Saturday, August 15, 2009

Local doesn't mean small...

Arrests made in bank fraud probe

Friday, August 14, 2009, 1:32pm MDT Modified: Friday, August 14, 2009, 4:13pm

Denver Business Journal - by Renee McGaw

Federal authorities arrested four people and searched more than a dozen locations in the Denver metro area Friday morning as part of an investigation into a criminal fraud ring that may have cost multiple banks more than $80 million.

… In a complaint filed Friday in U.S. District Court, the FBI listed 16 people in the Denver metro area that it said it had probable cause to arrest, including Vishnevskaya and Nikitina.

But the investigation appeared to be much larger than that.

“To date, this investigation has identified approximately 700 straw buyers recruited by the criminal enterprise and financial losses are estimated to exceed $80 million,” according to the complaint filed in Vishnevskaya’s case

According to the complaint, the arrests stem from an FBI investigation that began in 2007 into alleged criminal rings in the United States.

No doubt Congress will want the US to “Catch up with the rest of the world”

Overseeing Surveillance - Lessons from the UK Experience?

August 15, 2009 by Dissent Filed under Non-U.S., Surveillance

In a previous post I pointed out the remarkable lack of transparency in the oversight of surveillance in Ireland. This has become all the more worrying since July when the remit of this oversight system was extended (by the Criminal Justice (Surveillance) Act 2009) beyond telephone tapping and data retention to include also the planting of covert audio bugs, video cameras and gps trackers. In effect, the Designated Judge has now been given (by ad hoc extensions of his role) oversight of most forms of surveillance - with public accountability in respect of this oversight remaining limited to a single page annual report. [That says: “Looks Okay to me!” Bob]

Two recently published documents from the UK illustrate a better model of oversight.

Read more on IT Law in Ireland.

For all you “Ubiquitous Surveillers” Now you can run a UAV inside your own home! Check on Grandpa! Make sure the kids are studying! See what the wife's making for dinner!

Robo-copter can navigate inside your home

by Tim Hornyak August 14, 2009 1:20 PM PDT

Just when you were getting used to the idea of unmanned aerial vehicles patrolling the skies over your city, they're beginning to enter buildings.

This flying robot designed by a U.S.-German team recently won a contest in which the goal was to autonomously navigate inside a simulated nuclear power plant and find and image a control panel without the aid of a GPS.

Disclaimer! I am not recommending this hack! I merely point out that certain individuals (some of them my students) would find it quite amusing to hijack a politician's home computer (or one belonging to their children), download this collection, and then rat them out to the RIAA.

The Pirate Bay Still Hasn’t Gone Legit, Still Enjoys Poking Big Media in the Eye: The “$675,000 Mixtape”

by Peter Kafka Posted on August 14, 2009 at 6:00 AM PT

Remember how the rascals at file-sharing site The Pirate Bay, chastened by the Swedish courts, were going to straighten up and go legit? Going to have to keep waiting on that one.

A reminder of the site’s outlaw status is splashed up on the site’s front page right now, in the form of a feature promoting “DJ Joel’s $675,000 Mixtape,” which is supposedly “Approved by the RIAA,” the U.S. lobbying/litigating arm of the big music labels.

It’s not approved by the RIAA, of course. Instead, the feature steers visitors to a page that where they can illegally download 30 songs that just cost grad student Joel Tenenbaum $675,000. That’s the amount a federal jury decided he owed the RIAA after being found guilty of copyright violations for sharing the tunes via a filesharing network.

I should have seen this coming. We could have started a “Build you own Broadband” franchise, and sold do-it-yourself kits to anyone stuck in areas monopolized by 'do nothing' providers...

Major Carriers Shun Broadband Stimulus

Posted by Soulskill on Friday August 14, @07:10PM from the why-risk-their-monopolies dept.

jmcharry sends word that as the deadline looms for requesting broadband grants from the $4.7 billion available in stimulus funding, Comcast, Verizon, and AT&T are conspicuously absent from the list of applicants. Quoting the Washington Post: "Their reasons are varied. All three say they are flush with cash, enough to upgrade and expand their broadband networks on their own. Some say taking money could draw unwanted scrutiny of business practices and compensation, as seen with automakers and banks that have taken government bailouts. And privately, some companies are griping about conditions attached to the money, including a net-neutrality rule that they say would prevent them from managing traffic on their networks in the way they want. ... Yet those firms might be the best positioned to achieve the goal of spreading Internet access to underserved areas, some experts say." Reader Michael_Curator notes that while the major carriers may be holding back, there were still enough applications to slow government servers to a crawl, resulting in a deadline extension.

You know a technology has arrives when... I like it! The Old Sargents I knew were always saying “Here's how it really works...”

Army Asks Its Personnel to Wikify Field Manuals

Posted by Soulskill on Friday August 14, @08:06PM from the now-adding-wikify-to-the-spellchecker-and-sighing dept.

Hugh Pickens writes

"The NY Times reports that the Army began encouraging its personnel — from the privates to the generals — to go online and collaboratively rewrite seven of the field manuals that give instructions on all aspects of Army life, using the same software behind Wikipedia. The goal, say the officers behind the effort, is to tap more experience and advice from battle-tested soldiers rather than relying on the specialists within the Army's array of colleges and research centers, who have traditionally written the manuals. 'For a couple hundred years, the Army has been writing doctrine in a particular way, and for a couple months, we have been doing it online in this wiki,' said Col. Charles J. Burnett, the director of the Army's Battle Command Knowledge System. 'The only ones who could write doctrine were the select few. Now, imagine the challenge in accepting that anybody can go on the wiki and make a change — that is a big challenge, culturally.' Under the three-month pilot program, the current version of each guide can be edited by anyone around the world who has been issued an ID card that allows access to the Army Internet system. Reaction so far from the rank and file has been tepid, but the brass is optimistic; even in an open-source world, soldiers still know how to take an order."

