Saturday, September 12, 2009

At last, the world is safe from Identity Theft!

Hacker Gonzalez Pleads Guilty to 20 Charges

September 11, 2009 by admin Filed under Hack, Of Note

Grant Gross of IDG News Service reports:

Hacker Albert Gonzalez, accused of masterminding the massive data thefts at BJ’s Wholesale Club, TJX and several other retailers, has pleaded guilty to 19 charges related to computer hacking and credit card fraud, the U.S. Department of Justice said.

Gonzalez, 28, of Miami, was a member of a group of hackers that stole more than 40 million credit and debit card numbers from TJX, BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble and Sports Authority, the DOJ said. He pleaded guilty Friday to 19 counts of conspiracy, computer fraud, wire fraud, access device fraud and aggravated identity theft in U.S. District Court for the District of Massachusetts.

Read more on PC World.

The press release from the Department of Justice:

[I'll skip the 'patting-myself-on-the-back' parts Bob]

According to the indictments to which Gonzalez pleaded guilty, he and his co-conspirators broke into retail credit card payment systems through a series of sophisticated techniques, including “wardriving” and installation of sniffer programs to capture credit and debit card numbers used at these retail stores. Wardriving involves driving around in a car with a laptop computer looking for accessible wireless computer networks of retailers. Using these techniques, Gonzalez and his co-conspirators were able to steal more than 40 million credit and debit card numbers from retailers. Also according to the indictments, Gonzalez and his co-conspirators sold the numbers to others for their fraudulent use and engaged in ATM fraud by encoding the data on the magnetic stripes of blank cards and withdrawing tens of thousands of dollars at a time from ATMs. According to the indictments, Gonzalez and his co-conspirators concealed and laundered their fraud proceeds by using anonymous Internet-based currencies both within the United States and abroad, and by channeling funds through bank accounts in Eastern Europe.

Based on the terms of the Boston plea agreement, Gonzalez faces a minimum of 15 years and a maximum of 25 years in prison. Based on the New York plea agreement, Gonzalez faces up to 20 years in prison, which the parties have agreed should run concurrently. He also faces a fine of up to twice the pecuniary gain, twice the victims’ pecuniary loss or $250,000, whichever is greatest, per count for the Boston case and a maximum fine of $250,000 for the New York case. Gonzalez also agreed to an order of restitution for the loss suffered by his victims, and forfeiture of more than $2.7 million as well as multiple items of real estate and personal property, including a condo in Miami, a 2006 BMW 330i, a Tiffany diamond ring and Rolex watches. Included in the forfeited currency is more than $1 million in cash, which Gonzalez had buried in a container in his backyard. [What? He didn't trust the banks? Can't imagine why... Bob] Sentencing is scheduled for Dec. 8, 2009.

Gonzalez remains under indictment for charges brought in August 2009 by the U.S. Attorney’s Office for the District of New Jersey of conspiring to hack into computer networks supporting major U.S. retail and financial organizations and steal credit and debit card numbers from those entities. Among the corporate victims named in that indictment are Heartland Payment Systems, a New Jersey-based card payment processor; 7-Eleven Inc., a Texas-based nationwide convenience store chain; and Hannaford Brothers Co. Inc., a Maine-based supermarket chain. Charges in that case remain pending.

If you take this posture, you had better be right...

RBS WorldPay downplays database hack reports

September 11, 2009 by admin Filed under Breach Incidents, Financial Sector, Hack, Non-U.S.

John Leyden reports:

RBS WorldPay and a hacker are at loggerheads over the seriousness of a supposed breach on websites run by the payment processing firm.

Security shortcomings - since blocked - on RBS WorldPay website exposed confidential information, including admin passwords and the contact details of partners, according to blog posts by Romanian hacker Unu.

The grey-hat hacker previously exposed similar problems on the websites of the UK parliament and HSBC France, among many others. As before he published screenshots to back up his latest claims.


In a statement issued on Friday afternoon, RBS WorldPay said that a security audit has established that access to either merchants or cardholder accounts was not possible via any of the reported vulnerabilities.

Read more on The Register.

(Related) Much better! A true “We care about our customers” approach. This tack leaves you plenty of wiggle room. You can always use the “previously unknown vulnerability” card later, if needed.

Hilton Grand Vacations uncertain whether customer data was viewed or compromised

September 11, 2009 by admin Filed under Breach Incidents, Business Sector

On September 3, Hilton Grand Vacations notified (pdf) the New Hampshire Attorney General’s Office that they

… recently became aware that certain information submitted to Hilton Grand Vacations as part of credit applications or Vacation Introduction Program purchases may have been viewed by an unauthorized person. Although we do not know for certain, it is possible that name, social security number, and date of birth may have been viewed and possibly compromised. It appears that unauthorized access to this information could have begun as early as February 2009.

