Saturday, October 25, 2008

It's coming I tell you! It's coming and it's hungry!

http://tech.slashdot.org/article.pl?sid=08/10/24/2335216&from=rss

The Effects of the Cloud On Business, Education

Posted by Soulskill on Friday October 24, @10:01PM from the more-indoor-classes? dept.

g8orade points out two recent articles in The Economist about the rise of cloud computing. The first discusses how software-as-a-service has come to pervade online interactions. "Irving Wladawsky-Berger, a technology visionary at IBM, compares cloud computing to the Cambrian explosion some 500m years ago when the rate of evolution sped up, in part because the cell had been perfected and standardised, allowing evolution to build more complex organisms." The next article examines how the cloud will force a "trade-off between sovereignty and efficiency." Reader pjones contributes news that the Virtual Computer Lab will be supplementing more traditional computer labs at North Carolina State University, and adds, "NCSU's Virtual Computing Lab and IBM are offering the VCL code as a software 'appliance' for use in schools to link to the program. Downloads are available at ibiblio at UNC-Chapel Hill. The VCL also is partnering with Apache.org to make the software available and to allow further community participation in future development."



“Okay Centennial man, put down the beer and stop writing that subversive blog or we'll send in the robots!”

http://hardware.slashdot.org/article.pl?sid=08/10/24/2245238&from=rss

Packs of Robots Will Hunt Down Uncooperative Humans

Posted by Soulskill on Friday October 24, @07:58PM from the you've-been-warned dept. Robotics Technology

Ostracus writes

"The latest request from the Pentagon jars the senses. At least, it did mine. They are looking for contractors to 'develop a software/hardware suite that would enable a multi-robot team, together with a human operator, to search for and detect a non-cooperative human subject. The main research task will involve determining the movements of the robot team through the environment to maximize the opportunity to find the subject ... Typical robots for this type of activity are expected to weigh less than 100 Kg and the team would have three to five robots.'"

To be fair, they plan to use the Multi-Robot Pursuit System for less nefarious-sounding purposes as well. They note that the robots would "have potential commercialization within search and rescue, fire fighting, reconnaissance, and automated biological, chemical and radiation sensing with mobile platforms."



I'm sure the Kindle is a fine tool (I know people who love it.) but THIS is what will make it “The next big thing!”

http://hardware.slashdot.org/article.pl?sid=08/10/24/2127208&from=rss

Amazon Kindle Endorsed By Oprah

Posted by kdawson on Friday October 24, @06:08PM from the you-could-pay-to-read-slashdot dept.

Oprah Winfrey enthused about the Amazon Kindle on her show today — it's her "new favorite thing" — and had Jeff Bezos on to announce a $50-off offer good till Nov. 1. [to anyone who purchases a Kindle before November 1 and uses the code “OPRAHWINFREY.” Bob] A plug on Oprah is ordinarily a sign that a product has crossed over into the mainstream. But her show's audience has been slipping lately, and it's unclear how many cash-strapped citizens will be willing to part with $309 (after the special offer) for a new techno-gadget, for which they then have to shell out more money for DRM-encrusted content.



The greatest risk of Global Warming is that politicians will force companies to take actions based on bad science. (X is clearly a risk related to Global Warming, but X won't actually occur for several hundred years..)

http://www.bespacific.com/mt/archives/019631.html

October 24, 2008

NY AG Cuomo and Former VP Gore Announce Major Ageement with Energy Company on Climate Change

News release: "Attorney General Andrew M. Cuomo, joined by Vice President Al Gore, today announced an agreement that requires a national energy company, Dynegy Inc. (“Dynegy”), to disclose timely and relevant information to investors about climate change risks... Under the agreement, Dynegy has agreed to provide disclosure of material risks associated with climate change in its “Form 10-K” filings, the annual summary report on a company’s performance required by the Securities and Exchange Commission (“SEC”) to inform investors. These required disclosures include an analysis of material financial risks from climate change related to: present and probable future climate change regulation and legislation; climate-change related litigation; and physical impacts of climate change."



For true political junkies...

http://www.bespacific.com/mt/archives/019626.html

October 24, 2008

Google Launches Five Year Quotes Index

Official Google Blog: "Today we are pleased to announce the launch of a 5-year quotes index. This expanded coverage lets you explore what Governor Palin said before she was a VP nominee, or Senator Obama before he was a presidential candidate. The InQuotes lab page is also much improved and now provides comparisons over time on issues like the economy or the war in Iraq."



Business Model Anyone want to start a business to replace the big record companies? (Well, it might work.)

http://news.cnet.com/8301-1023_3-10075032-93.html?part=rss&subj=news&tag=2547-1_3-0-5

Third Eye Blind singer: A Web site can be your album

Posted by Greg Sandoval October 24, 2008 1:48 PM PDT

... On Monday, Jenkins gave the keynote address at the SanFran MusicTech Summit. He said he was in favor of releasing singles and suggested that this would help avoid "album filler," the term used to describe the placing of so-so tracks on albums in order to meet the required number of songs.

... This all seems so much more democratic to me. Fewer people will become billionaires this way, but more people will make a living making music.



For the “Swiss Army Knife” folder (and my website students)

http://www.killerstartups.com/Video-Music-Photo/drpic-com-free-web-picture-editor

DrPic.com - Free Web Picture Editor

http://www.drpic.com

There is no shortage of online pic editors, and Dr. Pic is the latest addition to this widening group. This one has the advantage of being free and very easy to employ and put into practice.

Broadly speaking, this editor enables you to upload a picture from your computer or camera and then apply a host of effects to it. These include guassian blurs and oil paints along with grayscales and related effects. Of course, the picture itself can be resized and cropped at will, and text can be added as you see fit.

Once you have finished editing your picture you can save it either to your computer or the Internet. When saving the picture you can also specify the file format, and have your pick from standard options such as JPG, GIF and PNG.

At the end of the day, it is always useful to have a site like this as part of your bookmark collection. Who knows, you might need it when least expected…

Friday, October 24, 2008

Another TJX connection?

http://www.pogowasright.org/article.php?story=20081024023735559

US agents helped unmask Swedish credit card swindler

Friday, October 24 2008 @ 02:37 AM EDT Contributed by: PrivacyNews

Assistance from the US Secret Service led to the indictment on Thursday of a Swedish man suspected of involvement in the ShadowCrew cybercrime network.

