Friday, October 31, 2008

Big and very confusing?

Virtual Heist Nets 500,000+ Bank, Credit Accounts

Friday, October 31 2008 @ 06:11 AM EDT Contributed by: PrivacyNews

A single cyber crime group has stolen more than a half million bank, credit and debit card accounts over the past two-and-a-half years using one of the most advanced strains of computer spyware in existence, according to research to be published today. The discovery is among the largest stolen data caches ever recovered.

Researchers at RSA's FraudAction Research Lab unearthed the massive trove of purloined data while tracking the activities of a family of spyware known as the "Sinowal" Trojan, designed to steal data from Microsoft Windows PCs.

Source - Security Fix

[From the article:

It's not clear exactly who's behind these attacks, but evidence points to Russian malware gangs.

Another “accessing the data we want is no big deal” Identity Theft case.

State Warns Passport Applicants Of Danger of Credit Card Fraud

Friday, October 31 2008 @ 06:04 AM EDT Contributed by: PrivacyNews

The State Department has notified approximately 400 passport applicants in the D.C. area of a breach in its database security that allowed a ring of thieves to obtain confidential information so they could fraudulently use credit cards stolen from the mail, officials said.

The scheme, involving two major government agencies, came to light months ago through a fluke.

Source - Washington Post

Some allusions to the long history of surveillance in France, but (if I understand) the notebooks were leaked by “magistrates” who obtained them during an official investigation.

Fr: Snoop and scoop

Thursday, October 30 2008 @ 11:25 AM EDT Contributed by: PrivacyNews

FOR nearly 12 years as France’s domestic spy chief, Yves Bertrand filled spiral-bound notebooks with every rumour that came his way about the goings-on of the political elite. They were supposed to be a private aide-mémoire, he says. But this month they became public when extracts were published by Le Point magazine, prompting an outburst of denials, red faces and legal action which has gripped the Paris establishment.

The disclosures so far are relatively coy, yet reveal the deeply pervasive culture of snooping in the country founded on the principle of liberté.

Source - The Economist

This is huge. And absolutely mandatory if Cloud Computing is to succeed.

Google introduces service-level guarantee for its Apps suite

Google's move may calm enterprises spooked by a long Gmail outage and a buggy Apps portal earlier this month

By Jeremy Kirk, IDG News Service October 31, 2008

... The Premier Edition of the Google Apps online productivity and collaboration suite will come with a 99.9 percent per-month uptime guarantee for the Gmail, Calendar, Docs, Sites and Google Talk services.

Related Why is it huge?

Study: Google runs more than 10 million Web sites

Posted by Stephen Shankland October 30, 2008 4:46 PM PDT

Related? Now you need to do all those serches over again!

Scanned documents found--by Google!

Posted by Eric Franklin October 30, 2008 6:06 PM PDT

If you've ever had trouble finding scanned documents on Google, it's probably because it was not indexing them. On Thursday, this all changed. Google has announced that it is now indexing scanned documents.

Think of it as the “Ronco Price-O-Matic” as seen on Saturday Night Live...

October 31, 2008

UPC Switching Scam

It's not a new scam to switch bar codes and buy merchandise for a lower value, but how do you get away with over $1M worth of merchandise with this scam?

In a statement of facts filed with Tidwell's plea, he admitted that, during one year, he and others conspired to steal more than $1 million in merchandise from large retailers and sell the items through eBay. The targeted merchandise included high-end vacuum cleaners, electric welders, power winches, personal computers, and electric generators.

Tidwell created fraudulent UPC labels on his home personal computer. Conspirators entered various stores in Ohio, Illinois, Indiana, Pennsylvania and Texas and placed the fraudulent labels on merchandise they targeted, and then bought the items from the store. The fraudulent UPC labels attached to the merchandise would cause the item to be rung up for a price far below its actual retail value.

That requires a lot of really clueless checkout clerks.

How the world views privacy?

30th International Data Protection Commissioners Conference follow-up

Friday, October 31 2008 @ 05:37 AM EDT Contributed by: PrivacyNews

The 30th International Data Protection Commissioners Conference was held in Strasbourg, France on October 15 to 17, 2008. A numb er of resolutions were passed; those can be found here. Video of some of the panel discussions can be found here.

hat-tip, Office of the Privacy Commissioner of Canada

If I read this correctly, transfers were banned but happened anyway. So they decided to allow it under circumstances they couldn't stop so they could remain in apparent control.

EU privacy chiefs update rules for overseas data transfers

Friday, October 31 2008 @ 05:45 AM EDT Contributed by: PrivacyNews

The European Union's data protection authorities have published amended guidance on how companies can legally share customer and staff personal data with parts of the firm located outside the European Union.

The Article 29 Working Party, which consists of the data protection watchdogs of the EU member countries, has created a mechanism for transferring data within organisations but to countries to which it would usually be illegal to send personal information.

Source - Related - Updated BCR guidance

We don't need no stinking patents! Except those that are truly new and innovative like: Initiation and discontinuation of electrical and electronic processes by manipulation of appropriately labeled buttons. (ON/OFF)

Federal Circuit Appeals Court Limits Business-Method Patents

Posted by timothy on Thursday October 30, @05:05PM from the sounds-smart-so-far dept. Patents The Courts United States

Zordak writes

"The Court of Appeals for the Federal Circuit has just issued its much-anticipated opinion in In Re Bilski [PDF]. This was a re-visit of the State Street issue of what constitutes patentable subject matter (including whether software and business methods are patentable). In summary, the court has affirmed and strengthened the 'machine-or-transformation' test, upholding the patent office's rejection of claims on a method to hedging risk in the field of commodities trading. Although the court refused to categorically exclude software patents, it is likely that the reasoning of this decision will be used to reject many software patents (note that some of the dissenting judges would have completely overturned State Street and tossed out all software and business method patents). Although not as sweeping as some had hoped for, it is certain that this decision, along with the Supreme Court's KSR decision last year, will lay a difficult mine field for those who want to patent software and business methods."

