Saturday, January 10, 2009

You would think that everyone has heard the word HIPAA by now...

Hospital Addresses Online Privacy Mistake

Posted January 9th, 2009 by admin

When a former patient at West Penn hospital went online to pay her bill, she discovered that she could access 85 other patients’ information, including their names, addresses, medical procedures and costs.

When the hospital did not reply to two emails she sent alerting them to the problem, she went to a news station, and that’s when the hospital started dealing with the problem.

A hospital spokesman blamed the problem on a temporary data translation error involving a third-party billing partner. [Excellent use of gibberish! Bob]

“We immediately disabled the online bill payment service to complete a full audit of the system. We are working to institute additional safeguards and cross-checks with out third party service to ensure that this issues is completely resolved,” said spokesman Dan Laurent.

Laurent said this was an isolated incident and that only 15 patients had their information viewed. [Calling our whistle blower a liar! Bob]

Is there a law anywhere that requires ISPs/Cloud sites/anyone to assist victims? Points out several other gaps (in Japanese law at least)

JP: Info on 110,000 students leaked

Posted January 10th, 2009 by admin

Personal information containing names, addresses, telephone numbers and bank account numbers used for paying tuition on all 110,000 students enrolled in Kanagawa prefectural senior high schools in fiscal 2006 was leaked–and remains–on the Internet because the involved parties have been unable to get it removed.

Last September, the board of education received a fax from an anonymous person, saying private information had been leaked on the Internet through file-sharing software.

The information mentioned in the fax turned out to be data that the board of education had provided to IBM Japan to develop a tuition collecting system.

IBM Japan said it was highly likely the information was leaked from a computer of an employee at another company, which IBM Japan had commissioned to help carry out the task. A virus that had infected the employee’s computer apparently released the information through the Winny file-sharing program. [Japanese peer-to-peer software Bob]

Read more in the Asahi Shimbun

[From the article:

The board of education, IBM Japan and other parties concerned have been unable to remove the data.

… The board of education and prefectural police have decided that trying to establish a criminal case against the file-sharer would be difficult because the law on protection of personal information applies to corporations and organizations, not individuals.

Other options are being considered, including IBM Japan filing a criminal complaint against the file-sharer on suspicion of violating the Copyright Law because the information leaked includes IBM's internal documents.

This is becoming so easy it might even pass selling drugs as the preferred method for putting yourself through college!

CO: New reports of “skimming” in the Grand Valley

Posted January 9th, 2009 by admin

Grand Junction Police are looking into a number of reports of “skimming” incidents around the Grand Valley. This is the second time in as many months police have seen a rash of reports pour into the department.


The GJPD says at least 17 new victims have come forward, with a dollar loss per victim of two-thousand dollars.

In July, Grand Junction police told us of similar investigations. Police say over $150,000 has been stolen from 40 victims in skimming incidents in Grand Junction. These crimes had been reportedly occurring locally since February.


Looks like those “sex offender” laws have greased the slope a bit... Maybe we could extend this to include: “Really bad driver” and “Hopelessly Liberal?” (“Nothing wrong with our sentencing guidelines!”)

OR: Criminally insane residence disclosure sought

Saturday, January 10 2009 @ 06:39 AM EST Contributed by: PrivacyNews

Medford City Council members Friday said they would support changes in the way the criminally insane are released back into the community.

Twenty-two criminally insane individuals, including a murderer and a child rapist, live in foster and group homes in the city as part of conditional releases from state hospitals, but state law bars police from notifying their neighbors of their presence, said Medford Police Chief Randy Schoen.

Source - Mail Tribune

Yippee! A new target for hackers! “Cameras, OFF! Door, OPEN! Contents, GONE!”

Schlage to put your front door locks on the Web

Posted by Rafe Needleman January 9, 2009 2:30 PM PST

Lock company Schlage is launching Schlage Link, a suite of products to allow over-the-Web control of a home's locks, lights, and thermostats. It also integrates with Webcams.

Even with the surveillance cameras turned off there is video – from multiple angles!

Web videos of Oakland shooting fuel protests

Posted by Elinor Mills January 9, 2009 1:23 PM PST

More than 100 people were arrested in downtown Oakland on Wednesday night when a protest turned violent, fueled at least in part by videos that quickly spread online of a subway policeman fatally shooting an unarmed man while he was lying on the ground restrained by another officer.

Another “First!”

First "Pretexting" Charges Filed Under New Law Passed After HP Spy Scandal

Friday, January 09 2009 @ 12:41 PM EST Contributed by: PrivacyNews

... Last month in Ohio, authorities filed an indictment against 28-year-old Vaden Anderson alleging that the defendant used pretexting to obtain confidential phone records from Sprint/Nextel. According to the indictment, Anderson served the phone company with a fake U.S. District Court civil subpoena to obtain the records.

... In a separate case in Alabama last November, Nicholas Shaun Bunch was charged with using a victim's name and the last four digits of his Social Security number to obtain the victim's confidential phone records from T-Mobile. He was also charged with aggravated identity theft for use of the victim's Social Security number.

Source - Threat Level

Not yet a National Holiday... (Checkout the resource list in the article!)

Data Privacy Day 2009

Posted January 9th, 2009 by admin

January 28 is the second international Data Privacy Day in the U.S., Canada, and over two dozen European countries.

In Congress, Rep. David Price of North Carolina has introduced a resolution supporting the designation of January 28, 2009 as National Data Privacy Day. To date, the bill has six co-sponsors:

  • Rep Barton, Joe [TX-6]

  • Rep Coble, Howard [NC-6]

  • Rep Dreier, David [CA-26]

  • Rep Markey, Edward J. [MA-7]

  • Rep McGovern, James P. [MA-3]

  • Rep Stearns, Cliff [FL-6]

Rep. Price had previously submitted this bill in August as H.RES.1411, during the 110th Congress. At the time, there were 11 co-sponsors.

If your representative is not listed as a co-sponsor of the current resolution and you would him or her to support the resolution, you can use the House’s web site to contact your representative about H. Res. 31.

