Saturday, March 14, 2009

Fair (to middling) is fair.

Visa confirms RBS WorldPay also placed on probation

March 13, 2009 by admin

… In the meantime, I have obtained the following statement by Visa that confirms that, like Heartland Payment Systems, RBS WorldPay has also been placed on probation by Visa:

So, what did they do wrong? Apparently, NOTHING!

RBS WorldPay statement

March 13, 2009 by admin

In response to my request for a statement, a spokesperson for RBS WorldPay sent this statement:

Visa has asked us to obtain a new certification of PCI compliance because of the recent data-security compromise. Visa has removed us from its list of approved PCI-compliant processors until the new certification is complete. Our goal is to have a new ROC by the end of April.

There have been no material system changes that would have negatively altered this certification and we have in fact enhanced the security of our systems in the interim. Because of the criminal intrusion, we need to be recertified earlier than the normal schedule.

Note that again, Heartland assures us they were also PCI compliant. Maybe that isn't enough?

Statement from Heartland Payment Systems

March 13, 2009 by admin

Just sent to me by HPS:

Heartland was certified as PCI-DSS compliant in April 2008 and expects to continue to be assessed as PCI-DSS compliant in the future. We’re undergoing our 2009 PCI-DSS assessment now, which Heartland believes will be complete no later than May 2009 and will result in Heartland, once again, being assessed as PCI-DSS compliant.

Interesting but not very strong article on various views of privacy.

'Privacy' doesn't matter to those seeking to control you (commentary)

Saturday, March 14 2009 @ 06:18 AM EDT Contributed by: PrivacyNews

The right to privacy is a very big deal in this country.

Well, at least when it comes to abortion. In other areas, not so much. Call it the selective right to privacy.

Source -

Consider a world where it takes a drunk only a few minutes to do this...

Public sector crippled by 'lovesick' hacker

EMILY WATKINS March 13th, 2009

A MAN who crashed the Territory Government's computer system - costing taxpayers $1.2 million - was drunk and upset his fiancee had broken off their engagement, a court has heard.

… In submissions from his lawyer Tom Berkley and prosecutor Paul Usher yesterday, the court heard that McIntosh hacked into the system on his workmate's computer, using her password.

He was living with her in May, 2008, when he logged into government servers and deleted 10,475 user accounts from the Health Department, hospital, prison and Supreme Court servers.

Mr Usher said 130 experts were needed to find the problem and fix it. [“After an exhaustive analysis, we determined that the missing accounts had been deleted.” Or maybe they were looking for the backup files... Bob]

He said it took five days for the systems to be restored, costing the government $1,253,750. consider a world where entire divisions of hackers, funded by a hostile government, and after years of studying and mapping our infrastructure decide to attack.;jsessionid=G33JFQGW5KKG2QSNDLRSKH0CJUNN2JVN?articleID=215801683

Government Needs To Get Its Cybersecurity In Gear, Experts Tell Congress

Security industry leaders agree that White House should lead revamped cybersecurity effort

Mar 10, 2009 06:17 PM By Tim Wilson DarkReading

Some of the nation's top cybersecurity experts today told a congressional subcommittee that the United States isn't ready for a major online attack, and called on the White House and the rest of the federal government to get their acts together.

“We will better serve our customers if we make our product useless.”

Amazon invokes DMCA against Kindle e-books from other vendors

by Declan McCullagh March 13, 2009 8:00 PM PDT

… This week, an e-book Web site said invoked the 1998 law to prevent books from some non-Amazon sources from working on its Kindle reader.

Amazon sent a legal notice to complaining that information relating to a computer utility written in the Python programming language "constitutes a violation" of the DMCA, according to a copy of the warning letter that the site posted. is an e-book news and community site. forum moderator Alexander Turcic said in a post on Thursday that although he did not believe the program violated the law, the site would "voluntarily follow their request and remove links and detailed instructions related to it." Turcic said that, contrary to Amazon's claim, his site never "hosted" the software.

… and a related piece of accompanying Python code don't allow piracy. Rather, they accomplish something akin to the opposite: they allow legally-purchased books from other e-book stores to be used on the Kindle. (Amazon owns MobiPocket, one of those stores. Another would be, which counts schools and libraries as customers.)

… A copy of a Wiki page -- now empty -- saved in Google's cache says allows you to "obtain books from sites that use DRM (Digital Rights Management - encryption) on their books for specific devices. This includes book sellers and public libraries." It provides instructions on how to install and use the software. readers with Kindles were not pleased with Amazon. "What this script does is make the Kindle more useful," wrote JS Reed. "With Amazon using the DMCA to get rid of this, they are alienating their customers and causing prospective customers to purchase a different device."

And the code is already being mirrored, including in a post on [No doubt people will download the code only for academic research... Bob]

“Strategy” should include the fact checking that comes from “looking out the window”

RIAA Argument About Streaming To Be Streamed

Posted by Soulskill on Saturday March 14, @12:06AM from the who-streams-the-streamers dept. The Courts Music

NewYorkCountryLawyer writes

"You may recall that in an RIAA case, SONY BMG Music v. Tenenbaum, the district court ruled that an oral argument about the constitutionality of statutory damages could be streamed, and the RIAA has been fighting that with a petition for 'mandamus or prohibition' in the appeals court, which is opposed by the press. Interestingly, it now turns out that the appeals court's oral argument about the streaming will itself be recorded and then streamed. It is hard to imagine how a court which routinely streams its own oral arguments can rule that it is somehow inappropriate for similar oral arguments in the district court to be streamed as well."

Looks like Funk & Wagnalls will need to re-write their definition. Next we can re-define libel to include birthday wishes to anyone over 65.

Libel Suits OK Even If Libel Is Truthful

Posted by ScuttleMonkey on Friday March 13, @02:46PM from the tap-dancing-on-the-slippery-slope dept.

Defeat Globalism writes to tell us that many journalists, bloggers, and media law specialists are concerned about a new ruling by a US Court of Appeals in Boston. The new ruling is allowing a former Staples employee to sue the company for libel after an email was sent out informing other employees that he had been fired for violations of company procedures regarding expenses reimbursements.

