affirmative duty to understand their clients’ computer systems sufficiently to know where all of the potential electronic evidence is stored.


Fulbright & Jaworski 2008 Litigation Trends Survey Shows U.S. Companies Preparing for Rise in Litigation Following Two Years of Declines

Tuesday, October 14 2008 @ 03:23 PM EDT Contributed by: PrivacyNews

Following two straight years of reporting declines in the number of new lawsuits and regulatory proceedings - including a drop in large-dollar cases - U.S. companies now anticipate an uptick in new actions and government probes, as well as the need to hire more in-house litigation staff to help manage the expected rise in disputes. Such is the outlook from the 2008 Litigation Trends Survey just published by international law firm Fulbright & Jaworski L.L.P.

... Companies also detect a spike in specific types of actions - nearly a third (32%) of Fulbright respondents reported a jump in multi-plaintiff suits stemming from wage-and-hour claims by employees in the past year, with 29% notching an increase in discrimination cases, including age claims. Companies also cited a noticeable rise in privacy lawsuits, whether class or collective actions.

Source -


Facebook hosts 10 billion photos

Posted by Caroline McCarthy October 15, 2008 5:21 AM PDT

Facebook might not be a photo-sharing site, per se, but there are a heck of a lot of pictures uploaded to it.

Dumb. The phone can't tell if you are driving or riding a bus. No one will opt for this feature (except parents of teenage drivers) so they'll lobby for laws (California seems a good place to start)

Software Holds Cell Phone Calls While Driving

Posted by kdawson on Tuesday October 14, @11:07PM from the hang-up-and-drive dept. Cellphones Transportation

An anonymous reader writes

"Canadian company Aegis Mobility has developed software that detects if a cell phone is moving at 'car' speeds. If so, the software, DriveAssistT, will alert the cellular network, telling it to hold calls and text messages until the drive is over. Calls are not blocked entirely; callers will be notified that the person appears to be driving, but they can still leave an emergency voice mail, which will be sent through immediately."

Ain't technology wonderful?

Computer Error Caused Qantas Jet Mishap

Posted by kdawson on Wednesday October 15, @02:33AM from the gimme-back-my-stick dept

highways sends word that preliminary investigations into a Qantas Airbus A330 mishap where 51 passengers were injured has concluded that it was due to the Air Data Inertial Reference System feeding incorrect information into the flight control system — not interference from passenger electronics, as Qantas had initially claimed. Quoting from the ABC report:

"Authorities have blamed a faulty onboard computer system for last week's mid-flight incident on a Qantas flight to Perth. The Australian Transport Safety Bureau said incorrect information from the faulty computer triggered a series of alarms and then prompted the Airbus A330's flight control computers to put the jet into a 197-meter nosedive... The plane was cruising at 37,000 feet when a fault in the air data inertial reference system caused the autopilot to disconnect. But even with the autopilot off, the plane's flight control computers still command key controls in order to protect the jet from dangerous conditions, such as stalling, the ATSB said."

Because getting it right is useful!

October 14, 2008

New on - Review of CiteGenie

Review of CiteGenie - Automatic Bluebook citations when using Westlaw: Attorney Marc Hershovitz reviews CiteGenie, a new extension for the Firefox web browser that, as its website promises, "automagically" creates Bluebook formatted pinpoint citations when copying from Westlaw.

Worth a look. I see several lessons I'll point to (Okay, steal) for my classes. - Free Online Learning Community

Clivir is an online community that lets you be student and teacher at the very same time. You can browse the existing classrooms and learn from a wide number of lessons, or create your very own lessons and classrooms for the benefit of other internauts.

As it could be expected, the main page is made up of categories such as “Lessons” and “Classrooms” where items of note are featured and can be browsed at will along with the most recent classrooms and lessons that have been added. In addition to that, a “Questions” section is included and both popular and recent questions are showcased. These deal with issues such as “How do you make lessons on Clivir?” and so forth.

Registration must be dealt with in order to take part of online classes or create a classroom. This process comes at no cost, and once it is completed you become a “Clivir”. New Clivirs are displayed on the main page, along with featured Clivirs.

Tuesday, October 14, 2008

The Sargent Schultz Syndrome?

WA: Student information leak under investigation

Tuesday, October 14 2008 @ 05:37 AM EDT Contributed by: PrivacyNews

From the this-wasn't-an-intranet? dept.:

Officials at Olympic College are investigating how confidential student information was leaked and made available online for nearly a year. Currently, four Web sites designed to supplement courses taught at OC have been discovered to have been indexed by popular search engines like Google, violating the Family Educational Rights and Privacy Act.

