Saturday, December 27, 2008

Sex is illegal on Cape Cod? Only the unnatural kind practiced in the nature preserve.

MA: Yarmouth destroys intimate surveillance photos

Friday, December 26 2008 @ 02:09 PM EST Contributed by: PrivacyNews

Hundreds of pictures of people — mostly men — walking, meeting and in some instances engaging in intimate contact along nature trails in the Dennis Pond Conservation were destroyed by town officials earlier this month.

That might lead some people who frequented the area for sex to breathe a sigh of relief.

Those pictures were public information and therefore accessible to anyone who wanted to peruse them, according to some privacy experts.

Source - Cape Cod Times

[From the article:

The cameras were placed in trees last year by the town's Division of Natural Resources as part of an investigation by that office and the police into complaints about people engaging in sex in the conservation area, within view of the walking trails, said Karl vonHone, director of the Yarmouth Division of Natural Resources.

No signs were posted warning people of the surveillance.

I'm seeing more articles like this one. Isn't that a good sign?

Ask for Too Much Information, Watch Customers Flee

By Fran Maier E-Commerce Times 12/27/08 4:00 AM PT

... According to a recent survey from JupiterResearch, sharing personal information is the No. 1 reason consumers do not complete their online purchases. Consumers are increasingly protective of their privacy, and subsequently, they are concerned about how companies handle their personal information.

For my antitrust lawyer friends...

Comcast Facing Lawsuit Over Set-Top Box Rentals

Posted by Soulskill on Saturday December 27, @08:19AM from the fighting-the-good-fight dept.

Multichannel News reports that a woman from California has initiated a potential class-action lawsuit against Comcast for making customers rent a set-top box without giving them the option to buy it outright. Quoting:

"The action, on behalf of Comcast Corp. customer Cheryl Corralejo, alleges that the set-top rental practice represents an 'unlawful tying arrangement resulting in an impermissible restraint of trade.' In addition to violating the Sherman Anti-Trust Act, the suit alleges the practice violates business and professions codes. ... [It also notes] that premium video and the set-top descramblers are two distinct products, yet the cable providers require that the hardware be rented from cable companies, rather than permitting consumers to purchase the set-top hardware in the open market.

It's useful to see how the truly repressive regimes do it...

Vietnam Imposes New Blogging Restrictions

Posted by ScuttleMonkey on Friday December 26, @04:12PM from the people-never-learn dept.

GMAW is one of many to mention that the Vietnam government has approved a new set of regulations aimed at bloggers. The new restrictions ban bloggers from discussing certain subjects that the government deems sensitive or inappropriate. Not only are the topics limited, but bloggers are being directed to only write about issues that directly impact their personal lives.

"The rules, which were approved Dec. 18, attempt to rein in Vietnam's booming blogosphere. It has become an alternative source of news for many in the communist country, where the media is state-controlled. The new rules require Internet companies that provide blogging platforms to report to the government every six months and provide information about bloggers on request." you can recognize it wherever it appears.

Uproar in Australia over plan to block websites

Friday, December 26 2008 @ 11:14 AM EST Contributed by: PrivacyNews

A proposed Internet filter dubbed the "Great Aussie Firewall" is promising to make Australia one of the strictest Internet regulators among democratic countries.

Consumers, civil-rights activists, engineers, Internet providers and politicians from opposition parties are among the critics of a mandatory Internet filter that would block at least 1,300 websites prohibited by the government — mostly child pornography, excessive violence, instructions in crime or drug use and advocacy of terrorism.

Source - USA Today

Friday, December 26, 2008

Merry Christmas, y'all! No indication anything else was taken. Sounds like this information was the target.

Identities of 16,000 Pulte Homes customers compromised

Thursday, December 25 2008 @ 10:34 AM EST Contributed by: PrivacyNews

Computer tapes holding private customer information including names, addresses, driver's license numbers and financial account numbers were stolen from a Pulte Homes office in Las Vegas last month, and the developer is cautioning home buyers to take precautions to protect their identity.

In a letter dated Dec. 19, Pulte Homes Las Vegas Division told 16,000 customers of the Nov. 13 theft of a box containing computer backup tapes.

"At this time, it is not known whether the box was stolen with the knowledge of its contents, or the intent, know-how and ability to extract and exploit the information stored in these backup tapes," the letter said.

... Information on both home buyers and employees was on the tapes, she said.

Source - Las Vegas Sun

[From the article:

It took a month for Pulte's information systems team to identify the customers who were potentially affected, she said. [Time to identify victims is inversely proportional to security and control of data. Bob]

An auction could help establish a price...

ME: Your records for sale to the highest bidder

Friday, December 26 2008 @ 06:10 AM EST Contributed by: PrivacyNews

Earlier this month, the Mini Self Storage company in Scarborough was prepared to auction off the contents of a unit rented to a mortgage brokerage that hadn't paid its bill: 60 boxes of financial records, including loan applications with personal financial information such as Social Security and bank account numbers.

The situation represents one of at least three recent cases in Maine when self-storage facilities ended up with private financial documents amid property they intended to sell.

... Maine does have a data-breach notification law that requires creditors, banks and others who discover an electronic data incursion to report it to regulators and affected consumers. However, the statute does not apply to storage facility operators.

A records-retention law requires financial documents to be held by the originator for two years after the financial transaction is completed, but it does not address the possibility of those records being sold off by storage facilities to cover unpaid storage bills.

Source - Portland Press Herald

[From the article:

In the Scarborough case, the Maine Bureau of Consumer Credit Protection obtained a court order to confiscate the records of the shuttered mortgage company, which was legally obligated to maintain the documents.

... In two other recent cases, including one in Westbrook, the owners of self-storage facilities asked the state what they should do with such records.

"Current law places no burden whatsoever on the facility operator to inventory what is in the unit, identify records that might be confidential and notify regulators," said Will Lund, superintendent of Maine's Consumer Credit Protection Bureau.

