Saturday, July 04, 2009

Very slow news day. You'd think it was a holiday.


Next time someone tells you Apple is hacker-proof, laugh.

http://www.databreaches.net/?p=5972

Apple Learning Initiative security breach

July 3, 2009 by admin Filed under Breach Incidents, Business Sector, Hack, U.S.

The mothership is alerting members of this online program and forums that their account credentials, login and password, have been compromised. Although such events are common enough elsewhere on the interwebs, it’s quite unusual for one to affect Apple.

The email sent to members was included in the post:

Dear Apple Learning Interchange member,

We recently learned that the security of Apple Learning Interchange (ALI) members’ names and passwords may have been compromised. These accounts are limited to accessing the ALI discussion board and do not contain sensitive information such as credit card or social security numbers.

If you use this name and password combination on other websites and services, you may risk vulnerability on those sites. We strongly recommend that you change your password on any site that might have the same name and password combination.

We apologize for the inconvenience, and thank you for your continued participation in ALI.

Sincerely,
The Apple Learning Interchange Team

Read more on Blorge. The the Apple Learning Initiative website is still offline at the time of this posting.



Is it because the lawyers rely on Wikipedia themselves? Perhaps I should write “How to win as a prosecutor” and correct this chink in the armor of justice!

http://news.slashdot.org/story/09/07/04/0038243/UK-Police-Told-To-Use-Wikipedia-When-Preparing-For-Court?from=rss

UK Police Told To Use Wikipedia When Preparing For Court

Posted by Soulskill on Saturday July 04, @12:06AM from the citation-needed dept.

Half-pint HAL tips news of UK prosecution lawyers who are instructing police to study information on Wikipedia when preparing to give expert testimony in court.

"Mike Finn, a weaponry specialist and expert witness in more than 100 cases, told industry magazine Police Review: 'There was one case in a Midlands force where police officers asked me to write a report about a martial art weapon. The material they gave me had been printed out from Wikipedia. The officer in charge told me he was advised by the CPS to use the website to find out about the weapon and he was about to present it in court. I looked at the information and some of it had substance and some of it was completely made up.' Mr. Finn, a former Metropolitan Police and City of London officer and Home Office adviser, added that he has heard of at least three other cases where officers from around the country have been advised by the CPS to look up evidence on Wikipedia."



Now you can RTFM online!

http://www.makeuseof.com/dir/manualsonline-free-downloadable-manuals/

ManualsOnline: Lists Over 300,000 Free Downloadable Manuals

… You can browse manuals by product type, by brand or search with keywords. Simply enter the manufacturer/product name and model (ex: Apple iPhone 3G S) into the search field, click “Search” and download the relevant manual with one click without registration.

Sign up for an account to store and organize manuals online, upload your own manuals to the site and get help from site members with manual search and your product problems

www.manualsonline.com Similar sites: The Manuals and SafeManuals.



If it works in PowerPoint, it will work for my website students.

http://www.makeuseof.com/tag/10-websites-with-free-cool-media-clips-for-powerpoint/

10 Places To Get Cool Media Clips For PowerPoint Presentations

Jul. 3rd, 2009 By Saikat Basu

… There is a formulaic method behind creating a really great presentation, but it is an art too.

Slideshare is a good place to see some really cool works of PowerPoint ‘art’. Check under your favorite category and you will feel genuinely inspired to do things with the graphics, fonts, bullets, sounds and audio/video clips on the canvas of a PowerPoint slide.

… So here’s looking at 10 websites for free supplies of media clips for PowerPoint.

Friday, July 03, 2009

Today marks three years of (http://centennial-man.blogspot.com/) Blogging. That's 3 X 365 = 1095 days, averaging 10 articles per day that's 10,950 pithy comments.



A bit of analysis of the TJX settlement.

http://infoseccompliance.com/2009/07/02/tjx-settles-with-state-attorneys-general-for-975-million/

TJX Settles with State Attorneys General for $9.75 Million

Posted on July 2nd, 2009 by David Navetta

The TJX breach saga came a little closer to an end (excluding of course the still-pending case being pursued by a couple of issuing banks) with the announcement of a settlement with 41 State attorneys general that brought actions under their State’s respective consumer fraud and deceptive practices laws (a copy of the settlement document can be found: HERE). This is a summary of the TJX settlement.

… In addition to monetary payments, the settlement also requires TJX to “implement and maintain a comprehensive Information Security Program reasonably designed to protect the security, confidentiality and integrity of Personal Information.” The general description of the mandated program essentially matches the information security program required pursuant to TJX’s consent order with the FTC.

However, this settlement goes beyond the general requirements of the FTC’s consent order and mandates specific information security controls and actions, including:

  • Replacement of all WEP based wireless systems with WPA wireless systems (or equivalent)

  • No storage of sensitive authentication information related to payment cards (e.g. magnetic stripe track data, PIN numbers/PIN Blocks, and CVC2/CVV2/CID numbers)

  • Segmentation of TJX networks storing, processing or transmitting Personal Information (including Cardholder Information) from the rest of TJX’s network

  • “Security password management” for the portions of the TJX computer system that store, process or transmit Personal Information

  • Implementation of a security patching protocol for the portions of the TJX computer system that store, process or transmit Personal Information

  • Use of Virtual Private Networks/encryption for transmitting Personal Information

… As a condition of the settlement, TJX essentially has to advocate for improvements in the security of the payment card system. In particular, TJX must contact Visa and Mastercard and its acquiring bank and volunteer to participate in pilot programs for testing new security-related payment card technology (such as chip-and-PIN technology). TJX also must take steps encourage the payment card industry to achieve “end-to-end” encryption of cardholder data (all the way through the bank authorization process). TJX must take such steps within 180 days and must submit a report to the Attorneys General indicating TJX’s progress.



Stephen Rynerson sent me this article. (Looks like he reads the Physics blogs in his spare time.) This could be “the next big thing!” allowing true secure communications, until the little green hackers from Alpha Centauri arrive.

http://www.eurekalert.org/pub_releases/2009-07/iop-rut062909.php

Researchers unite to distribute quantum keys

Researchers from across Europe have united to build the largest quantum key distribution network ever built. The efforts of 41 research and industrial organisations were realised as secure, quantum encrypted information was sent over an eight node, mesh network.

… One of the first practical applications to emerge from advances in the sometimes baffling study of quantum mechanics, quantum cryptography has become a soon-to-be reached benchmark in secure communications.

… The researchers write, "In our paper we have put forward, for the first time, a systematic design that allows unrestricted scalability and interoperability of QKD technologies."


(Related) Why we might need unbreakable cryptography?

http://www.pogowasright.org/?p=1194

Cybersecurity plan to involve NSA, Ttelecoms

July 3, 2009 by Dissent Filed under Featured Headlines, Govt, Internet, Surveillance, U.S.

Since The Washington Post first broke the news that the Obama administration is moving ahead with Einstein, a Bush-era plan to use National Security Agency assistance in screening government computer traffic on private-sector networks, the drum beat from privacy advocates has been growing.

Today, Siobham Gorman of The Wall Street Journal reports that the latest complete version of the system won’t be fully installed for 18 months, and even when it is, the system won’t protect networks from attack but will only trigger an alarm after one has happened:

A more capable version has sparked privacy alarms, which could delay its rollout. Since the National Security Agency acknowledged eavesdropping on phone and Internet traffic without warrants in 2005, security programs have been dogged by privacy concerns. In the case of Einstein, AT&T Corp., which would test the system, has sought written approval from the Justice Department before it would agree to participate, people familiar with the matter say.