And if your business or agency is doing anything special for the day, feel free to post the details or link to your event below. [I know that the DU Law School is doing something... Bob]

Sounds simple, doesn't it? But now you are talking about adding a mechanical device (the switch) to what had been a sealed system. Then you need an indicator to tell you when it's on and when it's off. Not simple, not cheap.

Privacy Commissioner wants off switch on new Ontario driver licenses

Friday, January 09 2009 @ 01:15 PM EST Contributed by: PrivacyNews

Ontario's Privacy Commissioner wants to give Ontarians the ability to turn off the RFID function on their new enhanced driver's licences.

More specifically, Commissioner Ann Cavoukian wants a simple switch added to the RFID chip in the enhanced driver's licence (EDL) that will soon be coming to Ontario. The new cards aim to meet new U.S. Homeland Security requirements that come into effect June 1, transmitting a unique number to border officials while drivers wait in line at the crossing.

The Ontario government passed the bill approving the EDL on Nov. 18. But now Cavoukian wants to revisit that legislation because of privacy concerns.

Source -

E-Discovery: This can't be good

D.C. Appeals Court Affirms Order Requiring a Non-Party to Spend $6 Million, 9% of its Total Annual Budget, to Comply with an e-Discovery Subpoena

… The Circuit Court did not even address the merits of these arguments, but, instead, basically said it was too late, you “agreed” to it, so now you are stuck with it regardless of the costs and consequences.

Surveys like these are mirrors where you can examine the flaws of your security strategy.

January 09, 2009

PWC: Global state of information security survey 2008

"The Global state of information security survey 2008 is a worldwide security survey by PricewaterhouseCoopers, CIO Magazine and CSO Magazine. It was conducted online from March 25 to June 26, 2008. Readers of CIO and CSO Magazines and clients of PricewaterhouseCoopers from around the globe were invited via email to take the survey. The results discussed in this report are based on the responses of more than 7,000 CEOs, CFOs, CIOs, CSOs, vice presidents and directors of IT and information security from 119 countries. Thirty-nine percent (39%) of respondents were from North America, twenty-seven percent (27%) from Europe, seventeen percent (17%) from Asia, fifteen percent (15%) from South America, and two percent (2%) from the Middle East and South Africa."


Google Researchers Warn of Automated Social Info Sharing

Posted by Soulskill on Friday January 09, @08:10PM from the don't-post-what-you-want-kept-private dept. Social Networks Google Privacy The Internet

holy_calamity writes

"Researchers from Google have written a paper about how social networks can undermine privacy. The most interesting scenario they discuss is 'merging social graphs' — when correlating multiple social networks makes it possible to reveal connections that a person has intentionally kept secret (PDF). For example, it may be possible to work out that a certain LinkedIn user is the same person as a MySpace user, despite their attempting to keep their profiles separate. The Google solution is to develop software that screens new data added to a social network, attempting to find out if it could be fodder to such data mining."

Related? Interesting statistic

Will 2009 Be the Year of Multiple Digital Identities?

Friday, January 09 2009 @ 12:40 PM EST Contributed by: PrivacyNews

Just days after microblogging company Twitter More about Twitter was hacked, a group of entrepreneurs and policy activists gathered at Facebook's More about Facebook Palo Alto headquarters to discuss "Privacy 2009: The Year Ahead." The discussion, cohosted by Tech Policy Central, demonstrated that the privacy debate is starting to mature.

Instead of inflexible government dictates for data usage, privacy activists agreed that rules need to be set in a way that encourages innovation.

Chris Hoofnagle, director of the Berkeley Center for Law and Technology, called for an "evolving standard, so innovations can happen," as the way to protect privacy and security.

"You can't legislate common sense," remarked Jim Dempsey, vice president of public policy for the Center for Democracy and Technology More about Center for Democracy and Technology.

Source - TechNewsWorld

[From the article:

Currently, 60 percent of Facebook's teen users have implemented privacy controls, compared with only 25 percent to 30 percent of adult users. This is an interesting statistic, given the common assumption that members of the younger generation don't care who sees their data. It is probably also a sign to entrepreneurs that there will be greater demand in the future for people to do more with their profiles, meaning more than one.

Need to stay current?

Google Reader gets how-to video guides

Posted by Josh Lowensohn January 9, 2009 2:26 PM PST

In an effort to make Google Reader more approachable, Google has put out a series of help videos that show people how to use it. There are only two clips to start out with (posted below) which cover basics like adding and reading feeds, and using the tool's sharing features. Google says future videos will cover some of the more advanced features.

This used to be called “Polluting” now it's “Global Warming Remediation” (I hope they have plenty of liability insurance if the precipitate an Ice Age)

U.N. Says 'No,' Climate Hackers Say, 'Yes We Can'

By Alexis Madrigal January 09, 2009 10:46:37 AM

A major Indian-German geoengineering expedition set sail this week for the Scotia Sea, flouting a U.N. ban on ocean iron fertilization experiments in hopes of garnering data about whether the process actually does take carbon dioxide out of the atmosphere and sequester it in the deep ocean, a technique that may help reverse global warming.

The LOHAFEX experiment will spread 20-tons of iron sulphate particles over a 115-square-mile section of open ocean north of Antarctica — that's about 1.7 times the size of Washington, D.C. The initiative has drawn fire from environmental groups who point out that 200 countries agreed to the moratorium until more evidence was available about its efficacy.

Straight line after straight line after straight line... (I must have a dirty mind.) But I did learn some new words – I just can't use them.

Photos: Adult Entertainment Expo crashes the CES party

January 9, 2009 3:51 PM PST

LAS VEGAS--CES isn't the only show in town this week.

… For many in the adult entertainment industry, having their major annual trade show alongside CES is a boon, because it gives them a chance to see the latest technology coming down the line from the consumer electronics industry, and therefore to try to figure out how to tie their own products to the best new electronics. For example, one adult industry executive said that the 3D TVs coming down the line are likely to be a boon for the adult industry, as fans will be able to experience a more realistic kind of porn in the privacy of their own homes.