"Staples has asked the full appeals court to reconsider the ruling, and 51 news organizations have filed a friend-of-the-court brief saying that the decision, if allowed to stand, 'will create a precedent that hinders the media's ability to rely on truthful publication to avoid defamation liability.' But Wendy Sibbison, the Greenfield appellate lawyer for the fired Staples employee, Alan S. Noonan, said the ruling applies only to lawsuits by private figures against private defendants, that is, defendants not involved in the news business, over purely private matters."

This is the future. Carry your corporate desktop on a thumb drive (or laptop.) Anywhere you plug in, you have complete access to the same applications and data you would have if you lived in your office. Security should be a big consideration, but not impossible. - The Home Of vDesk

Cloud computing has evolved since the time people first pondered it. It has grown in such proportions that new and useful applications are being built constantly to take advantage of online storage.

If you’re looking for a useful remote computing solution, then you’re going to love On the site, you’ll be able to read and set up an account to use the company’s innovative vDesk application. This will allow all of your company’s employees to access a remote desktop that launches applications and files from any computer. Why do you want to do this? Well, for one, there are so many reasons why your employees might not be able to come into the office, that it’s great to give them a tool that allows them to access their files and applications from any computer. It also boosts productivity, as work will always be one click away.

If all of this sounds interesting, then you’re going to want to check out the company’s site. It’s filled with information on pricing and product variations that will make sure you find just what you’re looking for.

This seems to work well (and I can never resist “free.”) I found a number of papers describing Computer Security Capstone Projects (which I'm working on at the moment.)


DocJax is a search engine for documents, which allow you to search documents and e-book from everywhere, preview them and even download them for free.

For those of you with 42 inch monitors? (Justification for a new monitor?) I might use this in class, since the projectors generate a large enough image... - Maximizing Your Monitor

MaxTo is a small windows app that will allow you to maximize the way in which you make daily use of your monitor space. It isn’t uncommon for someone to need to visualize several active windows at once. Sure, for this simple purpose one may simply click and drag from the edges and arrange things according to his likes. However, this can prove to be quite time consuming and (to be perfectly honest) quite annoying if you are the sort of person who likes to switch things around a lot.

To fulfil that purpose MaxTo comes to the rescue. To put it quite simply, what it does is to split your monitor into different regions. These regions will then each become a 'maximizable' space, to put it in a sort of invented word. What happens is that from now on every time you try to maximize a window when you are above a specific region it will only maximize to the size of that region you had previously determined. In this way you may easily and quickly handle the size and appearance of all your windows. Sometimes one is bedazzled by the sher simplicity of an app and yet how cunning it can be.

Friday, March 13, 2009

Boy! That'll teach 'em!

Visa Puts Heartland on Probation Over Breach

March 13, 2009 by ADMIN By Anthony M. Freed, Financial Editor

Heartland Payment Systems (HPY), one of the largest credit card processors in North America, is finally being called to the carpet for the apparent lapses in Payment Card Industry Data Security Standards (PCI DSS) that contributed to the largest data breach of 2008, perhaps even the largest breach ever considering the full extent of the exposure has yet to be determined.

Called to the carpet sort of, anyway; the sanctions and guidance laid out by Visa (V) seem a little lackluster when weighed against the severity and duration of the breach.

Given that Visa is now considered the most likely of several candidates for inclusion in the Dow Industrial Average, taking up slack from soon to be sidelined Citigroup and Bank of America, it is not surprising that they do not want to call too much attention to the situation:

… Removal from Visa’s List of Compliant Service Providers - Visa has removed Heartland from its online list of Payment Card Industry Data Security Standard (PCI DSS) compliant service providers. HPS has advised, however, that it is aggressively working on remediation and re-validation of its systems to comply with PCI DSS standards. The company will be relisted once it revalidates its PCI DSS compliance using a Qualified Security Assessor and meets other related compliance conditions.

[Interesting because Heartland WAS in compliance at their last audit. What would the impact be if they are still found to be in compliance? (Of course, they won't.) Bob]

… Also included in Visa’s belated response to the Heartland breach is a fine to be levied against the participating banks - most of whom rightly consider themselves to be victims of the breach as much as their customers are. [Huh? Bob]

… Another mystery contained in Visa’s announcement is the requirement that all fraud related to the Heartland breach has to be reported by May 19th.

Get sick or injured, lose your identity! Another “third party leak” and another long delay before disclosure.

Chicago Fire Department contractor’s laptop stolen

March 12, 2009 by admin

The Dezonia Group handles billing people for the Chicago Fire Department’s ambulance service. Dana Koslov of CBS in Chicago reports that the contractor reported that an employee’s laptop stolen six weeks ago contained the names, addresses, and Social Security numbers of thousands of people who used the ambulance service in the past two years.

For your Security Manager. (Them eastern european guys is smart!)

Romanians Find Cure For Conficker

Posted by timothy on Friday March 13, @02:11AM from the cheer-goes-up dept. Worms Security Windows IT

mask.of.sanity writes

"BitDefender has released what it claims is the first vaccination tool to remove the notorious Conficker virus that infected some 9 million Windows machines in about three months. The worm, also known as Downadup, exploits a bug in the Windows Server service used by Windows 2000, XP, Vista, Server 2003 and Server 2008. It spreads primarily through a buffer overflow vulnerability in Windows Server Service where it disables the operating system update service, security center, including Windows Defender, and error reporting. The Romanian security vendor said its removal tool will delete all versions of Downadup and will not be detected by the virus."

Related. Perhaps not smart enough...

Police in Romania detain 20 alleged hackers - Security-

TIMISOARA, Romania - Police in Romania on Wednesday detained 20 people suspected of cloning the Web sites of banks in other countries to deplete customers' bank accounts.

… In another case, police detained a person suspected of hacking into the servers of U.S. universities and government agencies, including NASA.

All politicians lie. All politicians break campaign promises. Neither Conservatives nor Liberals want anyone to know what they are doing until it is done (and they can blame the other guy for forcing such an evil compromise.)

Copyright treaty is classified for 'national security'

by Declan McCullagh March 12, 2009 5:45 PM PDT

Last September, the Bush administration defended the unusual secrecy over an anti-counterfeiting treaty being negotiated by the U.S. government, which some liberal groups worry could criminalize some peer-to-peer file sharing that infringes copyrights.

Now President Obama's White House has tightened the cloak of government secrecy still further, saying in a letter this week that a discussion draft of the Anti-Counterfeiting Trade Agreement and related materials are "classified in the interest of national security pursuant to Executive Order 12958."

Making data more available.