A side bar describes the three phases of Einstein:

  • Einstein 1: Monitors Internet traffic flowing in and out of federal civilian networks. Detects abnormalities that might be cyber attacks. [or the spike in traffic when Michael jackson died Bob] Is unable to block attacks.

    * Einstein 2: In addition to looking for abnormalities, detects viruses and other indicators of attacks based on signatures of known incidents, and alerts analysts immediately. Also can’t block attacks.

    * Einstein 3: Under development. Based on technology developed for a National Security Agency program called Tutelage, it detects and deflects security breaches. Its filtering technology can read the content of email and other communications.

The Associated Press notes that the planned deployment of the new Einstein 3 program was noted in the administration’s recently released cyber security review.



Win friends and influence people Do they think no one notices?

http://tech.slashdot.org/story/09/07/02/2255241/Microsoft-Changing-Users-Default-Search-Engine?from=rss

Microsoft Changing Users' Default Search Engine

Posted by timothy on Thursday July 02, @07:34PM from the now-what-did-we-say-about-playground-behavior? Dept. windows microsoft security

BabyDuckHat writes

"Cnet's Dennis O'Reilly caught 'Windows Search Helper' trying to change his default Firefox search from Google to Bing. T his isn't the first time the software company has been caught quietly changing user's preferences to benefit its own products."


(Related?)

http://blogs.computerworld.com/london_stock_exchange_to_abandon_failed_windows_platform

July 1, 2009 - 1:20 P.M.

London Stock Exchange to abandon failed Windows platform

Anyone who was ever fool enough to believe that Microsoft software was good enough to be used for a mission-critical operation had their face slapped this September when the LSE (London Stock Exchange)'s Windows-based TradElect system brought the market to a standstill for almost an entire day. While the LSE denied that the collapse was TradElect's fault, they also refused to explain what the problem really wa. Sources at the LSE tell me to this day that the problem was with TradElect.

Since then, the CEO that brought TradElect to the LSE, Clara Furse, has left without saying why she was leaving. Sources in the City-London's equivalent of New York City's Wall Street--tell me that TradElect's failure was the final straw for her tenure. The new CEO, Xavier Rolet, is reported to have immediately decided to put an end to TradElect.



The problem with using laws that almost apply?

http://news.cnet.com/8301-13577_3-10278483-36.html?part=rss&subj=news&tag=2547-1_3-0-5

Report: Guilty verdict overturned in MySpace suicide case

by Caroline McCarthy July 2, 2009 2:26 PM PDT

Lori Drew, the woman convicted of using a hoax MySpace profile to harass a teenage girl to the point of suicide, was acquitted by a Los Angeles judge on Thursday, Wired reported.

Judge George Wu overturned Drew's guilty verdict, which was issued in November, saying that if Drew had been convicted of a felony in the case, she would already have been sentenced. But because she was convicted of three misdemeanors--a significantly lighter offense than prosecutors originally sought--the constitutionality of the guilty verdict was less clear.



Interesting business model for a Venture Capital firm.

http://www.killerstartups.com/Web20/startupwiz-biz-a-laboratory-for-new-entrepreneurs

StartupWiz.biz - A Laboratory For New Entrepreneurs

http://www.startupwiz.biz/

StartupWiz introduces a new program of its own which prepares entrepreneurs and business owners to achieve a much greater level and probability of success. The program's series of 14 sequential modules goes well beyond the traditional MBA courses and startup ‘boot-camps' available. It takes the student from "Am I really prepared to be an entrepreneur?" to "I'm ready to pitch my compelling business case to sophisticated investors or bankers". Each module includes a downloadable offline training presentation and keyed workbook for the topic, followed by a fast-paced interactive "WebShop" online to explore and test their ideas. Students learn at their own pace and from the comfort of their homes, enabling family members and friends to participate in the entrepreneurial process with them. They can even postpone their next module until they've done more ground work, and then pick up where they left off.

The program begins with students exploring their underlying motivations and expectations of the startup process and their desired outcome. Next they examine the entire set of success criteria for doing business in today's tough economy. Students then build a comprehensive and compelling business model. Under the guidance of seasoned entrepreneurs students are continuously challenged to think critically about their plans and assumptions throughout the process. Those who complete the program get the opportunity to present their tested plan online to qualified investors world-wide. Students come away with a test presentation, executive summary, a ‘PlayBook' covering their whole business case, and a much stronger confidence in the viability of their business model and their ability to execute it.

"You wouldn't start laying bricks or putting up framing for a custom home before you architected it, so why build your business before you design it?" said Rudi Wiedemann, founder and CEO of StartupWiz. "Thinking at a strategic level about your new business model before you bet your job and savings on it is the smart move. Unfortunately, this is difficult work and few entrepreneurs have the patience to do it. But the savings in time, money, grief and reputation can be enormous."

Investors looking for a source of better quality fundable deals will appreciate business models and management teams that have been ‘shaken out' more thoroughly before approaching them for money. Experienced business executives have a new avenue to participate in hot new startups. Professional service providers can contribute to startups and potentially gain new clients. Business educators have a new place to send those graduates ready to take the entrepreneurial plunge.

Registration to StartupWiz is free and provides members valuable resources including PodCasts, downloads, links, templates and other tools which are constantly being updated and expanded.



For DaVinci Code fans? Something to add to the search tool folder

http://www.makeuseof.com/dir/symbols-look-up-symbols/

Symbols: Look Up Symbol Meanings

If you come across a symbol or sign and don’t know what it means, head straight to Symbols.com. It is a web resource where you can easily look up symbols and read their meanings. The site currently lists around 2500 western (modern and ancient) symbols organized in 54 categories.

There are four ways you can search for symbols:

  1. Simple keyword search.

  2. Use graphic index tool that searches symbols based on symmetry, shape and crossing lines.

  3. Use word index to find a symbol with a certain meaning.

  4. Check out a random sign.

www.symbols.com



Is this the “e-version” of sports fans chatting at a bar?

http://howto.wired.com/wiki/Follow_The_Tour_De_France_Online

Follow The Tour De France Online

From Wired How-To Wiki

The 2009 edition of the Tour de France -- the premiere event on the pro cycling calendar and the oldest of the three grand tours -- kicks off Saturday, July 4 with a short time trial in Monaco.

… Here are our tips for getting your Tour fix online.

This page is a wiki. Got extra advice? Log in and add it!

Contents

Thursday, July 02, 2009

If they knew in February and there has been no fraud, why would they replace the cards now?

http://www.databreaches.net/?p=5900

Heartland Breach Affects OPFCU

July 1, 2009 by admin Filed under Financial Sector, Hack, ID Theft, Malware, U.S.

And the impact of the Heartland Payment Systems breach continues:

Having police officers around didn’t prevent this credit union from having to deal with a data breach.

The Omaha Police Federal Credit Union is replacing 1,167 of its customers’ debit cards after being notified that the card numbers were among those involved in the data breach at Heartland Payment Systems of Princeton, N.J.

Mary Johnson, credit union president, said her staff members have been monitoring card activity while the new cards are being issued and have found no instances of fraud or loss. Credit union members are receiving the new cards before the old ones are deactivated, she said.

Read more in The Omaha World-Herald.

Once again, though, a news report doesn’t tell us when the credit union was first made aware that those card numbers were involved in the breach. Were they notified in February and are first taking action now or were they just recently notified?



What level of cooperation is proper?

http://www.pogowasright.org/?p=1086

Warrantless searches: MySpace, Yahoo and ATT

July 1, 2009 by Dissent Filed under Govt, Internet, Surveillance

An email purporting to be from Mike Duffey, Special Agent, Florida Department of Law Enforcement Computer Crime Center, to the ICAC Task Force mailing list was posted on Wikileaks.org. The email is reportedly from June 2009. The full header is not provided:

From: Duffey, Mike
Sent: None
To: ICAC.Task.Force
Subject: RE: Att refuses legal process in exigent situation- UPDATE!! and concerns

Thank you to everyone who responded. Below is an update with some concerns that based on the responses we received some of you have had.