The company said that it would be notifying 2,304 individuals, 7 of whom are New Hampshire residents. Those notified were offered free credit monitoring services.

Doesn't the White House have a FriendFeed account? Perhaps now you could really nuke your enemies...

A Nice Big FriendFeed Bug: Impersonate Anyone!

by MG Siegler on September 11, 2009

This should be interesting. The Judge here is the one who excoriated lawyers for the Dept of Interior on several occasions for lame arguments and a poor understanding of the facts & technology.

Attorneys Can See Classified Info in Coffee Table Spy Suit

By Kim Zetter Email Author September 11, 2009 3:28 pm

A federal judge in Washington has ordered the government to grant security clearances to lawyers on both sides of a lawsuit claiming illegal spying against a DEA agent, in a ruling that challenges the government’s long-held claim that the executive branch alone has the authority to determine who can access classified material.

The attorneys in the case, which was noted by Secrecy News, need the security clearances to obtain classified knowledge held by their clients so they can adequately argue the lawsuit, the judge said, in an August 26 ruling supported by attorneys on both sides of the lawsuit, but bitterly opposed by the government.

… Judge Lamberth was, until 2002, presiding judge for the Foreign Intelligence Surveillance Court, which is responsible for approving government requests for wiretaps and other types of surveillance in the U.S. in cases involving foreign intelligence.

(Related) and timely?

A History of Wiretapping

Posted by Soulskill on Saturday September 12, @09:16AM from the i-blame-the-telegraph dept.

ChelleChelle writes

"Wiretapping technology has grown increasingly sophisticated since the police first began to utilize it as a surveillance tool in the 1890s. What once entailed simply putting clips on wires has now evolved into building wiretapping capabilities directly into communications infrastructures (at the government's behest). In a modern society, where surveillance is often touted as a way of ensuring our safety, it is important to take into consideration the risks to our privacy and security that electronic eavesdropping presents. In this article, Whitfield Diffie and Susan Landau examine these issues, attempting to answer the important question: does wiretapping actually make us more secure?"

Is there an ethical consideration? Hardware is often treated as licensed (a la software) rather than sold, with manufacturers suing if users (not owners?) attempt to make changes (hack their cellphones, for example) While recovering your PhD Dissertation on a laptop might be important to you, to the manufacturer, it is a waste of time and resources.

Tracking Stolen Gadgets — Manufacturers' New Dilemma

Posted by Soulskill on Friday September 11, @09:59PM from the big-brother-is-on-call dept.

heptapod sends in a story from the NY Times about a growing problem for the makers of high-tech gadgets: deciding when and how it's appropriate to track a stolen device. With the advent of ubiquitous GPS and connections to services like the Kindle book store, the companies frequently have a way to either narrow down a user's location or impede use of the device. But some, like Amazon, are drawing a hard line when it comes to establishing that the device was actually stolen.

"Samuel Borgese, for instance, is still irate about the response from Amazon when he recently lost his Kindle. After leaving it on a plane, he canceled his account so that nobody could charge books to his credit card. Then he asked Amazon to put the serial number of his wayward device on a kind of do-not-register list that would render it inoperable — to 'brick it' in tech speak. Amazon's policy is that it will help locate a missing Kindle only if the company is contacted by a police officer bearing a subpoena. Mr. Borgese, who lives in Manhattan, questions whether hunting down a $300 e-book reader would rank as a priority for the New York Police Department."

Encouraging. The White House admits it doesn't always get it right the first time.

September 11, 2009

Opposition to Single Financial Risk Regulator Sways White House

WSJ: "The White House's top economic adviser, facing stiff opposition in Congress to giving the Federal Reserve more power, suggested Friday that other federal regulators could join the central bank in regulating systemic risk to the nation's financial system."

Free is good! New and Improved free is even better!!

IBM offers Lotus with extra widgets

by Tom Espiner September 11, 2009 1:13 PM PDT

IBM on Friday announced a new version of its Lotus Symphony office suite, with extra features aimed at Microsoft Office users, as part of the "ferocious competition" the company says it is in with Microsoft. At the same time, the company said it is phasing out Microsoft Office internally wherever possible.

"Users can easily drag and drop widgets directly into Lotus Symphony, distinguishing it from static office productivity tools such as Microsoft Word," said IBM in a statement.

… Symphony now integrates with Google Gadgets, Lotus Sametime, Lotus Quickr, Lotus Connections, Microsoft SharePoint, and MSN, all via widgets.

The new IBM widgets include a Team Marketplace widget that allows teams to work collaboratively on IBM and Microsoft documents; a chart-share widget; and a Symphony-to-wiki widget...

I wonder if they Googled to find all of the articles?

