Saturday, August 08, 2009

Strategy is as strategy does. Or in this case, ask yourself WWBBD? (What Would Big Brother Do?)

http://www.pogowasright.org/?p=2634

Police told to ignore human rights ruling over DNA database

August 7, 2009 by Dissent Filed under Featured Headlines, Govt, Non-U.S., Surveillance

Chief constables across England and Wales have been told to ignore a landmark ruling by the European court of human rights and carry on adding the DNA profiles of tens of thousands of innocent people to a national DNA database.

Senior police officers have also been “strongly advised” that it is “vitally important” that they resist individual requests based on the Strasbourg ruling to remove DNA profiles from the national database in cases such as wrongful arrest, mistaken identity, or where no crime has been committed.

Read more in The Guardian.

It’s not clear how the letter described in the news story from ACPO is consistent with a June 21 story on how the incoming ACPO chief, Sir Hugh Orde, wants more emphasis on human rights.



How serious is this, really? Is it worthy of Secret Service notice? (Does it return a big “Knock it off, Republican Dog! The Feds are watching and are calling your Mother right now!)

http://www.pogowasright.org/?p=2646

Philly cop accused of running criminal background check on Obama

August 8, 2009 by Dissent Filed under Breaches, Govt, U.S.

Philadelphia’s police department is investigating why an officer used his police car’s computer to run a criminal background check on President Barack Obama.

Police Commissioner Charles Ramsey said Friday the officer could face discipline for performing the check Wednesday morning. The Secret Service alerted the department after it learned about the incident from National Crime Information Center.

Read more on Huffington Post.

In July, two Georgia police officers were put on paid administrative leave after it was found that they had run an unauthorized background check on the President.


(Related?) Some folks (politicians) got more rights than others?

http://www.pogowasright.org/?p=2649

2nd Circuit rebuffs attempt to obtain Spitzer wiretap data

August 8, 2009 by Dissent Filed under Court, Surveillance, U.S.

The New York Times has lost its bid to obtain wiretap information related to former New York Gov. Eliot Spitzer’s involvement in a prostitution ring.

The federal law that permits disclosure of wiretap information on a showing of good cause does not allow disclosure based solely on the news media’s interest in publishing the information, the 2nd U.S. Circuit Court of Appeals ruled on Friday.

Read more on Law.com.

[From the article:

Four people who either ran or worked for the prostitution ring were charged in the case in March 2008. Once Spitzer was revealed as a client of the ring, he quickly resigned from office, although he was not charged in the case.

… Rakoff, in In re New York Times Co., 600 F.Supp. 2d 504 (S.D.N.Y. 2009), granted the paper's request on Feb. 19, 2009, finding the wiretap applications were "judicial records," and that the press enjoyed a right of access to those records under both common law and the First Amendment that amounted to a "presumption in favor of disclosure."

He found that the presumption was not outweighed by the government's concern about confidentiality because the investigation had been concluded, and that any privacy concerns could be addressed by the redactions.

Finally, the judge said that "there's no reason to believe that Congress intended 'good cause' to be anything other than a synonym for the balancing dictated by the aforementioned constitutional and common law principles."



All Kindle users??? It never hurts to ask, but does he believe his newspapers are important enough to Amazon to demand? If Amazon says no, where will he go? This, coupled with his decision to charge for content, should make for an interesting test case.

http://news.slashdot.org/story/09/08/07/168255/Murdoch-Demands-Kindle-Users-Info?from=rss

Murdoch Demands Kindle Users' Info

Posted by ScuttleMonkey on Friday August 07, @03:45PM from the another-in-a-long-line-of-bad-decisions dept.

In yet another move to display how antiquated and completely ignorant of digital culture he is, Rupert Murdoch has started demanding that Amazon hand over user info for all Kindle users. This demand comes right after Murdoch just finished negotiating a larger share of revenue from Amazon sales. At least Amazon hasn't decided to comply with this request yet.

"'As I've said before, the traditional business model has to change rapidly to ensure that our journalistic businesses can return to their old margins of profitability,' Murdoch said. 'Quality journalism is not cheap, and an industry that gives away its content is simply cannibalizing its ability to produce good reporting.'"

[From the article:

"Kindle treats them as their subscribers, not as ours, and I think that will eventually cause a break with us."



Boy, you thought Texting made for dangerous driving...

http://newteevee.com/2009/08/07/apple-to-stream-first-live-concert-to-the-iphone-tonight/

Apple to Stream First Live Concert to the iPhone Tonight

Tonight Apple will produce its first-ever live event streamed to the iPhone: a concert by the electronica band Underworld. Apple has apparently kept the event quiet as it doesn’t want to overwhelm the AT&T network, but if you have an iPhone you can queue it up yourself at iphone.akamai.com or underworldlive.com. The show starts at 9 p.m. PT and the stream is free.



Is there a use for this? Isn't PowerPoint bad enough?

http://www.makeuseof.com/tag/use-powerpoint-video-converter-to-convert-powerpoint-presentations-to-a-video/

Use PowerPoint Video Converter to Convert PowerPoint Presentations to a Video

Aug. 7th, 2009 By Karl L. Gechlik

There are times that you want to show your PowerPoint presentation to someone quickly and easily. The best way to achieve this is to convert your Powerpoint file into a video file.

With that video file you can post it to YouTube, send it along to another user via email or post it on your blog as a tutorial.

What ever you are going to do with the finished product this free 6.6mb application will make your life MUCH MUCH easier!

To start you need to download and install this application from here.



Amusing (I'll probably waste too much time with this...)

http://www.makeuseof.com/dir/marinetraffic-cargo-ship-tracking/

MarineTraffic: Real Time Yacht, Cruise & Cargo Ship Tracking

MarineTraffic is a cool Google Map mash up that provides you with real time ship tracking. It shows live information about ship movements throughout the world. You can search by ship name or zoom into map to view ships in particular area.

www.marinetraffic.com

Similar: www.sailwx.info

Friday, August 07, 2009

Clueless? This is probably exactly what it seems. They tossed out the data without realizing it. Interesting that a major player keeps old data they care so little about and has no procedure for controlling it.

http://www.databreaches.net/?p=6589

MUFJ Nicos loses data on credit card customers

August 7, 2009 by admin Filed under Breach Incidents, Exposure, Financial Sector, Of Note

Credit card company Mitsubishi UFJ Nicos Co. said Thursday that it has lost key information on about 197,000 customers but that the data are unlikely to be leaked to unauthorized sources or abused in electronic transactions.

[...]

Mitsubishi UFJ Nicos said an internal investigation revealed the company may have mistakenly discarded the data, which were compiled between 1993 and 2001 and include the names, addresses and bank account numbers of current and former Nicos and UFJ card customers.

The lost data, however, do not include their personal identification numbers, the company said.

Since the data were stored in a film that requires a special reading device to use, [Microfilm Bob] it is unlikely they will be leaked and no inquiries about the matter have been received, the company said.

Read more on Japan Times.



http://www.databreaches.net/?p=6595

Data security breach notification law update

August 7, 2009 by admin Filed under Breach Laws, Federal, Legislation, State/Local

Hunton & Williams provide a nice roundup of data breach notification law changes during the month of July.

