Saturday, June 06, 2009

It is good to see that some industry big-wigs understand reality.

The Pirates Will Always Win, Says UK ISP

Posted by Soulskill on Saturday June 06, @08:16AM from the except-in-pittsburgh dept. internet networking

TheEvilOverlord writes

"The head of UK ISP TalkTalk, Charles Dunstone, has made the comment ahead of the communications minister's Digital Britain report that illegal downloading cannot be stopped. He said 'If you try speed humps or disconnections for peer-to-peer, people will simply either disguise their traffic or share the content another way. It is a game of Tom and Jerry and you will never catch the mouse. The mouse always wins in this battle and we need to be careful that politicians do not get talked into putting legislation in place that, in the end, ends up looking stupid.' Instead he advocates allowing users 'to get content easily and cheaply.'"

Life lesson: Never, ever issue a hacker challenge unless you are positive you are smarter that the rest of the world put together.

Hackers Claim $10K Prize For StrongWebmail Breakin

Posted by Soulskill on Friday June 05, @09:54PM from the worth-their-while dept. security money

alphadogg writes

"Telesign, a provider of voice-based authentication software, challenged hackers to break into its Web site late last week. The prize: $10,000. On Thursday, a group of security researchers claimed to have won the contest, which challenged hackers to break into the Web mail account of StrongWebmail CEO Darren Berkovitz and report back details from his June 26 calendar entry. The hackers, led by Secure Science Chief Scientist Lance James and security researchers Aviv Raff and Mike Bailey, provided details from Berkovitz's calendar to IDG News Service. In an interview, Berkovitz confirmed those details were from his account. However, Berkovitz could not confirm that the hackers had actually won the prize. He said he would need to check to confirm that the hackers had abided by the contest rules, adding, 'if someone did it, we'll kind of put our heads down.'"

It isn't really a problem, but some people were upset to discover that search works...

Microsoft offers unworkable solution to Bing porn

by Larry Magid June 5, 2009 2:02 PM PDT

As I pointed out in an earlier post, searching for certain terms on Microsoft's new search engine brings up videos that display hardcore porn within the Web site and because the porn is playing within Bing instead of the site where it's hosted, the videos are not necessarily blocked by parental control filters. And monitoring programs designed to tell parents where their kids have been are likely to simply report instead of the site that actually hosts the video.

… The company says that it has a "short term workaround" but not only do I find the description of the workaround incomprehensible, I couldn't get it to work even while on the phone with a Microsoft executive.

An article on the benefits of hacking your home alarm system

Monitor home security with iPhone app

by Rick Broida June 5, 2009 10:23 AM PDT

Ever wish you could disarm your alarm system while sitting in your driveway? Or check in on, say, the cat while you're out of town?'s new iPhone app lets you do all that and more. It's a freebie for customers.

Designed for homes and businesses alike,'s systems (which are sold and installed by various third-party dealers) rely on wireless sensors and GSM/GPRS networks. In other words, they're highly connected.

… You can get real-time updates on doors and windows, watch live and recorded video feeds (assuming your system has cameras, natch), and review "event histories." (When did the kids get home from school? When did the maid leave? That kind of thing.).

We all know that Google/the Internet/Global Warming is destroying the publishing industry(any any other industry that existed in the pre-Gates era) Start collecting rare books now! (Try looking for a first edition copy of Tom Clancy's “The hunt for Red October” for example.)

Biblio: Search For Hard To Find Books

Biblio lets you search for used and hard to find books online from over 5500 independent bookstores worldwide. It has more than 50 Million used books listed in its database including rare collectible books, some which cost upwards of several thousand dollars.

… Check out Biblio @

Now I can combine my two most frequent search engines.

Wolfram Alpha Google: Adds Wolfram Alpha Search Results Next To Google’s

Wolfram Alpha Google is a Firefox addon which adds Wolfram Alpha results next to Google search results. It displays Wolfram Alpha search results next to every Google query so that you can make use of computational knowledge as well. Once you have installed it on your browser, just do a regular search on Google and the Wolfram Alpha result for that search will appear on the right side of the page.

… Check out Wolfram Alpha Google @

If you write for a living (or just write a lot) this is an interesting visualization. Might be useful for reaching those “visual learners” (i.e. Illiterates)

WordSift: Visualize Text & Related Information

Wordsift is a new tool which can help you get more information about a word or a sentence by displaying the related images from Google, visual thesaurus showing word relationships and more information about the text, all on one page. The tool was created primarily for teachers so that they can visualize text vocabulary structure and share it with their students.

You might also want to check other similar apps for visualizing text and words which we have profiled earlier. These are Lexipedia, VisuWords and Wordle.

Student Toolkit For those who claim they don't have a ZIP tool


FileStomp is an easy and useful online service to zip and share a collection of files. Using the service is straight forward, simply start selecting files from your computer, and once done hit the "Zip it!" button. You can either download the generated zip file or share it with your friends by simply sending them the provided link.

Related: Gary Alexander sends this one. He's going to become an “Assistant Blogger” if he keeps this up.

The New Student Excuse?

June 5, 2009

Most of us have had the experience of receiving e-mail with an attachment, trying to open the attachment, and finding a corrupted file that won't open. That concept is at the root of a new Web site advertising itself (perhaps serious only in part) as the new way for students to get extra time to finish their assignments. offers a service -- recently noted by several academic bloggers who have expressed concern -- that sells students (for only $3.95, soon to go up to $5.95) intentionally corrupted files. Why buy a corrupted file? Here's what the site says: "Step 1: After purchasing a file, rename the file e.g. Mike_Final-Paper. Step 2: E-mail the file to your professor along with your 'here's my assignment' e-mail. Step 3: It will take your professor several hours if not days to notice your file is 'unfortunately' corrupted. Use the time this website just bought you wisely and finish that paper!!!"

Friday, June 05, 2009

Interesting. A data thief who pays your bills for you? An organization who can tell what data was compromised? What planet are these folks from?

OK: City alerted to security breach

June 5, 2009 by admin Filed under: Government Sector, U.S.

Derrick Miller of The Duncan Banner reports:

When Donna Howell, City of Duncan personnel supervisor, went to make an ACH transaction (electronic payment) for the city Tuesday evening, she found something strange. The payment had already been made.