First let me layout the scenario: Wed night- June 24th we received information that an individual using a yahoo screen name had discussed in detail recently molesting his six year old daughter in an incest forum then chatting on yahoo instant messenger. We began attempting to identify this individual. We discovered a MySpace page associated with the email address. Also on the Myspace, which was public was a name and photos of a girl with the same name as the one who was being molested. Also on the Myspace page was the photo of an adult female who had been tagged, which linked us to her public MySpace page, and had a caption under the photo saying “girlfriend”. Also at this time we were able to discover who we believed the potential targets were but based on info we were receiving we were not able to determine where the suspect was living due to multiple addresses. Later we discovered that our suspect had moved two weeks ago to where we ultimately found him.

We contacted MySpace claiming “exigent circumstances” for subscriber info and log in information for both MySpace using the users at they both had photos of the child victim on there pages with references to her being their child. MySpace responded to our request within 20 minutes and 45 minutes later we had the IP log-in info. Which came back with at least 15 different IP’s over the last 30 days, all belonging to ATT.

Problem Number 1. –Yahoo
In the mean time we were still waiting on Yahoo to respond to our initial request. Approximately three hours later yahoo responded by denying our exigent request. We then called Yahoo back and explained the situation to yahoo who understood the request but claimed they would not be able to obtain the IP log-in info until 48 hours after the log-in occurred. In this case we had info the abuse had recently occurred and need that IP log in within that 48 hour window. When we couldn’t get that we were forced to push back for IP info after the 48 hour window. After 7-hours they gave us the IP’s that were over 48 hours old. These IP’s also were assigned to ATT.

My Comment here is that I find it very hard to believe Yahoo, which collects your IP at the time of log in can’t provide LEO’s with IP log-in information until 48 hours later. In today security conscious environment its not weather they can its that they don’t want to and im sure they will site costs. I say they are actually helping facilitate criminal activity and hindering LEO’s ability to conduct a real time investigation.

Problem Number-2- ATT
We then contacted ATT around 9:00 am. We talked with [employee's name redacted] at ATT and explained to her the situation at hand. [employee] told us “it did not meet there requirement” and we need a subpoena to get that information. We again attempted to explain the situation and were told “ due to ECPA and their interpretation ATT was not allowed to release this information as to where the user of the IP was physically located at. We than began the legal process of getting a subpoena issued as we here in FL don’t have Admin subpoena powers and the process could take anywhere from 4-5 hours or longer. Upon posting on the listserve we received many, many contact names for ATT other than [employee] who basically of no help and didn’t really seem to care. We then contacted [employee 2] with ATT who also toed the company line and refused to provided the information without a subpoena. [employee 2] explained that if it was an exigent situation we would not be giving him IP addresses that were over 48 hours old, hence where is the exigency? We then explained that the IP had to be like that because Yahoo couldn’t provide us with current IP’s. It was at this point that we went to the only current IP we had which were from the MySpace info which was connected to the yahoo email address. We were still forced to get a subpoena after which ATT confirmed the address and subscriber name at 4pm.

My comment is on ATT interpretation of ECPA and that they sighted a prior issue where they provided subscriber info to an LEO. The case went to trial and at the trial ATT had to explain why they provided customer info to LEO’s in a non-exigent situation, thus the defense claimed. ATT said the info they provided was throw out and caused a bad case. ATT explained that is one example as to why they don’t just give out customer on old IP’s, which I explained the fact of why this was occurring and that a child we believed was being sexually abused. In the end they didn’t offer much help either as we had already developed enough intelligence to connect the suspect with a residence.

At 6pm we hit the residence. In the interview with the suspect he admitted to sexually molesting the child over the last two day and while doing so streamed it on webcam to other users. The child was interviewed and divulged the occurrence. Actually the suspect was to arrive home about ten minutes after we arrived. We can only imagine what would have occurred that evening. Why would it have been different than any other night.

To those who assisted thank you !!

I can only hope that one day ATT realizes that there interpretation of ECPA potentially could have hindered us to a point that the abuse could have occurred again. They are not by themselves there Yahoo in their inability to provide LEO with real time IP is equally to blame. Especially when they both could have been of more help!! I realize that they receive a lot of requests but they also make a lot of money from the people who use their systems.

Mike Duffey
Special Agent
Florida Department of Law Enforcement
Computer Crime Center



Perhaps we shouldn't give powerful tools like computers to people with no clue how to use them? By now you would think politicians would understand that emails are sensitive – and calling the police makes more sense than calling the IT department.

http://www.databreaches.net/?p=5933

PA Legislator’s Laptop Stolen from Car

July 1, 2009 by admin Filed under Breach Incidents, Government Sector, Theft, U.S.

A Pennsylvania state representative had his state-issued laptop stolen from his car over the past weekend. But State Rep. Frank Dermody may not be particularly concerned because, according to the Pittsburgh Tribune-Review, the legislator said no sensitive state data were on it.

Nothing “sensitive,” but an “undetermined number of e-mails from constituents” were on the stolen laptop? I wonder how his constituents feel about his lack of concern over their emails and any personal details they might have contained.

Dermody said that after the theft, he immediately contacted the legislature’s I.T. department, “which erased his password.” Horses and barn doors, anyone?



Better than a “National ID” program? “Papers, Citizen! We can't allow you to travel/enter a federal building/drive a car until we know you are healthy.”

http://www.pogowasright.org/?p=1096

Class Action Suit: Stimulus Act and health privacy

July 1, 2009 by Dissent Filed under Court, Legislation, U.S.

The Stimulus Act signed into law by President Obama jeopardizes the privacy rights of the 65 percent of Americans who aren’t on Medicaid or Medicare by requiring health-care providers to create an electronic health record of every person in the United States, a class action claims in Federal Court.

Because Title XIII of the Stimulus Act aims to have everyone’s medical histories in the system by 2014, their personal health information would be a “mouse click away from being accessible to an intruder,” according to lead plaintiff Beatrice M. Heghmann, a health-care professional who has never been covered by Medicare and Medicaid.

Heghmann sued Secretary of Health and Human Services Kathleen Sebelius, White House Office of Health Reform Director Nancy-Ann Deparle and Administrator of the Centers for Medicare and Medicaid Services Charlene Frizzera.

Read more in Courthouse News.

[From the article:

It also allows government officials to link a person's medical information with other forms of personal identification, such as a driver's license number or Social Security number, Heghmann says.

… She says the $22 billion earmarked for the electronic registry exists solely to obtain confidential health-care information.


(Related) Now that we know who you are, we need to know where you go... And we want you to pay us for tracking you!

http://tech.slashdot.org/story/09/07/01/1457243/GPS-Based-System-For-Driving-Tax-Being-Field-Tested?from=rss

GPS-Based System For Driving Tax Being Field Tested

Posted by Soulskill on Wednesday July 01, @11:37AM from the you-can-trust-us dept. transportation privacy

An anonymous reader writes

"Apparently, since gas consumption is going down and fuel efficient cars are becoming more popular, the government is looking into a new form of taxation to create revenue for transportation projects. This new system is a 'by-the-mile tax,' requiring GPS in cars so it can track the mileage. Once a month, the data gets uploaded to a billing center and you are conveniently charged for how much you drove. 'A federal commission, after a two-year study, concluded earlier this year that the road tax was the "best path forward" to keep revenues flowing to highway and transportation projects, and could be an important new tool to help manage traffic and relieve congestion. ... The commission pegged 2020 as the year for the federal fuel tax, currently 18.5 cents a gallon, to be phased out and replaced by a road tax. One estimate of a road tax that would cover the current federal and state fuel taxes is 1 to 2 cents per mile for cars and light trucks.'"



