Saturday, June 13, 2009

There is no good way to determine if my credit card issuer replaced my card because of a old breach or a new breach, unless they are willing to spell it out for me.

AL: Major Credit Card Security Breach, Thousands Affected

June 12, 2009 @ 8:26 pm by admin Filed under: Breach Incidents, Financial Sector, Hack, ID Theft, U.S.

A major credit card security breach is affecting thousands of people tonight. We have confirmed several credit card companies are canceling accounts and issuing new credit and check cards.


NBC 15 News contacted Visa to try to find out where the security breach happened.. A Visa representative told us: For security, the bank does not disclose that information to its customers. They always are going to refer you to Visa, but unfortunately at Visa we don’t have access to anyone’s information. It can only be accessed through the bank. Officials with Bank of America, a Visa cardholder, would not talk either. The bank says letters are already in the mail en route to their affected customers.

Read more of this somewhat puzzling report on MSNBC. I’m not sure if this is new or more fall-out from Heartland. On June 4, there were reports out of Georgia on new fraudulent charges on cards that were reportedly due to the Heartland breach.

The manufacturer tells them to change the password before doing anything else. Computer Security classes point to this as a common point of failure. Auditors always look for default passwords. So, don't be surprised when the ethically-challenged try it themselves – because it works!

Default Passwords Blamed In $55M PBX Hacks

Posted by ScuttleMonkey on Saturday June 13, @03:27AM from the god-sex-love dept. security court

An anonymous reader writes

"The Washington Post is reporting that the US Justice Department has indicted three residents of the Philippines for breaking into more than 2,500 corporate PBX systems in the United States and abroad. The government says the hackers sold access to those systems to operators of call centers in Italy, which allegedly made 12 million minutes of unauthorized phone calls through the system, valued at more than $55 million. The DOJ's action coincides with an announcement from Italian authorities today of the arrest of five men there who are suspected of funneling the profits from those call centers to terrorist groups in Southeast Asia."

How malware works. This type of tool would also be quite useful in a cyberwar...

The Birth and Battle of Conficker

Posted by ScuttleMonkey on Friday June 12, @09:12PM from the criminals-on-the-bleeding-edge dept.

NewScientist has an interesting look back at the birth of the Conficker worm and how this sophisticated monster quickly grew to such power and infamy.

"Since that flurry of activity in early April, all has been uneasily quiet on the Conficker front. In some senses, that marks a victory for the criminals. The zombie network is now established and being used for its intended purpose: to make money. Through its peer-to-peer capabilities, the worm can be updated on the infected network at any time. It is not an unprecedented situation. There are several other large networks of machines infected with malicious software. Conficker has simply joined the list. The security community will continue to fight them, but as long as the worm remains embedded in any computer there can be no quick fixes."

Sounds like old fashioned agency bashing to me.

NSA Ill-Suited For Domestic Cybersecurity Role

Posted by Soulskill on Friday June 12, @04:13PM from the not-enough-l33t-to-english-translators dept. privacy government security politics

Hugh Pickens writes

"Former CIA counterterrorism analyst Stephen Lee has an interesting article in the Examiner asserting that the National Security Agency is 'a secretive, hidebound culture incapable of keeping up with innovation,' with a history of disregard for privacy and civil liberties. Lee says that for most of its sixty-year history, the NSA has been geared to cracking telecom and crypto gear produced by Soviet and Chinese design bureaus, but at the end of the cold war became 'stymied by new-generation Western-engineered telephone networks and mobile technologies that were then spreading like wildfire in the developing world and former Soviet satellite countries.' [Not true. Bob] When the NSA finally recognized that it needed to get better at innovation, it launched several mega-projects, tagged like 'Trailblazer' and 'Groundbreaker,' that have been spectacular failures, costing US taxpayers billions. More recently, the NY Times reported that the NSA has been breaking rules set by the Obama administration to peer even more aggressively into American citizens' phone traffic and email inboxes. Whistleblower reports portray NSA domestic eavesdropping programs as unprofessional and poorly supervised, with intercept technicians ridiculing and mishandling recordings of citizens' private 'pillow talk' conversations. [Harmless, and very entertaining. Bob] Lee concludes that 'if the Federal government must play a role, then Congress and President Obama should turn to another agency without a record of creating mistrust — perhaps even a new entity. Meanwhile, NSA should focus on listening in on America's enemies, instead of being an enemy of Americans and their enterprises.'"

This would be an interesting exam question for my Computer Security class.

How Should a Constitution Protect Digital Rights?

Posted by Soulskill on Friday June 12, @04:55PM from the digital-guns-and-bombs-don't-work-so-well dept. government

Bibek Paudel writes

"Nepal's Constituent Assembly is drafting a new constitution for the country. We (FOSS Nepal) are interacting with various committees of the Assembly regarding the issues to be included in the new constitution. In particular, the 'Fundamental Rights Determination Committee' is seeking our suggestions in the form of a written document so that they can discuss it in their meeting next week. We have informed them, informally, of our concerns for addressing digital liberties and ensuring them as fundamental rights in the constitution. We'd also like to see the rights to privacy, anonymity, and access to public information regardless of the technology (platforms/software). Whether or not our suggestions will be incorporated depends on public hearings and voting in the assembly later, but the document we submit will be archived for use as reference material in the future when amendments in the constitution will be discussed or new laws will be prepared. How are online rights handled in your country? How would you want to change it?"

Read on for more about Bibek's situation.

I already tell my students about Walphra, perhaps you should tell yours? “Use all the tools you can find to learn & understand, but remember that they won't be there when you sit for the final.”

Wolfram Alpha Rekindles Campus Math Tool Debate

Posted by Soulskill on Friday June 12, @06:25PM from the why-is-my-calculator-smarter-than-me dept.

