Saturday, March 07, 2009

Consider instead that the governments have penetrated the criminal networks.

Shaming Russia Into Action On Cyber Crime

Posted by Soulskill on Saturday March 07, @12:14AM from the stand-in-the-corner-until-you're-sorry dept. Security

krebsatwpost writes

"The Washington Post ran a piece earlier this week that confronts the myth that cyber criminal gangs in Russia and Eastern Europe avoid attacking their own, pointing to numerous examples of late that counter this common misconception. The story draws on data from Team Cyrmu about distributed denial-of-service attacks (DDoS) that target Russian and E. European organizations, intel from McAfee about Russian banks and federal agencies that appear to be under control over cyber gangs there, and tens of gigabytes of data stolen via keyloggers that disproportionately impact Russian systems, including that of a top Gazprom official. The piece begins: 'If you ask security experts why more cyber criminals aren't brought to justice, the answer you will probably hear is that US authorities simply aren't getting the cooperation they need from law enforcement officials in Russia and other Eastern European nations, where some of the world's most active cyber criminal gangs are thought to operate with impunity. But I wonder whether authorities in those countries would be any more willing to pursue cyber crooks in their own countries if they were forced to confront just how deeply those groups have penetrated key government and private computer networks in those regions?'"


March 06, 2009

Director of National Cybersecurity Center Resigns

WSJ: "The government's coordinator for cybersecurity programs has quit, criticizing what he described as the National Security Agency's grip on cybersecurity. Rod Beckstrom, a former Silicon Valley entrepreneur, said in his resignation letter that the NSA's central role in cybersecurity is "a bad strategy" because it is important to have a civilian agency taking a key role in the issue. The NSA is part of the Department of Defense."

  • Mr. Beckstrom's resignation letter: "...the NCSC [National Cybersecurity Center] did not receive appropriate support inside DHS during the last administration to fully realize its vital role."

A tool for capturing those ephemeral sites you just know are going to be shut down... Something for my Forensic class. Would it be admissible as evidence? - Create A Cached Copy Of Any URL is the tool you were looking for in order to make the internet freeze! How many times have you found something on the net which you really crave and that you want to show all your friends, and when you return to the site everything has changed?

In all honesty, with the sheer speed at which the internet regenerates each day it is so easy to lose track of all the stuff you like. Very often, when you go and try out your bookmarks they all take you to something that resembles more a ghost town than the site you bookmarked. However, not all is lost since BackupURL can help sort out this little conundrum we have to deal with.

Here’s what to do, land on their site and it’s all simple and straightforward - type in the URL you want saved and hit “Backup!”. Presto! You are all done! The result is a new URL where you can access the exact same site you just backed up only that it’s coming from a different server and it will not be updated ever again. This application is really cool if you need to use an alternate mirror to handle the load on your site or as a safeguard in case your servers blow up or something bizarre happens to them like being hit by a hurricane, or who knows what.

The porn industry is an early adapter of technology. (Evil thought: Now there could be drivers out there reading porn on their cell phone while driving...)

Is Salacious Content Driving E-Book Sales?

Posted by timothy on Friday March 06, @04:46PM from the let-me-take-one-lust-driven-guess dept. Books Media Entertainment

narramissic writes

"Having already abandoned ebooks once, Barnes & Noble is jumping back into ebooks with the purchase this week of ebook seller Fictionwise. Why is the format suddenly hot? Look no further than the top 10 Fictionwise bestsellers, says blogger Peter Smith. Once again it seems like 'porn is blazing a path to a new media format. Of the top 10 bestsellers under the 'Multiformat' category, nine are tagged 'erotica' and the last is 'dark fantasy.' Need more proof that folks (let's take a leap and call them women) who read 'bodice rippers' like the privacy of ebooks? Author Samantha Lucas (who writes for publishers like Cobblestone Press and Siren Publishing) tells Smith that she sells almost all of her novels in ebook format."

Records are made to be broken. Think of this guy as the digital equivalent of the little old lady with 50 cats...

Biggest-ever Internet piracy bust claimed in Sweden

by Erik Palm March 6, 2009 3:07 PM PST

Swedish police on Friday reported making a major Internet piracy bust.

Authorities said they seized computer equipment belonging to a Stockholm-area man whom they suspected of violating local copyright law. The police, who carried out the raid on February 9, only disclosed the news Friday.

… The seized server contained 65 terabytes of digital data, [I know a Fortune 500 company that ran on only 6TB Bob] consisting of films, TV series, computer programs, and the music equivalent of 16,000 movies, according to the Antipiracy Agency, an organization based in Sweden that's supported by a consortium of film and game organizations to fight Internet piracy.

Use this to create “Twit of the Year” covers? Picture manipulation for my website students.

WriteOnIt turns pics into fake magazine covers

by Josh Lowensohn March 6, 2009 12:46 PM PST

WriteOnIt is a simple service that lets you caption and manipulate uploaded photos. Just like BigHugeLabs' Flickr toys project (story), it can take uploaded photos and stick them into magazine covers. It can also slyly insert them onto coffee mugs, billboards, art easels, and fake mirrors within ready-made photos. [I didn't see that... Bob]

Tool for meetings and seminars? - Innovative Flash Video Players

Online video has really changed the way we use the internet. If you still haven’t gotten the most out of online video, then you’re going to love

With this site, you’ll be able to create your customized video player, which works great for conferences and events. What’s the best part? You’ll be able to tape your event, and alongside it, show the slides you used for your presentation. This makes your video a lot more useful, as people who are watching it from home will be further immersed into the online conference. It’s great for professors who like to use this type of thing for their classes, to be able to reach more students and eager listeners.