  • On July 1, breach notification laws in Alaska and South Carolina went into effect.

  • On July 9, Missouri became the 45th state to enact a data breach notification law.

  • On July 22, Senator Patrick Leahy reintroduced a comprehensive federal data security bill calling it one of his “highest legislative priorities.”

  • On July 27, North Carolina amended its breach notification law to require notification of the state attorney general any time consumers are notified of a breach involving their personal information. The amendment also included content requirements for the attorney general’s notice.

Read their review on Privacy and Information Security Law Blog.



Isn't 'making a profit' legitimate? If you have to pay to see the data, is it on 'public display?'

http://www.pogowasright.org/?p=2614

Lawsuit claims legal publisher violated privacy

August 7, 2009 by Dissent Filed under Businesses, Court

West Publishing disclosed and tried to sell millions of drivers’ personal information on one of its Web sites, according to a federal class action. The class claims the Minnesota-based legal publishing giant violated their privacy by posting their names, addresses, VIN numbers, vehicle descriptions and license plate numbers on the Internet for “commercial purposes and profit.”

West published a searchable online database of “highly restricted” personal information of millions of drivers from 28 states and the District of Columbia, according to the complaint.

Read more on Courthouse News. Related: Complaint (pdf)

[From the article:

West got the motor vehicle records by claiming the information would be used for "legitimate purposes," not for public display, the complaint states.



How to bring down a financial institution: Cooking the books now includes modifying information provided by “independent” outsiders. OR replacing it with data belonging to someone else..

http://www.databreaches.net/?p=6583

AU Storm clients outraged over doctored files

August 6, 2009 by admin Filed under Breach Incidents, Financial Sector

Clients of Storm Financial (Storm) have claimed they received copies of strangers’ files instead of their own when they applied to Colonial Geared Investments (CGI) for their loan documents in the months after the advice firm’s collapse.

In a submission to the Parliamentary Joint Committee on Corporations and Financial Services inquiry into financial products and services in Australia, the Storm Investors Consumer Action Group (SICAG) said many clients formerly applied to CGI, the margin lending division of the Commonwealth Bank of Australia (CBA), after file doctoring murmurs filtered through the industry.

Read more on Investor Daily.

[From the article:

"Loan applications were routinely massaged to ensure the loans met the banks' approval criteria. SICAG members who have successfully retrieved their loan documents - many of which contain blacked-out sections - have been shocked and alarmed to find serious errors relating to the stated annual income and in many cases personal data," it said.

"It should be pointed out in this context that dozens of SICAG members, after formally applying for the return of their loan documents from Colonial, received documents relating to complete strangers. This is a clear and blatant breach of privacy that upset SICAG members at a time when they were at their most vulnerable."



It's a shame they can't e-mail the data to the government every day. Letting them 'capture, store, organize and retrieve' the data should ensure privacy (as in the data is inaccessible) until some teenager hacks the system

http://www.pogowasright.org/?p=2618

Complying with the EU Data Retention Directive: Security

August 7, 2009 by Dissent Filed under Internet, Non-U.S.

Back in April of this year the UK Home Office announced that all ISPs must retain their internet-related communication data for law enforcement authorities (LEAs) to gain access to the information that would help with a criminal investigation. The law, based on the European Union Data Retention Directive (EU DRD) requires ISPs to retain the data for at least six months, but for no longer than two years.

[...]

A typical ISP can expect to retain between 1 and 100 billion transaction records, and even a small provider with a 100,000 subscriber base can expect to retain around 2 billion records, which could put a significant strain on its IT resources. ISPs have just 18 months to ensure they are up to speed with the directive and between now and then there are a number of issues they need to address to ensure they observe the ruling in the smoothest and most cost-effective way possible, whilst taking into account all the security considerations that must be applied in their response.

Read more on Help Net.

[From the article:

For both parts of the directive, it is not the content of the communication that is stored, but information about the communication that can identify the sender and recipient with the time and the means of communication by using information such as the IP sessions, FTP sessions, SMTP email transactions, POP and IMAP sessions, web proxy logs, radius logs and CRM history information.



Probably not really an attempt to create an “enemies list.” It just has that effect.

http://www.pogowasright.org/?p=2604

WH healthcare campaign raises data privacy worries

August 6, 2009 by Dissent Filed under Featured Headlines, Govt

The White House raised the spectre of “Big Brother” this week after a blog entry asked supporters to report “fishy” information they receive regarding the debate on healthcare reform by forwarding emails to flag@whitehouse.gov:

There is a lot of disinformation about health insurance reform out there, spanning from control of personal finances to end of life care. These rumors often travel just below the surface via chain emails or through casual conversation. Since we can’t keep track of all of them here at the White House, we’re asking for your help. If you get an email or see something on the web about health insurance reform that seems fishy, send it to flag@whitehouse.gov.

Senator John Cornyn (R-TX) responded with a letter to the President. The text of Senator Cornyn’s letter to President Obama:

Dear President Obama,

I write to express my concern about a new White House program to monitor American citizens’ speech opposing your health care policies, and to seek your assurances that this program is being carried out in a manner consistent with the First Amendment and America’s tradition of free speech and public discourse.

[Stuff omitted Bob]

While the politics are both sides are fairly evident, it is worth noting that as Tony Bradley points out, the White House does preserve all correspondence it receives, so that if an email you wrote to your friend got forwarded to the White House by a third party, your email would be documented in the National Archives. Some people might not be concerned about that, but having your email archived without your knowledge or consent is a privacy issue for others.



This could be an interesting document. And the basis for interesting papers in Security, Law, and Hacking.

http://www.pogowasright.org/?p=2609

ICO: Putting a value on privacy protection

August 7, 2009 by Dissent Filed under Businesses, Non-U.S.

The Information Commissioner’s Office (ICO) has appointed Watson Hall Ltd and John Leach Information Security Ltd (JLIS Ltd) to undertake a three-month research project with the aim of producing a comprehensive business case for investing in proactive privacy protection.

The research project - The business case for investing in proactive privacy protection - will explore methods involved in implementing business processes, procuring information systems and detail the role and value of personal information for organisations that handle it. Organisations in both the public and private sector will be included.

Jonathan Bamford, Assistant Commissioner at the ICO, said: “The consultants will bring together a wide range of views by conducting interviews and inviting comments on a discussion document. Data protection needs to be taken as seriously as health and safety at all levels in an organisation. Putting a value on privacy protection and investing resources in it is crucial to help ensure that effective safeguards are in place. The consultants want input from a range of organisations that collect and process personal information to help ensure that the end product is as relevant and useful in practice as possible.”

The discussion document will be available on Friday 14 August 2009 at http://watsonhall.com/privacy.protection and participants are invited to send their responses by 1 September 2009.

Source: Information Commissioner’s Office



Coincidence?

http://news.digitaltrends.com/news-article/20582/bing-and-rogue-pharmacy-ads

Bing And Rogue Pharmacy Ads?

August 07, 2009 by Christopher Nickson

A new study says that most of the sponsored pharmaceutical ads on Bing lead to pharmacies that don't require prescriptions.

Is Bing helping the rogue pharmacy trade?

