Saturday, March 21, 2009

"We didn't consider this stuff important."

Jackson Memorial Hospital statement on data theft

March 20, 2009 by admin Filed under: Healthcare Sector, Theft, U.S.

John Dorschner of the Miami Herald reports that personal information of more than 200,000 visitors to Jackson Memorial Hospital between May 2007 and March 2008 was on a hard drive that was stolen from the hospital’s mainframe data center on or before February 11. According to the hospital’s CIO, no Social Security numbers or financial data were on the missing drive. The data appear to be limited to copies of drivers’ licenses or other types of identification that were presented at various security checkpoints.

Because there was no backup of that drive, the hospital is using the media to alert those affected.

A statement on the hospital’s web site says:

On March 4, 2009, a police report was filed with the Miami-Dade Police Department to investigate the theft of a hard drive stolen from the Jackson Memorial Hospital data center. The hard drive held identification information for individuals that presented a driver’s license or other form of identification at security points while visiting Jackson Memorial Hospital between May 2007 and March 2008. While a full investigation on this matter is ongoing, it is believed that the person(s) responsible wanted the hard drive and not the information it contained. No social security numbers or financial information was stored on the missing drive.

Jackson has taken steps to ensure this does not happen again. The information is now being monitored by a third party and stored at an offsite location. Effective immediately, data collected from visitors will be destroyed after 30 days. [“We never considered a 'useful life' before” Bob] “We sincerely apologize for the inconvenience this breach may cause our visitors,” said Eugene Bassett, interim CEO, Jackson Health System. “We felt it was important for us to notify those who are potentially impacted. We collect visitor data in an effort to better manage access to our campus and, most importantly, to protect our patients. We will continue to work with law enforcement in hopes of apprehending the person or persons responsible for this crime.”

CyberWar If Russia was good at this, the attacks would have been traced to random sites all over the globe. Again it looks ike a strategy of quantity (DDOS) not quality.

Report Links Russian Intelligence Agencies To Cyber Attacks

Posted by Soulskill on Saturday March 21, @12:01AM from the send-spike-beep-bloop-spike-sent dept. Security Government The Internet

narramissic writes

"A report released Friday by a group of cyber-security experts from greylogic finds it is very likely that the Foreign Military Intelligence agency (the GRU) and Federal Security Service (the FSB) directed cyber attacks on Georgian government servers in July and August of 2008. 'Following a complex web of connections, the report claims that an Internet service provider connected with the web site, which coordinated the Georgian attacks, is located next door to a Russian Ministry of Defense Research Institute called the Center for Research of Military Strength of Foreign Countries, and a few doors down from GRU headquarters.' But Paul Ferguson, a researcher with Trend Micro who has reviewed the report, says it's a 'bit of a stretch' to conclude that the Georgia attacks were state-sponsored. 'You can connect dots to infer things, but inferring things does not make them so,' he said. One other interesting allegation in the report is that a member of the Whackerz Pakistan hacking group, which claimed responsibility for defacing the Indian Eastern Railway Web site on Dec. 24, 2008, is employed by a North American wireless communications company and presents an 'insider threat' for his employer."

Sounds suspiciously like that movie “Clueless.” Perhaps there is a subtle strategic objective, but I can't imagine what it might be.

Senators plan to shift cybersecurity from DHS to White House

by Stephanie Condon March 20, 2009 6:00 PM PDT

Forthcoming legislation would wrest cybersecurity responsibilities from the U.S. Department of Homeland Security and transfer them to the White House, a proposed move that likely will draw objections from industry groups and some conservatives.

CNET News has obtained a summary of a proposal from Senators Jay Rockefeller (D-W.V.) and Olympia Snowe (R-Maine) that would create an Office of the National Cybersecurity Advisor, part of the Executive Office of the President. That office would receive the power to disconnect, if it believes they're at risk of a cyberattack, "critical" computer networks from the Internet. [Talk about redefining infrastructure! Bob]

"I regard this as a profoundly and deeply troubling problem to which we are not paying much attention," [There is a big difference between “paying attention” and “understanding” Bob] Rockefeller said a hearing this week, referring to cybersecurity.

Might be interesting in the context of “should we outsource item removal” as well as “is there any law enforcement organization that would want to analyze the raw data?”

eBay Describes the Scale of Its Counterfeit Goods Problem

Posted by Soulskill on Friday March 20, @09:58PM from the how-to-sell-a-box-of-rocks dept. The Almighty Buck Businesses The Courts The Internet

Ian Lamont writes

"As the Tiffany vs. eBay lawsuit winds its way through a federal appeals court, eBay has trotted out some numbers that show how many sellers attempt to sell fake goods on the auction site. Millions of auctions were delisted last year, and tens of thousands of accounts were suspended after reports were made to eBay's Verified Rights Owner program, which lets trademark owners notify eBay of fake goods being sold on the site. eBay says 100% of reported listings were removed from the site last year, most within 12 hours, and the company uses sellers' background information to make sure that they don't create new accounts to sell delisted items. Tiffany brought the suit against eBay in 2004, alleging that eBay was turning a blind eye to counterfeit luxury goods and demanding that eBay police its listings for bogus goods. Tiffany lost the case last July and will shortly present its arguments to the US Court of Appeals for the Second Circuit in New York. A similar case in France cost eBay $61 million."

For my Data Mining students. You can't learn much from location (unless millions of Chinese users suddenly start twittering from Siberia) so you must go deeper and learn to analyze what they are saying.