I was at a Math conference yesterday (sounds geeky as hell, doesn't it) where a presenter demoed this tool for grabbing screen images, with the option to make them into movies and then save them on your desktop or as links to storage in the cloud. Very slick. You should take a look at it! Mac or Windows!


* Snap a picture of your screen.

* Record video of onscreen action.

* Share instantly over the web, IM, email.

Related. That same presenter used MindMaps to organize her collection of software tools. Rather than re-list her list (and you know I love lists) I'll just point you to her mind...

If Dilbert says it, it must be true!

Friday, March 06, 2009

Consequences! What a novel idea.

Consumer Reporting Agency Settles FTC Charges: Sold Tenant Screening Reports to Identity Thieves

Thursday, March 05 2009 @ 03:32 PM EST Contributed by: PrivacyNews

A consumer reporting agency that failed to properly screen prospective customers and, as a result, sold at least 318 credit reports to identity thieves, has agreed to settle Federal Trade Commission charges that it violated federal law. Under the settlement, the company and its principal must ensure that they provide credit reports only to legitimate businesses for lawful purposes, use a comprehensive information security program, and obtain independent audits every other year for 20 years. The settlement also imposes a $500,000 penalty but suspends payment due to the defendants’ inability to pay.

.... The defendants are Rental Research Services, Inc. and Lee Mikkelson, both located in Eden Prairie, Minnesota. The Commission vote to authorize staff to refer the complaint and stipulated final order to the Department of Justice for filing was 4-0. The documents were filed in the U.S. District Court for the District of Minnesota.

Source - FTC Related FTC Files

Great little chart to illustrate the problem

Patch Availability At Time of Breach

Recently Cybertrust released a data breach study . There is a lot of great information in it, but one thing I found particularly interesting was regarding breaches that were caused by vulnerability exploit. In those instances, how long had patches been available that if used would have prevented the breach from occuring. What they found from their in depth analysis of 500 data breach cases was the attached graphic. In 90% of cases, breaches had been available for more than 6 months. In no cases were there exploits of vulnerabilities that had patches available for 1 month or less. This emphasizes a blog post that talks about why hackers use old vulnerabilities to compromise networks. The answer is simply because they work!

Perhaps more emphasis should be placed on ensuring all systems are patched including all operating systems, and most importantly the 3rd party apps that we use rather than just how quickly we can patch.

Why do they really want to do this?

Amex Demands Right to Call and SMS Any Phone You Call Them From

Thursday, March 05 2009 @ 06:15 PM EST Contributed by: PrivacyNews

American Express wants to keep in touch.

So much so that Amex is changing its fine print so that it or its robots can call or SMS card holders on any phone line a member ever uses to contact the company, and the card holder will get the bill.

That change in its U.S. card holders' terms of service agreement means travelers should be very wary about using hotel phones, pay phones, borrowed mobiles, or satelite phones to call Amex--- even in an emergency, according to travel guru Edward Hasbrouck who first brought attention to the change.

Source - Threat Level

[From the article:

But Amex's VP for Public Affairs Desiree Fish says users shouldn't worry about the change and that it doesn't mean what it plainly means. Amex will never divulge secret info over the phone or via SMS, Fish assures, and if people want to opt out of marketing phone calls, they can do so online.

Did someone actually hint they would consider writing a law?

Major tech companies to drop support for comprehensive U.S. privacy law

Thursday, March 05 2009 @ 12:23 PM EST Contributed by: PrivacyNews

In the summer of 2006, a who's who of technology and Internet companies garnered headlines when they formed the Consumer Privacy Legislative Initiative. The group, which included Intel, Microsoft, eBay, Google, HP, Oracle, and Sun, was charged with promoting the adoption of a national privacy law in the U.S. (initial statement here). According to BNA's Electronic Commerce & Law Report (sub required), next week those same companies will announce a shift in name and emphasis.

Source -

[From the article:

Microsoft Chief Privacy Strategist Peter Cullen tells BNA that "legislation is actually the wrong place to start. To provide effective privacy protection, it's going to potentially require good legislation. But more importantly, it will require good business processes and good accountability." The group is therefore morphing into the Business Forum for Consumer Privacy, which advisors say is working toward building a self-regulatory framework.

Wow You can get anything on Craig's List!

Sheriff Sues Craiglist For Prostitution Ads

Posted by timothy on Thursday March 05, @05:50PM from the shameful-waste-of-tax-money dept. The Courts Privacy Politics

Amerika writes

"Craigslist is 'the single largest source of prostitution in the nation,' according to Cook County, Illinois Sheriff Thomas Dart. He has announced that he's filing a lawsuit against the popular classifieds site. Craigslist says it's determined to prevent criminal activity."

NewYorkCountryLawyer adds a link to the 28-page complaint (PDF), which "alleges that Craigslist maintains 21 classifications of sex-for-hire, coded as 'w4m,' 'm4m,' 'm4w,' etc." and that it has facilitated child prostitution and kidnapping and human trafficking.

Boy did they get roasted for this one. (Looks like the site crashed too.)