Known by the online alias “Kafka”, the 27-year-old resident of Mjölby in central Sweden has been under investigation for four years, reports the Östgöta Correspondenten newspaper.

He is suspected of taking part in a sophisticated international criminal network accused of stealing millions of credit card numbers form major US-based retail chains.

Source - The Local



Nothing earthshaking, but Guides are always useful.

http://www.schneier.com/blog/archives/2008/10/ansi_cyberrisk.html

ANSI Cyberrisk Calculation Guide

Interesting:

In a nutshell, the guide advocates that organizations calculate cyber security risks and costs by asking questions of every organizational discipline that might be affected: legal, compliance, business operations, IT, external communications, crisis management, and risk management/insurance. The idea is to involve everyone who might be affected by a security breach and collect data on the potential risks and costs.

Once all of the involved parties have weighed in, the guide offers a mathematical formula for calculating financial risk: Essentially, it is a product of the frequency of an event multiplied by its severity, multiplied by the likelihood of its occurrence. If risk can be transferred to other organizations, that part of the risk can be subtracted from the net financial risk.

Guide is here.



Cloud Computing is coming. My students will be pleased to see these additions, but they still have a few more items on their “want list”

http://tech.slashdot.org/article.pl?sid=08/10/24/1322239&from=rss

Amazon Beefs Up Its Cloud Ahead of MS Announcement

Posted by kdawson on Friday October 24, @09:40AM from the hey-you-get-offa-my dept.

Amazon has announced several major improvements to its EC2 service for cloud computing. The service is now in production (no longer beta); it offers a service-level agreement; and Windows and SQL Server are available in beta form. ZDNet points out that all this news is intended to take some wind out of Microsoft's sails as MS is expected to introduce its own cloud services next week at its Professional Developers Conference.



Ignorance is (a hacker's) bliss

http://www.cio.com/article/451092/Why_Technology_Isn_t_The_Answer_To_Better_Security

Why Technology Isn't The Answer To Better Security

You've beefed up your IT security arsenal, and you're focused on compliance. But you're still vulnerable. Here's why.

By Kim S. Nash

October 15, 2008 — CIO — Not to be alarmist, but WAKE UP, PEOPLE! Our information security is, in many ways, failing.

… In this, our sixth year of conducting the "Global State of Information Security" survey with PricewaterhouseCoopers, we got an earful about the challenges, worries and wins in security technology, process and personnel.

… However—and this is serious, folks—too many organizations still lack coherent, enforced and forward-thinking security processes, our survey shows.

… For instance, 56 percent of respondents employ a security executive at the C level, down 4 percent from last year. You comb network logs for fishy activity, but just 43 percent of you audit or monitor user compliance with your security policies (if you have them).



It's not security, it's security theater...

http://yro.slashdot.org/article.pl?sid=08/10/24/0428245&from=rss

Researchers Find Problems With RFID Passport Cards

Posted by timothy on Friday October 24, @05:11AM from the clearly-unpossible dept. Privacy United States

An anonymous reader writes

"Researchers at the University of Washington have found that RFID tags used in two new types of border-crossing documents in the US are vulnerable to snooping and copying. The information in these tags could be copied on to another, off-the-shelf tag, which might be used to impersonate the legitimate holder of the card."

You can also read the summary of the researchers' report.

[From the article:

... Another danger is that the tags can be read from as far as 150 feet away in some situations, so criminals could read them without being detected.

... Another danger is that hackers could cause EDLs to self-destruct by sending out a certain number, they said.



Not much detail, but you get the idea. Very clever!

http://it.slashdot.org/article.pl?sid=08/10/24/0034202&from=rss

Exchanging Pictures To Generate Passwords

Posted by timothy on Thursday October 23, @08:59PM from the worth-a-thousand-words dept. Security Encryption

Roland Piquepaille writes

"Today, Ileana Buhan, a Romanian computer scientist, is presenting her PhD Thesis at the University of Twente in the Netherlands. She is using biometrics to protect confidential information when it is exchanged between two mobile devices. This is a very innovative approach to security. Buhan's biometric application will generate almost unbreakable passwords from photos taken by the connected users. Here is how it works. 'To do this, two users need to save their own photos on their PDAs. They then take photos of each other. The PDA compares the two photos and generates a security code for making a safe connection.'"



So is the market for Stanley Steamer repairmen...

http://developers.slashdot.org/article.pl?sid=08/10/23/1746254&from=rss

Cobol Job Market Heating Up

Posted by timothy on Thursday October 23, @02:12PM from the dress-the-part-at-the-interview dept. Businesses The Almighty Buck

snydeq writes

"Developers seeking job security in the years ahead could find an unlikely edge in Cobol. According to an InfoWorld report, demand for Cobol skills is surging, with salaries on the rise. More importantly, the short supply of offshore Cobol programmers and the fact that mainframes aren't going away anytime soon are spurring longevity for big-iron skills, with many companies looking to hire in-house Cobol pros to bridge mainframe Cobol apps to the rest of the enterprise. The report provides further evidence that Cobol may indeed be primed for a comeback, with new kinds of Cobol integration jobs emerging to prove old-guard skills are critical to some of the hottest areas of software development today."



Tools & Techniques. This is the kind of link I keep in the “Swiss Army Knife” folder on my thumbdrive for those odd occasions when I'm not at my desk and need a tool.

http://www.killerstartups.com/Web-App-Tools/pdfundo-net-free-pdf-to-word-conversion

PDFUndo.net - Free PDF To Word Conversion

Simply put it, PDFUndo is a nifty little tool that will allow you to quickly convert any PDF file into a word document. The emphasis is on ease of use, as this solution is wholly web-based and there is no need for software installs of any kind. Moreover, you don’t need to register or provide any information or particulars whatsoever.

The system is implemented as follows: you upload your document to the site and then hit the “Convert to Word” button. Once this has been dealt with, you can download the Word document that has been created by following the provided link.