Internet Could Act As Ecological Early Warning System

Posted by ScuttleMonkey on Friday March 20, @05:30PM from the keep-your-crowd-source-off-of-mine dept.

Wired is reporting that ecologists think the internet could act as an early ecological warning system based on data mining human interactions. While much of this work has been based on systems like Google Flu Trends, the system will remain largely theoretical for the near future.

"The six billion people on Earth are changing the biosphere so quickly that traditional ecological methods can't keep up. Humans, though, are acute observers of their environments and bodies, so scientists are combing through the text and numbers on the Internet in hopes of extracting otherwise unavailable or expensive information. It's more crowd mining than crowd sourcing."

For my Intro to Computer Security class

March 20, 2009

Regulations & IT Governance Frameworks 101

With so many regulations and IT governance frameworks out there, it can be confusing to keep them all straight. I recently saw a whitepaper put out by Qualys that had (I thought) a really go brief description of the major ones. Here it is: [NOTE: Requires registration Bob]


SOX – The Sarbanes-Oxley Act of 2002 requires strict internal controls and independent auditing of financial information as a proactive defense against fraud.

HIPAA – The Health Information Portability and Accountability Act of 1996 requires tight controls over handling of and access to medical information to protect patient privacy.

GLBA – The Gramm-Leach-Bliley Act of 1999 requires financial institutions to create, document and continuously audit security procedures to protect the nonpublic personal information of their clients, including precautions to prevent unauthorized electronic access.

FISMA – The Federal Information Security Management Act of 2002 is meant to bolster computer and network security within the federal government and affiliated parties (such as government contractors) by mandating yearly audits.

Basel II – The Capital Requirements Directive/Basel II Accord established an international standard that banking regulators can use when creating regulations about how much capital banks need to put aside to guard against the types of financial and operational risks banks face.

UK Data Protection Act of 1998 – The eight principles of the Data Protection Act state that all data must be processed fairly and lawfully; obtained and used only for specified and lawful purposes; adequate, relevant and not excessive; accurate, and where necessary, kept up to date; kept for no longer than necessary; processed in accordance with individuals rights as defined in the Act; kept secure; and transferred only to countries that offer adequate data protection.

IT Governance Frameworks

COBIT® 4.0 – Published by the IT Governance Institute (ITGI) COBIT 4.0 emphasizes regulatory compliance. It helps organizations to increase the value attained from IT and enables alignment with business goals and objectives. COBIT offers the advantage of being very detail oriented, which makes it readily adoptable across all levels of the organization. It also makes use of the Capability Maturity Model Integration (CMMI) as a way of assessing the status of security processes.

ISO 17799:2005 (ISO 27001) – This is an international standard for the management of IT security that organizes controls into ten major sections, each covering a different topic or area. These are: business continuity planning, system development and maintenance, physical and environmental security, compliance, personnel security, security organization, computer operations and management, asset control, and security policy.

NIST 800-53 – This publication from the National Institute of Standards and Technology is a collection of “Recommended Security Controls for Federal Information Systems.” It describes security controls for use by organizations in protecting their information systems, and recommends that they be employed in conjunction with and as part of a well-defined information security program.

Local Search. A list of sites that claim to know everything about every neighborhood everywhere.

Know your neighborhood: Thirteen sites

by Don Reisinger March 20, 2009 3:05 PM PDT

Something for the Swiss Army folder? Allows you to split or merge PDFs, so I can take parts of several documents and merge them for my students!

How To Merge Multiple PDF Files In A Single PDF File

March 20, 2009 · Filed Under Uncategorized

If you want to merge, combine or join different PDF files into a single PDF File, PDFMerge is a free utility to perform this task.

Another potentially useful tool that allows me to point my students to a YouTube video without all the distractions. Article even has a video for the technologically challenged.

Quietube makes YouTube watching distraction-free

by Josh Lowensohn March 20, 2009 4:16 PM PDT

Quietube is a new tool to enhance the YouTube watching experience. The idea is that you can watch just the video with none of the other YouTube page elements. To do this you simply add its bookmarklet to your browser's bookmarks toolbar, and click it on any YouTube page.

Another tool. I want to start gathering these now, since I expect all my textbooks will be e-reader (Kindle or similar) compatible within three years.

Calibre: iTunes for e-books?

by Seth Rosenblatt March 20, 2009 5:42 PM PDT

Calibre is a cross-platform, open-source library for your e-books that can also sync them to your e-book reader. Available for Windows, Mac, and Linux, it offers a massive range of individual book customizations, as well format conversion and newspaper-style RSS feed grabbing, but lacks a slick interface that would go a long way towards convincing skeptics that it's a powerful tool.

… You can add books, convert formats, and edit meta data on the fly. Much like the metatags for digital music, you can choose a cover of your own liking. If you have the ISBN number of a book in the metatag, there's a helpful button that will grab the cover from the Internet. You can also choose a cover that you have stored locally. Other meta data includes author name, book name, search tags, publisher, rating, series, reader comments, and available formats. Calibre manages multiple formats of books under one book name, so it's easy to sync the MOBI to a Kindle without having to confuse it with the EPUB or PDF version you've stored locally.

Calibre also comes with a default desktop e-book reader, accessible from the View button, so you can check out your books without having a device.

… Calibre also has a killer feature: it manages RSS feeds into a newspaper format. [Potential to replace my RSS Reader – requires a bit more work for each site, but looks interesting. Bob] Currently, it supports just under 100 English-language feeds in this style, including various tech news, general news, and niche market Web sites.

Not sure this works, but it is fun to try it at various speeds. How much can you retain at 1500wpm? - Reading Super Quick & Super Easy

Eyercize is a site that has a program on offer that allows you to increase the speed at which you read. These days people have to read more and more, and reading a bit quicker would certainly not hurt anyone.

The app itself works in quite a simple way, which is by letting you upload your text and then shoot it out at you at a standard speed. This in turn forces you to try and keep up with the text that is coming up therefore making you read more quickly! The application allows you to adjust a series of parameters such as the speed and the size of the text so that it suits your needs better.

Friday, March 20, 2009

Convenience outweighs security. Nothing new here.

Phone data makes 4.2 million Brits vulnerable to ID theft

Friday, March 20 2009 @ 04:28 AM EDT Contributed by: PrivacyNews

According to the findings of a survey by endpoint data protection security firm, Credant Technologies, 80% of phone users store information on their phones that could easily be used to steal their identities. The research surveyed 600 commuters at London railway stations about their mobile phones, typical usage and the types of sensitive information stored on them. The results were horrifying :

16% have their bank account details saved on their mobile phones
24% their pin numbers and passwords
• 11% keep social security and inland revenue details
• 10% store credit card information
• alarmingly 40% naively fail to protect their devices with a password

Source -

[From the article:

99% of people use their phones for some sort of business use – even though 26% have been instructed by their employer not to do so

How I got your password. Hacking 101

Sniffing keystrokes via laser and keyboard power

by Elinor Mills March 19, 2009 4:27 PM PDT

VANCOUVER, B.C.--Presenters at the CanSecWest security conference detailed on Thursday how they can sniff data by analyzing keystroke vibrations using a laser trained on a shiny laptop or through electrical signals coming from a PC connected to a PS/2 keyboard and plugged into a socket.

Because the law doesn't specify, e-commerce isn't covered. I suspect that invalidates most fraud laws too, right?

Federal Judge Rules In Favor Of E-Tailers, A Move Many Online Merchants May Come To Regret

Thursday, March 19 2009 @ 06:46 AM EDT Contributed by: PrivacyNews

In the Courts

Online retailers collecting credit card information and other personal information (e.g., name, address and telephone number) gained a victory against a privacy prohibition in a recent California federal case. However, in the long run the court decision may undo many protections for electronic commerce.

Source - StorefrontBacktalk

Update So, how's that censorship project going down under, mate? (It is useful to have this list, which I will check very carefully in case there are porn sites I haven't already found and bookmarked – for academic purposes only you understand.)

Australia's Vast, Scattershot Censorship Blacklist Revealed

Posted by timothy on Thursday March 19, @10:59PM from the please-don't-click-here dept. Censorship The Internet IT

mask.of.sanity writes

"Australia's secretive Internet filter blacklist held by its communications watchdog has been leaked, revealing the government has understated the amount of banned Web pages by more than 1000. Multiple legitimate businesses and Web sites have been banned including two bus companies, online poker sites, multiple Wikipedia entries, Google and Yahoo group pages, a dental surgery and a tour operator. Betfair, a billion-dollar business blocked by the blacklist, CEO Andrew Twaits was furious the government has potentially annexed tens of millions of dollars in revenue after its gambling site was blacklisted. The blacklists were reportedly leaked by a Web filter operator to wikileaks which has published the full list of banned URLs. Outraged privacy advocates say the government has effectively lied about the amount of URLs included in the blacklists, totalling more than 2300, and the type of content which it would ban. The leak follows a series attacks on the watchdog in which irate users successfully lobbied for web sites to be banned, only to be threatened with an $11,000 fine for publishing the link contained in the PR response. It was also revealed the watchdog can ban Web sites at a whim, with no accountability."

I guess we can forget our hopes that MySpace is a passing fad. (Sigh)

Social networks, blogs more popular than e-mail

by Dave Rosenberg March 19, 2009 3:48 PM PDT

We've all run into these. It's a case of management failing to look at their site like a customer would and failing to insist that all customer reported concerns be addressed. (Also kicked off a storm of comments on the banking system...)

Making Sense of Mismatched Certificates?

Posted by timothy on Thursday March 19, @03:51PM from the continue-anyway dept. Security The Almighty Buck

Ropati writes

"I bank with Recently I went to log in to my credit card account, and my browser reported that the site certificate didn't match the web site I was on. [Expletive.] I'm wondering if I am getting a poisoned DNS URL. I have to log in and do my banking, so I accept the mismatched certificate. The banking site is complete, my transactions are listed but that doesn't mean there isn't a man in the middle attack here. I am still curious how much I have exposed my banking assets."

Read on for more, and offer advice on how to interpret what sounds like a flaky response from the bank.

For my web site students

March 18, 2009

National Marine Sanctuaries Media Library Online

"The National Marine Sanctuaries Media Library is an online vault where a comprehensive collection of select video clips and high-resolution still images from America's underwater treasures are securely stored and available for searchable access and download."

  • Key work search by: categories, subcategories, sanctuaries, images for web, images for print, and video

Propaganda to motivate my Javascript students.

Browser war centers on once-obscure JavaScript

by Stephen Shankland March 20, 2009 4:00 AM PDT

Thursday, March 19, 2009

I learn new things every day. Today I learned the term “constructive dismissal” and how to build a case against corporate surveillance. Now I need to figure how to translate that into a case against all that government surveillance.

Ca: A fine line between privacy and managing the workplace

Thursday, March 19 2009 @ 05:26 AM EDT Contributed by: PrivacyNews

What happens when employee privacy rights collide with an employer’s right to monitor its workplace? As the London, Ontario offices of Cornerstone Properties recently discovered, an employer must tread carefully or risk inadvertently dismissing its own employees.

After working for seven years without incident, Coleen Colwell trusted her employer. She had been promoted to manager and was given her own private office at the company’s workplace. However, her trust was dashed when she suddenly learned that a secret surveillance camera had been installed in the ceiling of her office.

Source - Metro News Toronto

So easy, even a non-hacker can do it! Perhaps we need to show people how to look for their userid/passwords and what to do when (not if) they find them. Something for my Intro to Computer Security class (the advanced students wouldn't find this surprising or too dangerous.)

Social Search Reveals 700 Comcast Customer Logins

Posted by samzenpus on Wednesday March 18, @09:56PM from the easiest-password-to-remember dept. Security The Internet

nandemoari writes

"When educational technology specialist Kevin Andreyo recently read a report on people search engines, he decided to conduct a little 'people search' on himself. Andreyo did not expect to find much — so, imagine the surprise when he uncovered the user name and password to his Comcast Internet account, put out there for the entire online world to see. In addition to his personal information, Andreyo also discovered a list that exposed the user names and passwords of (what he believed) to be 8,000 other Comcast customers. Andreyo immediately contacted both Comcast and the FBI, hoping to find the ones responsible for divulging such personal information to the public. While the list is no longer available online, analysts fear that the document still lives on in various cache and online history services."

[Worried you might be on the list? One commenter (clearly a newbie) was and asked where he could find a copy of the list. Another commenter helpfully responded by posting the list. Bob]

About bloody time! We don't want citizen reading our data – and finding out we read their data (see next article)

UK: HMRC publishes data security rules

Wednesday, March 18 2009 @ 10:51 AM EDT Contributed by: PrivacyNews

HM Revenue and Customs (HMRC) staff have been issued with a data security handbook, instructing them to ensure all data is encrypted when it is off the premises.

The handbook has instructed staff to only carry as much data as is needed to do their jobs on any mobile device. In addition, all mobile devices that carry the information, like Blackberrys or laptops, must be encrypted.

Source -

OMG Winston dude u was rite. Thot police evrwhr

UK Gov't May Track All Facebook Traffic

Posted by timothy on Wednesday March 18, @03:20PM from the posted-before-curfew dept. Privacy Government Security The Internet

Jack Spine writes

"The UK government, which is becoming increasingly Orwellian, has said that it is considering snooping on all social networking traffic including Facebook, MySpace, and bebo. This supposedly anti-terrorist measure may be proposed as part of the Intercept Modernisation Programme according to minister Vernon Coaker, and is exactly the sort of deep packet inspection web inventor Sir Tim Berners-Lee warned about last week. The measure would get around the inconvenience for the government of not being able to snoop on all UK web traffic."

Here's a paper waiting to be written. Touched of an interesting (and voluminous) discussion in the Comments.

Internet-Caused Mistrials Are On the Rise

Posted by kdawson on Wednesday March 18, @10:15AM from the jurors-with-blackberrys dept.

The NYTimes is running a tip-of-the-iceberg story about how the age of Google is resulting in more mistrials as the traditional rules of evidence, honed over many centuries, collide with the always-on Internet. Especially when jurors carry the always-on Internet in their pockets. (We discussed one such case recently.)

"The use of BlackBerrys and iPhones by jurors gathering and sending out information about cases is wreaking havoc on trials around the country, upending deliberations and infuriating judges. ... Jurors are not supposed to seek information outside of the courtroom. They are required to reach a verdict based on only the facts the judge has decided are admissible, and they are not supposed to see evidence that has been excluded as prejudicial. But now, using their cellphones, they can look up the name of a defendant on the Web or examine an intersection using Google Maps, violating the legal system's complex rules of evidence."

Related? (as in: another potential paper?)

Google's Information On DMCA Takedown Abuse

Posted by samzenpus on Wednesday March 18, @07:59PM from the hassle-your-way-to-the-top dept. Google

Binestar writes

"According to a PC World article, Google has submitted a brief to New Zealand about its proposed copyright law (section 92A). "In its submission, Google notes that more than half (57%) of the takedown notices it has received under the US Digital Millennium Copyright Act 1998, were sent by business targeting competitors and over one third (37%) of notices were not valid copyright claims.""

God forbit companies should act logically. Something for the Business Illiterate to over-react to: “It's not fair! Big companies make profits and everyone knows that's evil. They should give all their income away!”

Shell Ditches Wind, Solar and Hydro

Posted by samzenpus on Thursday March 19, @03:08AM from the do-what-you-know dept. Earth Businesses Technology

thefickler writes

"Shell has decided to end its investment in wind, solar and hydro projects because the company does not believe they are financially sound investments. Instead Shell is going to focus on carbon sequestration technologies and biofuels. Not surprisingly, and perhaps unfairly, bloggers have been quick to savage the company: "Between Shell's decisions to stop its clean energy investments and to increase its debt load to pay for dividends, the company is solidifying an image of corporate greed over corporate responsibility." Is Shell short sighted, or is it just a company trying to make its way in an uncertain world?"

Do you have a webcam? Even my students know something (e.g. How to send text messages during class.) - Sharing Knowledge Online

The tagline of this new resource is “Together we know everything”, and such a phrase captures the spirit of the whole endeavor quite accurately. Broadly speaking, Moontoast is a user-powered site that will let anybody share his knowledge with others in a setting as elastic as the web makes for.

Each person who offers his knowledge online is termed an “expert”, and experts have profile pages where they explain what it is they excel at, and how can they help others. They also set down their rates therein.

When it comes to the way teaching is done, both chat sessions and online video classes are duly taken into consideration.

Here it is in black & white!

Fujitsu eBook Reader - With Color!

March 18th, 2009 by Andrea Edmunds

Related Baen ( offers many free SiFi books on their web site and claims hardcopy sales increase each time one is added.

Major Publishers Partner with Scribd for Viral E-book Marketing

By Chris Snyder March 18, 2009 9:48:14 AM

Random House, Simon & Schuster and several other publishers announced a wide-ranging partnership Wednesday with Scribd to begin to release an increased number of best sellers as free e-books — a major marketing push to harness the long tail of a literate social network that boasts some 50 million loyalists.

Related This field is booming, but do you really need a reader? Will the first laptop with an easy-to-read screen kill the Kindle?

Google deal brings classic books to Sony Reader

by Jennifer Guevin March 19, 2009 12:28 AM PDT

Sony's e-book reader is about to get a little help from Jane Austen in its battle with the Kindle.

Sony announced a partnership with Google Wednesday night that will bring a half-million classic books to the Sony Reader Digital Book. Users will now be able to access the free book downloads through Sony's eBook Store.

… For now, Google is providing books to Sony whose copyrights have expired, which means most of the new additions to the Sony Reader will have been published before 1923, according to The New York Times. [So very few computer books... Bob]

Wednesday, March 18, 2009

Remember, when it comes to the adequacy of your security, it's not just the CIO or the CEO or the Board of Directors you need to convince. A massive data loss might be seen as an indicator that something isn't quite up to par...

Heartland’s annual report to SEC reveals more investigations

March 17, 2009 by admin Filed under: Breach Reports

Heartland Payment Systems filed its annual Form 10-K report with the Securities and Exchange Commission yesterday. The Legal Proceedings section lists all of the consumer, financial institution and stockholder lawsuits against it, and also indicates that it is under investigations in addition to ones previously reported:

… The report also provides some additional detail on how Heartland’s sponsoring banks may try to recoup any fines and that they anticipate that other card brands may also impose fines:

Watching basketball is a major security risk?

March 17, 2009

March Madness Scam Using SEO Poisioning

With March Madness in the air, you should be aware of a new scam to get your users to get malware installed on their system. It involved the search engine manipulation of Google and others to present malicious and compromised websites at the top of the search results.

… First, it allows criminals to compromise systems on the inside of the network while completely bypassing traditional security solutions such as firewalls and IDS/IPS. Second, when successful, it has the capacity to compromise many more systems than traditional vulnerability exploit where you compromise one system at a time.

Someone sees the risks as well as the benefits? How unusual.

Dutch payment by fingerprint initiative stopped

Tuesday, March 17 2009 @ 02:57 PM EDT Contributed by: PrivacyNews

Dutch supermarket chain Albert Heijn has decided not to follow up on a trial with payment via fingerprint. The trial was conducted in an Albert Heijn branch in the town of Breukelen, near Amsterdam, where 580 participants were able to pay for their daily groceries using their finger print instead of cash or debit cards.

.... Albert Heijn has currently decided not to follow up on the trial, citing ‘security issues and vulnerability to fraud’.

Source - The Paypers

[From the article:

During the first weeks of the trial, experts already pointed out a number of security issues arising from the use of the fingerprint payment method. A security expert managed to pay using someone else’s finger print.

… The participants however were enthusiastic about the payment method and applauded the fact that they could complete their purchases without needing their debit cards, cash or loyalty cards.

Jefferson never said they were covered either...

Obama Administration: Constitution Does Not Protect Cell-Site Records

By David Kravets EmailMarch 17, 2009 | 2:21:35 PM

… "Because wireless carriers regularly generate and retain the records at issue, and because these records provide only a very general indication of a user's whereabouts at certain times in the past, the requested cell-site records do not implicate a Fourth Amendment privacy interest," the Obama administration wrote (.pdf) Feb. 13 to the federal appeals court.

Related? “We're politicians, so we gotta do something, even if we don't know what we're doing!”

UK Gov. Clueless About Own Internet Blacklist

Posted by kdawson on Wednesday March 18, @04:56AM from the get-me-someone-with-a-clue dept. Censorship The Internet Politics

spge writes

"Computer Shopper magazine has interviewed the UK Home Office about its relationship with the Internet Watch Foundation and discovered that the government doesn't actually know what the IWF does, although it still plans to force UK ISPs to subscribe to the IWF's blacklist. The main story makes for interesting reading, but the best bit is the full transcript of the interview. Short version: the IWF investigates suspected child porn websites and adds any it finds to a list that ISPs can use to block these sites; wants ISPs to use this list; however, the IWF is not an official government organization, does not appear to have legal permission to view child pornography, and quite possibly is breaking the law by doing so."

Another example of “clueless.” Does no one consider what will happen with someone outside of the marketing department finds out what you did? Shouldn't this be on the state's certification checklist?

Diebold Admits Systemic Audit Log Failure; State Vows Inquiry

By Kim Zetter March 17, 2009 6:29:04 PM

SACRAMENTO, California — Premier Election Solutions (formerly Diebold Election Systems) admitted in a state hearing Tuesday that the audit logs produced by its tabulation software miss significant events, including the act of someone deleting votes on election day.

The company acknowledged that the problem exists with every version of its tabulation software.

I had my Computer Security students do this last year – not limited to Google. Interesting (but not surprising) results.

EPIC asks FTC to investigate Google's cloud computing security

Tuesday, March 17 2009 @ 05:20 PM EDT Contributed by: PrivacyNews

Alexei Oreskovic of Reuters reports that EPIC has asked the FTC to investigate the adequacy of Google's cloud computing security after a problem resulted in unintended file sharing last month.

EPIC's request (pdf) includes Gmail, Google Docs, and Picasa.


Sun's new mantra: Call us the 'cloud company'

by Charles Cooper March 17, 2009 10:39 PM PDT

Update 8:49 a.m. PDT: Sun has made its official announcement and provided a link to its cloud computing site.

During the Internet bubble era, Sun Microsystems profited as one of the big suppliers of networking computing technology to IT. Now it's hoping to similarly benefit from another tech trend as the computer industry slowly migrates toward cloud computing.

Related. IBM is still profitable...

Why an IBM purchase of Sun would make sense

by Larry Dignan March 18, 2009 4:45 AM PDT

IBM is reportedly in talks to buy Sun Microsystems for $6.5 billion and the deal is long overdue. The companies mesh on the open-source software front, Sun is struggling, and IBM can consolidate some server market share.

First, the headlines. The Wall Street Journal is reporting that IBM could acquire Sun as early as this week. IBM would pay all cash for Sun. The Journal also reported that Sun has approached a number of large companies about an acquisition; a move that throws cold water on CEO Jonathan Schwartz's everything-is-fine video.

Another “new economics”

SXSW: Wired Editor Chris Anderson's Free Will Be Free

By Chris Kohler March 17, 2009 4:57:00 PM

In a keynote Q&A with former Mac marketer and venture capitalist Guy Kawasaki on the final day of the SXSW Interactive conference here, Wired magazine's editor-in-chief said that you'll be able to read his new book on the economics of giving things away without paying a dime. But, he said, publisher Hyperion asked him to not reveal the specific details of how that will work.

… The "freeconomics" theory Anderson laid out in "Free! Why $0.00 Is the Future of Business," his 2008 cover article in Wired, posits that in the internet era, giving goods away has moved from marketing gimmick to fundamental strategy that's changing the way the world does business.

“We need UAVs and better wiretap tools and drug sniffers in schools and P2P taps and the Total Information Awareness system and ...” Hey, they asked. I'd ask for the moon too.

March 17, 2009

DOJ: High-Priority Criminal Justice Technology Needs

High-Priority Criminal Justice Technology Needs, NCJ 225375, 2009, by National Institute of Justice

Interesting that one of last year's top scams involves this years economic stimulus plan. Now will you believe that criminals move quickly?

March 17, 2009

Phishing Scams, Frivolous Arguments Top the 2008 “Dirty Dozen” Tax Scams

News release: "The Internal Revenue Service issued its 2008 list of the 12 most egregious tax schemes and scams, highlighted by Internet phishing scams and several frivolous tax arguments. Topping this year’s list of scams is phishing, which encompasses numerous Internet-based ploys to steal financial information from taxpayers. New to the “Dirty Dozen” this year is a scheme, which IRS auditors discovered, that relates to unreasonable and/or excessive fuel tax credit claims."

An example of news that is hard to report in paper form...

March 17, 2009

Investigative Reporting Workshop's BankTracker

"The unprecedented bet that many banks made on mortgages, real estate development and other real estate related lending during the middle part of this decade has produced a payoff no one imagined just a few years ago -- a huge increase in loan defaults, a soaring number of foreclosures and a plunge in bank profits. And now, a new analysis of bank financial statements by the Investigative Reporting Workshop [American University School of Communication], sheds new light on just how dangerous conditions have become in many banks across the nation. We also created a search tool that permits you to check the financial health of any bank in the nation. And we have provided detailed information about the banks that have received bailout money from the federal government. This project was done in cooperation with See the full story." [thanks Peggy Garvin]

Related I bet they don't analyze this as closely as the banks. It's easier to just hate highly paid executives.

March 17, 2009

NY AG Cuomo Releases Details on AIG Bonuses to Financial Services Committee

Letter to Rep. Barney Frank from Andrew M. Cuomo, Attorney General of the State of New York re: AIG 2008 Retention Bonuses

  • "We learned over the weekend that AIG had, last Friday, distributed more than $160 million in retention payments to members of its Financial Products Subsidiary, the unit of AIG that was principally responsible for the firm's meltdown...The top recipient received more than $6.4 million; The top seven bonus recipients received more than $4 million each; The top ten bonus recipients received a combined $42 million; 22 individuals received bonuses of $2 million or more, and combined they received more than $72 million; 73 individuals received bonuses of $1 million or more; and Eleven of the individuals who received "retention" bonuses of $1 million or more are no longer working at AIG, including one who received $4.6 million..."

For the Surgical Tech students in my website class...

Rare Trove of Army Medical Photos Heads to Flickr

By Alexis Madrigal March 17, 2009 7:16:36 PM

An archivist has begun a massive project to make public a newly digitized collection of unique and sometimes startling military medical images, from the Civil War to Vietnam, without the Army's blessing.

This previously unreported archive at the National Museum of Health and Medicine in Washington, D.C., contains 500,000 scans of unique images so far, with another 225,000 set to be digitized this year.

Mike Rhode, the museum's head archivist, is working to make tens of thousands of those images, which have been buried in the museum's archive, available on Flickr. Working after hours, his team has posted a curated selection of almost 800 photos on the service already, without the express permission of the Army.

For my CS and IT students

Computer Science Major Is Cool Again

Posted by kdawson on Tuesday March 17, @02:08PM from the on-average-we-all-have-jobs dept.

netbuzz sends along a piece from Network World reporting that the number of computer science majors enrolled at US universities increased for the first time in six years, according to new survey data out this morning. The Taulbee Study found that the number of undergraduates signed up as computer science majors rose 8% last year. The survey was conducted last fall, just as the economic downturn started to bite. The article notes the daunting competition for positions at top universities: Carnegie Mellon University received 2,600 applications for 130 undergrad spots, and 1,400 for 26 PhD slots.

"...the popularity of computer science majors among college freshmen and sophomores is because IT has better job prospects than other specialties, especially in light of the global economic downturn. ... The latest unemployment numbers for 2008 for computer software engineers is 1.6%... That's beyond full employment. ... The demand for tech jobs may rise further thanks to the Obama Administration's stimulus package, which could create nearly 1 million new tech jobs."

Tuesday, March 17, 2009

Perhaps we should look for our PII on a regular basis? Business model here?

Comcast passwords leaked onto the Web

March 16, 2009 by admin Filed under: Business Sector, Exposure, U.S.

Elinor Mills reports:

Thousands of user names and passwords for Comcast customers was removed from document sharing Web site Scribd on Monday, two months after it was posted there.

Scribd removed the list of more than 8,000 passwords and user names after being contacted by Brad Stone at The New York Times. Stone wrote that he was contacted by a Comcast customer who happened across the list after doing a search on his own e-mail address on search engine Pipl.

Read more on Cnet. Comcast’s reply is included as an update to the NY Times entry.

[From the article:

Mr. Andreyo was reading a recent article in PC World entitled “People Search Engines: They Know Your Dark Secrets… And Tell Anyone,” when he was inspired to find out what information about him was online. He searched for his own e-mail address on the search engine Pipl.

… “We have no reason to believe this came from Comcast. It looks like a phishing or related type of scheme,” said Jennifer Khoury, a Comcast spokeswoman. (Asked about this possibility earlier today, Mr. Andreyo said that he doubted he was ever the victim of a phishing scheme.)

Ms. Khoury said that Comcast was freezing the e-mail accounts of the customers on the list and contacting them to educate them about using safe passwords.

Suggests they don't know where their data is...

Stolen computer at UT contains personal information of students, faculty

March 16, 2009 by admin Filed under: Breach Reports, Education Sector, Theft, U.S.

A computer stolen from the University of Toledo contained personal information for about 24,000 students and 450 faculty during the 2007-08 and 2008-09 academic years, the university announced Monday.


The computer was password protected and many of the files were specifically encrypted or individually password protected, he said.

The personal data was saved on the computer itself and not on the university’s network, which officials are encouraging staff to do.

Read more in the Toledo Blade.

[From the article:

Next month UT will launch a data loss prevention system that will allow staff to search the network for personal information on campus computers and move it to more secure locations on the network.

What defines “sophisticated?” What shouldn't I recommend to my students?

Anonymity and Privacy Should Not Add Up to Prison Time

Tuesday, March 17 2009 @ 05:32 AM EDT Contributed by: PrivacyNews

The Electronic Frontier Foundation (EFF) today urged the United States Sentencing Commission to reject modifications to federal sentencing guidelines that would require extra prison time for people who use technology that hides one's identity or location.

Under current rules, a criminal defendant can get additional time added to a prison sentence if he used "sophisticated means" to commit the offense. In its testimony before the commission, EFF will argue that sentencing courts should not assume that using proxies -- technologies that can anonymize users or mask their location -- is a mark of sophistication. In fact, proxies are widely employed by corporate IT departments and public libraries and, like many computer applications, can be used with little or no knowledge on the part of the user.

Source - EFF

Related? Double Secret Probation! Ignorance of the secret law is no excuse!

Wikileaks Pages Added To Australian Internet Blacklist

Posted by timothy on Tuesday March 17, @09:41AM from the paging-dr-streisand-dr-streisand dept. Censorship The Internet

cpudney writes

"The Sydney Morning Herald reports that the Australian Communications and Media Authority (ACMA) has added several Wikileaks pages to its controversial blacklist. The blacklisted pages contain Denmark's list of banned websites. Simply linking to addresses in ACMA's blacklist attracts an $11,000 per-day fine as the hosts of the popular Australian broadband forum, Whirlpool, discovered last week when they published a forum post that linked to an anti-abortion web-site recently added to ACMA's blacklist. The blacklist is secret, immune to FOI requests and forms the basis of the Australian government's proposed mandatory ISP-level Internet censorship legislation. Wikileaks' response to notification of the blacklisting states: 'The first rule of censorship is that you cannot talk about censorship.'"

So Australians aren't allowed to see what it is that the Danes aren't allowed to see?

What to do with the Twitter Addicted?

Juror Tweets Could Create Mistrial

Posted by ScuttleMonkey on Monday March 16, @06:18PM from the cell-jammers-being-installed-next-week dept. Social Networks The Courts

nandemoari writes

"Russell Wright and his construction company, Stoam Holdings, recently lost a $12 million dollar lawsuit brought by investors. But lawyers for the firm have complained that juror Johnathan Powell's Twitter comments broke rules when discussing the civil case with the public. The arguments in this dispute center on two points. Powell insists (and the evidence appears to back him up) that he did not make any pertinent updates until after the verdict was given; if that's the case, the objection would presumably be thrown out. If Powell did post updates during the trial, the judge must decide whether he was actively discussing the case. Powell says he only posted messages and did not read any replies.[He also did not inhale... Bob] Intriguingly, the lawyers for Stoam Holding are not arguing so much that other people directly influenced Powell's judgment, rather that he might have felt a need to agree to a spectacular verdict to impress the people reading his posts."

Related? Another technological “downside”

Police Blotter: Facebook photo convicts school aide of drinking charge

by Declan McCullagh March 17, 2009 4:30 AM PDT

What: Facebook photograph shows part-time teaching aide at Ohio high school with three cheerleaders holding Smirnoff bottles.

When: The Court of Appeals of Ohio, Twelfth District, rules on February 9.

Outcome: Conviction for allowing minors to possess alcohol upheld.

What happened, according to court documents and other sources:
Most people are merely embarrassed by photos a friend tosses onto Facebook. Mary Ellen Hause went to jail because of them.

Hause, who worked as a part-time teaching aide at Springboro High School, near Dayton, Ohio, was photographed in her basement posing with three cheerleaders holding Smirnoff bottles. The cheerleaders were friends with her son.

That photo, of course, ended up on Facebook. And Springboro High School Resource Officer Sgt. Don Wilson, who regularly poked around students' Facebook accounts, discovered it and turned it over to the local police.

Background for the news debate.

March 16, 2009

State of the News Media 2009

Pew Research Center’s Project for Excellence in Journalism: "The State of the News Media 2009 is the sixth edition of our annual report on the health and status of American journalism. Our goals are to take stock of the revolution occurring in how Americans get information and provide a resource for citizens, journalists and researchers to make their own assessments. To do so we gather in one place as much data as possible about all the major sectors of journalism, identify trends, mark key indicators, note areas for further inquiry."

[The first “Major Trend” (follows) sort of sums things up for me... Bob]

The growing public debate over how to finance the news industry may well be focusing on the wrong remedies while other ideas go largely unexplored.

For my Data Mining/Data Analysis students. If you ain't mainstream (Democrat or Republican) you is a terrorist! Facts is facts, but interpreting them requires a bit of common sense. I doubt anyone seeing a Libertarian bumper sticker would shoot first and as questions later.

Missouri report on militias, terrorists draws criticism

The Associated Press

COLUMBIA, Mo. A new document meant to help Missouri law enforcement agencies identify militia members or domestic terrorists has drawn criticism for some of the warning signs mentioned.

The Feb. 20 report called "The Modern Militia Movement" mentions such red flags as political bumper stickers for third-party candidates, such as U.S. Rep. Ron Paul, who ran for president last year; talk of conspiracy theories, such as the plan for a superhighway linking Canada to Mexico; and possession of subversive literature.

… Lt. John Hotz of the Missouri State Highway Patrol said the report comes from publicly available, trend data on militias. It was compiled by the Missouri Information Analysis Center, a "fusion center" in Jefferson City that combines resources from the federal Department of Homeland Security and other agencies.

[Thumbnails of report pages here:

Chemistry is logical, government agencies are not.

Rocket Hobbyists Prevail Over Feds In Court Case

Posted by kdawson on Monday March 16, @07:01PM from the up-up-and-away dept. Space The Courts

Ellis D. Tripp writes

"DC District Court judge Reggie Walton has finally ruled in the 9-year old court case pitting the model rocketry community against the US Bureau of Alcohol, Tobacco, Firearms and Explosives. The ruling is a 'slam dunk' for the rocketry community, stating that the BATFE ignored scientific evidence and overstepped its bounds by classifying ammonium perchlorate composite propellant (APCP) as an 'explosive.' Effective immediately, the BATFE has no legal jurisdiction over hobby rocket motors, and a federal Low Explosives User's Permit will no longer be needed in order to purchase APCP motors. The full text of the Judge's decision is reproduced at the link."

Once again I wasn't even nominated. Smart guys those SXSWers...

SXSW: Pioneer Woman Nabs Top Honors at 2009 Bloggies

By Lewis Wallace March 16, 2009 3:11:00 PM

[List of categories and nominees:

AH HA! At last I have found the tool my students use to generate their papers!


BlindTextGenerator is a handy tool that helps you create dummy text, for all your layout needs.

Oh goodie. Now I can turn my computer into a phone. (Or I could write a short program to send SMS messages to everyone I know..) allows you to send free sms text messages to almost anyone in the world. You just have to know their phone number and their cell phone provider.

This is scary. Next we'll have New York mounting lasers for pigeons! ...then J-walkers! ...then investment bankers!

New Laser System Targets Mosquitoes

Posted by samzenpus on Monday March 16, @02:37PM from the excessive-force dept.

An anonymous reader writes

"In the Cold War the so-called 'Star Wars defense system' proposed using lasers to destroy incoming Soviet missiles. In a 2007 brainstorming session aimed at combating malaria, Dr. Lowell Wood, the architect of that system, proposed modifying his original idea to kill mosquitoes. The cover of today's Wall Street Journal contains an article that highlights this initiative as well as a few others, like using a giant flashlight to disrupt mosquitoes' vision and using the insects to vaccinate, in the war against malaria. The system is intelligent enough to avoid noncombatants like humans and butterflies and can even tell the difference between females, the blood-drinkers, and males. My favorite quote: 'We'd be delighted if we destabilize the human-mosquito balance of power.'"