An anonymous reader sends in a story about how Wolfram Alpha is becoming the latest tool students are using to help with their schoolwork, and why some professors are worried it will interfere with the learning process. Quoting:

"The goal of WolframAlpha is to bring high-level mathematics to the masses, by letting users type in problems in plain English and delivering instant results. As a result, some professors say the service poses tough questions for their classroom policies. 'I think this is going to reignite a math war,' said Maria H. Andersen, a mathematics instructor at Muskegon Community College, referring to past debates over the role of graphing calculators in math education. 'Given that there are still pockets of instructors and departments in the US where graphing calculators are still not allowed, some instructors will likely react with resistance (i.e. we still don't change anything) or possibly even with the charge that using WA is cheating.'"

Friday, June 12, 2009

Food (lemons) for thought.

Collateral Damage From Cyber Warfare?

Posted by CmdrTaco on Thursday June 11, @11:14AM from the something-to-think-about dept. security military

theodp writes

"If you're thinking about applying for that open US cyber warfare czar position, Robert X. Cringely points out that you will have to effectively function as a world cyber warfare czar, a fact that neither Republican nor Democratic Administrations have yet been willing to embrace, at least in public. The international nature of today's outsourced-and-offshored IT business has big implications for US security. Try to do a security audit of your company's technical resources in Argentina or Bangladesh, suggests Bob, and see what nightmare is unveiled. Toss some random Code Gods into the mix, says Cringely, and it's really too tough to predict who might win in a game of US vs. Albania."

(Related) It's always good to find someone more paranoid than I am. (If not China, perhaps my student Hackers?)

Is China Creating the World's Largest Botnet Army?

Posted by timothy on Thursday June 11, @03:22PM from the economies-of-scale dept. security internet

david_a_eaves writes

"The Chinese government is mandating that all computers sold in China come with Internet blocking software. Rob Cottingham writes an excellent piece noting how the censorship application of this software should be the least of our concerns. This new software may create an opportunity for the Chinese Government to appropriate these computers and use them to create the worlds largest botnet army."

Update: 06/11 21:26 GMT by T : J. Alex Halderman writes "My students and I have been examining the Green Dam censorware software. We've found serious vulnerabilities that can be exploited by any web site a user visits with the software installed. We also found that some of the blacklists seems to have been taken from the American-made filtering program CyberSitter. We've posted a report and demo."

(Related) It's so easy, even a caveman can do it. (This could be fun for my Computer Security students!)

Look Ma, I created a botnet!

by Elinor Mills June 11, 2009 7:13 PM PDT

… In less than an hour on Thursday, I was able to use programs readily available on the Internet underground for as little as $300 to infect several Windows clients and take complete control of them in a test environment.

In contrast to the real world, the McAfee Malware Experience event, which was akin to a Malware 101 class (or, in my case, Malware for Dummies), served up printed step-by-step instructions for us nonhacker journalists. But McAfee researchers said the programs used--real samples of malicious code from the wild--were not particularly sophisticated and any script kiddie could manage them easily.

… Following the tutorial, McAfee provided some bleak statistics to put my actions into perspective. For instance, the company's Avert Labs sees more than 400,000 new zombies a day, 4,000 new pieces of malware a day and 1.5 million malicious sites a month. There were 1.5 million pieces of unique malware last year and McAfee predicts that number will rise to 2.4 million this year.

CSS 150 How to commit CyberCrime. In any fraud (scam) the most difficult part is the conversion – actually getting the cold, hard cash. (This looks tedious, but remember that it could be programmed into a computer.)

UK Gang Caught After $750K Online Music Fraud Scam

Posted by timothy on Friday June 12, @01:46AM from the dj-felonious dept. money music apple news

LSDelirious writes

"10 individuals in the UK have been arrested in connection with an online fraud gang, whereby the group created several songs, had the songs uploaded to iTunes and Amazon, then used thousands of stolen credit cards to repeatedly purchase the songs from these services. It is estimated that they charged approximately $750,000 worth of fraudulent purchases, netting the group over $300,000 in royalties payments."

“It is better to look good than to feel good.” Is this just cosmetic? We could hope for more...

A New List of How Much AT&T Knows About You

Thursday, June 11 2009 @ 06:29 PM EDT Contributed by: PrivacyNews

These days AT&T knows a great deal about its customers: who they call, where they travel, what they watch on TV, what sites they visit on the Web. It has taken a new shot at explaining to them what information it collects and why in a new privacy policy that it posted Thursday morning. The policy is a draft that in 45 days will replace the 17 policies now used by its various subsidiaries.

Source - NY Times Related - Threat Level: AT&T Unveils New Privacy Policy. No, Really

[From the article:

But AT&T has decided that appearing to take the high ground on privacy will help it in Washington in its battle with Google, and perhaps will improve its image among those who are angry about its cooperation with the government’s warrantless wiretapping program.

… It has a prominent section on location information, one of the biggest new types of information being collected by cellphone companies. It makes clear that AT&T knows where its cellphone customers are and uses that information to show ads for local merchants when they check yellow pages and use other services.

What? The Internet is unreliable? I'm shocked!

June 11, 2009

Trustworthiness of Case Reports in the Digital Age

The Decline and Fall of the Dominant Paradigm: Trustworthiness of Case Reports in the Digital Age, by William R. Mills, New York Law School Law Review, volume 53, 2008/2009.

  • "It is axiomatic that our American common law, based in the principle of precedent and the rule of stare decisis, relies on accurate case reports published in authentic sources. But when citing American court opinions as legal authority, authors, for the past century or more, have given little thought to the accuracy of the case reports or the authenticity of the sources wherein the reports were found. This remains true in the digital age, when authors doing research are increasingly likely to have relied on the Internet as their primary or sole source of case law."

(Related) But apparently there is no problem with online health information.

June 11, 2009

Pew Survey: The Social Life of Health Information

"This Pew Internet/California HealthCare Foundation survey finds that technology is not an end, but a means to accelerate the pace of discovery, widen social networks, and sharpen the questions someone might ask when they do get to talk to a health professional. Technology can help to enable the human connection in health care and the internet is turning up the information network’s volume."