Move the workers someplace else, I need a bigger office. Actually a good move if you need to draw employees from an educated population or a population that speaks foreign languages (and English)

http://it.slashdot.org/story/09/07/02/0333202/NSA-To-Build-20-Acre-Data-Center-In-Utah?from=rss

NSA To Build 20 Acre Data Center In Utah

Posted by samzenpus on Thursday July 02, @07:57AM from the data-on-the-horizon dept. security database usa

Hugh Pickens writes

"The Salt Lake City Tribune reports that the National Security Agency will be building a one million square foot data center at Utah's Camp Williams. The NSA's heavily automated computerized operations have for years been based at Fort Meade, Maryland, but the agency began looking to decentralize its efforts following the terrorist attacks of Sept. 11, 2001 and accelerated their search after the Baltimore Sun reported that the NSA — Baltimore Gas & Electric's biggest customer — had maxed out the local grid and could not bring online several supercomputers it needed to expand its operations. The agency got a taste of the potential for trouble January 24, 2000, when an information overload, rather than a power shortage, caused the NSA's first-ever network crash taking the agency 3 1/2 days to resume operations. The new data center in Utah will require at least 65 megawatts of power — about the same amount used by every home in Salt Lake City so a separate power substation will have to be built at Camp Williams to sustain that demand. "They were looking at secure sites, where there could be a natural nexus between organizations and where space was available," says Col. Scott Olson, the Utah National Guard's legislative liaison. NSA officials, who have a long-standing relationship with Utah based on the state Guard's unique linguist units, approached state officials about finding land in the state on which to build an additional data center. "The stars just kind of came into alignment. We could provide them everything they need.""



This is rather depressing – the type of search I'd expect from devoted followers of supermarket tabloids...

http://www.killerstartups.com/Web-App-Tools/chromomulator-com-find-out-what-is-hot-on-the-www

Chromomulator.com - Find Out What Is Hot On The WWW

http://www.chromomulator.com/

There is so much happening on the Internet that it is a bit hard to stay on top of the hottest stories and media doing the rounds. That is where services such as Chromomulator step right in. They let you have access to only the crème of the crème as regards the stories and items featured on the Web. In the specific case of Chromomulator, it takes the top 100 Google searches at any given time by glancing at the Google Trends page, and complements it with information retrieved from Digg and Technorati. Using this information it produces a list of the hottest and most noteworthy online content around.



For my Computer Security class. Have fun with your neighbors!

http://lifehacker.com/5305094/how-to-crack-a-wi+fi-networks-wep-password-with-backtrack

How to Crack a Wi-Fi Network's WEP Password with BackTrack

By Gina Trapani, 9:30 AM on Wed Jul 1 2009

… Today we're going to run down, step-by-step, how to crack a Wi-Fi network with WEP security turned on.

… Dozens of tutorials on how to crack WEP are already all over the internet using this method. Seriously—Google it. This ain't what you'd call "news." But what is surprising is that someone like me, with minimal networking experience, can get this done with free software and a cheap Wi-Fi adapter.



I'm looking for a co-author (to do all the work)

http://gawker.com/5305024/exploiting-the-blog%2Bto%2Bbook-bubble-a-guide

Exploiting the Blog-to-Book Bubble: A Guide

By Alexia Tsotsis, 6:49 PM on Tue Jun 30 2009

Two blogs, [...] scored contracts at Penguin's Gotham Books imprint in the past week, the latest in an endless series of such deals. Shouldn't you get a piece of the action?

It's not like there's any shame in aiming for a book deal right when you start your blog. As the New York Observer puts it:

These days it seems more and more like people start goofy Web sites practically counting on seeing their stuff between two covers.

If they knew in February and there has been no fraud, why would they replace the cards now?

http://www.databreaches.net/?p=5900

Heartland Breach Affects OPFCU

July 1, 2009 by admin Filed under Financial Sector, Hack, ID Theft, Malware, U.S.

And the impact of the Heartland Payment Systems breach continues:

Having police officers around didn’t prevent this credit union from having to deal with a data breach.

The Omaha Police Federal Credit Union is replacing 1,167 of its customers’ debit cards after being notified that the card numbers were among those involved in the data breach at Heartland Payment Systems of Princeton, N.J.

Mary Johnson, credit union president, said her staff members have been monitoring card activity while the new cards are being issued and have found no instances of fraud or loss. Credit union members are receiving the new cards before the old ones are deactivated, she said.

Read more in The Omaha World-Herald.

Once again, though, a news report doesn’t tell us when the credit union was first made aware that those card numbers were involved in the breach. Were they notified in February and are first taking action now or were they just recently notified?



What level of cooperation is proper?

http://www.pogowasright.org/?p=1086

Warrantless searches: MySpace, Yahoo and ATT

July 1, 2009 by Dissent Filed under Govt, Internet, Surveillance

An email purporting to be from Mike Duffey, Special Agent, Florida Department of Law Enforcement Computer Crime Center, to the ICAC Task Force mailing list was posted on Wikileaks.org. The email is reportedly from June 2009. The full header is not provided:

From: Duffey, Mike
Sent: None
To: ICAC.Task.Force
Subject: RE: Att refuses legal process in exigent situation- UPDATE!! and concerns

Thank you to everyone who responded. Below is an update with some concerns that based on the responses we received some of you have had.

First let me layout the scenario: Wed night- June 24th we received information that an individual using a yahoo screen name had discussed in detail recently molesting his six year old daughter in an incest forum then chatting on yahoo instant messenger. We began attempting to identify this individual. We discovered a MySpace page associated with the email address. Also on the Myspace, which was public was a name and photos of a girl with the same name as the one who was being molested. Also on the Myspace page was the photo of an adult female who had been tagged, which linked us to her public MySpace page, and had a caption under the photo saying “girlfriend”. Also at this time we were able to discover who we believed the potential targets were but based on info we were receiving we were not able to determine where the suspect was living due to multiple addresses. Later we discovered that our suspect had moved two weeks ago to where we ultimately found him.

We contacted MySpace claiming “exigent circumstances” for subscriber info and log in information for both MySpace using the users at they both had photos of the child victim on there pages with references to her being their child. MySpace responded to our request within 20 minutes and 45 minutes later we had the IP log-in info. Which came back with at least 15 different IP’s over the last 30 days, all belonging to ATT.

Problem Number 1. –Yahoo
In the mean time we were still waiting on Yahoo to respond to our initial request. Approximately three hours later yahoo responded by denying our exigent request. We then called Yahoo back and explained the situation to yahoo who understood the request but claimed they would not be able to obtain the IP log-in info until 48 hours after the log-in occurred. In this case we had info the abuse had recently occurred and need that IP log in within that 48 hour window. When we couldn’t get that we were forced to push back for IP info after the 48 hour window. After 7-hours they gave us the IP’s that were over 48 hours old. These IP’s also were assigned to ATT.

My Comment here is that I find it very hard to believe Yahoo, which collects your IP at the time of log in can’t provide LEO’s with IP log-in information until 48 hours later. In today security conscious environment its not weather they can its that they don’t want to and im sure they will site costs. I say they are actually helping facilitate criminal activity and hindering LEO’s ability to conduct a real time investigation.