Would this apply to “searches” of files transferred over the Internet?

Court rules hash analysis is a Fourth Amendment "search"

By Julian Sanchez | Published: October 29, 2008 - 01:46PM CT

... Legal scholars, however, have spent a decade puzzling over whether the use of hash value analysis in a criminal investigation counts as a Fourth Amendment "search." A federal court in Pennsylvania last week became the first to rule that it does—but one legal expert says an appeal is very likely.

Chief Judge Yvette Kane of the U.S. District Court for the Middle District of Pennsylvania penned the opinion in United States v. Crist, granting Robert Crist's request for the suppression of child pornography police found on his computer.

... The question was first broached in a 1996 Yale Law Journal article titled "Cyberspace, general searches, and digital contraband." The author noted an interesting quirk of Fourth Amendment jurisprudence: Courts have held that a "search" occurs when someone's "expectation of privacy" is violated, provided that expectation is one that society is prepared to regard as "reasonable." But they've also held that there is no such "reasonable expectation" as regards the possession of illegal materials, like narcotics or child porn. In 2004, the Supreme Court would rely on this logic in the case of Illinois v. Caballes to hold that a trained drug dog's sniff, which only reveals the presence or absence of illegal drugs, does not count as a search. In the digital realm, this raised the possibility of what we might call, with a nod to novelist Erica Jong, a "zipless search"—a more or less perfect means of detecting only contraband, circumventing the Fourth Amendment's warrant requirement.

A glimpse into the political mind: “We have concluded that electronic voting machines are unreliable, prone to errors and easily hacked. But we're going to use them in this election anyway.”

Paper Ballots Will Return In MD and VA

Posted by timothy on Thursday October 30, @04:21PM from the but-this-baby-is-soaked-in-bathwater dept. Government Security United States Politics

cheezitmike writes

"According to a story in the Washington Post, 'Maryland and Virginia are going old school after Tuesday's election. Maryland will scrap its $65 million electronic system and go back to paper ballots in time for the 2010 midterm elections. In Virginia, localities are moving to paper after the General Assembly voted last year to phase out electronic voting machines as they wear out. "The battle for the hearts and minds of voters on whether electronic systems are good or bad has been lost," Brace said. The academics and computer scientists who said they were unreliable "have won that battle."'"

Can your TV do this?

Download full seasons of popular TV shows for $5

Posted by Rick Broida October 31, 2008 4:00 AM PDT

In an effort to push its new-ish Video On Demand service, Amazon is offering cheap deals on full seasons of popular TV shows. For example, you can get the first three seasons of Battlestar Galactica for just 5 bucks each. Also in the bargain bin: House (four seasons' worth), Heroes (seasons 1 and 2), The Office, and, if you're really hard up for entertainment, Hercules: The Legendary Journeys and Saved By the Bell.

In case you're not familiar with it, Amazon Video on Demand lets you stream shows and movies right in your browser (Mac or PC), no download required. However, you do have the option of downloading videos to your PC, notebook, TiVo, or compatible portable player for later (offline) viewing.

Interesting. Sort of an online Cliff Notes - Literature & History Resources

Are you struggling to keep up with your literature or history classes? If the answer to that question is a resounding “Yes”, a visit to this site is mandatory. Basically, Shmoop gives you immediate access to materials and study guides that will make an A student out of you. Moreover, the featured materials will appeal to literature adepts in general, as the provided analyses are very rich and profound. [Not the one's I saw Bob]

The main page includes an alphabetical index of books, whereas the featured titles are also highlighted one by one. Some authors which are featured include William Shakespeare, Joseph Conrad and James Joyce, along with classic Greek writers such as Sophocles and Homer. Upon choosing a specific tome, a comprehensive study guide is produced. This touches upon aspects like “Summary”, “Characters”, “Plot Analysis” and “Themes & Quotes”. Moreover, you can take part of ongoing discussions about that title by following the provided link. Finally, a tag cloud that highlights terms of note as regards that book is also included for browsing convenience.

Global Warming! Global Warming! Interesting choice of words. Is it only warmer at the poles because of humans? Equatorial warming (cooling?) is due to something else?

Polar warming 'caused by humans'

By Pallab Ghosh Science correspondent, BBC News

Related (Think of it as “Earth farts”)

MIT scientists baffled by global warming theory, contradicts scientific data

Trendwatch By Rick C. Hodgin Thursday, October 30, 2008 09:55

Boston (MA) - Scientists at MIT have recorded a nearly simultaneous world-wide increase in methane levels. This is the first increase in ten years, and what baffles science is that this data contradicts theories stating man is the primary source of increase for this greenhouse gas. It takes about one full year for gases generated in the highly industrial northern hemisphere to cycle through and reach the southern hemisphere. However, since all worldwide levels rose simultaneously throughout the same year, it is now believed this may be part of a natural cycle in mother nature - and not the direct result of man's contributions.

Thursday, October 30, 2008

Gosh, we never thought of that...

Eleven missing disks containing sensitive pensioner information

Posted by Evan Francen at 10/29/2008 2:41 PM

"Cleveland - Eleven computer disks containing personal information on thousands of Ohio retirees are missing and are believed to be somewhere in the US Postal Service, Medical Mutual of Ohio announced today."

... Medical Mutual said it was notified by the retiree systems when the disks failed to arrive at their Columbus offices.

The disks were contained in packages routinely mailed monthly by Medical Mutual for claims reconciliation purposes to the affected parties’ central offices in Columbus

... "We are confident that we will locate them. We ask Ohio Retirement System (ORS) members not be alarmed. Our investigation, so far, indicates that insufficient postage was placed on the envelopes, [“Other than being able to calculate the proper postage, we're very competent people!” Bob] therefore we believe they are likely to still be safe within the postal system," he added.