That's the assertion implicit in a new report by anti-spammers KnujOn and online verification firm LegitScript, which claims that 90% of the sponsored pharmaceutical ads on the recently renamed search engine "led to 'rogue' internet pharmacies that do not require a prescription for prescription drugs, or are otherwise acting unlawfully or fraudulently."

It report claims that some of these pharmacies are outlets for Russian organized crime, and that while some ads appear to be for legitimate US outlets, the click-through takes users to illegal sites.

Microsoft has offered no comment on the matter.



I hack, therefore I am! Proof of concept (hackers bragging) or weapons test (China or North Korea getting ready to unleash Cyber-geddon.)

http://tech.slashdot.org/story/09/08/06/1524213/Twitter-Offline-Due-To-DDoS?from=rss

Twitter Offline Due To DDoS

Posted by CmdrTaco on Thursday August 06, @11:32AM from the hate-when-that-happens dept.

The elusive Precision dropped a submission in my lap about a DDoS taking down Twitter running on CNet. It's been down for several hours, no doubt wreaking havoc on the latest hawtness in social networking. Won't someone please think of the tweeters? Word is that both Facebook & LiveJournal have been having problems this AM as well.



Interesting. How will they word my warranty? “We'll sell you this here iThingie, but don't act like you own it buddy. You can't modify it in any way, ever. You can't take it to New Jersey because it's too humid there. And you can't take it when you fly because they might X-ray it. And you can't transport it in a car or bicycle or by carrying it around, it's too bumpy. In fact, you should probably leave in in the shipping foam and simply admire it.”

http://apple.slashdot.org/story/09/08/06/1733253/Apple-Working-On-Tech-To-Detect-Purchasers-Abuse?from=rss

Apple Working On Tech To Detect Purchasers' "Abuse"

Posted by timothy on Thursday August 06, @02:30PM from the if-not-expressly-allowed-then-goto-prohibited dept. appletechnology hardhack patents

Toe, The writes

"Apple has submitted a patent application for technologies which would detect device-abuse by consumers. The intent presumably being to aid in determining the validity of warranty claims. 'Consumer abuse events' would be recorded by liquid and thermal sensors detecting extreme environmental exposures, a shock sensor detecting drops or other impacts, and a continuity sensor to detect jailbreaking or other tampering. The article also notes that liquid submersion detectors are already deployed in MacBook Pros, iPhones and iPods. It does seem reasonable that a corporation would wish to protect itself from fraudulent warranty claims; however the idea of sensors inside your portable devices detecting what you do with them might raise eyebrows even beyond the tinfoil-hat community."



Another strange patent. What is the test? (Do they still test?)

http://yro.slashdot.org/story/09/08/06/2322209/Microsoft-Patents-XML-Word-Processing-Documents?from=rss

Microsoft Patents XML Word Processing Documents

Posted by timothy on Thursday August 06, @07:37PM from the no-problems-there-nothing-to-worry-about dept.

theodp writes

"Embrace. Extend. Patent. On Tuesday, Microsoft was granted US Patent No. 7,571,169 for its 'invention' of the Word-processing document stored in a single XML file that may be manipulated by applications that understand XML. Presumably developers are protected by Microsoft's 'covenant not to sue,' so the biggest question raised by this patent is: How in the world was it granted in light of the 40-year history of document markup languages? Next thing you know, the USPTO will give Microsoft a patent for Providing Emergency Data in XML format. Oops, too late."



Sure I wrote “delete all data” but I didn't do it “knowingly” (Would this apply to malware?)

http://news.slashdot.org/story/09/08/06/197253/Examining-Software-Liability-In-the-Open-Source-Community?from=rss

Examining Software Liability In the Open Source Community

Posted by timothy on Thursday August 06, @03:21PM from the three-letters-starting-f-u-d dept.

court programming money gnu

snydeq writes

"Guidelines from the American Law Institute that seek to hold vendors liable for 'knowingly' shipping buggy software could have dramatic impact on the open source community, as vague language around a 'free software' exemption could put open source developers at litigation risk. Meant to protect open source developers, the 'free software' exemption does not take into account the myriad ways in which vendors receive revenue from software products, according to a joint letter drafted by Microsoft and the Linux Foundation. As such, the guidelines — which, although not binding, are likely to prove influential on future lawsuits, according to attorneys on both sides of the issue — call into question the notion of liability in the open source community, where any number of coders may be responsible for any given defect."



Now I'm depressed. If even the porn industry is depressed, what hope for Wall Street? Note that being an early adopter in technology does not translate to innovation in business models. (Good to see that Forbes is watching porn closely...)

http://www.forbes.com/2009/08/04/digital-playground-video-technology-e-gang-09-ali-joone.html

The Challenge Of User-Generated Porn

Oliver J. Chiang, 08.05.09, 06:00 PM EDT

YouTube-like pornography sites have YouTube-like profit problems.

BURLINGAME, Calif. -- You would think that if anyone were making boatloads of money from Internet video, it would be high-traffic porn sites. You would be wrong.

"Tube sites"--adult content Web sites that mimic YouTube in hosting everything from professionally made videos to user-generated clips--have quickly risen in popularity since they came onto the scene a few years ago, and rank among the highest traffic-getters globally. Some, like Youporn and Pornhub, attract more views than the Web sites of The New York Times or Apple. But like YouTube and other video-sharing sites, tube porn sites have struggled with profitability and piracy.

… Five tube sites--including Youporn, Pornhub and RedTube--are among the top 100 Web sites in the world, according to web analytics service Alexa.com.

… Hirsch was contacted by someone who said he was a founder of Youporn and was interested in selling the site to Vivid. At the time, it was only pulling in $120,000 a month from ads.

"Bottom line: We didn't want that business," Hirsch says. "They were hardly generating any money back then. Now, I still wouldn't bet that they are as profitable as one might think."

… But increasing the percentage of viewers moving from free to pay won't be easy. Hirsch estimates that the ratios of users willing to pay for content who type in "Vivid.com" are between 1 in 200 and 1 in 400, while those for users on tube sites were somewhere around 1 in 8,000 to 1 in 10,000.

… Digital Millennium Copyright Act takedown notices are the current recourse for studios that find their copyrighted content on sites where they shouldn't be. Vivid has two full-time employees dedicated to scouring the Internet for pirated material, and says it sends some 700 DMCA notices out per month. [THAT'S why Congress passed that law. I had wondered... Bob]



Interesting concept, not the best presentation I could imagine.

http://memetracker.org/index.html

MemeTracker

MemeTracker builds maps of the daily news cycle by analyzing around 900,000 news stories and blog posts per day from 1 million online sources, ranging from mass media to personal blogs.



I think this could be useful. How do students see a topic? (also useful for lazy students looking for an essay to hand in?)

http://www.makeuseof.com/dir/peerpaperscom-student-university-essay/

AllFreeEssays: Free Database Of Student Essays, Papers & Reports

AllFreeEssays is a free user shared database of more than 50,000 student university essays, term papers and reports. You can browse essays by categories, search with keywords and click to read a brief summary. To get full access to essays, you have to sign up on the site and submit (donate) one essay of your own to share with other users like you.

www.allfreeessays.com



For those of us who can't shut up? Emulating boring television online? A toy for Oprah wanna bes?

http://www.makeuseof.com/tag/how-to-host-your-own-talk-show-online/

How to Host Your Own Talk Show Online

Aug. 6th, 2009 By David Pierce

… But how do you get a talk show? And how do you use it to make millions of dollars? Well, I can’t help with the second part (let me know if you figure it out), but I can help with the first. It’s called BlogTalkRadio, and is a fantastic Web app for becoming the host of your very own Internet talk show.