What's in it for them?,8599,1915112,00.html?iid=digg_share

Google and Microsoft: The Battle Over College E-Mail

By Jeremy Caplan Friday, Aug. 14, 2009

… Google now manages e-mail for more than 2,000 colleges and universities, enabling students to transform accounts capped at 100 mb into Google-managed inboxes that allow for 70 times as much mail. Microsoft also provides free Web-based mail for thousands of schools, including colleges in 86 countries.

Studying Twits

Study: Twitter is 40 percent 'pointless babble'

by Caroline McCarthy August 14, 2009 12:54 PM PDT

Surprise! A full 40.5 percent of posts on Twitter--or tweets, as they're called--can be classified as "pointless babble," according to a new study from Pear Analytics. Coming in second was "conversational," which the company says makes up 37.55 of all tweets.

There's some interesting stuff in there. Despite some Twitter critics' insistence that the microblogging service is loaded with self-promoters, Pear Analytics only classified 5.85 percent of tweets as "self promotion."

The other categories were "news" (3.6 percent), "spam" (also lower than I'd expect, at 3.75 percent), and "pass-along value" (8.7 percent).

[The White Paper:

The persistence of viral videos. (Business Model: Offer a “sponsored” upload option for amateur videos so that IF your video goes viral, it is already “wrapped” in an advertising package. Give creators 90% of the profits and everyone will upload through you.)

YouTube's Back-Catalog Amateur Content KILLS Pro Content

Dumenco's Trendrr Chart of the Week

by Simon Dumenco Published: August 14, 2009

… What's it all mean? Funny toddlers and dorky dancing couples in all their non-monetizable glory will live forever -- draining money (for server costs) from YouTube/Google's coffers until the end of time. Because people will never, ever tire of them. Ever!

What don't you like about your browser? Here's a guy who can see how to fix any shortcoming you can think of...

Netscape Founder Backs New Browser

Posted by ScuttleMonkey on Friday August 14, @05:27PM from the making-web-development-harder dept.

wirelessjb writes to share that after a resounding defeat at the hands of Microsoft in the first major browser war of the mid 1990s, Marc Andreessen is looking to have another go at the market by backing a new startup called "RockMelt."

"Mr. Andreessen suggested the new browser would be different, saying that most other browsers had not kept pace with the evolution of the Web, which had grown from an array of static Web pages into a network of complex Web sites and applications. 'There are all kinds of things that you would do differently if you are building a browser from scratch,' Mr. Andreessen said. RockMelt was co-founded by Eric Vishria and Tim Howes, both former executives at Opsware, a company that Mr. Andreessen co-founded and then sold to Hewlett-Packard in 2007 for about $1.6 billion. Mr. Howes also worked at Netscape with Mr. Andreessen."

[From the article:

After Microsoft defeated Netscape, it controlled more than 90 percent of the browser market. Interest in browsers among technology companies waned and innovation ground to a halt. But in the last 18 months, the Internet browser has become a battleground again with giants like Google, Apple and Microsoft fighting one another.

The renewed interest in browsers is partly a result of the success of Mozilla, a nonprofit. The speedier, safer and more innovative Mozilla Firefox browser, introduced in 2004, has grabbed 23 percent of the market, and Microsoft’s share has dropped to 68 percent.

… On the company’s Web site, the corporate name and the words “coming soon” are topped by a logo of the earth, with cracks exposing what seems to be molten lava from the planet’s core. A privacy policy on the site, which was removed after a reporter made inquiries to Mr. Vishria, indicates the browser is intended to be coupled somehow with Facebook. Mr. Andreessen serves as a director of Facebook.

… Another browser, Flock, based on Firefox, already incorporates feeds from social networking sites.

Just in time for my Advanced Algebra class! (Anything to amuse my students)

A Mathematical Model For a Spreading Zombie Infestation

Posted by Soulskill on Friday August 14, @10:04PM from the integrating-by-parts dept.

cloude-pottier writes

"What do you do when zombies attack? Turn to a mathematician to come up with a model for the spread of a zombie infestation, of course! Students at Carleton University and the University of Ottawa have published a paper in a book titled Infectious Disease Modelling Research Progress detailing how to model the spread of a zombie population and various complications in managing the spread of the infestation. They even give humans a fighting chance in some cases! The original paper (PDF) can be found at their professor's website."

[A comment points to an online zombie simulation:

Friday, August 14, 2009

Does this fall under Surveillance or Data Breach or Data Mining or I Told You So?

Anonymization FAIL! Privacy Law FAIL!

August 14, 2009 by Dissent Filed under Other

Paul Ohm writes that he has uploaded his latest draft article entitled, “Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization” to SSRN, where you can download a free copy of the article.

The Abstract:

Computer scientists have recently undermined our faith in the privacy-protecting power of anonymization, the name for techniques for protecting the privacy of individuals in large databases by deleting information like names and social security numbers. These scientists have demonstrated they can often “reidentify” or “deanonymize” individuals hidden in anonymized data with astonishing ease. By understanding this research, we will realize we have made a mistake, labored beneath a fundamental misunderstanding, which has assured us much less privacy than we have assumed. This mistake pervades nearly every information privacy law, regulation, and debate, yet regulators and legal scholars have paid it scant attention. We must respond to the surprising failure of anonymization, and this Article provides the tools to do so.

The issue has significant implications for all of us, particularly when we consider arguments that health and medical information will be shared without our direct consent because it will be “de-identified.”

Big Brother moves down under? Who gets to define “appropriate?”

Australian ISPs Soon To Become Copyright Cops

Posted by timothy on Friday August 14, @02:11AM from the classic-multitasking dept.

srjh writes

"In the Australian Federal Government's latest assault on the internet, draft legislation has been released that allows network operators to intercept communications to ensure that their networks are being 'appropriately used.' Such legislation is particularly important given the interference of Communications Minister Stephen Conroy in a recent copyright lawsuit against iiNet, one of the largest ISPs in the country. Conroy called prominent filtering opponent iiNet's inaction over copyright infringement 'stunning,' whereas iiNet claimed that it would be illegal under current Australian law to intercept its users' downloads. While this latest legislation appears to be a concession of that point, the government is said to be watching the case closely and along with attempts to introduce a three-strikes law in Australia, it appears the law will be changed if the government dislikes the outcome of the case. The internet villain of the year just continues to earn his title."

