Saturday, May 23, 2009

Not clear what is happening here. The reporting seems confused (was that deliberate on the CU's part?) For example, the Credit Union is referred to many times as a bank. (Maybe it's my teacher eye – the article reads like a plagiarized paper, with some 'corrections' missed.)

Another processor breached!?

May 22, 2009 by admin Filed under: Financial Sector, U.S.

WBZ is reporting that hundreds of bank customers are starting their holiday weekend off without their debit cards after a breach at the bank’s card processor, Metavante, forced the Winthrop Federal Credit Union to deactivate some customers’ MasterCards. [Can they do that? Does that suggest they are liable? Bob] At least one case of fraud has already been tentatively linked to the breach.

No one was immediately available at Metavante to confirm or clarify the report and there is no statement on their web site. Metavante is listed as PCI-DSS compliant on MasterCard’s listing dated May 19. They are also listed as compliant by Visa as of their May 19th listing, and completed a review this year where TrustWave was the assessor.

This post will be updated as I find out more or as more is reported in the mainstream media.

[From the article:

While it was not a security breach, [Not a breach of their system? Bob]the Winthrop Federal Credit Union decided to freeze [Not “forced” as above Bob] a block of cards as a precaution, something that Metavante did not advise them to do.

… "Maybe overcompensate, but what we did was we restricted access on a larger block of cards," Clark said. "However, so far three cards have been compromised." [Have they panicked, or were they told the breach is larger that we see in this report. Bob]

… One woman, whose card was place on hold, wrote into WBZ saying her card had $700 worth of fraudulent charges on it. She was told hundreds of accounts were affected. [Not three, as the Credit Union asserts? Who is lying? Bob]

[From a Related article:

… "The actual compromised cards have been identified and have resulted in zero dollar losses to the member's account. As a precaution, however, WFCU placed restricted access on a large block of cards to minimize the potential exposure to our debit card base," Winthrop Federal Credit Union said in a statement.

However, customers are questioning why if only three customers had their accounts compromised, why so many having trouble with their cards. [Good question... Bob]

Local. Iron Mountain is gaining a reputation for sloppy work. Not sure if it is untrained employees or a corporate culture that accepts doing as little as possible.

No charges in document dump outside Boulder Kia dealership

May 22, 2009 by admin Filed under: Business Sector, Paper, U.S.

Vanessa Miller of Colorado Daily updates us on the Boulder Anderson Kia dumping report:

Police don’t expect to charge anyone for leaving 10 recycling bins full of customers’ personal information outside of the now-defunct Anderson Kia dealership in Boulder.

Since the discovery of the documents Friday, investigators found that an operations director for Iron Mountain Auto Plex made arrangements with Compost Recycling to pick up the bins and shred all the records, Boulder police spokeswoman Sarah Huntley said.

Compost didn’t pick up the records right away, Huntley said, but will now destroy the documents.

They made arrangements after the discovery of the files or they had already made arrangements before the discovery? How do you read this story?

Could this represent a new government strategy? No need to present embarrassing evidence or conclude the government was wrong, yet the case goes away! Brilliant!

Judge Takes Government to Task in Al-Haramain Spying Case

Saturday, May 23 2009 @ 05:22 AM EDT Contributed by: PrivacyNews

Today, United States District Court Chief Judge Vaughn Walker took the government to task for failing to obey his prior orders in Al-Haramain v. Obama (formerly known as Al-Haramain v. Bush), asking the government to explain why he should not sanction the government by holding that the plaintiffs win the warrantless wiretapping lawsuit.

... Judge Walker ordered the government to show cause as to "why, as a sanction for failing to obey the court’s orders" the government "should not be prohibited ... from opposing the liability" for spying without warrants and that the "court should not deem liability ... established and proceed to determine the amount of damages to be awarded to plaintiffs." A hearing is set for June 3, 2009 in the San Francisco federal court.

Source - EFF

Given that the physical process of printing and mailing takes only a couple of hours... How long is long enough? 48 hours is barely enough time to compose the letter, but is seven days too long?

Maine Requires Breach Notice within Seven Days of Go-Ahead from Law Enforcement

May 22, 2009 by admin Filed under: Breach Laws, Legislation, State/Local

From the Privacy & Information Security Law Blog:

On May 19, Maine Governor John Baldacci signed legislation limiting the time that breach notification may be delayed following a determination by law enforcement that providing notice will not compromise a criminal investigation. The provision, which will take effect 90 days after the close of the Legislature’s 2009 session (scheduled to occur on June 17), will limit the permissible delay to seven business days.

High tech security or low tech crook? Looks like the latter... or maybe just nuts?

Phony SureWest employee pleads guilty to fraud

Friday, May 22 2009 @ 11:19 AM EDT Contributed by: PrivacyNews

Here's a breach where the company says that their security prevented PII from being compromised:

On his Facebook page, Roseville resident Preston Vandeburgh claimed to work “long hours at SureWest,” where he said he was an information security manager from June 2000 to the present.

But authorities say that was a lie – and that the 27-year-old, over a period of about six months, actually impersonated SureWest employees, so he could break into the company and take a credit card, access company computers, obtain confidential information and even take a company car – a Chevrolet Impala – out for a spin.

On Tuesday, Vandeburgh pleaded guilty in Placer County Superior Court to felony charges connected with the case.


SureWest Spokesman Ron Rogers said computer data access was limited.

“When this situation initially took place, we completed a detailed scan and inspection of our systems, specifically pertaining to all customer and employee data, and confirmed that SureWest’s state-of-the-art preventative security measures prohibited access to our systems,” he said. “No customer or employee information was accessed and there was no damage to our network. These security measures were also instrumental in helping lead police to the arrest.”

Source - Gold Country Media

[From the article:

The plea agreement reached with prosecutors comes five months after Roseville Police arrested Vandeburgh at a friend’s home.

SureWest officials had contacted the police when they detected someone using one of their computers at an address in the city, according to a news release from the Placer County District Attorney’s Office.

When police arrived, they found Vandeburgh using the computer, the release stated, as well as numerous SureWest items taken during a burglary.