State of Colorado Calls Firefox Insecure, IE6 Safe

Posted by timothy on Thursday March 05, @04:43PM from the sheeps'-bladders-may-be-used-to-prevent-earthquakes dept. Security Government Internet Explorer Mozilla IT

linuxkrn writes

"The State of Colorado's Office of Technology (OIT) has set up a work skills website. The problem is that the site says 'DO NOT use FIREFOX or other Browsers besides IE. It has been decided that Mozilla based, non-IE browsers pose a security risk.' (Original emphasis from site.) If the leading IT agency for the State is making these uneducated claims, should the people worry about their other decisions?"

Related Geeky stuff

9 Browsers Compared For Speed and Features

Posted by timothy on Thursday March 05, @10:57PM from the you-forgot-konqui-and-galeon dept. Software The Internet

notthatwillsmith writes

"Counting public betas and release candidates, there are a whopping nine different web browsers out today with enough market share to be considered mainstream. Maximum PC explains the differences between the browsers, future and present, so that you can make a more informed decision about the primary tool you use to browse the web. From the rendering engines used to the features that set the different browsers apart, this is a comprehensive, blow-by-blow battle between Safari 3, Internet Explorer 7, Firefox 3, Opera 9.6, Google Chrome, Firefox 3.1, IE 8, Safari 4, and Opera 10."

Useful resource

March 05, 2009

New on Knowledge Discovery Resources 2009: An Internet MiniGuide Annotated Link Compilation - Knowledge Discovery Resources 2009: An Internet MiniGuide Annotated Link Compilation - Marcus P. Zillman's compilation is dedicated to the latest and most reliable resources for knowledge discovery available through the Internet. This wide ranging selection of resources provides specialized tools, applications and sources relevant to researchers from many disciplines.

I looked. They don't have Java or C++ - Learning Up A New Language

Sanbit is a new site that plays out a welcome role: letting you pick up a new language in a lively setting. The site makes for practicing every aspect of any foreign language that you might be interested in, and this includes not only reading texts and listening to audio files but also writing essays that are read by those who make up the community of native speakers.

One of the best features on offer is the ability to find language partners that will let you practice what you have learned so far with all the inherent advantages that the contact with others bring.

TRY THIS! Very interesting. Pick a location and then monitor the twitter traffic...

monitter? what is it?

Simple. It's a twitter monitor, it lets you "monitter" the twitter world for a set of keywords and watch what people are saying. Cool huh?

Geek history with images!

A History of Storage, From Punch Cards To Blu-ray

Posted by timothy on Thursday March 05, @02:38PM from the isn't-that-right-joey dept. Data Storage Media

notthatwillsmith writes

"Maximum PC just posted a comprehensive visual retrospective about data storage, starting with the once state of the art punch card and moving through the popular formats of yesteryear, including everything from magtape to Blu-ray discs. It's amazing how much data you could pack on a few hundred feet of half-inch magnetic tape!"

[From the article:

A single reel of the oxide coated half-inch tape could store as much information as 10,000 punch cards

Geeky stuff - Making The Web Crisp Once Again

ScreenFix compiles together a set of five different tools that can be used by anybody in order to have a crisp image on his monitor. These applications are three different checkers (“Gamma Checker”, “Phasing Checker” and “Brightness Checker”) and two fixers (“Dead Pixel Fixer” and “Flickr Fixer”). Moreover, the site includes a tool for checking TN monitors, and that tool goes by the corresponding denomination.

These tools go by self-explanatory names, and they are all provided at no cost. They are all hosted on the server, too, so that you won’t have to incur into software downloads of any kind, nor worry about updating anything.

Thursday, March 05, 2009

Security processes without monitoring is worthless. This would seem to refute those “no one could use the tapes” press releases.

NYPD civilian worker busted in mass cop-ID Theft

March 4, 2009 by admin

Reuven Blau reports:

A civilian official of the NYPD’s pension fund has been charged with taking computer data that could be used to steal the identities of 80,000 current and retired cops, sources said.

Anthony Bonelli allegedly got into a secret backup-data warehouse on Staten Island last month and walked out with eight tapes packed with Social Security numbers, direct-deposit information for bank accounts, and other sensitive material.

Read more on NY Post

[From the article:

Sources said he managed to get past a guard on Feb. 21, unplugged video cameras, and left with the stolen tapes.

Bonelli raised suspicion with comments he made at work last week.

The NYPD sent technology specialists to the site, where they discovered that the cameras had been disabled and the tapes were missing. [No one noticed? Bob] The tapes were found at Bonelli's home when he was arrested Saturday, police said

Another step toward Big Brother-ness?

AU: Latest police weapon: a secret search

Wednesday, March 04 2009 @ 07:27 AM EST Contributed by: PrivacyNews

New powers to secretly search homes and computers of people suspected of crimes ranging from murder to organised theft are wider than those now used against suspected terrorists.

The new covert search warrants would give police up to three years to delay informing targets they had carried out a raid on their property.

Source - Sydney Morning Herald

[From the article:

The proposed covert laws became necessary after the Supreme Court found in 2007 that three covert searches on a children's author suspected of drug offences had been unlawful. [When you want to keep doing something that is illegal, you simply change the law. Bob]

… But the Premier, Nathan Rees, said: "If you are a serious criminal [Translation: not a cop Bob] you should be very anxious. We now will have the power to enter your home without you knowing and collect evidence for subsequent prosecutions."