This is the opposite of the decision I reported a few days ago. Sound logic (isn't it?)

S.D. Fla.: Search incident of cellphone not justified

Friday, December 26 2008 @ 05:45 AM EST Contributed by: PrivacyNews

A search incident of a cellphone is not justified. United States v. Wall, 2008 U.S. Dist. LEXIS 103058 (S.D. Fla. December 22, 2008)

The Court declines to adopt the reasoning of Finley and extend law to provide an exception to the warrant requirement for searches of cell phones. The search of the cell phone cannot be justified as a search incident to lawful arrest. First, Agent Mitchell accessed the text messages when Wall was being booked at the stationhouse. Thus, it was not contemporaneous with the arrest. Kucynda, 321 F.3d at 1082. Also, the justification for this exception to the warrant requirement is the need for officer safety and to preserve evidence. Agnello v. United States, 269 U.S. 20, 30 (1925) (recognizing the long-held right of law enforcement "to find and seize things connected with the crime ... as well as weapons and other things to effect an escape from custody"). The content of a text message on a cell phone presents no danger of physical harm to the arresting officers or others. Further, searching through information stored on a cell phone is analogous to a search of a sealed letter, which requires a warrant. See United States v. Jacobsen, 466 U.S. 109, 114 (1984).

Source -

No need to make a fuss when there was a clear winner in November, but it will be interesting to count the “at risk”/disputed/over- or under-counted votes claimed in these lawsuits and relate it to populations or the margin of victory.

Legal Troubles Continue To Mount For Diebold

Posted by Soulskill on Thursday December 25, @09:20AM from the voted-off-the-island-with-no-recount dept. The Courts Politics

dstates writes

"The State of Maryland has filed a $8.5M claim against Premier Election Systems (previously known as Diebold), joining Ohio in seeking damages from the company. The claim alleges that election officials were forced to spend millions of dollars to address multiple security flaws in the machines. Previously, Diebold paid millions to settle a California lawsuit over security issues in their machines. The dispute comes as Maryland and Virginia prepare to scrap the touch screen electronic voting systems they bought after the 2000 presidential election. California, Florida, New Mexico, and Iowa have already switched to optical scanners, and voters in Pennsylvania are suing to prevent the use of paperless electronic voting systems in their state. Meanwhile, Artifex Software is suing Diebold for violations of the GPL covering the Ghostscript software technology used in the proprietary voting machines."

What ever you do, don't anger the Canadians. We'll be moving there to escape Global Warming!

DHS To Grab Biometric Data From Green Card Holders

Posted by Soulskill on Thursday December 25, @12:12PM from the imports-with-documentation dept. United States Privacy Politics

An anonymous reader writes with this excerpt from Nextgov:

"The Homeland Security Department has announced plans to expand its biometric data collection program to include foreign permanent residents and refugees. Almost all noncitizens will be required to provide digital fingerprints and a photograph upon entry into the United States as of Jan. 18. A notice (PDF) in Friday's Federal Register said expansion of the US Visitor and Immigrant Status Indicator Technology Program (US VISIT) will include 'nearly all aliens,' except Canadian citizens on brief visits. Those categories include permanent residents with green cards, individuals seeking to enter on immigrant visas, and potential refugees. The US VISIT program was developed after the Sept.11, 2001 terrorist attacks to collect fingerprints from foreign visitors and run them against the FBI's terrorist watch list and other criminal databases. Another phase of the project, to develop an exit system to track foreign nationals leaving the country, has run into repeated setbacks." [See, it was designed like a roach motel! Terrorists can check in, but they can't check out. Bob]

Reader MirrororriM points out other DHS news that they're thinking about monitoring blogs for information on terrorists.

The Digital Age – a time when entire industries are born and die within the span of a single human lifetime.

Last Major Supplier Calls It Quits For VHS

Posted by timothy on Thursday December 25, @04:40PM from the one-death-after-another dept. Media Data Storage Television IT

thefickler writes

"The last major supplier of VHS videotapes is ditching the format in favor of DVD, effectively killing the format for good. This uncharitable commentator has this to say: 'Will VHS be missed? Not ... with videos being brittle, clunky, and rather user-unfriendly. But they ushered in a new era that was important to get to where we are today. And for that reason, the death of VHS is rather sad. Almost as sad as the people still using it.'"

At least my dad's got the blank-tape market cornered.

Late Christmas gifts: Here's a guaranteed sleep aid!

December 25, 2008

Archive Publishes Treasure Trove of Kissinger Telephone Conversations

Comprehensive Collection of Kissinger "Telcons" Provides Inside View of Government Decision-Making; Reveals Candid talks with Presidents, Foreign Leaders, Journalists, and Power-brokers during Nixon-Ford Years, National Security Archive Electronic Briefing Book No. 263 - Part 1, Edited by William Burr

  • "...the National Security Archive announces the publication of a comprehensively unique, thoroughly-indexed set of the telephone conversation (telcon) transcripts of Henry A. Kissinger, one of the most famous and controversial U.S. diplomats of the second half of the 20th century. Consisting of 15,502 documents and over 30,000 pages, this on-line collection, published by the Digital National Security Archive (ProQuest), is the result of a protracted effort by the National Security Archive to secure this critically important record of U.S. diplomacy during the administrations of Richard M. Nixon and Gerald R. Ford, when Kissinger served as National Security Adviser and Secretary of State. Collectively, the documents include the telcons released at the Nixon Presidential Library as well as those declassified by the State Department as a result of the Archive’s Freedom of Information Act request. The set sheds light on every aspect of Nixon-Ford diplomacy, including U.S.-Soviet détente, the wars in Southeast Asia, the 1971 South Asia crisis, and the October 1973 Middle East War, among many other developments. Kissinger’s many interlocutors include political and policy figures, such as Presidents Nixon and Ford, Secretary of State William Rogers, Governor Nelson Rockefeller, former Secretary of Defense Robert S. McNamara, and Soviet Ambassador Anatoli Dobrynin; journalists and publishers, such as Ted Koppel, James Reston, and Katherine Graham; and such show business friends as Frank Sinatra."