March 12, 2009

Searchable Version of Emergency Economic Stabilization Act of 2008

askSam: "This database contains a complete text of the American Recovery and Reinvestment Act of 2009 also known as the Stimulus Bill or Bailout Bill. It was formerly referred to as the Economic Stimulus Act. This database is fully searchable by division, title, section, and keyword. The American Recovery and Reinvestment Act of 2009 ("Stimulus Bill", Pub.L. 111-5, H.R. 1, S. 1) is an Act of Congress enacted by the 111th United States Congress and signed into law by President Barack Obama on February 17, 2009."

Making data less available. Strange how articles like this start discussions of economics among the commenters.

Amazon Uses DMCA To Restrict Ebook Purchases

Posted by timothy on Thursday March 12, @03:24PM from the do-not-read-this-dept-line dept. Censorship Books Hardware Hacking

InlawBiker writes

"Today, Amazon invoked the DMCA to force removal of a python script and instructions from the mobileread web site. The script is used to identify the Kindle's internal ID number, which can be used to enable non-Amazon purchased books to work on the Kindle. '...this week we received a DMCA take-down notice from Amazon requesting the removal of the tool and instructions for it. Although we never hosted this tool (contrary to their claim), nor believe that this tool is used to remove technological measures (contrary to their claim), we decided, due to the vagueness of the DMCA law and our intention to remain in good relation with Amazon, to voluntarily follow their request and remove links and detailed instructions related to it.' Ironically, the purpose of the script is to make the Kindle more useful to its users."

Vigilante users... What percentage of click would have to be bogus before the information value falls below that of un-analyzed data? Probably means this will have little effect.

Adbusters Suggests Click Fraud As Protest

Posted by timothy on Thursday March 12, @05:53PM from the they-never-suggest-wine-pairings-do-they dept. Privacy The Internet Politics

An anonymous reader writes

"In response to Google's recently announced plans to expand the tracking of users, the international anti-advertising magazine Adbusters proposes that we collectively embark on a civil disobedience campaign of intentional, automated 'click fraud' in order to undermine Google's advertising program in order to force Google to adopt a pro-privacy corporate policy. They have released a GreaseMonkey script that automatically clicks on all AdSense ads."

I can see the TV ads now: “So easy, even a frog can do it!”

French Police Save Millions Switching To Ubuntu

Posted by timothy on Thursday March 12, @03:04PM from the justified-disdain dept. Linux Business GUI Government Operating Systems

Ynot_82 writes

"The French national police force, the Gendarmerie Nationale, has spoken about their migration away from the Windows platform to Linux. Estimated to have already saved the force 50 Million Euros, the migration is due to be completed on all 90,000 workstations by 2015. Of the move, Lt. Col. Guimard had this comment: '"Moving from Microsoft XP to Vista would not have brought us many advantages and Microsoft said it would require training of users. Moving from XP to Ubuntu, however, proved very easy. The two biggest differences are the icons and the games. Games are not our priority."'"

[From the article:

A report published by the European Commission's Open Source Observatory provides some details from a recent presentation given by Gendarmerie Lieutenant-Colonel Xavier Guimard, who says that the Gendarmerie has been able to reduced its annual IT budget by 70 percent without having to reduce its capabilities.

For my Security and Forensics classes. (Comments include a tool to bypass keystroke loggers and a brief history of Tempest)

Researchers Sniff Keystrokes From Thin Air, Wires

Posted by timothy on Thursday March 12, @05:00PM from the making-a-tempest-of-them-themselves dept. Security IT

narramissic writes

"Two separate research teams have found that the electromagnetic radiation that is generated when a computer keyboard is tapped is actually pretty easy to capture and decode. Using an oscilloscope and an inexpensive wireless antenna, the Ecole Polytechnique team was able to pick up keystrokes from virtually any keyboard, including laptops — with 95 percent accuracy over a distance of up to 20 meters. Using similar techniques, Inverse Path researchers Andrea Barisani and Daniele Bianco picked out keyboard signals from keyboard ground cables. On PS/2 keyboards, 'the data cable is so close to the ground cable, the emanations from the data cable leak onto the ground cable, which acts as an antenna,' Barisani said. That ground wire passes through the PC and into the building's power wires, where the researchers can pick up the signals using a computer, an oscilloscope and about $500 worth of other equipment. Barisani and Bianco will present their findings at the CanSecWest hacking conference next week in Vancouver. The Ecole Polytechnique team has submitted their research for peer review and hopes to publish it very soon."

Another reason why I have both Computer and Business degrees and why my “Zap your competition” business makes the big bucks!

Cybercrime-As-a-Service Takes Off

Posted by timothy on Thursday March 12, @07:29PM from the no-need-for-subtlety dept. Security IT

pnorth writes

"Malware writers that sell toolkits online for as little as $400 will now configure and host the attacks as a service for another $50, according to email offers cited by security experts. A technical account manager at authentication firm Vasco said that cyber crime is becoming so business-like that online offerings of malicious code often include support and maintenance services. He said 'it was inevitable that services would be sold to people who bought the malware toolkits but didn't know how to configure them. Not only can you buy configuration as a service now, you can have the malware operated for you, too.'"

Related A retail version of the Crime-as-a-Service model?

Android App Scans DVD Bar Codes, Starts BitTorrent Download

By David Kravets March 11, 2009 11:19:30 PM

Android application developer Alex Holmes is creating a simple and powerful new way to get your pirated videos: an application that uses your cellphone's built in camera to scan a DVD bar code, then starts the movie downloading onto your home computer. [Of course, real movie/music buffs will have them months before they are available in stores. Bob]

Interesting discussion. CTU uses Firefox by default, but I suspect a step-by-stepguide for students (install VMWare, Ubuntu, plug-ins, players, viewers,etc.) would be useful.

Windows Security and On-line Training Courses?

Posted by timothy on Thursday March 12, @06:40PM from the temporary-education-discount dept.