(Probably not related) This may be a future tool for e-discovery, when it can handle data other than web pages. Might make an interesting intelligence gathering tool as well. But I doubt it will ever tell us what politicians mean...

Extracting Meaning From Millions of Pages

Posted by kdawson on Friday June 12, @08:48AM from the data-mining-gone-large dept. software google internet

freakshowsam writes

"Technology Review has an article on a software engine, developed by researchers at the University of Washington, that pulls together facts by combing through more than 500 million Web pages. TextRunner extracts information from billions of lines of text by analyzing basic relationships between words. 'The significance of TextRunner is that it is scalable because it is unsupervised,' says Peter Norvig, director of research at Google, which donated the database of Web pages that TextRunner analyzes. The prototype still has a fairly simple interface and is not meant for public search so much as to demonstrate the automated extraction of information from 500 million Web pages, says Oren Etzioni, a University of Washington computer scientist leading the project."

Try the query "Who has Microsoft acquired?"

For my JavaScript students.

New Exploit Uses JavaScript To Compromise Intranets, VPNs

Posted by timothy on Thursday June 11, @06:40PM from the criminal-enterprises-deal-in-cache dept. security programming

redsoxh8r writes

"Security researcher Robert Hansen, known as Rsnake, has developed a new class of attack that abuses a weakness in many corporate intranets and most browsers to compromise remote machines with persistent JavaScript backdoors. Threatpost reports: 'The attacks rely on the long-term caching policies of some browsers and take advantage of the collisions that can occur when two different networks use the same non-routable IP address space, which happens fairly often because the amount of address space is quite small. The bottom line is that even a moderately skilled attacker has the ability to compromise remote machines without the use of any vulnerability or weakness in the client software.'" [Read that again, carefully. Bob]

From the mind of an old (he's 25!) hacker. You learn to protect yourself, but it's still fun to tell the Emperor he has no clothes.

DVD Jon’ Mocks Apple … Big Time

By David Kravets June 11, 2009 4:40 pm

… His ad campaign for the doubleTwist software promises, “The Cure for iPhone Envy.”

Those same words, in addition to, “Your iTunes library on any device in seconds,” appear on a giant 15-foot-plus banner advertisement adjacent to Apple’s store in San Francisco.

… The doubleTwist software, according to the company’s web site, allows “All of your stuff, on all your devices, with all your friends – in seconds.” That includes video, music and pictures.

It’s free. A premium, paid version is coming soon.

It’s also legal, he said.

“We have a law firm,” he said, “looking at all of our products making sure we are on the right side of the law.”

Just to remind my students – everything I'm teaching you today will be obsolete before you graduate. Enjoy!

Upcoming Tech That Will Rock Your World

By Gina Trapani, 9:00 AM on Wed Jun 10 2009

Thursday, June 11, 2009

Interesting mix. I wonder where they learned their trade? Fagin-R-us?

Feds Swoop In on Nationwide Pickpocket, I.D. Theft Ring

By Kim Zetter June 10, 2009 9:33 pm

Federal prosecutors in Virginia have leveled conspiracy and bank-fraud charges against the alleged leader and nine members of a national organization of high-tech pickpockets that’s been the scourge of police around the country since at least early 2007.

… The charges represent the federal government’s first large-scale swipe at the 200-plus members of “Cannon to the Wiz,” a Chicago-based identity-theft ring known for marrying high-tech fraud techniques with the Dickensian art of pickpocketing.

Police have said the thieves sometimes keep computers, cameras and printers in their cars so they can substitute their own photos on stolen driver’s licenses within minutes of lifting them, and rack up thousands of dollars in charges at nearby shops before victims have even noticed they’ve been robbed.

The feds say the crooks also worked a convoluted shell game to exploit victims’ bank accounts. They’d steal personal checks from one victim, deposit them into another victim’s legitimate account, then withdraw the money and disappear. The scheme, known as “split deposits,” resulted in losses of hundreds of thousands of dollars to banks.

I suppose this makes if “Official”

Leaving 'Friendprints': How Online Social Networks Are Redefining Privacy and Personal Security

Wednesday, June 10 2009 @ 05:22 PM EDT Contributed by: PrivacyNews

A generation is growing up with social networking web sites such as Facebook and MySpace, casually posting accounts of their lives for their friends -- and the world -- to see. Few of these users realize that the information they post, when combined with new technologies for gathering and compiling data, can create a fingerprint-like pattern of behavior. The information provides opportunities not only for legitimate business purposes, but also for the nefarious aims of identity thieves and other predators, according to faculty at Wharton and elsewhere.

"The way privacy has traditionally been defined is being challenged," according to Wharton legal studies professor Andrea Matwyshyn, who earlier this year organized the Information Security Best Practices Conference at Wharton. Among other topics, the conference addressed security and safety issues raised by the social networks.

Source - Knowledge@Wharton

Related See how easily you could be flagged as a trouble maker? (It does seem a dumb business move.)

Angry iPhone owners blast AT&T over upgrade pricing

Thousands sign Twitter petition, want carrier to retreat from $200 surcharge on iPhone 3G S

By Gregg Keizer June 10, 2009 02:51 PM ET

Computerworld - iPhone users angry over AT&T's pricing policy for the new iPhone 3G S have taken their campaign to Twitter, where more than 4,400 have added their names to an instant petition.

They're mad as hell about AT&T's plan to charge them an additional $200 to upgrade to the iPhone 3G S if they haven't fulfilled most or all of their two-year contract with the carrier. "AT&T should give existing customers the same rate for the new iPhone 3G S that they do for new customers," the Twitter petition reads. "New customers or not, another 2-year contract is being made."

Related. “We do it for the convenience of our customers...”

Security Firms Fined Over Never-Ending Subscriptions

Posted by timothy on Wednesday June 10, @03:38PM from the crooks-v.-thieves- dept. court business security money

Barence writes

"'Security firms Symantec and McAfee have both agreed to pay $375,000 to US authorities after they automatically renewed consumers' subscriptions without their consent.' The two companies were reported to the New York Attorney General after people complained that their credit cards were being charged without their consent. The investigators found that information about the auto-renewals was hidden at the bottom of long web pages or buried in the EULA."