It's never too late to make a Nerd's day! (We're so easily amused.)

DIY USB Servo-Guided Water Gun

Posted by timothy on Friday December 26, @04:50AM from the seasonally-inappropriate dept. Toys Hardware Hacking

An anonymous reader writes

"What better way is there to learn something than by making your own DIY gadget? Here's a new video showing how to use a common hobby servo, in conjunction with a small water pump, to create a USB controlled water gun! You can use your keyboard to aim and fire at an unsuspecting passerby. Both fun and educational, this project looks like a great DIY weekend project for any IT guy, wanting to make sure people think twice before asking a stupid question!"

Thursday, December 25, 2008

Not much news today, you'd think people were taking the day off!

The times, they are a changing... The wife got her copy of the United States Equestrian Federation rule book the other day – on a 2 gig. thumb drive. Micro Center sell them for $5.99 retail so I would expect they are even cheaper wholesale. Makes you wonder why anyone would choose to print and mail a large book.

'cause California does not have enough lawyers.;_ylt=At1kRScv4YxvTVZJhhh8Co2s0NUE

SoCal law school tempts students with free tuition

By LINDA DEUTSCH, AP Special Correspondent – Wed Dec 24, 1:30 pm ET

IRVINE, Calif. – A new law school opening next fall in Southern California is offering a big incentive to top students who might be thinking twice about the cost of a legal education during the recession: free tuition for three years.

The financial carrot is part of an ambitious strategy by Erwin Chemerinsky, a renowned constitutional law scholar and dean of the new school at the University of California, Irvine, to attract Ivy League-caliber students to the first new law school in the state in 40 years.

Fun reading for the holidays?

NSA's History of Communications Security — For Your Eyes, Too

Posted by timothy on Wednesday December 24, @01:54PM from the as-long-as-it-passes-through-ft-meade dept. Security Communications Privacy United States Technology

Phil Sp. writes

"Government Attic, those fine investigative pack rats, have outdone themselves this time. Just posted: a declassified NSA document entitled A History of Communications Security, Volumes I and II: The David G. Boak Lectures [PDF] from 1973 and 1981. This is an absolutely fascinating look into how the NSA viewed (views?) communications security and touches on all sorts of topics, including public key crypto, economics, DES, tamper-resistance, etc. It was seemingly from a collection of lectures to new employees. The first 85 pages are heavily redacted but the remaining 80 or so are largely intact. It even concludes with a cryptogram puzzle for the reader!"

Interesting. Does this suggest people believe that online shopping is cheaper or is the recession over?

Online spending doubles for weekend before Christmas

Posted by Michelle Meyers December 24, 2008 12:30 PM PST

Here's a little statistical cheer for online retailers bracing themselves for what many have been predicting will be a dismal holiday sales season.

The latest online retail spending report released by ComScore Tuesday shows that consumers last weekend spent almost double what they spent on the corresponding weekend before Christmas last year.

Interesting. Eventually you will abandon Windows, why not start learning a replacement operating system? - Living With Multiple Operating Systems

Ossism is a new blog that adheres to a simple premise: enabling people to learn how to live with multiple operating systems. As the blogger himself (Mr. Justin Wong) points out, this weblog is directed at people who are a bit at sea when it comes to any unfamiliar OS, or to put it in other words, anything but Windows.

As a result, the list of categories that you can consult touches upon items such as “Linux”, “Windows” and “OSX”. Moreover, a thorough collection of “How-to” articles and guides are included for you to learn the ropes easily.

... Lastly, a section entitled “Resources” gathers together links of interest. These direct to the OSx86 project page and the Tombuntu website, as well as the Ubuntu Administrator portal. That is, sites that will appeal to any person who finds the premise of the blog compelling. If that description fits you, chances are a visit to the Ossism blog will provide some food for thought.

Wednesday, December 24, 2008

Big. Let's hope we see some details on this one, before issuers of similar debit cards have to start shutting down their systems.

RBS WorldPay Announces Compromise of Data Security and Outlines Steps to Mitigate Risk

Tuesday, December 23 2008 @ 02:57 PM EST Contributed by: PrivacyNews

RBS WorldPay (formerly RBS Lynk), the U.S. payment processing arm of The Royal Bank of Scotland Group, today announced that its computer system had been improperly accessed by an unauthorized party.

.... The issue, which affected pre-paid cardholders and other individuals, was identified on November 10 and law enforcement agencies and federal regulators were notified by RBS WorldPay shortly thereafter. RBS WorldPay's internal security professionals and outside experts are working with federal and state law enforcement authorities in an investigation of this event.

The affected pre-paid cards include payroll cards and open-loop gift cards. Personal information associated with certain payroll cards may have been improperly accessed. PINs for all PIN-enabled cards have been or are being reset. Affected individuals are being notified and information has been posted on the RBS WorldPay Web site,

The fraud that has been identified to-date is associated with RBS WorldPay's computer system supporting its U.S. pre-paid and open-loop gift card issuing business. Actual fraud has been committed on approximately 100 cards. Cardholders will not be responsible for unauthorized activity associated with this event. Certain personal information of approximately 1.5 million cardholders and other individuals may have been affected and, of this group, Social Security numbers of 1.1 million people may have been accessed. RBS WorldPay is offering impacted individuals whose Social Security numbers may have been affected a complimentary one-year membership in a national subscription credit monitoring service that provides access to individuals' consumer credit reports and daily monitoring of their credit files from all three national consumer reporting agencies. [...]