Knowing she didn’t make the payment, Howell got the city to look into the matter, and it was discovered that an electronic security breach occurred, putting not only city funds, but also customer banking information at risk.

Gerald Morris, financial director for the city, said, “There could be a breach of our customers’ bank information, those using bank draft.

[From the article:

After the breach was discovered, the city began contacting customers who had the highest risk of their accounts being breached.

The highest risk customers are those who use bank draft and have accounts beginning with a 1 or a 4. [Indicating they actually know what data was accessed! Bravo!! Bob]

Coming soon to a country near me? “Our security is perfect.”

Judge backs Halifax in Chip and PIN clone case

Phantom withdrawal verdict may go to appeal

By John Leyden Posted in Crime, 5th June 2009 06:27 GMT

Halifax, the UK retail bank, has scored a victory in a closely-watched 'phantom withdrawal' case that put the security of Chip and PIN on trial.

Halifax customer Alain Job sued the bank after he was held liable for making eight disputed cash machine withdrawals from his account. Job was left £2,100 out of pocket from the series of withdrawals in February 2006 and launched a lawsuit after failing to obtain a refund from the bank, or through arbitration.

Cases over "phantom withdrawals", where money is withdrawn from bank ATMs without the card holder's permission and where card details have not being divulged to third parties, are commonplace, even in the UK.

… Job's barrister, Stephen Mason, told IDG that Halifax had junked evidence that might have ascertained if a cloned card was used. The original ATM card and the Authorisation Request Cryptogram were destroyed by Halifax.

Guidance at last or a snowball's chance in hell?

Appellate judge asks Supreme Court to clarify privacy rights

Friday, June 05 2009 @ 05:07 AM EDT Contributed by: PrivacyNews

Is there a constitutional right to informational privacy?

That is a question that Chief Judge Alex Kozinski of the U.S. 9th Circuit Court of Appeals is asking the U.S. Supreme Court, saying that the justices hinted at such a right 32 years ago and "never said another word about it."

Kozinski urged the high court Thursday to clarify what, if any, right a citizen has to shield medical and mental health records from an employer's inspection. The issue arises from the successful challenge by workers at Jet Propulsion Laboratory, Caltech and other federal aerospace contractors to the Bush administration's demand for probing security reviews after the Sept. 11, 2001, terror attacks.

Source - Los Angeles Times

[From the article:

Senior research scientist Robert M. Nelson and 27 other JPL specialists sued NASA in 2007 to thwart the government's demands for access to their financial, medical and psychiatric records in exchange for letting them keep their jobs.

Truth, justice and the Swiss way?

War on Piracy More Important Than Right To Privacy

Written by enigmax on June 04, 2009

A Swiss court has ruled that an anti-piracy tracking company can continue monitoring the public on the Internet. The court said that the need to fight illicit file-sharers outweighs the need to protect an individual’s privacy on the Internet, and that the ends justified the means.

Gary Alexander passes this along...

Time Warner Under Fire For New Terms Of Service

Critics charge that policy changes are a threat to network neutrality.

By K.C. Jones InformationWeek June 2, 2009 03:52 PM

Time Warner (NYSE: TWX) has changed its terms of service, and network neutrality advocates say that the changes raise doubts about the provider's commitment to providing equal service.

"It is unfortunate that just as President Obama was reinforcing his commitment to Net Neutrality, Time Warner was publishing new terms of service that raises serious questions about the company's commitment to an Internet free of discrimination," Gigi Sohn, president and co-founder of Public Knowledge, said in a statement released Monday. [Does this make them Republican? Bob]

Public Knowledge argues that Time Warner's new terms of service allow the provider to use any bandwidth it wants for its own services "but puts its customers at risk if they use the Internet for services that may compete with Time Warner, such as video or telephone-like services." [Don't cable companies have a monopoly in the cities they serve? Doesn't that give then the right to exercise monopoly power? Bob]

Related Notice how frequently they change. It's as if a bunch of school children were brainstorming the ideal birthday party... “Oh! Then we could have pony rides!” “We need an ice cream machine, an ice cream machine!”

EFF Launches TOSBack - A 'Terms of Service' Tracker for Facebook, Google, eBay, and More

Friday, June 05 2009 @ 04:04 AM EDT Contributed by: PrivacyNews

"Terms of Service" policies on websites define how Internet businesses interact with you and use your personal information. But most web users don't read these policies -- or understand that the terms are constantly changing. To track these ever-evolving documents, the Electronic Frontier Foundation (EFF) is launching "TOSBack": a "terms of service" tracker for Facebook, Google, eBay, and other major websites.

... At, you can see a real-time feed of changes and updates to more than three dozen polices from the Internet's most popular online services. Clicking on an update brings you to a side-by-side before-and-after comparison, highlighting what has been removed from the policy and what has been added.

Source - EFF

Guidelines. If we see many (even poor) guidelines, we should be able to add the good bits into something useful.

EPIC Urges Privacy Protections for Government's Use of Social Media

Friday, June 05 2009 @ 03:54 AM EDT Contributed by: PrivacyNews

The DHS Privacy Office is seeking public comments on developing best practices on the government's use of social media. EPIC submitted comments on the benefits, issues and privacy best practices. EPIC recommended Privacy Act protections to the data collected, prohibit commercialization and sharing, and the use of a model certification system. See also EPIC's page on Social Networking Privacy, Network Advertising Initiative, and Deep Packet Inspection and Privacy..

Source -

Another set of guidelines – something that should already be part of the C-level review of new projects.

UK: ICO launches an updated guide for privacy impact assessments

Friday, June 05 2009 @ 04:09 AM EDT Contributed by: PrivacyNews

The Information Commissioner’s Office (ICO) is urging organisations to always consider the impact on individuals’ privacy before developing new IT systems or changing the way they handle personal information. The call comes as the ICO today launches the latest version of the Privacy Impact Assessment (PIA) handbook. The user friendly handbook is designed to help organisations address the risks to personal privacy before implementing new initiatives and technologies.

Source - ICO Press Release (pdf)

Notice that the “Standards” are voluntary, there is no requirement to make a print record (in case the machines die), nor is there a recommendation to provide the voter with a receipt that can ensure his vote is counted.