For my Lawyer/Hacker friends. No Copyright, no foul?

Firefox Plugin Liberates Paywalled Court Records

Posted by kdawson on Friday August 14, @09:01AM from the free-as-in-beer dept.

Timothy B. Lee writes

"If you want to access federal court records, you're often forced to use PACER, a cumbersome, paywalled Web site run by the federal judiciary. My colleagues and I at Princeton's Center for IT Policy have released a new Firefox extension called RECAP that allows users to automatically upload the documents they download from PACER into a public archive hosted by the Internet Archive. It also saves users money by automatically notifying them if a document they're searching for is available for free from the public archive. Over time, we hope to build a comprehensive, free repository of federal court records that's available to everyone."

Records retention. How permanent can records be?

How long is long-term storage?

by John Webster August 13, 2009 1:31 PM PDT

There is a big disconnect between how long people think they should be storing data and how long they actual can. One group of vendors and academics is trying to change that.

Two years ago, the Storage Networking Industry Association's Data Management Forum reported the results of a landmark study that looked at the state of long-term storage, i.e. preserving a digital object for more than 10 years. Some disturbing results jumped out.

… A whopping 80 percent of the 276 organizations included in the study reported a need to retain electronic records for more than 50 years, so let's start there.

… So there's a big gap here. A group of concerned vendors and academic advisers have formed the 100 Year Archive Task Force under the auspices of the Storage Networking Industry Association's Data Management Forum wants to start filling the gap. You can follow their progress or become involved yourself here.

I think I need a lawyer... The development I've done in “Simulate the World” has been stolen. The game host has sold the predictive model to the CIA and now they want me to turn over 'all source code, notes and documentation.'

Making the Case That Virtual Property Is a Bad Idea

Posted by timothy on Thursday August 13, @03:07PM from the contrarians-just-can't-get-along dept.

pacergh writes

"Many legal commentaries on virtual property argue that it should exist. Others argue why it can exist. None seem to explicitly spell out what virtual property will look like or how it will affect online worlds. Lost in the technology love-fest are the problems virtual property might bring. The Virtual Property Problem lays out a model for what virtual property might look like and then applies it to various scenarios. This highlights the problems of carving virtual property out of a game developer's rights in his creation. From the abstract: '"Virtual property" is a solution looking for a problem.' The article explains the 'failure of property rights to benefit the users, developers, and virtual resources of virtual worlds.'"

Over reaction?

Social-networking ban for sex offenders: Bad call?

by Larry Magid August 13, 2009 3:12 PM PDT

The just-signed Illinois law banning sex offenders from social-networking sites might seem like a good idea to protect children, but it will have virtually no impact on their safety and could wind up making things worse.

… A January 2009 analysis of Pennsylvania cases by the Center for Safe and Responsible Internet Use found, during a four-year period, that "only eight incidents involved actual teen victims with whom the Internet was used to form a relationship," compared to 9,934 children who were sexually abused in a single year in that state.

Transparency is as transparency does “Hey, we're the government. We don't see this as unusual. Besides, Osama might try to use this site and we gotta be ready!”

$18M Contract For Transparency Website Released — But Blacked Out

Posted by timothy on Thursday August 13, @03:59PM from the but-don't-worry-government-health-care-will-be-cheap dept.

zokuga writes

"The US government recently approved an $18 million contract for Smartronix to build a website where taxpayers could easily track billions in federal stimulus money, as part of President Obama's promise to make government more transparent through the Internet. However, the contract, which was released only through repeated Freedom of Information Act requests, is itself heavily blacked out. ProPublica reports: 'After weeks of prodding by ProPublica and other organizations, the Government Services Agency released copies of the contract and related documents that are so heavily blacked out they are virtually worthless. In all, 25 pages of a 59-page technical proposal — the main document in the package — were redacted completely. Of the remaining pages, 14 had half or more of their content blacked out.' Sections that were heavily or entirely redacted dealt with subjects such as site navigation, user experience, and everything in the pricing table. The entire contract, in all its blacked-out glory, is here."

Why secret? The Berkman Center at Harvard has been doing this openly for years. Certainly any geek would know what gets scanned and blocked and could list dozens of alternative communications methods.

US Tests System To Evade Foreign Web Censorship

Posted by timothy on Friday August 14, @08:12AM from the worthy-objective dept.

D1gital_Prob3 excerpts from a Reuters story that says

"The US government is covertly testing technology in China and Iran that lets residents break through screens set up by their governments to limit access to news on the Internet. The 'feed over email' (FOE) system delivers news, podcasts and data via technology that evades web-screening protocols of restrictive regimes, said Ken Berman, head of IT at the US government's Broadcasting Board of Governors, which is testing the system. The news feeds are sent through email accounts including those operated by Google, Microsoft's Hotmail, and Yahoo. 'We have people testing it in China and Iran,' said Berman, whose agency runs Voice of America. He provided few details on the new system, which is in the early stages of testing. He said some secrecy was important to avoid detection by the two governments."

Open Source is killing another golden goose? Where there appears to be enormous profit, there is enormous opportunity.

Open Textbooks Win Over Publishers In CA

Posted by CmdrTaco on Thursday August 13, @12:18PM from the now-put-them-in-a-wiki dept.

Unequivocal writes

"Recently California's Governor announced a free digital textbook competition. The results of that competition were announced today. Many traditional publishers submitted textbooks in this digital textbook competition in CA as well as open publishers. An upstart nonprofit organization named CK-12 contributed a number of textbooks (all free and open source material). 'Of the 16 free digital textbooks for high school math and science reviewed, ten meet at least 90 percent of California's standards. Four meet 100 percent of standards.' Three of those recognized as 100% aligned to California standards were from CK-12 and one from H. Jerome Keisler. None of the publisher's submissions were so recognized. CK-12 has a very small staff, so this is a great proof of the power of open textbooks and open educational resources."