[So he had one of their computers at a friends home... Something suggests that he was delusional rather than trying to steal information. Bob]

For the “presumed guilty” file. Even if you assume the warrant was legitimate, would actions taken outside the scope of the warrant be worth a lawsuit?

Judge Rules Dorm Room Search for Evidence of Prank Email Illegal

Friday, May 22 2009 @ 02:42 PM EDT Contributed by: PrivacyNews

A justice of the Massachusetts Supreme Judicial Court has ordered police to return a laptop and other property seized from a Boston College computer science student's dorm room after finding there was no probable cause to search the room in the first place. The police were investigating whether the student sent hoax emails about another student.

The Electronic Frontier Foundation (EFF) and Boston law firm Fish and Richardson are representing the computer science student, who was forced to complete much of the final month of the semester without his computer and phone. Boston College also shut off the student's network access in the wake of the now-rejected search. [Any logic to that at all? Bob]


For the full order from Judge Botsford:

For more on this case:

For this release:

If true, this would be an interesting case study...

Deny This,

by Michael Arrington on May 22, 2009

A couple of months ago Erick Schonfeld wrote a post titled “Did Just Hand Over User Listening Data To the RIAA?” based on a source that has proved to be very reliable in the past. All hell broke loose shortly thereafter.

… Now we’ve located another source for the story, someone who’s very close to And it turns out was telling the truth, sorta, when they said Erick’s story wasn’t correct. didn’t hand user data over to the RIAA. According to our source, it was their parent company, CBS, that did it.

… We believe CBS lied to us when they denied sending the data to the RIAA, and that they subsequently asked us to attribute the quote to to make the statement defensible.

I'm sure this isn't company policy, but apparently the employees thought it was. Would this have changed if the cops had started arresting people for obstruction?

Verizon Tells Cops "Your Money Or Your Life"

Posted by Soulskill on Friday May 22, @07:23PM from the pay-it-forward dept. Cellphones The Almighty Buck News

Mike writes

"A 62-year-old man had a mental breakdown and ran off after grabbing several bottles of pills from his house. The cops asked Verizon to help trace the man using his cellphone, but Verizon refused, saying that they couldn't turn on his phone because he had an unpaid bill for $20. After an 11-hour search (during which time the sheriff's department was trying to figure out how to pay the bill), the man was found, unconscious. 'I was more concerned for the person's life,' Sheriff Dale Williams said. 'It would have been nice if Verizon would have turned on his phone for five or 10 minutes, just long enough to try and find the guy. But they would only turn it on if we agreed to pay $20 of the unpaid bill.' Score another win for the Verizon Customer Service team."

How to corner the market?

Mr. Bezos Goes To Washington

Posted by Soulskill on Saturday May 23, @08:14AM from the cloudy-weather dept. Government The Internet

theodp writes

"TechFlash takes a look at Amazon's evolving government cloud strategy, reporting that the company is quietly building an operation in the D.C. area ('Amazon Government Solutions') as it aims to become a key technology provider to federal and state governments and the US military. According to Input, the federal government market for cloud services is projected to grow to $800 million by 2013, and the state and local cloud market is expected to reach $635 million by that year."

For my Computer Security class

Pentagon Seeks a New Generation of Hackers

Posted by ScuttleMonkey on Friday May 22, @02:49PM from the just-give-them-places-to-play dept. Security The Military

Hugh Pickens writes

"Forbes reports on a new military-funded program aimed at leveraging an untapped resource: the population of geeky high school and college students in the US. The Cyber Challenge will create three new national competitions for high school and college students intended to foster a young generation of cybersecurity researchers. 'The contests will test skills applicable to both government and private industry: attacking and defending digital targets, stealing data, and tracing how others have stolen it. [...] The Department of Defense's Cyber Crime Center will expand its Digital Forensics Challenge, a program it has run since 2006, to include high school and college participants, tasking them with problems like tracing digital intrusions and reconstructing incomplete data sources. In the most controversial move, the SANS Institute, an independent organization, plans to organize the Network Attack Competition, which challenges students to find and exploit vulnerabilities in software, compromise enemy systems and steal data. Talented entrants may be recruited for cyber training camps planned for summer 2010, nonprofit camps run by the military and funded in part by private companies, or internships at agencies including the National Security Agency, the Department of Energy or Carnegie Mellon's Computer Emergency Response Team.'"

“Does this mean ah won't get to be Gov-a-na?”

So. Carolina AG ordered to leave Craigslist alone

by Greg Sandoval May 22, 2009 3:01 PM PDT

Craigslist has filed suit against McMaster, whose motivations were questioned in a story by The Associated Press. On Thursday, the AP reported that McMaster has never prosecuted a prostitution case in six years. Critics have said that if McMaster were serious about combating prostitution, he could start trying cases or at least go after newspapers and other classified publications that also offer the same kind of questionable content as Craigslist.

The problem with using an argument like this is that you are admitting you didn't notice (or ignored) the problem until now. Or maybe they just need to establish documentation for future use as an excuse?

Report: Faulty Communications Imperil President

The U.S. Secret Service is asking for $34 million to help upgrade its communication system, and says that without the money the president’s life could be in danger, according to a news report.

The agency says that its communication system is incompatible with the White House communication system, [“and we never noticed!” Bob] resulting in a “dangerous gap” that could “prevent the attainment of the performance target of 100 percent protection.”

Friday, May 22, 2009

About time this was confirmed. Now the tough question: How?

Investigators Replicate Nokia 1100 Banking Hack

Posted by timothy on Thursday May 21, @03:32PM from the could-be-an-ebay-scam-rumor dept. Security Cellphones The Almighty Buck

Ian Lamont writes

"Investigators have duplicated an online banking hack using a 2003-era Nokia mobile phone. Authorities had been aware for some time that European gangs were interested in buying the phone, and were finally able to confirm why: It can be used to access victims' bank accounts using "special software written by hackers." The hack apparently works by letting criminals reprogram the phones to use someone else's phone number and receive their SMS messages, including mTANs (mobile transaction authentication numbers) from European banks. However, the only phones that work are 1100 handsets (pictures) made in a certain factory. [Does this suggest an undetected error in that factory or the much scarier scenario: they planted an employee who made subtle changes to the manufacturing process? Bob] Nokia had claimed last month it had no idea why criminals were paying thousands of euros to buy the old handsets."