Porn producer leans on iPhone to lure new customers

Posted by Daniel Terdiman January 9, 2009 4:44 PM PST

LAS VEGAS--Apple might not want anything to do with it, but if one thing is clear, it's that porn on the iPhone is going to be huge.

Unrelated (but almost as amusing)

Army Assembles 'Mad Scientist' Conference. Seriously.

By Noah Shachtman January 09, 2009 5:25:00 PM

… "The objective of the seminar was to investigate proliferating technologies with the potential to empower individuals and groups in the next 10-25 years," according to an unclassified summary of the Mad Scientist gathering, obtained by Danger Room.

… Turning to forward-looking thinkers [and then ignoring their advice Bob] is a time-honored government tradition. Shortly after 9/11, for instance, the Army met with Hollywood screenwriters and directors to forecast terrorist scenarios. Last year, the Department of Homeland Security held a gathering of science-fiction writers to solicit advice on which technology programs to fund.

Friday, January 09, 2009

Only a bit over two years... Not bad.

TJX Maxx hacker banged up for 30 years

Posted January 8th, 2009 by admin

John E. Dunn reports:

Maksym Yastremskiy, the Ukrainian accused of being a key figure in the infamous TJX Maxx Wi-Fi hack of 2005, has been sentenced to 30-years in prison by a Turkish court.

Yastremskiy - or ‘Maksik’ as he was sometimes identified - was one of 11 people eventually arrested at the request of the US Department of Justice, with the Ukrainian reportedly being apprehended in undignified fashion outside a Turkish nightclub in 2008.

Yastremskiy’s part in the crime was allegedly to have purchased credit card numbers stolen during the huge crime, providing the gang with an economic hub for its activities.

Read more in Network World and The Register.

[From the Register article:

US authorities filed extradition papers against Yastremskiy, but he still ended up standing trial in the Turkey over separate offences, where he received one of the longest cybercrime sentences ever handed down. If he ever makes it to the US it's a reasonable bet that he'll become a star witness for the prosecution, possibly in exchange for assurances of a shorter spell behind bars in a comparatively comfortable US prison.

Something about their statements tells me they don't much care...

IN: State unemployment accounts breached

Posted January 8th, 2009 by admin


According to the Indiana Department of Workforce Development, some 1000 Hoosiers’ accounts were compromised.

Marc Lotter with Workforce Development says, “The company that is contracted to handle the ATM portion of those cards, there was a security breach of some sort early last year.”

The state did send out letters at that time and 200 immediately changed cards. They are now looking to see if what happened to Rick and Tom is still part of that breach.

Read more on FOX28

N.B. I think that this may be the first we are learning about any incident involving Indiana Department of Workforce Development last year.

The cost of a breach...

Delaware Insurance Commissioner fines Blue Cross $150,000 for privacy violations

Posted January 8th, 2009 by admin

Keith L. Martin provides a follow-up to a breach reported at the beginning of December. Delaware’s insurance commissioner seems to have moved quickly on this case:

BlueCross BlueShield of Delaware is hoping to return an early Christmas gift by state insurance commissioner Matt Denn: a fine of $150,000.

Following a Dec. 24 hearing, Denn levied the fine, the maximum permitted under state law, against the Wilmington, Del.-based insurer for mistakenly disclosing the private medical information of 3,800 of its members.

Denn said his department is willing to consider reducing the fine if BlueCross can provide proof of measures in place to prevent the incident from occurring again before Feb. 1.


In his opinion, Denn found that the insurer violated two state insurance regulations: one that prohibits disclosure of “any nonpublic personal financial information about a consumer” and another that requires insurers to have a system to safeguard customer information.

Read more in Insurance & Financial Advisor

[From the article:

Following a Dec. 24 hearing, Denn levied the fine, the maximum permitted under state law,

Interesting. The Mayor now uses a non-city email account – I bet that complicates things. Apparently the city doesn't keep logs of access to their emails. Probably a good case study.

Ca: Vaughan mayor wants to re-open e-mail snooping report

Posted January 8th, 2009 by admin

Caroline Grech reports:

A report looking into how Mayor Linda Jackson’s e-mails ended up on the doorstep of former Mayor Michael Di Biase’s doorstep during the heated 2006 municipal election campaign has finally been made public.

The report, obtained by the Vaughan Citizen, concluded the hacking of Ms Jackson’s e-mail was not due to an outside breach of the city’s system, but it also could not conclude how the inside job was done.

According to the report, conducted by Deloitte Touche Investigative Services Inc., former commissioner of economic/technology development and communications Frank Miele had asked the city’s chief information officer, Dimitri Yampolsky, to review the mayor’s e-mails for the months of April and August 2006.


Hook this into the on-board computers and you could really bug people! “Oh look! You need gas! What luck that there's a Quicky Mart on the next corner! Hey! Are you trying to drive past the Quicky mart? I can't let you do that, Dave.”

Lexus To Start Spamming Car Buyers In Their Cars

Posted by timothy on Thursday January 08, @04:14PM from the even-as-they-sleep dept. Spam Transportation

techmuse writes

"Lexus has announced plans to send targeted messages to buyers of its cars based on the buyer's zip code and vehicle type. Unlike regular spam, these messages will be delivered directly to the buyer's vehicle, and will play to the vehicle's occupants as audio. Lexus has promised to make the messages relevant to the car buyers."

Imagine the fun that some targeted malware could donot that such a thing could happen to a Lexus.

Related: Anything the Japanese can do, we can do badder!

Ford touts its leadership in in-car connectivity

Posted by Daniel Terdiman January 8, 2009 10:17 PM PST

LAS VEGAS--Ford on Thursday announced a series of innovations aimed at giving drivers more a higher degree of Internet connectivity as well as a slew of tools devoted to helping them get to where they're going [i.e. The Quicky Mart Bob] in the most efficient way possible.

… Ford hopes to bring a never-offline state of existence to the owners of its vehicles.