June 04, 2009

NIST Delivers Updated Draft Standards for Electronic Voting Machines

"The Commerce Department’s National Institute of Standards and Technology (NIST) delivered to the Election Assistance Commission (EAC) a draft revision to the 2005 federal Voluntary Voting System Guidelines (VVSG) Version 1.0, specifying how electronic voting machines are built and tested. The EAC has made the draft revision available for public comment today, with a final version expected by the end of 2009... The draft revision, titled Voluntary Voting System Guidelines, Version 1.1, provides improved requirements for electronic voting machine accuracy, reliability, usability, accessibility and security."


Monticello, MN beats the phone company; Internet a "utility"

Monticello, Minnesota hoped to set state precedent by building its own fiber-to-the-home link for every resident in town. The phone company sued, but after a year in litigation, the state Court of Appeals has ruled that Internet is indeed a "utility" that can be provided by local communities and funded by city bonds.

By Nate Anderson | Last updated June 3, 2009 8:16 AM CT

The local telephone company in an 11,000-person Minnesota town objected when the town decided to lay its own fiber optic network. The telco filed a lawsuit, and then suddenly rolled out its own fiber network while the case was tied up in courts. Today, a state appeals court ruled in the city's favor (PDF); Internet access was certainly a "utility," the court said, and the city was well within its rights to finance the project as it did.

… The court shot down Bridgewater's argument that Internet service could not yet be considered a utility because it doesn't have the "near universal usage common to a utility."

The court said that "this argument is flawed. As noted by Monticello, 'it would be absurd to conclude that the Minnesota Legislature [allows revenue bonds] to be used only to fund the creation of systems that provide services that are already in universal or near-universal use'... It is illogical to conclude that something is or is not a utility based on the number of people who have access to it."

Forcing your strategy to ignore logic? Perhaps newspapers have vilified business for so long they refuse to learn anything about how to run one?

The API’s Plan To Save Newspapers: Let’s Put Humpty Dumpty Back Together Again

by Leena Rao on June 3, 2009

At last week’s hush, hush meeting of newspaper execs on how to monetize content and save a dying industry, the American Press Institute presented a white paper that offers a step by step plan of how newspapers should move forward with paid content.

… The report suggests several models to implement paid content, including micropayments, subscriptions and hybrid models. Google is compared to an atom bomb that “blew up the content business into millions of atomized pieces,” leaving news organizations with the mess of putting things back together. Comparing newspapers to “Humpty Dumpty”, the paper paints a “poor-me” tale of how news orgs are scrambling to put all the pieces back together to “restore their integrity.” And of course, news enterprises are also forced to suffer a second related atom bomb: hyper-linking. The report says: “The culture of hyper-linking and hyper-syndication that fuels the interactive Web has become an atom bomb for the old news business model.” So the remedy for putting the pieces back together according to the API: charge for content, stick it to Google, and renegotiate subscription models with Amazon for the Kindle (which it implies is unfairly making more money from content than newspapers). Apparently, nobody at the API has actually read Humpty Dumpty, otherwise they would know that you can never put the pieces back together again.

The API recommends a five pronged business plan, divided by “doctrines,” to charge users for content:

  1. True Value Doctrine: Newspapers should create value by beginning to charge for it.

[“If you charge them, they will come.” Sound backwards to you? Bob]

Another inevitable evolution. Broadcast and cable and satellite TV is doomed.

Watch YouTube Videos on Your Large Screen TV

Jun. 5th, 2009 By Karl L. Gechlik

… Google has heard all your bellyaching and ultimately super-sized YouTube for your TV!

Something for my Hacker Club?

Hackers Targeting Windows XP-Based ATM Machines

Posted 06/04/09 at 03:30:20 PM by Paul Lilly

For the Swiss Army folder (Because you can't own all the software used anywhere) Also useful for forensic analysis...

ViewDocsOnline: Open Documents Online.

Similar tools: OpenItOnline and

Thursday, June 04, 2009

Lessons in non-disclosure disclosure? What do victims need to know?

OIS Commentary: And some walls will come tumbling down

June 3, 2009 by admin Filed under: Breach Laws, Breach Reports, Commentaries and Analyses, Federal, Healthcare Sector, ID Theft, Insider, Legislation, Lost or Missing, Theft, U.S.

One of yesterday’s posts on reports a data breach involving Kelsey-Seybold Clinic that has not been reported in the mainstream media. I contacted Kelsey-Seybold after a site visitor alerted me to the breach. The report is frustratingly short on details, though, because Kelsey-Seybold could — and did — simply ignore questions it did not to want to answer. Perhaps they provided their patients with a fuller disclosure, and I hope they did, but the contrast between their approach to voluntary public disclosure and that of Johns Hopkins Hospital is striking.

Thankfully, when the HITECH Act provisions incorporated in Public Law 111-5 (ARRA) go into effect, entities who have stonewalled reporters or bloggers or who otherwise try to keep breaches out of the media will probably have to rethink their public relations and disclosure approach. Although not all breaches involving personal health information (PHI) will have to be publicly disclosed, many more will, and the notice and notification provisions in the law include both publishing a notice in prominent media outlets and notifying the federal government who will post the breach on a public web site maintained by Health & Human Services (HHS).

Under the contents of notification provisions of HITECH, we still won’t necessarily know how many patients were affected in any particular breach (other than it affected 500 or more), and it is not clear to me whether saying a “laptop was stolen was from an employee” would suffice for the brief description of if the entity would have to include the location of the theft (from the office, vehicle, home, etc.), but I am hopeful that we will get more information than we have gotten to date.

The breach notification requirements under the HITECH Act go into effect 30 days after the date that interim final regulations are promulgated, which was to be no later than 180 days after the date of enactment of the law in February. If HHS does publish the regulations by August 16, 2009, the breach notification obligations should go into effect mid-September. Maybe I’ll post a countdown clock on the site so that I have something to look forward to.

Is Canada heading down the UK's surveillance path? Will the “It's for the children” argument prevail?