Source - PR Newswire Release on

[From the article:

Those gift cards that had not been purchased have been deactivated and are being removed for destruction from stores as an additional precaution.

Logic isn't always applied.

Expectations of privacy in cell phones

Tuesday, December 23 2008 @ 07:30 PM EST Contributed by: PrivacyNews

Today's Whiskey-Tango-Foxtrot award goes to the Southern District Court of Kansas for an opinion issued last spring and unearthed today by GW law prof and blogger Orin Kerr. In United States v. Fierros-Alvarez, the Court somehow reached the mindboggling conclusion that citizens lack a "reasonable expectation of privacy" on address book and call records information stored in their cellular phones, and did so, apparently, by bizarrely applying the (execrable and outdated, but that's another rant) Supreme Court's 1979 ruling in Smith v. Maryland, which was fundamentally about information conveyed to third parties like the phone company:

Source - Law & Disorder blog

[From the article:

The defendant, however, has not shown that the phone book directory in his cellular telephone discloses more than the “addressing information”-the telephone number and the subscriber's name-on the same numbers appearing in the recent calls directory.

The FTC did something useful? (Is the a law school class on clear, humorous writing?)

Privacy Policies: The Good, the Bad and the Witty

Tuesday, December 23 2008 @ 10:02 AM EST Contributed by: PrivacyNews

Privacy statements are all over the Web, it seems, and they're pretty much universally ignored. That's because the legal tracts that most companies display are the epitome of user-unfriendliness. few mavericks are trying a different approach, though, with statements that are clear, concise -- and sometimes even entertaining.

Source - E-Commerce News

[From the article:

Privacy statements that invoke the FTC's ire include "notices that don't provide sufficient information about collection and disclosure practices, or security practices, or notices that are in legalese," she said.

Well, I find them interesting...

Fresh Perspectives on e-Discovery from Young Minds in the “Academy”

... My son, Adam Colby Losey (shown left), recently published, Clicking Away Confidentiality: Workplace Waiver of Attorney-Client Privilege, as one of three student articles published in the current issue of Florida Law Review, Volume 60, Number 5, December 2008. Other articles in this same volume include: Student Speech Rights in the Digital Age by Mary-Rose Papandrea, a young Assistant Professor at Boston College Law School; and, Possession of Child Pornography: Should You Be Convicted When the Computer Cache Does the Saving for You? By Giannina Marin, a law review student at the University of Florida School of Law.

One to watch?

New York Times sued over's linking practice

Posted by Elinor Mills December 23, 2008 11:42 AM PST

... In its lawsuit filed in U.S. District Court in Massachusetts on Monday, Fairport, N.Y.-based GateHouse Media, which publishes more than 100 papers in Massachusetts, accuses the Times of violating copyright by allowing its Boston Globe online unit to copy verbatim the headlines and first sentences from articles published on sites owned by GateHouse, including the Newton Tab.

The links, as seen on's Newton site for instance, lead to the original articles on the GateHouse-owned sites, which display advertising. However the lawsuit claims GateHouse is losing advertising revenue as a result of the linking because readers don't see the ads on the GateHouse site's home page.

The linking also confuses readers, leading them to believe that GateHouse endorses the linking practice, according to the lawsuit.


December 23, 2008

Internet Overtakes Newspapers As News Source

Pew Research Center for the People & the Press: "The internet, which emerged this year as a leading source for campaign news, has now surpassed all other media except television as a main source for national and international news. Currently, 40% say they get most of their news about national and international issues from the internet, up from just 24% in September 2007. For the first time in a Pew survey, more people say they rely mostly on the internet for news than cite newspapers (35%). Television continues to be cited most frequently as a main source for national and international news, at 70%."

Is this likely to become an Obama Policy? I doubt it.

How To Create More Jobs

Posted by kdawson on Tuesday December 23, @06:24PM from the getting-out-of-the-way dept.

TechDirt is spotlighting a call by Michael S. Malone, a columnist for, for letting Silicon Valley create jobs once more. Malone argues that Sarbanes-Oxley and other attempts at accounting reform have done little to prevent fraud, but in fact have managed to kill off an entrepreneurship-venture capital-IPO cycle, centered in Silicon Valley, that has taken 30 years to nourish. Here's TechDirt:

"'s time to roll back SarbOx and other accounting rules that have acted more for theatrical purposes rather than any legitimate reason. Basically, all they've done is create new reporting requirements that do little to nothing to either prevent fraud or clarify a company's actual financial position (its intended purpose). I'm all for radical transparency in financial info, but that's not what has been done. Instead, we've made it burdensome to actually grow a company — and that doesn't help create jobs. It helps kill them."

Two major factors: You can buy a modest laptop for the price you paid for your last desktop and they are more capable – battery life, storage and processor speeds are “adequate” for most users. Minor factor: They're cooler! Long term: we're heading toward hand-held computing – cellphones with all the capabilities of laptops.

Laptop shipments top desktops for first time; Netbooks a factor

Posted by Brooke Crothers December 23, 2008 10:25 AM PST

For my website students and those who use the feeds... - Doing More With Feeds

BlastCasta is a new service that aims to let anybody maximize the uses that news feeds can be put to. For instance, you can turn any feed into a feed landing page or create a widget to add the content of that specific feed to your website. Moreover, feeds can be processed in a plethora of ways, as they can be combined and filtered, and even translated into different languages.

The implementation of this system is as easy as it gets, too – all you have to do is provide a feed URL, and choose the intended action from a “What do you want me to do with this feed?” drop down menu. Some options that were not mentioned above and which merit at least a mention include a “Get feed in JSON form” and “Create a news ticker”.

The site also includes a blog that is a compelling read for those who find the premise of the site appealing, as it deals with pivotal SEO considerations as well as the importance of a feed’s structure itself.

