Saturday, May 02, 2009

Relatively small, but some interesting players. If you're going to steal an ID, running a background check at the same time seems wise.

Possible Mass Security Breach Involving LexisNexis and Investigative Professionals (Update 1)

May 1, 2009 by admin Filed under: Business Sector, ID Theft, Other, U.S.

Ariel Bashi of CBS News reports:

CBS News has learned of another data breach potentially compromising the personal information of thousands of people. Companies Lexis Nexis and Investigative Professionals have sent up to 40,000 letters to customers whose “sensitive and personally identifiable” information may have been viewed by individuals who should not have had access.

The United States Postal Inspection Service is investigating a data breach at both companies that resulted in sensitive information being used in a crime. Those individuals have been notified. Sources tell CBS News that the data breach is linked to a Nigerian Scam artist who used the information to incur fraudulent charges on victims’ credit cards.

I’ll update this entry as more becomes available.

Update 1: Associated Press is reporting that LexisNexis notified 32,000 people that former customers may have viewed their personal info including Social Security numbers. So far, there seem to have been 300 victims from LexisNexis and Investigative Professionals.

Very small incident, but the article includes pictures of a skimmer attached to the ATM. Do you think you could spot it?

Skimming device found near Westminster ATM

By Anthony Bowe The Denver Post Posted: 05/01/2009 04:42:14 PM MDT Updated: 05/01/2009 05:51:54 PM MDT

… The information-stealing device was found April 23 on the ground next to a First Bank ATM at West 94th Avenue and Sheridan Boulevard. The ATM was last serviced on March 22, [I find it very difficult to believe they put a month's worth of cash in this ATM Bob] but police can't determined how long the skimmer was on the ATM.

They were compliant when they were hacked. They're still compliant. Are they still hackable?

Heartland Payment Systems Returns to Visa’s List of PCI DSS Validated Service Providers

May 1, 2009 by admin Filed under: Financial Sector

From the press release:

Following the completion of its annual Payment Card Industry Data Security Standard (PCI DSS) assessment, Heartland Payment Systems has successfully validated its compliance with PCI DSS. As such, Heartland is returning to Visa’s List of PCI DSS Validated Service Providers. According to Visa, Heartland will appear on the list - which can be found at — on Monday, May 4.

A long video (broken into chapters) on the evolution of “evil bots” Homework for my Computer Security class. Addresses surveillance, privacy, the TREAD Act, etc.

Daniel Suarez - Daemon: Bot-Mediated Reality

The Long Now Foundation

Willing to use the tools potential recruits use. What a concept!;_ylt=AgkMDdffM7Yp1KJ4kot0fF8jtBAF

Pentagon uses Facebook, Twitter to spread message

By SAGAR MEGHANI, Associated Press Writer Sagar Meghani, Associated Press Writer – Fri May 1, 7:37 am ET

FORT MONROE, Va. – You don't often hear a three-star general using the word "friend" as a verb.

Related “and there shalt be no constituency that escape-ith the politicians lies”

May 01, 2009

White House Website Adds Links to FaceBook, Twitter, MySpace

The White House homepage (scroll to the very bottom, on the right hand side) now includes links to social networking sites Facebook, Twitter, Flickr, MySpace, as well as to YouTube, Vimeo and iTunes.

I may have found those F-35 specs the Pentagon lost... - Free Manuals For Everybody

In case you need to learn how to use a program or a tool, you might need to read some specific manual or handbook in order to be able to perform any special task.

There are many sites where you can download a number of manuals about many topics. However, most of these sites are limited in relation to the number and accuracy of the manuals they offer.

… you can find more than 5.770.000 manuals (and growing) to search for whatever you need.

… These manuals are for many systems, therefore it does not matter if you have an IPod or an I phone, a Mac or a Pc, you will have the chance to be successful in the search for your needed manual.

A Cloud for my hackers... (I have to give them something to attack, or they might come after me! - Cloud Computing Made Easy

This site was created with the purpose to give users all the data they might be in the look for when it comes to getting high quality and special computing services.

This service is a good way to understand everything you need to know about the Cloud Computing technological solutions.

Eucalyptus can be defined as an open-source system, which gives users the possibility to put into practice on-premise private and hybrid clouds.

Friday, May 01, 2009

Another case of the “We don't know's”

Hackers may have gotten to Virginia health professions computers

May 1, 2009 by admin Filed under: Government Sector, Hack, U.S.

Tammie Smith of The Richmond Times-Dispatch reports that Virginia Department of Health Professions servers containing licensing information on all licensed health professionals may have been hacked. All 36 computer servers were shut down “after a midday message popped up on some computer screens that implied the system was being hacked.” The department is investigating and also trying to determine if the servers were hacked, and if so, if any licensees’ information such as Social Security numbers was compromised. The state has about 300,000 licensees.

[From the article:

That shutdown meant employees could not send or receive e-mail or use their Web browsers, and for a time some telephones were not working.

A local case of the “We don't think's” No, its not computer related – just an illustration of the mindset that will specify computer (in)security in the future.

CO: Sensitive documents were not secure?

May 1, 2009 by admin Filed under: Exposure, Government Sector, Paper, U.S.

Peter Marcus of The Denver Daily News reports:

City employees and officials are in the midst of a blame game over unsecured juvenile court records and sensitive personnel files.

Denver Auditor Dennis Gallagher yesterday issued an alert warning of security concerns over unsecured juvenile court records, as well as sensitive personnel files, left open to the public in a basement storage room of the City and County Building.

[Correct link:

Interesting. The article suggests that a “man in the middle” attack was used. If true, the password cracker program was not needed.

Online systems hacked; two students arrested

April 30, 2009 By Nick Dean Staff writer

Two Baylor students were arrested Tuesday in connection with compromised e-mail and Facebook accounts.

One Baylor e-mail and two Facebook accounts were hacked during the weekend starting March 27. Two victims filed reports to the Baylor Police Department [Is this common? I wonder if the Help Desk suggested contacting the Police? Bob] citing they had been locked out of their accounts. Of the two victims, one had both e-mail and Facebook account compromised and the other only a Facebook account.

… After receiving two complaints, the Baylor Police Department contacted Facebook investigators and received subpoenas that gave officers access to IP addresses.

"IP addresses are like fingerprints," [True. But they are machine fingerprints, not people fingerprints. Bob] Baylor police Lt. Kevin Helpert said. "Facebook was able to figure out [No figuring involved. This information is in a log. Bob] what IP address was at the specific Web site."