Federal Ombudsman for Victims of Crime Recommends Changes to Address Internet-Facilitated Child Sexual Abuse

OTTAWA (Ontario), June 2, 2009 - The Office of the Federal Ombudsman for Victims of Crime (FOVC) today released its first special report Every Image, Every Child which makes nine recommendations to the federal government on how to address the difficult issue of internet-facilitated child sexual abuse.

  • introducing legislation to make it mandatory for Internet service providers to give law enforcement basic customer name and address information upon request; [“We don't need no stinking warrant! Bob]

  • requiring internet service providers to keep data and internet surfing records for longer periods to ensure that evidence is not destroyed; and [“Because we can make evidence out of anything!” Bob]

  • making it a criminal offence to refuse to give law enforcement a password or encryption information during an investigation. [“You ain't got no privacy!” Bob]

… The complete report, along with a backgrounder summarizing the recommendations and a statistical summary, is available by calling the Office toll-free at: 1-866-481-8429.

Technology makes it easy for the untrained to perform complex tasks. As long as the computer does what the programmer intends, this might work. The problem would seem to be: can you anticipate everything? Would the computer know it was looking at samples/evidence on an attorney's computer or a doctor's or a teachers?

UK Police Want Plug-In Computer Crime Detectors

Posted by timothy on Wednesday June 03, @04:20PM from the type-I-errors-type-II-errors-and-bonus-privacy-invasion dept. Privacy Government Security Hardware

An anonymous reader writes

"UK police are talking to private companies about using plug-in USB devices that can scour the hard drive of any device they are attached to, searching for evidence of illegal activity. The UK's Association of Chief Police Officers is considering using commercial devices that can perform targeted searches of text, pictures and computer code on hard drives, allowing untrained cops to detect anything from correspondence on stolen goods to child pornography. Police in the UK are desperate for a way of slashing the backlog of machines seized by the police in raids, with many forces having a backlog that will take a year to process." Maybe they shouldn't seize so many computers.

(Is their logic in wisdom or wisdom in logic?) You will attract lawsuits or even new legislation if your efforts are devoted to pointing out how poorly bureaucrats do their jobs.

Court: Virginia Watchdog can continue to publish some SSNs

Wednesday, June 03 2009 @ 09:30 AM EDT Contributed by: PrivacyNews

It may seem somewhat ironic in light of a breach report I posted elsewhere yesterday, but U.S. District Judge Robert Payne issued a permanent injunction yesterday that allows Virginia privacy advocate B. J. Ostergren to continue posting some Social Security numbers on her web site, The Virgina Watchdog.

The case raised First Amendment issues. Judge Payne had previously ruled that a Virginia law designed to reduce identity theft was unconstitutional as it applied to Ostergren's web site. Now, in determining the scope of a permanent injunction, he analyzed the situation as if the web site was a newspaper that did -- and will continue to -- publish truthful information that was lawfully obtained.

In a ruling that took the state to task for what it hasn't done to protect SSNs, he wrote:

"The relevant case law is clear that, if the State wishes to claim that the confidentiality of a certain piece of information is a State interest of the highest order, then the State should not make that information publicly available."

And reviewing the current status of the state's redaction efforts, Judge Payne notes:

"The State has furnished no justification for why the land records of clerks that have not completed redaction have not simply been removed from the internet until the redaction is complete. The necessary inference drawn from the choices of the General Assembly .... is that the State is of the view that having the documents available on the internet is of greater importance to the State than protecting confidentiality of the SSNs in those records."

In trying to balance Ostergren's First Amendment rights against the very real issues concerning ID theft, Judge Payne held that Ostergren could continue to use the SSN-containing public records of "State legislators, State Executive Officers, and Clerks of the Court, those who can actually act to correct the problem" while prohibiting the use of SSNs of "innocent members of the public who did nothing to cause the problem and who can do nothing to change the law or appropriate or expend funds to address the problem."

On the other hand...

Judge Tosses Telecom Spy Suits -- EFF and ACLU to Appeal

Wednesday, June 03 2009 @ 12:49 PM EDT Contributed by: PrivacyNews

A federal judge on Wednesday dismissed lawsuits targeting the nation’s telecommunication companies for their participation in President George W. Bush’s once-secret electronic eavesdropping program.

In his ruling, U.S. District Judge Vaughn Walker upheld summer legislation protecting the companies from the lawsuits. The legislation, which then-Sen. Barack Obama voted for, also granted the government the authority to monitor American’s telecommunications without warrants if the subject was communicating with somebody overseas suspected of terrorism.

Source - Threat Level

Update: EFF and the ACLU plan to appeal the dismissal of the suits:

The Electronic Frontier Foundation (EFF) and the American Civil Liberties Union (ACLU) California and Illinois affiliates are planning to appeal the decision to the 9th U.S. Circuit Court of Appeals, arguing that FISAAA is unconstitutional.

"We're deeply disappointed in Judge Walker's ruling today," said EFF Legal Director Cindy Cohn. "The retroactive immunity law unconstitutionally takes away Americans' claims arising out of the First and Fourth Amendments, violates the federal government's separation of powers as established in the Constitution, and robs innocent telecom customers of their rights without due process of law."

Read the press release.

Arrogance, thy name is Ballmer... Other companies will likely do the same, but they won't irritate people by throwing it in their face.

Ballmer Says Tax Would Move Microsoft Jobs Offshore (Update3)

By Ryan J. Donmoyer

June 3 (Bloomberg) -- Microsoft Corp. Chief Executive Officer Steven Ballmer said the world’s largest software company would move some employees offshore if Congress enacts President Barack Obama’s plans to impose higher taxes on U.S. companies’ foreign profits.

“It makes U.S. jobs more expensive,” Ballmer said in an interview. “We’re better off taking lots of people and moving them out of the U.S. as opposed to keeping them inside the U.S.”

Not as neatly laid out as Bing, but along the same lines.

June 03, 2009

Google Squared Now Live

"Google Squared is a search tool that helps you quickly build a collection of facts from the Web for any topic you specify.

  • Facts about your topic are organized as a table of items and attributes (we call them "Squares" for fun).

  • Customize these Squares to see just the items and attributes you're interested in.

  • See the websites that served as sources for the information in your Square.

  • Save and share Squares with others."

Hard to remember the time when many people had never even heard of the Internet.