Related? You thought cell phones in cars were a distraction?

Broadcasts to mobile devices to start in 22 cities

By PETER SVENSSON AP Technology Writer Jan 9, 7:27 AM EST

LAS VEGAS (AP) -- TV stations in 22 U.S. cities announced Thursday that they will start broadcasting their signals this year in a format designed to be received by mobile devices like cell phones, MP3 players, GPS units and in-car entertainment systems.

I wonder if these guys have any real clout? It looks to me like they require independent audits, but don't require much in the way of management controls. How can that work?

UK: BSI proposes new data protection standard

Posted January 8th, 2009 by admin

Phil Muncaster reports:

Standards body BSI British Standards has invited the public to submit their comments on a new draft standard designed to help firms comply with the Data Protection Act.

The DPC BS 10012, which was devised by a group of experts from academia, government and industry, applies to any organisation which holds the personal information of living individuals.

The standard is expected to be published in June this year and once in place will help organisations put in place a framework to help manage personal information in compliance with the Data Protection Act, according to BSI.


N.B. To view the draft, you will need to register for the site.

We can, therefore we must?

UK e-mail law 'attack on rights'

Friday, January 09 2009 @ 05:36 AM EST Contributed by:PrivacyNews

Rules forcing internet companies to keep details of every e-mail sent in the UK are a waste of money and an attack on civil liberties, say critics.

From March all internet service providers (ISPs) will by law have to keep information about every e-mail sent or received in the UK for a year. Human rights group Liberty says it is worried what will happen next.


Reports have suggested the government has even bigger plans for data retention called the Interception Modernisation Programme.

It could involve one central database, gathering details on every text sent, e-mail sent, phone call made and website visited.

Consultation on the plans is due to begin later this year.

Source - BBC

Not sure I agree with the technology assessment, but new technologies always force Security to play catch up.

Unseen communications violate PCI DSS compliance

Friday, January 09 2009 @ 05:45 AM EST Contributed by: PrivacyNews

One of the key requirements for compliance with PCI DSS (the Payment Card Industry Data Security Standard) is that organisations block all non-approved channels of communication, screen all traffic and prohibit direct routes for inbound and outbound internet traffic. The trouble is many organisations forget about the communication traffic they cannot see, ones that use highly evasive techniques and are easily able to circumvent traditional security methods used to control the network.

.... The problem is Web 2.0 applications like IM, Skype and the chat functions within Facebook can easily traverse the network without being seen, potentially allowing credit card information to leave the organisation unauthorised. If they cannot be seen then they cannot be managed or secured, resulting in a significant risk of violating PCI compliance.

Source -

Interesting. I wonder how many states will adopt this? Will the Feds?

January 08, 2009

Maryland Launches Funding Accountability & Transparency Website

Governor O'Malley Launches Website Aimed at Government Transparency and Accountability: "Welcome to the Maryland Funding Accountability web site. This is a public web site which allows citizens of Maryland and visitors to search and view summary information on payments made to vendors that received $25,000 or more for the respective fiscal year. Information is currently available for Fiscal Year 2008."

  • See also this recentnews release: "Governor Martin O’Malley today announced the launch of – a new state webpage that provides access to state and federal resources during these challenging economic times... Marylanders looking for information on heating or utility assistance can click on the utilities and energy icon to find information and resources on programs such as weatherization assistance, telephone services, and utility service protection in addition to the Maryland Energy Assistance program and the Electric Universal Service Program. The webpage also provides information for job seekers, including links to local employment agencies, vocational training centers, and information on unemployment compensation and how to file a claim. Information for senior citizens including in home aide services, assisted living programs, respite and attendant care, medical assistance and prescription drug price assistance is also available on the site."

Is this how newspapers will survive in the post-Gutenberg era?

'New York Times' API tracks congressional votes

Posted by Stephanie Condon January 8, 2009 3:00 PM PST

The New York Times on Thursday rolled out its latest political application program interface, just as members of the 111th Congress are settling into their new offices.

The Congress API will enable developers to keep close eye on their elected representatives with data on specific congressional roll call votes and members' most recent positions on roll call votes. The API also provides lists of House and Senate members in specific years, as well as biographical and role information about specific members.

The tool is one of a series of APIs the Times is developing to let its readers dissect the data it uses in its reporting. In October, it released an API to track campaign donations. The newspaper also released a movie review API and is working on several more, including a Times Best Sellers tool.

Great unanswered questions of the universe! (You can do all of this entirely in software – no hardware required.)

Burning Question: Why Are Faxes Still Around?

By Eric Hagerman 12.22.08

Patented in 1843 and mainstreamed sometime between the 8-track and the CD, the technology is like a B-movie zombie that keeps lurching forward—clumsily, relentlessly—long after it should be in the ground.

… The fax's real rival today is the PDF—essentially the same idea, but with far more complex hardware. But even with the prevalence of email, the number of people who can send and receive faxes is still increasing. According to market research firm Gartner, sales of stand-alone fax machines may have plummeted, but sales of multifunction printers—which also copy, scan, and, yes, fax—increased 340 percent from 2001 to 2007.

Can a well done website replace a human teacher completely?

Learn how to play guitar in your browser (in 3D)

Posted by Josh Lowensohn January 8, 2009 3:12 PM PST

Apple's Macworld announcement about professional and celebrity music instruction as part of Garageband '09 may have been impressive, but what might be a little more eye catching (and ultimately useful) is iPerform3D. This browser-based music learning system shows users how to play guitar in 3D, and works on both Macs and PCs.

Related Here's the Disney version...

Finally, Guitar Hero for Actual Guitar

Added: January 8, 2009

Button-pushing rock star wannabes now have a tiny glimmer of hope thanks to Disney Star Guitarist. The game uses an actual guitar with color-coded strings to teach aspiring guitarists to learn new songs, while still featuring competitive game modes.

Related: ...and once you are a guitar master...