Data Mining/Data Analysis

Big Data and Real-time Structured Data Analytics

by Ben Lorica| @dliman

The emergence of sensors as sources of Big Data highlights the need for real-time analytic tools. Popular web apps like Twitter, Facebook, and blogs are also faced with having to analyze (mostly unstructured) data in near real-time. But as Truviso founder and UC Berkeley CS Professor Michael Franklin recently noted, there are mountains of structured data generated by web apps that lend themselves to real-time analysis:

Tools & Techniques Every now and then, a simple tool comes along that makes something else (Craigslist in this case) much more valuable. - Keep An Eye On Craiglist All The Time

We can define Its My Sale as a watching tool for Craiglist that serves many purposes, most notably an alert function that enables you to be the first to contact someone on Craigslist that is selling something that you have been actively looking for.

An account can be created for free through the main page of From that point onwards, you can start using the CraigsWatch tool to be notified by e-mail when someone posts an ad on Craigslist that matches the keywords that you have specified beforehand.

… CraigWatch is a free tool

Thursday, August 13, 2009

There is a not so subtle difference between naive and gullible. Wouldn't you expect a CEO to know just how secure his data was?

Heartland CEO on Data Breach: QSAs Let Us Down

August 12, 2009 by admin Filed under Breach Incidents, Commentaries and Analyses, Financial Sector

For Heartland Payment Systems Inc. CEO Robert Carr, the year did not start off well, to say the least.

In January, the Princeton, N.J.-based provider of credit and debit processing, payment and check management services was forced to acknowledge it had been the target of a data breach — in hindsight, possibly the largest to date with 100 million credit and debit cards exposed to fraud.

In the following Q&A, Carr opens up about his company’s data security breach. He explains how, in his opinion, PCI compliance auditors failed the company, how informing customers of the breach before the media had a chance to was the best response, and how other companies can avoid the pain Heartland has experienced.

Read more on Computerworld.

[From the article:

What have you learned in recent months regarding how exactly the burglars were able to get in? have investigators flagged in terms of the big security holes that were exploited?

Carr: "The audits done by our QSAs (Qualified Security Assessors) were of no value whatsoever. To the extent that they were telling us we were secure beforehand, that we were PCI compliant, was a major problem. The QSAs in our shop didn't even know this was a common attack vector being used against other companies. We learned that 300 other companies had been attacked by the same malware. I thought, 'You've got to be kidding me.' That people would know the exact attack vector and not tell major players in the industry is unthinkable to me. I still can't reconcile that."

How did the QSAs respond when you expressed this view?

Carr: "In the post-Enron environment, the auditors have contracts with clients that essentially absolve them of gross negligence. The false reports we got for 6 years, we have no recourse. No grounds for litigation. That was a stunning thing to learn. In fairness to QSAs, their job is very difficult, but up until this point, we certainly didn't understand the limitations of PCI and the entire assessment process. PCI compliance doesn't mean secure. We and others were declared PCI compliant shortly before the intrusions."

(Related) On the other hand...

Opinion: Heartland CEO Must Accept Responsibility

August 13, 2009 by admin Filed under Breach Incidents, Commentaries and Analyses, Financial Sector

I just read Bill Brenner’s interview with Heartland Payment Systems’ CEO Bob Carr [Heartland CEO on Data breach: QSAs Let Us Down] and truthfully, my blood is boiling.

Basically, he’s throwing his QSA under the bus for the massive data breach that happened under his watch. Basically, because the QSA didn’t find anything, therefore he should be off the hook.

I say that’s a load of crap. It’s about time organizations suffering from a data breach owned up to the fact that they made a mistake. You see, the fine folks at Johnson and Johnson didn’t throw the pharmacy under the bus when Tylenol got poisoned in 1982, did they? NO! They accepted responsibility (even though it wasn’t their fault) and re-established trust with their customers.

This kind of response from Mr. Carr basically proves that organization has learned NOTHING from the data breach, which means inevitably it will happen again.

Read more of Mike Rothman’s commentary on CSO.

(Related) In that UPS also began encrypting after a breach. I wonder if they do it in the US too?

UPS encrypts laptops and smartphones after data breach

August 12, 2009 by admin Filed under Breach Incidents, Business Sector, Non-U.S., Theft

Parcel service UPS has encrypted all its UK laptops and smartphones, following a breach of the Data Protection Act last year.

The firm has also signed an undertaking to assure the Information Commissioner’s Office that personal information will be kept securely in future.

An unencrypted, password-protected laptop was stolen from a UPS employees while on business abroad in October 2008.

The laptop, which was never recovered, contained the payroll data of 9,150 UK based employees, including personal, salary and bank details.


[From the article:

Password-protected laptops are not secure. [Interesting that (post-breach) organizations are recognizing the obvious. Bob]

It could mean that companies have figured out how to manage their way through the minefield.

How Much Does a Reputation For Security Matter Anymore?

Posted by Soulskill on Wednesday August 12, @11:49AM from the eh-i'm-sure-they'll-patch-it-soon dept.

dasButcher writes

"We often hear that businesses risk their corporate reputations if they don't have adequate security. It's been a common refrain among those selling security technologies: protect your data or suffer the reputational consequences. But, as Larry Walsh points out, the evidence is against this notion. Even companies that have suffered major security breaches — TJX, Hannaford, etc. — have suffered little lasting damage to their reputation. So, does this mean that reputational concerns are simply bunk?"

How much does a reputation for customer surveillance matter? Another target for the e-Discovery folks?

Oh, By the way: The Palm Pre phones home with your location [Updated]

by Greg Kumparak on August 12, 2009

… When Debian developer Joey Hess started tinkering with webOS, he noticed that it was sending something to Palm once a day. Surely, Palm wasn’t sending anything too potentially incriminating without making it blatantly obvious to the user, right? Wrong.

Joey tore apart the data the Pre was transmitting, and there it was, smack dab at the top of the page:

{ “errorCode”: 0, “timestamp”: 1249855555954.000000, “latitude”: 36.594108, “longitude”: -82.183260, “horizAccuracy”: 2523, “heading”: 0, “velocity”: 0, “altitude”: 0, “vertAccuracy”: 0 }

That was Joey’s position at the time the data was sent, accurate to the same degree that the Google Maps application was.