On the other hand, a desktop version of PDFUndo can be downloaded for free in the event you wish to work offline. Other than that, it works in almost the same manner – you choose the PDF file and it is duly converted and ready to use and edit at will.

http://pdfundo.net/convert/



Die, Microsoft dog!

http://news.slashdot.org/article.pl?sid=08/10/23/1627250&from=rss

Russia Mandates Free Software For Public Schools

Posted by CmdrTaco on Thursday October 23, @12:36PM from the in-soviet-russia-joke-makes-you dept. Education Software IT

Glyn Moody writes

"After running some successful pilots, the Russian government has decided to make open source the standard for all schools. If a school doesn't want to use the free software supplied by the government, it has to buy commercial licenses using its own funds. What's the betting Microsoft starts slashing its prices in Russia?"



I've said it before, we need virtual lawyers! (Gamers take things too seriously...)

http://news.slashdot.org/article.pl?sid=08/10/23/2020223&from=rss

Dutch Court Punishes Theft of Virtual Property

Posted by timothy on Thursday October 23, @05:04PM from the pick-a-fight-your-first-day-with-the-toughest-avatar dept. The Courts Real Time Strategy (Games) The Almighty Buck

tsa writes

"Last week, the Dutch court subjected two kids of ages 15 and 14 to 160 hours of unpaid work or 80 days in jail, because they stole virtual property from a 13-year-old boy. The boy was kicked and beaten and threatened with a knife while forced to log into Runescape and giving his assets to the two perpetrators. This ruling is the first of its kind for the Netherlands. Ars Technica has some more background information."

In Japan, meanwhile, a woman has been arrested for "illegally accessing a computer and manipulating electronic data" after (virtually) killing her (virtual) husband.


Perhaps a virtual lawyer will deffend her in virtual court?

http://blog.wired.com/27bstroke6/2008/10/woman-arrested.html

Woman Arrested After Killing Virtual Ex-Husband

By David Kravets October 23, 2008 | 7:32:20 PM

A 43-year-old Japanese woman, angry over a sudden divorce in the virtual online game Maple Story, has been arrested on suspicion of hacking into the game where she killed her once-virtual husband, authorities said.

Authorities said the Miyazaki woman illegally accessed the game with a password she hijacked from a colleague. That made it appear as if her coworker committed the online murder.

According to The Associated Press, the woman told police: "I was suddenly divorced, without a word of warning. That made me so angry."

The hacking allegation carries a maximum five-year prison term.

Thursday, October 23, 2008

The world, she is a-changin'

http://www.pogowasright.org/article.php?story=20081023053244112

CDT Report: Browser Developers Compete on Privacy Controls

Thursday, October 23 2008 @ 05:32 AM EDT Contributed by: PrivacyNews

CDT released a report today showing that Internet browser developers are increasingly competing to offer better privacy controls. This new competitive focus on privacy represents a boon to consumers who can now base their Web surfing decisions on which browser best suits their personal privacy needs. The report reviews and compares the privacy tools available for the latest versions of Mozilla Firefox, Microsoft Internet Explorer, Google Chrome and Apple's Safari. The report compares the browsers in their offering of three key tools -- privacy mode, cookie controls and object controls – which can greatly reduce the amount of personal information users give up online and leave behind on their computers.

Source - Browser Privacy Features [PDF] October 22, 2008



Isn't Customs at DIA a “Port of Entry?”

http://www.pogowasright.org/article.php?story=200810221206594

ACLU Assails 100-Mile Border Zone as "Constitution-Free"

Wednesday, October 22 2008 @ 12:06 PM EDT Contributed by:PrivacyNews

Government agents should not have the right to stop and question Americans anywhere without suspicion within 100 miles of the border, the American Civil Liberties Union said Wednesday, pointing attention to the little known power of the federal government to set up immigration checkpoints far from the nation's border lines.

The government has long been able to search people entering and exiting the country without need to say why, which is known as the border search exception the the Fourth Amendment.

After 9/11, Congress gave the Department of Homeland Security the right to use some of its powers deeper within the country, and now DHS has set up at least 33 internal checkpoints where they stop people, question them and ask them to prove citizenship, according to the ACLU.

Source - Threat Level



Some progress is being made...

http://www.pogowasright.org/article.php?story=20081022120856704

GAO: Social Security Numbers Are Widely Available in Bulk and Online Records, but Changes to Enhance Security Are Occurring

Wednesday, October 22 2008 @ 12:08 PM EDT Contributed by:PrivacyNews

Summary:

Various public records in the United States contain Social Security numbers (SSN) and other personal identifying information that could be used to commit fraud and identity theft. For the purposes of this report, public records are generally defined as government agency-held records made available to the public in their entirety for inspection, such as property and court records. Although public records were traditionally accessed locally in county courthouses and government records centers, public record keepers in some states and localities have more recently been maintaining electronic images of their records. In electronic format, records can be made available through the Internet or easily transferred to other parties in bulk quantities. Although we previously reported on the types of public records that contain SSNs and access to those records, less is known about the extent to which public records containing personal identifying information such as SSNs are made available to private third parties through bulk sales. In light of these developments, you asked us to examine (1) to what extent, for what reasons, and to whom are public records that may contain SSNs available for bulk purchase and online, and (2) what measures have been taken to protect SSNs that may be contained in these records. To answer these questions, we collected and analyzed information from a variety of sources. Specifically, we conducted a survey of county record keepers on the extent and reasons for which they make records available in bulk or online, the types of records that they make available, and the types of entities (e.g., private businesses or individuals) that obtain their records. We focused on county record keepers because, in scoping our review, we determined that records with SSNs are most likely to be made available in bulk or online at the county level. We surveyed a sample of 247 counties--including the 97 largest counties by population and a random sample of 150 of the remaining counties, received responses from 89 percent, and used this information to generate national estimates to the extent possible. Our survey covered 45 states and the District of Columbia, excluding five states where recording of documents is not performed at the county level (Alaska, Connecticut, Hawaii, Rhode Island, and Vermont). We used the information gathered in this survey to calculate estimates about the entire population of county record keepers.