[From the article:

The Nokia 1100 hack is powerful since it undermines a key technology relied on by banks [Who apparently have never heard the maxim: If they build it, hackers will come. If they build it with a gapping hole, many hackers will come. Bob] to secure transactions done over the Internet.

Banks in countries such as Germany and Holland send a one-time password called an mTAN (mobile Transaction Authentication Number) to a person's phone in order to allow, for example, the transfer of money to another account

… Cybercriminals must already have a person's login and password for a banking site, but that's easy since millions of computers worldwide contain malicious software that can record keystrokes.

… Nokia has sold more than 200 million of the 1100 and its successors, although it's unknown how many devices have the particular sought-after firmware.

For the final step, the hacker must also clone a SIM (Subscriber Identity Module) card, which Becker said is technically trivial.

However, the company has said it does not believe there is a vulnerability in the 1100's software.

Becker said that may be semantically true, however, it's possible that the encryption keys used to encrypt the firmware have somehow slipped into the public domain. [Which may suggest another insider? Bob]

This is suspect. If you give me bad advice that I happen to like, I'll give you a good review. Tell me the truth, and I'll pan you.


Avvo Answers: Get free legal advice from lawyers

Review Your Lawyer

This business model has been staring us in the face for several years. (Barnes & Noble uses this technique to print/bind/sell out of print books.) Let's hope Amazon can drive a wooden stake into the RIAA vampire...

Amazon & TuneCore To Cut Out the RIAA Middleman

Posted by kdawson on Friday May 22, @08:57AM from the but-who-needs-CDs dept. Music Media

eldavojohn writes

"So you're an aspiring band and you haven't signed with a record label. Maybe you've got a fan base interested in purchasing your stuff but you're not really into accounting? Enter Amazon's partnership with TuneCore, a CD printing and music distribution service. You want to sell a full album on Amazon of you brushing your teeth? $31. And you get about 40% back on sales, so selling nine digital copies of your CD will put you back in the black. There you have it, public availability on one of the largest online commerce sites for $31 — no RIAA involved!"

TuneCore's CEO put it this way: "As an artist, you have unlimited physical inventory, made on demand, with no [sic] upfront costs and worldwide distribution to anyone who orders it at"

In the ubiquitous surveillance area, I have Good News and Bad News. “We see you were in your Tuesday morning Math class, and in the Tuesday afternoon riot, and the Tuesday evening keg party...”

Aoyama Gakuin U. to hand out free iPhones to students

Aoyama Gakuin University is phasing out traditional methods of taking attendance at its School of Social Informatics, in favor of free GPS-enabled iPhones.

… The school also has plans to expand their use to setting simple tests and questionnaires, submitting homework and reviewing class video materials.

Completely unrelated...

How to Email Text Messages to Any Phone

Do you feel like your cell phone's text message bill is getting higher every month? You're not alone. By some accounts, text messages cost more per megabyte to send than do messages from outer space to Earth. But you can email and Instant Message texts to phones for free. Here's how.

By Seth Porges Published in the June 2009 issue.

At roughly 20 cents a pop, text messages are expensive. But it takes a bit of perspective to realize just how pricey they really are.

Short-message-service messages (that’s the official name for text messages, often abbreviated to SMS) have a maximum of 160 bytes of data. Unless you purchase a bulk text-message package (which can cost as much as $20 per month), the 20 cents-per-message rate adds up to $1310.72 per megabyte. This is double the cost three years ago [“We love our (gullible) customers!” Bob] and, quite literally, astronomical: A space scientist at the University of Leicester in the U.K. did the math and discovered that this is several times as much as it costs to transmit data from the Hubble space telescope back to Earth. And most of this cost is pure profit for the phone companies, who are able to deliver text messages for nearly nothing by piggybacking them on other transmissions.

Thankfully, there are ways to bring your bill down to earth. The key is to use what are known as SMS gateways. These are backdoors [the hacker's friend... Bob] that transform other (usually less expensive) types of communications, such as e-mail and instant messages, into text messages. The upshot: You can send all the texts you want without paying for the privilege.

Is this a statistic to be proud of? No doubt it will be demonized from the pulpit. Will anyone applaud?

More Americans Play Video Games Than Go To Movies

Posted by Soulskill on Thursday May 21, @06:35PM from the majority-achieved-now-let's-work-on-tyranny dept.

New research from the NPD Group has found that the number of Americans who play video games has surpassed the number who go to movies. In a survey of over 11,000 people, 63% had played a video game within the past six months, while only 53% had gone to a movie. They also found that the purchase of game consoles was on the rise, as were new methods of accessing the games themselves, such as playing over a social networking site or downloading a game onto a mobile phone. The report said, "the average gamer spent just over $38 per month on all types of gaming content" in the first three months of 2009, adding that "video games account for one-third of the average monthly consumer spending in the US for core entertainment content, including music, video, games."

Not particularly informative, but more a “Man we're good, and you can't stop us!” hacker rant. And they have a point. Are the Russians trying to tell us something? (Looking for similar articles from China and North Korea) Download the video (in English)

Outlaw Legends: Secrets of Russian Hackers

21 May, 2009, 11:41

… As a leader in computer technology, America is a juicy target for hackers.

“I don't know if Americans are afraid of us, but we’re definitely not afraid of them,” the interviewed hacker told RT.

“Half of our country is made up of hackers, why would we be afraid of the Americans?

“I was arrested, taken to three prisons in three weeks,” said Dmitry Sklyarov, programmer from Moscow.

“Then I was let out on bail and couldn’t return to Russia for six months because of the American justice system."

Dmitry Sklyarov’s arrest several years ago exploded into a frenzy of outrage among the public, both in the US and abroad.

At a computer conference in America several years ago, Dmitry showed how easy it is to break through the PDF format and was arrested by the FBI. He became a symbol of the fight for programmers’ freedom, and was soon released from an American prison.

Dmitry is now an IT professor at a prestigious Russian computer science university.

Geek Alert! Some powerful new toys, with the potential to let employees turn off their security? I've gotta read this more carefully.