BlogTalkRadio is really two things: it’s a place to find talk and radio shows (sort of like a podcast library, really), as well as a way to create your own show. There’s tons of great stuff on BTR, but for now, we’ll just stick with creating your own show.

Thursday, August 06, 2009

Seems like they don't pay on a 'per victim' basis. Shouldn't they?

http://www.databreaches.net/?p=6577

Heartland says breach has cost $32 million so far

August 6, 2009 by admin Filed under Financial Sector, Of Note

Heartland Payment Systems on Tuesday (Aug. 4) said it spent $32 million this year paying for costs related to the major data breach it disclosed in January, including $22.1 million to cover fines from key payment card brands and a settlement offer. Heartland did not say how the $22.1 million was split between the fines and the settlement offer, but it did provide clues.

For example, the breach costs of just the second quarter came to $19.4 million and it said that the “majority” of those costs was for the settlement offer, suggesting that the settlement was more than $9.7 million. Legal fees make that precise calculation tricky as well as the lack of a percentage of that majority. “The remainder of the expenses and accruals related to the Processing System Intrusion recorded in the three and six months ended June 30, 2009 were primarily for legal fees and costs the Company incurred for investigations, remedial actions and crisis management services,” Heartland said.

Read more on StorefrontBacktalk.



It's not Identity Theft. It's Inappropriate Branding (in the cattle rustler sense) No doubt a number of scams will arise from this. “We can clear your pedophile record for $29.95!” “We can help you get even with that neighbor you don't like!”

You can trust us to protect your personally identifiable information. Act I

http://www.pogowasright.org/?p=2578

Paedophile database ‘will catch people unnecessarily’

August 6, 2009 by Dissent Filed under Breaches, Govt, Non-U.S., Surveillance, Workplace

The Government’s new database of paedophiles must be reviewed because some people will be caught up in it unnecessarily, according to Sir Michael Bichard.

[...]

His comments come as it was disclosed that the controversial database has suffered a security breach even before its official launch.

A message containing confidential data was sent to the wrong email address by a worker at the Independent Safeguarding Authority.

Its annual report also discloses that “information risks” and “weaknesses” have been discovered in the organisation, which is being set up to check the backgrounds of more than 11million people who want to work with children and vulnerable adults.

It comes just days after The Daily Telegraph disclosed that the Criminal Records Bureau, from which the ISA will take most of its data, had made 1,570 errors over the past year, in many cases wrongly branding innocent people as criminals. [Statistically, a small error rate time a large volume equals “a whole bunch of errors” (statistical term) Bob]

Read more in The Telegraph.

[From the article:

In an interview with The Independent, Sir Michael said the idea that people like actors, authors or entertainers, who only occasionally visit a school, should register with the scheme should be reconsidered. [Offer your services, get entered in the database? Bob]

… "The ISA is founded on a suspicion of absolutely everyone, and a blind faith in bureaucrats: these errors show that this faith is misplaced."


(Related) You can trust us to protect your personally identifiable information. Act II (and you can write anything you want on the cloned card...)

http://www.pogowasright.org/?p=2590

UK national ID card cloned in 12 minutes

August 6, 2009 by Dissent Filed under Breaches, Featured Headlines, Non-U.S., Surveillance

The prospective national ID card was broken and cloned in 12 minutes, the Daily Mail revealed this morning.

The newspaper hired computer expert Adam Laurie to test the security that protects the information embedded in the chip on the card.

Using a Nokia mobile phone and a laptop computer, Laurie was able to copy the data on a card that is being issued to foreign nationals in minutes.

Read more in Computer Weekly.

[From the article:

According to the paper, Home Office officials said the foreign nationals card uses the same technology as the UK citizens card that will be issued from 2012.

Guy Herbert, general secretary of privacy lobby group NO2ID, said it was a mistake to assume that the Home Office cared about the card, or identity theft or citizens' benefit.

He said the Home Office wanted the central database to record citizens' personal details in one place for official convenience.


(Related) You can trust us to protect your personally identifiable information. Act III

http://www.pogowasright.org/?p=2599

Passwords stolen for tax returns

August 6, 2009 by Dissent Filed under Breaches, Non-U.S.

Gangs are stealing taxpayers’ passwords and submitting claims for tax refunds to be paid to them, HM Revenue and Customs has warned.

A series of attempted fraudulent claims through the self-assessment repayments system has been discovered.

No figures have been released outlining the extent of the fraud, but a HMRC spokesman said this was a new method of trying to extract money.

Read more on BBC. Thanks to Brian Honan for this link.

[From the article:

When people apply to use the system they are sent a password through the mail which is then used when the taxpayer logs onto the HMRC website over the following 30 days.

However, fraudsters have been getting hold of these passwords and other personal details. This could have been by stealing the mail, tricking people out of the details or even finding the letters discarded in bins.



How would you do it?

http://www.pogowasright.org/?p=2585

Regulators rethink approach to online privacy

August 6, 2009 by Dissent Filed under Govt, Internet

Regulators are rethinking their approach to online privacy and security, asking academics, public interest groups and industry to suggest ways to overhaul rules to better protect consumers.

As part of the review, David Vladeck, the Federal Trade Commission’s new head of consumer protection, is considering whether to throw out current privacy protections that revolve around lengthy disclosure statements that consumers rarely read. What’s unclear is what the FTC would propose instead.

Read more in The Wall Street Journal.

[From the article:

Beginning next year, participating Web sites will have a clickable icon that will show what data are being collected about a consumer, and who will be allowed to use that data, according to the new guidelines.

Participating Web sites will also be required to provide consumers with the choice of opting out of having their information collected and used for "behavioral targeting," or steering specific ads toward individual consumers.


(Related) Privacy is becoming visible?

http://www.pogowasright.org/?p=2574

YouTube clarifies ban on privacy invasions

August 6, 2009 by Dissent Filed under Businesses, Internet

YouTube has … increased the range of activities that are barred to include, amongst other things, invasions of privacy.

“If a video you’ve recorded features people who are readily identifiable and who haven’t consented to being filmed, there’s a chance they’ll file a privacy complaint seeking its removal,” say its new guidelines. “Don’t post other people’s personal information, including phone numbers, addresses, credit card numbers, and government IDs. We’re serious about keeping our users safe and suspend accounts that violate people’s privacy.”

Read more on Out-Law.com

[From the article:

Those guidelines banned videos containing sex or nudity; hate speech; shocking or disgusting content; dangerous or illegal acts; copyright violations or inappropriate material involving children.

The company has now increased the range of activities that are barred to include, amongst other things, invasions of privacy. [Privacy is never the first thing provider think of. Is that because other areas make for easier lawsuits? Bob]

See: The guidelines (viewable when user setting is set to 'worldwide')



Interesting statistical

http://www.techcrunch.com/2009/08/05/ec-13-of-europeans-have-never-used-the-web/

EC: 1/3 Of Europeans Have Never Used The Web

by Robin Wauters on August 5, 2009

Close to half of Europeans use the internet every day but one third have never used the web, according to a new report (PDF) published by the European Commission.