Education Security Windows

eggegick writes

"My wife has taken a number of college courses over the last three years and many of the classes used on-line materials rather than books. The problem was these required IE along with Java, Active X and/or various plug-ins (the names of which escapes me), and occasionally I'd have to tweak our firewall to allow these apps to run. I don't think any of these training apps would work with Firefox. All of this made me cringe from a security point of view. Myself, I use Firefox, No-Script, our external firewall and common sense when using the web. I have a very old Windows 2000 machine that I keep up to date. To my knowledge, I've never had a virus or malware problem. Her computer is a relatively new XP machine, and at this point she feels her computer has something wrong. But now she prefers to use my old machine instead of hers since it seems to be more responsive. We plan to run the recovery disk on hers. Assuming the college course work applications were part of the cause, what recommendations do any of you have for running this kind of software? Is there a VMware solution that would work — that is, have a Windows image that is used temporarily for the course work and then discarded at the end of the semester (and how do you create such an image, and what does it cost?)."

The Internet has been around since the 60's, but the World Wide Web is just reaching the age where it can begin truly impacting productivity. (See for example.)

It was 20 years ago today: The Web

by Charles Cooper March 13, 2009 12:01 AM PDT

Is it already 20 years since Tim Berners-Lee authored "Information Management: A proposal" and set the technology world on fire?

Probably, this type of software is in your future.

OfficeZilla: The next project management winner?

by Don Reisinger March 12, 2009 3:58 PM PDT

Online collaboration is one of the best uses of the Web, and project management is where it can really shine. I thought it would be worth taking a look at a product called OfficeZilla to see how well it stacks up against Basecamp and Teamwork, two established leaders in the online project management space. The results may surprise you.

Unlike Basecamp, OfficeZilla is free.

Liers! A search for Bach or Bruebeck or Louis Armstrong returns zilch! Lots of good stuff though. - Stream Every Song By Every Artist For Free

VastFM allows you to stream every song by every artist, for free. Simply furnish the name of the artist to see his entire discography, and listen to any song you'd like. This solution uses open music directories and audio from YouTube videos to deliver every song you can think of. Links to concert tickets in your area for artists you might like are also provided.

The site claims to have the largest music directory on the Internet, and to have all your favorite unsigned artists. If you just look at the cloud of keywords on the opening screen you will see that is quite accurate – at a single glance I spotted Americana artists like Explosions In The Sky, representative figures from the 60s like Leonard Cohen and also bands like The Jam and Franz Ferdinand. Of course, hip hop artists and contemporary rockers like Kaiser Chiefs were prominently featured.

At the end of the day, the site is a true platform of discovery. You can find new music on the spot, and also listen to brand new albums to decide if you like them before parting with your cash.

Thursday, March 12, 2009

The next seminar at the Sturm College of Law:


Morning/Lunch Seminar FRIDAY, MARCH 20, 2008

For Reservations Contact: Diane Bales at

Registration Fee: Seminar and Lunch ($20) Lunch with CLE Credit ($40)

[See the flyer at:

I would answer this question: “Yes, please!”

Security vs. privacy? Reinterpreting the Fourth Amendment

Wednesday, March 11 2009 @ 11:53 AM EDT Contributed by: PrivacyNews

If you devote a sizable chunk of your time to writing about surveillance, you see grim predictions about "the end of privacy" bandied about with a numbing regularity—hell, I've got at least two books by that title on my shelf right now. Which may be why it took me a while to get around to Yale law prof Jed Rubenfeld's recent article "The End of Privacy" in the Stanford Law Review. Well, mea maxima culpa: Rubenfeld's essay is not another catalog of privacy threats, but rather a provocative reexamination of the meaning of the Fourth Amendment—one that manages to be simultaneously radical (in the sense of "going to the root"), novel, and plausible in a way I would not have thought possible so late in the game.

Source - Ars Technica

[Link to The Law Review:

Refine or repeal?

March 11, 2009

ACLU Releases Report On Patriot Act Abuses

News release: "The American Civil Liberties Union released a comprehensive report today examining widespread abuses that have occurred under the USA Patriot Act, a law that was rushed through Congress just 45 days after September 11. In the almost eight years since the passage of the controversial national security law, the Patriot Act has led to egregious government misconduct."

See? You can reverse a Big Brother order, all you need to do is spend big bucks taking it to court (or in this case to the Information Commissioner's Office.

UK: Pub landlord wins right not to fit CCTV cameras

Wednesday, March 11 2009 @ 06:15 PM EDT Contributed by: PrivacyNews

A prospective landlord has won his fight not to install CCTV cameras in his pub after the case was taken up by the information commissioner.

Nick Gibson said police insistence that he set up cameras to film every customer entering and leaving the premises would threaten drinkers' civil liberties.

Source - Guardian

[From the article:

The Information Commissioner's Office intervened, writing to the Metropolitan police to warn that the blanket introduction of CCTV in pubs "raised serious privacy concerns".

Good luck! Is dealing with Bill Gates adequate preparation?

Microsoft Executive Tapped For Top DHS Cyber Post

Posted by samzenpus on Thursday March 12, @03:31AM from the reboot-to-be-safe dept. United States Security

krebsatwpost writes

"The Department of Homeland Security has named Microsoft's "chief trustworthy infrastructure strategist" Phil Reitinger to be its top cyber security official. Many in the security industry praised him as a smart pick, but said he will need to confront a culture of political infighting and leadership failures at DHS. From the story: 'Reitinger comes to the position with cyber experience in both the public and private sectors. Prior to joining Microsoft in 2003, he was executive director of the Defense Department's Computer Forensics Lab. Before that, he was deputy chief of the Justice Department's Computer Crimes and Intellectual Property section, where he worked under Scott Charney, who is currently corporate vice president for trustworthy computing at Microsoft.'"

Suspicions confirmed!

Kremlin-Backed Nashi Admits Cyberattacking Estonia

Posted by timothy on Wednesday March 11, @04:20PM from the please-send-me-some-polonium-antidote dept. The Internet Security Politics

An anonymous reader writes

"Russia's Kremlin-based youth movement Nashi admits being responsible for 2007 cyberattacks against Estonia. An interesting point is that when you DDoS the systems, it's not the fault of some people who want to crash it but instead the systems' for blocking their users due to technical limitations. So if I shot someone to death it's not my fault for shooting them, but theirs instead because of technical limitations of their body."

Big isn't always best...

March 11, 2009

Bank of America Tops List of Largest U.S. Banks

Houston Business Journal: "Bank of America Corp. now ranks as the largest U.S. bank ranked by assets, according to a study by SNL Financial. Charlotte, N.C.-based BofA had total assets of almost $2.5 trillion as of Dec. 31. Prior to its recent acquisition of Merrill Lynch & Co. Inc., BofA would have been ranked third at the end of 2008. The gargantuan financial services mergers that grabbed headlines last year have shaken up the Big 5 rankings, with JPMorgan Chase & Co. of New York — which acquired Washington Mutual Inc. — now second on the list with $2.17 trillion in assets."