We saw this coming, now you can get road rage instead of cellphone distraction. (Make a fun hack to drive Mom & Dad crazy too) - No More Texting While Driving

In the words of the team behind this project, “Textecution kills texting functions while driving so your child, loved one, or employee lives.” This is quite an apt definition of the provided solution, and it must be said that it is an interesting development that can play out a very important role towards road safety.

The implementation of such a solution is quite unobtrusive, as it sits quietly on the background upon installing it and only pops up when you want to use your mobile device, letting you know if you are driving to fast to send or receive text messages. Only when the phone is at rest or your travelling speed is lower than 10mph will the texting ability be regained.

This application can be procured at the site for a price that is described online. For the time being, Textexecution is only available on the HTC G1 by T-mobile. It is stated that more phones will become supported as the Android platform expands its market. In the meantime, you can get started if you own the aforementioned device.

Related Another fun hack/stocking stuffer? Proof there's a niche for everything? (Proof most hackers enjoy juvenile humor.)

iPhone fart app pulls in nearly $10,000 a day

MG Siegler | December 23rd, 2008

Apple’s App Store is currently experiencing a plague of fart applications. Last week, I detailed one day in which at least 14 new fart apps were accepted into the store. And now, just in a quick search, it looks like there are about 50 apps all dedicated to making fart noises on your iPhone or iPod touch. Classy, I know, but why are there so many?

Because apparently there’s big money in fart apps — nearly $10,000 a day for the most popular ones.

Here's a “drive your co-workers crazy” application. Merry Christmas

For true music or movie aficionados.. (And so I can get on the wait-list at the library earlier than number 685!) - Release Dates At Your Fingertips

A very specific service, What’s Out will enable anybody to quickly inform himself about the latest music, movies and games releases that hit the high street. The word that truly defines this service is “concise”: the main page is subdivided into three main categories, and in every case a series of accompanying links is provided.

... The same applies to the released movies, only that in this case you are provided links to Amazon. In addition to that, a link to the Internet Movie Database is provided for additional reference purposes.

Tuesday, December 23, 2008

The Breach Blog does a great job of commenting on the banks assurance that this is no big deal. Read and laugh along, unless you have an account with them. Perhaps we should write an article: “Things you shouldn't say about your Data Breach”

Laptop stolen from North Cascades National Bank audit firm

Date Reported: 12/09/08

Organization: North Cascades National Bank

Contractor/Consultant/Branch: "the bank’s financial audit firm"

Location: Chelan, Washington* *incident took place in Portland, Oregon

... Commentary:

We read about many breaches, but we rarely read the types of comments we read in this one (in totality). It's very disappointing.

I could understand (and even empathize) with an organization that doesn't understand information security and admits it. Isn't admitting you have a problem the first step? What I have trouble accepting is an organization that doesn't understand information security and tries to justify it. There seems to be some serious education needed.

I could comment much more, but I need to chill out a bit.

Katrina Applicant Identities Posted On Web

Tuesday, December 23 2008 @ 06:39 AM EST Contributed by: PrivacyNews

KERA has learned that private information of nearly 17 thousand FEMA aid applicants was posted on public websites last week. That secure information apparently first went through the Texas Workforce Commission before it went online. KERA's Bill Zeeble reports.

FEMA says 16 thousand, 857 names, Social Security & telephone numbers and other private information were publicly posted on 2 websites last week. The names belonged to applicants from Hurricane Katrina who'd evacuated to Texas, but now live all across the Gulf Coast. FEMA's Acting press secretary Terry Monrad says when the agency found out, the names were immediately removed.

Source - KERA News

[From the article:

Ann Hatchitt, TWC Communications Director: We don't really know how that information got to a 3rd party website.

Another “old data” case. Suggesting that even if the data isn't used immediately, it still has “value” to crooks.


Monday, December 22 2008 @ 11:11 AM EST Contributed by: PrivacyNews

Maybe it wasn't the "Finest" idea.

Two identity thieves ripped off cops at a Brooklyn station house after they got hold of a 15-year-old personnel roster and used the information for a $60,000 cellphone-buying spree, police sources said yesterday.

... Belches allegedly got the list from Edwin White, 51, of Brooklyn, whose late mom, Elaine Moore, had worked as a civilian aide at the station house and took the documents home.

Source - NY Post Thanks to Rob Douglas for sending this link.

Trivial, but perhaps not insignificant.

IA: Supreme Court says husband must pay for bedroom spying

Monday, December 22 2008 @ 09:31 PM EST Contributed by: PrivacyNews

A Dubuque man who secretly videotaped his wife in their bedroom must pay her $22,500 for invasion of privacy, the Iowa Supreme Court ruled Friday in the couple's divorce case.

The decision upheld two lower-court rulings against Jeffrey Tigges. He contended that his wife, Cathy, had no reasonable expectation of privacy in their home.

Source - Des Moines Register Related - Opinion Related - Commentary by Jonathan Turley

Deny, deny, deny. But expect the truth to come out anyway.

World Bank Admits Top Tech Vendor Debarred for 8 Years

Tuesday, December 23 2008 @ 05:53 AM EST Contributed by: PrivacyNews

For months, the World Bank has been stonewalling and denying a series of FOX News reports on a variety of in-house scandals, ranging from the hacking of its most sensitive financial data to its own sanctions against suppliers found guilty of wrongdoing.

But last week the world's most important anti-poverty organization suddenly came clean — sort of — in its tough sanctions against a vitally important computer software service supplier that has been linked not only to financial wrongdoing but also to the ultrasensitive data heists.


The World Bank's denials and quiet admissions about its troubled relations with Satyam also refocuses attention on an earlier set of bank denials, after FOX News in October reported that the Satyam-supervised computer network of the World Bank Group had been hacked repeatedly by outsiders for more than a year.

According to FOX News sources, one of the worst breaches apparently occurred last April in the network of the bank's super-sensitive treasury unit, which manages $70 billion in assets for 25 clients — including the central banks of some countries.