...."This was supposedly an intranet, that when you set your permissions the only people that are supposed to get to the site are people that are logged into the network and have the permissions to get to that site." said Bilodeau. "Thinking that we had to close it off to the whole world was beyond what I even understood. I thought it was only people here at Olympic College that had accounts."

Source - The Olympian

I think we have another “Disclosure by Dribble” here.

BSkyB pensioner data on stolen Deloitte & Touche laptop

Posted by Evan Francen at 10/13/2008 1:03 PM

... Breach Description:
"Details have emerged of a theft of a laptop containing pension details of BSkyB staff and other firms. The theft, involving an employee from the accountancy firm Deloitte, occurred last month."


Voda in data bungle (Deloitte update)

Tuesday, October 14 2008 @ 05:54 AM EDT Contributed by: PrivacyNews

Vodafone has lost data, including the dates of birth and national insurance numbers of thousands of employees, after a laptop containing pension data was stolen.

The laptop was stolen from external auditor Deloitte during a recent statutory pension scheme audit and also contained employee’s surnames and initials, employee number and grade, as well as pensionable salary, earnings and contribution information.... The laptop contained details of all Vodafone UK staff with pensions as well as scheme holders from BSkyB, Network Rail and Railway Pensions.

“The laptop was protected by a number of security measures, including start up password, operating system user ID / password authentication and encryption."

Source - Mobile News

It would be interesting to see how many stolen Identities passed through this site.

Cybercrime Supersite 'DarkMarket' Was FBI Sting, Documents Confirm

Monday, October 13 2008 @ 06:05 PM EDT Contributed by: PrivacyNews, an online watering hole for thousands of identify thieves, hackers and credit card swindlers, has been secretly run by an FBI cybercrime agent for the last two years, until its voluntary shutdown earlier this month, according to documents unearthed by a German radio network. DS

Source - Threat Level

[From the article:

The FBI almost certainly closed DarkMarket in preparation for a global wave of arrests that will unfold in the next month or so. The site was likely shuttered to avoid an Agatha Christie scenario in which a diminishing pool of cybercrooks are free to speculate about why they're disappearing one-by-one like the hapless dinner guests in Ten Little Indians.

...and maybe we'll toss in a Political Enemy every now and again.

New laws track child predators online

Posted by Stephanie Condon October 13, 2008 2:26 PM PDT

Child predators will be easier to track online because of two new laws President Bush signed Monday.

The Protect Our Children Act--which includes provisions introduced by Sens. Joe Biden (D-Del.), Hillary Clinton (D-N.Y.), and John McCain, (R-Ariz.)--sets requirements for Internet companies to report incidences of child pornography. It also authorizes more than $320 million for the Justice Department over the next five years for, among other things, the Internet Crimes Against Children Task Force.

The president on Monday also signed the Keeping the Internet Devoid of Sexual Predators Act, which requires a sex offender to provide the National Sex Offender Registry with all of his Internet identifiers, such as e-mail addresses.

While the KIDS Act does not permit sex offenders' Internet identifiers to be made public, it does require the attorney general to share the information with social-networking Web sites, so the sites can [Not required? Bob] compare the identifying information with that of their respective users. The bill was sponsored by Chuck Schumer (D-N.Y.) in the Senate and Earl Pomeroy (D-N.D.) in the House.

Interesting argument...

German court says IP addresses in server logs are not personal data

Tuesday, October 14 2008 @ 05:32 AM EDT Contributed by: PrivacyNews

A German court has ruled that website operators are allowed to store the internet protocol (IP) addresses of their visitors without violating data protection legislation. Without additional information, IP addresses do not count as personal data, it said.

Source -

The RIAA lobby strikes again?

President Signs Law Creating Copyright Czar

Posted by kdawson on Monday October 13, @08:07PM from the ip-con dept. Government

I Don't Believe in Imaginary Property writes

"President Bush has signed the EIPRA (AKA the PRO-IP Act) and created a cabinet-level post of 'Copyright Czar,' on par with the current 'Drug Czar,' in spite of prior misgivings about the bill. They did at least get rid of provisions that would have had the DOJ take over the RIAA's unpopular litigation campaign. Still, the final legislation (PDF) creates new classes of felony criminal copyright infringement, adds civil forfeiture provisions that incorporate by reference parts of the Comprehensive Drug Abuse Prevention and Control Act of 1970, and directs the Copyright Czar to lobby foreign governments to adopt stronger IP laws. At this point, our best hope would appear to be to hope that someone sensible like Laurence Lessig or William Patry gets appointed."

A handout for our next Ethics seminar?