10 cool tools in Windows 7

Date: May 21st, 2009 Author: Debra Littlejohn Shinder

Deb Shinder runs through some of the most impressive enhancements, from the ISO burner to the Biometric Framework to PowerShell v2.

… Action Center

… It’s all combined in an easy-to-use Control Panel applet, where you get maintenance and security messages and can view performance information, change UAC settings, and more, as shown in Figure A.

… The Action Center also shows up as an icon in the system tray, which displays a red X if there are problems you need to address, as shown in Figure B.

… A nice touch is that Microsoft makes it easy for you to turn the various types of notifications on or off, as shown in Figure C. Thus, if you have an antivirus program installed that Windows doesn’t recognize, you don’t have to deal with constant messages urging you to install one — just turn off virus protection messages. [Can employees turn off the messages that tell them they are infected? What else can they turn off? Can the Security Manager configure Windows 7 so they can't turn off the security features? Bob]

A “Must Have” for us Trek-Geeks

Sophos beams up free Klingon antivirus app to Star Trek fans' PCs

Downloads of Klingon Anti-Virus 'through the roof,' says U.K. security firm

By Gregg Keizer May 20, 2009 01:51 PM ET

I love lists. I would love this list if it were much longer. Is this every site?

2 Sites Providing Simple Explanations For Complex Questions

May. 21st, 2009 By David Pierce

CommonCraft is all about simple explanations. And frankly, CommonCraft does great work. The site features videos on tons of different subjects, from Twitter to borrowing money, all showing you how they work in simple, everyday terms.

… Got a question burning in your brain? Want to know what a Smoking Gun is? Either way, the Wise Geek knows the answer. WiseGeek is a site boasting over 40,000 articles covering a ridiculous range of topics, all answering the questions you may have.

Something for my rich friends. (Well, I'm gonna have some, maybe, someday...)

SaneBull Market Monitor

SaneBull Market Monitor is an online financial platform which provides live stock quotes, real-time news, investment tools and more in an easy to use interface.

… The SaneBull Market Monitor is a free live stock market monitor that lets you view market data from absolutely anywhere. Although registration is not required, registered users enjoy the benefits of customized workspaces, saved sessions, custom alerts and much more.

SaneBull Plugins allow you to integrate live market data directly into your desktop, website, Facebook profile or iPhone.

Thursday, May 21, 2009


Heartland Data Breach: Hearing Set for Class Action Suits

May 20, 2009 by admin Filed under: Financial Sector, U.S.


A federal judicial panel will hear arguments next week on whether to consolidate the class action lawsuits brought against Heartland Payment Systems (HPY) by financial institutions. The Judicial Panel on Multidistrict Litigation in Louisville, KY will hear the arguments next Wednesday, according to Benjamin Johns, one of the lawyers representing the class action suit from the law firm of Chimicles & Tikellis, Haverford, PA.

What an interesting law... I just love those “You can't graze your horse on the courthouse lawn” kinda laws...

FCC’s Warrantless Household Searches Alarm Experts

By Ryan Singel Email Author May 21, 2009 12:00 am Categories: Privacy, Spooks Gone Wild, Surveillance

You may not know it, but if you have a wireless router, a cordless phone, remote car-door opener, baby monitor or cellphone in your house, the FCC claims the right to enter your home without a warrant at any time of the day or night in order to inspect it.

… The FCC claims it derives its warrantless search power from the Communications Act of 1934, though the constitutionality of the claim has gone untested in the courts. That’s largely because the FCC had little to do with average citizens for most of the last 75 years, when home transmitters were largely reserved to ham-radio operators and CB-radio aficionados. But in 2009, nearly every household in the United States has multiple devices that use radio waves and fall under the FCC’s purview, making the commission’s claimed authority ripe for a court challenge.

The rules came to attention this month when an FCC agent investigating a pirate radio station in Boulder, Colorado, left a copy of a 2005 FCC inspection policy on the door of a residence hosting the unlicensed 100-watt transmitter.

In the meantime, pirate radio stations are adapting to the FCC’s warrantless search power by dividing up a station’s operations. For instance, Boulder Free Radio consists of an online radio station operated by DJs from a remote studio. Miles away, a small computer streams the online station and feeds it to the transmitter. Once the FCC comes and leaves a notice on the door, the transmitter is moved to another location before the agent returns.

You just need your Craftsman magnifying glass to read the fine print...

Court Certifies Class Action Against Sears for Alleged Sale of Customers' Private Information

Wednesday, May 20 2009 @ 09:08 AM EDT Contributed by: PrivacyNews

From the press release:

A notice program authorized by the Circuit Court of Cook County, Illinois, began today. The notice is a result of the Court certifying, on April 7, 2008, a plaintiff class in lawsuits alleging that customers' personal, private, and confidential financial information was disclosed for profit by Sears to certain third-party vendors contrary to the representations and obligations to its credit card holders.

It's amazing how many class action lawsuits I seem to be a member of without ever lifting a finger or filing a lawsuit... [AMEN Bob]

Is this a “get out of jail free!” card?

Accused Palin Hacker Says Stolen E-Mails Were Public Record

Wednesday, May 20 2009 @ 03:07 PM EDT Contributed by: PrivacyNews

A surprise legal maneuver by the defense in the Sarah Palin hacking case could undermine key charges carrying the stiffest potential penalties.

A lawyer for the Tennessee college student charged with hacking into the Alaska governor’s Yahoo e-mail account last year says his client couldn’t have violated Palin’s privacy because a judge had already declared her e-mails a matter of public record.

Source - Threat Level

[From the article:

Last year, following the initial indictment, Davies objected to the computer hacking charge on the grounds that the government had erroneously used two misdemeanors pertaining to the same crime to elevate the charge to a felony. In order for hacking to be a felony under the federal law, it has to be done for the purpose of committing an additional crime, or a “tortious” act — i.e., an action that could give rise to a civil suit.

But in a circular argument, the government had essentially charged Kernell with obtaining unauthorized access to information in Yahoo’s computers for the criminal purpose of obtaining unauthorized access to the information. [No doubt they teach you how to craft such logic free arguments in Law School... Bob]

Looks like the French are learning from the Brits...