If they can “open source” some of the RIAA's evidence and “expert testimony” I can see them getting massive support from the tech community. Should be a fun one to watch.

Lawyers plan class-action to reclaim "$100M+" RIAA "stole"

Lawyers in this year's two highest-profile file-sharing cases have joined forces, and they plan to file a class-action lawsuit against the recording industry later this summer to claw back the "$100+ million" that the RIAA "stole."

By Nate Anderson Last updated June 10, 2009 6:01 AM CT

The recording industry has spent (and continues to spend) millions of dollars on its litigation campaign against accused file-swappers, but if two lawyers have their way, the RIAA will have to pay all the money back. Not content simply to defend Jammie Thomas-Rasset in her high-profile retrial next week in Minnesota, lawyer Kiwi Camara is joining forces with Harvard Law professor Charles Nesson to file a class-action lawsuit against the recording industry later this summer.

The goal is nothing less than to force the industry to pay back the alleged "$100+ million" it has collected over the last few years. Perhaps the RIAA had good reason not to send those settlement letters to Harvard for so long.

Truth in advertising?

HP's Friendlee: Stalk and rate your friends

by Rich Trenholm June 10, 2009 1:01 PM PDT

Friendlee keeps track of who you interact with the most, and organizes your friends list in that order. Status updates show what those contacts are up to, as well as the local time and whether their phone is on, off, or set to silent. You'll even be able to see where your contacts are, similar to Google Latitude. You, like your contacts, will be able to control who can see your information.

What do they expect to find in those laptops, evidence of really dumb terrorists?

ACLU Seeks Records About Border Laptop Searches

Wednesday, June 10 2009 @ 09:02 AM EDT Contributed by: PrivacyNews

United States Customs and Border Protection (CBP) policy permits officials to search the laptops and other electronic devices of travelers without suspicion of wrongdoing, according to a Freedom of Information Act (FOIA) request filed today by the American Civil Liberties Union. The ACLU filed the FOIA request with CBP, a component of the Department of Homeland Security (DHS), to learn how CBP's suspicionless search policy, first made public in July 2008, is impacting the constitutional rights of international travelers.

Source - Common Dreams

Related Imagine how a trained investigator could facilitate this 'vigilante Sherlocking”

Online Vigilantes, Or "Crowdsourced Justice"

Posted by Soulskill on Wednesday June 10, @01:14PM from the when-internet-detectives-attack dept. privacy censorship social internet

destinyland writes

"The Chinese credit the 'human flesh search engine' for successfully locating 'the kitten killer of Hangzhou' from clues in her online video. But in February, the same force identified a teenage cat-abuser in Oklahoma — within 24 hours of his video's appearance on YouTube. 'Netizens are the new Jack Bauer,' argues one science writer, and with three billion potential detectives, 'attempts to hide will only add thrill to the chase.' But China's vigilantes ultimately turned their attention to China's Internet Propaganda Office, bypassing censorship of a director's personal information using social networks, including Twitter. The author suggests there's a new principle emerging in the online world: 'The Internet does not forget, does not forgive and cannot be stopped. Ever.'" [Can you say, “Skynet?” Bob]

Is this “We can, therefore we must” or is the government just making an RIAA-like grab for the low-hanging fruit?

$33 Million In Poker Winnings Seized By US Govt

Posted by samzenpus on Wednesday June 10, @08:02PM from the mine-now-I-take-it dept. court money internet politics

An anonymous reader writes

"A New York Times story reports that, 'Opening a new front in the government's battle against Internet gambling, federal prosecutors have asked four American banks to freeze tens of millions of dollars in payments owed to people who play poker online. ... "It's very aggressive, and I think it's a gamble on the part of the prosecutors," Mr. Rose said. He added that it was not clear what law would cover the seizure of money belonging to poker players, as opposed to the money of the companies involved.' Many players are reporting that their cashout checks have bounced."

Did Napoleon define privacy?

French court savages "three-strikes" law, tosses it out

France's groundbreaking "three strikes" law that would disconnect repeat Internet file-swappers has been overturned by the country's Constitutional Council. "Innocent until proven guilty" still means something in France.

By Nate Anderson Last updated June 10, 2009 12:01 PM CT

Have they invented “virtual graffiti?” Overlay a video with your “message.”

Using Mobile Phones To Write Messages In Air

Posted by samzenpus on Thursday June 11, @04:54AM from the invisible-ink-2.0 dept. inputdev cellphones technology

Anonymous writes

"Engineering students at Duke University have taken advantage of the accelerometers in emerging cell phones to create an application that permits users to write short notes in the air with their phone, and have that note automatically sent to an e-mail address. The 'PhonePoint Pen' can be held just like a pen, and words can be written on an imaginary whiteboard. With this application a user could take a picture with a phone camera, and annotating it immediately with a short caption. Duke Computer Engineering Professor Romit Roy Choudhury said that his research group is envisioning mobile phones as just not a communication device, but a much broader platform for social sensing and human-computer interaction. Such interactivity has also emerged in the work of other research groups, such as MIT's Sixth Sense project, Dartmouth's MetroSense project, and Microsoft Research's NeriCell project, to name a few."

Ain't technology wonderful? This may lead to devices you never need to plug in to recharge. It will also lead more folks to wear their tinfoil hats as they realize they are being irradiated as well as their phones.

Nokia Developed Wireless Power-Harvesting Phones

Posted by samzenpus on Wednesday June 10, @06:56PM from the tesla-would-like-a-word-with-you dept. cellphones power

Al writes

"An engineer from Nokia's UK research labs says that the company is developing technology that can harvest ambient electromagnetic radiation to keep a cellphone going. The researcher says that his group is working towards a prototype that could harvest up to 50 milliwatts of power — enough to slowly recharge a phone that is switched off. He says current prototypes can harvest 3 to 5 milliwatts. It will require a wideband receiver capable of capturing signals from between 500 megahertz and 10 gigahertz — a range that encompasses many different radio communication signals. Other researchers have developed devices that can harvest more modest power from select frequencies. A team from Intel previously developed a compact sensor capable of drawing 6 microwatts from a 1.0-megawatt TV antenna 4.1 kilometers away."