… Half of all households and more than 80 percent of businesses had a broadband connection last year and with 114 million subscribers the EU is in fact the largest world market for fixed broadband access.



A quick reference for my forensic students

http://www.pogowasright.org/?p=2565

CDT report on privacy controls for browsers

August 5, 2009 by Dissent Filed under Internet

From CDT.org:

CDT today released an update to the browser report it issued in October of 2008. The report includes updated information about privacy tools available in five Web Browsers: Firefox 3.5, Internet Explorer 8, Google Chrome, Safari 4, and Opera 10. The report compares browser offerings in three key areas: privacy mode, cookie controls and object controls. Each of those, when used correctly, can greatly reduce the amount of personal information users transmit online.

Browser Privacy Features Report, Version 2.0 [PDF], August 05, 2009:

http://www.cdt.org/privacy/20090804_browser_rpt_update.pdf


(Related) For my Security students it's “know and avoid” for my Forensic students it's “a roadmap”

http://www.pogowasright.org/?p=2570

Who knows where you are, and why?

August 5, 2009 by Dissent Filed under Featured Headlines, Surveillance

In a report released today, the Electronic Frontier Foundation (EFF) documents how your location information is collected by various popular electronic devices and services, and argues for concrete technological solutions that would allow you to enjoy these systems’ benefits without sacrificing your privacy in your everyday life.

“There are nifty new location-based technologies like electronic road-toll tags and cell-phone apps that alert you when your friends are nearby — but these systems often create and store records of your movements,” said EFF Staff Technologist Peter Eckersley, one of the co-writers of the white paper. “This could make it possible for others to know when you visited a health clinic, what church or bar you spend time in, or who you go to lunch with. It is essential that privacy-protecting algorithms are built into these devices and services, so we can enjoy their convenience without making our private lives into open books.”

For the full white paper “On Locational Privacy, and How to Avoid Losing it Forever”:

http://www.eff.org/wp/locational-privacy

To read EFF’s full press release: http://www.eff.org/press/archives/2009/08/05



Think of the SCO saga as a guidebook for delaying the inevitable.

http://yro.slashdot.org/story/09/08/05/2229245/Chapter-11-Trustee-Appointed-For-SCO?from=rss

Chapter 11 Trustee Appointed For SCO

Posted by timothy on Wednesday August 05, @06:46PM from the why-not-a-trusty-instead dept. court caldera

I Don't Believe in Imaginary Property writes

"The judge overseeing the SCO Chapter 11 bankruptcy case has issued an order appointing a chapter 11 trustee to oversee SCO's operations. However, the judge's reasoning is far from clear. While the judge believes that SCO has 'abandoned rehabilitation' to bet its future on litigation, he doesn't think it appropriate to convert their case to Chapter 7 liquidation. So SCO's management hasn't been fired yet, but they're no longer fully in charge either. It's not clear why the bankruptcy judge opted for this solution, when even the US Trustee was pushing to fire SCO's management and convert the case to Chapter 7. In short, SCO is still only mostly dead, rather than all dead, and in desperate search of a miracle worker."



It's not just lawyers who will find these useful.

http://www.bespacific.com/mt/archives/021983.html

August 05, 2009

New on LLRX.com: Law Practice Technology Information Sources and Tools

Law Practice Technology Information Sources and Tools - Ken Strutin identifies core sources to learn about new technologies that apply to legal research and law practice. In addition, he has identified specific tools that will contribute to managing research, communication and information-based tasks.



Tools & Techniques Oh too bad, it's broken. Can I have it?

http://www.makeuseof.com/tag/how-to-make-corrupt-usb-jump-drives-work/

How To Make Corrupt USB Jump Drives Work Again

Aug. 5th, 2009 By Guy McDowell



So my websire students can make their sites reeeeely annoying.

http://www.makeuseof.com/dir/soundbible-wav-sounds-free-to-download/

SoundBible: Collection of Mp3 & Wav sounds, free to download

www.soundbible.com

Similar websites: SoundJay, FindSounds, Soungle and SoundSnap.



Something for my fellow teachers since we probably have the information on our thumb drives anyway. (I don't find many sites for them)

http://www.makeuseof.com/dir/knowledge-genie-publish-your-knowledge-profit-from-what-you-know/

Knowledge Genie: Publish Your Knowledge & Profit From What You Know

Knowledge Genie is an online publishing platform which lets you organize your knowledge of a certain topic into a dedicated learning portal (Genie) and share it with other people. For each different topic you can create a separate Genie. It doesn’t require technical skills and takes care of the process of building and centralizing the information, sharing it online, building user community and charging for access.

… They offer a free account, which lets you create 1 Genie, store up 15 MB of content and unlimited users. Paid account accounts starting from 24$/month let you build more Genies, more storage and Google/PayPal resale options.

www.myknowledgegenie.com

Wednesday, August 05, 2009

New trend? Eliminate internal competition? When you are on company time and using company equipment, sure. But at home on your own computer?

http://news.cnet.com/8301-1023_3-10303457-93.html?part=rss&subj=news&tag=2547-1_3-0-5

Some tweets now of out bounds at ESPN

by Steven Musil August 4, 2009 11:50 PM PDT

… The sports network has apparently banned its workforce from posting any sports-related content on social-networking tools such as Twitter and Facebook without its permission. The news first came to light Tuesday when Ric Bucher, an NBA analyst for ESPN, tweeted that he had just received an network memo regarding tweeting:

The hammer just came down, tweeps: ESPN memo prohibiting tweeting info unless it serves ESPN.

… According to a purported copy of the memo posted on the sports blog The Big Lead, Bucher may just be violating the new policy (one point begins "Avoid discussing internal policies...").

In the memo, ESPN tells employees that is "currently building and testing modules designed to publish Twitter and Facebook entries simultaneously" on ESPN Web sites and mobile platforms, and it plans to roll out the modules this fall.


(Related) Concerns about external competition.

http://news.cnet.com/8301-17852_3-10302980-71.html?part=rss&subj=news&tag=2547-1_3-0-5

Marines, NFL in assault on Twitter, Facebook?

by Chris Matyszczyk August 4, 2009 1:13 PM PDT

… Let's start with the Marines. According to CNN, a Marine Corps order has made the Corps' feelings known with characteristic subtlety: "These Internet sites in general are a proven haven for malicious actors and content and are particularly high risk due to information exposure, user-generated content, and targeting by adversaries."

… Which leads us to the pioneers, at the NFL. The New York Times informs us that certain NFL teams appear to be chop-blocking social networking square in the back of the knees.

At the beginning of training camp, Green Bay Packers players were apparently told that they would be fined $1,701 (the NFL maximum) for texting or tweeting during a team function.



Hey, I went to law school and everything. What's wrong with that judge? Wait, who did his taxes? Is he an illegal alien?

http://www.pogowasright.org/?p=2548

Prosecutor denies violating rights in ID probe

August 4, 2009 by Dissent Filed under Breaches, Court, Govt, U.S.

Colorado authorities say they did not violate anyone’s privacy rights when they seized thousands of tax documents to investigate undocumented immigrants for identity theft.