Sources told FOX News that bank investigators had discovered that spy software had been covertly installed on workstations inside the bank's Washington headquarters — allegedly by one or more contractors from Satyam.

Source - FOX News

If they couldn't find this guy, they could have created a clone to serve his sentence in Jurassic Prison!

Blood From Mosquito Traps Car Thief

Posted by ScuttleMonkey on Monday December 22, @06:46PM from the plausible-deniability dept. Medicine Science

Frosty Piss writes

"Police in Finland have made an arrest for car theft based on a DNA sample taken from the blood found inside a mosquito. 'A police patrol carried out an inspection of the car and they noticed a mosquito that had sucked blood. It was sent to the laboratory for testing, which showed the blood belonged to a man who was in the police registers,' a police officer told reporters. The suspect, who has been interrogated, has insisted he did not steal the car, saying he had hitchhiked and was given a lift by a man driving the car. I'm wondering if the suspect should have denied any association with the car at all. After all, who knows where that mosquito had been?"

So... Who won?

With lawsuit settled, hackers now working with MBTA

by Robert McMillan

December 22, 2008, 03:32 PM — IDG News Service —

Three Massachusetts Institute of Technology students who were sued earlier this year by the Massachusetts Bay Transit Authority (MBTA) said Monday that they are now working to make the Boston transit system more secure.

... Anderson, along with Russell "RJ" Ryan and Alessandro Chiesa, was prevented from giving a talk entitled "The Anatomy of a Subway Hack: Breaking Crypto RFIDs & Magstripes of Ticketing Systems" at the Defcon hacker conference last August.

... The MBTA had argued that the presentation could have caused "significant damage" to the transit system, but the students had said that they had no intention of releasing key pieces of information that would have allowed people to hack the system.

On Aug. 19, a judge threw out the MBTA's gag order, but the transit authority could have brought new motions against them, and so the case had been hanging over the MIT researchers.

... The case against the three was finally settled on Oct. 7, but this was not publicly announced until Monday, because it took two months for all parties to schedule a public announcement [Image how long it would take to decide what toppings to get on your pizza! Bob] of the settlement, Granick said.

Interesting, even the volume of words. Search by state or keyword (but not both?) - Taking Congress At Its Word

The tagline of this new website is “Taking Congress at its word”, and that is in itself quite a good definition of the provided service. In general terms, through the site it is possible to see the word frequency from the congressional record, and access that information in several manners.

For instance, the main page includes a “Top Words” cloud that will let you see the words that come up more frequently, whereas an interactive heat map of vocal States is featured for you to click about and see what you find.

On the other hand, a “10 Most Vocal Lawmakers” list is featured, and by clicking on any of the featured names you can easily access additional information. This includes a full list of the words employed by that Congressman more frequently for you to peruse and analyze.

Conversely, a “10 Quietest Lawmakers” list can also be accessed, and (as it was the case with their counterparts) you can click on that representative’s name to see his or her performance.

At the end of the day, a website like this one can give the people a better representation of which topics are recurrent the most among their chosen representatives, and ponder on that information.

Some interesting perspectives. I'll have to think about this...

The great paradigm shift of cloud computing is not self-service...

Posted by James Urquhart December 22, 2008 11:57 AM PST

... Some of these have been anticipated for some time, but as I talk to more and more people about what could happen here, more and more use cases crop up. For example:

  • Follow the Sun: Move workloads to where they are being most utilized at a given time, usually the "day" side of the planet.

  • Follow the Moon: Move workloads to where power is cheapest, usually the "night" side of the planet.

  • Follow the Law: Move workloads to where the legal and regulatory environment is optimal for the task being executed or the data being stored.

  • Optimize Latency: Move workloads to where network routing is optimized for a system of components.

  • Optimize Utilization: Move workloads to where the optimal use of compute and/or storage utilization is achieved.

  • Optimize Cost: Move workloads to where the cost of computing is as cheap as possible for the workload at hand.


Google, Microsoft, Yahoo as Ford, GM, and Chrysler

Posted by Larry Dignan December 22, 2008 12:33 PM PST

... Buick, Oldsmobile, and Chevrolet were the high-tech industry of the early 20th century. They were gobbled up to become GM. I thought Lindsay was stretching a bit when I read through his research note. But then I pondered Yahoo, which has Flickr, Delicious,, Zimbra and a bunch of other properties in its collection. Are these properties really any different than the nameplates and brands that GM and Ford have?

Microsoft and Google are similar stories. Any company that may be a threat someday is gobbled up. In the last two years, Microsoft has made an acquisition every three weeks, according to a Wikipedia tally. Google has made an acquisition every five weeks over the last two years. And why are all of these acquisitions happening? Microsoft, Google, and Yahoo all have too much dough that theoretically should be returned to shareholders.

For my Computer Security classes

NSA Patents a Way To Spot Network Snoops

Posted by CmdrTaco on Monday December 22, @12:15PM from the welcome-to-the-holidays dept. Security

narramissic writes

"The National Security Agency has patented a technique for figuring out whether someone is messing with your network by measuring the amount of time it takes to send different types of data and sounding an alert if something takes too long. 'The neat thing about this particular patent is that they look at the differences between the network layers,' said Tadayoshi Kohno, an assistant professor of computer science at the University of Washington. But IOActive security researcher Dan Kaminsky wasn't so impressed: 'Think of it as — if your network gets a little slower, maybe a bad guy has physically inserted a device that is intercepting and retransmitting packets. Sure, that's possible. Or perhaps you're routing through a slower path for one of a billion reasons.'"