… The McLennan County District Attorney granted search warrants to Baylor police for Lukashevich's room that provided officers the ability to seize anything that could store electronic information. [Because overkill is better than a flesh wound? Bob] Baylor police reported that they confiscated two laptops, several compact discs, thumb-drives and an Apple iPhone.

Officers found 42 account names and passwords saved that were linked to accounts on Web sites such as Myspace, Yahoo, Gmail, Facebook and Baylor. No bank account information was found, according to Baylor police.

Forensic investigators discovered that the hacker had used a program to get usernames and passwords. The Baylor police department declined to say which program was used, though they said Lukashevich did not create the program.

[A simple Google search yields: Results 1 - 10 of about 2,970,000 for "password cracker". (0.19 seconds) (I would start with the first one on the list, “John the Ripper” Bob]

… Another suspect, Baylor Georgetown freshman Nicholas Batts came to the attention of Baylor police when subpoenas on Facebook information brought forth Facebook-chat messages between Lukashevich and Batts. The chats contained a conversation between the two suspects about the number of accounts they had information for, Baylor police said.

A bit of a follow-up.

April 30, 2009

Pentagon Fighter-Jet Breach

There has been a lot of discussion about the recently disclosed Pentagon breach where classified plans regarding the 300 Billion Joint Strike Fighter Project were compromised. Most of the posts and articles I have been reading have discussed this in terms of the risk around those specific plans getting into the wrong hands. In my opinion, that is somewhat a sub-story. To me, the bigger points that we should be talking about are these:

1) This breach happened in 2007 and we are just learning about this now?
2) Similar incidents have also breached the Air Force’s air-traffic-control system.
3) They say the criminals got away with “several terabytes of data”. Are they sure that the only thing that was taken were these fighter plans?
4) The system “had been repeatedly broken into”
5) The breach occured through more than one 3rd party network. They also mention that Lockheed Martin is the primary contractor on the project without specifically saying that the breach occured through them.

One point the article makes that I completely agree with is that things do seem to be heating up in a Cyberspace war between nations, groups, and individuals.


Microsoft Offers Secure Windows … But Only to the Government

By Kim Zetter Email Author April 30, 2009

It’s the most secure distribution version of Windows XP ever produced by Microsoft: More than 600 settings are locked down tight, and critical security patches can be installed in an average of 72 hours instead of 57 days. The only problem is, you have to join the Air Force to get it.

… At a congressional hearing this week on cybersecurity, Alan Paller, research director of the Sans Institute, shared the story as an template for how the government could use its massive purchasing power to get companies to produce more secure products. And those could eventually be available to the rest of us.

Security experts have been arguing for this “trickle-down” model for years. But rather than wield its buying power for the greater good, the government has long wimped out and taken whatever vendors served them. If the Air Force case is a good judge, however, things might be changing.

… Gilligan, who served as CIO of the Air Force from 2001 to 2005 and now runs a consulting firm, said it all began in 2003 after the NSA conducted penetration tests on the Air Force network as part of its regular testing of Pentagon cybersecurity.

NSA pen-testers made Swiss cheese of the network, and found that more than two-thirds of their intrusions were possible because of poorly configured software that created vulnerabilities.

At least Big Brother did his censoring himself... The specified URLs are easily blocked. Blocking access is something else entirely.

Minnesota orders ISPs to blacklist gambling sites

by Declan McCullagh May 1, 2009 4:45 AM PDT

The state of Minnesota has handed Internet providers a 7-page blacklist [plus all the letters to the ISPs Bob] of gambling Web sites that they're supposed to prevent customers from accessing, a move that raises First Amendment and technical concerns.

"We are putting site operators and Minnesota online gamblers on notice and in advance," said John Willems, a Minnesota Department of Public Safety official, in a statement. Companies that received the list of off-limits Web sites -- which was made public on Thursday -- include AT&T, Comcast, Qwest, and Sprint/Nextel.

Is this the result of “bandwidth overcapacity” followed by the crash, followed by an economic downturn? Or is the author simply nuts?

Think-Tank Warns of Internet "Brownouts" Starting Next Year

Posted by timothy on Thursday April 30, @01:24PM from the malthus-was-right dept. The Internet Networking

JacobSteelsmith writes

"A respected American think-tank, Nemertes Research, reports the Web has reached a critical point. For many reasons, Internet usage continues to rise (imagine that), and bandwidth usage is increasing due to traffic heavy sites such as YouTube. The article goes on to describe the perils Internet users will face including 'brownouts that will freeze their computers as capacity runs out in cyberspace,' and constant network 'traffic jams,' similar to 'how home computers slow down when the kids get back from school and start playing games.' ... 'Monthly traffic across the internet is running at about eight exabytes. A recent study by the University of Minnesota estimated that traffic was growing by at least 60 per cent a year, although that did not take into account plans for greater internet access in China and India. ... While the net itself will ultimately survive, Ritter said that waves of disruption would begin to emerge next year, when computers would jitter and freeze. This would be followed by brownouts — a combination of temporary freezing and computers being reduced to a slow speed.'"

For the Forensic file...

Forensics Tool Finds Headerless Encrypted Files

Posted by timothy on Thursday April 30, @04:17PM from the sir-there's-an-anomaly-here dept. Encryption Data Storage

gurps_npc writes

"Forensics Innovations claims to have for sale a product that detects headerless encrypted files, such as TrueCrypt Dynamic files. It does not decrypt the file, just tells you that it is in fact an encrypted file. It works by detecting hidden patterns that don't exist in a random file. It does not mention steganography, but if their claim is true, it seems that it should be capable of detecting stenographic information as well."

Attention Osama! Want you own UAVs? (With maybe a small camera in the nose sending targeting information scenic pictures to your cell phone?) “Terrorism! There's an app for that!”

Fly An R/C Plane With an iPhone

Posted by timothy on Friday May 01, @01:45AM from the dive-dive-dive dept. Hardware Hacking Portables (Apple) Toys

An anonymous reader writes

"Ever wished your iPhone could do more than just play some cool games? How about using it as a spread spectrum transmitter to fly your R/C Toys around, complete with using a Linksys router as a receiver?"

This looks like one of my favorite papers (Paul David's “The Dynamo and the Computer” ) providing an historical perspective on current issued.

The Sewing Machine War

Posted by timothy on Thursday April 30, @02:14PM from the gmu-rockin'-in-the-free-world dept. Patents

lousyd writes

"Volokh has hosted a paper by George Mason University law professor Adam Mossoff on the patent fracas a century and a half ago surrounding the sewing machine. A Stitch in Time: The Rise and Fall of the Sewing Machine Patent Thicket challenges assumptions by courts and scholars today about the alleged efficiency-choking complexities of the modern patent system. Mossoff says that complementary inventions, extensive patent litigation, so-called 'patent trolls,' patent thickets, and privately formed patent pools have long been features of the American patent system reaching back to the antebellum era."