Also included was a list of every application Joey used, along with how long they were used for (as measured by “launch” and “close” parameters), along with crashlogs.

Peer-to-peer systems don't just share music

Man Jailed After Using LimeWire For ID Theft

Posted by Soulskill on Wednesday August 12, @12:31PM from the guess-his-making-available-defense-didn't-work-either dept.

angry tapir sends along this excerpt from PC World:

"A Seattle man has been sentenced to more than three years in prison for using the LimeWire file-sharing service to lift personal information from computers across the US. The man, Frederick Wood, typed words like 'tax return' and 'account' into the LimeWire search box. That allowed him to find and access computers on the LimeWire network with shared folders that contained tax returns and bank account information. ... He used the information to open accounts, create identification cards and make purchases. 'Many of the victims are parents who don't realize that LimeWire is on their home computer,' [said Kathryn Warma of the US Attorney's Office]."

...because there is absolutely, positively no way using technology is harmless.

Illinois Bans Social Network Use By Sex Offenders

Posted by timothy on Wednesday August 12, @02:52PM from the good-feel-measure-vs.-bad-feel-felons dept.

RobotsDinner writes

"Illinois Governor Pat Quinn has signed into law a bill that bans all registered sex offenders from using social networks. '"Obviously, the Internet has been more and more a mechanism for predators to reach out," said Sen. Bill Brady (R-Bloomington), a sponsor of the measure and a governor candidate. "The idea was, if the predator is supposed to be a registered sex offender, they should keep their Internet distance as well as their physical distance." [Whatever we do in the real world, we should also do in the virtual world? Bob]

Undue reliance? It's so if the computer says it's so. Now we know where TSA got the idea for the no-fly list!

Database Error Costs Social Security Victims $500M

Posted by timothy on Wednesday August 12, @05:18PM from the drop-in-the-bucket dept.

Hugh Pickens writes

"The Washington Posts reports that the Social Security Administration has agreed to pay more than $500 million in back benefits to more than 80,000 recipients whose benefits were unfairly denied after they were flagged by a federal computer program designed to catch serious criminals. At issue is a 1996 law, which contained language later nicknamed the 'fleeing felon' provision, that said fugitives were ineligible to receive federal benefits. As part of its enforcement, the administration began searching computer databases to weed out people who were collecting benefits and had outstanding warrants. The searches captured dozens of criminals, including some wanted for homicide, but they also ensnared countless elderly and disabled people accused of relatively minor offenses such as shoplifting or writing bad checks and in some cases, the victims simply shared a name and a birth date with an offender."

(Read more, below.)

Kerfuffle is us? We're a University – why would we think before we open our mouth?

U.S. Colleges Say Hiring U.S. Students a Bad Deal

Posted by CmdrTaco on Thursday August 13, @09:27AM from the talking-to-you-cliff dept.

theodp writes

"Many U.S. colleges and universities have notices posted on their websites informing U.S. companies that they're tax chumps if they hire students who are U.S. citizens. "In fact, a company may save money by hiring international students because the majority of them are exempt from Social Security (FICA) and Medicare tax requirements," advises the taxpayer-supported University of Pittsburgh (pdf) as it makes the case against hiring its own U.S. students. You'll find identical pitches made by the University of Delaware, the University of Cincinnati, Kansas State University, the University of Southern California, the University of Wisconsin, Iowa State University, and other public colleges and universities. The same messsage is also echoed by private schools, such as John Hopkins University, Brown University, Rollins College and Loyola University Chicago."

Basil says this is a service worth look at, so is it worth investing in too?

Full Details On Mint’s $14 Million Series C Round

by Jason Kincaid on August 12, 2009

Mint, the popular personal finance site that won 2007’s TechCrunch40 conference, has closed a new $14 million Series C funding round. Silicon Alley Insider discovered the round in an SEC filing this morning, and we’ve just gotten off the phone with CEO Aaron Patzer, who confirmed the deal and filled us in on the details.

Increasingly important, even for individuals...

Free Tools to Back Up Your Online Accounts

By Gina Trapani, 9:00 AM on Wed Aug 12 2009

Humor or fact? Watch and decide!

Google Privacy Opt Out Announced Via The Onion

by Michael Arrington on August 12, 2009

The Onion strikes again, announcing Google Opt Out today, a product that lets people opt out of Google’s information gathering activities by having their home destroyed and moving to a covered villiage complex at an undisclosed location. As always, they nail it. Video is below.

Wednesday, August 12, 2009

One side of the debate. Will the OMB share their arguments?

EFF’s recommendations for federal web privacy policy

August 11, 2009 by Dissent Filed under Govt, Internet, U.S.

Today, EFF and the Center for Democracy and Technology submitted comments to the Office of Management and Budget in response to the agency’s review of the policies governing the federal government’s use of cookies and other web technologies.

The comments are an extension of recommendations we made in May, in which we suggested that the OMB permit cookie-based web analytics so long as the process was carefully overseen and met with specific strict safeguards. Today, we’ve expanded our recommendations to include the use of cookies for creating individualized web account logins and other common web practices that we understand government webmasters would like to be able to use. Overall, we continue to urge the government to limit the use of any data collected, to eliminate this data as soon as possible, and to seek third-party oversight.

Read more on EFF (The Electronic Frontier Foundation).

Related: EPIC submitted comments to the Office of Management and Budget recommending that the existing ban on the use of cookies at federal government websites be maintained.

Strategy is as Strategy does... Worth reading the article!

What unites advocates of speech controls & privacy regulation?