Next up for France: police keyloggers and Web censorship

The French government, fresh from passing its controversial "three strikes" law to boot repeat file-sharers off the Internet, is now prepping its next assault on online malfeasance. A new bill would legalize government keyloggers, institute ISP censorship of child porn sites, and set up a massive citizen database called Pericles.

[From the article:

Critics like Jean-Michel Planche, who advises the French government on Internet issues, are already calling the new bill the end of an open and neutral Internet.

Ubiquitous self-surveillance? Wholesale crowd sourcing?

Waze: The traffic of the crowds

by Rafe Needleman May 21, 2009 4:00 AM PDT

Israeli start-up Waze is at the Where 2.0 conference this week showing off its service for collecting real-time traffic and driving condition data from its users. Currently running on 80,000 smartphones in Israel, Waze shows you traffic flows on highways, and unlike other traffic services, it also shows it on side streets, and it creates routing advice based on that data.

The service allows users to report accidents, speed traps, cops by the side of the road, and other traffic-related items. What's cool is that these items fade automatically over time, and there's also the possibility for the system to ping a driver as he or she passes a previously reported incident to see if it's still there.

CEO Noam Bardin tells me that in Israel, Waze doesn't even use commonly available street maps as its base layer of data. Instead, it tracks users (with their permission), and builds maps from those traces. Then it asks users to name the roads.

For Cindy's “Sex & Power” class. (With more students than I've had in the last year!) Perhaps Craigslist is not as willing to roll over as I thought?

Craigslist Fights Back, Sues SC Atty General

Posted by timothy on Wednesday May 20, @01:53PM from the wouldn't-have-happened-to-a-nicer-guy dept. Censorship The Courts The Media United States News

FredMastro writes

"Craigslist has now stepped past just asking for an apology. The Wall Street Journal and CNet report that Craigslist is fighting back. 'Craigslist said it has sued South Carolina Attorney General Henry McMaster, in the latest escalation of a battle over adult-oriented ads on the company's site. Jim Buckmaster, Craigslist's chief executive, said in a blog post that the company filed its suit in federal court in South Carolina. ...'"

Unfortunately, the WSJ's piece requires a subscription, [but as any hacker will tell you, searching for the article title in Google News gives you access to the full text. Bob] but reader Locke2005 adds a link to coverage in the San Jose Business Journal.

Would you call this bad behavior? “You own the car, but only the manufacturer can repair it?” (and yes, it is a miracle that I might, possibly agree with Ralph Nader, just a bit)

Right-to-Repair Law To Get DRM Out of Your Car

Posted by samzenpus on Wednesday May 20, @07:27PM from the do-it-yourself dept. Transportation Technology

eldavojohn writes

"Ralph Nader's back to hounding the automotive industry ... but it's not about safety this time, it's about the pesky DRM in your car. Most cars have a UART in them that allows you to read off diagnostic codes and information about what may be wrong with the vehicle so you can repair it. Late model cars have been getting increasingly complex and dependent on computers which has caused them, as with most things digital, to move towards a proprietary DRM for these tools, diagnostic codes and updated repair information. This has kept independent auto-shops out of the market for fixing your car and relegating you to depend on pricier dealers to get your automotive ailments cured. The bill still has a provision to protect trade secrets but is a step forward to open up the codes and tools necessary to keep your car running."

Delete doesn't mean delete. It means, make it invisible.

Websites 'keeping deleted photos'

Wednesday, May 20 2009 @ 06:42 PM EDT Contributed by: PrivacyNews

User photographs can still be found on many social networking sites even after people have deleted them, Cambridge University researchers have said.

They put photos on 16 popular websites - noting the web addresses where the images were stored - and deleted them.

The team said it was able to find them on seven sites - including Facebook - using the direct addresses, even after the photos appeared to have gone.

Source - BBC


Google Street View blurs face of Colonel Sanders at every KFC

Fast food chain KFC has been taken off the menu by Google Street View after privacy technology blurred the face of Colonel Sanders.

Last Updated: 5:22PM BST 20 May 2009

… The company says it took the decision because he is 'a real person' - despite him passing away in December 1980 aged 90.

Thanks to our brothers in academia, soon hackers will be able to hack anything anywhere anytime!

May 20, 2009

Ubiquitous Smart Cards Proven Vulnerable to Hacking

Government Technology: "University researchers have discovered vulnerabilities in NXP's MIFARE Classic card, which belongs to a family of smart cards with more than 1 billion units distributed worldwide. These smart cards are used to access buildings and public transportation systems. One example is the Oyster card, which Londoners use for citywide travel. Researchers from Radboud University in the Netherlands received the Best Practical Paper Award at the IEEE Symposium on Security and Privacy on Monday for their work demonstrating how to pickpocket the card wirelessly."

Support the competition?

Hulu Is The No. 10 Most-Watched YouTube Channel Of All Time (GOOG)

Dan Frommer May. 20, 2009, 7:00 AM

This has nothing to do with my normal topics, but I do find it interesting to compare financial information. For example, look at how cities generate revenue. (and how can 22% be “other?”)

May 20, 2009

Report: How Philadelphia and Other Cities are Balancing Budgets in a Time of Recession

"A new study from the Pew Philadelphia Research Initiative looks at how 13 major cities are coping with the recession and finds that most are facing significant budget gaps and are cutting services and personnel in response. Philadelphia is one of four cities studied that is planning at least one major tax hike—a five-year, one percentage point increase in the sales tax. Tough Decisions and Limited Options: How Philadelphia and Other Cities are Balancing Budgets in a Time of Recession examines the budget decisions that have been proposed or enacted in Philadelphia, placing its challenges in the context of 12 other cities: Atlanta, Baltimore, Boston, Chicago, Columbus (OH), Detroit, Kansas City (MO), Los Angeles, New York, Phoenix, Pittsburgh and Seattle."

Wednesday, May 20, 2009

Local. Small, but typical.

CO: Boulder Kia dumps 10 bins full of personal info

May 19, 2009 by admin Filed under: Business Sector, Exposure, Paper, U.S.