Canadian Pirates Sell Spurious Songs — In 1897

Posted by kdawson on Friday May 01, @08:45AM from the stopping-it-at-the-border dept. Music

Reservoir Hill writes

"The NYTimes reported in their June 13, 1897 edition that 'Canadian pirates' were flooding the country with spurious editions of the latest copyrighted popular songs. 'They use the mails to reach purchasers, so members of the American Music Publishers Association assert, and as a result the legitimate music publishing business of the United States has fallen off 50 per cent in the past twelve months' while the pirates published 5,000,000 copies of songs in just one month. The Times added that pirates were publishing sheet music at 2 cents to 5 cents per copy although the original compositions sold for 20 to 40 cents per copy. But 'American publishers had held a conference' and a 'committee had been appointed to fight the pirates' by getting the 'Post Office authorities to stop such mail matter because it infringes the copyright law.' Interestingly enough the pirates of 1897 worked in league with Canadian newspapers that published lists of songs to be sold, with a post office box address belonging to the newspaper itself. Half the money went to pay the newspapers' advertising while the other half went to the pirates who sent the music by mail." The AMPA never dreamed of suing their customers, though.

Microsoft acting like Microsoft. No doubt this violates all kinds of “we won't act like a monopoly” agreements.

IE8 Update Forces IE As Default Browser

Posted by timothy on Friday May 01, @08:07AM from the how-awfullly-polite dept.

We discussed Microsoft making IE8 a critical update a while back; but then the indication was that the update gave users a chance to choose whether or not to install it. Now I Don't Believe in Imaginary Property writes in with word that the update not only does not ask, but it makes IE the default browser.

"Microsoft has a new tactic in the browser wars. They're having the 'critical' IE8 update make IE the default browser without asking. Yes, you can change it back, but it doesn't ask you if you want IE8 or if you want it as the default browser, it makes the decisions for you. Opera might have a few more complaints to make to the EU antitrust board after this, but Microsoft will probably be able to drag out the proceedings for years, only to end up paying a small fine. If you have anyone you've set up with a more secure alternative browser, you might want to help check their settings after this."

Related. Yes, it is a big deal. (Because you never get fired for choosing the default settings?

Despite browser wars, the enterprise still loves IE 6

by Larry Dignan May 1, 2009 6:03 AM PDT

This was originally posted at ZDNet's Between the Lines.

This news may come as a shocker to the tech-savvy folks in the house, but 60 percent of companies use Internet Explorer 6 as their default browser, according to Forrester Research. Meanwhile, your IT department spends a decent amount of time erecting barriers to prevent browser upgrades. Bottom line: companies need a browser policy, or they will risk productivity losses.

Interesting. We could have started the panic much earlier! Something for my Statistics and Data Analysis classes.

Google Could Have Caught Swine Flu Early

By Alexis Madrigal Email Author April 29, 2009 3:40 pm

Google’s search data may have been able to provide an early warning of the swine flu outbreak — if the company had been looking in the right place.

… “We did see a small increase in many parts of Mexico before major news coverage began last week,” said Jeremy Ginsberg, lead engineer for’s Flu Trends.

But the Google Flu Trends team, which aggregates and analyzes search queries to estimate how many people are sick, wasn’t watching Mexican flu data until after the outbreak had already begun. That highlights the problem with tech-heavy disease-detection systems: Often, we don’t know what internet data to look at until after a problem starts.

… You can check out the data yourself at the site, Experimental Flu Trends for Mexico, launched today.

If you want your message to be understood, use a table. (Is that why so many don't?)

Privacy notices work best in tables, says US gov research

Thursday, April 30 2009 @ 06:30 AM EDT Contributed by: PrivacyNews

Bank customers best understand privacy and information sharing policies when they are structured as a table rather than as solid text, a study for the US government has found.

Source -, via The Register Related - FTC Report (pdf)

We were discussing the rise of the Pirate Party at lunch yesterday. Having a voice in the EU Parliament will allow them to point out the laws designed to strengthen the status quo. Should be interesting. Wonder what would happen if it came to the US? Perhaps a replacement for the Republicans?

Swedish Pirate Party Heading for EU Parliament

Written by enigmax on April 30, 2009

A poll carried out by a major Swedish newspaper predicts that the Pirate Party will grab around 5.1% of the votes in the upcoming European Union elections. This means that the movement, which has gathered huge momentum due to the Pirate Bay ‘guilty’ verdict, will get a seat in the EU Parliament.

Support for the Swedish Pirate Party really began to surge with the introduction of the IPRED anti-piracy legislation. Its membership already surpassed that of the Green Party, [and we know what a pain in the butt they were... Bob] with more than half of men under 30 reportedly considering voting for them in the 2009 European Parliament elections.

Google looking at the 22nd Century?

Innovation: How your search queries can predict the future

08:09 30 April 2009 by Jim Giles

Real-time web search – which scours only the latest updates to services like Twitter – is currently generating quite a buzz because it can provide a glimpse of what people around the world are thinking or doing at any given moment. Interest in this kind of search is so great that, according to recent leaks, Google is considering buying Twitter.

The latest research from the internet search giant, though, suggests that real-time results could be even more powerful – they may reveal the future as well as the present.

Almost the model I proposed. (video)

Empowering Internet Users: Two Ideas to Reshape Broadband

The Association for Computing Machinery

Coming Soon: Privately Owned Fiber Optics to the Home

Related This is how ISPs are abusing their monopolies (cable) and acting like monopolies even when they aren't.

AT&T Quietly Updates its Wireless Plans (Again)

April 29th, 2009 by Robb Topolski

Quietly, last night, AT&T revised its wireless plans. In the latest changes to the company’s service terms, it looks like AT&T is trying to exempt its own video services while prohibiting competing services like the Slingbox.

Sound familiar? I wrote about it on April 3rd. iPhone and PDA users literally felt their significant investment get less valuable. They complained, and AT&T removed the offending language by the next day, calling the language a mistake.

Guess what? It’s back!

Sometime in the past 24 hours, AT&T changed the TOS again:

This means, by way of example only, that checking email, surfing the Internet, downloading legally acquired songs, and/or visiting corporate intranets is permitted, but downloading movies using P2P file sharing services, redirecting television signals for viewing on Personal Computers, web broadcasting, and/or for the operation of servers, telemetry devices and/or Supervisory Control and Data Acquisition devices is prohibited.