Problem Number-2- ATT
We then contacted ATT around 9:00 am. We talked with [employee's name redacted] at ATT and explained to her the situation at hand. [employee] told us “it did not meet there requirement” and we need a subpoena to get that information. We again attempted to explain the situation and were told “ due to ECPA and their interpretation ATT was not allowed to release this information as to where the user of the IP was physically located at. We than began the legal process of getting a subpoena issued as we here in FL don’t have Admin subpoena powers and the process could take anywhere from 4-5 hours or longer. Upon posting on the listserve we received many, many contact names for ATT other than [employee] who basically of no help and didn’t really seem to care. We then contacted [employee 2] with ATT who also toed the company line and refused to provided the information without a subpoena. [employee 2] explained that if it was an exigent situation we would not be giving him IP addresses that were over 48 hours old, hence where is the exigency? We then explained that the IP had to be like that because Yahoo couldn’t provide us with current IP’s. It was at this point that we went to the only current IP we had which were from the MySpace info which was connected to the yahoo email address. We were still forced to get a subpoena after which ATT confirmed the address and subscriber name at 4pm.

My comment is on ATT interpretation of ECPA and that they sighted a prior issue where they provided subscriber info to an LEO. The case went to trial and at the trial ATT had to explain why they provided customer info to LEO’s in a non-exigent situation, thus the defense claimed. ATT said the info they provided was throw out and caused a bad case. ATT explained that is one example as to why they don’t just give out customer on old IP’s, which I explained the fact of why this was occurring and that a child we believed was being sexually abused. In the end they didn’t offer much help either as we had already developed enough intelligence to connect the suspect with a residence.

At 6pm we hit the residence. In the interview with the suspect he admitted to sexually molesting the child over the last two day and while doing so streamed it on webcam to other users. The child was interviewed and divulged the occurrence. Actually the suspect was to arrive home about ten minutes after we arrived. We can only imagine what would have occurred that evening. Why would it have been different than any other night.

To those who assisted thank you !!

I can only hope that one day ATT realizes that there interpretation of ECPA potentially could have hindered us to a point that the abuse could have occurred again. They are not by themselves there Yahoo in their inability to provide LEO with real time IP is equally to blame. Especially when they both could have been of more help!! I realize that they receive a lot of requests but they also make a lot of money from the people who use their systems.

Mike Duffey
Special Agent
Florida Department of Law Enforcement
Computer Crime Center



Perhaps we shouldn't give powerful tools like computers to people with no clue how to use them? By now you would think politicians would understand that emails are sensitive – and calling the police makes more sense than calling the IT department.

http://www.databreaches.net/?p=5933

PA Legislator’s Laptop Stolen from Car

July 1, 2009 by admin Filed under Breach Incidents, Government Sector, Theft, U.S.

A Pennsylvania state representative had his state-issued laptop stolen from his car over the past weekend. But State Rep. Frank Dermody may not be particularly concerned because, according to the Pittsburgh Tribune-Review, the legislator said no sensitive state data were on it.

Nothing “sensitive,” but an “undetermined number of e-mails from constituents” were on the stolen laptop? I wonder how his constituents feel about his lack of concern over their emails and any personal details they might have contained.

Dermody said that after the theft, he immediately contacted the legislature’s I.T. department, “which erased his password.” Horses and barn doors, anyone?



Better than a “National ID” program? “Papers, Citizen! We can't allow you to travel/enter a federal building/drive a car until we know you are healthy.”

http://www.pogowasright.org/?p=1096

Class Action Suit: Stimulus Act and health privacy

July 1, 2009 by Dissent Filed under Court, Legislation, U.S.

The Stimulus Act signed into law by President Obama jeopardizes the privacy rights of the 65 percent of Americans who aren’t on Medicaid or Medicare by requiring health-care providers to create an electronic health record of every person in the United States, a class action claims in Federal Court.

Because Title XIII of the Stimulus Act aims to have everyone’s medical histories in the system by 2014, their personal health information would be a “mouse click away from being accessible to an intruder,” according to lead plaintiff Beatrice M. Heghmann, a health-care professional who has never been covered by Medicare and Medicaid.

Heghmann sued Secretary of Health and Human Services Kathleen Sebelius, White House Office of Health Reform Director Nancy-Ann Deparle and Administrator of the Centers for Medicare and Medicaid Services Charlene Frizzera.

Read more in Courthouse News.

[From the article:

It also allows government officials to link a person's medical information with other forms of personal identification, such as a driver's license number or Social Security number, Heghmann says.

… She says the $22 billion earmarked for the electronic registry exists solely to obtain confidential health-care information.


(Related) Now that we know who you are, we need to know where you go... And we want you to pay us for tracking you!

http://tech.slashdot.org/story/09/07/01/1457243/GPS-Based-System-For-Driving-Tax-Being-Field-Tested?from=rss

GPS-Based System For Driving Tax Being Field Tested

Posted by Soulskill on Wednesday July 01, @11:37AM from the you-can-trust-us dept. transportation privacy

An anonymous reader writes

"Apparently, since gas consumption is going down and fuel efficient cars are becoming more popular, the government is looking into a new form of taxation to create revenue for transportation projects. This new system is a 'by-the-mile tax,' requiring GPS in cars so it can track the mileage. Once a month, the data gets uploaded to a billing center and you are conveniently charged for how much you drove. 'A federal commission, after a two-year study, concluded earlier this year that the road tax was the "best path forward" to keep revenues flowing to highway and transportation projects, and could be an important new tool to help manage traffic and relieve congestion. ... The commission pegged 2020 as the year for the federal fuel tax, currently 18.5 cents a gallon, to be phased out and replaced by a road tax. One estimate of a road tax that would cover the current federal and state fuel taxes is 1 to 2 cents per mile for cars and light trucks.'"



Move the workers someplace else, I need a bigger office. Actually a good move if you need to draw employees from an educated population or a population that speaks foreign languages (and English)

http://it.slashdot.org/story/09/07/02/0333202/NSA-To-Build-20-Acre-Data-Center-In-Utah?from=rss

NSA To Build 20 Acre Data Center In Utah

Posted by samzenpus on Thursday July 02, @07:57AM from the data-on-the-horizon dept. security database usa

Hugh Pickens writes

"The Salt Lake City Tribune reports that the National Security Agency will be building a one million square foot data center at Utah's Camp Williams. The NSA's heavily automated computerized operations have for years been based at Fort Meade, Maryland, but the agency began looking to decentralize its efforts following the terrorist attacks of Sept. 11, 2001 and accelerated their search after the Baltimore Sun reported that the NSA — Baltimore Gas & Electric's biggest customer — had maxed out the local grid and could not bring online several supercomputers it needed to expand its operations. The agency got a taste of the potential for trouble January 24, 2000, when an information overload, rather than a power shortage, caused the NSA's first-ever network crash taking the agency 3 1/2 days to resume operations. The new data center in Utah will require at least 65 megawatts of power — about the same amount used by every home in Salt Lake City so a separate power substation will have to be built at Camp Williams to sustain that demand. "They were looking at secure sites, where there could be a natural nexus between organizations and where space was available," says Col. Scott Olson, the Utah National Guard's legislative liaison. NSA officials, who have a long-standing relationship with Utah based on the state Guard's unique linguist units, approached state officials about finding land in the state on which to build an additional data center. "The stars just kind of came into alignment. We could provide them everything they need.""



This is rather depressing – the type of search I'd expect from devoted followers of supermarket tabloids...

http://www.killerstartups.com/Web-App-Tools/chromomulator-com-find-out-what-is-hot-on-the-www

Chromomulator.com - Find Out What Is Hot On The WWW

http://www.chromomulator.com/

There is so much happening on the Internet that it is a bit hard to stay on top of the hottest stories and media doing the rounds. That is where services such as Chromomulator step right in. They let you have access to only the crème of the crème as regards the stories and items featured on the Web. In the specific case of Chromomulator, it takes the top 100 Google searches at any given time by glancing at the Google Trends page, and complements it with information retrieved from Digg and Technorati. Using this information it produces a list of the hottest and most noteworthy online content around.