In a late Monday filing, Weld County District Attorney Ken Buck and Sheriff John Cook also said a judge erred in halting the probe.

Read more from the Associated Press via SunNews.com

[From the article:

Weld County argued in its appeal it was impossible to identify individual suspects in the search warrant because the case centered on identity theft. [So we grabbed everyone's tax return. If you're innocent, you have nothing to worry about. Bob]



The closest pre-Internet parallel would have been a fire/flood/other natural disaster, but it would not have global impact.

http://news.digitaltrends.com/news-article/20563/paypal-suffers-global-outage

PayPal Suffers Global Outage

August 05, 2009 by Christopher Nickson

Online payment service PayPal suffered a global outage on Monday that took it offline for a few hours.

PayPal processes around $2,000 per second in payments, meaning that the outage, which lasted at least two hours, took over $14 million out of the system, at least for a while.



Saving California! In one swell foop, this decision reduces the cost of housing prisoners and stimulates the (underground) economy! They could save even more by letting them all go!

http://www.bespacific.com/mt/archives/021971.html

August 04, 2009

FindLaw: Judges Order California to Reduce State Prisoner Population

Joel Zand, FindLaw: "A panel of three federal judges ordered the State of California to reduce its inmate population because of prison overcrowding, resulting in the release of approximately 43,000 prisoners during the next two years so that the state's prisons can operate at 137.5% of their design capacity. In a 184-page opinion, the panel ordered California to provide an inmate reduction plan within 45 days to carry out the court's directive "in no more than two years."



Interesting. Seems to support the open/free professional journal concept.

http://www.bespacific.com/mt/archives/021970.html

August 04, 2009

Ensuring the Integrity, Accessibility, and Stewardship of Research Data in the Digital Age

Ensuring the Integrity, Accessibility, and Stewardship of Research Data in the Digital Age, Committee on Ensuring the Utility and Integrity of Research Data in a Digital Age; National Academy of Sciences

  • "As digital technologies are expanding the power and reach of research, they are also raising complex issues. These include complications in ensuring the validity of research data; standards that do not keep pace with the high rate of innovation; restrictions on data sharing that reduce the ability of researchers to verify results and build on previous research; and huge increases in the amount of data being generated, creating severe challenges in preserving that data for long-term use. Ensuring the Integrity, Accessibility, and Stewardship of Research Data in the Digital Age examines the consequences of the changes affecting research data with respect to three issues - integrity, accessibility, and stewardship-and finds a need for a new approach to the design and the management of research projects. The report recommends that all researchers receive appropriate training in the management of research data, and calls on researchers to make all research data, methods, and other information underlying results publicly accessible in a timely manner. The book also sees the stewardship of research data as a critical long-term task for the research enterprise and its stakeholders. Individual researchers, research institutions, research sponsors, professional societies, and journals involved in scientific, engineering, and medical research will find this book an essential guide to the principles affecting research data in the digital age.



For my (Canadian?) Computer Security students (Imagine being a hacker with a badge...)

http://www.pogowasright.org/?p=2544

Job opening for tech geek with privacy chops

August 4, 2009 by Dissent Filed under Featured Headlines, Non-U.S.

Must love geese? Here’s a job opening from the Office of the Privacy Commissioner of Canada that could be right up some reader’s alley:

We’re looking for an Information Technology Research Analyst – and the competition is open to the public. You can find a detailed list of requirements at jobs.gc.ca, but we can boil it down to these three basic requirements:

  • a university degree in computer science or information technology (or a suitable combination of education and experience, for all you hacker dropouts)

  • an overwhelming interest in emerging technologies and an impulse to tear them apart

  • an ability to analyze the pieces piled up before you and explain their importance to non-technical people.

It would help if you were obsessive about a technology in particular, like video surveillance, RFID and locational technology, information security, the convergence of surveillance systems and biometrics, or mobile technology, but it’s not mandatory.

The position is based in Ottawa, and it’s full time. Cubicles are involved. We can understand if you bring a moderate amount of cynicism about bureaucratic processes and unnecessary hierarchies to the job – although we think you’ll find our Office less burdensome than most federal or provincial agencies.



Global Warming! Global Warming!

http://www.wired.com/wiredscience/2009/08/newbloom/

Satellite Data Could Overturn Plankton Bloom Hypothesis

By Alexis Madrigal Email Author August 4, 2009 2:01 pm

Every year, the north Atlantic ocean turns green with plankton, and for more than fifty years, scientists thought they knew why. Now, a decade’s worth of satellite measurements suggest they were wrong.

The common-sense idea that in the spring, the sun warms up the water column until it hits a key threshold and suddenly comes alive was formalized in 1953 by Norwegian oceanographer Harald Sverdrup. But the true beginning of the plankton blooms probably begins in the dark of winter.

We found that the north Atlantic bloom was starting much earlier than we thought and it didn’t coincide with an improvement in the growth conditions from the phytoplankton,” Michael Behrenfeld, an phytoplankton ecologist at Oregon State University. “It started in January.”

Plankton blooms are a hot topic in the earth sciences because they are one determinant of how big a carbon reservoir the oceans can be. That’s important for climate science generally, and for would-be geoengineers specifically. A new fundamental understanding of plankton blooms could change the way we model our climate now and long into the future.



Too girly? I suspect this is a gold mine waiting to be exploited. An example for the e-commerce class.

http://www.killerstartups.com/Web-App-Tools/invity-com-create-a-wedding-website-of-your-own

Invity.com - Create A Wedding Website Of Your Own

http://www.invity.com/

An Indian startup, this will let any couple who is about to tie the knot publish an online wedding invitation. Invity, then, is an e-invitation platform that makes for announcing wedding plans and it also enables users to share media as regards the big event itself.

On the site, the couple can include detailed description about the upcoming ceremony and share it with those they want, be it their families or their circle of friends. The site can likewise be employed by the couple to tell the story of how they met, how they are “made for each” other and let everybody know about their conviction that they are going to last forever.



Retro cute (but a bit pricy) Perhaps we could go Older School and deliver scrolls?

http://www.makeuseof.com/dir/telegramstop-send-telegrams/

TelegramStop: Send Telegrams From The Web

TelegramStop is a unique website which, as the name suggests lets you send telegrams. Yes, telegrams. Remember those good old days when you would walk to the post office just to send a few lines of message. This tool can bring those memories back.

The idea is simple. Enter a few lines of message, preview your telegram, make the payment and they take care of the rest. There is flat fee of $4.70 per telegram irrespective of your location and where you are sending the telegram. You can save on bulk orders though. Payments can be made through Paypal.

http://www.telegramstop.com/Home.mvc.aspx

Tuesday, August 04, 2009

Today's theme seems to be the protection of large, sensitive database information and the creation of a couple of new (to me) legal concepts...



Think of this as a database for potential employees. Fortunately, this would never happen in the US, our security is foolproof!

http://www.databreaches.net/?p=6541

Secret’ Swedish police data sold by criminals

August 4, 2009 by admin Filed under Breach Incidents, Breach Types, Financial Sector, Government Sector, Non-U.S., Of Note

Supposedly secret police lists containing details about Sweden’s most dangerous criminals are up for sale across the country among members of the Swedish underworld. The documents have apparently been leaked from the Stockholm police’s Criminal Investigation Department.