EXCLUSIVE: Google Takes a Stand for Location Privacy, Along with Loopt

Wednesday, March 04 2009 @ 05:07 PM EST Contributed by: PrivacyNews

Thanks in part to feedback from EFF, Google has chosen to take a strong and public stand on what legal privacy protections should apply if the government comes calling for the location data collected by Latitude, Google’s new cell phone-based friend-finding service. Google has decided to match the policy for dealing with law enforcement demands first adopted by its friend-finding competitor Loopt after consultation with EFF, a policy which relies on the strongest possible legal arguments for protecting users’ location privacy. The gist of the Latitude and Loopt policies? “Come back with a warrant.”

Source - EFF

There is a law journal article here!

Google Health lets users share their online records

by Steven Musil March 4, 2009 9:45 PM PST

Google Health has introduced a new feature that lets users share their online health records with designated doctors, friends, and family members.

Google said the move was in response to users' concerns that care-givers and loved ones might not be up to date on all the details of a patient's health situation, especially in the event of an emergency.

… Recognizing the sensitive nature of sharing health records, Google said it has built in several security measures to preserve privacy. Users choose who can view their histories [Hard to do when you are unconscious. Bob] and the link to the patient's profile will work only in connection with those people's e-mail addresses ['cause no one knows my email address... Bob]--meaning the link won't work if it is forwarded to a third party. Users can also decide what information they want to share, and those allowed to view the profile will not have the ability to edit the information. [Can they add to it? Bob] Users will also be able to see exactly who has reviewed the profile.

However, one security measure that is a bit baffling is a feature that restricts the usability lifespan of the e-mailed link to only 30 days. Unless the user is diligent about regularly sending links to loved ones, this protection could negate the feature's value in the event of an emergency.

Google also announced a feature that allows users to print wallet- and letter-size hard copies of a their profile, including medications, allergies, conditions, and treatments. But again, the value of these printouts may be questionable if they are not updated and replaced regularly.

Google Health, which is dedicated to the digitization of health records, launched in May 2007. Microsoft has also planned a medical records service called HealthVault. President Obama, meanwhile, has made it clear that he plans to make digital health records part of his health care reform agenda.

Watch the Justices Rap!

“Damn dem lawyers,

damn their eyes,

we'll hit 'em in the puss,

with custard pies!”

The U.S. Supreme Court enters the YouTube era

By Adam Liptak Published: March 3, 2009

WASHINGTON: The first citation in a petition filed with the court last month, for instance, was not to an affidavit or a legal precedent but rather to a YouTube video link. The video shows what is either appalling police brutality or a measured response to an arrested man's intransigence — you be the judge.

Such evidence vérité has the potential to unsettle the way appellate judges do their work, according to a new study in The Harvard Law Review. If Supreme Court justices can see for themselves what happened in a case, the study suggests, they may be less inclined to defer to the factual findings of jurors and to the conclusions of lower-court judges.

… Three law professors accepted that invitation and made it the basis of an interesting study published in January in The Harvard Law Review. They showed the video to 1,350 people, who mostly saw things as the justices did. Three-quarters of them thought the use of potentially deadly force by the police was justified by the risk Harris's driving posed.

But African-Americans, liberals, Democrats, people who do not make much money and those who live in the Northeast were, the study found, "much more likely to see the police, rather than Harris, as the source of the danger posed by the flight and to find the deliberate ramming of Harris's vehicle unnecessary to avert risk to the public."

I'm sure there must be “nothing but games” stores out there somewhere, but most serious gamers wouldn't spend time to drive to and from the store when they could spend it playing their games.

How Much Longer Will Physical Game Distribution Survive?

Posted by Soulskill on Thursday March 05, @05:18AM from the shortly-after-blizzard-conquers-the-earth dept.

GamesIndustry is running an interview with Theodore Bergquist, CEO of GamersGate, in which he forecasts the death of physical game distribution in favor of digital methods, perhaps in only a few years. He says, "Look at the music industry, look at 2006 when iTunes went from not being in the top six of sellers — in the same year in December it was top three, and the following year number one. I think digital distribution is absolutely the biggest threat [traditional retailers] can ever have." Rock, Paper, Shotgun spoke with Capcom's Christian Svensson, who insists that developing digital distribution is one of their top priorities, saying Capcom will already "probably do as much digital selling as retail in the current climate." How many of the games you acquire come on physical media these days? At what point will the ease of immediate downloads outweigh a manual and a box to stick on your shelf (if it doesn't already)?

One of those articles than stops me in my tracks. Why? Probably lots of reasons, but most are logistical. Now if they replace Windows with Linux, they've really got something.

Microsoft Windows, On a Mainframe

Posted by timothy on Wednesday March 04, @05:47PM from the operating-systems-plural dept. Windows Microsoft Operating Systems

coondoggie writes with an excerpt from Network World:

"Software that for the first time lets users run native copies of the Windows operating systems on a mainframe will be introduced Friday by data center automation vendor Mantissa. The company's z/VOS software is a CMS application that runs on IBM's z/VM and creates a foundation for Intel-based operating systems. Users only need a desktop appliance running Microsoft's Remote Desktop Connection (RDC) client, which is the same technology used to attach to Windows running on Terminal Server or Citrix-based servers. Users will be able to connect to their virtual and fully functional Windows environments without any knowledge that the operating system and the applications are executing on the mainframe and not the desktop."

