Sunday, March 29, 2009

Economics of a Security Breach. This seems to confirm what I call “Legalese as a second language.” In English, we could not construct a sentence that said: “There were no damages, so they were punished for causing damages.” (Okay, maybe Orwell or Kafka could...)

http://www.pogowasright.org/article.php?story=20090328075530531

E-Mail Theft Case Sparks First-of-a-Kind Ruling

Saturday, March 28 2009 @ 07:55 AM EDT Contributed by: PrivacyNews

In a case stemming from an employer's theft of e-mails from the personal account of an employee who had sued him for sexual harassment, a panel of the 4th U.S. Circuit Court of Appeals recently became the first circuit to hold that plaintiffs must prove actual damages in order to be eligible for an award of statutory damages under the federal Stored Communications Act.

But the unanimous panel, led by Chief Judge Karen Williams, also ruled that a showing of actual damages is not required for awards of punitive damages or attorney fees. Van Alstyne v. Electronic Scriptorium Ltd., No. 07-1892.

Source - Law.com



As security breaches become much more common, the language of the press release becomes more sophisticated. Here again, we see improvements in the art of CYA.

http://www.databreaches.net/?p=2653

ACU says computer server hacked

March 27, 2009 by admin Filed under: Education Sector, Hack, U.S.

Brian Bethel reports:

An Abilene Christian University computer server was hacked near the end of February, but university officials do not at this point believe any personal information was distributed. [Perhaps they have a new and unique definition of the word “distributed,” but in my world (and that of the Oxford English Dictionary) unless they had the perpetrator under 100% surveillance, starting at the instant he gained access, they can't possibly know this. Bob]

An e-mail dated one week ago from the college’s information technology branch states that the school experienced a security breach in a database containing myACU usernames and passwords tied to the school’s internal e-mail system.

Read more on reporternews.com

[From the article:

"We do know it is the act of one individual acting alone," he said, although he did not wish to discuss further the culprit's identity because of an ongoing investigation. [Can this be true if they have not yet completed an investigation? (they have talked to a suspect.) Forensics can't tell them more that that from the log records. Bob]



For my Intro to Security class: 1) What did they forget? 2) How does your organization stack up?

http://www.pogowasright.org/article.php?story=20090328072601880

EU: Strengthening security and fundamental freedoms on the Internet

Saturday, March 28 2009 @ 07:26 AM EDT Contributed by: PrivacyNews

European Parliament recommendation of 26 March 2009 to the Council on strengthening security and fundamental freedoms on the Internet (2008/2160(INI))

Source - European Parliament (pdf)


Related Would you view this as less “Big Brother-like” if the Blogger's name was discovered using public information only?

http://www.pogowasright.org/article.php?story=20090328180913528

Blogger's identity outed by AK politician (commentary)

Saturday, March 28 2009 @ 06:09 PM EDT Contributed by: PrivacyNews

The outing of one anonymous Alaska blogger (AK Muckraker) - by a politician (Mike Doogan), using an official political newsletter, is an ominous sign of "big brother watching" and an outrageous offense against all of us who guard our privacy by using a self-chosen, anonymous moniker on the web.

Source - TPM



Toward Ubiquitous Surveillance: Amusing article!

http://www.pogowasright.org/article.php?story=20090328081857238

Get the Feeling You're Being Watched? If You're Driving, You Just Might Be

Saturday, March 28 2009 @ 08:18 AM EDT Contributed by: PrivacyNews

... Once a rarity, traffic cameras are filming away across the country. And they're not just focusing their sights on red-light runners. The latest technology includes cameras that keep tabs on highways to catch speeders in the act and infrared license-plate readers that nab ticket and tax scofflaws.