This is a company that already limits users’ consumption of bandwidth (it has a 5 GB cap). As I said in my previous post, it’s not very “Internet” when the ISP is picking and choosing what legal activities you may and may not do with your connection. With AT&T prohibiting you from watching your TV, they figure that you’re much more likely to subscribe to their “AT&T Mobile TV” service.

Related Why ISPs are changing their terms of service?

Disney Scores Sweetheart Hulu Deal

By Eliot Van Buskirk Email Author April 30, 2009 2:48 pm

Disney announced earlier today that it intends to acquire an approximate 30 percent stake in Hulu, the online video site launched by NBC/Universal and Fox network owner News Corp, a move that will let Hulu users watch full-length ABC TV shows for free.

Thursday, April 30, 2009

In the era of electronic medical records, the entire medical history goes with the name?

Andrew Speaker, who had TB, sues CDC over privacy

Wednesday, April 29 2009 @ 11:28 AM EDT Contributed by: PrivacyNews

An Atlanta lawyer who was misdiagnosed with a severe strain of tuberculosis, when he had a more treatable form, has sued the Centers for Disease Control and Prevention for invasion of privacy.

Source - AJC Previous Coverage - Chronicles of Dissent

[From the article:

“They had no right to stand up and talk about my private medical information,” Speaker said Wednesday. “It gave them an opportunity to create a big story they could use to get funding.”

… At no time, the suit said, did the CDC disclose that Speaker had been told he was not contagious and the XDR diagnosis was preliminary and contradicted by all other findings that showed he had a less drug-resistant strain.

Instead, the CDC unlawfully released details of Speaker’s medical history, his alleged condition, details of his wedding and his identity, “none of which needed to be released to the general public in order to accomplish any legitimate public health purpose.”

If for no other reason, look at the FBIs history of failed IT projects.

Massive FBI Data-Mining Project Needs Congressional Oversight

Thursday, April 30 2009 @ 06:05 AM EDT Contributed by: PrivacyNews

The Electronic Frontier Foundation (EFF) called on Congress today to examine the Investigative Data Warehouse (IDW) -- a massive FBI data-mining project that includes a billion of records, many of which contain personal information on American citizens. Supporting its request, EFF provided Congress with its new report on IDW, published today with information obtained through Freedom of Information Act (FOIA) litigation.


For the full letter to Senator Leahy:

For EFF's report on the IDW:

For this release:

I wonder if fewer requests for wiretaps translates to fewer wiretaps.

April 29, 2009

US Courts: Wiretap Applications Decline in 2008

"A total of 1,891 applications to federal and state judges for orders authorizing the interception of wire, oral or electronic communications were reported in 2008. No applications were denied. [Rubber stamp? Bob] This is a 14 percent decrease in the total of applications reported, compared to 2007. Fewer states—22 states compared to 24 in 2007—reported wiretap activity and the number of applications approved by state judges, 1,505, was down 14 percent from 2007. Federal judges approved 386 applications, down 16 percent from 2007. Orders for 28 wiretaps were approved for which no wiretaps actually were installed. Additional data on applications for wiretaps for the period January 1 through December 31, 2008, is available online in the 2008 Wiretap Report."

[From the report:

In 2008, two instances were reported of encryptions encountered during state wiretaps; neither prevented officials from obtaining the plain text of the communications.

Is Warner determined to cut its own throat?

Warner Music Forces Lessig Presentation Offline

Posted by timothy on Wednesday April 29, @06:14PM from the streisand-times-one-million dept. The Courts Censorship

An anonymous reader writes

"Larry Lessig, known (hopefully) to everyone around here as a defender of all things having to do with consumer rights and fair use rights when it comes to copyright, is now on the receiving end of a DMCA takedown notice from Warner Music, who apparently claimed that one of Lessig's famous presentations violated on their copyright. Lessig has said that he's absolutely planning on fighting this, and has asked someone to send Warner Music a copy of US copyright law that deals with 'fair use.'"

Reader daemonburrito notes that the (rehosted) "video remains available at the time of this submission."

I'm not aware of any legitimate product/process using autorun that couldn't be modified to use a manual start. Commenters seem to agree (mostly)

Microsoft To Disable Autorun

Posted by timothy on Wednesday April 29, @05:28PM from the mounting-is-fine-but-opening-is-obnoxious dept. Windows Security IT

jchrisos writes

"Microsoft is planning to disable autorun in the next Release Candidate of Windows 7 and future updates to Windows XP and Vista. In order to maintain a 'balance between security and usability', non-writable media will maintain its current behavior however. In any case, if it means no more autorun on flash drives, removable hard drives and network shares, that is definitely a step in the right direction. Will be interesting to see what malware creators do to get around this ..."


See What Is Using Your Hard Drive’s Space (Windows)

Apr. 29th, 2009 By Karl L. Gechlik

OverDisk can analyze your hard drive or just a folder and break down what’s actually taking up your space.

Wednesday, April 29, 2009

For my Computer Security students: What kind of hack is most likely to stimulate legal and regulatory change?

WV: Bar association reports hack; members’ personal info at risk

April 28, 2009 by admin Filed under: Hack, Miscellaneous, U.S.

The Associated Press is reporting that the West Virginia State Bar’s web site and network were hacked and that members’ names, mail and e-mail addresses, lawyer identification numbers, and Social Security numbers of some members and former members may be compromised.

The breach was reportedly discovered “recently” and there is no indication as to when the breach may have actually occurred. The site has been offline since April 17 with a note that it is “down for maintenance.”

[From the article:

The Web site was taken offline April 17 and a new one will be built to replace it.

Related. How much of the iceberg is above water? I stopped posting breaches of less that 100,000 unless there is something humorous (or pathetic) about them. There are just too many to bother with.

Small breaches can have big consequences

April 28th, 2009 Rob Douglas

Over the course of the last year, the fact that many - perhaps most - data security breaches are going unreported by the majority of data breach reporting organizations and web sites has become very apparent.

… Equally as important, those overlooked “small” breaches are often far more significant than the larger breaches that are reported by data breach monitoring organizations. More often than not, the small, unreported breaches have actual victims who’ve sustained actual losses as compared to many of the larger breaches where it is fairly obvious the missing data will never fall into the wrong hands.

[I suspect this is true only for the very small breaches – those where someone is stealing paper receipts or applications. Bob]

Another consideration is that politicians can deny their cyberwar. No soldiers die, great fleets of ships and planes aren't launched, and it takes only a few people to start the automated attackes (which can be routed through many other countries to confuse things further.)