Yo-Yo Ma Brings Remix Culture to Music's Ivory Tower

By David Downs 12.22.08

Radiohead, Deerhoof, Nine Inch Nails, Public Enemy, Mariah Carey—plenty of indie, hip hop, and pop artists have welcomed others to remix their songs online. Now classical music aficionados can get in on the act. Renowned cellist and 15-time Grammy winner Yo-Yo Ma is hosting an online competition, inviting listeners to add their own accompaniment to his performance of the traditional hymn "Dona Nobis Pacem," from his latest album, Songs of Joy & Peace. "Just releasing a CD is constraining to an artist," Ma says. "You know: 'I'm the product, you're the consumer'—it's no longer like that." In October, he posted his cello solo to the online site Indaba Music. Since then, scores of Indaba's 125,000 users—amateur noodlers, music teachers, and pros alike—have used the site's free Flash-based mixing board to add their own variations and countermelodies. In January, Indaba users will vote for their favorite arrangements, with the winner scoring a coveted recording session with Ma that will be featured on both Indaba and the cellist's own site.

These exist. Therefore they will be available in the underground (undernet?) soon.

Attempt To "Digitalize" Beatles Goes Sour

Posted by timothy on Thursday January 08, @08:19PM from the when-you're-64-and-probably-not-even-then dept. Music Entertainment

An anonymous reader points to this article at, which begins

"Just when Beatles fans thought the band were finally going digital, the Norwegian national broadcaster has been forced to call off the deal. Broadcasting company NRK has had to remove a series of 212 podcasts, each of which featured a different Beatles song and would have effectively allowed fans to legally download the entire Fab Four catalogue for free."

Meanwhile... I have enough trouble with students boping to their headphones... - Streaming Music From Your Mobile

As you know, there's more ways than one to stream music from your mobile device. The one we are discussing right now adds a little spice: you can preload music while online, and then listen to it even when there is not an Internet connection available.

The channel themselves work on low bandwidth connections, and as well as listening to music ranging far and wide you can access news and sports information on the fly.

For its part, supported devices include iPhones (of course) and Android phones like the T-Mobile G1. A recent update enables you to listen to FlyCast channels on your computer, using a player quite similar to the one featured in the phone version. Both Macs and PCs are supported so far.

If you think this solution is what you have been looking for in your pursuit of a better aural experience, you can always download the pertinent version from the iTunes Store and get started in no time at all. The service is constantly updated, too, so also make a point of checking the site to see how things evolve.

Geek Alert! Should we skip Vista entirely?

How to Get Your Windows 7 Beta 1 on Friday

By Michael Calore January 08, 2009 5:21:33 PM

Microsoft will make the first public beta of Windows 7, the next version of its desktop operating system, available as a free download on Friday.

Sports fans! Now you can sound like a geek!

The Technology Behind the Magic Yellow Line

Posted by timothy on Friday January 09, @02:33AM Media

CurtMonash writes

"Fandome offers a fascinating video explaining how the first-down line on football broadcasts actually works. Evidently, theres a lot of processing both to calculate the exact location being photographed on the field — including optical sensors and two steps of encoding — and to draw a line in exactly the right place onscreen. For those who don't want to watch the whole video, highlights are here."

A list (I love lists) of site for those of you with huge piles of cash to invest.

Five useful places to find financial data online

Posted by Don Reisinger January 8, 2009 4:50 PM PST

At last! Proof that video games are educational!

6-Year-Old Says Grand Theft Auto Taught Him To Drive

Posted by timothy on Thursday January 08, @11:24PM from the buck-beats-scapegoat dept.

nandemoari writes "A six-year-old who recently stole his parents' car and drove it into a utility pole has passed the buck onto a familiar scapegoat: the video game, Grand Theft Auto. Rockstar Games' controversial Grand Theft Auto video game has been criticized by parent groups and crusaders (or in the eyes of gamers, nincompoops) like former lawyer Jack Thompson for years (Thompson once tried to link the Virginia Tech slayings to late-night Counterstrike sessions. He's since been disbarred). However, not as of yet has anyone under the age of, oh, ten, blamed the game for a car theft."

I ran across this while reading the articles. What a straight line...

Porn Industry Looks For a Bailout

Posted by samzenpus on Thursday January 08, @01:35PM from the a-little-heavy-breathing-room dept.

An anonymous reader writes "From the CNN Political Ticker: "Hustler publisher Larry Flynt and Girls Gone Wild CEO Joe Francis said Wednesday they will request that Congress allocate $5 billion for a bailout of the adult entertainment industry."" I guess these hard economic times are a bit too much to swallow for everyone.

Thursday, January 08, 2009

So easy, even the DOJ can do it!

Pat Fitzgerald Boots One

Posted January 8th, 2009 by admin

In a remarkable screw-up, a Department of Justice official today accidentally distributed to the media a document containing the names of nearly 20 confidential witnesses interviewed during a federal probe targeting the operators of a fraudulent investment scheme. In announcing felony charges against two men for their roles in an alleged $15 million Ponziesque swindle, the spokesman for Chicago U.S. Attorney Patrick Fitzgerald (he of Rod Blagojevich- and Scooter Libby-prosecuting fame) e-mailed reporters a 62-page U.S. District Court complaint filed against John Walsh and Charles Martin, principals of the now-defunct One World Capital Group. Included in the document was a one-page key that identified by name sources referred to in the complaint only by monikers such as “Employee A,” “Customer D,” or “Individual F.” The inadvertent disclosure of the sources–former One World employees, customers, and “other” individuals who spoke with FBI and IRS agents–caused Fitzgerald spokesman Randall Samborn to send an urgent follow-up email asking journalists to destroy the complaint due to the “non-public information disclosing the identities of persons not named in the affidavit.”

Read more on The Smoking Gun

All that detail in a mere 200 pages!