August 12, 2009 by Dissent Filed under Other

Anyone who has spent time following debates about speech and privacy regulation comes to recognize the striking parallels between these two policy arenas. In this paper we will highlight the common rhetoric, proposals, and tactics that unite these regulatory movements. Moreover, we will argue that, at root, what often animates calls for regulation of both speech and privacy are two remarkably elitist beliefs:

  1. People are too ignorant (or simply too busy) to be trusted to make wise decisions for themselves (or their children); and/or, [Governments aer smart, people are not. Bob]

  2. All or most people share essentially the same values or concerns and, therefore, “community standards” should trump household (or individual) standards. [Xenophobia. If you're not with us, you're against us. Bob]

While our use of the term “elitism” may unduly offend some understandably sensitive to populist demagoguery, our aim here is not to launch a broadside against elitism as Time magazine culture critic William H. Henry once defined it: “The willingness to assert unyieldingly that one idea, contribution or attainment is better than another.”[1] Rather, our aim here is to critique that elitism which rises to the level of political condescension and legal sanction. We attack not so much the beliefs of some leaders, activists, or intellectuals that they have a better idea of what it in the public’s best interest than the public itself does, but rather the imposition of those beliefs through coercive, top-down mandates.

Read more of this commentary by Adam Thierer & Berin Szoka in The Progress & Freedom Foundation, Progress on Point No. 16.19 on The Technology Liberation Front or access the pdf version of the article.

Making it harder for us to convict you is a crime. Making it impossible to convict you is a capital crime. The only thing worse is being innocent.

In UK, Two Convicted of Refusing To Decrypt Data

Posted by kdawson on Wednesday August 12, @05:31AM from the no-pleading-the-fifth dept.

ACKyushu clues us to recent news out of the UK, where two people have been successfully prosecuted for refusing to provide authorities with their encryption keys, resulting in landmark convictions that may have carried jail sentences of up to five years. There is uncertainty in that the names of the people convicted were not released; [Secret trials? Bob] and without those names, the Crown Prosecution Service said it was unable to track down details of the cases.

"Failure to comply with a section 49 notice carries a sentence of up to two years jail plus fines. Failure to comply during a national security investigation carries up to five years jail. ... Of the 15 individuals served, 11 did not comply with the notices. Of the 11, seven were charged and two convicted. Sir Christopher [Rose, the government's Chief Surveillance Commissioner] did not report whether prosecutions failed or are pending against the five charged but not convicted in the period covered by his report."

Hey, who ya gonna believe? A bunch of guys with PhDs or our Marketing Department? We've been working on your politicians... I means, explaining the evidence to your politicians and they agree with us. (Lots of comments)

Voting Machine Attacks Proven To Be Practical

Posted by kdawson on Tuesday August 11, @01:51PM from the back-up-the-dumpster dept.

An anonymous reader writes

"Every time a bunch of academics show vulnerabilities in electronic voting machines, critics complain that the attacks aren't realistic, that attackers won't have access to source code, or design documents, or be able to manipulate the hardware, etc. So this time a bunch of computer scientists from UCSD, Michigan, and Princeton offered a rebuttal. They completely own the AVC Advantage using no access to source code or design documents (PDF), and deliver a complete working attack in a plug-in cartridge that could be used by anyone with a few private minutes with the machine. Moreover, they came up with some cool tricks to do this on a machine protected against traditional code injection attacks (the AVC processor will only execute instructions from ROM). The research was presented at this week's USENIX EVT."


Diebold Quietly Patches Security Flaw in Vote Counting Software

By Kim Zetter Email Author August 12, 2009 8:00 am

Premier Election Solutions, formerly Diebold, has patched a serious security weakness in its election tabulation software used in the majority of states, according to a lab that tested the new version and a federal commission that certified it.

The flaw in the tabulation software was discovered by earlier this year, and involved the program’s auditing logs. The logs failed to record significant events occurring on a computer running the software, including the act of someone deleting votes during or after an election. The logs also failed to record who performed an action on the system, and listed some events with the wrong date and timestamps.

… It’s not known if Premier will offer the more secure version to election officials who purchased previous software. The company did not respond to a call for comment Tuesday.

Another “the patent system is broken” article? Or perhaps a “Microsoft is evil” article? Or even a “Texas is a whole 'nother country” article.

US Court Tells Microsoft To Stop Selling Word

Posted by Soulskill on Wednesday August 12, @08:13AM from the somebody's-not-having-a-good-day dept.

oranghutan writes

"A judge in a Texas court has given Microsoft 60 days to comply with an order to stop selling Word products in their existing state as the result of a patent infringement suit filed by i4i. According to the injunction, Microsoft is forbidden from selling Word products that let people create XML documents, which both the 2003 and 2007 versions let you do. Michael Cherry, an analyst quoted in the article, said, 'It's going to take a long time for this kind of thing to get sorted out.' Few believe the injunction will actually stop Word from being sold because there are ways of working around it. [Sure to make the judge happy. Bob] In early 2009, a jury in the Texas court ordered Microsoft to pay i4i $200 million for infringing on the patent. ZDNet has a look at the patent itself, saying it 'sounds a bit generic.'"

(Related) If the software can copy an entire hard drive bit by bit (as e-Discovery tools do) would that tool now be illegal? Such copying does not “notice” what it is copying, does not “unprotect” a file, but can recreate the data exactly on another drive.

Judge Rules Against RealDVD

Posted by Soulskill on Wednesday August 12, @09:40AM from the another-one-bites-the-dust dept.

mattOzan writes

"Judge Marilyn Hall Patel was unswayed by RealNetworks' defense of their product under the Fair Use Doctrine, as she declared RealDVD illegal and barred its distribution. As she said in her ruling, 'So while it may well be fair use for an individual consumer to store a backup copy of a personally owned DVD on that individual's computer, a federal law has nonetheless made it illegal to manufacture or traffic in a device or tool that permits a consumer to make such copies.' She also said RealNetworks was aware of the conflict between their agreement and their plans for the software: 'Real did not elect to return (or destroy, with appropriate certification) the CSS General Specifications after it received them, as Real had a right to do under the agreement... This behavior indicates that Real understood it to be bound by the CSS General Specifications as well as the other technical specifications received after execution of the CSS License Agreement.'"

[The ruling:

[From the ruling:

See Reimerdes, 111 F.Supp.2d at 324 (“The fact that Congress elected to leave technologically unsophisticated persons who wish to make fair use of encrypted copyrighted works without the technical means of doing so is a matter for Congress. . . .”).

Obvious? The opening for non-US firms seems obvious but aren't there some “protections” that prevent foreign telecommunications firms from jumping on the gravy train?