Many counties make public records that may contain Social Security numbers (SSNs) available in bulk to businesses and individuals in response to state open records laws, and also because private companies often request access to these records to support their business operations. Our sample allows us to estimate that 85 percent of the largest counties make records with full or partial SSNs available in bulk or online, 3 while smaller counties are less likely to do so (41 percent). According to county officials and businesses we interviewed, SSNs are generally found in certain types of records such as property liens and appear relatively infrequently. However, because millions of records are available, many SSNs may be displayed. Counties in our survey cited state laws as the primary reason for making records available, and requests from companies may also drive availability, as several told us they need bulk records to support their businesses models. Counties generally do not control how records are used. Of counties that make records available in bulk or online, only about 16 percent place any restrictions on the types of entities that can obtain these records. We found that title companies are the most frequent recipients of these records, but others such as mortgage companies and data resellers that collect and aggregate personal information often obtain records as well. Private companies we interviewed told us they obtain records to help them conduct their business, including using SSNs as a unique identifier. For example, a title company or data reseller may use the SSN to ensure that a lien is associated with the correct individual, given that many people have the same name. Information from these records may also be used by companies to build and maintain databases or resold to other businesses. Businesses we contacted told us they have various safeguards in place to secure information they obtain from public records, including computer systems that restrict employees' access to records. In some cases, information from these public records is sent overseas for processing, a practice referred to as offshoring. We were not able to determine the extent of offshoring, but both record keepers and large companies that obtain records in bulk told us that it is a common practice. In the course of our work, we found that public records data are commonly sent to at least two countries--India and the Philippines. State and local governments, as well as the federal government, are taking various actions to safeguard SSNs in public records, but these actions are a recent phenomenon. Based on our survey, we estimate that about 12 percent of counties have completed redacting or truncating SSNs that are in public records--that is, removing the full SSN from display or showing only part of it--and another 26 percent are in the process of doing so. Some are responding to state laws requiring redaction or truncation, but others have acted on their own based on concerns about the potential for identity theft. For example, California and Florida recently passed laws that require record keepers to truncate or redact SSNs in their publicly available documents, while one clerk in Texas told us that in response to public concern about the vulnerability of SSNs to misuse, the county is redacting SSNs from records on its own initiative. In recent years, 25 states have enacted some form of statutory restriction on displaying SSNs in public records. Some states have also enacted laws allowing individuals to request that their SSNs be removed from certain records such as military discharge papers.

Source - Full Report [pdf] (GAO-08-1009R, September 19, 2008)

Related - Social Security Numbers: Transfers and Sales of Public Records That May Contain Social Security Numbers (GAO-08-1004SP, September 2008), an E-supplement to GAO-08-1009R [pdf] (GAO-08-1004SP, September 19, 2008)


Related ...and that's good, because online ID Theft classes are a hot new area in education.

http://www.pogowasright.org/article.php?story=20081023053033603

Ore. inmate held ID-theft conference calls

Thursday, October 23 2008 @ 05:30 AM EDT Contributed by: PrivacyNews

Officials are blaming a staffing shortage for allowing an Oregon jail inmate to run an identity theft operation from behind bars.

The (Portland) Oregonian said Wednesday Shawn "Sammy Straight Razor" McGinnis allegedly used the Multnomah County jail's inmate phone system to arrange conference calls with people trading in personal information.

The alleged trading went on for nearly a year because the jail staff does not have enough deputies to listen in on inmate calls and only tapes them.

Source - UPI


Related But we seem to be in no great hurry. We've said we are serious, but we haven't said “We realy, realy mean it this time – honest injun!”

http://www.pogowasright.org/article.php?story=20081022153528859

FTC Will Grant Six-Month Delay of Enforcement of 'Red Flags' Rule Requiring Creditors and Financial Institutions to Have Identity Theft Prevention Programs

Wednesday, October 22 2008 @ 03:35 PM EDT Contributed by: PrivacyNews

The Federal Trade Commission will suspend enforcement of the new “Red Flags Rule” until May 1, 2009, to give creditors and financial institutions additional time in which to develop and implement written identity theft prevention programs. Today’s announcement and the release of an Enforcement Policy Statement do not affect other federal agencies’ enforcement of the original November 1, 2008 deadline for institutions subject to their oversight to be in compliance.

Source - FTC



Useful collection?

http://www.bespacific.com/mt/archives/019613.html

October 22, 2008

New on LLRX.com: A Compilation of Legal Problem-Solving Models

The Art of Written Persuasion: From IRAC to FAILSAFE - A Compilation of Legal Problem-Solving Models - Troy Simpson's third column focuses on "a process model of problem-solving that provides a useful framework, because it offers a systematic, non-random way of tackling problems."



I'm gonna live forever!

http://science.slashdot.org/article.pl?sid=08/10/22/2230223&from=rss

Researchers Developing Cancer-Fighting Beer

Posted by samzenpus on Wednesday October 22, @08:15PM from the drink-your-way-to-a-better-you dept. Medicine Science

CWmike writes

"Ever picked up a cold, frosty beer on a hot summer's day and thought that it simply couldn't get any better? Well, think again. A team of researchers at Rice University in Houston is working on helping Joe Six Pack fight aging and cancer with every swill of beer."

Thank you science! Now we just need cigarettes that cure baldness. [They said it, I didn't. Bob]

Wednesday, October 22, 2008

The classic questions. How much do you reveal and when do you reveal it?

http://www.pogowasright.org/article.php?story=20081022052007412

Coral Springs breach affected over 12,000 (update)

Wednesday, October 22 2008 @ 05:20 AM EDT Contributed by: PrivacyNews

If we've said it once, we've said it thousands of times: it would probably be better for entities to provide fuller disclosure in their initial notifications rather than to let stories dribble out. [Amen! Bob]

When the City of Coral Springs recently notified the New Hampshire Attorney General's Office of a breach last month, they did not reveal the data service provider involved nor the total number of individuals affected. , Wisconsin's Office of Privacy Protection sheds some additional light on the breach, however.