...and best isn't always big.

March 11, 2009

Global Finance Lists World’s 50 Safest Banks

News release: "The World’s 50 Safest Banks 2009 were selected through a comparison of the long-term credit ratings and total assets of the 500 largest banks around the world. Ratings from Moody’s, Standard & Poor’s and Fitch were used." [Note: only two U.S. banks on this list - 26. US Bancorp and 47. JPMorgan Chase]

Interesting, but I haven't chased down all the links yet.

VoIP Legal Status Worldwide

Posted by samzenpus on Thursday March 12, @12:36AM from the free-for-all dept. Government The Internet

Cigarra writes

"There was much public debate going on during the last several months here in Paraguay, regarding the "liberation of Internet", that is, the lifting of the restriction on ISPs to connect directly to international carriers. Up until this week, they were forced to hire wholesale service from the State run telco, Copaco. During the last month, when the new regulation was almost ready, the real reason supporting the monopoly made it to the headlines: Copaco would fight for the monopoly, fearing VoIP based telephony. Finally, the regulator Conatel resolved today to end the monopoly, but a ruling on VoIP legal status was postponed for "further study". I guess this kind of "problem" arised almost everywhere else in the world, so I ask the international slashdotters' crowd: what is VoIP legal status in your country / state / region? How well did incumbent telcos adapt to it, and overall, just how disruptive was this technology to established operators?"

Geek Alert! Professor Soma reports:

New York Considers Tax Credit for Open Source Development

Legislation was introduced March 3 in the New York Assembly that would create a $200 state income tax credit against expenses incurred in the development of free software. The credit is available for 20 percent of the taxpayer-developer's expenses, up to $200 each year. In order to qualify, the taxpayer-developer must release the source code to the public and must license the software under a license approved by the Free Software Foundation. Not all open source licenses will meet this criteria. According to Section 1(QQ)(2), “For the purposes of this subsection, a program shall qualify for the credit provided by this subsection if the code for such program has been released under an open source license recognized by the open source initiative, or has been released under a free software license recognized by the Free Software Foundation.”

The bill, A.B. 6380, was referred to the Assembly Committee on Ways and Means.

Table updated March 3, 2009.

Perhaps a step toward guidelines. Something for my Computer Security class to consider.

GERMANY: Rules for Social Networks Agreed by Data Protection Authorities in Germany

Wednesday, March 11 2009 @ 11:44 AM EDT Contributed by: PrivacyNews

The German Düsseldorfer Kreis (GDK), a panel gathering all German data protection authorities, has sent a clear message to social networks on the mandatory respect of the data protection legal framework and highlighted eight central requirements to respect.

Source - iBLS

Note: the summary of the eight principles is worth reading as they seem more stringent than what we have in the U.S. -- Dissent [Do any social networks follow these principles? Bob]

[From the article:

GDK"s decision also points out different risks associated to the use of social networks, inter alia: virtual undeletable personal data once entered, misleading suggestion of friendship that may lead to incautious disclosing of personal data, close monitoring of users by operators, possible use of the information by HR specialist in the future and that a too generous provision of data within the social networks might spur identity theft.

Related. Call it the “Anti-Social Network?” Part of America's fear of sex?

Teens caught 'sexting' face porn charges

Thursday, March 12 2009 @ 08:03 AM EDT Contributed by: PrivacyNews

A growing number of teens are ending up in serious trouble for sending racy photos with their cellphones.

Police have investigated more than two dozen teens in at least six states this year for sending nude images of themselves in cellphone text messages, which can bring a charge of distributing child pornography. Authorities typically are notified by parents or schools about so-called "sexting."

Source - USA Today

Related? Social Networks providing a “the cop was in a bad mood” defense?

Suspect Freed After Exposing Cop's Facebook Status

Posted by samzenpus on Wednesday March 11, @10:40PM from the goblin-tossed-out-of-court dept. thumbnail

longacre writes

"A man on trial in New York for possession of a weapon has been acquitted after subpoenaing his arresting officer's Facebook and MySpace accounts. His defense: Officer Vaughan Ettienne's MySpace "mood" was set to "devious" on the day of the arrest, and one day a few weeks before the trial, his Facebook status read "Vaughan is watching 'Training Day' to brush up on proper police procedure. From the article,'You have your Internet persona, and you have what you actually do on the street," Officer Ettienne said on Tuesday. "What you say on the Internet is all bravado talk, like what you say in a locker room." Except that trash talk in locker rooms almost never winds up preserved on a digital server somewhere, available for subpoena.'"

I'd love to know how they calculate the premium.

The Hartford Introduces Data Privacy Coverage For Technology Companies

By: Business Wire Mar. 10, 2009 10:22 AM

... The Hartford’s Data Privacy Expense coverage pays for actual expenses incurred as a result of a policyholder’s negligent acts, errors or omissions that result in the improper dissemination of non-public personal information, or a breach or violation of data privacy laws. Specific components of the coverage may include:

1. Notification expenses incurred to comply with notification laws.

2. Crisis management expenses incurred for fees and costs associated with hiring a crisis management firm to perform services that minimize potential harm and maintain or restore confidence in the policyholder.

3. Data privacy regulatory and credit monitoring expenses incurred in connection with a statutory mandate requiring credit monitoring for third parties in compliance with data privacy laws, legal expenses in defense of a data privacy regulation proceeding, and certain fines or penalties, where insurable, in connection with a data privacy regulation proceeding.

4. Cyber investigation expenses incurred to have a third party investigate the policyholder’s computer system to determine the source of a data privacy breach.

This looks interesting, but I'll need to fiddle with it a bit more.

March 11, 2009

New Open Source Project Monitors Flows of Media

"Media Cloud is a system that lets you see the flow of the media. The Internet is fundamentally altering the way that news is produced and distributed, but there are few comprehensive approaches to understanding the nature of these changes. Media Cloud automatically builds an archive of news stories and blog posts from the web, applies language processing, and gives you ways to analyze and visualize the data. The system is still in early development, but we invite you to explore our current data and suggest research ideas. This is an open-source project, and we will be releasing all of the code soon. You can read more background on the project or just get started: Visualizations / What Are Your Research Ideas? / Keep Up-To-Date with Media Cloud."