[From the article:

According to the company's Web site, users will be able to create a PC in 15 seconds, have it operational in 15 minutes and use it once or have it permanently without worrying about depreciation of hardware.

… The z/VM hypervisor already natively supports the ability to run hundreds to thousands of Linux servers on a single mainframe.

… "The product has been a bear for the development group but the thought of being able to run 3,000 copies of Windows [Compare: Windows license fee X 3000 v. Free X100,000 Which give you bang for the buck? Bob] on one System z so fascinated the team that we needed very little additional incentive," Mantissa CEO and founder Gary Dennis said on the IBMVM list serve site last summer when he introduced the z/VOS concept.

E-Discovery A case for adding Data Mining/Data Analysis to the various Computer curriculums. Also some great examples for my Forensics classes.

Jason Baron on Search - How Do You Find Anything When You Have a Billion Emails?

March 4, 2009

Geek stuff and the potential to create an ad hoc network with your friends/collaborators.

LimeWire Brings Darknets To All

Posted by samzenpus on Thursday March 05, @07:57AM from the yes-have-some dept. Social Networks Technology

An anonymous reader writes

"LimeWire's new version lets people create private darknets with contacts on any Jabber server (like GMail or LiveJournal). It's different than the recent p2p darknet announcement because it doesn't use onion routing. Sharing with a friend connects directly to that friend. If you're worried about exposing personal information, LW5 doesn't share documents with the p2p network by default."

This is interesting. Return articles, images and videos related to the search! Definitely worth a look. - News Of The World

A visit to this portal seems a good idea if you are looking for a fresh way to access all the news appertaining to you the most. In general terms, Daymix aims to show its users the latest information on any topic. This includes not only news that have been reported by major online agencies and channels but also blog posts and the buzz surrounding these topics as of late. Of course, the site also includes media contents, and photographs and videos top the list.

Very simple. I think I have several uses for this one! - Time Yourself

This new solution is nothing more and nothing less than an online stopwatch that you can employ to see how you are managing your time. Essentially, it will let you record daily activities and then save reports to your computer in a very straightforward way indeed.

In order to use this system, you simply press the “Start” button and get down to what has to be done. Once you are finished, simply click on the “Stop” button and then proceed to add a label that describes the activity. You repeat the process as many times as you desire, and once you have compiled the full list you can download it to your desktop, or open it using Excel.

Evil business model: We build a site like this and then we assign realllly hard homework problems!

You do the math. Or pay a website to do it..

Wed Mar 4, 1:21 pm ET

PARIS (Reuters) – "You can't do it? We're here to help," says the homepage of a new French website where children can pay for older students to do homework for them.

On (, children will be able to buy answers to simple maths problems for 5 euros ($6), while a full end-of-year presentation complete with slides and speaking notes will cost 80 euros ($100).

… Schoolteachers reacted with outrage. [Because they didn't get a cut? Bob]

Wednesday, March 04, 2009

Perhaps they will steal all those bad loans and the banks will suddenly be solvent!

Tigger.A Trojan Quietly Steals Stock Traders' Data

Posted by kdawson on Tuesday March 03, @04:37PM from the where-the-money-is dept.

**$tarDu$t** recommends a Washington Post Security Fix blog post dissecting the Tigger.A trojan, which has been keeping a low profile while exploiting the MS08-66 vulnerability to steal data quietly from online stock brokerages and their customers. An estimated quarter million victims have been infected. The trojan uses a key code to extract its rootkit on host systems that is almost identical to the key used by the Srizbi botnet. The rootkit loads even in Safe Mode.

"Among the unusually short list of institutions specifically targeted by Tigger are E-Trade, ING Direct ShareBuilder, Vanguard, Options XPress, TD Ameritrade, and Scottrade. ... Tigger removes a long list of other malicious software titles, including the malware most commonly associated with Antivirus 2009 and other rogue security software titles... this is most likely done because the in-your-face 'hey, your-computer-is-infected-go-buy-our-software!' type alerts generated by such programs just might... lead to all invaders getting booted from the host PC."

Clearly something to point my “Intro to Computer Security” class to...

EFF Releases How-To Guide to Fight Government Spying

Tuesday, March 03 2009 @ 09:43 AM EST Contributed by: PrivacyNews

The Electronic Frontier Foundation (EFF) launched its Surveillance Self-Defense project today -- an online how-to guide for protecting your private data against government spying. You can find the project at

EFF created the Surveillance Self-Defense site to educate Americans about the law and technology of communications surveillance and computer searches and seizures, and to provide the information and tools necessary to keep their private data out of the government's hands. The guide includes tips on assessing the security risks to your personal computer files and communications, strategies for interacting with law enforcement, and articles on specific defensive technologies such as encryption that can help protect the privacy of your data.

Source - EFF Press Release

Would you steal if you had a 99% chance of getting away with it?

Gartner: Financial fraud hits 7.5 percent of U.S. adults

by Elinor Mills March 3, 2009 9:01 PM PST

About 7.5 percent of U.S. adults lost money as a result of financial fraud last year, mostly due to data breaches, according to a new Gartner study to be released on Tuesday night.