... Going forward, SERS is requiring a change in the way this information is delivered by its medical vendors. SERS expects all information to be delivered electronically in a secure, encrypted fashion. [“An exhaustive two minutes of research shows this has been the recommended “Best Practice” for years, so our Lawyers suggest we think about perhaps, kinda, considering it.” Bob]

Security Theater: Sounds to me like DC is jealous that NY got Federal (i.e. taxpayer)l money to conduct random searches and they didn't. Have they EVER detected anything remotely connected to terrorists?

Metro to Randomly Search Riders' Bags

Thursday, October 30 2008 @ 06:25 AM EDT Contributed by: PrivacyNews

Metro officials yesterday announced plans to immediately begin random searches of backpacks, purses and other bags in a move they say will protect riders and also guard their privacy and minimize delays.

The program is modeled after one begun three years ago in New York that has withstood legal challenges.

Source - Washington Post

[From the araticle:

"We realize that all Americans everywhere are at some risk from terrorism, and that those of us who live and work in the region of the nation's capital face increased risks," ['cause we're more important than everyone else... Bob] Metro Transit Police Chief Michael Taborn said at a news conference yesterday.

U.S. intelligence agencies have long warned that the weeks just before an election and immediately after are considered a "zone of vulnerability" [I'll bet they said “time of increased vulnerability” not “zone” but that would suggest that the serches (and increased budget) should end at some point... Bob] for the country. The teams tasked with helping the winner of next week's presidential election transition into office also have been warned about the heightened chances of attack.

... No advance notice will be given, but just before inspections begin, Metro police will post signs alerting riders. [Oxymoronic? Bob]

I'll use the same argument the anti-gun registration lobby uses. If it is too much hassle to buy phones, crooks will just steal them – it is, after all, what they do for a living...

NZ: Call to register prepaid cellphones 'an intrusion'

Thursday, October 30 2008 @ 06:36 AM EDT Contributed by: PrivacyNews

A call for prepaid cellphone customers to be registered to stop criminals using them has been labelled an unnecessary intrusion into people's lives.

Police yesterday called for the register because criminals often used prepaid phones, which can be bought without identification, because they believe they cannot be traced and can be disposed of easily.

But Auckland Council for Civil Liberties president Barry Wilson said the plan was over the top and could result in innocent people getting caught up unnecessarily in police inquiries.

Source - New Zealand Herald Thanks to Brian Honan for this link.

With the number of data breaches the UK government has had revently, I suspect they see the cost of a notification law as exceeding their defense budget!

UK: Watchdog: 'No to US-style data laws'

Thursday, October 30 2008 @ 06:34 AM EDT Contributed by: PrivacyNews

US-style personal data breach notification is not a workable model for the UK, the UK's information watchdog told RSA delegates.

In a keynote address, Information Commissioner Richard Thomas said: “I am not convinced by legislation that requires companies to individually warn the public if their details have been compromised. The severity and circumstances of each breach merit a different response, and mandatory notification doesn't take this into account. It would be a significant additional burden for businesses, and could cause public 'breach fatigue'". [A letter a day would tend to make you cranky... Bob]

Source - SC Magazine Thanks to Brian Honan for this link.

Schneier sticks it to surveillance

Thursday, October 30 2008 @ 06:40 AM EDT Contributed by: PrivacyNews

Security guru Bruce Schneier has challenged the view that privacy and security are at loggerheads, suggesting the real debate is between liberty and control.

Schneier, security technologist and CTO of BT Counterpane, made the comments during a keynote address at the RSA Conference in London on Tuesday. He sees ubiquitous surveillance and measures such as identity cards tipping the balance towards the state, describing them as stepping stones towards a future where checks become less obtrusive while simultaneously more all-encompassing.

Source - The Register Thanks to Brian Honan for this link.

[From the article:

"Identity checks will fade into the background," Schneier said. "At the moment there are CCTV cameras everywhere and you can see them. There are identity checks everywhere and you know it is happening. Five years ago these technologies weren't everywhere and in five years' time they won't be visible."

Tools & Techniques Hack like a terrorist. (TOR has been available for a while, but this is a good “optimizing” article)

Ultimate Security Proxy With Tor — Nowadays,within the growing web 2.0 environment you may want to have some anonymity,and use other IP addresses than your own IP. Or, for some special purposes - a few IPs or more, frequently changed. So no one will be able to track you. A solution exists, and it is called Tor Project, or simply tor. Here's how to pull maximum out of it.

Tools & Techniques This could be useful for those “not very aggressive” websites you want to monitor... - Turn Any URL Into A RSS Feed

The FeedBeater website serves one concise aim, namely enabling its users to turn any given URL into a RSS feed. This service is not only rendered in an entirely hassle-free manner, but it is also available at no cost.

Upon setting your browser to, you will be greeted with a box where you can type in or paste the URL of the site in question. Once this has been done, you simply click on the “Beat It!” button and then a RSS feed is generated instantly.

The site claims to produce clean and intelligent RSS feeds by identifying new content and applying a filter that leaves out any unimportant elements of the concerned site.

Further features include a FeedBeater bookmarklet that can be used to syndicate any page that you visit. This can be found under the “Widgets” heading, along with a script that will enable your site visitors to syndicate any page on your website.

Boy, dem Haavard guys is smart! But is dey right?

RIAA Litigation May Be Unconstitutional

Posted by timothy on Wednesday October 29, @06:05PM from the what-about-ritchie-chaz-and-margot? Dept. The Courts The Almighty Buck United States

dtjohnson writes

"A Harvard law school professor has submitted arguments on behalf of Joel Tenenbaum in RIAA v. Tenenbaum in which Professor Charles Neeson claims that the underlying law that the RIAA uses is actually a criminal, rather than civil, statute and is therefore unconstitutional. According to this article, 'Neeson charges that the federal law is essentially a criminal statute in that it seeks to punish violators with minimum statutory penalties far in excess of actual damages. The market value of a song is 99 cents on iTunes; of seven songs, $6.93. Y et the statutory damages are a minimum of $750 per song, escalating to as much as $150,000 per song for infringement "committed willfully."' If the law is a criminal statute, Neeson then claims that it violates the 5th and 8th amendments and is therefore unconstitutional. Litigation will take a while but this may be the end for RIAA litigation, at least until they can persuade Congress to pass a new law."