Fodder for my proposed Data Mining class – automating that “first look”

December 22, 2008

SEC Approves Interactive Data for Financial Reporting by Public Companies, Mutual Funds

News release: "The Securities and Exchange Commission has voted to require public companies and mutual funds to use interactive data for financial information, which has the potential to increase the speed, accuracy and usability of financial disclosure and eventually reduce costs for investors. With interactive data, all of the facts in a financial statement are labeled with unique computer-readable "tags," which function like bar codes to make financial information more searchable on the Internet and more readable by spreadsheets and other software. Investors will be able to instantly find specific facts disclosed by companies and mutual funds, and compare that information with details about other companies and mutual funds to help them make investment decisions...Investors can begin seeing this new information at" [thanks to Peggy Garvin]

Monday, December 22, 2008

Earn big bucks wid'out no education! Get the Tony Soprano “Card Skimming Kit” for only $19.95! BUT WAIT! Order now, and we'll include Tony's “How not to get caught guide” at no additional cost!

WA: Debit-card thieves still on the loose (follow-up)

Sunday, December 21 2008 @ 07:39 PM EST Contributed by:PrivacyNews

Police still haven’t caught up with the scam artists who made off with half a million dollars this summer from debit card information stolen at two Pierce County gas stations. Local agencies are coordinating with police in California and federal agents to stop what they believe is a crime spree that spans the West Coast.

The patient and wily thieves are believed to have left a wake of at least 675 victims and $800,000 in losses, according to police and news accounts.

Source - News Tribune

[From the article:

The crimes have several common features:

The thieves target Arco stations, which take debit cards but not credit cards. (Arco officials did not return a request for comment on this story.)

They use card-reading devices placed on the payment machine to “skim” account and PIN information.

They often wait for months after taking the card information before making withdrawals – which is long enough for surveillance video to be taped over.

They raid their victims’ accounts over holiday weekends, when there’s a better chance the thefts will go undetected for an extra day.

How to create an Identity Illusion for fun and profit!” Automated surveillance makes it possible to become someone else. How often does the Surveillance State identify a person at more that one location at the same time? Might make such evidence somewhat questionable... (Comments are worth a quick scan...)

Using Speed Cameras To Send Tickets To Your Enemies

Posted by kdawson on Sunday December 21, @02:29PM from the ticket-me-elmo dept.

High school students in Maryland are using speed cameras to get back at their perceived enemies, and even teachers. The students duplicate the victim's license plate on glossy paper using a laser printer, tape it over their own plate, then speed past a newly installed speed camera. The victim gets a $40 ticket in the mail days later, without any humans ever having been involved in the ticketing process. A blog dedicated to driving and politics adds that a similar, if darker, practice has taken hold in England, where bad guys cruise the streets looking for a car similar to their own. They then duplicate its plates in a more durable form, and thereafter drive around with little fear of trouble from the police.


Data "Dysprotection:" breaches reported last week

Monday, December 22 2008 @ 05:52 AM EST Contributed by: PrivacyNews

A recap of incidents or privacy breaches reported last week for those who enjoy shaking their head and muttering to themselves with their morning coffee.

Source - Chronicles of Dissent

Why are we amazed when bad guys use technology? Wasn't it obvious that they would? (Some Forensics files too)

The Slow Bruteforce Botnet(s) May Be Learning

Posted by kdawson on Sunday December 21, @10:30PM from the knock-who's-there-knock dept. Security IT writes

"We've seen stories about the slow bruteforcers — we've discussed it here — and based on the data, my colleague Egil Möller was the first to suggest that since we know the attempts are coordinated, it is not too far-fetched to assume that the controlling system measures the rates of success for each of the chosen targets and allocates resources accordingly. (The probes of my systems have slowed in the last month.) If Egil's assumption is right, we are seeing the bad guys adapting. And they're avoiding OpenBSD machines."

For fans of raw data, here are all the log entries (3MB) that has collected since noticing the slow bruteforce attacks.

There's more than one way to skin a class...

Fake Facebook college class groups uncovered

Posted by Larry Dignan December 21, 2008 3:25 PM PST

This was originally posted at ZDNet's Between the Lines.

We may be about to see the latest frontier of viral marketing--fake students starting groups for the incoming class of 2013 in the name of data collection.

Brad Ward, a recruitment specialist at Butler University, outlined the details on his blog. He became suspicious after talking to a colleague at Winthrop University. Here are the common links:

Class of 2013 groups are being started at a bunch of universities.
The people that start the groups aren't registered at those schools.
Those same names--Patrick Kelly, Justin Gaither, James Gaither among others--pop up repeatedly.

The game: Get admin rights to groups that collectively add up to about 1,000,000 freshmen. Ward concludes:

Think of it: Sitting back for 8-10 months, (even a few years), maybe friending everyone and posing as an incoming student. Think of the data collection. The opportunities down the road to push affiliate links. The opportunity to appear to be an 'Admin' of Your School Class of 2013. The chance to message alumni down the road. The list of possibilities goes on and on and on.

Gee, Bob. What makes you think people will want to watch TV and Movies online?

December 21, 2008

YouTube Now Comprises 25 Percent Of All Google Searches

TechCrunch: "Video search on YouTube accounts for a quarter of all Google search queries in the U.S., according to the latest search engine numbers from comScore. Its monthly qSearch report, which was released on Thursday night, breaks out the number of searches conducted on YouTube. If it were a standalone site, YouTube would be the second largest search engine after Google. More searches are done through YouTube than through Yahoo, which has been the case for the past few months."

I like the thought. Anyone think RIAA will actually pay to protect their music?

One ISP says RIAA must pay for piracy protection

Posted by Greg Sandoval December 22, 2008 4:00 AM PST

Jerry Scroggin, owner-operator of Bayou Internet and Communications, wants the music and film industries to know that he's not a cop and he doesn't work for free.

Scroggin, who sells Internet access to between 10,000 and 12,000 customers in Louisiana, heard the news on Friday that the Recording Industry Association of America (RIAA) has opted out of suing individuals for pirating music. Instead, the group representing the four largest music labels is forging partnerships with Internet service providers and asking them to crack down on suspected file sharers.