In the survey of nearly 5,000 consumers, 70 percent said they had never been a victim of identity theft fraud. Meanwhile 14 percent said they had had their credit card information used to charge purchases or get money, 7 percent said their debit card was used, 6 percent said a new account had been opened in their name, 5 percent had money transferred out of their account, and 4 percent had had checks forged.

… "The chances of a criminal getting arrested and convicted for identity theft-related fraud are much less than a half of 1 percent," the study said.

Analyzing and interpreting the data is going to be important. What liability would an employer or provider assume? i.e. Will they recognize a terrorist website when their employees connect to one?

Fi: Parliament Passes "Lex Nokia" BIll

Wednesday, March 04 2009 @ 06:45 AM EST Contributed by: PrivacyNews

Parliament has passed the controversial reforms to the data protection law, the so-called "Lex Nokia" bill. The vote was 96 for, 56 against. [and 47 abstentions! Bob]

... The law allows employers and other organisations that provide users with Internet service and e-mail to monitor IP traffic data. In practice, this means that employers can see who workers are e-mailing, when the message was sent, and the size of the e-mails and attachments. It will not allow them to read the contents of e-mails.

Source -

Related “All that is not forbidden is mandatory!” The Once and Future King

Should Job Seekers Tell Employers To Quit Snooping?

Posted by kdawson on Wednesday March 04, @01:14AM from the easy-for-you-to-say-you-have-a-job dept.

onehitwonder writes in with a CIO opinion piece arguing that potential employees need to stand up to employers who snoop the Web for insights into their after-work activities, often disqualifying them as a result.

"Employers are increasingly trolling the web for information about prospective employees that they can use in their hiring decisions. Consequently, career experts advise job seekers to not post any photos, opinions or information on blogs and social networking websites (like Slashdot) that a potential employer might find remotely off-putting. Instead of cautioning job seekers to censor their activity online, we job seekers and defenders of our civil liberties should tell employers to stop snooping and to stop judging our behavior outside of work, writes Senior Online Editor Meridith Levinson. By basing professional hiring decisions on candidates' personal lives and beliefs, employers are effectively legislating people's behavior, and they're creating an online environment where people can't express their true beliefs, state their unvarnished opinions, be themselves, and that runs contrary to the free, communal ethos of the Web. Employers that exploit the Web to snoop into and judge people's personal lives infringe on everyone's privacy, and their actions verge on discrimination."

Similar to above? Is this becoming too common to resist? (It ain't the weather, we can do something about it! Can't we?)

Behavioral Targeting: Not That Bad?! TRUSTe Survey Shows Decline in Concern for Behavioral Targeting

Wednesday, March 04 2009 @ 06:54 AM EST Contributed by: PrivacyNews

Consumers are more conscious of behavioral targeting than ever before, according to a recent survey conducted by TNS for TRUSTe, the leading internet privacy trustmark: two out of three consumers are aware that their browsing information may be collected by a third party for advertising purposes.

Additionally, consumer discomfort with behavioral advertising declined year over year (from 57 percent in 2008 to 51 percent in 2009), suggesting that although consumers worry about protecting their private information online, they are growing more accustomed to behavioral targeting, with some even preferring to be served targeted advertisements from brands they know and trust over irrelevant, intrusive advertisements. In fact, 72 percent of those surveyed said they found online advertising intrusive and annoying when the products and services being advertised were not relevant to their wants and needs.

Source - TRUSTe Press Release via MarketWire

Perhaps the certification testing isn't everything we were led to believe.

Diebold Election Audit Logs Defective

Posted by kdawson on Tuesday March 03, @01:28PM from the worse-than-we-thought dept. Government Politics

mtrachtenberg writes

"Premier Election Solutions' (formerly Diebold) GEMS 1.18.19 election software audit logs don't record the deletion of ballots, don't always record correct dates, and can be deleted by the operator, either accidentally or intentionally. The California Secretary of State's office has just released a report about the situation (PDF) in the November 2008 election in Humboldt County, California (which we discussed at the time). Here's the California Secretary of State's links page on Diebold. The conclusion of the 13-page report reads: 'GEMS version 1.18.19 contains a serious software error that caused the omission of 197 ballots from the official results (which was subsequently corrected) in the November 4, 2008, General Election in Humboldt County. The potential for this error to corrupt election results is confined to jurisdictions that tally ballots using the GEMS Central Count Server. Key audit trail logs in GEMS version 1.18.19 do not record important operator interventions such as deletion of decks of ballots, assign inaccurate date and time stamps to events that are recorded, and can be deleted by the operator. The number of votes erroneously deleted from the election results reported by GEMS in this case greatly exceeds the maximum allowable error rate [There's an acceptable error rate? Bob] established by HAVA. In addition, each of the foregoing defects appears to violate the 1990 Voting System Standards to an extent that would have warranted failure of the GEMS version 1.18.19 system had they been detected and reported by the Independent Testing Authority that tested the system.'"

Isn't this what the xenophobes wanted? We scream that immigrants are coming to the US to steal our jobs, now we want them to stay?

Smart Immigrants Going Home

Posted by kdawson on Tuesday March 03, @07:04PM from the no-longer-the-only-land-of-opportunity dept. Education United States Politics

olddotter writes

"A 24-page paper on a reverse brain drain from the US back to home countries (PDF) is getting news coverage. Quoting: 'Our new paper, "America's Loss Is the World's Gain," finds that the vast majority of these returnees were relatively young. The average age was 30 for Indian returnees, and 33 for Chinese. They were highly educated, with degrees in management, technology, or science. Fifty-one percent of the Chinese held master's degrees and 41% had PhDs. Sixty-six percent of the Indians held a master's and 12.1% had PhDs. They were at very top of the educational distribution for these highly educated immigrant groups — precisely the kind of people who make the greatest contribution to the US economy and to business and job growth."