It is always cheaper to do it right in the first place...

October 29, 2008

New on LLRX - E-Discovery Update: Pushing Back Against Hardcopy ESI Productions

E-Discovery Update: Pushing Back Against Hardcopy ESI Productions - Conrad J. Jacoby addresses how critical technology issues related to document authenticity and document-associated metadata have left fewer lawyers willing to accept e-mail messages and other electronic documents in print format. He argues that litigants choosing to produce electronically stored information in hardcopy format should be prepared to provide more complete electronic copies of their production, even when it isn’t initially requested by opposing counsel.

[From the article:

Sometimes, however, a second production of electronically stored information is both necessary and appropriate. A recent Kansas case, White v. Graceland College Center For Professional Development & Lifelong Learning, 2008 WL 3271924 (D. Kan. Aug. 7, 2008) provides step by step instruction in the steps that a dissatisfied requesting party can take to seek re-production of materials previously produced in a different format. While this opinion is far from the only authority on how a distressed party can seek this relief, the Court distilled guidance from a number of e-discovery opinions into an easily understood, plain-English discussion. Even without its citations, the opinion nicely demonstrates the preparation required to seek this relief.

Attention peasants! The King's proclamations will no longer be nailed to the village bulletin board!

October 29, 2008

Online News Readership Grows as Print News Shrinks or Disappears

As print media decline, so does the amount of available information, by David Carr, IHT: "It has been an especially rotten few days for people who type on deadline. [Because deadlines always occur after the news hits the Internet. Bob] Just Tuesday, The Christian Science Monitor announced that, after a century, it would cease publishing a weekday paper. Time Inc., the Olympian home of Time magazine, Fortune, People and Sports Illustrated, announced that it was cutting 600 jobs and reorganizing its staff. And Gannett, the largest newspaper publisher in the country, compounded the grimness by announcing it was laying off 10 percent of its work force - as many as 3,000 people...The paradox of all these announcements is that newspapers and magazines do not have an audience problem - newspaper Web sites are a vital source of news and growing - but they do have a consumer problem."

Related. This is very “niche market” journalism. Only a few geeks will be interested, so it is unlikely to every make the New York Times Book Review... Isn't having it availble a good thing?

Tools & Techniques for Reverse Engineering and Hacking

The IDA Pro Book

Posted by samzenpus on Wednesday October 29, @12:49PM from the read-all-about-it dept.

An anonymous reader writes

"After attending DEFCON in August and seeing the overwhelming interest in this book, I was eager to dive into The IDA Pro Book by Chris Eagle. Chris Eagle's team, School of Root, won the 'Capture the Flag' event at DEFCON this year and Chris gave a presentation on CollabREate, a tool that integrates with IDA Pro to allow collaboration in reverse engineering (RE). All of that — together with the fact that the book sold out — screamed that this book should quickly make it to the top of my list."

Read below for the rest of Ryan's review.

Is that so? (Best I can do with only two cups of coffee...)

October 29, 2008

New on LLRX - Leadership & The Role Of Information: Making The Creatively Informed Questioner

Leadership & The Role Of Information: Making The Creatively Informed Questioner - Stuart Basefsky supports the concept that the quintessential leader is an informed leader. However, effectively communicating and leveraging the power of information, in leadership roles, is subject to a range of interpretations that he discusses in this forward thinking series.

[From the article:

Common to the best leaders, however, is one distinguishing factor - the ability to use information creatively in raising questions. It is this ability to raise relevant, provocative, insightful, and often path-finding questions that separates true leaders from those who may be occupying a leadership position

Oh boy! Legal PowerPoints!

October 29, 2008

United Nations Office of Legal Affairs Launches Audiovisual Library of International Law

The United Nations Office of Legal Affairs launched the Audiovisual Library of International Law. [Lorraine Pellicano Waitman]

  • "The Audiovisual Library is a unique, multimedia resource which provides the United Nations with the unprecedented capacity to provide high quality international law training and research materials to an unlimited number of recipients on a global level. The Audiovisual Library consists of three pillars: (1) the Historic Archives containing documents and audiovisual materials relating to the negotiation and adoption of significant legal instruments under the auspices of the United Nations and related agencies since 1945; (2) the Lecture Series featuring a permanent collection of lectures on virtually every subject of international law given by leading international law scholars and practitioners from different countries and legal systems; and (3) the Research Library providing an on-line international law library with links to treaties, jurisprudence, publications and documents, scholarly writings and research guides. The Audiovisual Library is available to all individuals and institutions around the world for free via the Internet."

Wednesday, October 29, 2008

For my Security students...

Finjan unveils how cybercriminals steal corporate data and store it on remote crimeservers

Wednesday, October 29 2008 @ 05:58 AM EDT Contributed by: PrivacyNews

Finjan Inc., has announced that its Malicious Code Research Center (MCRC) has documented step-by-step how corporate data is being stolen and stored on remote servers owned by criminals. In its October 2008 Malicious Page of the Month report, Finjan describes how a corporate user, while browsing the web for his regular business needs, got infected with a Trojan.

Source -

[Finjan Page of the Mainth:

Winning hearts and minds... (Does this only happen in China?)

Microsoft goes black, making Chinese see red (AP)

Posted on Tue Oct 28, 2008 12:40PM EDT

SHANGHAI, China - An anti-piracy tactic by Microsoft Corp. that turns some computer users' screens black has set off a wave of indignation among Chinese consumers, posing renewed problems for the software maker in the huge China market.

... "It's a crime," said Beijing lawyer Dong Zhengwei, who filed a complaint against Microsoft with the Public Security Ministry. The ministry hasn't responded. "The black-screen plan implies that Microsoft can hack all its users, not just the pirates," Dong said. "That's not fair."