Source - WSJ Online



It would be illogical to assume they “just now” discovered this network. Also falling into the illogical category: China is the only country doing this; The US is safe; We have discoveredall of them.

http://it.slashdot.org/article.pl?sid=09/03/28/190251&from=rss

Vast Electronic Spying Operation Discovered

Posted by kdawson on Saturday March 28, @03:45PM from the whaling-for-political-advantage dept. Security Government

homesalad writes

"Researchers in Toronto have discovered a huge international electronic spying operation that they are calling 'GhostNet.' So far it has infiltrated government and corporate offices in 103 countries, including the office of the Dalai Lama (who originally went to the researchers for help analyzing a suspected infiltration). The operation appears to be based in China, and the information gained has been used to interfere with the actions of the Dalai Lama and to thwart individuals seeking to help Tibetan exiles. The researchers found no evidence of infiltration of US government computers, although machines at the Indian embassy were compromised. Here is the researchers' summary; a full report, 'Tracking "GhostNet": Investigating a Cyber Espionage Network' will be issued this weekend."

A separate academic group in the UK that helped with the research is issuing its own report, expected to be available on March 29. Here is the abstract. They seem to be putting more stress on the "social malware" nature of the attack and ways to mitigate such techniques.


Related Just the reverse of our conclusions at CTU. We are creating a more elaborate lab for Security & Forensics – but I can see where labs devoted to common tools (email, an office suite, etc.) are redundant.

http://news.slashdot.org/article.pl?sid=09/03/28/1820212&from=rss

RIP the Campus Computer Lab, 1960-2009

Posted by kdawson on Saturday March 28, @05:03PM from the passing-of-an-era dept. Education Portables

theodp writes

"When every student has a laptop, why run computer labs? That's a question schools have been asking themselves as computer ownership rates among incoming freshmen routinely top 90%. After only four freshmen showed up at the University of Virginia in 2007 without a computer of their own, the school decided that it's no longer worth the expense of running campus computer labs. Student computer labs have been a staple of campus life since the '60s. So what are the benefits that will be missed as other schools follow UVa's lead?"

The university's report notes understanding that "that students need collaborative space where they can bring their laptops and mobile devices to conduct group work, especially as the curriculum becomes increasingly team- and project-based." One of the spaces formerly occupied by computer labs "has been transformed into a technology-rich collaboration area."



As is often the case, the comments are much more informative (and amusing) than the slashdot blurb. Remember in reading this that (like me) Dyson does believe the climate is warming and there is probably a man-made component.

http://news.slashdot.org/article.pl?sid=09/03/28/1558225&from=rss

The Global Warming Heretic

Posted by Soulskill on Saturday March 28, @01:14PM from the sphere-of-influence dept. Earth Science

theodp writes

"In The Civil Heretic, the NYT Magazine takes a look at how world-renowned scientist Freeman Dyson wound up opposing those who care most about global warming. Since coming out of the closet on global warming, Dyson has found himself described as 'a pompous twit,' 'a blowhard,' and 'a mad scientist.' He argues that climate change has become an obsession for 'a worldwide secular religion' known as environmentalism. Dyson has been particularly dismissive of Al Gore, calling him climate change's chief propagandist and accusing him of relying too heavily on computer-generated climate models and promoting 'lousy science' that's distracting attention from more serious and more immediate dangers to the planet."

Dyson himself wrote about the need for heretics in science not long ago.



For my web site students!

http://tech.slashdot.org/article.pl?sid=09/03/28/2024201&from=rss

Microsoft's New Multiple-Browser Tester

Posted by kdawson on Saturday March 28, @06:16PM from the innovation-actually dept. Software Microsoft The Internet

Z80xxc! writes

"Microsoft recently announced a new product called Expression Web SuperPreview, which lets developers view their web pages in any browser installed on their system, as well as in different versions of IE, all from the same interface. The product has one genuine innovation — a built-in tool for overlaying the rendering from one browser over another to compare (referred to as 'onion skins'). There are also HTML debugging aids and other helpful tools for web developers. A beta version is available for download. However, the current build only has support for IE — it will compare rendering in IE6 with either IE7 or IE8, whichever is installed. An internal build shows Firefox and Safari on Windows as well. The final product will appear as part of MS Expression Web Studio 3 when it is released later this year. (It will not be available in the Expression Mac suite.)"



For my web site students

http://sixrevisions.com/web-development/the-15-most-popular-text-editors-for-developers/

The 15 Most Popular Text Editors for Developers

March 27th, 2009 by Jacob Gube

No comments: