Saturday, April 25, 2009

Sounds like statements by many PR hacks. Can they make it stick in court? (Should be a fun re-election campaign: “Elect me! I'm dumber than the 12-year-old who stole your data!”

(follow-up) Culpeper breach: no one’s responsible because it was a hack?

April 25, 2009 by admin Filed under: Breach Reports, Government Sector, Hack, Subcontractor

As a follow-up to the incident reported here, a Culpeper resident wrote a letter to the editor of their local paper that provides a bit more information on the breach and the position of the town in terms of its responsibility — or lack of responsibility — to provide any free credit monitoring.

According to a letter published in the Culpeper Star-Exponent, the town manager allegedly wrote that neither the town nor its vendor were responsible for the breach because the breach was the result of a criminal act and was not the result of negligence on the part of the town or their vendor. The letter goes on to say that the town’s attorney informed the writer that the data breach was due to the previously unnamed vendor, Capital Software Inc., being hacked.

So if it’s a hack, no one’s responsible for providing free credit monitoring services? What world are the Culpeper town manager and attorney living in?

Related? Another incidence of “Hacks aren't our fault?” Bad security? No Problem! (It's only second class citizen data.)

IRS Awards Tax Payment Contract to RBS Worldpay

April 24, 2009 by admin Filed under: Breach Reports

Brian Krebs of The Washington Post reports that

The Internal Revenue Service has awarded a contract to process tax return payments for the coming filing season to RBS Worldpay, a company that recently disclosed that a hacker break-in jeopardized financial data on 1.5 million payroll card holders and at least 1.1 million Social Security numbers.

The contract award comes a month after credit card giant Visa said RBS was no longer in compliance with the Payment Card Industry (PCI) security standards, a set of guidelines designed to protect cardholder data.

Related Another case of “We have no idea what we're talking about, but listen to how firmly we say it!”

IN: Security breach results in no charges in Clark County

Friday, April 24 2009 @ 11:54 AM EDT Contributed by: PrivacyNews

No charges will be filed against an employee who installed suspicious programs on computers in the auditor’s office in Clark County.

In an e-mail, prosecutor Steve Stewart said the results of a sheriff’s department investigation was turned over to him Tuesday.

I agree with [Sheriff Danny Rodden’s] assessment that while the actions may have been a violation of county policy, they do not constitute a crime and no criminal charges will be filed,” Stewart said.

Source - The News and Tribune

[From the article:

Two programs —Cane & Abel and LCP — were found on the computers. The programs can be used to breach security and discover user passwords on the county’s network, county systems administrator Matt Dyer previously wrote in an e-mail to commissioners.

… County Auditor Keith Groth told The Evening News in previous interviews that he believed the programs were used in the ordinary course of business for his office, confirming that they was used to access the passwords of other auditor's office employees.

He also said that three desktop computers and a laptop computer owned by the county have both programs installed on them so that employees can work remotely from their homes on overtime. However, neither of the programs have a remote-access feature.

In an interview Thursday, Groth said that the software has been removed, but he has yet to look over the sheriff’s report. [But he made the decision based on it? Bob]

Local: Sort of a “taxation without representation” kind of funding? Traffic ticket fines pay for cost of felony record keeping?

CO: Expansion of DNA sampling law progresses in Senate

Saturday, April 25 2009 @ 04:44 AM EDT Contributed by: PrivacyNews

Senate Bill 241, proposed by John Morse, would require anyone arrested for a felony to submit a DNA sample. The proposed law expands DNA collection from the current law that limits DNA collection to those who are convicted and would affect approximately 60,000 people each year.

Although there are provisions to allow people to request their DNA be removed from the database if they are not subsequently charged with a felony, the issue raises a lot of privacy and constitutional issues, as Colleen Slevin of Associated Press reports.

[From the article:

The testing would cost the state about $1 million a year and would be paid for with a $5 fee charged to anyone convicted of a misdemeanor or felony, as well as anyone who gets a traffic ticket. Morse said there wouldn't be enough money collected to start testing until October 2010.

Think everyone who steals your Identity must be a genius? (Just a short look at the video)

Watch an ID thief’s ‘commercial’

April 24, 2009 by admin Filed under: Breach Reports

Bob Sullivan of MSNBC reports on an ID thief’s poorly thought out use of YouTube to advertise personal data for sale.

PLAY VIDEO: Click to see an excerpt of an identity thief's "commercial," which was posted on YouTube recently.'s Bob Sullivan reports.

For my Computer Forensics class

DNS plays role in Craigslist killer case

Network technology may have played a critical role in law enforcement officials catching the alleged Craigslist killer before he was able to strike again.

According to DNSstuff, the vendor's DNS tools were used as part of the ongoing investigation to track and then capture alleged Craigslist killer Philip Markoff.

… As investigators build their case, DNSstuff's CTO Paul Parisi earlier this week recorded a videotaped interview with WCVB TV/DT Boston Channel 5 detailing exactly how DNS technology can lead law enforcement officials practically to the doorstep of criminals by tracking the IP address of devices used to a specific location.

Very similar to the insurance scamers that claimed a back injury then were photographed jumping on a trampoline.;_ylt=Ahtm7zmMTBql4NG0MQ9oa9as0NUE;_ylu=X3oDMTFmOW9qNGo5BHBvcwMyMDQEc2VjA2FjY29yZGlvbl9vZGRfbmV3cwRzbGsDZmFjZWJvb2tzdXJm

Facebook surfing while sick costs woman job

Fri Apr 24, 12:13 pm ET

ZURICH (Reuters) – A Swiss insurance worker lost her job after surfing popular social network site Facebook while off sick, her employer said Friday.

The woman said she could not work in front of a computer as she needed to lie in the dark but was then seen to be active [Not that they monitor her computer or anything... Bob] on Facebook, which insurer Nationale Suisse said in a statement had destroyed its trust in the employee.

Keyboard shortcuts for common apps

Shortcut World

working smarter with keyboard shortcuts

This could be very cool. I'll have to play seriously examine this one! - The Google Wizard Writer

… what if rather than simply receiving a list of passive information, we also received an interactive, Google-generated wizard with each step linked to the appropriate web information, videos and tools providing us guidance and all about how to do things.

This function has now become available through gStepOne. gStepOne is a Google wizard writer. It is the first step in Google’s transition from world information service to Worldwide Wizard, from collective memory to virtual helper.

How does it work? Simply draw a map of the steps in a task by dragging and dropping shapes onto the page. Link the steps and give each one a name. gStepOne googles the web for supporting “How to” information and training for each step, and then generates the wizard.

… Use it to write any kind of wizard: for business, for clubs, for community organizations, or just for fun.

Just in case a student should actually stumble across my blog...;_ylt=AifIjE7hjiwSO8uFFlYoIXas0NUE;_ylu=X3oDMTI5NmdydHF0BGFzc2V0A2NzbS8yMDA5MDQyMy9vanVrZW4EY3BvcwM4BHBvcwMxNQRzZWMDeW5fdG9wX3N0b3J5BHNsawNqYXBhbjM5czM5ZXg-

Japan's 'exam hell' now reaches into preschool

By Yuriko Nagano Yuriko Nagano – Thu Apr 23, 5:00 am ET

Tokyo – It's a quiet afternoon in suburban Tokyo as a well-dressed boy and his mother enter Nikken, a cram school for kindergartners and preschoolers. The mother bows to staff, confirms a pickup time, and drives off in her Mercedes as the boy hunkers down at that most iconic of Japanese institutions: the cram school.

Japan's juken, or "exam hell," has long evoked images of stressed kids competing for slots at top universities in an all-or-nothing exam. But this approach has increasingly moved down the ladder.

Now, in what is known as ojuken, nursery-schoolers are doing worksheets and attending special classes to secure a seat in primary school that their parents hope will ensure their long-term success.

Friday, April 24, 2009

Why would an employee have a million records? (Realllly big case load?)

OK: Personal Data Of 1M On Stolen DHS Laptop

April 23, 2009 by admin Filed under: Government Sector, Theft, U.S.

Well, here’s a laptop theft that will probably cost more than $50,000….. KOCO reports that a laptop stolen from an employee’s vehicle on April 3 contained personal information of up to 1 million people. According to the Oklahoma Department of Human Services, the computer had names, Social Security numbers and birthdates of people who receive state assistance. NewsOK has a bit more on the incident.

Update 1: OKDHS has a notice on its web site about the incident that says “The personal information included names, Social Security numbers, dates of birth and home addresses of clients who receive Medicaid; Child Care assistance; Temporary Assistance to Needy Families (TANF); Aid to the Aged, Blind and Disabled; and Supplemental Nutrition Assistance (SNAP or Food Stamps). The data did not contain driver’s license numbers, credit card or banking information. The potential breach did not affect Child Welfare services.”

Related (I couldn't find the paper yesterday. Pogo did!)

Lost laptops cost companies $50k apiece

Thursday, April 23 2009 @ 04:20 PM EDT Contributed by: PrivacyNews

A single lost or stolen laptop costs a business an average of nearly $50,000. At least, that's the word from an Intel-sponsored study by the Ponemon Institute.

Source - The Register Related - Cost of a Lost Laptop White Paper Final 2.pdf

Thanks to Brian Honan for this link.

Security Tech: Once you have a fully secure device, who will you talk to? Will NSA set up a fully secure Facebook clone? Someone has to be first: Which President was first to use the telegraph? Telephone? Airplane?

Obama To Get Secure BlackBerry 8830

Posted by timothy on Friday April 24, @07:54AM from the what-about-back-worn-radio-controller-devices dept. Communications Cellphones Government Security

CWmike writes

"President Barack Obama is set to receive a high-security BlackBerry 8830 soon, The Washington Times reported today. The device is said to be in the final stages of development at the National Security Agency, which will check that its encryption software meets federal standards. It might not be ready for months. It was reported that Obama will be able to send text and e-mail messages and make phone calls on the device, but only to those with the secure software loaded on their own devices. [Not that he'd want to, but this means the President can't send me an email? Bob] The list includes First Lady Michelle Obama and top aides. The security software is made by Genesis Key, whose CEO, Steven Garrett, is quoted as saying: 'We're going to put his BlackBerry back in his hand.' The Sectera Edge was pegged in January by analysts as the top device choice because of its reputation for secure data communications when used by other federal workers. And there are many reasons why Obama might have been told 'no' on his BlackBerry. But Obama may wish he had chosen a Sectera if BlackBerry has more outage problems like its latest last week, which meant no mobile e-mail for hours across the US."

[From the article:

In the interim, Mr. Obama has been using a patchwork of two devices, a BlackBerry and an NSA-supplied secure hand-held device known as Sectera Edge. The General Dynamics Corp.-made Sectera must be plugged into the presidential BlackBerry, making its use more cumbersome than a secure BlackBerry.

Privacy tech: Should all my students learn this?

How Tor Helps Both Dissidents and the Police

Posted by timothy on Thursday April 23, @03:18PM from the can-I-join-your-group-I-hate-the-romans dept. Privacy Encryption Government News

Al writes

"Technology Review has a in-depth article about the anonymous networking software Tor and how it is helping dissidents spread information in oppressive regimes such as Syria, Zimbabwe and Mauritania, and opening up the unfiltered web for users in many more countries. In China, for instance, the computers found in some web cafes are configured to use Tor automatically. Interestingly, some police agencies even use the software to hide their activity from suspects. As filtering becomes ever more common in democratic countries such as the US, perhaps Tor (and similar tools such as I2P), will become even more valuable."

Related, but completely different? Security and Privacy are not always positively correlated. I read these examples as “Buy a new computer, lose access to your bank account.”

Online banking ID tech equals privacy threat?

Friday, April 24 2009 @ 04:52 AM EDT Contributed by: PrivacyNews

A widely used technology to authenticate users when they log in for online banking may help reduce fraud but it does so at the expense of consumer privacy, a civil liberties attorney said during a panel at the RSA security conference on Thursday.

When logging into bank websites, users are typically asked for their username and password. But that's not all that is happening.

Source -

[From the article:

Wachovia, which recently merged with Wells Fargo, tags the consumer's computer with a unique identifier, said Chris Mathes, an information technology specialist in online customer protection at the bank.

The technology not only can be used to allow legitimate customers into websites but also to block computers that have been targeted as "bad actors", said Todd Inskeep, a senior vice president for the Center for the Future of Banking at Bank of America.

Another device fingerprinting technology provided by 41st Parameter is similar but doesn't tag the computer. Instead, the technology figures out the degree of probability that the computer accessing the site is the one that should be accessing it by querying the computer for things like time zone, language, browser type, Flash ID, cookie ID and IP address, said Ori Eisen, founder of the company. If enough of the answers match, the account can be accessed.

Security Planning: You always look for indications things are not as you expected. Sometimes this is a security failure, sometimes poor documentation, always worthy of review. That's why we keep logs! If security was perfect, nothing would ever go wrong and we would need no record of our perfection because we could recreate any event by executing an algorithm.

Security Pro to Companies: Assume You're Owned

Friday, April 24 2009 @ 05:30 AM EDT Contributed by: PrivacyNews

Major companies should assume the bad guys have already broken into their network, and are better off diverting some resources from attack prevention to ferreting out existing invasions, says one prominent security expert.

Source - CIO

Thinking of upgrading?

Windows 7 hack 'cannot be fixed'

3KB of code is all that's needed to take control of your PC

Researchers at a recent hackers' conference have shown how it's possible to take control of a Windows 7 machine during its boot sequence.

Demonstrating the code at the recent Hack In The Box event in Dubai, security researchers Vipin Kumar and Nitin Kumar used a piece of code called VBootkit 2.0 to take full control of a Windows 7 machine during the booting up process.

Based on the principle that Windows 7 is meant to be safe from attack during the boot up process, the duo showed that the code, which is only 3KB in size, could actually easily be run while the OS is starting up.

The attacker can then gain remote access to the computer and can change files around with the highest level of administrator privileges, and then return the system to its original passwords to leave the hack undetected.

Does Congress feel they “Must do something?” (Underlying theme of most bad laws.)

April 23, 2009

House Hearing on Communications Networks and Consumer Privacy

The Subcommittee on Communications, Technology, and the Internet held a hearing titled, Communications Networks and Consumer Privacy: Recent Developments on April 23, 2009. The hearing focused on technologies that network operators utilize to monitor consumer usage and how those technologies intersect with consumer privacy. The hearing explored three ways to monitor consumer usage on broadband and wireless networks: deep packet inspection (DPI); new uses for digital set-top boxes; and wireless Global Positioning System (GPS) tracking."

Testimony and Statement for the Record of Marc Rotenberg, Executive Director, EPIC Adjunct Professor, Georgetown University Law Center: "we believe it is becoming clear that unregulated collection of consumer data is posing an increasing danger to online privacy and maybe even to the economic model itself. A small number of companies and large advertising networks are obtaining an extraordinarily detailed profile of the interests, activities and personal characteristics of Internet users. Users have little idea how much information is gathered, who has access to it, or how it is used. This last point is critical because in the absence of legal rules, companies that are gathering this data will be free to use it for whatever purpose they wish – the data for a targeted ad today could become a detailed personal profile sold to a prospective employer or a government agency tomorrow."

See? Microsoft does sponsor research like this – but as they say in the article, they may not use it.

Microsoft: How to study search data without risking privacy

Friday, April 24 2009 @ 05:21 AM EDT Contributed by: PrivacyNews

Data on Internet search queries is a potential gold mine for researchers, as a glimpse into the minds of the online population. But despite efforts to keep that data anonymous, its release is a mine field for personal privacy, as evidenced by AOL's legendary 2006 "screw up."

Source - Microsoft: TechFlash

PDF, 10 pages.

[Other papers at the WWW2009 Conference:

Close to home. Let's see if I get this business model: We take the content from a newspaper that wasn't able to generate enough income to survive and try to sell it to an audience that doesn't read newspapers. (If you need more evidence that they don't get it, note that they didn't publish this story.)

Paid Online News Venture Fails To Get Subscribers

Posted by timothy on Thursday April 23, @05:49PM from the it-seemed-different-on-paper dept. The Media The Almighty Buck

Ian Lamont writes

"The idea of migrating people from free online news content to paid subscriptions has been dealt a blow. A venture meant to fill the void left by the print Rocky Mountain Times has attracted 3,000 subscribers — just 6% of its original goal of reaching 50,000 paid subscribers by Thursday. is currently free, but the plan was to have gated premium content starting next month for a $5/month subscription. The project has entrepreneurial backing and articles from journalists who used to work for the print-focused Rocky Mountain News, which closed last month. However, a lack of paying subscribers and low online ad rates means that the venture might have to scale back its ambitions."

If it's easy enough, and free, people will do it!

Fling Ftp: Automate your Backup with free FTP client (Windows)

Apr. 23rd, 2009 By Karl L. Gechlik

Maybe you need to be a geek to find this interesting... This is the future, people!

April 23, 2009

Analysis of Conficker

Researchers at SRI International have published a comprehensive breakdown of the deep workings of Conficker, the malware worm. Their analysis reveals that Conficker is 1) a best-of-breed piece of malware that uses cutting edge cryptography 2) pushes the envelope on using the DNS system for “meeting point” style communications 3) implements a sophisticated peer-to-peer command and control structure 4) and works hard to escape detection and prevent its removal.

You can find the SRI analysis at

[Paper also offers:


Conficker C P2P Snort Detection Module

Conficker C Network Scanner

More than I ever wanted to know...

April 23, 2009

GPO Launches Federal Digital System (FDsys)

Public Printer of the United States: "I am pleased to announce the launch of FDsys, GPO's new Federal Digital System, an innovative tool to enable Americans and people worldwide to search and access the documents of the U.S. Government. FDsys is an one-stop site on which to find current, authentic, published information from all three branches of the U.S. government. I am especially pleased with our new Daily Compilation of Presidential Documents, which includes releases from the White House Press Office and remarks made by the President. FDsys also offers search capabilities to find documents released by Members of Congress and Congressional Committees, using only keyword and date information."

[From the website:

The migration of information from GPO Access into FDsys will be complete in mid-2009. The migration is occurring on a collection-by-collection basis

For my math students (Okay, it needs a little work...) - A Repository Of Mathematical Knowledge

Do you think you are mathematically challenged just because you cannot solve a mathematical problem? This solution was created in order to be a source of techniques to get around that very issue. On this site you will find a wide variety of methods concerning specific subareas of mathematics.

Users are allowed to get a number of articles about mathematical problems and solutions in a very effective way. Some of these articles are for beginners while others are intended for advanced users. If you want to find the way to solve algebra, geometry or probability problems this is the right site for you to find what you need.

For my Computer Security students. How cool is a school that teaches their students to hack it?

How to Bypass Firewalls & Get into Blocked Websites in School or at Work with FreeProxy (Windows)

Apr. 23rd, 2009 By Ryan Dube

Thursday, April 23, 2009

Build this into your “Disaster Planning”

FL: SunTrust Banks first replacing cards due to Heartland breach

April 22, 2009 by admin Filed under: Financial Sector, Hack, Malware, U.S.

WESH reports that SunTrust Banks sent out letters this week to customers informing them that their cards were being replaced due to the Heartland breach.

WESH’s reporter asked what I would have asked: why are notifications first being sent now? The news station reports, “When asked why it took SunTrust so long to find out and notify customers, the representative said it takes months to sort it all out and SunTrust was probably part of the last wave of banks to learn that they could be affected.” [That alone would cause me to sue. Bob]

The value of breach notifications in reducing the risk or extent of identity theft has been a matter of research and debate in the past year. Certainly, however, if notification is to reduce the risk of misuse, it needs to be timely. The Heartland breach was announced three months ago. In this day and age, three months seem too long to notify. Yes, I know that consumers have no liability in some situations, but eventually we all pay for the fraudulent charges. The Heartland breach may have challenged card issuers and financial institutions due to the scale of the breach, but hopefully someone will do an analysis of the response to the incident to determine how quickly all affected institutions were notified and provided with necessary information, and how quickly financial institutions notified affected individuals and/or replaced cards.

[From the article:

"They took the measures to cut it off immediately and send me new cards. The question is, 'Why?' Because they don't say why in any of the letters."

Related. More factoids for planning

Intel finds stolen laptops can be costly

by Brooke Crothers April 22, 2009 10:35 PM PDT

A laptop's value is more than meets the eye. Intel says stolen laptops cost corporate owners more than $100,000 in some cases, in a study announced Wednesday.

The study on notebook security, commissioned by Intel and conducted by the Ponemon Institute, states that laptops lost or stolen in airports, taxis, and hotels around the world cost their corporate owners an average of $49,246 "reflecting the value of the enclosed data above the cost of the PC," Intel said.

Analyzing 138 instances of lost and stolen notebooks, the study based the $49,246 price tag on costs associated with replacement, detection, forensics, data breach, lost intellectual property, lost productivity, and legal, consulting and regulatory expenses, Intel said. Data breach alone represents 80 percent of the cost.

Who owns a missing notebook is important, Intel said. It is not the CEO's computer that is the most valued, but a director or manager, according to the study. A senior executive's notebook is valued at $28,449, while a director or manager's notebook is worth $60,781 and $61,040, respectively.

The average cost if the notebook is discovered missing the same day is $8,950, according to the study. After more than one week, this figure can reach as high as $115,849.

If you're cool (and deserve a larger budget), you're being hacked by China.

International hackers, many from China, are attacking NYPD computers

BY Alison Gendar and Bill Hutchinson DAILY NEWS STAFF WRITERS Updated Wednesday, April 22nd 2009, 7:07 PM

A network of mystery hackers, most based in China, have been making 70,000 attempts a day to break into the NYPD's computer system, the city's top cop revealed Wednesday.

… Sources said it appears the hackers have devised a automated system in which computers around the world make up to 5,000 attempts a day at pinpointing unsecured portals into the NYPD's files.

[University of Toronto's report on Ghost Net:

...and this looks bigger than initially reported. And the infrastructure looks less resilient.

A Cyber-Attack On an American City

Posted by timothy on Wednesday April 22, @05:02PM from the if-by-one-day-you-mean-already dept. Security The Internet United States

Bruce Perens writes

"Just after midnight on Thursday, April 9, unidentified attackers climbed down four manholes in the Northern California city of Morgan Hill and cut eight fiber cables in what appears to have been an organized attack on the electronic infrastructure of an American city. Its implications, though startling, have gone almost un-reported. So I decided to change that."

When you don't know what to do: reorganize!

White House may relieve DHS of cybersecurity role

by Declan McCullagh April 22, 2009 4:47 PM PDT

SAN FRANCISCO--The federal official overseeing a 60-day review of the U.S. government's cybersecurity efforts indicated Wednesday that the final report recommends shifting more responsibilities to the White House.

… Hathaway said her report--which has not yet been made public--was finished on Friday and has been sent to President Obama for his approval.

… Any effort by the Obama administration to reshuffle cybersecurity responsibilities will face a significant challenge: the protocols and hardware that make up today's Internet are created and maintained by the private sector. Companies like Cisco Systems, Microsoft, Google, AT&T, and Verizon--not Washington bureaucracies--operate today's Internet, and it's not clear that outside help will be useful.

"Protecting cyberspace requires strong vision and leadership and will require changes in policy, technology, education, and perhaps law," Hathaway said. "Achieving this vision requires leadership and commitment from the highest levels of government, industry, and civil society."

I can find no support for the numbers quoted, but they are correct to say we didn't win the exchange...

Nefarious Conficker worm racks up $9.1 billion bill

Security By Aharon Etengoff Tuesday, April 21, 2009 12:46

Another endorsement of my “power to the people” Internet Provider scheme. Perhaps we could use some of the Economic Stimulus money to build a community owned network in Centennial? In any case, it appears that no cable company has a strategy for dealing with this ttrend.

Time Warner and Embarq can't compete with city-owned ISP, trying to outlaw it

by Nilay Patel, posted Apr 22nd 2009 at 7:03PM

Man, Time Warner Cable -- you are some shady players. Hot on the heels of the ISP's decision to withdraw DOCSIS 3.0 trials from areas that have rejected its tiered billing plan, we're hearing that TWC's teamed up with Embarq to persuade the North Carolina state government into banning community-owned broadband services. Why? Well, turns out the 47,000 residents of Wilson, NC got tired of paying for slow broadband, so the city government launched its own fiber ISP called Greenlight that offers some pretty solid packages ranging from $99 for 81 cable channels, unlimited phone service, and 10Mbps (down and up) internet to $170 for every single channel including premiums and 20Mbps up/down internet. (There's even a "secret" 100Mbps up/down internet plan.) Of course, these prices blow TWC and Embarq out of the water -- the comparable basic Time Warner plan has fewer channels and less bandwidth for an "introductory rate" of $137 -- and rather than compete, the two giants decided to lobby the North Carolina legislature into proposing bills that outlaw community services like Greenlight. The argument is that the big companies can't turn a profit and compete against a community-owned enterprise that essentially sells service for cost, but we're not buying it -- if anything, TWC and Embarq can invest the extra profits they've been earning in other areas into building services that would blow Greenlight out of the water. Yep, it's definitely some dirty pool -- does anyone have any positive feelings left for these behemoths?

Related? Sure looks like Comcast is trying to get ready for the more competitive future. Too little too late?

Comcast tries to stay relevant in online world

by Marguerite Reardon April 22, 2009 4:27 PM PDT

As more entertainment content makes it way online, Comcast is looking for new ways to remain relevant to its subscribers.

That'll teach her to besmirch the name of a fine purveyor of pornography!

Blogger who claimed online pornography security breach by N.J. company faces slander suit

Wednesday, April 22 2009 @ 03:30 PM EDT Contributed by: PrivacyNews

A Washington State hockey mom who accused a N.J.-based web firm that serves the pornography industry of a security breach that may have exposed customers' private information to hackers faces a hearing Thursday alleging she slandered the company.

The case against Shellee Hale focuses on forum posts she made about Too Much Media LCC, of Freehold, in a message board frequented by those in the online adult entertainment business. Too Much Media has sued Hale for slander claiming that while there was a security breach, no customer information was leaked.

Source -

[From the article:

Litigation like the lawsuit against Hale's has so far been uncommon in New Jersey, but that may change as blogs, chat rooms and networking sites become ubiquitous.

"It's rare, but I think it's going to become more common as that becomes the primary way of people communicating," said Tom Cafferty, counsel to the New Jersey Press Association.

… He said a court will most likely look at whether she was disseminating the information through a publication or for her own purpose, because judges realize they have to be careful who gets the protection. If the newsperson's shield is extended to everyone who posts items on the Internet, "then everyone is a journalist and the privilege becomes meaningless," he said. [or does it become a “Right?” Bob]

Most surveilled nation on earth says, “What's wrong with a little more?”

UK: All clear for Google Street View

Thursday, April 23 2009 @ 05:13 AM EDT Contributed by: PrivacyNews

Google's Street View technology carries a small risk of privacy invasion but should not be stopped, the UK's Information Commissioner has ruled.

Source - BBC Related - Common sense on Street View must prevail, says the ICO (pdf)

[Correct BBC link:

[From the article:

Dr Ian Brown, a privacy expert at the Oxford Internet Institute, said: "The phrase 'small risk of privacy detriment' betrays the slightly wrong mindset at the Information Commissioner's office as they are having to adopt a reactive approach when it's far too late to really do anything about it.

Maybe there is no real copyright infringement verdict...

Sorting out the Pirate Bay verdict

by Mats Lewan April 21, 2009 12:44 PM PDT

In the aftermath of the Pirate Bay trial, many Swedish law experts say they consider Friday's high-profile guilty verdict severe but fair. Very few had predicted the verdict before it was handed out.

Complicating the case in many observers' eyes was the fact that no copyright-protected files were stored or distributed on the Pirate Bay Web site. But reading the 107-page sentence from Stockholm's Tingsratt district court offers a clearer picture of the grounds on which the court found all four defendants guilty of having assisted in making 33 copyright-protected files accessible for illegal file sharing via

The reasoning makes clear that the principal crime was committed by individual file sharers.

… The four defendants--Peter Sunde, Gottfrid Svartholm Warg, Fredrik Neij, and Carl Lundström--were accused of having assisted in this crime, and according to Swedish law, it's not necessary to know who committed the infraction in such a case, only that it was committed.

… He referred, as precedent, to a case several decades ago when a person was sentenced for assisting in a case of mayhem, only for having held the culprit's coat.

In its verdict, the Stockholm court states that "responsibility for assistance can strike someone who has only insignificantly assisted in the principal crime," then goes on to show how the defendants participated to a sufficient extent to be considered guilty.

Related? They must have really different rules over there...

Judge In Pirate Bay Trial Biased

Posted by CmdrTaco on Thursday April 23, @08:48AM from the aren't-we-all dept. The Courts The Internet

maglo writes

"The judge who handed down the harsh sentence to the four accused in the The Pirate Bay trial was biased, writes Sveriges Radio (Sweden Public Radio): (swedish). Google translation. The judge is member of two copyright lobby organizations, something he shares with several of the prosecutor attorneys (Monique Wadsted, Henrik Pontén and Peter Danowsky). The organizations in question are Svenska Föreningen för Upphovsrätt (SFU) and Svenska föreningen för industriellt rättsskydd (SFIR)."