January 07, 2009

Identity Theft Resource Center's 2008 Breach Report

News release: "Reports of data breaches increased dramatically in 2008. The Identity Theft Resource Center's 2008 breach report reached 656 reported breaches at the end of 2008, reflecting an increase of 47% over last year’s total of 446. In terms of sub-divisions by type of entity, the rankings have not changed between 2007 and 2008 within the five groups that ITRC monitors. The financial, banking and credit industries have remained the most proactive groups in terms of data protection over all three years. The Government/Military category has dropped nearly 50% since 2006, moving from the highest number of breaches to the third highest."

How much is too much?

Ca: Big brother at the bar? - Cactus Jacks implements new way to screen attendees

Thursday, January 08 2009 @ 07:25 AM EST Contributed by: PrivacyNews

In the name of safety [Huh? Bob] many British Columbia bars, including Kamloops’ Cactus Jack’s, are using technology to collect and store personal information as people enter the establishment.

“We have a new monitoring system called Treoscope that everyone that comes into the pub must go through,” said Cactus Jack’s manager Pete Backus. “It takes your picture and also records your name and where you are from.” [and a bit more... Bob]

Source - The Omega hat-tip, Canadian Privacy Law Blog

[From the article:

The B.C. Civil Liberties Association said Tresocope violates the Personal Information Protection Act and the collection and storage of information from driver’s licenses is not necessary to provide the services drinking establishments offer.

… Treoscope EnterSafe’s software database is connected to other clubs’ computers that operate the same software. When there is an incident, a “community alert” is attached to the person’s name allowing all those connected to determine whether to allow a club-goer in or not.

… The system may also cause headaches for many international students as they rely on their passport as a primary piece of ID but in this case it may only be used as a secondary piece. To gain entry, international students must get a Canadian or B.C. driver’s license or a B.C. ID card.

“I feel a passport should be enough,” said Arvin Duwarka, a 20-year-old TRU student from Mauritius, adding if it’s good enough for international travel it should work to get into a bar.

No comment (Example 2 is worth thinking about...)

Murderers and naked skiers get no privacy

Thursday, January 08 2009 @ 07:27 AM EST Contributed by: PrivacyNews

A couple stories in recent days remind us that the days of privacy are over.

Example 1: The naked upside-down skier

Surely you saw the story about the unfortunate man skiing with his son at the Vail resort in Colorado. There was a problem with the chairlift seat, and he fell through; but instead of falling to the ground, one of his skis got stuck in the chair and he ended up hanging upside-down — sans his pants and underwear which had been pulled off. So the poor guy was hanging under the chair, with his son watching from above, for 7 or more embarrassing and frightening minutes while Vail staff rescued him.

Of course there were photos. This was at the bottom of the lift, and other skiers waiting in line snapped photos of the embarrassing and odd scene with cell phones and digital cameras. Some ended up on the web, and they spread like wildfire — worldwide. The photos that most people saw online were from a professional photographer — skiing on his day off — who could get fired for taking the shot.

Source - Related - Photographer could lose job after unVailing skier

Coming soon to an advertising campaign near you! (and to hacker sites everywhere!)

Jan 8, 7:25 AM EST

Obama, security aides, still debating Blackberry

WASHINGTON (AP) -- For President-elect Barack Obama, parting with his Blackberry is such sweet sorrow.

In fact, it isn't yet certain that he'll give up his hand-held device once he takes office.

Obama acknowledged in a nationally broadcast interview Thursday that the Blackberry is a concern, "not just to the Secret Service, but also to lawyers."

What did Bill Gates do to deserve this?

All of Vietnam's Government Computers To Use Linux, By Fiat

Posted by timothy on Wednesday January 07, @02:52PM from the power-to-the-people dept. Linux Business Government IT

christian.einfeldt writes

"The Vietnamese Ministry of Information and Communications has issued an administrative ruling increasing the use of Free Open Source Software products at state agencies, increasing the software's use both in the back office and on the desktop. According to the new rule, 100% of government servers must run Linux by June 30, 2009, and 70% of agencies must use, Mozilla Firefox, and Mozilla Thunderbird by the end of 2009. The regulation also sets benchmarks for training and proficiency in the software. Vietnam has a population of 86 million, 4 million larger than that of Germany, and is one of the world's fastest-growing economies."

Strange but I guess if you are a fan of terrorists this is an interesting site. Warning the download is huge!

Terror, Anthrax, Explosives and More in Free, Downloadable 'Counterterrorism Calendar'

By David Kravets January 07, 2009 7:07:33 PM

If you have not purchased a 2009 calendar or day planner yet, we suggest the National Counterterrorism Center calendar from the Department of Justice.

No need to spring for the latest hottie pinup or teddy bear calendar-planner. This one, downloadable and free of charge, shows mugs of dozens of America's most-wanted terror suspects.

Tools for Data Analysis. Got Stats? Here's how to analyze and present data. (Competes with SAS and SPSS but it's free!)

The Power of the R Programming Language

Posted by samzenpus on Wednesday January 07, @07:33PM from the much-better-than-Q dept. Programming

BartlebyScrivener writes

"The New York Times has an article on the R programming language. The Times describes it as: "a popular programming language used by a growing number of data analysts inside corporations and academia. It is becoming their lingua franca partly because data mining has entered a golden age, whether being used to set ad prices, find new drugs more quickly or fine-tune financial models. Companies as diverse as Google, Pfizer, Merck, Bank of America, the InterContinental Hotels Group and Shell use it.""

I suspect this will be used in other ways as well. Imagine the music the Gettysburg Address would generate (or Nixon's Checkers speach)

Microsoft releases SongSmith: Karaoke in reverse

Posted by Josh Lowensohn January 8, 2009 12:01 AM PST

Microsoft Research on Thursday is releasing software that gives musicians, both casual and professional, a new way to speed up song development Called SongSmith, the $29.99 application creates musical accompaniment based on whatever is sung into the computer's microphone.

Looks like a toy (tool) for the Swiss Arny Folder... - Scan Using Your Digital Camera

If you are looking into ways of expanding the power of your current digital camera, a visit to this site might just be what the doctor ordered. In principle, Snapter is a solution whereby you can use any digital camera as a mobile scanner, and capture documents as diverse as books and business cards instantly.