Google is everywhere. Perhaps Google is Elvish for “Big Brother?”

Google Voice: A push to rewire your phone service

by Stephen Shankland March 11, 2009 9:00 PM PDT

SAN FRANCISCO--Google plans to unveil a service called Google Voice on Thursday that indicates Google wants to do with your telephone communications what companies such as Yahoo have done with e-mail.

Google Voice, the new version of the GrandCentral technology Google acquired in July 2007, has the potential to make the search giant a middleman in an important part of people's lives, telephone communications. With the service, people can pick a new phone number from Google Voice; when others call it, Google can ring all the actual phones a person uses and handle voice mail.

The old version could let people centralize telephone services, screen their calls, and listen to voice mail over the Web. But the new version offers several significant new features, though. Google now uses its speech-to-text technology to transcribe voice mail, making it possible to search for particular words. Gmail's contacts now is used to instruct Google Voice how to treat various callers. And Google Voice now can send and receive SMS text messages and set up conference calls.

For those Visual Communications students with more artistig ability than me (i.e. All of them) - Access Photoshop & Gimp Tutorials

There are a lot of sites where you can find Photoshop tutorials. In actuality, there are so many of these that choosing which one to head to can turn into a difficult decision. To further aggravate matters, not all of these are impeccable when it comes to the actual layout and the way the information is presented. It is not uncommon to visit one of these sites and end up reading something which had nothing to do with the topic you wanted to learn about because it was all thrown together.

This site intends to overcome these shortcomings. It does not contain any tutorial per se, but it links to tutorials on different websites, emphasizing accuracy and the relevancy of contents.

What’s more, the site has recently branched out and started including Gimp tutorials. These are accessible from a link provided on the opening screen, and you can also find them by setting your browser to Any way or the other, those that have a soft spot for image processing will find something to keep them entertained on the site.

Another way to tap into twitter. Amazing how many more twits there are about“American Idol” than Privacy.

PR firm launches Twendz: A Twitter trend analyzer

by Josh Lowensohn March 11, 2009 5:42 PM PDT

Normally, PR firms are pitching us start-ups, not creating them. That's not the case with Twendz, a new Twitter tool from the folks at Waggener Edstrom. It pulls in the latest tweets on any given topic, and shows you what the overall user sentiment is, be it positive or negative.

A simpler business model might work...

Why your online passwords can outlive you

By John Lister March 10, 2009 |

Why your online passwords can outlive youA new company is offering a service to pass on your internet passwords to next of kin after your death. It’s a creative solution to a genuine problem, but the pricing makes it extremely unlikely to succeed.

… Legacy Locker aims to solve the problem of people dying and their loved ones being unable to access their online accounts and services without having their passwords. In some cases this can be awkward: what happens to your Facebook account after you die?

In other cases, there may be a legal need to access an account, for example to get to e-mails which aren’t stored on a computer such as those in a Gmail or Hotmail account. And there are also cases where somebody dies leaving a tidy wedge of cash in a PayPal account which the next of kin might need in a hurry.

Wednesday, March 11, 2009

If I was a suspicious-paranoid, I'd probably think this was intelligence gathering for a terrorist attack. Water, Power and possible Police response – all hit on one night.

1,000 sheriff's employees' data at risk

Computers stolen from department vehicles Feb. 28 included personal information

By LAURA NORTON THE PRESS DEMOCRAT Published: Tuesday, March 10, 2009 at 3:46 a.m. Last Modified: Tuesday, March 10, 2009 at 3:46 a.m.

… The information was potentially exposed when thieves broke into Santa Rosa police cars at the city's Municipal Services Center on Stony Point Road the night of Feb. 22 or morning of Feb. 23, Santa Rosa Police Sgt. Lisa Banayat said.

There was no immediate explanation why sheriff's authorities waited two weeks to disclose the breach.

Four laptop computers with access to the county data system were stolen.

… The theft was one of four burglaries of government agencies that occurred that night and authorities believe they are related.

Computers also were stolen from the Sonoma County Water Agency and PG&E office on Stony Point Road.

Isn't this what intelligence services are supposed to do?

German intelligence tapped foreign desktops

Tuesday, March 10 2009 @ 05:40 PM EDT Contributed by: PrivacyNews

The German foreign intelligence service, the Bundesnachrichtendienst (BND), has eavesdropped on 2,500 PCs in the last couple of years.

News magazine Der Spiegel broke the news on its website this weekend. According to the magazine, information saved on HDDs was copied and transferred to Pullach, where the BND is headquartered. In various other cases, keyloggers were installed to capture passwords for email accounts.

Source - IT Examiner Thanks to Brian Honan for the link.

Anything can be counterfeited. The poorer the security, the easier it is to counterfeit. (Comments are a chuckle...)

iTunes Gift Card Key System Cracked, Exploited

Posted by kdawson on Tuesday March 10, @05:59PM from the poisoning-the-currency dept. Media (Apple) The Almighty Buck

moonbender writes

"Fake but working iTunes gift cards are being sold on Chinese auction sites for a fraction of their value: 'The owner of the Taobao shop told us frankly that the gift card codes are created using key-generators. He also said that he paid money to use the hackers' service. Half a year ago, when they started the business, the price was around 320 RMB [about $47] for [a] $200 card, then more people went into this business and the price went all the way down to 18 RMB [about $2.60] per card, "but we make more money as the amount of customers is growing rapidly."' The people at Chinese market researcher Outdustry have apparently confirmed this by buying a coupon and transferring it into an iTunes account. Oops."

The geek debate begins?

Copyright and Patent Laws Hurt the Economy

Posted by kdawson on Tuesday March 10, @07:40PM from the speaking-sense-to-power dept. Patents

Norsefire writes

"Two economists at Washington University in St. Louis are claiming that copyright and patent laws are 'killing innovation' and 'hurting [the] economy.' Michele Boldrin and David K. Levine state they would like to see copyright law abolished completely as there are other protections available to the creators of 'intellectual property' (a term they describe as 'propaganda,' and of recent origin). They are calling on Congress to grant patents only where an invention has social value, where the patent would not stifle innovation, and where the absence of a patent would damage cost-effectiveness."

Our tax dollars at work.