For my Computer Security class. Have fun with your neighbors!

http://lifehacker.com/5305094/how-to-crack-a-wi+fi-networks-wep-password-with-backtrack

How to Crack a Wi-Fi Network's WEP Password with BackTrack

By Gina Trapani, 9:30 AM on Wed Jul 1 2009

… Today we're going to run down, step-by-step, how to crack a Wi-Fi network with WEP security turned on.

… Dozens of tutorials on how to crack WEP are already all over the internet using this method. Seriously—Google it. This ain't what you'd call "news." But what is surprising is that someone like me, with minimal networking experience, can get this done with free software and a cheap Wi-Fi adapter.



I'm looking for a co-author (to do all the work)

http://gawker.com/5305024/exploiting-the-blog%2Bto%2Bbook-bubble-a-guide

Exploiting the Blog-to-Book Bubble: A Guide

By Alexia Tsotsis, 6:49 PM on Tue Jun 30 2009

Two blogs, [...] scored contracts at Penguin's Gotham Books imprint in the past week, the latest in an endless series of such deals. Shouldn't you get a piece of the action?

It's not like there's any shame in aiming for a book deal right when you start your blog. As the New York Observer puts it:

These days it seems more and more like people start goofy Web sites practically counting on seeing their stuff between two covers.

Wednesday, July 01, 2009

IT Governance Tip #1: Know where your assets are.

http://www.databreaches.net/?p=5886

Sutter Employee Info Found On Broken Laptop

June 30, 2009 by admin Filed under Breach Incidents, Healthcare Sector, Other

Thousands of Sacramento area Sutter Health employees are being warned that their personal information may have been leaked after a computer repair shop found the data on an old laptop that had been brought in for repair.

Sutter Health is notifying about 6,000 former and current employees about the possibility that their social security numbers and other private information may have been accessed.

Until the laptop was brought into a computer repair shop, Sutter Health had believed the computer was in the possession of a Sutter employee since 2007.

Read more on http://cbs13.com/local/sutter.health.laptop.2.1066081.html

[From the Article:

Sutter's computer technicians checked out the computer and say it has not been used by anyone since 2007.

Sutter says there is no police investigation into the incident and that appropriate action was taken against the employee who was originally issued the computer.



For your Security Manager...

http://it.slashdot.org/story/09/06/30/2237256/New-Click-Fraud-Attack-Is-Stealthiest-Yet?from=rss

New Click-Fraud Attack Is Stealthiest Yet

Posted by kdawson on Tuesday June 30, @09:35PM from the penny-here-penny-there dept.

An anonymous reader sends news from The Washington Post's Security Fix blog of a new Trojan horse program that takes click fraud to the next level. The Trojan, dubbed FFsearcher by SecureWorks, was among the pieces of malware installed by sites hacked with the Nine-Ball mass compromise, which attacked some 40,000 Web sites this month. The Trojan takes advantage of Google's "AdSense for Search" API, which allows Web sites to embed Google search results alongside the usual Google AdSense ads. (SecureWorks' writeup indicates that Yahoo search is targeted too, but the researchers saw no evidence if the malware redirecting Yahoo searches.) While most search hijackers give themselves away on the victim's machine by redirecting the browser through some no-name search engine, FFsearcher

"...converts every search a victim makes through Google.com, so that each query is invisibly redirected through the attackers' own Web sites, via Google's Custom Search API. Meanwhile, the Trojan manipulates the victim's PC and browser so that the victim never actually sees the attacker-controlled Web site that is hijacking the search, but instead sees the search results as though they were returned directly from Google.com (and with Google.com in the victim browser's address bar, not the address of the attacker controlled site). Adding to the stealth is the fact that search results themselves aren't altered by the attackers, who are merely going after the referral payments should victims click on any of the displayed ads. What's more, the attackers aren't diverting clicks or ad revenue away from advertisers or publishers, as in traditional click fraud: They are simply forcing Google to pay commissions that it wouldn't otherwise have to pay."

If FFSearcher were the only piece of malware on the machine, it would have a better chance of staying under the radar.



This should be amusing/depressing. You could almost automate the “government waste” articles it will generate.

http://news.slashdot.org/story/09/07/01/0032230/US-Gov-Launches-Web-Site-To-Track-IT-Spending?from=rss

US Gov. Launches Web Site To Track IT Spending

Posted by kdawson on Wednesday July 01, @08:03AM from the how-much-for-the-retractable-drink-holders dept. government internet usa it

andy1307 writes

"Vivek Kundra, the federal chief information officer, announced on Tuesday a new Web site designed to track more than $70 billion in government IT spending, showing all contracts held by major firms within every agency. The (Flash-heavy) site, USAspending.gov, shows detailed information about whether IT contracts are being monitored and budgets being met. [If they are in this database they are “monitored” and I doubt any government project meets its budget. Bob] The data also show which contracts were won through a competitive process or in a no-bid method (the latter approach is criticized by good-government advocates for excluding firms from business opportunities). Each prime contractor is listed as well as the status of that project; sub-contractors are not yet shown."



How do Tech firms help their customers avoid sales tax? Would they move to an Island in the Caribbean if they were offered a 'no sales tax' guarantee?

http://yro.slashdot.org/story/09/06/30/1515222/Rhode-Island-Affiliates-Banned-From-Amazoncom-Sales?from=rss

Rhode Island Affiliates Banned From Amazon.com Sales

Posted by timothy on Tuesday June 30, @11:44AM from the oh-just-wait-for-the-feds-to-tax-it-instead dept. government money internet usa politics

Rand Huck writes

"Amazon.com has now added Rhode Island to its blacklist of affiliates in response to its proposed budget changes to enforce a tax on Internet sales, which includes commissions on their affiliate program by content providers based in Rhode Island. The first state to be blacklisted was North Carolina, for the same reason. If you go to a Rhode Island-based or North Carolina-based website that advertises Amazon.com goods as an affiliate, that website will no longer have the goods available because otherwise Amazon.com would be forced to pay sales tax to the State of Rhode Island and Providence Plantations or the State of North Carolina. The state's rationale is, if someone clicks to buy a good from Amazon.com via a site based in Rhode Island, it's equivalent to buying a good from a brick and mortar chain store located in Rhode Island."



A project too big to fail? “Yes, it's stupid, but we are committed?” How un-compulsory can it be if you need the card to avoid a full cavity search before boarding planes, trains or subways?

http://www.pogowasright.org/?p=1032

ID cards ‘will never be compulsory’ for Britons

June 30, 2009 by Dissent Filed under Featured Headlines, Govt, Non-U.S.

Alan Johnson signalled a major retreat by the Government on identity cards when he ruled out ever making them compulsory for UK citizens.

The Home Secretary also abandoned plans for a pilot project at two airports which would have required some staff and pilots to carry the cards.

The schemes for new workers wishing to go airside at Manchester airport and London city airport will now only be voluntary.

But the Government is to press ahead with creating a national identity register which, from 2011/12, will include the details of everyone who applies for a passport.

[...]

Chris Grayling, the shadow Home Secretary, said: “This decision is symbolic of a Government in chaos. They have spent millions on the scheme so far - the Home Secretary thinks it has been a waste and wants to scrap it, but the Prime Minister won’t let him. So we end up with an absurd fudge [Wow! Makes me wish I spoke English! Bob] instead. This is no way to run the country.”

Read more in The Times Online.