Should the US Go Offensive In Cyberwarfare?

Posted by kdawson on Tuesday April 28, @04:50PM from the mutually-assured-mayhem dept.

The NYTimes has a piece analyzing the policy discussions in the US around the question of what should be the proper stance towards offensive cyberwarfare. This is a question that the Bush administration wrestled with, before deciding that the outgoing president didn't have the political capital left to grapple with it. The article notes two instances in which President Bush approved the use of offensive cyberattacks; but these were exceptions, and the formation of a general policy was left to the Obama administration.

"Senior Pentagon and military officials also express deep concern that the laws and understanding of armed conflict have not kept current with the challenges of offensive cyberwarfare. Over the decades, a number of limits on action have been accepted — if not always practiced. One is the prohibition against assassinating government leaders. Another is avoiding attacks aimed at civilians. Yet in the cyberworld, where the most vulnerable targets are civilian, there are no such rules or understandings. If a military base is attacked, would it be a proportional, legitimate response to bring down the attacker's power grid if that would also shut down its hospital systems, its air traffic control system, or its banking system?"

Related Where is Pearl Harbor today?

The new ground zero in Internet warfare

The power grid is an obvious target for terrorists, but experts disagree about how to secure it

By Julia King

April 27, 2009 (Computerworld) When it comes to critical national infrastructure, the highly distributed and ultra-interconnected U.S. power grid is, hands down, the most vulnerable to cyberattack. On this one point, many cybersecurity experts seem to agree.

Yet just how likely a terrorist target is the grid? And what's the best way to secure and protect the massive inventory of generators, power plants and transmission lines plus the cat's cradle of computer networks that make up the electric power system?

Talk to 10 experts, and you'll likely get 10 different answers.

"The problem is that we have a hard time assessing risk," says Jim Lewis, a senior fellow specializing in cybersecurity at the Center for Strategic and International Studies. "We seem to settle on either indifference or a Bruce Willis movie."

Realistic? It could just be the frustration talking...

Jail for Data Loss CEOs, Say E-Crime Congress Survey Respondents

Tuesday, April 28 2009 @ 07:21 PM EDT Contributed by: PrivacyNews

An international survey of 104 security professionals conducted by Websense at this year’s e-Crime Congress reveals that 93% of respondents believe companies are under more pressure to protect against data loss due to the current economic climate.

Furthermore, security professionals also unanimously believe that businesses exposing consumers’ confidential data through a serious data breach should be punished for security negligence.

  • Nearly a third (30%) think that CEOs and board members should face imprisonment for exposing consumers’ confidential data, (representing an increase of 5% from last year’s survey)

  • 62% believe companies should be fined

  • 68% call for compensation for consumers affected

Source - PR Wire

Speaking of criminals... Let's talk about ISPs. Qwest still peaks at 20MBPS

Cablevision To Offer 101 Mbps Down, No Caps

Posted by kdawson on Tuesday April 28, @01:38PM from the like-a-drug dept.

It only works if they collect the data... Fortunately, they collect everything!

April 28, 2009

New Google Search Feature Makes It Easier Find and Compare Public Data.

Official Google Blog: "We just launched a new search feature that makes it easy to find and compare public data. So for example, when comparing Santa Clara county data to the national unemployment rate, it becomes clear not only that Santa Clara's peak during 2002-2003 was really dramatic, but also that the recent increase is a bit more drastic than the national rate...if you go to and type in [unemployment rate] or [population] followed by a U.S. state or county, you will see the most recent estimates..."

Do you, like overuse some like, you know, words like for example, like?


Author: Daniel - Date: October 6th, 2008

TagCrowd is a web application for visualizing word frequencies in any user-supplied text by creating what is popularly known as a tag cloud or text cloud

Tuesday, April 28, 2009

Law and sausages... At least ask yourself: “How will I explain this at my trial?”

Home Office 'colluded with Phorm'

By Darren Waters Technology editor, BBC News website

The Home Office has been accused of colluding with online ad firm Phorm on "informal guidance" to the public on whether the company's service is legal.

E-mails between the ministry and Phorm show the department asking if the firm would be "comforted" by its position.

Nothing new about people reacting more to tabloid headlines (Elvis is alive and practicing law in Anchorage.) than to dull, boring facts.

Twitter Considered Harmful To Swine-Flu Panic

Posted by kdawson on Tuesday April 28, @02:36AM from the you-have-the-flu-swine dept. Social Networks Medicine

judgecorp writes

"Twitter is being criticized for spreading panic about swine flu. This is not just knee-jerk Luddism 2.0: it's argued that Twitter's structure encourages ill-informed repetition, with little room for context, while older Web media use their power for good — for instance Google's Flu Trends page (which we discussed last winter), and the introduction of a Google swine flu map."

On a related note, reader NewtonsLaw suggests that it might be a good idea, epidemiologically speaking, to catch the flu now vs. later.

I've mentioned before that the Copyright argument has become a political football in Sweden. I think we need to keep an eye on this.

Swedish ISPs Obstruct New Anti-Piracy Legislation

Written by Ernesto on April 27, 2009

While all eyes were on the Pirate Bay trial, Swedish parliament passed the IPRED law, making it easier for copyright holders to go after illicit file-sharers. The law has only been in effect for one month and anti-piracy outfits are already facing problems using it, as ISPs take measures to protect their customers.

… Peter Danowsky, IFPI lawyer and legal representative in the first IPRED case, is not impressed with the ISPs opposition, and claims he can change the law. “Everyone in the parliament has been operating under the assumption that the ISPs are loyal to the legislation and don’t want to participate in breaking the law. If Tele2 takes this attitude and other operators follow, there will be a stronger law in the future,” he stated.

This is going to be a big area in the next few years... We might as well start learning the risks and benefits... (Some very interesting comments.)

Why Digital Medical Records Are No Panacea

Posted by timothy on Tuesday April 28, @09:06AM from the stop-shaking-the-bandwagon-you dept. Medicine

theodp writes

"As GE, Google, Intel, IBM, Microsoft and others pile into the business of computerized medical files in a stimulus-fueled frenzy, BusinessWeek reminds us that electronic health records have a dubious history. Under the federal stimulus program, hospitals can get several million dollars apiece for tech purchases over the next five years, and individual doctors can receive up to $44,000. There's also a stick: The feds will cut Medicare reimbursement for hospitals and practices that don't go electronic by 2015. But does the high cost and questionable quality of products currently on the market explain why barely 1 in 50 hospitals have a comprehensive electronic records system, and why only 17% of physicians use any type of electronic records? Joe Bugajski's chilling The Data Model That Nearly Killed Me suggests that may be the case."