According to the state's web site, they were notified on September 18 by ChoicePoint about the breach involving the Coral Gables City Attorney’s office in Florida. The City Attorney’s office has access to ChoicePoint’s AutoTrack product, which provides full SSNs for investigatory purposes. As reported previously, the city had discovered that one of its IDs and passwords to access the database had been compromised, affecting 57 residents of New Hampshire.

According to Wisconsin's report, 77 Wisconsin residents were among a total of 12,120 consumers affected.

Although neither the notification letters posted by NH or WI offer free credit monitoring, Wisconsin's site says "Those affected should have received a letter offering credit monitoring services for one year free." Consumers who have been affected by this incident may wish to call Coral Spring's consumer hot-line at their toll-free number, 866-315-4215, to inquire.



This is for the students who thought I was nuts to claim this was a trend to watch. (Now all I need do is find some way to convince the other 99% than I'm not nuts.)

http://news.cnet.com/8301-13556_3-10072405-61.html?part=rss&subj=news&tag=2547-1_3-0-5

When corporate clients go personal

Posted by Gordon Haff October 22, 2008 6:00 AM PDT

In most enterprises, PCs are what the accountants call a "corporate asset." The company buys them, loads software on them, sticks on a little asset tag, and lets employees use them as tools for their jobs.

... It would, of course, be silly to say all that history is now part of some dead past. However, we're starting to see a variety of intersecting changes that make it much more thinkable that IT shops could at least partially divest themselves of their PC supplier role. Instead, the idea is that employees would just use their own personal systems. There might be stipends; there might be negotiated bulk purchases that people would have the option of hooking into. IT would still be on the hook for at least corporate application support. But, whatever the details, it would be a very different way of thinking about PCs.

[After they stopped laughing, my security students were able to develop a plan to ensure security. Bob]



For the Computer Forensics students?

http://www.pogowasright.org/article.php?story=20081022054104251

A team effort against ID theft

Wednesday, October 22 2008 @ 05:41 AM EDT Contributed by: PrivacyNews

The U.S. Secret Service and U.S. Marshals Service have joined a consortium of academic institutions and corporate entities to combat identity theft and other identity management problems.

The Center for Applied Identity Management Research (CAIMR) will focus on researching real-world security problems, providing practical solutions and best-practice recommendations. CAIMR is composed of a cross section of experts in various fields, ranging from biometrics and financial crime to cyberdefense and homeland security.

Source - GCN



Lawyers and technology OR Automating screw-ups!

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=328174

Frankly Speaking: No. 1 rule for users: Keep it simple

Frank Hayes

October 20, 2008 (Computerworld) In November, a federal judge in New York will decide whether to fix a user's spreadsheet error. Does that sound like overkill? Well, the judge is in charge of the biggest bankruptcy in U.S. history, and the spreadsheet lists hundreds of assets involved in that bankruptcy.

Now does it sound more like a federal case?

Here's what happened: On Sept. 15, giant investment bank Lehman Brothers collapsed into bankruptcy. Three days later, lawyers for Barclays Capital were furiously working to finish up an agreement to purchase some of Lehman's assets in time to meet a bankruptcy court deadline.

Those assets -- contracts that were worth money to Lehman -- were listed in a spreadsheet. One of the spreadsheet's columns indicated whether Barclays wanted the assets with a "Y" for yes and "N" for no.

A Lehman exec sent the spreadsheet to Barclays' law firm barely four hours before the deadline. But it had to be converted from Excel to a PDF to be submitted to the court. An associate lawyer glanced at the spreadsheet, saw nothing but Y's in the "Do we want it?" column, and sent it to a law clerk with instructions to cut out certain columns and turn it into a PDF.

You can see what's coming, can't you?

The clerk cut out the columns, then saw that some of the rows were formatted oddly. He reformatted the spreadsheet into nice, even rows and converted the result to a PDF, then sent it back to the associate, who posted the file without even looking at it.

No one noticed that the new version was 179 rows longer than the original. In fact, 20% of the items in the spreadsheet -- the ones with an "N" -- had been hidden automatically using an Excel function. When the clerk cut out the "Do we want it?" column, they reappeared.

Oops.

The Lehman-Barclays deal closed on Sept. 22. The mistake wasn't discovered until Oct. 1, nine days later. Now Barclays is hoping the court will let it off the hook for millions of dollars in assets it never intended to buy.



Tools & Techniques Could be useful for indexing video depositions, for example.

http://news.cnet.com/8301-17939_109-10069806-2.html?part=rss&subj=news&tag=2547-1_3-0-5

New media player searches for spoken words in videos

Posted by Rafe Needleman October 22, 2008 5:00 AM PDT

EveryZing, a media indexing company, is launching its own media player that lets people search for spoken words within videos.

The player's secret power is that it also indexes YouTube videos, giving a publisher who embeds YouTube content more functionality than YouTube itself provides.

The new video player, called MetaPlayer, uses technology the company already has in the market in its EasySearch and EasySEO products.



Statistics or a pat on the back?

http://blog.wired.com/27bstroke6/2008/10/us-identity-the.html

U.S. Identity Theft Convictions Increase 26 Percent, Feds Say

By David Kravets EmailOctober 21, 2008 | 2:44:13 PM

... The 70-page document (.pdf) also includes 31 recommendations to combat identity theft. The recommendations state the obvious, but are important nonetheless. Among them, the task force wants to see a reduction in the use of Social Security numbers in the public and private sectors, more law enforcement training and better cooperation between the states and with other nations.


More quotable stats Even a possible “We don't know” statistic.

http://www.pogowasright.org/article.php?story=20081021074242372

AU: Data breach hits 80% of local companies: survey

Tuesday, October 21 2008 @ 07:42 AM EDT Contributed by: PrivacyNews

ALMOST 80 per cent of local organisations have experienced a data breach in the past five years, with a further 40 per cent reporting between six and 20 known breaches during the period, according to Symantec's first Australian data loss survey.

As well, 59 per cent of businesses surveyed suspected they had suffered undetected data breaches, but were unable to identify what information had left the organisation, or how.

Source - Australian IT


Stats I probably won't quote. Are they so bad, a politician would hesitate? Nothing is that bad!

http://www.pogowasright.org/article.php?story=20081022072716919

1-in-10 Canadians hit by Web ID theft

Wednesday, October 22 2008 @ 07:27 AM EDT Contributed by: PrivacyNews

About 10 percent of Canadians who shop online report being victims of identity theft, a survey published Wednesday said.