Microsoft's Ethical Guidelines

Posted by kdawson on Tuesday October 14, @05:30AM from the oxy-meet-moron dept. Microsoft It's funny. Laugh.

hankwang writes

"Did you know that Microsoft has ethical guidelines? It's good to know that 'Microsoft did not make any payments to foreign government officials' while lobbying for OOXML, and that 'Microsoft conducts its business in compliance with laws designed to promote fair competition' every time they suppressed competitors. In their Corporate Citizenship section, they discuss how the customer-focused approach creates products that work well with those of competitors and open-source solutions. So all the reverse-engineering by Samba and developers wasn't really necessary."

Laptops are passe..

University Tries "One iPhone Per Student"

Posted by ScuttleMonkey on Monday October 13, @03:27PM from the enrollment-and-dropout-numbers-to-spike dept.

alphadogg writes to tell us that one freshman class has a little more than usual to be excited about. When students at Abilene Christian University showed up for their first days of class they were greeted with the choice of either a new iPhone 3g or an iPod Touch plus a package of custom web apps to use on them.

"The hardware is part of the Texas university's pilot mobile learning project, which has been gestating for over a year. About 650 first-year students chose the iPhone, and about 300 the iPod Touch, which is a very similar device but without the 3G radio (both devices incorporate an 802.11g Wi-Fi adapter). ACU pays for the hardware, student (or their parents) select and pay for their monthly AT&T service plan."


Scientists say 1 in 10 iPod users could go deaf

Posted by Chris Matyszczyk October 13, 2008 7:20 PM PDT

Repeating my Redundant Reiteration...

Open source enables value-based business models

Posted by Dave Rosenberg October 13, 2008 5:10 PM PDT

Open source is a development and distribution strategy that software developers use to get their products into the hands of users. It's not a business model.

The business model is found in the additional value that developers (which are often vendors) put on top of the software in the form of support, additional features, etc. These provide revenue opportunities, which in turn creates a business

Global Warming! Global Warming! SUV use is down on the sun...

The Quietest Sun

Posted by kdawson on Tuesday October 14, @02:51AM from the storms-a-comin' dept.

Orbity sends in a Boston Globe report on the unusual calm on the surface of the sun. The photos, many taken in more active solar times, are excellent — see the sequence from last year of a coronal mass ejection carrying away the tail of a comet.

"The Sun is now in the quietest phase of its 11-year activity cycle, the solar minimum — in fact, it has been unusually quiet this year — with over 200 days so far with no observed sunspots. The solar wind has also dropped to its lowest levels in 50 years. Scientists are unsure of the significance of this unusual calm..."

As if to be contrary, New Scientist mentions that the number of sunspots seem to be increasing.

Global Warming! Global Warming! Produce more CO2!

CO2 To Fuel, Closing the "Carbon Loop"

Posted by ScuttleMonkey on Monday October 13, @05:47PM from the squeeze-as-much-as-you-can dept. Science Technology

leprasmurf writes

"Inhabitat has posted an article detailing a recent announcement of a process to turn CO2 into fuel. The process, which used to be considered too energy inefficient, uses a multi-step, low pressure, and low temperature biocatalyst to break the CO2 into 'basic hydrocarbon building blocks.'"

Monday, October 13, 2008


Data “Dysprotection:” breaches reported last week

Monday, October 13 2008 @ 04:55 AM EDT Contributed by: PrivacyNews

A recap of incidents or privacy breaches reported last week for those who enjoy shaking their head and muttering to themselves with their morning coffee.

Source - Chronicles of Dissent

For my Spreadsheet class...

Indonesia's blunder on privacy

Monday, October 13 2008 @ 07:20 AM EDT Contributed by: PrivacyNews

Amid concern on privacy and security on the Internet, Indonesian Ministry of Education put up a database of students online in details and down-loadable files. There are at least 36 million students database listed on the website in the excel files containing names, date and place of birth and addresses!

Source - Toekang IT blog, cnet Asia

...and if she doesn't have copies, there's always that kid in Tennessee...

Court Rules That Palin Must Save Yahoo Emails

Posted by timothy on Sunday October 12, @03:19PM from the hope-yahoo's-ok-with-that dept. The Courts Data Storage Government Privacy United States

quarterbuck writes

"An Anchorage judge has ruled that Governor Sarah Palin must save her emails, as they were apparently used for state business. Last week a Tennessee man was arrested over hacking one of her Yahoo email accounts. The Washington Post also reports that Sarah Palin, her husband, and officials had set up email accounts known only to each other."

We didn't mean voluntary voluntary, we meant manditory voluntary.”