June 03, 2009

Internet Use Triples in Decade, Census Bureau Reports

"New data from the U.S. Census Bureau show that 62 percent of households reported using Internet access in the home in 2007, an increase from 18 percent in 1997, the first year the bureau collected data on Internet use. Sixty-four percent of individuals 18 and over used the Internet from any location in 2007, while only 22 percent did so in 1997. Among households using the Internet in 2007, 82 percent reported using a high-speed connection, and 17 percent used a dial-up connection."

Related This trend was pretty easy to predict, but it still seems far from adequate. Prices need to fall farther and 'on demand' libraries need to be huge.

Music Streaming to Overtake Downloads

Posted by samzenpus on Thursday June 04, @02:41AM from the how-do-you-steal-a-stream dept. Music The Internet

Barence writes

"Streaming will overtake download services to become the dominant force in the online music industry, according to industry insiders. The claim comes in the wake of the PRS cutting the amount of royalties streaming services have to pay songwriters to about a third. Sites will now pay the PRS 0.085p per track, compared to the 0.22p they paid previously. On-demand streaming services still have to pay the record labels about 1p for every track streamed, however. Steve Purdham, CEO of music service We7, says the move will accelerate the growing trend towards online streaming which has seen newcomers such as his site and Spotify attract millions of users in less than a year. 'Over the next 12-24 months you'll see a move towards listening [online],' Purdham told PC Pro. 'Why do you actually need to have something downloaded on your PC? The streaming idea is really the future.'"

Related “If you build it, the taxman will come.” Evasion is easy. Enforcement is hard.

Download Taxes As a Weapon Against File-Sharing

Posted by timothy on Wednesday June 03, @05:08PM from the nothing-too-original-because-hey-this-is-hollywood dept.

An anonymous reader writes

"An examination of a new "digital downloads" taxation law in Washington State suggests that files downloaded via file sharing programs may be covered by the law — meaning that you may be expected to pay taxes based on 'the value of the digital product ... determined by the retail selling price of a similar digital product.' Thus, if you were to download music or movies and not pay the taxes, would you be liable for tax evasion charges? How much do you want to bet the RIAA will push exactly that claim?"

Wednesday, June 03, 2009

It's a matter of scale. A big breach (TJX) can make really big campaign contributions...

MI: Credit-card thefts blamed for Spicy Pickle closings

June 2, 2009 by admin Filed under: Business Sector, Hack, ID Theft, U.S.

This follow-up to a breach originally reported on last year demonstrates how what might appear to be less than catastrophic data breaches can wipe out a small or medium-sized business.

William R. Wood reports on

The area’s two Spicy Pickle restaurants closed Monday, their owner saying that they were victims of the fallout from a credit-card theft that happened at one of the restaurants last fall.

Thieves hacked into the computers of the Spicy Pickle location at 3774 W. Centre Ave. between last September and November, gained access to the credit-card information of about 150 customers and made purchases using the information.

Spicy Pickle may have been one of the first businesses in Kalamazoo to be targeted by computer hackers.

“It hurt us so bad, you wouldn’t believe it,” Spicy Pickle co-owner Terry Henderson said of the effects the thefts had on customers, and the chilling effect it had on business. “It went on for weeks. We never recovered our sales levels. We never came close.

Bad idea! But then look who the AG is... 1) Now anyone you deal with will assume you are guilty unless you can produce “proof” of your innocence. (Will you need multiple “passports” if you travel to other states? Another excuse for RealID?) 2) We now have another target for wholesale hacking.

DE: AG helps ID theft victims get their lives back

Tuesday, June 02 2009 @ 03:13 PM EDT Contributed by: PrivacyNews

The Delaware Attorney General's Office will soon be using holographic technology developed by DuPont to help identity theft victims move on with their lives.

The ID Theft Passport is a laminated photo identification the AG's office will give to victims to substantiate the crime and help prevent arrest for offenses committed by someone else using a victim's stolen information. It can be presented to creditors to aid in the investigation of fraudulent charges, and to consumer reporting agencies as official notice of disputed charges on credit reports.

Source -

Why are all lawyers rich? (Makes an interesting idea for a Mutual Fund...)

Investing In Lawsuits Beats the Street

Posted by kdawson on Wednesday June 03, @05:01AM from the some-dare-call-it-champerty dept.

guga31bb sends word on the next wave of investment in a slow market: bankrolling others' lawsuits. The practice sounds on the face of it indistinguishable from champerty.

"Juris typically invests $500,000 to $3 million in a case, Mr. Desser said. He would not identify the company's backers, but said that 'on the portfolio as a whole, our returns are well in excess of 20 percent per year.' He added, 'We're certainly beating the market.'"

Related Let's replace lawyers with automation! - Online Storehouse Of Legal Documents

… On this site you can get access to a wide assortment of documents like court filings and decisions, in addition to an assortment of forms and articles, etc. In case you want to receive a number of alerts and newsletters that are uploaded on a daily basis, then this is a website you should take a look at. was created and designed by lawyers and gives you all the information you need to get from trusted law firms, as well as advocacy groups, law professors, etc. In this way anybody will have the chance to learn more about different legal matters right away.

It isn't confusing, unless you believe ethics vary depending on the situation? e.g. Murder is never right, unless you murder scabs during a labor strike.

The Obama Administration’s Silence on Privacy

Tuesday, June 02 2009 @ 10:55 AM EDT Contributed by: PrivacyNews

The Obama administration is attempting to take the lead on a number of technology issues, including cybersecurity, network neutrality and broadband availability. But one prominent omission is privacy, a topic about which the administration has said very little.

... Peter Swire, an Ohio State law professor who served on the Obama transition team, offered one reason why it may be difficult for the administration to find its voice on privacy. There is a split, he told the conference, between the typical view of privacy among technology experts and the emerging view of people brought up in the social-networking, Web 2.0 world.

Source - New York Times

But not knowing the policy won't stop them from enforcing it – at least as far a businesses are concerned.

White House Aide Warns Online Advertisers To Be Monitored

Tuesday, June 02 2009 @ 08:51 AM EDT Contributed by: PrivacyNews

A senior aide to President Barack Obama on Tuesday warned that the administration will keep a close watch on online advertisers that track consumers' Internet activity.