Snapter creates PDF files which come complete with sharpening and color improvement, and it is also possible to stretch or crop the document in a manner not dissimilar to that of Photoshop and related applications. In addition to that, other file types such as JPG, PNG and TIFF are duly supported, and you can specify the input format at the relevant step of the process.

This new solution can be tried for free, and once the provided 14-day trial period ends you can choose to upgrade to one of the paid plans. It is worth pointing out that Snapter will remain fully functional, though the output will contain a watermark and some tagline. The paid plans, incidentally, go by the names of “Lite” and “Full”, and you can quickly realize which one will be the right one for you by visiting the “Buy” section and looking at the provided charts.


Tiltshiftmaker turns photos into miniature scenes

Posted by Josh Lowensohn January 7, 2009 2:54 PM PST

Tilt-shift photography is a technique that requires a special lens to change both the perspective and focal field of an image. A similar effect can be created in PhotoShop and other high-end image editing programs, but it's a lengthy effort that casual photographers will probably find daunting. Web-based photo editor Tiltshiftmaker has automated most of this process, letting you achieve a similar effect right in your browser.

Wednesday, January 07, 2009

"Obvious in retrospect” is the same as “we didn't bother to do our homework”

Weak Password Brings 'Happiness' to Twitter Hacker

By Kim Zetter January 06, 2009 7:35:33 PM

An 18-year-old hacker with a history of celebrity pranks has admitted to Monday's hijacking of multiple high-profile Twitter accounts, including President-Elect Barack Obama's, and the official feed for Fox News.

The hacker, who goes by the handle GMZ, told Threat Level on Tuesday he gained entry to Twitter's administrative control panel by pointing an automated password-guesser at a popular user's account. The user turned out to be a member of Twitter's support staff, who'd chosen the weak password "happiness."

Cracking the site was easy, because Twitter allowed an unlimited number of rapid-fire log-in attempts.

"I feel it's another case of administrators not putting forth effort toward one of the most obvious and overused security flaws," he wrote in an IM interview. "I'm sure they find it difficult to admit it."

He also posted a video he made of his hack to prove he had administrative access to Twitter.

Does this mean they get an automatic “pass”? Another “we didn't think” security hole.

Kr: Hacker opens gaping holes in CSAT score security

January 6th, 2009 by admin

As the investigation into the leak of college entrance exam results rolls on, prosecutors said yesterday that the computer server at the Korea Institute for Curriculum and Evaluation, which administers the exam, had been hacked over 200 times. Not only the test results but also the institute’s internal information was stolen.

According to prosecution and police sources, a manager at a public relations firm called Inuni Co. whose surname is Kim accessed the institute’s server over 200 times between August 2007 and December 2008.


In this way, Kim downloaded 16 types of internal information from the institute. Among the materials downloaded were plans to grade answer sheets from the 2009 College Scholastic Ability Test, scoring schedules and the number of students who missed the test.

“Kim could look at the Korea Institute for Curriculum and Evaluation’s internal information by accessing the e-mail of seven employees,” a prosecutor said.

Read more in JoongAng Daily

[From the article:

Kim easily broke into the server. In August 2007, he accessed an employee’s e-mail account at the institute. Kim obtained the e-mail ID from a press release, and the password was the same as the ID.

… One of his successes was with the account of someone in the institute’s administrative office. The employee used a password identical to the romanized spelling of his name.

One of the employee’s e-mails contained an attached file containing the passwords of five other employees at the institute. The employee temporarily managed the other employees’ e-mail access information because he dealt with changes in the institute’s server. Their passwords were identical to the last seven digits of their residential identification numbers.

Wasn't this technique described (endorsed) in “The Devil's Advocate?”

Fla. Prosecutor’s Office Disqualified for Listening to Lawyer Phone Calls

Wednesday, January 07 2009 @ 05:46 AM EST Contributed by: PrivacyNews

A Florida judge has disqualified the entire Broward State Attorney's Office from trying a murder case after learning that two prosecutors had listened to recordings of the jailed defendant's phone calls to his attorney.

Defendant Luis Martinez's right to a fair trial was violated by the eavesdropping, Circuit Judge Susan Lebow held yesterday. Today she sent jurors in the case home for two months while the situation is resolved, after granting a government motion to put the trial on hold, the Miami Herald reports.

Source - ABA Journal hat-tip,

A peak at the files...

A Peek At DHS's Files On You

Posted by kdawson on Tuesday January 06, @06:07PM from the fifteen-year-retention dept. Government Privacy Transportation

kenblakely writes

"We've known for a while that the Department of Homeland Security was collecting travel records on those who cross US borders, but now you can see it for yourself. A Freedom of Information Act request got this blogger a look at DHS's file on his travels. Pretty comprehensive — all the way down to the IP address of the host he used to make a reservation."

[From the article:

Officials use the information to prevent terrorism, acts of organized crime, and other illegal activity. [Is any of this truly “preventive?” Bob]

… Regulations prohibit officials from sharing the records of any traveler—or the government's risk assessment of any traveler—with airlines or private companies. A record is kept for 15 years—unless it is linked to an investigation, in which case it can be kept indefinitely. Agency computers do not encrypt the data, but officials insist that other measures—both physical and electronic—safeguard our records.

Related: Too much is not enough!

Homeland Security rules on data collection rile businesses

Wednesday, January 07 2009 @ 06:28 AM EST Contributed by: PrivacyNews

The Department of Homeland Security will collect millions of new electronic records about private planes, imported cargo, foreign visitors and federal contractors as part of an array of controversial last-minute security policies imposed by the Bush administration.

Businesses say the policies are costly, and worry that sensitive information could be released if a database is lost or stolen. Some charge the Homeland Security Department with rushing to impose policies and ignoring business concerns.

Source - USA Today

We held a meeting but nobody came. Now we blame you for our failure?