UK: 'ID card guinea pig' pilots ready to call in lawyers

Monday, October 13 2008 @ 07:10 AM EDT Contributed by: PrivacyNews

The British Airline Pilots Association (Balpa) union has warned it may seek a judicial review of the government's ID cards scheme to prevent pilots being forced to carry identity cards.

... "[The review] would be on the basis that we are told repeatedly by ministers that the ID card scheme is voluntary but how can it be voluntary if we stand the prospect of losing our jobs?" he said.

Source -

Meanwhile back in the US, we're turning off Congressional e-mail because Congress doesn't want to be bothered...

October 12, 2008

Commission consults on how to put Europe into the lead of the transition to Web 3.0

News release, September 29, 2008: "Europe could take the lead in the next generation of the Internet. The European Commission today outlined the main steps that Europe has to take to respond to the next wave of the Information Revolution that will intensify in the coming years due to trends such as social networking, the decisive shift to on-line business services, nomadic services based on GPS and mobile TV and the growth of smart tags. The report shows that Europe is well placed to exploit these trends because of its policies to support open and pro-competitive telecom networks as well as privacy and security. A public consultation has been launched today by the Commission on the policy and private sector responses to these opportunities. The Commission report also unveils a new Broadband Performance Index (BPI) that compares national performance on key measures such as broadband speed, price, competition and coverage. Sweden and the Netherlands top this European broadband league, which complements the more traditional broadband penetration index used so far by telecoms regulators."

GO India! Meanwhile back in the US: I had to disconnect the phone to stop all those political ads. Seems I live in (at least) 12 congressional districts...

In: TRAI disconnects more than 10,000 telemarketers' phones news

Monday, October 13 2008 @ 07:18 AM EDT Contributed by: PrivacyNews

New Delhi: Telecom regulator Telecom Regulatory Authority of India, (TRAI) has disconnected 10,051 telephones of telemarketers for repeatedly violating the 'National Do Not Call Registry' (NDNC) a database of telephone numbers of subscribers who do not want to receive unsolicited commercial calls, that was operationalised on 12 October 2007.

Source -

Includes support for Office 2007 formats. 3.0 Is Officially Here

Posted by CmdrTaco on Monday October 13, @08:30AM from the who-needs-office-anyway dept. Software

SNate writes

"After a grinding three-year development cycle, the team has finally squeezed out a new release. New features include support for the controversial Microsoft OOXML file format, multi-page views in Writer, and PDF import via an extension. Linux Format has an overview of the new release, asking the question: is it really worth the 3.0 label?"

Crime does pay?

Yahooo Hacker 'Mafiaboy' Eight Years On

Posted by CmdrTaco on Monday October 13, @09:15AM from the cashing-in-on-your-crimes dept. Security IT

An anonymous reader writes

"Eight years ago Mafiaboy (Michael Calce) knocked Yahoo offline. Today he he works as a legitimate security consultant and has just published a book documenting his criminal career and offering advice on how people can protect themselves from people like him on the Internet."

For your Security manager: Time to upgrade!

Elcomsoft Claims WPA/WPA2 Cracking Breakthrough

Posted by timothy on Sunday October 12, @02:12PM from the it-budget-excuse-par-excellence dept. Graphics Security Wireless Networking Hardware

secmartin writes

"Russian security firm Elcomsoft has released software that uses Nvidia GPUs to speed up the cracking of WPA and WPA2 keys by a factor of 100. Since the software allows them to network thousands of PCs, this anouncement effectively signals the death of wireless networking in business networks; any network handling sensitive data should start using VPN encryption on machines connecting over Wi-Fi networks, or stop using these networks altogether."

IT Strategy: The pendulum swings again. This doesn't happen in all industries at the same time. While some are centralizing others are decentralizing – and for exactly the same reasons – control! (The comments reflect the various arguments...)

New York Times Says Thin Clients Are Making a Comeback

Posted by timothy on Monday October 13, @02:01AM from the dialectic-materialism dept

One of the seemingly eternal questions in managing personal computers within organizations is whether to centralize computing power (making it easy to upgrade or secure The One True Computer, and its data), or push the power out toward the edges, where an individual user isn't crippled because a server at the other side of the network is down, or if the network itself is unreliable. Despite the ever-increasing power of personal computers, the New York Times reports that the concept of making individual users' screens portals (smart ones) to bigger iron elsewhere on the network is making a comeback.

Another IT strategy: When markets crash, it is cheaper to buy companies with oil reserves than to explore for new oil. Same with Market Share...