At issue is Windows Genuine Advantage, a tool Microsoft uses to assess, over the Internet, whether a PC has one of the pirated copies of Windows that flourish in developing countries. The tool was developed after Windows XP was released, but has since been added to updated copies of the operating system. The technology was built into Vista, the latest edition of Windows, from the start.

As the tool scans for pirated copies of Windows, it logs certain information about computers, notifies users if it detects illegal copies or counterfeits — and urges them to get a legitimate copy.

Windows Genuine Advantage has been in use worldwide for several years. The update that started to affect Chinese PC users last week did exactly what it was intended to do: get people's attention.

Now when the tool detects a fake copy of Windows, it turns the PC's desktop black, replacing the user's background image. Though the user can override the blackout, it reappears every 60 minutes.

In all other ways, the blacked-out computer still works, thanks in part to an outcry last year. In Microsoft's first attempt to step up notifications for pirated software, Windows Genuine Advantage crippled Vista's snappy user interface and disabled other features. Microsoft backed down and settled on the blacked-out desktop as a compromise.

If you comply, can you still say, “I didn't know?”

October 28, 2008

Information Technology Risks and Controls and Fair Credit Reporting Act

OTS 08-051 - OTS Issues New Examination Procedures on Identity Theft Red Flags and Address Discrepancies: "This Regulatory Bulletin transmits revised Examination Handbook Section 341, Information Technology Risks and Controls, and revised Examination Handbook Section 1300, Fair Credit Reporting Act (FCRA). The revised Handbook Sections contain new guid-ance and examination procedures for the final rules on Identity Theft Red Flags and Address Discrepancies, which implement Sections 114 and 315 of the Fair and Accurate Credit Trans-actions Act (FACT Act) of 2003. This bulletin rescinds RB 37-15 dated April 20, 2006."

Google does evil? Isn't a compromise with the “old school” evil?

October 28, 2008

Authors, Publishers, and Google Reach Landmark Settlement

News release: "The Authors Guild, the Association of American Publishers (AAP), and Google today announced a groundbreaking settlement agreement on behalf of a broad class of authors and publishers worldwide that would expand online access to millions of in-copyright books and other written materials in the U.S. from the collections of a number of major U.S. libraries participating in Google Book Search... Under the agreement, Google will make payments totaling $125 million. The money will be used to establish the Book Rights Registry, to resolve existing claims by authors and publishers and to cover legal fees. The settlement agreement resolves Authors Guild v. Google, a class-action suit filed on September 20, 2005 by the Authors Guild and certain authors, and a suit filed on October 19, 2005 by five major publisher-members of the Association of American Publishers: The McGraw-Hill Companies, Inc.; Pearson Education, Inc. and Penguin Group (USA) Inc., both part of Pearson; John Wiley & Sons, Inc.; and Simon & Schuster, Inc. part of CBS Corporation. These lawsuits challenged Google’s plan to digitize, search and show snippets of in-copyright books and to share digital copies with libraries without the explicit permission of the copyright owner."

Is the Judge asking the RIAA to have pity on their victims? I doubt they will change their strategy that easily! Costly litigation is a strategic tool.

Judge Tells RIAA To Stop 'Bankrupting' Litigants

Posted by CmdrTaco on Tuesday October 28, @04:50PM from the also-bake-them-cookies dept. The Courts

NewYorkCountryLawyer writes

"The Boston judge who has consolidated all of the RIAA's Massachusetts cases into a single case over which she has been presiding for the past 5 years delivered something of a rebuke to the RIAA's lawyers, we have learned. At a conference this past June, the transcript of which (PDF) has just been released, Judge Nancy Gertner said to them that they 'have an ethical obligation to fully understand that they are fighting people without lawyers... to understand that the formalities of this are basically bankrupting people, and it's terribly critical that you stop it ...' She also acknowledged that 'there is a huge imbalance in these cases. The record companies are represented by large law firms with substantial resources,' while it is futile for self-represented defendants to resist. The judge did not seem to acknowledge any responsibility on her part, however, for having created the 'imbalance,' and also stated that the law is 'overwhelmingly on the side of the record companies,' even though she seems to recognize that for the past 5 years she has been hearing only one side of the legal story."

Interesting, but if IBM is creating what is essentially a standalone computer on a thumbdrive, why not build it into a handheld device (PDA or cellphone) and ignore the laptop entirely?

Banking security on a USB stick

Posted by Elinor Mills October 28, 2008 10:01 PM PDT

IBM was set to unveil on Wednesday a prototype USB device designed to protect people doing online banking from having their data stolen or compromised.

The device, which looks like a memory stick with an integrated display, creates a secure channel to a bank's online transaction server. The connection bypasses the user's PC, which could be infected with viruses and other malware that make sending financial information over the Internet unsafe.

The user can log on and validate transactions using the device's display and a smart card can be inserted into the device, providing an added layer of security to protect transmissions from man-in-the-middle interceptions, IBM said.

Might be useful, but it seems redundant. What would be useful is an interactive guide to Google Hacks, demonstrating how to use all the Google features. For instance, I use it frequently to identify acronyms (define: SAAS) and in my math classes as a calculator or table lookup (sine 28 degrees) - Roundup Of Google Services

This web-service was created with the objective of encapsulating all the different products and services that Google offers into a single and self-contained page. The person behind this concept terms it “a roundup of every Google search and service out there on one convenient page”, and this is exactly what the site stands for.

Could be useful. I can spot the books/authors I want and get on the waiting list at my local library (maybe even earlier than #629!) - Amazon Window Shop

Those who have a soft spot for online shopping and are hooked up on Amazon have arrived at the right place. The Amazon Window Shop is a new way of browsing through products which have been recently released, and have a taster of what each full product has to offer.

Basically, the site is updated every Tuesday. That day, samples from a new batch of products are uploaded to the site for you to delve upon. This approach dispenses with text-based advertising and lets you see trailers from the new movies that have added to the catalog, as well as listening to the most notable tracks from albums which have just hit the streets. There are also audio reviews of recommended books.