Adding to the brain drain is a problem with slow US visa processing, since last November or so, that has been driving desirable students and scientists out of the country.

Viable business model? Looks like it to me.

Start-up offers alternative to subscription TV

by Marguerite Reardon March 4, 2009 6:00 AM PST

… The plan is to offer streaming movies and TV shows directly to TVs using a broadband connection.

… Users will choose one of three options for viewing the content. They can either pay a small rental fee for the movie or episode they want to view without commercials; they can "buy to own" the content, or they can view the video for free by watching targeted advertising.

Tuesday, March 03, 2009

Are they saying the PCI standards are inadequate?

Heartland's Lonely Quest For Reform

Bank Technology News | March 2009 By Rebecca Sausner

Heartland Payment Systems CEO Robert Carr has likened his company's massive data breach to the Tylenol moment when product contamination led to an overhaul in packaging safety. It's likely Carr has had a few Tylenol moments himself in the past couple of months as he dealt with perhaps the largest data breach ever, though the actual number of cards compromised is undisclosed.

Now Carr is using his standing in the industry - he founded Heartland and enjoys healthy respect among processors - to call for industry-wide reform of payments technology and information sharing about exploits to prevent criminals from successfully deploying the same hack on multiple targets. Lots of industry players agree with his stance, but there's been scant input thus far from the industry's most influential parties: including titans such as MasterCard, Discover and Visa, which are mostly mum on the subject.

… The creation of an exploit clearinghouse that would make specific, but perhaps confidential information about security breaches available to the industry has legal and inertia challenges. It was only a day or two after the Heartland breach was announced before the first class action lawsuit was announced; if done in a totally transparent way, coming clean with exactly how they were compromised in a timely fashion could be detrimental to the company's legal defense.

But offering the insight in an anonymous fashion to a confidential clearinghouse organization could get around many of the legal issues, if only someone would step up to lead the initiative, and pay for it.

Guidelines! Perhaps they will help.

MD: Appeals court refuses to unmask anonymous donut shop critics

Monday, March 02 2009 @ 02:25 PM EST Contributed by: PrivacyNews

A Maryland Appeals Court has overturned a lower ruling that would have unveiled the identity of three anonymous Internet commenters due to a technicality in the discovery process. Still, the judges offer advice on how trial courts should handle the situation in the future by respecting the First Amendment rights of the posters in question.

Source - Ars Technica

[From the article:

In the future, lower courts should require plaintiffs to notify anonymous posters that they are the subject of a subpoena; a posting on the message board should suffice for that. The plaintiff should not only give the posters time to file and serve opposition to whatever action is being taken, he or she should also be required to provide evidence of exact statements made by each poster. "[I]f all else is satisfied, balance the anonymous poster’s First Amendment right of free speech against the strength of the prima facie case of defamation presented by the plaintiff," reads the order.

How scared were we? (and was it real fear or political fear?) No doubt this will be well chewed over...

Obama unseals Bush-era wiretap memos

Tuesday, March 03 2009 @ 05:10 AM EST Contributed by: PrivacyNews

The Bush administration secretly concluded after the September 11, 2001, terrorist attacks that it had the authority to wiretap the Internet and telephone calls with virtually no limitations, restrict free speech, and use the U.S. military domestically against suspected terrorists.

Those legal opinions came in a series of memorandums written by U.S. Department of Justice lawyers, including deputy assistant attorney general John Yoo, which were disclosed by the Obama administration on Monday.

Source - Cnet

“Hello, We're your elected twits. We like this technology because 1) It's cool, 2) It gets our name in the news for being technologically sophisticated (and cool), 3) We can employ our children to actually use the technology since we don't know how.”

March 02, 2009

House Committees Take the Lead on Using Social Media to Ensure Transparency

News release: "House Committees on Science and Technology, Education and Labor, Transportation and Infrastructure, and the Select Committee on Energy Independence and Global Warming are the first four Congressional Committees to join Twitter. These Committees use Twitter as a new tool to reach their audience and ensure transparency between the government and the public."

Shouldn't we be able to take this and create a computer program to do our estimation for us? If we make it open source, it would be a powerful “Congressman, you are lying again.” type of tool. (or would that be redundant?)

March 02, 2009

GAO Issues First-of-Its-Kind Cost Estimating Guide

“How Much Will This Program Really Cost?” GAO Issues First-of-Its-Kind Cost Estimating Guide to Answer Such Questions, March 2, 2009

  • "Developed with input from industry experts as well as federal officials, the 436-page Cost Estimating and Assessment Guide lays out a multi-step process for developing high-quality, trustworthy cost estimates; explains how to manage program costs once a contract has been awarded; and presents 48 case studies, drawn from GAO published audits, that illustrate typical pitfalls and successes in cost estimating. The guide stresses both sound cost estimating and earned value management (EVM), a project management tool that compares completed work to expected outcomes, in setting realistic program baselines and managing risk. In future audits, GAO plans to use the Cost Estimating and Assessment Guide to assess the accuracy of agencies’ cost estimates and determine whether programs are on schedule. The guide can be found here."