Practicing medicine without a license?

Pew study: More patients turning to the Web

by Dara Kerr June 10, 2009 9:01 PM PDT

… 61 percent of American adults who look online for medical advice and information, according to "The Social Life of Health Information," a report released Thursday by the Pew Research Center's Internet & American Life Project and the California HealthCare Foundation.

This report shows that more Americans are reading commentaries about medical issues, consulting rankings or reviews of doctors, or listening to health-related podcasts.

A smaller group of so-called e-patients, 20 percent, actively post comments and reviews on different online list-servs, blogs, or message boards. Rachael, for example, fits into this group. "We are beginning to see e-patients turning to interactive features both to help them find information tailored to their needs and to post their own contributions," said Susannah Fox, co-author of the report and associate director of Pew's Internet & American Life Project.

In 2000, 25 percent of American adults looked online for health information. Now, it's more than double and the majority are happy with the results they find, according to the report. Only a small portion of e-patients, 3 percent, say they or someone they know has been harmed by following medical advice found on the Internet. [How does that compare to advice from doctors? Bob]

Something for my website students

Create Your Own Email Client With RoundCube Webmail

Jun. 10th, 2009 By Damien Oh

RoundCube Webmail is a browser-based multilingual IMAP client packed with plenty of AJAX goodness. It comes with an application-like user interface and provides full functionality you expect from an email client, including MIME support, address book, folder manipulation, message searching and spell checking.

The best thing about RoundCube is that it is lightweight, simple to use and lightning fast. As long as your web host supports PHP 5 and MySQL, you will be able to install in your site and access it on your domain.

Ditto - Web Based Ajax Development Tool

UIzard (short for “User Interface Wizard”) stands as a web application development tool created with the purpose of letting users develop such applications in web environments. Supported browsers include Mozilla Firefox and Google Chrome. Internet Explorer is not supported yet, but work is underway on that one.

In order to get to grips with this open source project you can either watch the provided tutorial video as well as reading the official manual. In any case, most actions are carried out in a drag and drop fashion or by adding a Javascript or HTML code, without needing to open different editors to do so.

As it is explained by the programmer, the long-term goal of this user interface wizard is to be a general development tool that takes shape and evolves with the participation of everybody. If you want to join in the adventure, simply pay the site a visit and have a good look around. And I don’t want to forget mentioning that the site is available not only in English but also in Korean.

Wednesday, June 10, 2009

The mystery deepens, the plot thickens, the hack evaporates? Note that they are careful not to say :Our security is perfect.” That would be a major challenge to hackers.

T-Mobile Hacked? Yes. Maybe. No.

June 9, 2009 @ 8:00 pm by admin Filed under: Breach Incidents, Business Sector, U.S.

It’s been a confusing few days for those trying to understand what T-Mobile press releases were really saying about what they found when they investigated claims on the Full Disclosure mail list. Their somewhat terse statements led some of us to conclude that they were saying that they had some evidence of data theft, while others had headlines blaring that the company had confirmed it was hacked. Now it turns out that they are saying no hack, no breach.

Kudos to Bob McMillan of IDG News Service, who managed to get a clearer statement from the company. To cut to the chase from his story:

The hackers did manage to get legitimate T-Mobile data, but they didn’t do it by hacking into the company’s network, the company said. “The document in question has been determined to be a T-Mobile document though there is no customer information contained in the document,” the company said in a statement. “There is no evidence to indicate that the T-Mobile security system was hacked into nor any evidence of a breach.”

Is this now a normal cost of doing business?

Class action lawsuit filed over Aetna hack (updated)

June 9, 2009 @ 8:29 am by admin Filed under: Breach Incidents, Hack, Healthcare Sector, U.S.

Courthouse News Service reports that a class action claim has been filed against insurance giant Aetna as a result of the recent security breach in which hackers gained access to personal information about 450,000 employees, former employees and potential employees. At the time, Aetna stated that the incident exposed the SSN of approximately 65,000 people.

The plaintiff is Corneilus Allison of Pennsylvania. Allison is a former employee of Aetna who had used the web site in January to apply for another position and was subsequently notified of the breach. Allison is represented by Sherrie Savett with Berger & Montague.

The lawsuit (pdf), which was filed in U.S. District Court for the Eastern District of Pennsylvania, alleges negligence, breach of implied contract, negligent misrepresentation, and invasion of privacy.

At the time of Aetna’s announcement of the breach, the only known misuse of the information appeared to be that some people received phishing attempts. It is not known at this time whether data were misused in any other way, and the claim does not include any information that would suggest that the plaintiff is aware of any ID theft or misuse other than the previously reported phishing attempts.

Previous class action lawsuits have generally not been successful, with courts dismissing suits against Wells Fargo, Acxiom, and Hannaford Bros. in the absence of showing of unreimbursed financial harm to plaintiffs.

Neither Allison’s attorney nor Aetna were available for comment on the lawsuit at the time of this publication.

Update: I received the following statement from Aetna spokesperson Cynthia Michener:

Aetna did the right thing by proactively notifying people about this incident and offering free credit monitoring, even though our independent IT security consultant has not determined that any information was accessed beyond email addresses. It’s unfortunate that we’re being sued for acting with integrity and honesty.

If you can warp their little minds while they are young, you've got them for life. (A conspiracy theorist might suggest that this is the government's way of “persuading” their citizens that they need to monitor all Internet communications to catch these bad guys. A security manager would suggest they merely have lousy security.)

Hundreds of UK Government, School & University Websites Hacked

June 9th, 2009

Hundreds of websites operated by the UK government appear to have been hacked to include links and references to illicit websites selling viagra, hardcore pornography, cialis and other dubious products.