FTC fights with spoof ad

Posted: Tuesday, March 10 2009 at 04:28 pm CT by Bob Sullivan

You’re the federal agency charged with protecting consumers. You have a $250 million annual budget, subpoena power and the ability to refer cases to the Justice Department for prosecution. So what do you do when one of America's biggest companies continually flouts the law?

You challenge the company to a joke-off.

Just in case you think your customers are ignorant...

Users Complain of Mysterious 'PIFTS' Warning

Tuesday, March 10 2009 @ 10:22 AM EDT Contributed by: PrivacyNews

Computer support forums are lighting up with queries from users wondering what to do about an alert on whether to trust a file called "PIFTS.exe". Meanwhile, someone at Symantec's support forum seems to be deleting posts from users inquiring about this alert almost as soon as they go up on the forum.

Source - Security Fix

[From the article:

A Security Fix reader sent this e-mail today about his experience with this alert: "Symantec's response has been odd. It has removed all chat threads on the subject, and seems to be deleting questions about PIFTS.exe wherever they may be posted. In short, it is Symantec's response which has caused greater questions than the problem that it seems to be trying to cover up.

Is this getting tough, or just “for show?” We will have to wait for the lawsuits, right?

State Laws Require Secure Personal Data

Tuesday, March 10 2009 @ 07:37 PM EDT Contributed by: PrivacyNews

Connecticut, Massachusetts and Nevada recently enacted laws requiring businesses to institute certain compliance measures to secure personal information that can be used to perpetrate identity theft. The Massachusetts law applies to a business located anywhere in the United States that stores or maintains personal information about a Massachusetts resident. This article discusses the requirements of these new state laws and their practical significance for businesses.

Source -

Government data mining, including a watch on social networks.

March 10, 2009

Office of the Director of National Intelligence Data Mining Report

Unclassified: Office of the Director of National Intelligence Data Mining Report, 15 February 2008.

  • "The Office of the Director of National Intelligence (ODNI) is pleased to provide to the Congress this report pursuant to Section 804 of the Implementing the Recommendations of the 9/11 Commission Act of 2007, entitled The Federal Agency Data Mining Reporting Act of 2007 ("Data Mining Reporting Act"). The Data Mining Reporting Act requires "the head of each department or agency of the Federal Government" that is engaged in activities defined as "data mining" to report on such activities to the Congress. This report covers the data mining activities of all elements of the ODNI. This report covering ODNI activities is unclassified and has been made available to the public through the ODNI's website. A classified annex has also been prepared and has been transmitted to the appropriate Congressional committees."

Related This could also provide data for my Data Mining classes.

March 10, 2009

Will Raw Data Feeds on Congressional Activities Finally Reach the Public Domain?

Mother Jones: "By slipping a simple, three-sentence provision into the gargantuan spending bill passed by the House of Representatives last week, a congressman from Silicon Valley is trying to nudge Congress into the 21st Century. Rep. Mike Honda (D-Calif.) placed a measure in the bill directing Congress and its affiliated organs—including the Library of Congress and the Government Printing Office—to make its data available to the public in raw form. This will enable members of the public and watchdog groups to craft websites and databases showcasing government data that are more user-friendly than the government's own."

Weld County ID theft investigation put on hold

posted by: Jeffrey Wolf 9 hrs ago

WELD COUNTY - A district court judge put a halt to a major identity theft investigation in Weld County on Tuesday afternoon.

… The judge in the case said Tuesday he'll rule on the matter next month, but until he does, he wants those tax files handed over to the court and the arrests to stop.

… Tuesday's ruling is not expected to affect the cases already in the system. They are expected to proceed as scheduled.

Pay no attention to the man behind the curtain...

March 10, 2009

New GAO Reports: National Cybersecurity Strategy, DOT Programs,

  • GSA Global Supply's Direct Vendor Delivery Proposal Addresses Declining Office Product Sales, but Annual Reviews May Be Needed to Monitor Impact on Small Business Participation, GAO-09-230R, February 6, 2009

  • National Cybersecurity Strategy: Key Improvements Are Needed to Strengthen the Nation's Posture, GAO-09-432T, March 10, 2009

  • Transportation Programs: Challenges Facing the Department of Transportation and Congress, GAO-09-435T, March 10, 2009

[From the report:

Over the last several years, GAO has consistently reported that the Department of Homeland Security (DHS) has yet to fully satisfy its responsibilities designated by the national cybersecurity strategy.

I can use this (via the overhead projector) to show my students how much time is left. (May use the Bomb Countdown instead..)

Tuesday, March 10, 2009

Doomed to fail? If an FDA approval won't shield you, how could a PCI certification?

How strong is the PCI shield?

March 09, 2009

Heartland CEO Bob Carr announced that they will fight any lawsuit because they were PCI certified at the time of the breach. Others including Hannaford plan to use the PCI shield as a way to protect their pocketbooks from lawsuits.

Related? Will China teach us anything? (The unwritten exception: Whatever the State wants...)

Recent Data Privacy Developments in China

Monday, March 09 2009 @ 12:53 PM EDT Contributed by: PrivacyNews

Article by Gordon Milner, Paul McKenzie, Fang Jingxiao, and Dylan Budd in Privacy Law Watch, 41 PRA-BUL, 3/5/2009:

China lacks a national data privacy law, but in recent months legislative interest in the topic has surfaced at the national and local levels, along with litigation suggesting a willingness to protect private information. The authors note that an amendment to the national Criminal Law criminalizes the sale or other unlawful disclosure of personal data by government officials and employees in key industries. They say that companies operating in China in the financial, telecommunications, transportation, education or medical sectors would be well advised to review their internal systems for preventing unauthorized disclosure of customer data, and that all companies looking to acquire customer databases in China should take care to conduct thorough due diligence about the sources of such information.

Via Morrison & Foerster (pdf)

If you worry about your mental health, you're not crazy! Fire your shrink and take up blogging...

A Facebook dilemma: When your shrink tries to friend you

by Chris Matyszczyk March 9, 2009 5:51 PM PDT

My friend Harriet called me in a bit of a state today. No, of course Harriet isn't her real name. No one is really called Harriet.

Anyway, Harriet had just experienced a shock. Her shrink had tried to friend her on Facebook. Perhaps those of you who go to see a mental health professional to gain a little work/life balance, or merely to tell the shrink all those hateful and embarrassing things you just can't tell anyone else, will appreciate the dilemma.

It's one thing if some business associate (your money launderer, your dealer, your mother) tries to friend you.