The Canadian Anti-Fraud Call Center, which is operated by the Royal Canadian Mounted Police, says Canadians this year have reported 8,048 cases of identity theft, with $7.3 million in losses, the Canwest News Service reported.

Source - UPI



Strange how we see FBI in headlines along side celebrates or big name politicians, but never with us second class people. Is there really a different set of rules for people who make the cover of the tabloids?

http://blog.wired.com/27bstroke6/2008/10/miley-cyrus-hac.html

Miley Cyrus Hacker Raided by FBI

By Kim Zetter EmailOctober 20, 2008 | 11:59:02 PM

A 19-year-old hacker who published provocative photos of teen queen Miley Cyrus earlier this year was raided by the FBI Monday morning in Murfreesboro, Tennessee.

The hacker, Josh Holly, repeatedly bragged online about breaking into the Disney star's e-mail account and stealing her photos. He also gave interviews to bloggers and others and boasted that authorities would never find him because he moved so often. [Last month, Holly contacted Threat Level seeking to have an article written about him here.]



Because I have more than a passing interest in Economics.

http://yro.slashdot.org/article.pl?sid=08/10/21/1855210&from=rss

Learning To Profit From Piracy

Posted by kdawson on Tuesday October 21, @04:43PM from the pointing-out-a-market-failure dept.

I Don't Believe in Imaginary Property writes

"Wired has an interview with Matt Mason, author of The Pirate's Dilemma: How Youth Culture Is Reinventing Capitalism, which discusses how businesses could make money off of piracy, rather than attacking people in a futile attempt to suppress it. And some of his ideas are gaining traction; work is underway on a TV show called Pirate TV, which he describes as 'two parts Anthony Bourdain, one part Mythbusters.' (Heroes executive producer Jesse Alexander is on board.) Also, Mason is pretty good about practicing what he preaches in that you can pirate his book on his own website."



New Jersey will be the first state to go to Ron Paul!

http://news.slashdot.org/article.pl?sid=08/10/21/2036246&from=rss

Damning Report On Sequoia E-Voting Machine Security

Posted by kdawson on Tuesday October 21, @06:15PM from the worse-than-you-thought dept.

TechDirt notes the publication of the New Jersey voting machine study, the attempted suppression of which we have been discussing for a while now. The paper that the Princeton and Lehigh University researchers are releasing, as permitted by the Court, is "the same as the Court's redacted version, but with a few introductory paragraphs about the court case, Gusciora v. Corzine." What's new is the release of a 90-minute evidentiary video — the researchers have asked the court for permission to release a shorter version that hits the high points, as the high-res video is about 1 GB in size. See TechDirt's article for the report's executive summary listing eight ways the AVC Advantage 9.00 voting machine can be subverted.



It's good to see that someone is still thinking of the future... Go India!

http://science.slashdot.org/article.pl?sid=08/10/22/1217227&from=rss

Indian Moon Mission Launched

Posted by CmdrTaco on Wednesday October 22, @08:46AM from the to-the-moon-alice dept. Moon Space Science

hackerdownunder writes

"India's maiden lunar mission (Chandrayaan-1) got off to a flying start today. Describing the launch as "perfect and precise", the chairman of the Indian Space Research Organization (ISRO), G Madhavan Nair, said that it would be 14 days before the satellite would enter into lunar orbit. Chandrayaan carries eleven payloads, five designed and developed in India, three from European Space Agency, one from Bulgaria and two from NASA."



Dear Student, Thank you for the email explaining how the dog ate your (homework/thumbdrive/car keys/baby sister)...

http://news.cnet.com/8301-17939_109-10072457-2.html

GMail gets auto-replies

Posted by Rafe Needleman October 21, 2008 7:54 PM PDT

This is probably more useful than GMail's last experimental new feature (Mail Goggles): Canned responses (see Official GMail blog). You can now save a reply you're writing as a "canned response" and then quickly select one of these responses when you're replying to a future e-mail.

Tuesday, October 21, 2008

This summary is not available. Please click here to view the post.

Monday, October 20, 2008

Some stats

http://www.pogowasright.org/article.php?story=20081019090621881

MA: REPORT ON THE M.G.L. CHAPTER 93H NOTIFICATIONS

Sunday, October 19 2008 @ 09:06 AM EDT Contributed by: PrivacyNews

It has now been over 10 months since the new identity theft law took effect. Under that law, businesses and others who maintain and store the personal information of Massachusetts residents must notify the Office of Consumer Affairs and Business Regulation, and the Attorney General, whenever security breaches occur that involve either personal information or unencrypted data capable of compromising personal information in a manner that creates a substantial risk of identity theft or fraud.

During that time, the Office of Consumer Affairs and business Regulation has received 318 notifications of such breaches. Of those 318 incidents, 274 were reported by businesses; 23 by educational institutions; 17 by state government; and 4 by not-for-profits. Of the 318 notifications, only 10 involved data that was encrypted when breached. There were 69 reported incidents of data breach in which the data was password protected.

The number of Massachusetts residents affected by these reported incidents was 625,365. The notifications reported that in 194 cases the breach was the result of criminal/unauthorized acts, with a high frequency of laptops or hard-drives being stolen. Thus, of the remainder of these breaches, approximately 40% of the total, are the result of employee error or sloppy internal handling of personal information or other data. This confirms that any regulatory regime must include both measures that protect against intentional wrongdoing and measures that focus on establishing internal protocols that set minimum standards for handling sensitive paper and electronic records.

While it may be that we have not received notification with respect to every breach that is reportable under M.G.L. c. 93H, §3 (whether because some are not aware of the obligation, or for other reasons have decided not to report a breach), these results suggest that the source of risk for a substantial majority of the Massachusetts residents who are affected by data security breaches (almost 75%) was the financial services sector. The remaining 25% is distributed among other institutions and industries.

The notifications also strongly suggest that the most frequent type of breach was the result of criminal/deliberate acts, mostly thefts and businesses reporting that they had reason to believe that there had been unauthorized access or use of data (though frequently the details of such access or use was not known). The 194 such cases represent more than 60% of the reported incidents.