The hacked sites, which include primary schools, universities, the DSA, Forestry Commission and various local government websites and forums, have fallen victim to a variety of exploits including cross site scripting and hackers exploiting loopholes in badly designed and outdated software.

The hacks present considerable danger to innocent members of the public who find these infected web pages via search engines or spam emails. Users trust websites and happily click through to the page only to have their PC infected with spyware or a virus or redirected to a website selling viagra or cialis.

… The problem doesn’t restrict itself to domains - we found an even bigger issue with websites which are reserved for academic institutions such as universities and colleges.

… Perhaps even worse than this is the hacking of primary and secondary school websites which students are actively encouraged to visit. We found that over 30 domains had been infected with content that could direct children away from the safety of a school site to a third party site owned by the hacker. This could host spyware and all manner of adult content.

Too monopolistic?

Reports: DOJ steps up Google Books settlement probe

by Steven Musil June 9, 2009 8:05 PM PDT

The Justice Department appears to be stepping up its antitrust probe of Google's settlement last year of a class-action lawsuit filed by groups representing authors and publishers, according to reports in The New York Times and The Wall Street Journal.

Another Outer Limits (“We control you video”) action by Comcast. What else will they choose to “eliminate?” (Comments suggest this isn't happening.)

Comcast Intercepts and Redirects Port 53 Traffic

Posted by kdawson on Tuesday June 09, @02:11PM from the why-we-need-ipv6 dept. networking internet

An anonymous reader writes

"An interesting (and profane) writeup of one frustrated user's discovery that Comcast is actually intercepting DNS requests bound for non-Comcast DNS servers and redirecting them to their own servers. I had obviously heard of the DNS hijacking for nonexistent domains, but I had no idea they'd actually prevent people from directly contacting their own DNS servers."

If true, this is a pretty serious escalation in the Net Neutrality wars. Someone using Comcast, please replicate the simple experiment spelled out in the article and confirm or deny the truth of it. Also, it would be useful if someone using Comcast ran the ICSI Netalyzr and posted the resulting permalink in the comments.

Doesn't this make you all warm and fuzzy. See what happens while we waste time arguing over Darwin?

China Dominates In NSA-Backed Coding Contest

Posted by kdawson on Tuesday June 09, @05:23PM from the now-to-get-the-security-clearance dept. education security

The Narrative Fallacy writes

"With about 4,200 people participating in a US National Security Agency-supported international competition on everything from writing algorithms to designing components, 20 of the 70 finalists were from China, 10 from Russia, and 2 from the US. China's showing in the finals was helped by its large number of entrants, 894. India followed at 705, but none of its programmers was a finalist. Russia had 380 participants; the United States, 234; Poland, 214; Egypt, 145; and Ukraine, 128. Participants in the TopCoder Open was open to anyone, from student to professional; the contest proceeded through rounds of elimination that finished this month in Las Vegas. Rob Hughes, president and COO of TopCoder, says the strong finish by programmers from China, Russia, Eastern Europe and elsewhere is indicative of the importance those countries put on mathematics and science education. 'We do the same thing with athletics here that they do with mathematics and science there.'"

Seems like today is economic reporting day...

How Much Money Do Free-To-Play MMOs Make?

Posted by Soulskill on Tuesday June 09, @06:17PM from the insert-coin-for-funny-hat dept. pcgames money games

simoniker writes

"Over at Gamasutra, a new feature article discusses how much money free-to-play MMO games make, with specific real-world stats from game developers willing to discuss how they make money with microtransaction-based PC games. In particular, Puzzle Pirates co-creator Daniel James reveals that 'the average revenue per user (ARPU) is between one and two dollars a month, but only about 10% of his player base has ever paid him anything. As a result, he says, approximately 5,000 gamers are generating the $230,000 in revenue he sees each month.' It's obviously quite a different model from the regular $15/month for World Of Warcraft, but it evidently works for some companies."


Craigslist revenue flirting with $100 million, report says

by Chris Matyszczyk June 10, 2009 4:14 AM PDT

If your children ask you what profession they should go into when they grow up, tell them "relative non-commerce."

You see, according to a study in the Classified Intelligence Report, a publication of the AIM Group, a media and Web consultancy organization, Craigslist's 2009 revenue is projected to rise above $100 million.

The New York Times reported that the AIM Group regards the conclusions of its study, which show a projected 23 per cent revenue increase over last year, as "conservative." AIM Group counted how many paid ads there on Craigslist in a given month and then calculated what this might mean on an annual basis.

Take it with you on your thumb drive.

Liberkey: 200+ Portable Apps Wherever You Go [Windows]

Jun. 9th, 2009 By Leon

Liberkey (probably a play off of liberty, heh) is a freely downloadable program that groups a lot of portable apps together to make life that much simpler for people who need simplicity.

Instant handouts? Imagine the joy of skimming through my blog to select all (Okay, both) the humorous comments. - Create Printable Magazines & eBooks

This is a new service that will enable you to create your very own printable magazine taking any kind of online content as the basis. That is, you provide a blog or feed URL and then select the content that you want to use for the magazine. Alternatively, you can add content from any website, and even from Technorati search results in a similar fashion.

On the other hand, the zines that have been created by others can be procured and read through the site since you can provide keywords and see what comes up. Moreover, if you like the zines that a user has created it is always possible to receive their new zines the moment they are published.

Needless to say, busy readers looking for the best of the web and those who wish to read online content offline are going to make the best out of Zinepal. Besides, individuals like journalists and editors can use it to crawl alternative media. If any of these definitions apply to you, it might be a good idea to check the site out.


LoopApps: Multi-Functional PDF Utility

LoopApps is a new web based PDF utility that performs a number of tasks. First, it converts your two or more PDF files or other documents into a combined single document. Second, it converts other file types into PDFs and third, it produces combined PDFs of any URL or URLs you enter.