US Cell Phone Plans Among World's Most Expensive

Posted by timothy on Tuesday August 11, @01:03PM from the yes-but-we-have-cheap-gasoline dept.

Albanach writes

"An OECD report published today has shown moderate cell phone users in the United States are paying some of the highest rates in the world . Average US plans cost $52.99 per month compared to an average of $10.95 in Finland. The full report is available only to subscribers, however Excel sheets of the raw data are available to download."

(You'll find those Excel sheets — which open just fine in OpenOffice — on the summary page linked above.)

Pandemic or Overreaction? Hard to tell without Al Gore...

August 11, 2009 Provides Tools and Data on Pandemic Influenza and Avian Influenza

" provides comprehensive government-wide information on pandemic influenza and avian influenza for the general public, health and emergency preparedness professionals, policy makers, government and business leaders, school systems, and local communities."

A business model I've been suggesting for years. Converting obsolete media to “current” media. As the pace of obsolescence grow ever faster, the market for this service should grow just as fast.

Pixorial collects your video, sells it back to you

by Rafe Needleman August 12, 2009 3:00 AM PDT

The family video site Pixorial opens up to the public Wednesday. It solves two problems most people will probably relate to. First, it's a nice little video editor for piecing together clips from digital cameras and the like. Second, if you send Pixorial your old analog media (VHS tapes, Super 8 film, other formats), the company will convert them to digital so you can edit them into new films.

Once your film is edited, you can then press it to DVD ($9.99) or just view it online in smallish window. If you want to download the full, high-resolution video, that's $1.99

Inevitable. But we're going to have a battle for a device that can do everything you can already do to your textbook. Underlines, highlights, fold the corner of the page, add sticky notes, etc.

CourseSmart Brings 7,000 Text Books to The iPhone

By Charlie Sorrel Email Author August 11, 2009 6:13 am

Tools & Techniques for the complete hacker

How to Trace an IP Address to a PC & How to Find Your Own

Aug. 11th, 2009 By Saikat Basu

[See also:

How To Trace Your Emails Back To The Source

May. 28th, 2009 By Stefan Neagu

Business Model? After all, there is always something new...

The New Media School: Because College Didn’t Teach You A Thing About The Digital Economy

by Jason Kincaid on August 11, 2009

By now, most businesses and self-employed individuals know that they can use social media services like Twitter and Facebook to help themselves grow their customer base and (hopefully) make some money. But for most people, actually using these services presents a challenge. Granted, there is no shortage of social media ‘gurus’ who have blogged their tips, but when it comes to finding ongoing instruction from genuine experts, the pickings have been slim.

Nick O’Neill , founder of the The Social Times, is looking to help. O’Neill is launching an educational program called the New Media School, which is setting out to help both companies and individuals most effectively take advantage of the businesses opportunities afforded by the web.

The school’s first course is the Social Media Marketing Program, which entitles participants to a number of text guides as well as a series of video lectures led by a solid roster of industry veterans. Each lecture will be streamed live via Livestream, and students in the program will be able to submit questions live via an integrated chat box. The course will begin in about a week and a half.

The school is charging $147 per month, and plans to offer new content on a rolling basis.

Tuesday, August 11, 2009

The cost of prevention is real, the cost of a breach is hypothetical until it occurs.

August 10, 2009

The True Cost of a Data Security Breach: The Heartland Case Study

While not enough information has been released to know the full measure of the Heartland data breach, bits and pieces have come and and we can begin to understand the impact to a company that has a serious data security breach. Kevin Prince of Perimeter eSecurity touched on this subject in a series of data breach studies he has done over the past couple of years. In his examples, sometimes there seemed to be a clear relationship between a companies stock price and the announcement or public awareness of a data security breach. Other times the correlation could not be made.

Look for yourself in the case of Heartland in the attached graph of the Heartland stock ticker over the past year.

… Not only did Heartland have approximately a 40% stock drop the day this was announced, the stock continued to drop for some time. Heartland recently announced their Q2 2009 financials which includes the cost and write-offs associated with the data security breach. [Article]

They specifically noted that $.32/share was the write-off amount associated with resolving issues with their data security breach. They said this was associated with the $19.4 million dollars it cost them to settle these issues. This resulted in a quarterly loss of 2.6 million ($.07/share) for Q2.

This also does not include the money they are putting into deploying end-to-end encryption which is their answer.

It should be noted that both Visa and Mastercard have said that Heartland was not PCI compliant at the time the breach occured. [...but Heartland had passed their last PCI Audit, so this is likely just the credit card companies spin on their security failure. Bob]

Unreal statistic. If 69% of the Fortune 500 had a 40% stock drop, we'd have a recession... Oh, wait... It can't be that bad in the US, can it?

Australian data breaches on the increase

August 11, 2009 by Dissent Filed under Breaches, Non-U.S.

Almost 70 percent of Australian businesses and organisations were hit by one or more data breach incidents in the past year, a major increase on the situation in the previous 12 months.

IT security professionals at 482 enterprises were surveyed and 69 percent of the organisations had been hit once or more – up from 56 percent in the previous year – while the number of firms (41%) experiencing multiple breaches, or more than two data loss incidents, rose by 28 percent over the previous year.

Data protection company, PGP Corporation, has released the results of the second annual study by The Ponemon Institute, which also revealed that of those organisations that did admit to a breach in the last 12 months, 65 percent were never publically announced, as there was no legal or regulatory requirement to disclose the incidents.

Read more on ITWire.

(Related) Yep, it can.

Press Release: 85% of US Organizations Hit by One or More Data Breaches within the Last Twelve Months

Even in the land of cheap labor, technology has a place. Imagine the number of cameras it will take to match the coverage in the UK.

China to expand surveillance cameras

August 11, 2009 by Dissent Filed under Non-U.S., Surveillance

China’s police say they have installed 2.75 million surveillance cameras since 2003 and are expanding the system into the largely neglected countryside.

The cameras are the most visible components of police surveillance and notification systems installed around the country, mainly in urban areas, according to a news release posted Monday on the Public Security Ministry’s Web site.

Read more from the AP in the Chicago Tribune.