Completely unrelated? Inevitable extension of the Pirate Bay suit, but this doesn't look that similar to me – but then again, logic isn't part of their strategy. (Viable business model here?)

Copyright Lobby Targets 'Pirate Bay For Books'

Posted by samzenpus on Thursday April 23, @05:10AM from the what-about-the-library dept. Books

An anonymous reader writes

"TTVK, a Finnish national copyright lobby, is threatening a book rental service called Bookabooka for allegedly running the 'Pirate Bay for Books'. Bookabooka however does not offer a torrent tracker service, nor does it enable a user in any way to download eBooks; it simply provides a place for book owners to rent textbooks to each other via the traditional mail service. [Could I rent my music collection the same way? Bob] It is mandatory that all textbooks must be originals. The service is used by a lot of School and University students, and it does not handle the shipping or returns of the textbooks. Nevertheless, the Finnish book publishers' association (Suomen Kustannusyhdistys) is convinced the service is breaching the copyright laws and threatening their business. TTVK has given Bookabooka until Friday to cease operations or face a lawsuit. Bookabooka's founders have vowed to keep the service online and ignore the threat."

Hey, trust us! We're only gonna block illegal things things you don't want to see It's for the children!

Germany Institutes Censorship Infrastructure

Posted by samzenpus on Thursday April 23, @03:06AM from the not-for-your-eyes dept. Censorship Government

An anonymous reader writes

"Germany's government has passed a draft law for censorship of domains hosting content related to child pornography. A secret list of IPs will be created by the BKA, Germany's federal police; any attempted access to addresses on this list is blocked, logged (the draft seems to contradict press reports on this point) and redirected to a government page featuring a large stop sign. The law has not yet passed the assembly, however five of the largest ISPs have already agreed to voluntarily submit to the process even without a law in place. Critics argue that with the censorship infrastructure in place, the barrier for blocking access for various other reasons is very low. The fact that the current block can easily be circumvented may lead to more effective technologies to be used in the future. There are general elections as well as elections in several of the states later this year."

Wouldn't you like ot advertise on Oprah?

Oprah effect: 43% jump in Twitter traffic

… According to market tracker Hitwise, traffic to Twitter went up 43% in a before and after survey of the Oprah Effect.

Additionally, on April 17th, the day of Winfrey’s first Tweets, 37% of visits to were new visitors, Hitwise says. By comparison, Hitwise says Facebook’s ratio of new visitors in March were 8%.

Hitwise also looked at top search terms for the week, and found that “Oprah,” was no. 7, and “Oprah Twitter,” no. 35.

While my statistics students complain about all the hard work they must do to punch a few buttons in Excel, imagine the screaming if I asked them to build a map like this as a mid-term.

April 22, 2009

Slate: An interactive map of vanishing employment across the country

When Did Your County's Jobs Disappear? An interactive map of vanishing employment across the country, by Chris Wilson

  • "The economic crisis, which has claimed more than 5 million jobs since the recession began, did not strike the entire country at once. A map of employment gains or losses by county tells the story of how those job losses first struck in the most vulnerable regions and then spread rapidly to the rest of the country. As early as August 2007, for example—several months before the recession officially began—jobs were already on the decline in southwest Florida; Orange County, Calif.; much of New Jersey; and Detroit, while other areas of the country remained on the uptick. Using the Labor Department's local area unemployment statistics, Slate presents the recession as told by unemployment numbers for each county in America."

It might be nice to have all my videos in the same format. (Or at least, one I can play at the school)

5 Easy-to-use Freeware Video Converters

Apr. 22nd, 2009 By Israel Nicolas

For my White Hatters...

Apr 22, 2009

Looking For Free Cloud Computing? Look No Further!

… I have found a free cloud computing service! The service is called iCloud. True, you do get what you pay for.

… You get 3GB of "cloud" storage (There is that buzz word again) for your important documents which you can access anywhere there is an internet connection with a web browser. You also get a full suite of office applications, web browser (Yes, another way around Websense), instant messenger, RSS feed reader, and some other basic computing applications that you might find on a standard desktop.

You can never have enough serious academic research.

Designing DNA Circuits To Brew Tastier Beer

Posted by timothy on Wednesday April 22, @05:51PM from the but-can-they-make-beer-taste-good? Dept. Biotech

Al writes

"Researchers at Boston University have developed a way to predict the behavior or different DNA segments and make synthetic biology a little bit more reliable. James Collins and colleagues have built libraries of component parts and a mathematical modeling system to help them predict the behavior of parts of a gene network. Like any self-respected bunch of grad students, they decided to demonstrate the approach by making beer. They engineered gene promoters to control when flocculation occurs in brewers yeast, which allowed them to finely control the flavor of the resulting beer."

Wednesday, April 22, 2009

Another opportunity for Congress to get their face in the evening news?

Congress to probe Lime Wire over 'inadvertent sharing'

Tuesday, April 21 2009 @ 11:41 AM EDT Contributed by: PrivacyNews

The main investigative committee in the U.S. House of Representatives has reopened an probe of Lime Wire and other peer-to-peer file sharing firms over the issue of "inadvertent sharing." The move comes nearly two months after it was alleged Iran took advantage of a computer security breach to obtain information about President Barack Obama's helicopter.

CNET News has obtained copies of the letters written by the Committee on Oversight and Government Reform to the Department of Justice and the Federal Trade Commission asking them for help investigate the recent rash of security breaches caused when people who use P2P software accidental share information on networks like Lime Wire or BearShare.

Source - cnet

Related? - Watch Over Your Representatives

In a nutshell, this is a new site that will empower any citizen of the United States of America to watch the way his elected representatives operate. The site has three main features, and they go by the following names: “Bills & Resolutions”, “From The Floor” and “Head to Head”.