Hacked Lawmaker Calls For Cyber Briefings

Wednesday, January 07 2009 @ 06:56 AM EST Contributed by: PrivacyNews

Rep. Frank Wolf, R-Va., told House leaders Tuesday that few members of Congress have availed themselves of secret briefings meant to educate them about outsiders trying to penetrate lawmakers' computers and steal sensitive information. Despite "repeated assurances" that the House leadership would inform members of Congress about threats to their computer systems and personal electronic devices, members are still at risk of being hacked by foreign and domestic sources, Wolf wrote in a letter [PDF] sent to House Speaker Nancy Pelosi and other leaders, which was obtained by National Journal.

Source - Congress Daily

CyberWar: If I download the botnet tool, have I become the agent of a foreign power? I bet there are implications I can't even imagine! Might make an interesting article.

Israel, Palestine Wage Web War

Posted by kdawson on Tuesday January 06, @02:45PM from the spilling-over dept. The Internet Politics

An anonymous reader writes

"A war has erupted on the Internet between Israel and Palestine, alongside the war being fought on the ground in Gaza. A new report claims that a group called the 'DNS Team' has defaced an Israeli Website, with anti-Israel graphical images — one in a series of instances of 'e-vandalism.' This sort of e-vandalism, says the author, is not only an inconvenience for Webmasters, but many of the images contain malware links and 'redirects or Flash links to Jihadist forums or blogs.' However, while the Jihadist forums are registered in Saudi Arabia, they are hosted by companies like Layered Tech and SoftLayer in Plano, Texas. On the Israeli side, 'A fascinating approach over the last few days is being made by an Israeli Website, "Help Israel Win," which provides a download so your PC can become part of a worldwide pro-Israeli botnet. So far 7,786 have joined, already a fairly powerful global computing force...'"

[Note: The website is down (or blocked?) but the Google Cache is still available. Bob]

Several things occur to me: 1) I can hire a bunch of phishers, cheap. 2) If I automate a phishing scheme using free internet services, I could vastly increase the volume of phishy emails, and drive returns to zero. 3) I find the conclusions “suspect.”

Phishing Is a Minimum-Wage Job

Posted by kdawson on Tuesday January 06, @08:06PM from the triumph-of-the-commons dept. The Almighty Buck Security

rohitm918 writes

"A study by Microsoft Research concludes that phishers make very little (PDF): '...low-skill jobs pay like low-skill jobs, whether the activity is legal or not.' They also find that the Gartner numbers that everyone quotes ($3.2B/year etc) are rubbish, off by a factor of 50. 'Even though it harvests "free money," phishing generates total revenue equal to the total costs incurred by the actors. Each participant earns, on average, only as much as he would have made in the opportunities he gave up elsewhere. As the total phishing effort increases the total phishing revenue declines: the harder individual phishers try the worse their collective situation gets. As a consequence, increasing effort is a sign of failure rather than of success.'"

Costs of a data breach: How would you split the cost?

Price of data theft response: Millions

A report on how much it cost to deal with breaches at two retailers has banks looking to spread the pain.

By EDWARD D. MURPHY, Staff Writer January 7, 2009

Two major data breaches since early 2007 have cost Maine banks and credit unions more than $2.1 million, and those institutions might ask lawmakers to force retailers to share some of the costs of future breaches.

A report by the state's Bureau of Financial Institutions said the costliest breach involved Hannaford Bros., the Maine-based grocery chain that learned last February that its transactions system had been compromised. Maine banks and credit unions said they spent nearly $1.6 million to investigate the breach, tell customers, reissue cards and bear the cost of fraud.

Implications for IP?

Obama Picks RIAA's Favorite Lawyer For Top DoJ Post

Posted by kdawson on Tuesday January 06, @10:05PM from the paging-mister-lessig dept.

The Recording Industry of America's favorite courtroom lawyer, Tom Perrelli, who has sued individual file swappers in multiple federal courts, is President-elect Barack Obama's choice for the third in line at the Justice Department. CNet's Declam McCullagh explores the background of the man who won the RIAA's lucrative business for his DC law firm: "An article on his law firm's Web site says that Perrelli represented SoundExchange before the Copyright Royalty Board — and obtained a 250 percent increase in the royalty rate for music played over the Internet by companies like AOL and Yahoo," not to mention Pandora and Radio Paradise. NewYorkCountryLawyer adds, "Certainly this does not bode well for CowboyNeal's being appointed Copyright Czar."

Gutenberg is being replaced by Gates – that's a good thing, right? (Politicians may “view with alarm” the reduced volume of mail and create a “Bureau of Stuff to Mail” to keep full employment in the Post Office.)

Dr. Dobb's Journal Going Web-Only

Posted by timothy on Tuesday January 06, @01:08PM from the times-change-and-sometimes-that's-good dept. The Media

paleshadows writes

"The first issue of Dr. Dobb's Journal (DDJ) was published in January 1976. A few days ago, Herb Sutter (the chair of the ISO C++ committee and a long-time DDJ columnist) announced through his latest blog post that, 'as of January 2009, Dr. Dobb's Journal is permanently suspending print publication and going web-only.' This follows an earlier announcement that PC Magazine is to become digital-only, too, as of February 2009. To those of us who enjoy reading such stuff away from the computer these are bad news, as there seems to be no other major technical programmers' magazines left standing."

Might be useful... I'll need to explore it a bit. - An Online Community Of Scholarsscholarz net

Self-defined as “a communication platform for academics”, this new initiative (out in public beta) is arranged by Ph.D students for Ph.D students and young graduates. On the site, you can learn about the life of any person who is engaged into academic activities such as teaching, writing and researching.

As it is the norm with social sites, you can invite your friends in an instant manner, and once you have created your own circle it is possible to interact with others in a straightforward way. You can upload files and archives to your own personal folder, and a sharing menu is there to make for a smooth time indeed.

A nice touch is that the site is available both in English and in Deutsch, effectively having a broader scope and outreach.

The site also deals with an interdisciplinary research project named “Scientific Work in the web 2.0”. In addition to that, a research software which goes by the name of “” and which is developed by the team behind the network is being developed right now, and you can learn about it in the pertinent section.