When I say surveillance is ubiquitous, I mean it's everywhere... (Imagine the intelligence that software vendor is gathering if there is a backdoor in the their spyware...)

Saudi women use spyware to monitor spouses’ activity

August 11, 2009 by Dissent Filed under Internet, Non-U.S., Surveillance

Women in Saudi Arabia are randomly loading spyware on the desktops, laptops, and other electronics related to the Internet of their husbands to monitor for unfaithfulness or attempts at infidelity.

Say experts that spyware is referred to any stealthy, malicious PC software which gathers personal information transmitted via the Internet.

Reportedly, the software that Saudi women are using is comparatively costly about SR 1,000 (US$267), however, it seems to be easy to plant while hard to discover. Further for a nation where women are not without reason to fear their spouses’ behavior like suddenly marrying a new girl, the temptation of following the movements of a probable errant husband is nothing unnatural.

Nevertheless according to scholars in the Islamic community, this act of spying goes against the Shariah law for, Islam supports privacy protection and the new software undoubtedly violates it outright. Also as per Sheikh Saleh Bin Abdullah al-Shamrani, a religious expert and an Islamic Culture Professor at the Scientific Institute, Shariah law forbids all forms of computer spying. ASHARQ ALAWSAT reported this on July 24, 2009.

Read more on SPAMfighter.

Opting out takes work! You have to be smarter than all the marketing department schemes ever invented.

You Deleted Your Cookies? Think Again

By Ryan Singel Email Author August 10, 2009 7:39 pm

More than half of the internet’s top websites use a little known capability of Adobe’s Flash plugin to track users and store information about them, but only four of them mention the so-called Flash Cookies in their privacy policies, UC Berkeley researchers reported Monday.

Unlike traditional browser cookies, Flash cookies are relatively unknown to web users, and they are not controlled through the cookie privacy controls in a browser. That means even if a user thinks they have cleared their computer of tracking objects, they most likely have not.

Should this be classes as surveillance or health care? (When your coverage runs out, a simple click of the mouse shuts off your pacemaker.) We'll need to read the health care bill (if they ever produce one) carefully for terms like “full use of technology” or “instant access to medical devices” We'll also have to watch what the hackers are doing more closely.

First Internet-Connected Pacemaker Goes Live

Posted by ScuttleMonkey on Monday August 10, @01:41PM from the jailbreak-your-heart dept.

The Register is reporting that a New York woman has become the first person to have their pacemaker wirelessly connected to the internet for full-time monitoring.

"The device contains a radio transmitter which connects to receiving equipment in New Yorker Carol Kasyjanski's home, using a very low-power signal around 400MHz, to report on the condition of her heart. Any problems are instantly reported to the doctor, and regular checkups can be done by remotely interrogating the home-based equipment — the pacemaker itself doesn't have an IP address, fun as that would be."

Why is the Internet such a great tool for surveillance?

MySpace generation happier to talk online than real life

The MySpace generation is more able to talk about themselves online than in the flesh, a survey suggests.

Published: 7:00AM BST 10 Aug 2009

… A survey of British MySpace users aged 14 to 21 found that 36 per cent found it easier to talk about themselves online than in the real world and thought their online friends knew more about them than their off-line ones. [I've long been an advocate of online psychiatry. True anonymity is the best way to learn what you patients are really thinking. (but where do you send the bill?) Bob]

Google's CEO was a big Obama supporter. Does this suggest that it pays to have the President's ear?

U.S. web-tracking plan stirs privacy fears

August 11, 2009 by Dissent Filed under Govt, Internet, Surveillance

The Obama administration is proposing to scale back a long-standing ban on tracking how people use government Internet sites with “cookies” and other technologies, raising alarms among privacy groups.

A two-week public comment period ended Monday on a proposal by the White House Office of Management and Budget to end a ban on federal Internet sites using such technologies and replace it with other privacy safeguards. The current prohibition, in place since 2000, can be waived if an agency head cites a “compelling need.”


Two prominent technology policy advocacy groups, the Electronic Privacy Information Center and Electronic Frontier Foundation, cited the terms of a Feb. 19 contract with Google, in which a unnamed federal agency explicitly carved out an exemption from the ban so that the agency could use Google’s YouTube video player.

The terms of the contract, negotiated through the General Services Administration, “expressly waives those rules or guidelines as they may apply to Google.” The contract was obtained by EPIC through a Freedom of Information Act request.

“Our primary concern is that the GSA has failed to protect the privacy rights of U.S. citizens,” EPIC Executive Director Marc Rotenberg said. “The expectation is they should be complying with the government regulations, not that the government should change its regulations to accommodate these companies.”

Read more in The Washington Post.

Google is so old school – try the new Google!

Google Previews New Search Infrastructure

Posted by kdawson on Tuesday August 11, @03:01AM from the not-standing-still dept.

Google has announced a "developer preview" of a new search infrastructure, though one wouldn't have to be a developer to try it out. Google is asking for feedback on how the search results in the new regime stack up against the old. Matt Cutts has posted a mini FAQ. Some early testing indicates that the new search may be faster in some cases, and return more relevant results, than the old one. Those who attempt to game Google search for a living will be scrambling henceforth. Has anyone identified the new crawler bot in log files?

Global Warming! Global Warming! For God's sake, don't tell Al Gore!

Earth's Period of Habitability Is Nearly Over

Posted by kdawson on Tuesday August 11, @05:38AM from the nice-while-it-lasts dept.

xp65 writes

"Scientists at this year's XXVIIth General Assembly of the International Astronomical Union in Rio de Janeiro, Brazil agree that we do not yet know how ubiquitous or how fragile life is, but that: 'The Earth's period of habitability is nearly over on a cosmological timescale. In a half to one billion years the Sun will start to be too luminous and warm for water to exist in liquid form on Earth, leading to a runaway greenhouse effect in less than 2 billion years.' Other surprising claims from this conference: that the Sun may not be the ideal kind of star to nurture life, and that the Earth may not be the ideal size."

Humor: Go to Google and type in the search phrase “twitter is “and look at the suggested phrases.