MTV Launches Music Video Site

Posted by Soulskill on Wednesday October 29, @08:15AM from the guess-what's-top-rated-right-now dept. Music The Internet

An anonymous reader writes

"MTV Music has just launched a website where they offer over 16,000 music videos — like YouTube, but with fewer notices and DMCA takedowns. They've also set up development tools for third parties to incorporate the content into their own creations. Users creating accounts at the site face other challenges, however, such as the six separate agreements and privacy statements that must be accepted via a single checkbox. Thankfully, at the time of writing the MTV Music website was making this process easier on its Firefox 3 visitors by automatically checking the accept box whenever any agreement is viewed."

Tuesday, October 28, 2008

Think of this as hiring an “ID Theft trainer” for the state pen...

Identity theft ringleader gets 4 years in prison

Monday, October 27 2008 @ 08:51 AM EDT Contributed by: PrivacyNews

A French national has been sentenced to more than four years in prison for heading an identity theft ring that enlisted restaurant servers to swipe information from customers' credit cards in Southern California.

A federal judge in Santa Ana on Friday also ordered Kresimir Matuzovic to pay $1.3 million in restitution to banks he defrauded as part of his scheme.

Source - San Francisco Chronicle

Related Lawyers: Advise your rich, ID Theft clients to hire limos rather than drive themselves!

NE: Stolen ID Sentencing

Tuesday, October 28 2008 @ 05:08 AM EDT Contributed by: PrivacyNews

... Eric J. Jordan was arrested in May 2008 after a traffic stop. At the time, Sheriff Kevin Stukenholtz said Jordan attempted to steal a cruiser after being pulled over.

In Jordan’s possession were false ID’s and thousands of stolen personal documents. There was so much mail in his car, deputies could not see through it.

Source - WOWT

More than meets the eye?

Student Charged With Three Felonies for Finding Security Flaw — and Reporting it

Posted by ScuttleMonkey on Tuesday October 28, @05:35AM from the no-good-deed-goes-unpunished dept.

Well, yet another teenage hacker who "did the right thing" by reporting a security flaw is being punished for his actions. Although it definitely sounds like the whole story may not be in the clear yet, a 15-year-old New York high school student has been charged with three felonies claiming that he accessed a file containing social security numbers, driver's license numbers, and home addresses of past and present employees ... and then sent an anonymous email to the principal alerting him to the security flaw.

"All that was needed to access the information was a district password. School officials have admitted that thousands of students, faculty and employees could have accessed the same file for up to two weeks."

Related? Wise folks, those Canadians

Canadian Court Rules "Hyperlink" Is Not Defamation

Posted by ScuttleMonkey on Monday October 27, @06:54PM from the don't-tread-on-my-links dept. The Courts The Internet

NewYorkCountryLawyer writes

"In a landmark ruling, a Canadian court has ruled that a web site's publication of hyperlinks to an allegedly defamatory web site is not in and of itself a 'publication,' and therefore cannot in and of itself constitute defamation. In a 10-page decision [PDF], Crookes v. Wikimedia, Sup. Ct., British Columbia, Judge Keller dismissed the libel case against Jon Newton, the publisher of, which was based on the fact that his article contained links to the allegedly defamatory site, since hyperlinks, the Court reasoned, are analogous to footnotes, rather than constituting a 'republication.' Mr. Newton was represented in the case by famous libel, slander, and civil liberties lawyer Dan Burnett of Vancouver, British Columbia."

Why should we assume this happens only to outsourced (off-shored actually) call centers?

How Outsourced Call Centers Are Costing Millions In Identity Theft

Monday, October 27 2008 @ 12:05 PM EDT Contributed by: PrivacyNews

A former Chase call center rep tells the story about this one thief who was able to rip off one customer for over $40,000, thanks to his constant outwitting out the internationally out-sourced security department. It wasn't that hard. Over and over again, he was able to commit credit card fraud just knowing the guy's name, social, and mother's maiden name.

Source - The Consumerist

Related – an interesting idea but probably will come about through “Don't export jobs” laws, which of course are impossible to implement...

AU: Do-not-export register wanted for data transfer

Tuesday, October 28 2008 @ 05:07 AM EDT Contributed by: PrivacyNews

PRIVACY advocates have proposed a register for Australians concerned about proposed changes that would allow businesses to send customer information to "dangerous" countries such as Russia.

Professor Graham Greenleaf, director of the Cyberspace Law and Policy Centre at the University of NSW, says a Do Not Send Export my Data list will prove just as popular as the Do Not Call register, which now has more than 2.5 million subscribers who do not want to be called by direct marketers.

"If your bank manager said the bank had an amazing outsourcing deal, and it was going to send all your details to Russia, you'd be justifiably worried about your privacy," Greenleaf says.

Source - Australian IT

The value of a stolen ID has been falling for years as they devolve from the “luxury goods” category (available only on the criminal equivalent of Rodeo Drive) to “commodity goods” available at any 7-11.


Monday, October 27 2008 @ 03:21 PM EDT Contributed by: PrivacyNews

Your personal identity isn't worth quite as much as it used to be—at least to thieves willing to swipe it.

According to experts who monitor such markets, the value of stolen credit card data may range from $3 to as little as 40 cents. That's down tenfold from a decade ago—even though the cost to an individual who has a credit card stolen can soar into the hundreds of dollars.

Source - Newsweek

Sometimes articles make me giggle...

UK: Lawyers Found Guilty of Failing to Defend Their Clients

Monday, October 27 2008 @ 08:10 AM EDT Contributed by: PrivacyNews

Your honour, I put it to you that members of the legal sector are guilty of gross negligence! 24% of UK legal firms have confessed to misplacing at least one mobile device containing confidential documents. These losses leave the data saved to the device vulnerable to exposure with case-notes, contracts and client details typically at risk. That’s the shocking discovery by Credant Technologies, a company specialising in IT security, in its survey amongst 100 legal firms across the UK to ascertain how this well-informed sector view “security, mobile devices and end-point protection”.

Source - International Business Times (press release)

[From the article:

37% of lawyers believed that if they did lose their mobile device it would be insecure as a hacker, or identity thief, is “cleverer than the average lawyer” and could access the data it contains. A paltry 13% of those that had lost a mobile device were confident it couldn’t be breached, or used against them, as only this small percentage of law firms were security savvy enough to encrypt the data residing on them.

... Over 90% of lawyers believe their data is protected because they are securing it with a password.

... The survey further revealed that one in five lawyers use their own mobile devices to store corporate and sensitive information – (a disclosure which will throw every respecting IT department into total apoplexy), as these devices slip under the companies IT security radar and out of the IT departments control so they can neither secure them, back-them-up or claim ownership of the information they contain if a lawyer were to leave the organisation.

What would prevent anyone from using a database for “purposes other than those for which it was created?” (Hint: Nothing, zip, nada)

MI: Bloomfield Hills schools' release of info prompts privacy fears

Monday, October 27 2008 @ 08:13 AM EDT Contributed by: PrivacyNews

Millions of parents in Michigan and nationwide are signed up to receive e-mail alerts from their schools. Most of the delivery systems were created in the wake of the 2001 terrorist attacks and were originally intended to quickly get word to parents about emergencies like lockdowns or evacuations.

.... But a controversy has erupted after about 12,000 parents in Bloomfield Hills schools received an e-mail earlier this month that was a campaign message for two school board candidates.

How did the candidates get the parents' e-mail addresses?

Bloomfield Hills school officials contend they were forced to release electronic copies of the e-mail address lists when two women made separate requests for the information last year under the state's Freedom of Information Act.

Source - Detroit Free Press

Points to laws and other interesting stuff... (I'm pretty sure I've mentioned this before, but I'm too lazy to go back through my September blogs to be sure.)

AU: 2007-08 Annual Report of the Office of the Privacy Commissioner

Tuesday, October 28 2008 @ 05:02 AM EDT Contributed by: PrivacyNews

The Operation of the Privacy Act Annual Report 2007-08 from the Office of the Privacy Commissioner of Australia

The Operation of the Privacy Act Annual Report 2007-08 -PDF (5 MB)

“Big Brother-ness” seems to be a trend...

International Telecommunication Union criticised for its role in internet snooping

Monday, October 27 2008 @ 07:58 AM EDT Contributed by: PrivacyNews

At EuroDIG, the first European Dialogue on Internet Governance, the scientists and experts of the Council of Europe have sharply criticised the International Telecommunication Union (ITU) for acting behind closed doors in its initiatives towards cybersecurity standardization.

... Just recently, the ITU's work on standards for back-tracing IP addresses caused something of a furore. Yet, said Bill Drake, a scientist at the Center for International Governance at the Graduate School in Geneva, this work was only a tiny part of the work being done in the sensitive area of IT security. He warned that China, Russia and the USA could become the new axis of evil, pushing forward the integration of new ways of snooping on the internet. There was in his view an ambitious agenda extending beyond technical questions all the way up to legal regulations to counter cybercrime.

Source - Heise Online


Sedona Provides New Much Needed Guidance on ESI Preservation

The Sedona Conference has once again written a helpful guide, this time on preservation and inaccessible data, entitled: Commentary on Preservation, Management and Identification of Sources of Information that are Not Reasonably Accessible. As usual, you can download a copy for individual use for free at The Sedona Conference’s website.

Related Perhaps a business that converts old/orphaned data to newer formats?

'Digital dark age' may doom some data

The framed photograph will inevitably fade and yellow over time, but the digital photo file may be unreadable to future computers – an unintended consequence of our rapidly digitizing world that may ultimately lead to a "digital dark age," says Jerome P. McDonough, assistant professor in the Graduate School of Library and Information Science at the University of Illinois at Urbana-Champaign.

According to McDonough, the issue of a looming digital dark age originates from the mass of data spawned by our ever-growing information economy – at last count, 369 exabytes worth of data, including electronic records, tax files, e-mail, music and photos, for starters. (An exabyte is 1 quintillion bytes; a quintillion is the number 1 followed by 18 zeroes.)

Geek stuff. A “home computer” that you carry on your keychain.

Battle of the Thumb Drive Linux Systems

These days, it only takes an increasingly-cheap USB thumb drive and a program like UNetbootin to create a portable Linux desktop you can run on any computer that can boot from a USB port. But check out the list of distributions UNetbootin can download and install—it's huge, and the names don't tell you much about which distro is best for on-the-go computing. Today we're detailing four no-install distributions—Damn Small Linux, Puppy Linux, Xubuntu, and Fedora—and helping you decide which might work for that spare thumb drive you've got lying around, or as just a part of your multi-gig monster stick. Read on for a four-way faceoff of bootable Linux systems.

Interesting on many levels. Is this a marketing ploy, a political statement or a denial of service attack (servers are currently unreachable)

Lame Duck Challenge Ends With Free Codeweavers Software For All

Posted by ScuttleMonkey on Tuesday October 28, @07:30AM from the well-that-didn't-end-as-planned dept.

gzipped_tar writes to tell us that The Codeweavers "Great American Lame Duck Presidential Challenge" has ended in surprise and free software all day Tuesday (October 28, 2008) at the Codeweavers site. A while back Codeweavers gave President Bush a challenge to meet one of several goals before he left office. One of these goals was to lower gas prices in the Twin Cities below $2.79 a gallon, which has since transpired.

"How was I to know that President Bush would take my challenge so seriously? And, give the man credit, I didn't think there was *any* way he could pull it off. But engineering a total market meltdown - wow - that was pure genius. I clearly underestimated the man. I'm ashamed that I goaded him into this and take full responsibility for the collapse of any savings you might have. Please accept our free software as my way of apologizing for the global calamity we now find ourselves embroiled in."

Monday, October 27, 2008


Data “Dysprotection:” breaches reported last week

Monday, October 27 2008 @ 05:28 AM EDT Contributed by: PrivacyNews

A recap of incidents or privacy breaches reported last week for those who enjoy shaking their head and muttering to themselves with their morning coffee.