"Online tracking and data collection, put together with inadequate notice to consumers about what information is collected and how it is used, raises critical privacy issues," said Susan Crawford, special assistant to the president and a member of the National Economic Council.

Source - Wall Street Journal

Got Expertise? (Not as catchy as “Got Milk?” is it.)

Mahalo 2.0 is Wikipedia plus money

by Rafe Needleman June 2, 2009 5:00 PM PDT

Jason Calacanis, CEO of Mahalo, is modifying his business once again. He's taking a page from Wikipedia and opening up his curated topic pages to user editing. The big difference from Wikipedia is that he's melding this idea with the Mahalo Answers business model in which users are paid for contributing content to the site.

… Registered Mahalo users will be able to "claim" pages on the site. For example, if you're an expert in Betty Boop trivia, you'd claim the Betty Boop page. You'd be responsible for keep the content on the page relevant and fresh. In return, you will get half the advertising revenue (Mahalo uses Google AdSense) that the page generates.

Since they are all free, how do you choose?

June 02, 2009

Comparison: Bing vs. Google vs. Yahoo

PC World - Bing vs. Google vs. Yahoo: Feature Smackdown - quick, useful guide with accompanying screenshots, includes tools and features for shopping, local, travel, music and health.

Related Same thing in other search engines takes as many as two extra clicks!

Parents beware: Bing previews video porn

by Larry Magid June 2, 2009 3:00 PM PDT

Microsoft's new Bing search engine has a highly touted feature that some parents may find troublesome. Bing's video search tool has a preview mode that lets you view and listen to part of a video simply by hovering over it with your mouse. Trouble is, it works with porn as well as "family friendly" videos.

Do you need a clearer indication that there are musicians out there who are not too happy with the recording industry?

Artists Abused in Pirate Bay Trial Strike Back

Written by Ernesto on June 02, 2009

Hiphop group Advance Patrol was used by the music industry in the Pirate Bay trial, portrayed as artists suffering losses from illegal downloading. However, the group itself was never consulted, and they are now striking back at the music industry by releasing their new album for free - on The Pirate Bay, of course.

Another for the Swiss Army folder. It makes it easier to steal plagerize do detailed research... I've used Readability successfully.

AllTextPaper: Makes Hard To Read Web Pages Readable

If you often find yourself reading webpages with weird sparkly design and annoying ads, try It is a simple browser bookmarklet that can instantly remove all the clutter (design, ads and banners) from those hard to read web pages leaving only nicely formatted text content.

Similar websites: TidyRead and Readability.

Another replacement for PowerPoint

Make Your Speeches Shine with Acrobat Presentations

Jun. 2nd, 2009 By David Pierce

… It’s called Presentations, and is the latest offering from the folks at Adobe’s, the makers of (among other things) Buzzword, a fantastic online word processor.

To get to Presentations, go to the site, and look at the bottom. There’s a link for Presentations near the bottom – this is Adobe’s way of making sure you know it’s not a full-featured release yet. But it’s still darn good.

Tuesday, June 02, 2009

Something for the US would be nice...

Personal data guardianship code

Every organisation which handles personal data should have in place specific rules and procedures that protect the rights of data subjects.

This Personal Data Guardianship Code is intended to help organisations and the people in them who handle personal data understand their individual responsibilities.

It aims to promote best practice and provide 'common sense' guidance, in the same way that the Highway Code provides guidance to motorists to enable them to drive safely for the benefit of both themselves and other road users.

This is a code of good practice that encompasses discharging your legal duties.

Personal Data Guardianship Code - PDF version (2.4 Mb)

This works for my statistics and security students!

Predicting data breaches: Must love logarithms

Monday, June 01 2009 @ 03:14 PM EDT Contributed by: PrivacyNews

Over on Finblog, Paul Penrose provides a nice summary of a study by Voltage Security:

"Fourteen data breaches will, over the next year, each expose one million or more records to potential use by criminals. And, at least one breach of over 10 million records will affect nearly five percent of the US population.

Voltage Security's study uses data from OSF's DataLoss DB. In the report itself, they say:

"If the logarithm of the number of records compromised is normally distributed, we can use this model to estimate the chances of data breaches of various sizes happening in the future. This might give us an idea of what we will see in the news over the next few months."

Comment by Dissent:

I am not sure that a logarithm model will be appropriate for predicting future breaches. If organizations were to actually learn lessons from known breaches and decide to not hang onto data forever, remove SSNs, stop storing full credit card numbers, employ more encryption, take databases offline, or otherwise reduce the value of the database, then we might expect to see fewer large breaches rather than more. Similarly, if an attack of a particular kind on a large database is publicized as having been successful in one particular sector, then additional similar attacks on that sector may be more likely. Was it a coincidence that Heartland Payment Systems was compromised during the same relative time period as RBS WorldPay, Symmetrex, and perhaps other as yet unknown processor databases or is there something more systematic about breaches?

But perhaps I misunderstand their model. Math modeling was my least favorite course in grad school, followed closely by ROC curves. In any event, it will be interesting to see how their model works over the next year.

[The Paper:

[Interactive map:

From another interesting blog...

Sedona on Quality: a Must-Read Commentary

The Sedona Conference® Commentary on Achieving Quality in the E-Discovery Process is a must read for anyone seeking to improve their skills in project management, especially in the core functions of search and review. One of its most important insights is that metrics and statistics are now indispensable tools of discovery. The importance of statistics to the law is actually an old insight that has taken a long time to materialize.

I guess this is the technological equivalent of talking with you children...

Spyware evidence approved for trial

Tuesday, June 02 2009 @ 05:12 AM EDT Contributed by: PrivacyNews

Intercepted computer communications between a then-Redemptorist High School teacher/coach and a 14-year-old female student can be used by prosecutors, a state judge ruled Monday.

The girl’s mother installed “Tattletale’’ spyware software on her daughter’s computer after suspecting something inappropriate was going on between her daughter and Ray Samuel Clement III.

Source - The Advocate

[From the article:

… (state District Judge Tony) Marabella, who noted that the girl’s mother was very concerned about her minor daughter’s behavior, said the woman did not need her daughter’s consent to place the spyware software on her computer.