[...]

Source - Office of Consumer Affairs and Business Regulation [pdf, Report of Sept. 19, 2008]

Comment: unfortunately, Massachusetts does not list its breach reports online, but it seems clear from their numbers that the vast majority of the breaches reported to them did not appear in the kinds of mainstream media sources that are routinely scoured by this site. Given that Massachusetts had many more reported breaches than New Hampshire during the same time period, it reminds us once again of how badly we are probably underestimating the true extent of breaches involving unencrypted data. -- Dissent.



...because...

http://www.pogowasright.org/article.php?story=2008102005320680

Data “Dysprotection:” breaches reported last week

Monday, October 20 2008 @ 05:32 AM EDT Contributed by: PrivacyNews

A recap of incidents or privacy breaches reported last week for those who enjoy shaking their head and muttering to themselves with their morning coffee.

Source - Chronicles of Dissent



Isn't the goal of automation to take people (witnesses) out of the process? Isn't electronic evidence real evidence? Why are people still using technology for the 1840s?

http://www.pogowasright.org/article.php?story=20081020054420871

CO: Consumer Crusade loses appeal

Monday, October 20 2008 @ 05:44 AM EDT Contributed by: PrivacyNews

The Colorado Court of Appeals has rejected another attempt by Consumer Crusade Inc. of Englewood to overturn a lower court ruling against its attempts to collect damages for illegal junk faxes.

The decision upholding the state court decision, by appellate Judge Daniel Dailey, was announced on Thursday.

Source - Denver Business Journal

[From the article:

But the lower court ruled in Clarion’s favor because Consumer Crusade could not present witnesses to authenticate the faxes. The court stated, “If no such witnesses are disclosed … this case will be dismissed,” according to the appellate decision.

... Another court decision soon after the previous Clarion ruling further hampered Consumer Crusade’s attempts to collect damages on junk faxes, by saying it lacked the right to do so.

In February 2007, a Denver federal appeals court ruled that people who get junk faxes can’t turn them over to companies such as Consumer Crusade and local U.S. Fax Center Inc. for collection of damages. The court said such companies have no standing to act on behalf of recipients.



This is why the law is such a difficult field of study.

http://yro.slashdot.org/article.pl?sid=08/10/19/2136213&from=rss

Record Label Infringes Own Copyright, Site Pulled

Posted by kdawson on Sunday October 19, @05:49PM from the wonder-who-filed-the-complaint dept.

AnonCow sends in a peculiar story from TorrentFreak, which describes the plight of a free-download music site that has been summarily evicted from the Internet for violating its own copyright. The problem seems to revolve around the host's insistence that proof of copyright be snail-mailed to them. Kind of difficult when your copyright takes the form of a Creative Commons license that cannot be verified unless its site is up.

"The website of an Internet-based record label which offers completely free music downloads has been taken down by its host for copyright infringement, even though it only offers its own music. Quote Unquote Records calls itself 'The First Ever Donation Based Record Label,' but is currently homeless after its host pulled the plug."



Never confuse a politician (esp. Big Brother) with the facts!

http://www.pogowasright.org/article.php?story=20081020054829874

UK: Government faces fight from within for spy database

Monday, October 20 2008 @ 05:48 AM EDT Contributed by: PrivacyNews

Jacqui Smith, the home secretary, faces a revolt from her senior officials over plans to build a central database holding information on every telephone call, e-mail and internet visit made in the UK.

A “significant body of Home Office officials dealing with serious and organised crime” are privately lobbying against the plans, a leaked memo has revealed.

They believe the proposals are “impractical, disproportionate, politically unattractive and possibly unlawful from a human rights perspective”, the memo says.

Source - Times Online


Related It is quite common for individuals to “misplace” ID cards. Fortunately, that is not the sole basis for identification (in a rational system).

http://www.pogowasright.org/article.php?story=20081020055811130

UK: Government loses 3,500 security passes

Monday, October 20 2008 @ 05:58 AM EDT Contributed by: PrivacyNews

The Home Office and the Ministry of Justice were responsible for the bulk of the lost passes, mislaying an astonishing 3,492 security passes between 2001 and July this year. Up until last year, staff at the two departments were losing passes at the rate of 463 a year, or around nine a week, for much of the period studied.

... All of the losses raise serious concerns over the government’s ability to handle the security of its large IT databases, and control who accesses them, the Lib Dems said. The government has revealed plans to create a super database that would track the phone calls, emails and internet access records of citizens.

Source - Computerworld UK


Possibly Related? Not sure I understand this at all, but I'll mention it in my Statistics classes...

http://www.pogowasright.org/article.php?story=20081020065156475

UK: Home Office mulls fighting hacking with corporate ASBOs

Monday, October 20 2008 @ 06:51 AM EDT Contributed by: PrivacyNews

The Home Office is consulting on the possibility of applying serious crime prevention orders (AKA corporate ASBOs) to computer hacking laws.

Serious crime prevention orders allow the courts to apply "injunctions" against criminal behaviour granted on the basis of the balance of probabilities rather than the much tougher standard of beyond reasonable doubt demanded in criminal cases. Breach of the orders would result in either a fine or imprisonment.

Consultation on the plan to apply this type of regime to computer hacking offences will begin in November and last for three months, according to answers to questions in the house to junior Home Office minister Alan Campbell last week.

Source - The Register



Tools & Techniques OR We can, therefore we must? (Great target for hackers!)

http://www.infoworld.com/article/08/10/20/AlcatelLucent_provides_alwayson_protection_for_laptops_1.html?source=rss&url=http://www.infoworld.com/article/08/10/20/AlcatelLucent_provides_alwayson_protection_for_laptops_1.html

Alcatel-Lucent provides always-on protection for laptops

OmniAccess 3500 Nonstop Laptop Guardian supports HSPA and makes it possible for IT staff to communicate with a system even if the laptop is turned off

By Mikael Ricknäs, IDG News Service October 20, 2008

Alcatel-Lucent has introduced a new version of its OmniAccess 3500 Nonstop Laptop Guardian (NLG) that supports HSPA (High Speed Packet Access), it announced on Monday.