[From the article:

The announcement means that the only people for whom it will be compulsory to have an identity card will be foreign citizens. However, the Government is to press ahead with creating a national identity register that, from 2011-12, will include the details of everyone who applies for a passport.



An indication that the fix hasn't been installed in many ATMs yet.

http://www.wired.com/threatlevel/2009/06/atm-vendor-halts-talk/

ATM Vendor Halts Researcher’s Talk on Vulnerability

By Kim Zetter Email Author June 30, 2009 * 11:07 am

An ATM vendor has succeeded in getting a security talk pulled from the upcoming Black Hat conference after a researcher announced he would demonstrate a vulnerability in the system.

Barnaby Jack, a researcher with Juniper Networks, was to present a demonstration showing how he could “jackpot” a popular ATM brand by exploiting a vulnerability in its software.

Jack was scheduled to present his talk at the upcoming Black Hat security conference being held in Las Vegas at the end of July.

But on Monday evening, his employer released a statement saying it was canceling the talk due to the vendor’s intervention.



Just in case you thought that Pirate Bay was the only site of its kind...

http://www.zeropaid.com/news/86532/5-alternative-the-pirate-bay-bittorrent-sites/

5 Alternatives to The Pirate Bay

The admins of The Pirate Bay have stressed that in order for the Bay to stay alive, they need to adapt the site to a legitimate one, selling the site for $7.8 Million in the process. While some users showed their support for the infamous website, others are already jumping ship, demanding that their accounts be removed in the process. We were curious to know what alternatives there are out there these days and have come up with 5 alternative websites.



Does this explain why some CEOs don't understand technology? Thankfully brief slideshows,,,

http://www.bespacific.com/mt/archives/021713.html

June 30, 2009

Reports: Fortune 100 CEOs and Social Media

UberCEO: Fortune 100 CEOs and Social Media - "...top CEOs in the country appear to be mostly absent from the social media community. That's the result from research we conducted over the past several weeks. We looked at Fortune's 2009 list of the top 100 CEOs to determine how many were using Facebook, Twitter, LinkedIn, Wikipedia, or had a blog. The results show a miserable level of engagement."



Now McDonald's can recover their lost millions from their over-paid employees...

http://www.pogowasright.org/?p=1044

McDonald’s can sue employee over naked pix

June 30, 2009 by Dissent Filed under Breaches, Businesses, Court

There was another development in court concerning the lawsuit (pdf) filed by Arkansas couple Tina and Phillip Sherman against McDonald’s, Matthews Mangement, and the franchise’s manager, Aaron Brummley after nude pictures on a cellphone accidentally left in the Fayetteville McDonald’s were uploaded to the web.

Although the court wouldn’t dismiss the complaint (see Matthews Management’s motion to dismiss [pdf], McDonald’s motion to dismiss [pdf] and the Sherman’s response [pdf]), Washington County Circuit Judge Mary Ann Gunn has now granted McDonald’s motion to sue a franchise employee, Cody Hess. McDonald’s claims that he is the cause of any damages Phillip and Tina Sherman might have experienced.



Isn't there a nice safe place we can put this (clearly) mentally challenged individual?

http://news.yahoo.com/s/ap/20090630/ap_on_fe_st/us_odd_college_student_jail_theft

College student tries to steal jail computer

AP

KALAMAZOO, Mich. – Western Michigan University student William K. Bradley was sentenced for larceny in a building. He stole a computer. From the Kalamazoo County jail. Where he already was serving a sentence in a different case.

Kalamazoo County Circuit Judge Gary Giguere Jr. sentenced Bradley on Monday, telling the Kalamazoo resident his jailhouse theft was "the dumbest crime I've heard today" and "may be in the top half-dozen in my career."

Bradley, who has racked up six felonies and four misdemeanors by the age of 25, agreed with the judge, saying, "I'm not the best criminal."



For my fellow geeks... (The site has been Slashdotted, but mirrors are in the comments)

http://digg.com/software/151_Convenient_Firefox_Add_ons_for_Advanced_Users

151 Convenient Firefox Add-ons for Advanced Users

investintech.com — Since Firefox is rich with standard features, many users are content with running the browser as is after installing it. Advanced users, however, know that they can tailor the browser to fit their individual browsing needs. Here are 151 Firefox add-ons for advanced users.

Tuesday, June 30, 2009

Status (Interview at the high school level)

http://www.databreaches.net/?p=5827

Coffman on the Heartland Lawsuits

June 29, 2009 by admin Filed under Breach Incidents, Commentaries and Analyses, Financial Sector, Hack, U.S.

Tom Field of BankInfoSecurity.com has an interesting interview with Richard Coffman, the Texas attorney who filed the first class action lawsuit against Heartland Payment Systems (HPY). Coffman represents banks and financial institutions suing HPY.

One of the more intriguing aspects of the interview has to do with why Coffman thinks that banks and financial institutions will fare any better against HPY than they did when they sued TJX and were denied class action status. Coffman didn’t really explain how he sees the HPY situation as being different than the TJX case, but says:

I can say that the banks initially did not fair well in that case [TJX]for several reasons, none of which exist in this case in my opinion.

Although I have been following the bank’s side of that TJX litigation closely, it is interesting to note that the First Circuit Court of Appeals just breathed new life into the bank’s side of the case with a ruling in March of this year, and has now sent the bank case back down to the federal district court in Boston with the directive to look at class certification all over again.

The district court initially denied class certification for the financial institutions in that litigation, again for reasons that I don’t believe exist in the Heartland case, but even with that denial the district court has now been directed to look at it one more time.

Undoubtedly, there’s a long way to go on these lawsuits.



Good hack or bad hack?

http://www.pogowasright.org/?p=1027

Hotmail hack exposed Sanford’s affair

June 30, 2009 by Dissent Filed under Breaches

Emails from the Argentine mistress of married South Carolina Governor Mark Sanford were leaked to the press by a hacker, according to the Latin American siren at the centre of a political scandal in the US Deep South.

The emails were obtained by South Carolina newspaper The State back in December but kept on ice while the paper investigated their authenticity. Last week Sanford’s political aides confirmed that the emails were authentic, allowing the paper to publish the intimate exchange of correspondence between Sanford and the mother of two, initially identified only as Maria.

[...]

Maria further claims that her Hotmail account was hacked through an older Argentinian account, which she has since closed. She reckons she knows who broken into her account, but isn’t saying anything just now.

Read more in The Register.



Perhaps they needed the cash to live well in Brazil? If this isn't an April Fool joke, there will be a lot of angry users out there...

http://torrentfreak.com/the-pirate-bay-sold-to-software-company-goes-legal-090630/

The Pirate Bay Sold To Software Company, Goes Legal

Written by enigmax on June 30, 2009

According to gaming company Global Gaming Factory X, it is in the the process of acquiring The Pirate Bay for $7.8m (SEK 60 million). The acquisition is scheduled to be completed by August and will see the site launch new business models to compensate content providers and copyright owners.



How to run a Privacy Office on zero dollars” – should be a huge hit.

http://www.pogowasright.org/?p=1004

Gartner: Firms still playing privacy catch-up

June 30, 2009 by Dissent Filed under Businesses, U.S.

Even though most enterprises have created a position to oversee privacy in their IT operations, many of those programs miss the target, often owing to budget shortfalls, according to an industry analyst.

"Privacy programs tend to be underfunded," Gartner's Arabella Hallawell said here at the research firm's annual Information Security Summit.

[...]

Privacy issues, concerning data relating to both employees and clients, are complicated by a patchwork regulatory environment affecting firms that operate overseas. In Europe, for instance, many members of the EU have adopted privacy guidelines that are far more stringent than markets like China and India, where the collection and use of personal information is largely unregulated.