Related? Is a government like a mom? Could we depend on governments to use this data as they suggest? If they miss a serial killer are they liable or can that be dismissed as a minor “Oops!”

NC: City Wants Surveillance Cameras to Record Every License Plate

Tuesday, June 02 2009 @ 05:27 AM EDT Contributed by: PrivacyNews

Police in North Carolina want to build surveillance cameras that would record every car license that passes by and run it through the FBI’s criminal database, alerting authorities in real time if it finds a match.

The system would store license plate numbers for up to a year to provide authorities with historic data should they want to review the data later.

Source - Threat Level

No one ever asks me... Wait, does that mean they are respecting my privacy?

Google Is Top Tracker of Surfers in Study

Tuesday, June 02 2009 @ 05:48 AM EDT Contributed by: PrivacyNews

When asked about online privacy, most people say they want more information about how they are being tracked and more control over how their personal information is used. Those consumer expectations are rarely in line with the data collection practices of Internet companies, which often collect information about their users not only on their own sites, but also when those users visit other sites across the Web.

Those are some of the central findings of a new privacy study conducted by a group of graduate students at the University of California, Berkeley, which was released late Monday.

Source - New York Times

The richest time for intelligence gathering is during a change of administration (AKA: regime change)

June 01, 2009

2009 National Intelligence: A Consumer's Guide

nextgov - Bob Brewin posted the link to this 114 page PDF document, 2009 National Intelligence: A Consumer's Guide, and stated that this handbook, "distributed to intelligence professionals, which, among other things, highlights some top-secret networks that until now have been, well, top secret."

Can lawyers be innovative? Apparently, yes! But Auditors can't innovate. No doubt their defense here will be that they certified compliance with the standards and procedures the CISP required – they did not certify CardSystems as “secure.”

In Legal First, Data-Breach Suit Targets Auditor

By Kim Zetter Email Author June 2, 2009 12:00 am

When CardSystems Solutions was hacked in 2004 in one of the largest credit card data breaches at the time, it reached for its security auditor’s report.

In theory, CardSystems should have been safe. The industry’s primary security standard, known then as CISP, was touted as a sure way to protect data. And CardSystems’ auditor, Savvis Inc, had just given them a clean bill of health three months before.

Yet, despite those assurances, 263,000 card numbers were stolen from CardSystems, and nearly 40 million were compromised.

More than four years later, Savvis is being pulled into court in a novel suit that legal experts say could force increased scrutiny on largely self-regulated credit card security practices.

They say the case represents an evolution in data breach litigation and raises increasingly important questions about not only the liability of companies that handle card data but also the liability of third parties that audit and certify the trustworthiness of those companies.

… The case, which appears to be among the first of its kind against a security auditing firm, highlights flaws in the standards that were established by the financial industry to protect consumer bank data. It also exposes the ineffectiveness of an auditing system that was supposed to guarantee that card processors and other businesses complied with the standards.

Microsoft tries to be Google?

Go Bing Yourself, Right Now

by Erick Schonfeld on May 31, 2009

It doesn’t have quite the same ring to it as go Google yourself, but now you can go Bing yourself. (Then again, Google took a few years to become a verb.). Bing, Microsoft’s latest effort to compete in search, is now live on a “preview” site. The key thing to pay attention to is the guided search assistance on the left and the different experiences for the travel, images, video, maps, news, and shopping tabs.

This has potential. Imagine a mash-up where you could take a picture and merge it with different hair styles, clothes, scenery, etc. You could make your own movies... - Create A 3D Face Model

Wow! That is the only thing I could say after I’ve navigated through this site. This is an innovative website that was created in order to give you a good picture of a new technology with one of the most realistic simulations you have ever seen.

… The way in which the animation moves is truly realistic and natural. In fact, if you are not a very picky observer you will not be sure if what you are seeing is a real person or not.

… This system has a face engine that produces a number of natural facial expressions in order to communicate various emotions.

I just love useful lists...

Lifehacker Pack 2009: Our List of Essential Free Windows Downloads

By Kevin Purdy, 4:30 PM on Mon Jun 1 2009

Monday, June 01, 2009

A technological solution to a problem that doesn't exist? In the US, we just flunk them...

University Gives Away iPhones To Curb Truancy

Posted by timothy on Monday June 01, @12:18AM from the give-me-lobster-and-I-won't-skip-dinner dept.

Norsefire writes "A Japanese University is giving away iPhones to its students to use the phones' GPS functionality to catch students who skip classes. The University claims students currently fake attendance by having other students answer for them during rollcall, they also said that while this can be abused by giving other students the phone, they are much less likely to do this due to the personal information, such as email, a phone generally contains."

“When we said we'd never do that again, what we meant was we will do that again when we think you're not looking.”

Time Warner ToS Changes Could Mean Tiered Pricing, Throttling

Posted by timothy on Sunday May 31, @03:33PM from the testing-what-the-market-will-bear dept. Television Businesses The Almighty Buck The Internet

Mirell writes

"Time Warner Cable has recently changed their Terms of Service, so that they are allowed to charge you at their discretion via consumption-based billing. They were shot down a few months ago after raising the wrath of many subscribers and several politicians. Now they're trying again, but since they make exclusions for their own voice and video not to count against the cap, this could draw the attention of the FCC."

This is typical government. No one will see us digging the trench – we're invisible!

When Your Backhoe Cuts "Black" Fiber

Posted by timothy on Sunday May 31, @09:09PM from the careful-with-that-thing dept. The Internet Government Technology

bernieS writes

"The Washington Post describes what happens when a construction backhoe accidentally cuts buried fiber so secret that it doesn't appear on public maps — and what happens when the Men in Black SUV's appear out of nowhere. Apparently, the numerous secret fiber and utility lines used by government intelligence agencies are being dug up with increasing frequency with all the increased construction projects in the DC area. It's amazing how quickly they get repaired!"

One for the Swiss Army folder. 'Cause you never know what might make the students “get it”

WidGenie: Provides Widgets For Presenting Data Visually

Data in its raw form does not make sense to everybody. If you are like me, you would want to see data visually through a chart or a graph to understand it better. WidGenie allows you to do just that. You can upload your data (excel spreadsheets or CSV file) from the local drive or feed it from sources like Google Docs.