Check out LoopApps @

Similar tools: MergePDF, SplitMergePDF, HTML to PDF Converter and PDF Generator

Tuesday, June 09, 2009

Okay, maybe the hackers did know more than the security managers at T-Mobile

Update: T-Mobile confirms some data theft

June 9, 2009 by admin Filed under: Breach Incidents, Business Sector, Hack, U.S.

I received an updated statement from T-Mobile overnight. Their revised statement confirms that at least some data were stolen, but they do not confirm that the breach described on the the Full Disclosure mail list was as extensive as the hackers claimed when they posted, “We have everything, their databases, confidental documents, scripts and programs from their servers, financial documents up to 2009.” The company reports:

To reaffirm, the protection of our customers’ information and the security of our systems is paramount at T-Mobile. Regarding the recent claim on a Web site, we’ve identified the document from which information was copied, and believe possession of this alone is not enough to cause harm to our customers.

T-Mobile reports that they are continuing to investigate the claims and “have taken additional precautionary measures to further ensure our customers’ information and our systems are protected.”

That may be all we hear for a while:

At this moment, we are unable to disclose additional information in order to protect the integrity of the investigation, but customers can be assured if there is any evidence that customer information has been compromised, we would inform those affected as quickly as possible.

Jeremy Kirk of IDG News Service apparently received the same press statement and adds a bit more detail on Computerworld.

Why didn't someone think of this years ago?

Breach Data-Sharing Site Started

Monday, June 08 2009 @ 10:31 AM EDT Contributed by: PrivacyNews

The risk management technology company Intersections Inc. and the Identity Theft Assistance Center were expected to unveil [ ] today, a Web site where companies that have suffered a data breach can share their experiences.

Since data breaches often catch companies unprepared, the flow of information about the incidents tends to be slow, which can aggravate the harm, John Scanlon, Intersections' chief operating officer, said in an interview last week.

Source - Securities Industry News

Comment.: Read their Privacy Policy if you are thinking of registering with the site.

[From the article:

Anne Wallace, ITAC's president, said that one of the challenges faced by is that "the kind of people who are in charge of planning and response to a breach may not be used to sharing their thoughts. They may not be used to social networking."

She and Scanlon said that, to address this, their organizations are planning to encourage companies to participate on

The site's focus is a "wiki," a community-fueled knowledge base that includes information about how best to address these concerns. Intersections and ITAC both plan to contribute to blogs on the Web site, as well as to a discussion group.

How will they respond? If I logged on using my favorite alias (a certain local law school professor) will he disappear to Guantanamo?

Subpoena seeks names -- and lots more -- of Web posters

Monday, June 08 2009 @ 12:28 PM EDT Contributed by: PrivacyNews

Free speech should be practiced only by those who are ready to deal with the consequences, which just might include a knock on the door by a friendly federal investigator wanting to know if you posted an anonymous comment on a Web site. Were you advocating violence or confessing to breaking the federal tax laws?

This is not a hypothetical.

On May 26 the Review-Journal published an article about an ongoing federal tax evasion trial. The primary defendant, Las Vegan Robert Kahre, stands accused of tax fraud for using the rather inventive argument that he could pay people in U.S. minted gold and silver coins based on their precious metal value but for tax purposes use their face value, which is many times less.

The story was posted on our Web site. When last I checked nearly 100 comments were appended to it, running the gamut from the lucid to the ludicrous.

This past week the newspaper was served with a grand jury subpoena from the U.S. attorney's office demanding that we turn over all records pertaining to those postings, including "full name, date of birth, physical address, gender, ZIP code, password prompts, security questions, telephone numbers and other identifiers ... the IP address," et (kitchen sink) cetera.


Bottom line: We could fight the federal subpoena, at considerable expense, and lose. Our attorneys are now trying to see if we can limit the scope of the information sought.

What the prosecutors don't appear to understand is that we don't have most of what they are seeking. We don't require registration. A person could use a fictitious name and e-mail address, and most do. We have no addresses or phone numbers.

To add prior restraint to the chilling effect of the sweeping subpoena, we were warned: "You have no obligation of secrecy concerning this subpoena; however, any such disclosure could obstruct and impede an ongoing criminal investigation. ..."

Source - Las Vegas Review-Journal

On the other hand...

PA: Wiretap law applies to text messages, court rules

Tuesday, June 09 2009 @ 06:08 AM EDT Contributed by: PrivacyNews

A Pennsylvania appeals court ruled yesterday that the state's wiretapping law applies to text messages, and that police need a warrant in order to intercept them.

Source -

[From the article:

A Superior Court panel ruled that police violated the law when they used a cellular phone taken from two men arrested on marijuana-trafficking charges and sent fake messages that drew in other suspects.

Also related Anonymity isn't a license to libel...

Ca: Controversy rages over Internet privacy rights

Tuesday, June 09 2009 @ 06:12 AM EDT Contributed by: PrivacyNews

Every day, people post scores of comments online under avatars and pseudonyms thinking no one will know who they are. But two recent Ontario court rulings have struck a blow to the notion of a “reasonable expectation of privacy” on the Internet.

Source - Law Times

[From the article:

But in what surprised some observers, she decided that information related to an IP address isn’t private in the first place. “In my view, the applicant had no reasonable expectation of privacy in the information provided by Bell considering the nature of that information.

This story is more interesting than I originally reported. Imagine what would happen if there was a real pandemic. Come in contact with a carrier, get shot! (In order to protect our citizens we had to kill them?)

Japan to try GPS phones to prevent pandemics

by Dong Ngo June 8, 2009 11:43 AM PDT

Just recently, Softbank Mobile, Japan's biggest cell phone carrier, signed a deal with Aoyama Gakuin University to provide iPhone 3Gs to 1,000 students to keep tabs of their attendance via the phone's Global Positioning System. The company now has a plan to equip the same amount of elementary-school students with GPS phones.

However, the purpose this time is much more serious than nabbing truants. As reported by the Associated Press, this is to test how GPS-enabled cell phones can help track the spreading of an infectious disease and stop it from becoming a pandemic.