Who needs an open-source strategy? You do

Posted by Matt Asay October 11, 2008 2:33 PM PDT

It's no surprise that Oracle CEO Larry Ellison is on the prowl to acquire more companies, as reported by CNET, given that it gives him a chance to go shopping on the cheap.

.If times are tough, there are other opportunities...including making acquisitions that cost less....[A]cquisitions that we've been looking at for some time are less expensive for us.

Yet another IT Strategy: Cheaper than $100 laptops and it includes power and Internet.

NComputing lands big India deal

Posted by Ina Fried October 13, 2008 2:00 AM PDT

Redwood City start-up NComputing, whose technology uses the power of a single PC to power up to seven computing terminals, is set to announce on Monday that it has started the process of equipping 5,000 schools in India with its technology.

NComputing will provide about 50,000 students [more like 50,000 PCs Bob] with access to the Internet as part of the deal, which will use two PCs in each computer lab to power 10 terminals at schools in the Indian state of Andhra Pradesh. The deal itself is part of a $100 million effort that includes operating and powering the lab for five years, as well as all the needed gear. NComputing's chunk of that is about $2 million.

For my Security Process Engineering class

October 13, 2008

Threat Modeling at Microsoft

Interesting paper by Adam Shostack:

Abstract. Describes a decade of experience threat modeling products and services at Microsoft. Describes the current threat modeling methodology used in the Security Development Lifecycle. The methodology is a practical approach, usable by non-experts, centered on data ow diagrams and a threat enumeration technique of 'STRIDE per element.' The paper covers some lessons learned which are likely applicable to other security analysis techniques. The paper closes with some possible questions for academic research.

For my Small Business classes: Location, location, location. - Business Relocation Tool

The placement of a business is no easy matter – actually, it can determine the viability or not of a specific venture. Bearing this in mind, it is useful to have a tool like ZoomProspector at hand.

This web-based service (which has just come out of private beta) enables the interested party to find the best location for a given business by weighing up a myriad of aspects and factors.

The site makes for both a community and a property search. The former takes into consideration communities that exactly match the location requirements that the user specifies beforehand. Moreover, a ranked list of communities that best match a concrete business can be displayed. It is important to mention that communities that have a population that amounts to less 65,000 individuals are not taken into account.

For its part, the featured property search lets the user set down criteria like State, property type and minimum and maximum size of the premises. An interactive map is included as well for browsing convenience.

Finally, the site also features an advanced search tool that seems to merge together the two search options that have been just described, as both geography and community qualities are considered.

No doubt they have solid scientific research backing these tests – perhaps from the RIAA legal department?

Spies Launch 'Cyber-Behavior' Investigation

By Noah Shachtman October 12, 2008 | 11:27:00 AM

A while back, the Office of the Director of National Intelligence (ODNI) said it wanted to start reviewing wannabe spies' "cyber behavior," before they handed the spooks security clearances. Suspect activities might include "social network usage," "compulsive internet use," "distribution of pirated materials," and "online contact with foreign nationals," the ODNI said.

Back when I was a kid, we didn't have eyes, so we didn't watch music videos... (Why no Classical Videos? “Boppin' with Bach,” “Moving with Mozart,” “”Rocking wid Ravel”) - Watch Music Videos Online

There is a preponderance of music video sites on the web, and they just keep on rolling along. A new contender is the J1VEBOX website. This particular portal has all the usual goodies and features, namely a large archive that can be accessed with ease and features that make for community interaction.

The featured database of artists can be searched using the provided tool. This returns not only exact matches but also approximate results. Of course, it is also possible to browse by category, and these include “Best Rock Songs”, “Hip-Hop”, “Pop” and “Latin” to name just a few. In addition to that, video files of note are spotlighted under the “Top Videos” and “New Videos” headings. These are also spotlighted on the main page, alongside the “Video of the day”.

Oh the horror! (...and we're so easily detected by satellite!)

Baldness Gene Discovered — 1 In 7 Men "At Risk"

Posted by timothy on Sunday October 12, @04:30PM from the see-wikipedia-on-caucasian_race dept. Biotech It's funny. Laugh. Science

FiReaNGeL writes

"Researchers conducted a genome-wide association study of 1,125 Caucasian men who had been assessed for male pattern baldness. They found two previously unknown genetic variants on chromosome 20 that substantially increased the risk of male pattern baldness. They then confirmed these findings in an additional 1,650 Caucasian men. 'If you have both the risk variants we discovered on chromosome 20 and the unrelated known variant on the X chromosome, your risk of becoming bald increases sevenfold. What's startling is that one in seven men have both of those risk variants.'"

So maybe gene therapy will finally have a real purpose.