The OmniAccess 3500 NLG is a battery-powered PC card. It has its own processor, memory, and operating system, which makes it possible for the IT staff to communicate with the card anytime they like, even if the laptop is turned off, according to Peter Tebbutt, marketing and business development director at Alcatel-Lucent.

For example, patches and other security updates can be forwarded to the card and installed as soon as the laptop is turned on. The card can also keep track of the software installed on the laptop and wipe it if necessary, according to Tebbutt.



Tools & Techniques Sure to increase the sales of GPS Nav systems!

http://tech.slashdot.org/article.pl?sid=08/10/20/0225201&from=rss

DARPA Contract Hints At Real-Time Video Spying

Posted by kdawson on Monday October 20, @08:03AM from the i-know-what-you-did-last-minute dept.

The Washington Post has a story picking apart a DARPA contract document to assert that advanced video spying from the sky is on the way. The contract in question was awarded last month and involves indexing video feeds and matching feeds against stored footage. The example given is for an analyst to ask for an alert whenever any real-time Predator feed from Iraq shows a vehicle making a U-turn. [Get the directions right the first time, or see a Mavrick missle in your rear view mirror? Bob]

"Last month, Kitware, a small software company with offices in New York and North Carolina, teamed up with 19 other companies and universities and won the $6.7 million first phase of the DARPA contract, which is not expected to be completed before 2011. During the Cold War, satellites and aircraft took still pictures that intelligence analysts reviewed one frame at a time to identify the locations of missile silos, airplane hangars, submarine pens and factories, said... an expert in space and intelligence matters. 'Now with new full-motion video intelligence techniques, we are looking at people and their behavior in public,' he said. The resolution capability of the video systems ranges from four inches to a foot, depending on the collector and environmental conditions at the time, according to the DARPA paper."



Tools & Techniques (Wireless keyboards are much easier targets)

http://hardware.slashdot.org/article.pl?sid=08/10/20/1248234&from=rss

Compromising Wired Keyboard

Posted by CmdrTaco on Monday October 20, @09:30AM from the not-a-lot-of-substance-here dept. Input Devices Security

Flavien writes

"A team from the Security and Cryptography Laboratory (LASEC) in Lausanne, Switzerland, found 4 different ways to fully or partially recover keystrokes from wired keyboards at a distance up to 20 meters, even through walls. They tested 11 different wired keyboard models bought between 2001 and 2008 (PS/2, USB and laptop). They are all vulnerable to at least one of our 4 attacks. While more information on these attacks will be published soon, a short description with 2 videos is available."



Interesting but probably impossible. Perhaps an independent “evidence gathering organization” might work?

http://it.slashdot.org/article.pl?sid=08/10/20/007251&from=rss

F-Secure Calls For "Internetpol" To Fight Crimeware

Posted by kdawson on Sunday October 19, @09:53PM from the you'll-have-to-come-with-me-sir dept

KingofGnG points out F-Secure's Q3 2008 security summary, in which its Chief Research Officer Mikko Hypponen proposes establishing an "Internetpol," an international organization empowered to target and root out cybercrime anywhere in the world. Hypponen gives examples of why such a supernational force is needed — and these are not hard to find — but provides few details about how such an outfit could get started or how it would work. He does mention the wrinkle that in some countries malware writing, cracking, spamming, and phishing are not illegal or not prosecuted. Is an Internetpol even possible, let alone practical?



If nothing else, some interesting links!

http://www.pogowasright.org/article.php?story=20081019072725834

Ca: Non-party privacy and litigation

Sunday, October 19 2008 @ 07:27 AM EDT Contributed by: PrivacyNews

Peg Duncan has recently updated the e-Discovery Canada case law digest, and includes an interesting Alberta Court of Queen’s Bench decision from January 2008 called Design Group Staffing v. Fierlbeck. It’s about an employee who e-mailed himself a great number Alberta Treasury Branch records before departing from employment from a company who provided IT services to the ATB and the service provider’s very aggressive reaction.

Source - All About Information blog



That still leave all those other Rights in that Bill thing-y... Let's get to work, people!

http://yro.slashdot.org/article.pl?sid=08/10/19/1329243&from=rss

Microsoft Patents the Censoring of Speech

Posted by Soulskill on Sunday October 19, @10:11AM from the %$!#-!%-!%!$-##%-$@#! dept. Patents Microsoft

theodp writes

"On Tuesday, the USPTO awarded Microsoft a patent for the Automatic Censorship of Audio Data for Broadcast, an invention that addresses 'producing censored speech that has been altered so that undesired words or phrases are either unintelligible or inaudible.' The patent describes methods for muting offensive words and replacing them with less offensive versions, and 'a third alternative provides for overwriting the undesired word with a masking sound, i.e., "bleeping" the undesired word with a tone.' After all, there's nothing worse than being subjected to offensive speech when you're shooting someone in the head."

[“I am (that stupid politician you're not going to vote for), and I approve this message.” Bob]



Another study supporting “Open Source” research journals.

http://science.slashdot.org/article.pl?sid=08/10/19/172254&from=rss

Why Most Published Research Findings Are False

Posted by kdawson on Sunday October 19, @02:21PM from the peers-can-be-wrong-too dept. Medicine Science

Hugh Pickens writes

"Researchers have found that the winner's curse may apply to the publication of scientific papers and that incorrect findings are more likely to end up in print than correct findings. Dr John Ioannidis bases his argument about incorrect research partly on a study of 49 papers on the effectiveness of medical interventions published in leading journals that had been cited by more than 1,000 other scientists, and his finding that, within only a few years, almost a third of the papers had been refuted by other studies. Ioannidis argues that scientific research is so difficult — the sample sizes must be big and the analysis rigorous — that most research may end up being wrong, and the 'hotter' the field, the greater the competition is, and the more likely that published research in top journals could be wrong. Another study earlier this year found that among the studies submitted to the FDA about the effectiveness of antidepressants, almost all of those with positive results were published, whereas very few of those with negative results saw print, although negative results are potentially just as informative as positive (if less exciting)."