For my soon-to-be-ex students. Remember, I get 10% of everything you make...

May 31, 2009

Job Searcher's Guide to Online Job Sites

From the World Privacy Forum: "This guide to online job sites, Job Searcher's Guide to Online Job Sites, is a list of the top job searching sites online. This list gives information about the privacy practices at each site. Because resumes contain such detailed personal and professional information, it is well worth caring about how job search sites handle privacy issues. This guide is updated monthly, and we add new information to the guide monthly."

Sunday, May 31, 2009

Not serious, but probably was avoidable.

FBI E-mail Clobbered After Virus

Robert McMillan, IDG News Service May 29, 2009 1:40 pm

The FBI did not provide details on the security incident, but it looks as though hackers may have used maliciously encoded file attachments to hack into the network. In its statement, the FBI said it was now blocking users from sending or receiving attachments on the unclassified network "to give our technicians time to scan all the attachments that came into the e-mail system to make sure we have identified and mitigated all threats to the network."

Our government does it, so we can too!”

Ca: Cinema ordered to pay $10K in damages for search

Saturday, May 30 2009 @ 07:07 PM EDT Contributed by: PrivacyNews

A Quebec court has ordered a cinema to pay $10,000 in damages after staff searched patrons' bags and turned up smuggled snacks and birth control pills -- and in the process violated their privacy rights.

Source - via BoingBoing

[From the article:

Staff at the theatre were searching customers' bags for video equipment that could be used for movie piracy.

Security guards didn't find any video equipment in the family's bags, but did turn up a large selection of snack food, which they asked the family to take back to their vehicle, Lurie said.

"They did so willingly. But they continued the search of the bags and while searching they also uncovered some birth control pills belonging to the older daughter," Lurie said.

"Needless to say the mother was not pleased to find out in this manner that her daughter had those pills in her possession."

… Vince Guzzo, vice-president of Cinemas Guzzo, told CTV Montreal that the judge ruled cinema staff can still search bags, but must follow stricter rules when doing so.

Related Another indication that lawmakers do not understand technology (and perhaps that technology makers do not understand law)

Microsoft Not the Only Firm Blocking IM Service To US Enemies

Posted by Soulskill on Saturday May 30, @09:17AM from the unfortunate-consistency dept. Censorship America Online Google Microsoft The Internet

ericatcw writes

"It was reported last week that Microsoft had cut access to its Windows Live Messenger instant messaging service to citizens of five countries with whom the US has trade embargoes. Now, it turns out that Google and, apparently, AOL have taken similar actions. According to a lawyer quoted by Computerworld, even free, downloaded apps are viewed as 'exports' by the US government — meaning totally in-the-cloud services such as e-mail may escape the rules. Either way, there appear to be a number of ways determined citizens of Syria, Iran, and Cuba can get around the ban."

[From the article:

Microsoft declined to comment to the IDG News Service on whether it had been contacted by OFAC or had voluntarily implemented the ban. A lawyer who advises companies on OFAC compliance said that while offering communications services such as IM to sanctioned countries such as Iran or Cuba is not restricted by OFAC, offering software is. That's because software, even free apps downloadable from the Internet, are considered exportable goods, and thus can be banned by OFAC, according to the lawyer, who requested anonymity.

… The bans are unlikely to stop techie or resourceful citizens in banned countries from logging into these IM services, though.

Middle Eastern tech news site reported earlier this week that Syrian residents were getting around the ban by simply changing their country/region in their Microsoft Web accounts.

Another simple potential workaround is to use one of many third-party instant messaging clients or Web sites that allow users to connect to multiple IM services, including Windows Live Messenger.

Still another, more technical, workaround is for residents of affected countries to hide their IP address by connecting through a proxy server first. Such services are already used by those interested in protecting their privacy online.

I have enough concerns when Microsoft “forces” an update to products I don't use (Internet Explorer) but now they want to change a non- Microsoft product? Class Action, anyone?

Microsoft Update Quietly Installs Firefox Extension

A routine security update for a Microsoft Windows component installed on tens of millions of computers has quietly installed an extra add-on for an untold number of users surfing the Web with Mozilla's Firefox Web browser.

… Apparently, the .NET update automatically installs its own Firefox add-on that is difficult -- if not dangerous -- to remove, once installed., which lists various aspects of Windows that are, well, annoying, says "this update adds to Firefox one of the most dangerous vulnerabilities present in all versions of Internet Explorer: the ability for Web sites to easily and quietly install software on your PC." I'm not sure I'd put things in quite such dire terms, but I'm fairly confident that a decent number of Firefox for Windows users are rabidly anti-Internet Explorer, and would take umbrage at the very notion of Redmond monkeying with the browser in any way.

Big deal, you say? I can just uninstall the add-on via Firefox's handy Add-ons interface, right? Not so fast. The trouble is, Microsoft has disabled the "uninstall" button on the extension. What's more, Microsoft tells us that the only way to get rid of this thing is to modify the Windows registry, an exercise that -- if done imprecisely -- can cause Windows systems to fail to boot up.

For the Swiss Arny folder – because I can't make permanent changes to the computers I teach from...

Transferr: Visual Bookmark Organizer

Transferr is an online visual bookmark organizer that lets you save and access your favorite websites from anywhere online.

Similar tools: SpeedTile, Tizmos and Only2Clicks.


Web Annotation For Students or Professionals From WebNotes (+100 Invites)

May. 30th, 2009 By David Pierce

WebNotes is ... an application that lets you highlight, annotate, and save web pages to make your research easier. No more digging through pages to find the six words you needed – you can save it as a highlighted page, or just save the highlights themselves. There’s notes taking, sharing, and much more, all within the WebNotes service.

I have a few students who might find this useful.

3 Wikis To Study Smarter Online

May. 30th, 2009 By Tina

… Here is a list of three Wikis that may help boost your online studying:

DiRT - Digital Research Tools Wiki

DiRT contains a comprehensive collection of tools and resources that can be used by students or scholars in their research.


Medpedia is a recently-launched wiki concerned with medical topics.

Textbook Revolution

Here we have a resource specifically for students or those who wish to learn new tricks.

Textbook Revolution features free educational materials on a wide variety of topics such as biology, earth sciences or world history.