The United States falls somewhere in between.

Read more on InternetNews.com.

[From the article:

In a 2008 survey, 65 percent of businesses reported that they had a dedicated individual or office to promoting privacy, which Hallawell admitted was higher than she expected. In the same survey, however, only 40 percent of businesses said they have distinct privacy funding provisions in their budgets.

… Hallawell said that security auditors increasingly advise firms in all industries that their privacy policies are too weak.



From the horse's mouth...

http://www.wired.com/epicenter/2009/06/mark-zuckerberg-speaks/

The Wired Interview: Facebook’s Mark Zuckerberg

By Fred Vogelstein * June 29, 2009 | * 3:29 pm



Not much money for 360 man-years of research. Might be simpler to have them start a joint blog and post anything that amuses them.

http://www.pogowasright.org/?p=986

Snooping on the snoopers

June 29, 2009 by Dissent Filed under Non-U.S., Surveillance

Can you see your data shadow? A University of Stirling expert is to turn the tables and put surveillance under scrutiny.

Dr William Webster of the Stirling Management School has secured over half a million Euros of funding from the European Science Foundation to study the impact of surveillance on individuals and society over the next four years.

The Living in Surveillance Societies programme sees Webster head up a new Europe-wide network of academics. More than 90 researchers from 15 countries have signed up to the network, which Dr Webster will chair.

He said: “The programme is about facilitating a better understanding of what it is like to live in a society where technologically mediated surveillance is so prevalent - both for the surveyor and the surveyed. It will look at our experiences of the impact of surveillance on people, businesses, technology and governance.”

Read more in The Herald.



Big does not equal monopoly. Does it?

http://www.bespacific.com/mt/archives/021701.html

June 28, 2009

Is Google Really in a Competitive Space?

New York Times: "Google handles roughly two-thirds of all Internet searches. It owns the largest online video site, YouTube, which is more than 10 times more popular than its nearest competitor. And last year, Google sold nearly $22 billion in advertising, more than any media company in the world."

  • See also via ZDNet and ConsumerWatchdog.org: "With Justice Department scrutiny over the Google Books Settlement only the the leading edge of antitrust regulators’ attention to Google, the company has launched a dog-and-pony show dedicated to combating the impression that more control is needed. In a presentation (PDF) acquired by Consumer Watchdog, Google public affairs lead Adam Kovacevich argued that Google is anything but anti-competitive. Its success comes from “learning by doing,” the presentation says."



Think of it as a step toward “Any movie, any time”

http://news.yahoo.com/s/ap/20090629/ap_on_bi_ge/us_supreme_court_cablevision_dvrs

High court won't block remote storage DVR

WASHINGTON – Hollywood studios and television networks have lost a Supreme Court bid to block the use of a new digital video recorder system that could make it cheaper and easier for viewers to record shows and watch them when they want, without commercials.

The justices, in an order Monday, say they will not disturb a federal appeals court ruling that Cablevision Systems Corp.'s remote-storage DVR does not violate copyright laws.

For consumers, the action means that Cablevision and perhaps other cable system operators soon will be able to offer DVR service without need for a box in their homes. The remote storage unit exists on computer servers maintained by a cable provider.



Research tools. Not Google killers, but they might fill a niche for you. (and the comments list a bunch more!)

http://www.wired.com/epicenter/2009/06/coolsearchengines

Cool Search Engines That Are Not Google

By Ryan Singel June 30, 2009 12:00 am

… The variety of search startups is mind-boggling, and hints at the challenges Google may face staying on the bleeding edge of search innovation in the coming years. (There’s even something for micro-philanthropists: Good Search donates a penny to the charity of your choice for each search you run.) [Interesting business model for the “Save the Whales” set? Bob]

… Take mobile. Google works fine on the iPhone, but for quick searches on the go, ChaCha can’t be beat. Simply text your question to 242242 and you’ll get an answer sent back to you.

In the age of Twitter, there’s fierce competition to be the quickest indexer on the net — a feature even Google co-founder Sergey Brin admits his company can improve upon. IceRocket, OneRiot and Scoopler are typical of the trend.

The smartest one we found is Collecta. It scours the net for the most recent blog posts, news stories, tweets and comments and displays them in a continuous waterfall.

Keeping tabs on local news and events isn’t easy — even in the days of news aggregators. Enter Trackle.

… Want to learn about a general topic such as the Iranian revolution or paella? Try Kosmix.com, which relies on services around the web — like Wikipedia and Flickr — to compile web pages stocked with useful and relevant information.

Some of the most interesting search engines we found are those that focus on a narrow niche and deliver in-depth targeted results on very narrow topics. Familiar examples are travel sites like Orbitz and Kayak, which search multiple databases to find cheap airfares and hotel rooms.

Try Indeed.com, a meta-search engine for job hunters. When you get to the interview, fire up Parkingspots.com to find the best place to put your car.

Want to see a concert to celebrate your new job? Pick up a ticket using meta-search eninges FanSnap.com or ZebraTickets.com.

Some search innovators are tackling interface design to help take some of the guesswork out of search links. If you’re looking for something visual — say Michael Jackson moon walking — try Searchme.com, which shows entire web pages in its results as if they were album art in iTunes.

For music, try Fizy.com or head to video search engine Blinkx.com to navigate your way to streaming songs you can’t find anywhere else.


(Related) It's not enough to be “better than” another search engine or software package, you have to be seen as “significantly” better – as defined by each individual user... It's not just “learning a new tool” it's “unlearning the old tool while learning the new tool”

http://features.csmonitor.com/innovation/2009/06/26/the-biggest-problem-facing-bing-loyalty-to-google/

The biggest problem facing Bing? Loyalty to Google.

By Matthew Shaer | 06.26.09

We’ve written a lot about Bing in recent months, because let’s face it – any legitimate challenge to Google is worth watching very closely. But a new focus group study released yesterday by Catalyst Group shows exactly how steep the climb will be for Microsoft’s new search tool.

Interestingly, most of the users preferred the visual design and feel of Bing. One test subject said Bing was “warmer and more inviting.” Another opined that “Bing’s search refining features were more helpful than Google’s.” So far, so good – Microsoft has obviously put a lot of thought into the layout of their newest engine, from the glossy opening photos to the structure of the results page.

One more piece of good news for Bing: When users embarked on their search for a new digital camera, they spent 150 percent more time viewing the ad space at the top of the page. A plus, obviously, for Microsoft’s sales teams.

But we’ll stay with Google

In the end, 8 out of the 12 users said they planned on sticking with Google, despite a positive experience with Bing. Some users cited the fact that the engines were producing essentially identical results. Others pointed out that since they already used a lot of Google applications, such as Google Docs, that it wouldn’t make sense to switch to Bing. The biggest sticking point, though, was loyalty: users were familiar with how Google worked, and saw no reason to ditch their favorite search engine.

“Bing generates interest,” one user wrote, “but it’s hard to take me away from Google because I’m so comfortable with it.”



Unfortunately, this is for my math students.

http://www.makeuseof.com/tag/5-cool-games-to-get-your-kids-interested-in-mathematics/

5 Cool Free Internet Games for Kids That’ll Make them Love Math

Jun. 29th, 2009 By Tina

… Here are five cool free Internet games for kids that will get your own kid interested and motivated in Mathematics.

...What’s the Point?

On Math Goodies students will find more tools and games like this to practice algebra, integers, percent, geometry, probability and more.

Need more online resources for your kids?

Ryan wrote about Top Educational Websites For Children That Are Fun,

Dave covered Sporcle - Cool Games That Make Learning Fun Again and

I wrote about Websites For Students: 10 Online Learning Tools.