Source - Chronicles of Dissent

This is the report the White House fiddled with...

October 26, 2008

DHS Privacy Office Annual Report Annual Privacy Report to Congress, July 2007 to July 2008

DHS Privacy Office Annual Report Annual Privacy Report to Congress, July 2007 to July 2008 (100 pages, PDF)

Of course it's unplanned. That's the whole point!

October 26, 2008

Gartner and Nielsen Reports - Impact of Social Networking in Government and

  • Gartner Says Citizen Social Networks Will Complement, and May Replace, Some Government Functions, Egham, UK, October 23, 2008 — "By 2011, 70 per cent of social computing deployments in government that achieve business benefits will do so in unplanned or unexpected ways, according to Gartner, Inc. Government organisations around the world are showing great interest in social computing, yet deployment so far is relatively limited... Today, the primary role of social networks for governments is to facilitate the exchange of information and to establish novel collaboration patterns, often across organisational boundaries."

  • Nielsen Online Media Alert - Fastest Growing Social Networks for September 2008:, and Ning Lead in Year-Over Year Audience Growth

    • U.S. Department of State: Major Programs of the Office of eDiplomacy: "Diplopedia wiki - Launched in September 2006, Diplopedia is the State Department's internal unclassified online encyclopedia. Just as people create and edit articles on public wikis on the Internet, Department personnel are using Diplopedia to create a broad, informative and expanding reference tool for knowledge-sharing about the Department, its programs and offices, and other international affairs subjects."

Related. If we didn't plan for it, it must not exist? (Don't confuse me with facts?)

Australian Government Ignoring Problems With Proposed Filters

Posted by Soulskill on Sunday October 26, @09:20AM from the la-la-la-i-can't-hear-you dept.

halll7 writes with an update to the proposed Australian national firewall we discussed recently. According to the BBC, "The official watchdog, the Australian Communications and Media Authority (ACMA), has been conducting laboratory tests of six filtering products, and the government plans a live trial soon. ... After its recent trials, ACMA reported significant improvements on earlier studies. The network degradation on one product was less than 2%, although two products were in excess of 75%." Now, Ars Technica reports that "an Australian newspaper has uncovered documents showing that the government minister responsible for the program has ignored performance and accuracy problems with the filters, then tried to suppress criticism of the plan by private citizens." The EFA has a great deal to say in opposition of these plans.

Perhaps this is the replacement for Professional journals?

Modern Methods For Sharing Innovation

Posted by Soulskill on Sunday October 26, @10:34AM from the let's-see-what-you've-got dept.

The New York Times is running a story about Johnny Chung Lee, a hardware hacker made famous for his projects which modified the Nintendo Wiimote to do things like positional head tracking and multi-touch display control. The article focuses on the suggestion that Lee's use of YouTube to demonstrate his innovations has done a better job of communicating his ideas than more traditional methods could. Quoting:

"He might have published a paper that only a few dozen specialists would have read. A talk at a conference would have brought a slightly larger audience. In either case, it would have taken months for his ideas to reach others. Small wonder, then, that he maintains that posting to YouTube has been an essential part of his success as an inventor. 'Sharing an idea the right way is just as important as doing the work itself,' he says. 'If you create something but nobody knows, it's as if it never happened.'"

Not yet on the scale of “Hanging Chad” -- but give it time...


by FreeSociety Sun Oct 26, 2008 at 08:29:12 AM PDT

... ES&S iVotronics touch screens have already been observed now in four completely separate States, flipping the votes, in the early voting that has taken place to date. Eye-witness reports of repeated, consistent flipping of votes (from Obama to McCain naturally) has already occurred in the States of: West Virginia, Tennessee, Missouri, and Texas that have had early voting.

Related? True of any hot topic, isn't it?

Game-Related Education On the Rise At Colleges

Posted by Soulskill on Sunday October 26, @08:22PM from the best-kind-of-homework dept.

The LA Times has a story about the increased interest in learning how to make video games amongst college students, and the subsequent rise in game-related education as the schools respond to that demand. Some programs are gaining legitimacy, while others do perhaps more harm than good. Quoting:

"The surge in interest has led schools to add games to their menu — but not always to the benefit of its students. Recruiters say they often see 'mills' that run around-the-clock sessions to quickly churn out as many students as possible. Other programs teach specific skills but not how games are pulled together. 'It's a very hot academic growth area,' said Colleen McCreary, who runs EA's university relations program. 'I'm very worried about the number of community colleges and for-profit institutions, as well as four-year programs, that are using game design as a lure for students who are not going to be prepared for the real entry-level positions that the game industry wants.'"

Not unexpected, but how do the rest justify spending an “extra” $400? V3.0 Sets Download Record, 80% Windows

Posted by timothy on Sunday October 26, @03:31PM from the constant-companion dept. Software Sun Microsystems IT

thefickler writes

"The newest version of OpenOffice, version 3.0, has set a download record in its first week of availability. Most surprising is the fact that over 80% of downloads were from Windows users. As one commentator noted, when it comes to a choice between almost identical software (e.g. Microsoft Office and OpenOffice), price is the determining factor."

Dude! It's a medicinal taco!

Colo. couple get marijuana with order of tacos

Sun Oct 26, 12:44 am ET

LAKEWOOD, Colo. – A Colorado couple found an unusual topping on their order of tacos: a small bag of marijuana.

They discovered the drugs with their order from a Del Taco restaurant and called police, said Lakewood police spokesman Steve Davis.

Twenty-six-year-old Dennis Klermund, who police say waited on the husband when he picked up food Oct. 16, faces charges of possession of marijuana and drug paraphernalia.

This is why I'm FROM New Jersey.

One man's garbage becomes another's power plant

By DAVID PORTER, Associated Press Writer – Sun Oct 26, 4:47 pm ET

... According to the plan, New Jerseyans produce 6.7 pounds of trash per day, 50 percent more than the national average.