The lists, known as the Alcatraz List and Nova List, contain a wide-range of information about Sweden’s toughest criminals, there associations to one another, as well a details about their relationships with family members, acquaintances, and girlfriends.

[...]

Linderoth confirmed that information from the lists is being sold to criminal across the country. She said that the lists came out as a result of criminal activity and that no police officers are suspected of being invovled. [If true, it must be a master hacker! Bob]

Nor does she believe the disclosure has damaged the police’s work. [Oh? Bob]

“It’s not good, but it’s a living document and now that we know about it can we restructure things,” she told DN.

Read more on The Local (Sweden).


(Related) Of course, there is always a bigger fool...

http://www.databreaches.net/?p=6533

Police files found in dumpster

August 3, 2009 by admin Filed under Breach Incidents, Breach Types, Exposure, Government Sector, Paper

Hundreds, perhaps thousands of personal files from the Scranton Police Department were found unshredded in a dumpster, according to a news story on WNEP.

“One or more files that should have been shred were thrown into the dumpster,” said Scranton Director of Public Safety Ray Hayes. He admitted that a mistake was made.

Newswatch 16 found names, addresses, social security numbers, even what appeared to be an old evidence bag of marijuana; all things that could potentially end up in the wrong hands.

[...]

Director Hayes added that not all of the files in the dumpster were confidential. He said many of those files are already a matter of public record.


(Related) At least one state used inmates to enter personnel data into a computer system.

http://www.databreaches.net/?p=6557

NH inmate had corrections officers’ data

August 4, 2009 by admin Filed under Exposure, Government Sector, Non-U.S., Paper

The Associated Press reports that a New Hampshire State Prison inmate was found in possession of a list containing details — including social security numbers — of Corrections Department workers. Officials believe that the inmate might have obtained the list when he worked at a warehouse, where a copy of the list was waiting to be shredded. [I read this as another case of using inmate labor in highly sensitive areas without adequate supervision. Bob]


(Related) Of course, some states make sensitive data available for sale..

http://www.pogowasright.org/?p=2532

Sale of DMV Data Could Bankrupt Missouri

August 4, 2009 by Dissent Filed under Breaches, Businesses, Court, Featured Headlines, Govt, U.S.

Two related federal class actions have the potential to bankrupt the state. The plaintiffs claim that the Source for Public Data and Chexsystems Collection Agency illegally obtained a database from the Missouri Department of Motor Vehicles, with confidential information about Missouri drivers….. The classes claim the companies violated the Federal Driver’s Privacy Protection Act by selling their personal information and making false representations to get it.

Read more on Courthouse News.

Related: Complaint against Chexsystems Collection Agency (pdf)


(Related) Gary Alexander sent me this one. I seem to remember a Supreme Court nominee's video rental records being examined by the press, perhaps that was enough to make Washington politicians take action?

http://www.networkworld.com/community/node/44055?source=NWWNLE_nlt_daily_am_2009-08-03

Video rental records are afforded more privacy protections than your online data.

Defcon 17 Security Conference By jheary on Sat, 08/01/09 - 1:49am.

Today at Defcon 17 I attended an interesting talk given by the Electronic Frontier Foundation (EFF) where they talked about some of the case law that is shaping our countries IT related laws. One of the interesting tidbits that I picked up was that current laws seem to protect your personal video rental and sales records (i.e. what you rented from the video store) from disclosure in a more effective way than your computer data residing online. I'm no lawyer, and this is not legal advice, but here are some of the details on the subject.



It is one thing to have a policy. Part of management's responsibility is to ensure that procedures are followed. Especially when an employee is terminated for cause.

http://www.databreaches.net/?p=6527

TNCC computer tech says access now cut off

August 3, 2009 by admin Filed under Breach Incidents, Education Sector, Unauthorized Access

It may be a sign of the times that even the risk of a data breach becomes newsworthy. [God, let's hope so! Bob]

Last week, the Daily Press reported that a former part-time computer help desk technician at Thomas Nelson Community College claimed that he had been laid off almost three weeks earlier, but that he still had computer access to the records and Social Security numbers of every student in the Virginia Community College System. The college denied that he had been “laid off,” and stated that school policy is to end access when an employee is terminated.

In a follow-up a few days later, the reported that as soon as they had published the first story, the former tech’s access was promptly terminated. This time, the college claimed that:

“However, we believe his assessment of his access was incorrect; it did not include access to Social Security numbers,” Hayden said. “Security of student and institutional records is a paramount concern for all of Virginia’s Community Colleges, including Thomas Nelson Community College.”

“I’m pretty positive,” Slater said Friday, when asked again if he was sure he had access to Social Security numbers.



I suspect this editorial (rant?) reflects the opinion of many security wonks.

http://www.wired.com/dangerroom/2009/08/white-house-cyber-czar-resigns-good-riddance/

White House ‘Cyber Czar’ Resigns; Let’s Not Replace Her.

By Michael Tanji Email Author August 3, 2009 4:16 pm

The White House’s acting “cyber czar” just resigned, with no permanent replacement in sight. Which is just fine. We can make more progress on the network security front without such a “czar.”

For starters, we’ve had reasonable facsimiles of cyber czars before — to little effect. The studies have been done, the list of tasks complete, yet we continue to fail year after year.

… Despite grandiose claims to the contrary, the government has very little direct impact on how safe national resources are online.



It figures that California requires outrageous behavior...

http://www.ktvu.com/news/20267691/detail.html

Workplace Surveillance Lawsuit Tossed By High Court

Posted: 1:43 pm PDT August 3, 2009

SAN FRANCISCO -- The California Supreme Court Monday rejected a lawsuit filed against a Southern California residential children's center by two clerical workers who learned there was a surveillance camera hidden in their office.

The camera and a related motion detector were set up by officials at the Hillsides Children's Center in Los Angeles County in 2002 in a bid to find out who was looking at pornography late at night on a computer in the office.

The center's director later said he didn't suspect either of the two workers who filed the lawsuit, but wanted to find out whether another center employee was entering their office at night to view pornography online.

Center management said that since the center served abused children, it would be harmful to have such an employee working there.

… The state high court, in a ruling issued in San Francisco, said the two workers had a reasonable expectation of privacy.

But the panel also unanimously said the privacy invasion didn't rise to the level of an "outrageous" action that would have allowed the lawsuit to proceed.

The panel said the action was justified by legitimate business concerns for the welfare of the children and about the center's possible legal liability. The court also said the intrusion was limited because the camera was activated only at night and only three times in a three-week period and the two workers were never caught on film.

Justice Marvin Baxter said in the ruling that misuse of office computers is an increasing problem for employers.