Vanessa Miller of Daily Camera reports that Boulder police have chained up 10 recycling bins outside the now-defunct Anderson Kia car dealership after learning that the bins were stuffed with personal information from the dealership’s former customers. All of the folders reportedly contained Social Security numbers, driver’s license information, photos, phone numbers and financial information for Kia customers. The dealership closed in January.

Oops, or deliberate?

'Swedish anti-piracy and privacy laws clash'

Wednesday, May 20 2009 @ 04:59 AM EDT Contributed by: PrivacyNews

Sweden’s recently enacted anti-file sharing law will be rendered totally ineffectual when the government implements new rules on the storage of personal data next year, according to the head of a Swedish internet provider.

Source - The Local

[From the article:

The reason is that the type of data ISPs would be forced to store for six months under an amended IPRED-law can only be released to police and prosecutors to aid in the investigation of a serious crime.

But such data could not, according to the government’s proposal, be handed over to copyright holders as evidence to aid in lawsuits against illegal file sharers – which is precisely the power that anti-piracy groups have sought.

Perhaps they thought she might steal the secret of the telephone?

De: Firm snooped into sex lives

Wednesday, May 20 2009 @ 05:08 AM EDT Contributed by: PrivacyNews

A German telecoms giant has been caught secretly snooping into its job applicants' sex lives. Deutsche Telekom authorised Stasi-style spying, according to a 2004 document entitled Company Security Personnel Screening.

It said the company hired private German investigators to spy on a female manager for a Croatian telecoms company who applied for a job at DT’s subsidiary in the country.

.... The document also reveals the company used the German intelligence service as a source in their analysis of the employee.

Source - The Sun

It's not Google after all...

Wolfram|Alpha's Surprising Terms of Service

Posted by kdawson on Tuesday May 19, @03:56PM from the badges-coming-soon dept.

eldavojohn notes that Groklaw is highlighting the unexpected Wolfram|Alpha ToS — unexpected, that is, for those of us accustomed to Google's "just don't use it to break the law, please" terms. Nothing wrong with Wolfram setting any terms they like, of course. Just be aware.

"We've seen people comparing Wolfram's Alpha to Google's Search from a technical standpoint but Groklaw outlined the legal differences in a post yesterday. Wolfram|Alpha's terms of use are completely different in that it is not a search engine; it's a computational service. The legalese says that they claim copyright on the each results page and require attribution. So for you academics out there, be careful. Groklaw notes this is interesting considering some of its results quote 2001: A Space Odyssey or Douglas Adams. Claiming copyright on that material may be a bold move. There's more: if you build a service that uses their service or deep-links to it, you may be facilitating your users to break their terms of use, and you may be held liable."

Delete doesn't mean delete...

Deleted Tweets found living in the hereafter

Tuesday, May 19 2009 @ 03:58 PM EDT Contributed by: PrivacyNews

Careless Twitterers are in for a healthy dose of Web 2.0 reality with the advent of a site that shows it's not really possible to purge errant tweets, as the microblogging site might have them believe.

It has long been plenty easy for world+dog to find a user's deleted posts by using Twitter's advanced search page. Now, a site called Tweleted offers an interface that makes it even simpler. Plug in the name of any Twitter user and it will display all recently deleted items.

Source - The Register

Does this explain why the number of warrants issued for wiretaps (see annual report to congress) went down?

FBI Use of Patriot Act Authority Increased Dramatically in 2008

Tuesday, May 19 2009 @ 01:24 PM EDT Contributed by: PrivacyNews

The number of FISA-court authorizations for national security and counter-terrorism wiretaps dropped last year by almost 300, a new Justice Department report to Congress shows. But the FBI’s use of so-called “national security letters” to get information on Americans without a court order increased dramatically, from 16,804 in 2007 to 24,744 in 2008.

Source - Threat Level

I did not have hacking relations with that hard drive!”

Data with personal info missing from National Archives

May 19, 2009 by admin Filed under: Government Sector, Lost or Missing, U.S.

The Associated Press reports that the National Archives has lost a computer hard drive containing personal information from the Clinton administration, including Social Security numbers and addresses. The missing drive also contains other sensitive information.

For you movie down-loaders...

Windows Media Player 2009 Codec Pack: Play All Media Formats In WMP

May 20, 2009

… The formats that you can play after installing it include Audio CDs, DVDs, (S)VCDs, XCDs. It also adds support to play many other formats including AC3, 3GP, AAC, AVI, APE, AVI, DivX, 3ivx, h.264, DAT, x264, AVC, Nero Digital, FLV, DTS, FLAC, HD-MOV, MPEG-1, MPEG-2, MP3, MP4, MPC, M4A, MOD, MP3, MKV, MKA, OFR, MTM, TTA, OGG/OGM, S3M, VOB, Vorbis, WavPack, ATRAC3, XviD, WV, XM, WV ad UMX.

Yes this Code Pack will allow you to play almost all formats in Windows Media Player so that your WMP is only solution you need to play any kind of media format.

Download Windows Media Player 2009 Codec Pack Full Version

Tuesday, May 19, 2009

Score cards here! Can't tell the players without a score card!

Two New Judges for the FISA Court

Tuesday, May 19 2009 @ 05:05 AM EDT Contributed by: PrivacyNews

The Chief Justice of the U.S. Supreme Court has appointed two new judges to the eleven-member Foreign Intelligence Surveillance Court, a spokesman for the Court said today.

Judge Thomas F. Hogan of the D.C. District Court and Judge Susan Webber Wright of the Eastern District of Arkansas were each appointed to seven-year terms on the Court, expiring May 18, 2016, said spokesman Sheldon Snook.

Source - Secrecy News

[From the article:

The current membership of the Foreign Intelligence Surveillance Court may be found here.

What's less secure than passwords?

Study Shows "Secret Questions" Are Too Easily Guessed

Posted by kdawson on Tuesday May 19, @05:10AM from the name-of-your-late-great-aunt's-fifth-parakeet dept. Security

wjousts writes

"Several high-profile break-ins have resulted from hackers guessing the answers to secret questions (the hijacking of Sarah Palin's Yahoo account was one). This week, research from Microsoft and Carnegie Mellon University, presented at the IEEE Symposium on Security and Privacy, will show how woefully insecure secret questions actually are. As reported in Technology Review: 'In a study involving 130 people, the researchers found that 28 percent of the people who knew and were trusted by the study's participants could guess the correct answers to the participant's secret questions. Even people not trusted by the participant still had a 17 percent chance of guessing the correct answer to a secret question.'"