… “Bills & Resolutions” lets the user track the votes of representatives in the Senate and the House, in order to know how the latest legislation is shaping up.

… “From the floor” feature enables anybody to know what the representatives are saying both from the floors of the Senate and the House.

… “Head to Head” functionality will let you compare and contrast the voting history of any two representatives and learn how different their views are.

Sometimes you gotta do something to alleviate the boredom. (I wonder if the FBI surveils all teenage mall activities?

FBI workers charged with being electronic Peeping Toms

Wednesday, April 22 2009 @ 04:53 AM EDT Contributed by: PrivacyNews

The Associated Press reports that two FBI workers [Not agents – where were they? Bob] have been charged with conspiracy and committing criminal invasion of privacy. They are alleged to have used surveillance equipment [Binoculars? Bob] to spy on teenage girls as they undressed and tried on prom gowns at a charity event at a West Virginia mall.

Source -

Interesting implications for computer searches... “We thought the suspect's computer controlled an evil robot.” What does this do to computer searches at the border?

High Court Curbs Power of Police to Search Cars

Wednesday, April 22 2009 @ 04:56 AM EDT Contributed by: PrivacyNews

The Supreme Court ruled that police couldn't search the car of a person arrested unless the officer's safety was threatened or there was reason to think the car contained evidence of a crime, reviving a constitutional protection against unreasonable searches.

Source - Wall Street Journal

Related - SCOTUS: Search incident for driving on a suspended license violates Fourth Amendment: Arizona v. Gant; Belton limited

Here's my plan. We buy up a bunch of old phones, then start the rumor that they can be hacked to tap into the President's BlackBerry...

Nokia mystified over criminal bid for old phones

Tuesday, April 21 2009 @ 04:30 PM EDT Contributed by: PrivacyNews

The mystery why cybercriminals want a discontinued Nokia phone isn't getting any clearer.

Hackers have been offering up to €25,000 (US$32,413) in undergrounds forums for Nokia 1100 phones made in the company's former factory in Bochum, Germany. The phone can allegedly be hacked so as to facilitate illegal online banking transfers, according to the Dutch company Ultrascan Advanced Global Investigations.

Source - Computerworld

[From the article:

The 1100 can apparently be reprogrammed to use someone else's phone number, which would also let the device receive text messages. That capability opens up an opportunity for online banking fraud.

In countries such as Germany, banks send an mTAN (mobile Transaction Authentication Number) to a person's mobile phone that must be entered into a web-based form in order to, for example, transfer money into another account. A TAN can only be used once, a security feature known as a one-time passcode.

So big, it looks like organized crime?

Finjan warns two million computers worldwide hit by giant botnet

Wednesday, April 22 2009 @ 04:59 AM EDT Contributed by: PrivacyNews

A cyber gang based in the Ukraine has created one of the largest bot networks the world has ever seen, with at least 1.9 million computers around the world converted into zombie machines.

Source - Silicon Republic

[From the article:

It said that only four out of 39 major antivirus products are capable of spotting the malware.

… The cybercrime server has been in use since February 2009, is hosted in the Ukraine and is controlled by a cyber gang of six people.

… Since the discovery of its findings, Finjan has provided US and UK law enforcement with information about the server. [What would law enforcement be able to do about it? Should they have tools to fight this kind of crime? See the next article... Bob] Finjan has also contacted affected corporate and government agencies to let them know they were part of the infected computer names.


Botnet Expert Wants 'Special Ops' Security Teams

Posted by timothy on Wednesday April 22, @08:02AM from the if-wishes-were-horses dept. Security

CWmike writes

"Criminal cybergangs must be harried, hounded and hunted until they're driven out of business, a noted botnet researcher said as he prepared to pitch a new anti-malware strategy at the RSA Conference in SF. 'We need a new approach to fighting cybercrime,' said Joe Stewart, director of SecureWorks' counterthreat unit. 'What we're doing now is not making a significant dent.' He said teams of paid security researchers should set up like a police department's major crimes unit or a military special operations team, perhaps infiltrating the botnet group and employing a spectrum of disruptive tactics. Stewart cited last November's takedown of McColo as one success story. Another is the Conficker Working Group. 'Criminals are operating with the same risk-effort-reward model of legitimate businesses,' said Stewart. [Haven't they always done so? Bob] 'If we really want to dissuade them, we have to attack all three of those. Only then can we disrupt their business.'"


Botnets: Reasons It's Getting Harder to Find and Fight Them

by Bill Brenner

April 20, 2009, 09:11 AM — CSO — The perpetual proliferation of botnets is hardly surprising when one considers just how easy it is for the bad guys to hijack computers without tipping off the users.

Botnets have long used a variety of configurations, in part to disguise their control mechanisms -- see What a Botnet Looks Like. But as user-friendly but insecure applications continue to become available -- especially social networking programs used by the non-tech-savvy -- hackers have an ever growing number of security holes to choose from. They're also getting smarter about building resilient architectures, according to botnet hunters who have monitored recent activity.

Here are four reasons the botnet fight is getting harder, and what to do about it:

Related? Secure techniques should come with a guarantee...

U.K. Man Sues Bank Over 'Phantom' Withdrawals from Chip-and-PIN Account

By Kim Zetter April 21, 2009 11:30:00 AM

… After the Halifax bank refused to restore $3,100 that Alain Job says was stolen from his account, he filed suit last year and is set to state his case in court on April 30.

The case highlights the fragility of the chip-and-PIN security scheme that was launched in the UK in 2004 and became mandatory nationwide in early 2006. The system was supposed to have resolved questions about who was liable when funds were withdrawn from accounts, since only someone who possessed both the card and the PIN could theoretically make a withdrawl.

… But security experts have found several ways for criminals to clone the chips or fool ATMs into thinking a fake card is authentic. And the cards have another flaw. In order to be compatible with ATMs in the U.S. and elsewhere that read only magnetic-stripe cards, UK cards have a backup magnetic stripe on them. Thieves can still obtain the account number from the magnetic stripe using a skimmer installed on an ATM and then use a camera hidden in the ATM kiosk to capture the customer's PIN as he or she types it on the keypad.