Another “We gotta do something” reaction to 9/11? Probably helps solve crime, but prevent terrorism? (Maybe “sharing” explains how all those police files wind up in the wrong hands?)

http://www.bespacific.com/mt/archives/021960.html

August 03, 2009

Police Chiefs: Intelligence Sharing Has Improved Since 9-11 But More Must Be Done

News release: "A report released today by the International Association of Chief of Police (IACP) finds that in the years since the September 11, 2001, state, local, and tribal law enforcement agencies have made great strides in their ability to share intelligence, which is a critical factor in our continuing effort to prevent terrorist attacks. [Am I missing something? Did any of these organizations have information that would have prevented the attacks? (The Feds had bits & pieces) Bob] However, the full benefits of intelligence sharing has not yet been realized because the process itself remains a mystery to many police officers, and some law enforcement executives consider their agencies too small or too remote to participate in criminal intelligence sharing. These obstacles to full participation could result in alarming gaps in the intelligence that guides our homeland security and crime fighting efforts. These findings, along with recommendations designed to assist law enforcement agencies in overcoming challenges, are contained in the IACP's report: National Summit on Intelligence: Gathering, Sharing, Analysis, and Use after 9-11."


(Related) How secure are those huge databases you ask?

http://www.databreaches.net/?p=6555

Employees sacked for ID card data breach

August 4, 2009 by admin Filed under Breach Incidents, Government Sector, Non-U.S., Unauthorized Access

The database in question holds data on 92 million people in the U.K. About 200,000 people have access to it. If they cannot adequately secure the database from misuse by employees, well…….

Nine local authority workers have been sacked after illegally accessing personal details of the public held on the government’s national identity database.

In total, 34 council workers were found to have illegally accessed the Customer Information System (CIS) database, part of a linked-up network of systems which constitute the government’s planned national identity database.

So how much is acceptable? Is evidence of 34 people misusing the database evidence that the system needs better security, or is it an acceptable level of risk? [Acceptable to whom? Bob]

A DWP spokesman told Computer Weekly: “The small number of incidents shows that the CIS security system is working and is protected by several different audit and monitoring controls, which actively manage [They do not manage. They merely report that an event has occurred. Bob] and report attempts at unauthorised or inappropriate access.”

Read more on politics.co.uk.



Isn't this the IP equivalent of a Quit Claim Deed? If so, can I sell the rights to AP stories the same way? (The AP was probably so amazed that someone actually wanted to pay them that they didn't bother checking who owned the quote.)

http://yro.slashdot.org/story/09/08/03/2125223/AP-Will-Sell-You-a-License-To-Words-It-Doesnt-Own?from=rss

AP Will Sell You a "License" To Words It Doesn't Own

Posted by kdawson on Monday August 03, @07:13PM from the almost-as-ironic-as-disappearing-1984 dept.

James Grimmelmann performed an experiment using the AP's form to request a license to use more than four consecutive words from one of their articles. Except that he didn't paste in words from the (randomly chosen) article, but instead used 26 words written by Thomas Jefferson 196 years ago:

If nature has made any one thing less susceptible than all others of exclusive property, it is the action of the thinking power called an idea.

The AP cheerfully charged him $12 to use Jefferson's 26 words. Both Boing Boing and TechDirt have picked up the story so far. Grimmelmann adds an update to his blog: the AP has rescinded his license to Jefferson's words and issued a refund for his $12. They did not exhibit the grace to admit that their software is brain-dead.



Post Hoc contract modification? Perhaps it was in the shrink wrap... I did warn you that automated updates gave the manufacturers too much control.

http://games.slashdot.org/story/09/08/03/228225/Ads-Retroactively-Added-To-emWipeout-HDem-Soon-Others?from=rss

Ads Retroactively Added To Wipeout HD, Soon Others

Posted by Soulskill on Monday August 03, @10:04PM from the brought-to-you-by-frungy,-the-sport-of-kings dept. playstation games

An anonymous reader writes

"American users of Wipeout HD might have noticed that there's an advertisement showing up all of a sudden during loading, both during online and offline play. This, according to a poster on the well-known gaming forum NeoGAF, is being done covertly. The writer suspects that the display software was installed during update 2.01, and the ad-content is now being snuck in. Gamasutra has a story on the company responsible for the software to deliver these ads, Double Fusion, which said it plans to launch in-game advertising in 'another handful' of PS3 games by the end of the year. So, what's next? Can we look forward to fighting the Kool-Aid Man and zombified Mars bars in Uncharted, or is there anything that can be done to hinder companies from adding advertisements retroactively, without the customer's prior knowledge?"



Another legal milestone!

http://it.slashdot.org/story/09/08/03/1731226/First-Ever-Criminal-Arrest-For-Domain-Name-Theft?from=rss

First Ever Criminal Arrest For Domain Name Theft

Posted by ScuttleMonkey on Monday August 03, @03:11PM from the slowly-catching-up-with-the-times dept. security court internet

Domain Name News writes

"Until recently, there hasn't been a case of a domain theft where the thief was caught and arrested. However, on July 30th, Daniel Goncalves was arrested at his home in Union, New Jersey and charged in a landmark case, the first criminal arrest for domain name theft in the United States. [His mother is so proud! Bob] 'Cases of domain name theft have not typically involved a criminal prosecution because of the complexities, financial restraints and sheer time and energy involved. If a domain name is stolen, the victim of the crime in most cases would need experience with the technical and legal intricacies associated with the domain name system. To move the case forward, they would also need a law enforcement professional who understands the case or is willing to take the time to learn. For example, the Angels told us that in their case they called their local law enforcement in Florida who sent a uniformed officer in a squad car to their home. The first thing you can imagine the officer asked was, "What's a domain?"'"



Think of this as a weapon test/proof of concept. How would you like to control millions of computers at the start of a CyberWar?

http://it.slashdot.org/story/09/08/03/1510243/Has-Conficker-Been-Abandoned-By-Its-Authors?from=rss

Has Conficker Been Abandoned By Its Authors?

Posted by CmdrTaco on Monday August 03, @12:19PM from the don't-leave-me-daddy dept. security worms

darthcamaro writes

"Remember Conficker? April first doom and gloom and all? Well apparently after infecting over five million IP addresses, it's now an autonomous botnet working on its own without any master command and control. Speaking at the Black Hat/Defcon Hat security conference in Las Vegas, Mikko Hypponen, chief research officer at security firm F-Secure, was told not to talk in detail about the Conficker gang — the problem is that not all researchers were under the same gag order. Just ask Roel Schouwenberg, senior anti-virus researcher at security firm Kaspersky, who says 'The Conficker botnet is autonomous; that is very strange in itself that they made Conficker replicate by itself. Now it seems like the authors have abandoned the project, but because it is autonomous, it can do whatever it wants and it keeps on trying to find new hosts to infect.'"



This is important for determining if the rest of the world is as wacko as we are...

http://www.bespacific.com/mt/archives/021964.html

August 03, 2009

Google quadruples number of articles included in News Archive Search

Google News Blog: "We've recently updated our index, quadrupling the number of articles included in News Archive Search. We now include articles from several new publications, including the Halifax Gazette, Sydney Morning Herald, the Milwaukee Journal Sentinel, and the Village Voice. Working with our partners, we've also added new international publications such as the Manila Standard, The Nation from Thailand, and many others...You can explore this historical treasure trove by searching on News Archive Search or by using the timeline feature after searching on Google News."



'cause Apple makes gooder Apps than we does...

http://www.pcworld.com/businesscenter/article/169507/microsoft_details_how_to_port_iphone_apps_to_windows_mobile.html

Microsoft Details How to Port IPhone Apps to Windows Mobile