Schneier pointed out years ago how weird it is to have a password-recovery mechanism that is less secure than the password.

I've see variations on this theme – essentially all your search results lead to malware...

Drive-By Download Poisons Google Search Results

Posted by timothy on Tuesday May 19, @08:53AM from the monocultural-imperialism dept. Security Google IT

snydeq writes

"A new attack that peppers Google search results with malicious links is spreading quickly, CERT has warned. The attack, which can be found on several thousand legitimate Web sites, exploits flaws in Adobe software to install malware that steals FTP login credentials and hijacks the victim's browser, replacing Google search results with links chosen by the attackers. Known as Gumblar because at one point it used the domain, the attack is spreading quickly in part because its creators have been good at obfuscating their attack code and because they are using FTP login credentials to change folder permissions, leaving multiple ways they can get back into the server."

FREE FOOD! All you need to do is go back to a restaurant that violated your privacy!

Proposed settlement in Olive Garden FACTA lawsuit

May 18, 2009 by admin Filed under: Business Sector, Commentaries and Analyses, Other, U.S.

Sandra Pedicini of the Associated Press reports that a tentative settlement in a class action lawsuit against Olive Garden for breaching a requirement of the Fair and Accurate Credit Transactions Act has been reached. The settlement would require the restaurant to provide a $9 appetizer voucher to anyone who ate at Olive Garden between Dec. 4, 2006, and Aug. 10, 2007 and who used a debit or credit card.

Okay, so Olive Garden did not comply with FACTA. But do you think that a $9 voucher per person is reasonable? Yes, it will bring them in some customers/money, perhaps, but in this case, the fine seems a bit out of proportion when you think about the TD Ameritrade proposal or you think about the Hannford lawsuit getting thrown out.

Now this is an interesting question. Who would you recommend for the 'congress' to write this? Looking at the article and the comments I think we may have a start, but we need someone smarter to put all these ideas into viable words. Might make an interesting “geek Ethics” class...

What Should Be In a Technology Bill of Rights?

Posted by ScuttleMonkey on Monday May 18, @06:06PM from the careful-wording dept. Government

snydeq writes

"The Deep End's Paul Venezia argues in favor of the creation of a Technology Bill of Rights to protect individuals against malfeasance, tyranny, and exploitation in an increasingly technological age. Venezia's initial six proposed articles center on anonymity rights, net neutrality, the open-sourcing of law enforcement software and hardware, and the like. What sort of efficacy do you see such a document having, and in an ideal world, which articles do you see as imperative for inclusion in a Technology Bill of Rights?"

Related. How do you change a promise?

Report: Mint Considers Selling Anonymized Data from Its Users

Monday, May 18 2009 @ 05:50 PM EDT Contributed by: PrivacyNews

According to a report from Bloomberg today,'s CEO Aaron Patzer is considering selling anonymized data about the service's users. Mint, the online personal finance aggregator, obviously sits on a lot of very interesting data, some of which the company has shared on its blog now and then. Given that this was just a short interview, the details about this plan are more than vague, and it would be interesting to know what kind of data Mint might be planning to sell. What is clear, though, is that Mint will have to be very careful if it doesn't want to scare away its customers.

Related? What is privacy (and does Woody Allen deserve any?)

American Apparel Settles with Woody Allen

Monday, May 18 2009 @ 05:45 PM EDT Contributed by: PrivacyNews

It had a certain cinematic flourish. On the morning the big trial was to begin, movie star Woody Allen and American Apparel (APP), the fast-growing retail chain he had sued for unauthorized use of his image, announced a settlement. The Los Angeles chain agreed to pay Allen $5 million, half of what he was seeking in damages.

"I sued American Apparel because they calculatingly took my name, my likeness, and image and used them publicly to promote their business,"Allen said in a statement he read outside the Manhattan courthouse on May 18. He called the settlement "the largest ever paid under the New York right-to-privacy law" and said he hoped the amount would "discourage American Apparel or any one else from ever trying such a thing again."

Source - BusinessWeek

[From the article:

American Apparel founder Dov Charney, meanwhile, said in a lengthy response posted on his company's Web site that he was forced to settle by his company's insurer, which paid the bulk of the claim.

Related? How could we define surveillance?

EPIC Launches Campaign to Suspend 'Whole Body Imaging' at Nation's Airports

Tuesday, May 19 2009 @ 05:03 AM EDT Contributed by: PrivacyNews

EPIC announced a national campaign today to suspend the use of "Whole Body Imaging" -- devices that photograph American air travellers stripped naked in US airports. [More than a little hyperbole? Go to Google Images and search for “Millimeter Wave Images” Bob] The campaign responds to a policy reversal by the TSA which would now make the the "virtual strip search" mandatory, instead of voluntary as originally announced.

Source -

I wonder if a collection of handouts from my classes would be worth $2.98? (Perhaps a year's worth of “Clippings”?)

Scribd Becomes a DRM-Optional E-Bookstore

Posted by kdawson on Monday May 18, @09:31PM from the going-legit dept. Books

Miracle Jones writes

"In an effort to compete with Amazon and Google, the document-hosting website Scribd will now be letting writers and publishers sell documents that they upload. They will be offering an 80/20 profit-sharing deal in favor of writers. Writers will be able to charge whatever they want. In addition, Scribd will not force any content control (although they will have a piracy database and bounce copyrighted scans) and will let writers choose to encrypt their books with DRM or not. This is big news for people in publishing, who have been seeking an alternative to Amazon for fear that Amazon is amassing too much power too quickly in this brand-new marketplace, especially after Amazon's announcement last week that they will now be publishing books as well as selling them."