It looks like someone is capturing all the RIAA cases. Lots of links to documents. Too much to read at one go, so I'll have to defer judgment. But, this seems to excite the technorati so I'll probably take a long look... (Clearly, if this became common practice it could get expensive quick!)

Judge Orders Record Company Execs To Duluth

Posted by kdawson on Monday March 02, @11:42PM from the get-your-butts-up-here dept. The Courts

NewYorkCountryLawyer writes

"Lest there be any doubt that District Judge Michael J. Davis, presiding over the Duluth, Minnesota, case, Capitol Records v. Thomas, really does 'get it' about the toxic effect the RIAA, its lead henchman Matthew Oppenheim, and their lawyers have had on the judicial process, all such doubt should be removed by the order he just entered (PDF). It removes control of the decision-making process from the RIAA, Oppenheim, and the lawyers. In the order Judge Davis spells out, in the clearest possible terms so that there can be no misunderstanding, that at the extraordinary 2-day settlement conference he has scheduled for later this month, each record company plaintiff is ordered to produce an 'officer' of the corporation, or a 'managing agent' of the corporation, who has corporate, decision-making, 'power.' The judge makes it clear that no one who has 'settlement authority' with any limits or range attached to it will be acceptable. This means that 'RIAA hitman' Matthew Oppenheim will not be able to control the settlement process as he has been permitted by the Courts to do in the past."

A research aggregator? Might be a fun challenge to my students!

Ensembli demos simple, useful RSS aggregator

by Rafe Needleman March 2, 2009 6:44 PM PST

The RSS reader Ensembli is not a product for me, says CEO Michael Wheatley. It's certainly not a product for RSS junkies like Robert Scoble. People who use RSS feeds professionally, to stay on top of news and spot emerging issues they may not have been aware of, need feed readers that show them everything that happens in the news sources they know about. (Personally, I use Netvibes as a dashboard.) What Ensembli does is track the topics you tell it you're interested in. It then watches what you click on and fetches stories based both on those implied interests and what you've said you want to see.

Related Another type of aggregator. - RSS Feeds Made Elastic

Feedweaver is a web-based tool that performs a simple yet interesting operation: combining multiple RSS feeds into one, and letting you save time that can be employed elsewhere. For example, you can combine feeds from music review sites (such as Wilson & Alroy’s Record Reviews) and official band sites in order to get the scoop on what is being released, and access some reviews in the same place.

This customization process can take into consideration different keyword filters, and in the abovementioned case you could filter out genres that you don’t like, and prioritize the ones that mean the most to you.

In addition to that, you can easily share your feeds with your friends by giving them the URL of the combined feeds. They don’t even need to login either – the feeds are available to every person who knows the actual address.

By way of conclusion, Feedweaver is a practical service that will enable anybody to have better control over his preferred web-based content. It is a wholly-free service, too, and that is always a nice thing.

For my website class

Open Source Usability — Joomla! Vs. WordPress

Posted by kdawson on Tuesday March 03, @05:20AM from the apples-and-orange-trees dept. Programming Technology

An anonymous reader writes

"PlayingWithWire profiles two open source tools for Web development, comparing Joomla! and WordPress through the lens of usability. The article has apparently upset a few people at the Joomla! forum, but it does bring up a good point. Many open source projects are developed by engineers for engineers — should they focus more on usability? PlayingWithWire makes a bold analogy: 'If Joomla! is Linux, then WordPress is Mac OS X. WordPress might offer only 90% of the features of Joomla!, but in most cases WordPress is both easier to use and faster to get up and running.'"

The article repeatedly stresses that blogging platform WordPress and CMS harness Joomla! occupy different levels of the content hierarchy. How fair is it to twit Joomla! on usability?

Perhaps I could list my favorite Math tutorial videos here? - Embedding YouTube Videos

A free YouTube playlist generator that goes by the name of YouTubeReloader is available for those who are looking into a concise way to spruce up their sites and/or blogs. You can access it by following the link provided below, and use it without the need of registering beforehand or disclosing information of any kind.

There are three playlist types on offer: “Search based”, “Predefined feeds”, and a “Custom playlist”. The playlist itself can be modified in a plethora of ways. For example, you can choose from three different skins as well as choosing the size of the player itself and stretching the video as you see fit.

For its part, you can set down play options such as autostart and shuffle, and once everything is in place you can preview the results and have the code generated instantly. You can then paste it at will all over your sites, and see if your traffic figures go up accordingly or whether you will have to dream up something else in order to stand out from the throng.

Potentially interesting tool. - Learning Together Through The Web

Nibipedia is an online community that revolves around educational videos that cover different topics. These videos can be readily searched and accessed from the main page, and they are also grouped under categories and tags such as “World Civics”, “Science” and “Internet & Computers”.

When you watch any of the featured videos, you are also provided with the full Wikipedia article as regards that topic, and further links that will take you to related videos and articles.

Nibipedeia is still being put together, but you can already access the featured videos from the main page and have a good idea of the dynamics of the site. Very soon Nibipedia will allow visitors to create profiles and interact with each other. In practice, this would mean that people will be able to connect with those interested in the very same topics. Still, the site is quite interesting as it stands, and if you are either an educator or someone who is looking for some enlightenment a visit to Nibipedia is a good start.