Another security tip

F-Secure says stop using Adobe Acrobat Reader

by Elinor Mills April 21, 2009 2:42 PM PDT

With all the Internet attacks that exploit Adobe Acrobat Reader people should switch to using an alternative PDF reader, a security expert said at the RSA security conference on Tuesday.

Of the targeted attacks so far this year, more than 47 percent of them exploit holes in Acrobat Reader while six vulnerabilities have been discovered that target the program, Mikko Hypponen, chief research officer of security firm F-Secure, said in a briefing with journalists.

What's the next “Big Thing?”

The Future of the Phone: The End of the Cell

by Douglas Wolk reports: Soon "anytime minutes," "roll-over minutes," and even your mobile-phone contract will seem as quaint as the corner pay phone.

… Most Americans now have mobile phones, and a Nielsen Mobile report last year found that nearly one in five of us have cut the cord, abandoning our landline service entirely. Danny Kessler of Tempe, Arizona, is one of those people, except he has gone the next step: He recently gave up his cell-phone contract too. no hermit: He's a 27-year-old personal-safety instructor who has to be in touch with his clients. He just does all his telephoning via the internet. Today Kessler is an anomaly, but internet telephony (a.k.a. voice-over-internet-protocol, or VoIP) is in a position to dominate the phone business of the future just as mobile usurped the throne of the hard-wired handset.

… According to a recent Yankee Group report, 5.2 percent of Americans already use VoIP as their primary home phone.

Brief rant on the cost of bandwidth (nothing to do with the price)

A Layman's Guide To Bandwidth Pricing

Posted by timothy on Tuesday April 21, @04:18PM from the don't-grant-local-monopolies dept.

narramissic links to IT World's A Layman's Guide to Bandwidth Pricing, writing

"Time Warner Cable has, for now, abandoned the tiered pricing trials that raised the ire of Congressman Eric Massa, among others. And, as some nice data points in a New York Times article reveal, it's good for us that they did. For instance, Comcast says it costs them $6.85 per home to double the internet capacity of a neighborhood. But the bit of the Times article that we should commit to memory is this: 'If all Time Warner customers decided one day not to check their e-mail or download a single movie, the company's costs would be no different than on a day when every customer was glued to the screen watching one YouTube video after another.'"


The Road To Terabit Ethernet

Posted by Soulskill on Wednesday April 22, @08:43AM from the more-is-better dept. Networking

stinkymountain writes

"Pre-standard 40 Gigabit and 100 Gigabit Ethernet products — server network interface cards, switch uplinks and switches — are expected to hit the market later this year. Standards-compliant products are expected to ship in the second half of next year, not long after the expected June 2010 ratification of the 802.3ba standard. Despite the global economic slowdown, global revenue for 10G fixed Ethernet switches doubled in 2008, according to Infonetics. There is pent-up demand for 40 Gigabit and 100 Gigabit Ethernet, says John D'Ambrosia, chair of the 802.3ba task force in the IEEE and a senior research scientist at Force10 Networks. 'There are a number of people already who are using link aggregation to try and create pipes of that capacity,' he says. 'It's not the cleanest way to do things...(but) people already need that capacity.' D'Ambrosia says even though 40/100G Ethernet products haven't arrived yet, he's already thinking ahead to terabit Ethernet standards and products by 2015. 'We are going to see a call for a higher speed much sooner than we saw the call for this generation' of 10/40/100G Ethernet, he says."

Interesting, but unlikely. Yes, the technology is getting better, but that's no indication that students can or will use it.

BYU Prof. Says University Classrooms Will Be "Irrelevant" By 2020

Posted by timothy on Tuesday April 21, @01:12PM from the not-into-job-security dept. Education Communications

dragoncortez writes

"According to this Deseret News article, University classrooms will be obsolete by 2020. BYU professor David Wiley envisions a world where students listen to lectures on iPods, and those lectures are also available online to everyone anywhere for free. Course materials are shared between universities, science labs are virtual, and digital textbooks are free. He says, 'Higher education doesn't reflect the life that students are living ... today's colleges are typically tethered, isolated, generic, and closed.' In the world according to Wiley, universities would still make money, because they have a marketable commodity: to get college credits and a diploma, you'd have to be a paying customer. Wiley helped start Flat World Knowledge, which creates peer-reviewed textbooks that can be downloaded for free, or bought as paperbacks for $30."

Another tool to use in my quest to know more and more about less and less. - A Search Engine For Feeds

There is a long tail of feeds dong the rounds, and that comes as no surprise really. The vast majority of sites on the web today come complete with a RSS feed, and it is impossible to keep track of every single one. That happens for the simple reason that we can’t keep track of every site that surfaces, not even if we are interested in a given topic. That is why a search portal like this one has some intrinsic value – it will let you look up feeds that you might really like, and that would go unnoticed otherwise.

Sounds like Google is heading towards a social network? Sounds like a good way to establish the fact that I do own the Brooklyn Bridge and that it is for sale!

Now You Can Change What Google Says About You

Written by Marshall Kirkpatrick / April 21, 2009 1:01 PM

… Starting today, searchers who enter only the word "me" in the search box will be given an opportunity to set up or edit their Google Profile.

When someone searches for a name that matches a Google Profile, that profile may now be displayed at the bottom of the search results page.

Curious factoid # 6799 (and by the way, I'm doubling what I charge for this blog!)

U.S. Now Has Almost As Many Paid Bloggers As Lawyers

Henry Blodget|Apr. 21, 2009, 7:15 AM

More: Slate cofounder Scott Rosenberg digs around these numbers and finds reasons to be skeptical.

Some startling numbers pumped out by the Bureau of Labor Statistics: The U.S. now has almost as many paid bloggers as lawyers.

Something for all my tech classes...

64 Things Every Geek Should Know

April 21, 2009 at 03:04:28 AM, by Blair Mathis