According to Scroggin, if RIAA representatives ask the help of his ISP, they had better bring their checkbook--and leave the legal threats at home. (CNET News obtained a copy of the RIAA's new notice to ISPs here). Scroggin said that he receives several notices each month with requests that he remove suspected file sharers from his network. Each time, he gets such a notice from an entertainment company, he sends the same reply.

"I ask for their billing address," Scroggin said. "Usually, I never hear back."

I've been looking for a project idea for my Database class. Perhaps We'll build one for Colorado.

December 21, 2008

Find your elected representatives in New York City

From the New York Times, the new Represent (Beta) database provides users with a quick, efficient and informative online tool to locate the respective political districts where they live, their representatives, and news about the reps' recent activity.

I send my students to online tutorials for a different perspective (and I use them to brush up on some obscure topics) - Tutorials At Your Fingertips

Way back when the WWW became a tangible reality in the late 90s, a very interesting thing for many people was having access to tutorials and how-to guides of every denomination for the first time. Naturally, the amount of information has only escalated, and as such it is not really that surprising to see a search portal like this one.

In general terms, this site makes it possible for you to look up tutorials over a plethora of hand-picked resources. Such an approach is highly-enticing as other search channels might produce the very same results, but interspersed with pages that are of no relevance, and which would mean potential headaches and a longer time sifting through.

Sunday, December 21, 2008

A potential case for my Computer Security class. (Too much rum in the fruitcake?)

Credit-card data theft was really over a ‘piece of cake’

Saturday, December 20 2008 @ 08:18 PM EST Contributed by: PrivacyNews From the Oh Good Grief! dept.:

A stolen Christmas cake led to a parcel of credit- card records from a bank being sent anonymously to a German newspaper, triggering a major data theft scare, prosecutors said Friday.

Two couriers admitted gobbling up the cake that was in a package addressed to the Frankfurter Rundschau daily last week, a spokeswoman for the Frankfurt prosecutor’s office said. In order to cover their tracks, the two drivers took another parcel meant for the Landesbank Berlin and simply affixed a new label with the name of the newspaper on it, she said.

They were unaware the parcel contained documents detailing credit- card transactions with card numbers for tens of thousands of customers as well as personal identification number (PIN) envelopes.

Source - The China Post

Short and simple, but it seems to hit the high points... The solution may be niche newspaper sections that concentrate on everything you need to know about a specific geography (Centennial Colorado) or topic (Used Cars) and an Internet site that lets you add or subtract sections as your interests change.

Are Newspapers Doomed?

Posted by kdawson on Sunday December 21, @08:11AM from the don't-even-say-it dept. The Media The Internet

Ponca City, We love you writes

"James Surowiecki has an interesting article in the New Yorker that crystalizes the problems facing print newspapers today and explains why we may soon be seeing more major newspapers filing for bankruptcy, as the Tribune Company did last week. 'There's no mystery as to the source of all the trouble: advertising revenue has dried up,' writes Surowiecki, but the 'peculiar fact about the current crisis is that even as big papers have become less profitable they've arguably become more popular,' with the blogosphere piggybacking on traditional journalism's content. Surowiecki imagines many possible futures for newspapers, from becoming foundation-run nonprofits to relying on reader donations to deep-pocketed patrons. 'For a while now, readers have had the best of both worlds: all the benefits of the old, high-profit regime — intensive reporting, experienced editors, and so on — and the low costs of the new one. But that situation can't last. Soon enough, we're going to start getting what we pay for, and we may find out just how little that is.'"

[From the article:

What Zell failed to mention was that his acquisition of the company had buried it beneath such a heavy pile of debt that any storm at all would likely have sunk it. But although Zell was making excuses for his own mismanagement, the perfect storm is real enough, and it is threatening to destroy newspapers as we know them.

... Papers’ attempts to deal with the new environment by cutting costs haven’t helped: trimming staff and reducing coverage make newspapers less appealing to readers and advertisers. It may be no coincidence that papers that have avoided the steepest cutbacks, like the Wall Street Journal and USA Today, have done a better job of holding onto readers. [So great reporting and fluff both succeed. Bob]

Psych students love this stuff.

December 20, 2008

College Newspaper Releases Documents on Virginia Tech Massacre

CNET: "One day after Virginia Tech released thousands of documents solely to families of victims in last year's massacre, the university's student newspaper made them public. On Thursday, the Collegiate Times posted the documents, which include e-mails sent from the account of gunman Seung-Hui Cho, who killed 32 fellow students and faculty members and then killed himself on April 16, 2007. The nearly 14,000 pages also include the police report on the massacre, e-mails from faculty sent to fellow professors and to Cho, a 2005 harassment complaint against Cho, post-massacre clean-up plans, administration plans on how to present the tragedy to the public, and post-massacre fundraising advice."

A nifty little tool for my website class. It identifies a tool (PHP) and lists alternatives. Smart! - The Anatomy Of Websites Revealed

Sitonomy is a free service that is aimed at designers and programmers that wish to know how a particular website or blog has been put together. Basically, through the site it is possible to evaluate the different technologies that are employed anywhere just by furnishing the respective URL.

Upon doing so, a component-by-component analysis is displayed, and taking the produced information into account you can easily decide on which technologies will suit your own site or weblog best. Some of the aspects that are touched upon in the analysis include advertising networks, stats tools and programming languages.

Better than a lump of coal or would this be considered “cruel and unusual?'

Elvis lovers sing Christmas duets with 'The King' (AFP)

Posted on Fri Dec 19, 2008 6:12PM EST

SAN FRANCISCO (AFP) - Sony BMG is using the magic of the digital age to let Elvis Presley lovers sing Christmas duets with their departed idol and send the songs in electronic holiday greeting cards.

Those wishing to join Elvis in singing "Blue Christmas" can start their recording sessions online at