This government-backed experiment uses a virtual sickness that is highly contagious. A few months from now, a few students will be chosen to be "infected" with this sickness. Their movements will then be tracked via their cell phones and compared with other students. Stored GPS data can then be used to determine which children have crossed paths with the infected students and are at risk of having contracted the disease.

Related? Perhaps there is enough data in this database to track anyone in the UK?

UK: Opt out or your number’s up for mobile phone privacy

Tuesday, June 09 2009 @ 06:05 AM EDT Contributed by: PrivacyNews

The first directory service that claims to be able to find any British mobile phone number is expected to cause a row over privacy when it begins operation next week.

For a £1 charge, will be able to connect customers of its service to any of Britain’s 42 million mobile phones, it says.

The directory, which goes live on June 18 and already contains “millions” of mobile numbers and their users, is the first of its kind in the UK. ...... People not wishing to be included on the list must inform the directory by text or phone that they wish to opt out. They will be charged their standard network rate and face a wait of four weeks before their number is excluded.

Source - Times Online

[From the article:

The service has been developed using data bought from market research businesses.

… Though the company says that its policy is not to include under-18s on the directory, where parents have given their children mobile phones they will also need to text from the children’s phone to exclude them.

Not too far out (end of 2009) Imagine the implications we could get that kind of speed from ISPs!

Juniper revs Ethernet to 100Gbps

by David Meyer June 9, 2009 5:48 AM PDT

Think of all the parents who wouldn't even know their children were blabbing the same information!

Twitter user says vacation tweets led to burglary

by Elinor Mills June 8, 2009 5:31 PM PDT

Here's either a cautionary tale or an example of social-media paranoia. An Arizona man believes that his Twitter messages about going out of town led to a burglary at his home while he was away.

Israel Hyman posted to approximately 2,000 followers on Twitter that he and his wife were "preparing to head out of town," that they had "another 10 hours of driving ahead" and later, that they "made it to Kansas City."

When he came home, he found that someone had broken into his house and stolen thousands of dollars worth of video equipment he used for his video business,, which he uses for his Twitter account.

Lawyers never look anything up – this guy must be a librarian.

June 08, 2009

Legal, Factual and Other Internet Sites for Attorneys and Legal Professionals.

Timothy L. Coggins, Legal, Factual and Other Internet Sites forAttorneys and Legal Professionals, XV RICH. J.L. & TECH. 13 (2009).

"This listing of Internet sites for legal, factual, and other research presents a variety of sources for attorneys, law students, law librarians, and others who use the Web. Initially developed for an Advanced Legal Research course and a continuing education session for legal assistants and paralegals, the listing includes sites for primary authorities, both federal and state, as well as URLs for other types of information such as names of possible expert witnesses and biographical and background information about individuals."

If you grab stuff from the web, these might be useful...

4 Great Alternative Clipboard Managers For Windows

Jun. 7th, 2009 By Damien Oh

Copying and pasting text in Windows is as easy as pressing Ctrl+C and Ctrl+V on your keyboard right? That’s what I’ve always thought and it is even true until now. However, after discovering some of the useful clipboard manager applications out there, I found that copying and pasting is not just restricted to simple keyboard shortcuts. With a little imagination, it can do lot of things and make your life easier and more efficient.

Freeclip Arsclip Yankee Clipper 3 Ditto-CP Clipx Clipguru

Using a Mac? Not to worry, Jackson wrote about the best free clipboard managers to run on Mac OS X.

Just what we want to teach: Don't do anything unless you get paid for it! (Also known as teacher excuse #317. “My students didn't learn because we didn't pay them to learn.”)

Kids Score 40 Percent Higher When They Get Paid For Grades

Posted by samzenpus on Monday June 08, @02:14PM from the show-them-the-money dept.

A large number of schools participating in a pay-for-grades program have seen test scores in reading and math go up by almost 40 percentage points. The Sparks program will pay seventh-graders up to $500 and fourth-graders as much as $250 for good performance on 10 assessment tests. About two-thirds of the 59 schools in the program improved their scores by margins above the citywide average. "It's an ego booster in terms of self-worth. When they get the checks, there's that competitiveness -- 'Oh, I'm going to get more money than you next time' -- so it's something that excites them," said Rose Marie Mills, principal at MS 343 in Mott Haven. Critics, who are unaware that most college students don't become liberal arts majors, argue that paying kids corrupts the notion of learning for education's sake alone.

Related? Clearly this is inevitable, but there is no guidance, and no clear strategy. What has to be delivered and how? Kindle anyone?

California To Move To Online Textbooks

Posted by timothy on Tuesday June 09, @09:07AM from the let's-keep-some-things-written-down-though dept.

Hugh Pickens writes

"Last year California spent $350m on textbooks so facing a state budget shortfall of $24.3 billion, California Governor Arnold Schwarzenegger has unveiled a plan to save money by phasing out 'antiquated, heavy, expensive textbooks' in favor of internet aids. Schwarzenegger believes internet activities such as Facebook, Twitter and downloading to iPods show that young people are the first to adopt new online technologies and that the internet is the best way to learn in classrooms so from the beginning of the school year in August, math and science students in California's high schools will have access to online texts that have passed an academic standards review. 'It's nonsensical — and expensive — to look to traditional hard-bound books when information today is so readily available in electronic form,' writes Schwarzenegger. 'As the music and newspaper industries will attest, those who adapt quickly to changing consumer and business demands will thrive in our increasingly digital society and worldwide economy. Digital textbooks can help us achieve those goals and ensure that California's students continue to thrive in the global marketplace.'"

The next GM (Garage Motors) Do you think there is a market for these, perhaps in kit form?

Homemade Solar Quadricycle With Room For The Dog

By Ben Mack Email Author June 8, 2009 6:30 am

The Solar Human Hybrid is a street-legal quadricycle with a solar-powered electric motor to help you along, room for three friends to join you in the fun and even a spot for groceries and your dog. Best of all, it was built by an eighth-grader who’s willing to show you how to make one yourself.

… Just about everything anyone would need to know if they wanted to build one is available on the Dixon’s website.