For my website class

15 Hand Picked Color Palette and Color Scheme Generators

May 19th, 2009 by Webmasterish in Articles, Hot

Monday, May 18, 2009

Looks like a con but isn't? Perhaos if they had asked an FTC Commissioner other than Mr. Swindle to endorse them and didn't start by asking for all of your PII, I would be more comfortable. Could make a great model for a phishing site. Offers Free ID Theft Risk Score

Monday, May 18 2009 @ 06:04 AM EDT Contributed by: PrivacyNews

Consumers trying to determine their risk of becoming an identity theft victim typically are told to check their credit report for signs of unauthorized or suspicious activity. But a new Web-based service aims to give users a view into tricks ID thieves use that credit reports often miss, such as when crooks use only parts of a victim's identity to fabricate a new one.

Source - Security Fix Related - ID Analytics Press Release

Another long winded but interesting article.

Tracking Cyberspies Through the Web Wilderness

By JOHN MARKOFF Published: May 11, 2009

For old-fashioned detectives, the problem was always acquiring information. For the cybersleuth, hunting evidence in the data tangle of the Internet, the problem is different.

Indeed, the discovery raised as many questions as it answered. Why was the powerful eavesdropping system not password-protected, a weakness that made it easy for Mr. Villeneuve to determine how the system worked? And why among the more than 1,200 compromised government computers representing 103 countries, were there no United States government systems? These questions remain.

We did it for the children!”

Database of All UK Children Launched

Posted by timothy on Monday May 18, @04:44AM from the can't-help-but-think-of-'em-now dept. Privacy Government

An anonymous reader writes

"'A controversial database which holds the details of every child in England has now become available for childcare professionals to access. The government says it will enable more co-ordinated services for children and ensure none slips through the net. 390,000 people will have access to the database, but will have gone through stringent security training.'"

What happened to politicians who want their image everywhere? (Perhaps this is too much like making sausage?)

Canada Gov't Censors Parliament Hearings On YouTube

Posted by timothy on Sunday May 17, @06:41PM from the state-vs.-everyone dept. Censorship Government The Media

An anonymous reader writes

"The Canadian government has admitted sending cease and desist letters to YouTube demanding that it remove videos of Parliamentary hearings. Lawyers for the House of Commons argue that using videos of elected representatives without permission constitutes copyright infringement and a contempt of Parliament."

[From the article:

SCPHA hearings held earlier this year revealed that Canada's elected officials safeguard Parliamentary video with very restrictive licencing requirements that are generally limited to use in schools or for private study, research, criticism or review. Relying on crown copyright, the policy states that any other use - including any commercial use - requires the express prior written approval of the Speaker of the House of Commons. This stands in sharp contrast to the United States, where the default presumption is that such videos are in the public domain and can be freely used without permission. House of Commons lawyers portrayed that approach as representing an extreme position.

Where is the 'invisible hand' pushing news and when does it reach for its wallet? (The comments are worth reading...)

Letting Time Solve the Online News Dilemma

Posted by Soulskill on Sunday May 17, @10:51AM from the good-old-supply-and-demand dept.

The Guardian's John Naughton isn't looking to micro-transactions or licensing fees from search services to solve the online news business model problems that have come to a head recently. Instead, he's simply waiting for capitalism to do its job in killing off the providers who can't cut it. Once that happens, he says, the remaining organizations will be in a far better position to see what web-goers will pay for online news, and he doesn't think it will inhibit the growth of an increasingly information-rich news ecosystem.

"Things have got so bad that Rupert Murdoch has tasked a team with finding a way of charging for News Corp content. This is the 'make the bastards pay' school of thought. Another group of fantasists speculate about ways of extorting money from Google, which they portray as a parasitic feeder on their hallowed produce. ... But what will journalism be like in the perfectly competitive online world? One clue is provided by the novelist William Gibson's celebrated maxim that 'the future is already here; it's just not evenly distributed.' In a recent lecture, the writer Steven Johnson took Gibson's insight to heart and argued that if we want to know what the networked journalism of the future might be like, we should look now at how the reporting of technology has evolved over the past few decades."

Their job is to intimidate potential pirates, not provide factual arguments.

Calling BS On the BSA Global Piracy Report

Posted by Soulskill on Sunday May 17, @01:35PM from the i-think-that-stands-for-bachelor-of-skepticism dept. The Internet Software

An anonymous reader writes

"The Business Software Alliance released their annual global piracy report earlier this week. In addition to the usual claims of software piracy (PDF) and the grudging acknowledgment of open source software, Michael Geist noted that the report ultimately undermined one of the BSA's core arguments — that countries which enact DMCA-style legislation experience significantly reduced piracy rates. Questions have also been raised over the BSA's methodology, as has happened in the past."

You know I like lists, but things like the Areacode/Zipcode map are actually useful.

9 Awesome & Useful Google Maps Mashups

May. 17th, 2009 By David Pierce

Paper maps are SO over. Using Google Maps these days, you can do literally anything you can think of. Want to map your own weather radar? Done. How about seeing, in real time, where in the world people are using Twitter? Also done.

The Google Maps API has opened up a ton of different uses of Google Maps, and some fantastic applications have been built on top of and use Google Maps. Below are nine of the best.

This could be useful. Is there a business model hidden here? If they find data (from academic or commercial organizations) could they provide a “Details for sale!” link that interested parties would follow?

Your e-health future

May 18, 2009 4:00 AM PST

In this three-day special report, CNET News takes a look at the rapidly digitizing health care industry, detailing the stumbling blocks and dangers, as well as how the stimulus plan and legislation could affect the average person. In the process, we inch a little closer to answering one of the most vexing questions of American medicine: why are so many doctors such Luddites?

Keep an eye on this, it may be googles answer to Wolfram/Alpha (without the math?)

May 17, 2009

Google Squared - Coming Soon

"Google Squared will be coming soon. For now, why not have fun squaring some numbers?"

  • Via Google Blogoscoped: Enter the number 42 - the query returns the following: "The Ultimate Question of Life, the Universe, and Everything"

An interesting hack. I could backdate a few predictions and become an instant “oracle.” (This is why I make my students include the link...

Customizing Headers & Footers For Printing Webpages

May. 17th, 2009 By Saikat Basu

What’s your biggest webpage printing woe? For me, it’s the header and footer information that gets printed automatically with every page. Webpage URL, title, page number, date and time or some other information right on top (or bottom) makes up the header-footer information.

Amusing hack