An area ill served...

April 27, 2009

New on E-Discovery in the $50,000 Case

E-Discovery Update: E-Discovery in the $50,000 Case - Conrad J. Jacoby's focus for this column is smaller legal disputes that may involve electronic evidence, including divorce proceedings and child custody matters, as well as criminal cases, all of which may require review of cell phone call records, SMS and e-mail exchanges.

[From the article:

We now have a system of discovery in which parties are entitled to discover all facts, without limit, unless and until courts call a halt, which they rarely do. As a result, in the words of one respondent, discovery has become an end in itself and we routinely have “discovery about discovery.” Report at 16.

Listen to yourselves! You have customers rabid for your content and you don't know how to monitize that? What are you, a newspaper?

Developing World Is a Profit Sink For Web Companies

Posted by kdawson on Tuesday April 28, @08:17AM from the international-paradox dept.

The NYTimes is running a piece on the dilemma faced by Web entrepreneurs, particularly in social media companies: the developing world is spiking traffic but not contributing much to revenues. The basic disconnect when Web 2.0 business models meet Africa, Latin America, and the Middle East is that countries there are not good prospects for the advertisers who pay the bills. [Translation: “Not everyone wants Lexus.” What do they want? Bob]

"Call it the International Paradox. Web companies that rely on advertising are enjoying some of their most vibrant growth in developing countries. But those are also the same places where it can be the most expensive to operate, since Web companies often need more servers to make content available to parts of the world with limited bandwidth. And in those countries, online display advertising is least likely to translate into results. [What is that in actual numbers? Bob] ... Last year, Veoh, a video-sharing site operated from San Diego, decided to block its service from users in Africa, Asia, Latin America, and Eastern Europe, citing the dim prospects of making money and the high cost of delivering video there. 'I believe in free, open communications,' Dmitry Shapiro, the company's chief executive, said. 'But these people are so hungry for this content. They sit and they watch and watch and watch. The problem is they are eating up bandwidth, and it's very difficult to derive revenue from it.' ... Perhaps no company is more in the grip of the international paradox than YouTube, which [an analyst] recently estimated could lose $470 million in 2009, in part because of the high cost of delivering billions of videos each month."

You can put stuff online, but then you can view and copy the code for you own use... is a website that allows you to convert any file into an online web site. Currently supports conversion of:

* image/photo files (jpeg, gif, png, svg…)

* audio formats (mp3, ogg…)

* documents (doc, pdf, odt, txt, rtf…)

* programming source code (java, php, cpp…)

* web documents (html, htm, swf…)

* archive (zip, rar, tar…)

* video, fonts, chemical file formats and more

[I had a really smart guy in my last math class...

One more (very limited) tool for turning Youtube videos.into mp3s for your iPod.


Video2mp3 is a free YouTube to MP3 Converter and allows you convert and download a YouTube Video to MP3 file online. So you are able to listen to your favorite YouTube tracks on every MP3 player.

A tool for Cindy's “Sex & Power” class, brought to you by “Perverts R Us”


Watch NSFW (not safe for work, adult, mature, flagged, inappropriate for some etc) YouTube videos without signing in or signing up for YouTube account.

Fodder for my statistics students

April 27, 2009

Census Bureau Releases Data Showing Relationship Between Education and Earnings

News release: "The U.S. Census Bureau announced today that workers with a bachelor’s degree earned about $26,000 more on average than workers with a high school diploma, according to new figures that outline 2008 educational trends and achievement levels. The tables also show that in 2008, 29 percent of adults 25 and older had a bachelor’s degree, and 87 percent had completed high school. That compares with 24 percent of adults who had a bachelor’s degree, and 83 percent who had completed high school in 1998. Educational Attainment in the United States: 2008 is a series of tables containing data by characteristics such as age, sex, race, Hispanic origin, marital status, occupation, industry, nativity, citizenship status and period of entry. The tabulations also include historical data on mean earnings by educational attainment, sex, race and Hispanic origin."

I'd like to have the What Hat Hackers Club do something like this, but unbiases and without the sales pitch.

McAfee launches free online cybercrime help center

by Elinor Mills April 27, 2009 9:01 PM PDT

… The new Cybercrime Response Unit offers a forensic scanning tool that checks for malware on the computer and cookies left by suspicious Web sites to help determine if the machine has been compromised. A toll-free number is available for people whose scan results are worrisome.

… However, the tool does not run on Firefox...

It's good to have a famous librarian (Gary Alexander) keeping an eye out for information related to my hobbies. This may even keep some of the White Hat Hacker Club members out of jail!

The legal risks of ethical hacking

Good guys’ actions sometimes indistinguishable from criminal activity, researchers say

By Jon Brodkin , Network World , 04/24/2009

When ethical hackers track down computer criminals, do they risk prosecution themselves?

Security researchers at this week’s Usenix conference in Boston believe this is a danger, and that ethical hackers have to develop a uniform code of ethics for themselves before the federal government decides to take action on its own.

Monday, April 27, 2009

Introducing CUFF: (Commandos Using Facebook Forever) You must be 12 years old to enlist.

Social Software and National Security: An Initial ‘Net Assessment’

Sunday, April 26 2009 @ 08:52 AM EDT Contributed by: PrivacyNews

From the Center for Technology and National Security Policy, National Defense University. From the Executive Summary:

.... The proliferation of social software has ramifications for U.S. national security, spanning future operating challenges of a traditional, irregular, catastrophic, or disruptive nature. Failure to adopt these tools may reduce an organization’s relative capabilities over time. Globally, social software is being used effectively by businesses, individuals, activists, criminals, and terrorists. Governments that harness its potential power can interact better with citizens and anticipate emerging issues. Security, accountability, privacy, and other concerns often drive national security institutions to limit the use of open tools such as social software, whether on the open web or behind government information system firewalls. Information security concerns are very serious and must be addressed, but to the extent that our adversaries make effective use of such innovations, our restrictions may diminish our national security.

We have approached this research paper as an initial net assessment of how social software interacts with government and security in the broadest sense.1 The analysis looks at both sides of what once might have been called a “blue-red” balance to investigate how social software is being used (or could be used) by not only the United States and its allies, but also by adversaries and other counterparties....

Source - Full paper (pdf)

Kind'a what my students concluded...