It's surely quite another when the person who knows about the dream featuring the rabbi, the whip and the wardrobe tries to enter the inner circle of your closest 5,000.

Related (Warning: The first two paragraphs are sarcastic – this is the city that used to throw snowballs at Santa Claus during halftime at the Army-Navy game.)

Facebook post gets NFL Eagles' worker fired

by Chris Matyszczyk March 9, 2009 8:15 PM PDT

You don't normally associate negative emotions with Philadelphia sports.

In the City of Brotherly Love, they believe in affection, even when the circumstances don't warrant it. Criticism knows no place in Philadelphian hearts and bars.

So perhaps it was odd to the management of the NFL's Philadelphia Eagles that one of their stadium operations workers, Dan Leone, seemed a little upset when the Eagles allowed defensive back Brian Dawkins to sign for the depressingly hapless Denver Broncos.

According to the Philadelphia Inquirer, Mr. Leone posted this on his Facebook page: "Dan is ******* devastated about Dawkins signing with Denver...Dam Eagles are Retarded."

He received a response by telephone from the Eagles: "We've decided to let Dan go to Denver, too. Or to Miami, or Pittsburgh."

Yes, I paraphrase. And yes, Leone was fired. There was no agent to soften the blow or get him a deal to man the west gate with another team.

… Oh, why is it so hard to forgive humanity's foibles when they become featured on Facebook?

Statistics (and lots of nifty pie charts)

Size Does Not Matter. Size of Company & Data Breaches.

According to the 2008 Data Breach Investigation Report conducted by the Verizon Business Risk Team it doesn’t appear to matter what size of company you are to experience a data breach.

I doubt there will be any great precedent, but it is still amusing.

ACLU suit against Weld County DA goes to trial

Monday, March 09 2009 @ 02:02 PM EDT Contributed by: PrivacyNews

Opening arguments got under way this afternoon in a lawsuit against Weld County authorities over tax records seized in an identity theft investigation.

The American Civil Liberties Union sued District Attorney Ken Buck and the Weld County Sheriff's Department over their investigation targeting more than 1,300 illegal immigrants.

Source -

Some hacking “don'ts”

Charges beefed up against alleged Sarah Palin e-mail hacker

Monday, March 09 2009 @ 02:04 PM EDT Contributed by: PrivacyNews

The University of Tennessee college student accused of illegally accessing Alaska Gov. Sarah Palin's Yahoo e-mail account was formally charged today on new fraud and obstruction-of-justice charges.

Source - Computerworld

[From the article:

During last year's presidential race, Kernell used publicly available information to reset the password for Palin's account and then posted information from that account to an online bulletin board at, prosecutors said in court filings. Kernell also posted the reset passwords to Palin's account, which were used by at least one other person to access the account.

… Within days, Kernell was linked to the incident by bloggers who concluded that he was the anonymous hacker named Rubico who had first posted the Palin data.

… Worried that the FBI was on his trail, Kernell deleted records on his laptop computer in hopes of hiding his tracks, prosecutors said.

Related This may be a duplicate, but I'm gathering reading material for my Computer Security classes.

March 09, 2009

2009 Identity Theft Resource Center Breach Report

Identity Theft Resource Center, 2009 Breach List, 3/3/2009 - Breaches: 89 Exposed: 1,140,146.

Perhaps I could join them, after years of watching lawyers, I feel I have a virtual law degree... virtually have a degree?

At Virtual Law Firm, Ex-DLA Partner Expects to Work Less, Earn More

Posted Mar 9, 2009, 05:10 am CDT By Debra Cassens Weiss

While many of the nation’s traditional large law firms are shedding lawyers, one startup is adding three partners a month.

The Virtual Law Firm had only eight partners when it was formed last year, but it now has 33, the Washington Post reports. Lawyers at the law firm work at home, meeting with clients with the help of the Internet and video conferencing. Lawyers keep 85 percent of their billings.

Winning customers for the other guys?

Microsoft Shoots Own Foot In Iceland

Posted by kdawson on Monday March 09, @10:36PM from the blood-from-a-stone-middleman dept. Microsoft The Almighty Buck

David Gerard writes

"The Microsoft Certified Partner model is: an MCP buys contracts from Microsoft and sells them to businesses as a three-year timed contract, payable in annual installments. Iceland's economy has collapsed, so 1500 businesses have gone bankrupt and aren't paying the fees any more. But Microsoft has told the MCPs: 'Our deal was with you, not them. Pay up.' The MCPs that don't go bankrupt in turn are moving headlong to Free Software, taking most of the country with them. (Warning: link contains strong language and vivid imagery.)"

Steal from the best! (But there aren't thousands there yet, they are just getting started.) - Video Lectures From Top Scholars

“Thousands of video lectures from the world’s top scholars” is the way that this online resource advertises itself, and that is a fine description. Basically, this beta website has the noble objective of letting any person have access to a better, world class education no matter where they are located.

The main page lists the featured universities and lecturers, and the same goes for the most renowned instructors. Users can also create playlists (a la YouTube), and these can be shared and accessed through the main page. By way of example, some of the featured subjects include “Computer Science”, “Law”, “History” and “Political Science”. There is also an “Entrepreneurship” category and an “Economics” subsection for those who look for a niche in the industry.

Here's one I'll use a lot! (I will try the others too...)

Readability: Web reading that's easier for you, less profitable for publishers

by Josh Lowensohn March 9, 2009 1:11 PM PDT

If you often use the print story button just to get a Web article on one page, and without the hijinks that get you to mistakenly click on advertisements, Readability may be just what you're looking for. This small bookmarklet, which you simply drag up to your bookmarks toolbar to add to your browser, will re-format the page you're on to make it easier to read. It gets rid of layout, advertising, and any of the site's original navigation. In return, the story retains its links, photos, and any embedded content, letting you read freely and without distraction.

… This tool reminds me quite a bit of PrintWhatYouLike, the service that lets you customize what page elements you want to print, even if the source site does not have its own print story function. It is, however noticeably faster about cutting out the page elements--it's almost instantaneous.

Update: If you liked Readability, you'll definitely enjoy TidyRead. It does the same exact things as Readability but lets you swap things like the font size, width, and style on the fly. It works in other languages, which as of now Readability manages to flub. It also lets you send simplified article pages to friends via a special re-direct page, just like this one.