The Sorry State Of Online Privacy

Sunday, April 26 2009 @ 01:38 PM EDT Contributed by: PrivacyNews

The Cloud is looming large, offering us ways to store and share our data in ways that were never before possible. We can effortlessly share our documents and photos with our families and friends, while maintaining control over their spread using powerful granular privacy controls. But it's quickly becoming clear that the cloud isn't ready for us. Because the services we rely on are letting us down with a frequency that is simply unacceptable.

Source - TechCrunch, Washington Post

Pirate Bay has a good sense of the absurd.

Pirate Bay IP Addresses Assigned to Prosecution Lawyers

Written by Ernesto on April 26, 2009

The Pirate Bay recently got a new range of IPs and to everyone’s surprise they are now linked to several movie and music industry lawyers involved in the TPB trial. According to the Pirate Bay’s Wikipedia entry the change was due to a hostile takeover, but most people know better.

… So why is this info in there, some might wonder. One explanation might be that during the Pirate Bay trial the prosecution used (incorrect) data from the RIPE database claiming that this was the absolute truth. The Pirate Bay team probably put the lawyers’ info in there themselves to show that this is not the case. Indeed, there is no doubt that they will have a hard time selling this ‘truth’ to the public now, with their own names being featured in the recent entry.

… One of the other advantages of the new RIPE WHOIS is that the Pirate Bay team doesn’t have to deal with any of the takedown requests anymore, as it states that all abuse email should be directed to the earlier mentioned law firms.

Related Since this case has clear political implications, this becomes an act of “hack-tivism,” not simple vandalism.

Pirate Bay Prosecution Law Firm Under Attack

Written by Ernesto on April 26, 2009

During the Pirate Bay trial Monique Wadsted represented several major movie studios and called for a “very significant” prison sentence for the defendants. This didn’t go down particularly well with some Pirate Bay supporters and now, in a retaliatory move, a few of them have now taken down her law firm’s website.

Would there be a market for a free content provider? I think so, and if the cable monopolies don't provide it, we could go around them...

Channeling TV shows to the Web

by Marguerite Reardon April 27, 2009 4:00 AM PDT

Cable operators and media companies are cautiously dabbling in on-demand online video, but this is one case where caution could be as dangerous as recklessness.

Recently, the nation's two largest cable operators have been talking about offering their cable lineup to subscribers online so they can view their favorite shows on their computers. And now, YouTube, the site Viacom sued for more than a $1 billion in 2007 and threatened to have shut down, is signing deals with big studios like Sony Pictures and Lionsgate, as well as TV network CBS. (CNET News is published by CBS Interactive, a unit of CBS.)

All this recent activity seems to suggest that cable companies and big media companies finally understand that the Web is their future. [Let's not leap to hasty conclusions... Bob]

Interesting, but I don't recommend the CAN-SPAM opt out...

World Privacy Forum's Top Ten Opt-Outs

Posted by kdawson on Sunday April 26, @10:50PM from the do-not-want dept.

Ant writes in to mention the World Privacy Forum's top ten information collector/user list, which shows opt-out instructions (or at least a starting point):

"As privacy experts, we are frequently asked about 'opting out,' and which opt outs we think are the most important. This list is a distillation of ideas for opting out that the World Privacy Forum has developed over the years from responding to those questions. ... Many people have told us that they think opting out is confusing. We agree. Opting out can range from the not-too-difficult (the FTC's Do Not Call list is a fairly simple opt out) to the challenging (the National Advertising Initiative (NAI) opt out can be tricky). Our hope is that this list will clarify which opt out does what, and how to go about opting out. In this list, some opt outs can be done by phone, some have to be sent in a letter via postal mail, and some can be accomplished online. Some opt outs last forever, some have time limits, and others can be changed at will. If an opt out is on this list, it is because we thought it might be important enough to be worth whatever annoyance it may pose. "

Sunday, April 26, 2009

New malware

Worm Solves Gmail's CAPTCHA, Creates Fake Accounts

Jeremy Kirk, IDG News Service

A Vietnamese security company has detected what it believes is a new worm that thwarts Google's security protections in order to register new dummy Gmail accounts from which to send spam.

… Once a computer is infected with Gaptcha, the worm launches the Internet Explorer browser and goes to Gmail's new account registration page. It begins to fill in random names of fictitious users. When confronted with a CAPTCHA, the worm sends the image to a remote server for processing, wrote Do Manh Dung, senior malware researcher, on the BKIS blog.

Old malware

Conficker virus begins to attack computers

A malicious software program known as Conficker is slowly being activated, weeks after being dismissed as a false alarm, according to computer security experts.

Last Updated: 11:38AM BST 25 Apr 2009

… Internet virus experts, however, claim it is now quietly turning thousands of personal computers into servers of e-mail spam and installing spyware.

… Conficker installs a second virus, known as Waledac, that sends out e-mail spam without knowledge of the PC's owner, along with a fake anti-spyware program, Weafer said.

The Waledac virus recruits the PCs into a second botnet that has existed for several years and specializes in distributing e-mail spam.

Paul Ferguson, a senior researcher with Trend Micro Inc, the world's third-largest security software maker, said: "This is probably one of the most sophisticated botnets on the planet.

"The guys behind this are very professional. They absolutely know what they are doing," said

Another 'new technology' business model. (and a simple suggestion for another)

Cybersquatting and Social Media

Posted by Soulskill on Sunday April 26, @09:28AM from the you-or-a-reasonable-facsimile-thereof dept. Privacy Social Networks News

Earthquake Retrofit writes

"Brian Krebs has a story about cybersquatting on social networking sites. He cites cases of people being impersonated and reports: 'A site called allows you to see whether your name or whatever nickname you favor is already registered at any of some 120 social networking sites on the Web today. For a $64.95 fee, the site will register all available accounts on your behalf, a manual process that it says takes one to five business days. Whether anyone could possibly use and maintain 120 different social networking accounts is beyond my imagination. I would think an automated signup service like would be far more useful if there was also a service that people could use to simultaneously update all of these sites with the same or slightly different content.' Is it time to saddle up for a new round of Internet land grabs?"

A Schneier blog post earlier this month pointed out a related story about how not establishing yourself on social sites, combined with the frequent lack of validation for friend requests, can provide identity thieves with a tempting target .

When you do something geeks don't like, expect them to take a long, serious look at your motivations.

The Circus Widens In Aftermath of Pirate Bay Verdict

Posted by kdawson on Saturday April 25, @04:19PM from the buy-me-some-peanuts-and-crackerjacks dept.

MaulerOfEmotards sends along an in-depth followup, from the Swedish press, of our discussion the other day about the biased trial judge in the Pirate Bay case.

"The turmoil concerns Tomas Norström, the presiding judge of The Pirate Bay trial, who is suspected of bias after reports surfaced of affiliation with copyright protection organizations. For this he has been reported to the appeals court (in Swedish; translation here). The circus around the judge is currently focused on three points. First, his personal affiliation with at least four copyright protection organizations, a state the potential bias of which he himself fails to see and refuses to admit. Secondly, Swedish trials use a system of several lay assessors to supervise the presiding judge. One of these, a member of an artists' interest organization, was forced by Mr. Norström to resign from the trial for potential bias. The judge's failure to see the obvious contradiction in this (translation) casts doubts on his suitability and competence. Thirdly, according to professor of judicial sociology Håkan Hydén (translation), the judge has inappropriately 'duped and influenced the lay assessors' during the trial: 'a judge that has decided that "this is something we can't allow" has little problem finding legal arguments that are difficult for assisting lay assessors to counter.'"

Click the link below to read further on Professor Hydén's enumeration of "at least three strange things in a strange trial." On a related note, reader Siker adds the factoid that membership in the Pirate Party exploded 150% in the week following the verdict. The Pirate Party now surpasses in size four smaller parties in Sweden, and is closing in on a fifth. Political fallout could ensue as soon as June, when an election for EU parliament will be held.

Professor Hydén continues with enumerating "at least three strange things in a strange trial" (translation): First, that someone can be sentenced for being accessory to a crime for which there is no main culprit: "This assumes someone else having committed the crime, and no such individual exists here... the system cannot charge the real culprits or it would collapse in its entirety." It is unprecedented in Swedish judicial history to sentence only an accessory. Second, that the accessories should pay the fine for a crime committed by the main culprits, "which causes the law to contradict itself." And third, that accessories cannot be sentenced to harsher than the main culprit, which means that every downloader must be sentenced to a year's confinement. Prof. Hydén sums up by saying that to allow this kind of judgement the Swedish Parliament must first pass a bill making this kind of services illegal, which it has not done.

The future is anything at any time for any price (starting at 'free')

The Economist On Television Over Broadband

Posted by kdawson on Sunday April 26, @08:09AM from the running-scared dept.

zxjio recommends a pair of articles in The Economist discussing television over broadband, and the effects of DVR use.

"Cable-television companies make money by selling packages of channels. The average American household pays $700 a year for over 100 channels of cable television but watches no more than 15. [Economists would call that “Monopolistic power” Bob] Most would welcome the chance to buy only those channels they want to watch, rather than pay for expensive packages of programming they are largely not interested in. They would prefer greater variety, too — something the internet offers in abundance. A surprising amount of video is available free from websites like Hulu and YouTube, or for a modest fee from iTunes, Netflix Watch Instantly and Amazon Video on Demand. ... Consumers' new-found freedom to choose has struck fear into the hearts of the cable companies. They have been trying to slow internet televisions steady march into the living room by rolling out DOCSIS 3 at a snails pace and then stinging customers for its services. Another favorite trick has been to cap the amount of data that can be downloaded, or to charge extortionately by the megabyte. Yet the measures to suffocate internet television being taken by the cable companies may already be too late. A torrent of innovative start-ups, not seen since the dot-com mania of a decade ago, is flooding the market with technology for supplying internet television to the living room." [Because every “conservation” move by the cable companies is a exploitable niche for the startups. Bob]

And from the second article on DVR usage patterns:

"Families with DVRs seem to spend 15-20% of their viewing time watching pre-recorded shows, and skip only about half of all advertisements. This means only about 5% of television is time-shifted and less than 3% of all advertisements are skipped. Mitigating that loss, people with DVRs watch more television. ... Early adopters of DVRs used them a lot — not surprisingly, since they paid so much for them. Later adopters use them much less (about two-thirds less, according to a recent study)."

Related How is any level of usage abuse of an unlimited use agreement?

Time Warner Shutting Off Austin Accounts For Heavy Usage

Posted by Soulskill on Saturday April 25, @10:21AM from the somebody-threw-them-a-shovel dept. Networking The Internet News

mariushm writes

"After deciding to shelve metered broadband plans, it looks like Time Warner is cutting off, with no warning, the accounts of customers whom they deem to have used too much bandwidth. 'Austin Stop The Cap reader Ryan Howard reports that his Road Runner service was cut off yesterday without warning. According to Ryan, it took four calls to technical support, two visits to the cable store to try two new cable modems (all to no avail), before someone at Time Warner finally told him to call the company's "Security and Abuse" center. "I called the number and had to leave a voice mail, and about an hour later a Time Warner technician called me back and lectured me for using 44 gigabytes in one week," Howard wrote. Howard was then "educated" about his usage. "According to her, that is more than most people use in a year," Howard said.'"

For my Data Mining & Data Analysis students

April 25, 2009

OCLC: - Online Catalogs: What Users and Librarians Want

"In 2008, OCLC conducted focus groups, administered a pop-up survey on—OCLC’s freely available end user interface on the Web—and conducted a Web-based survey of librarians worldwide. The report, Online Catalogs: What Users and Librarians Want, presents findings from these research efforts in order to understand:

  • The metadata elements that are most important to end users in determining if an item will meet his or her needs

  • The enhancements end users would like to see made in online library catalogs to assist them in consistently identifying appropriate materials

  • The enhancements librarians would recommend for online library catalogs to better assist them in their work

  • The findings indicate, among other things, that although library catalogs are often thought of as discovery tools, the catalog’s delivery-related information is just as important to end users.

Because I like lists (and the first site listed is BeFunkey, a favorite of mine)

28 Online Photo Editing Websites To have Fun With

By Dainis Graveris • April 25, 2009


5 Dead-Easy Ways to Create Your Own Panoramic Photos

Apr. 25th, 2009 By Mahendra Palsule

… Here are 5 ways to get you up and running with your own panorama without getting embroiled in advanced photographic terminology.

For the Swiss Army Folder? - Converting Documents With Ease

Do you need to convert any kind of document?

… On you will find a totally free online document conversion interface. This interface provides users with a very large set of document conversion tools indeed.

… and you will be able to find the latest audio convertors, as well as the ever-obligatory blog.

[From the site:

Don't know what you're dealing with? This routine inspects your file, and tries to identify the file format.

… Automatically create an RSS XML feed out of an html page.

… Data converter for conversion of PC or Unix files to and from an IBM host format.

… fixed record to delimited and reverse.

… Legacy spreadsheet to Microsoft Excel