September 11, 2009

Summary of opposition and support for Google Books Project

Via Out of the Jungle, insightful commentary and content from a fee based Chronicle of Higher Education article, Choosing Up Sides to Hate or Love the Google Books Deal: "...And—this is what intrigues me the most—how will Judge Chin decide what role the federal courts can and should play in the creation and oversight of what almost everyone agrees will be a digital library the likes of which we have never seen before? Will he agree with Marybeth Peters, the U.S. Register of Copyrights, who told a late-to-the-game House Judiciary Committee hearing on Thursday that the settlement "inappropriately creates something similar to a compulsory license for works, unfairly alters the property interests of millions of rights holders of out-of-print works without any Congressional oversight, and has the capacity to create diplomatic stress for the United States" because of other countries' objections? (I wonder what the judge will make of the suggestion that Congress has a role to play here.)"

[From the I-School link:

"This is likely to be the last library," said School of Information adjunct professor Geoffrey Nunberg. Google's massive head start in scanning the books, and the costs involved in such work, mean it's likely that no one else will ever try to duplicate its effort, Nunberg contended — "hence the urgency of [the] questions."

Google has already scanned more than 7 million books held in private and university libraries, including many of UC's, with the intent of making them available online. An estimated two-thirds are out of print but still in copyright, and many fall into a category called "orphan books" because the copyright holder cannot be identified.

For my Security class (my Hackers already knew this) Note that the research was done in China, where the state has at least a full division of hackers.

How to short-circuit the US power grid

11 September 2009 by Paul Marks Magazine issue 2725.

PREDICTING how rumours and epidemics percolate through populations, or how traffic jams spread through city streets, are network analyst Jian-Wei Wang's bread and butter. But his latest findings are likely to spark worries in the US: he's worked out how attackers could cause a cascade of network failures in the US's west-coast electricity grid - cutting power to economic powerhouses Silicon Valley and Hollywood. [Hollywood? Bob]

Wang and colleagues at Dalian University of Technology in the Chinese province of Liaoning modelled the US's west-coast grid using publicly available data on how it, and its subnetworks, are connected (Safety Science, DOI: 10.1016/j.ssci.2009.02.002).

Tools & Techniques 'Cause you never know when you might need one...

Microsoft Word Templates

A comprehensive collection of Microsoft Word Templates, Resources and Tips

For my Computer Forensics students (and for e-Discovery?)

HTML to PDF Converter

Tools & Techniques For my hackers, to keep track of their ill-gotten gains. (Okay, it's really for my Small Business Management students.)

TAS – Free Easy To Use Financial Accounting Software

Sep. 11th, 2009 By Dean Sherwin

… This is aimed at self-employed people, small businesses and start-ups. It’s incredibly easy to use. And when I say ‘easy’ I mean animated instructions, pictures and tutorials that will still result in professional-looking accounts ready to be filed away.

Firstly, download TAS Books basic for free here.

Friday, September 11, 2009

No surprise.

Unlearned Lessons of ChoicePoint, Four Years Later

September 11, 2009 by admin Filed under Commentaries and Analyses

Bill Brenner writes:

It's been four years since data broker ChoicePoint acknowledged the data security breach that put it in the middle of a media firestorm and pushed data protection to the top of the infosecurity community's priority list.

Since then, the business world has made plenty of progress hardening its data defenses -- thanks in part to industry standards like PCI DSS and data breach disclosure laws (click to see state-by-state map) now in place.

But the latest data breach to grab headlines illustrates how vulnerable organizations remain to devastating network intrusions.

Read more on CIO.

[From the article:

"All the improvements have come from SB 1386 and other disclosure laws, and as far as I can tell awareness to data risks hasn't increased significantly," says security industry veteran Richard Stiennon.

Business owners are still "woefully ignorant" of the threat to their data, he says, adding that while they've fumbled along trying to reach certain compliance requirements, the threat has gone from what it was four years ago to a full-scale economy of people stealing and selling credit card information.

Local. Will a laptop or cellphone or other electronic device become “probable cause” in Colorado?

Boulder ID theft summit: Fighting crime bit by byte

Law enforcement gets lesson in electronic crimes

By John Aguilar Camera Staff Writer Posted: 09/10/2009 10:49:53 PM MDT

Police pulling someone over these days must look for more than a handgun tucked into the console or a knife hidden underneath the driver's seat.

… "This stuff's out there -- you can buy it," Feffer said.

And that means local law enforcement needs to be aware of it, Feffer said, and know how to recognize the signs that someone may be perpetrating electronic crimes -- be it in the realm of credit card theft, child pornography or identity theft.

… Boulder Police Chief Mark Beckner said electronic crimes and identity theft have become pressing enough problems for his department that he plans by spring to have a computer forensic detective on staff.

Another state takes a stab at a “compensation” law.

Identity theft victims could seek compensation

September 10, 2009 by WLKM

Identity theft victims will be able to seek compensation for the time and effort it takes to clean up damaged credit history under legislation approved Wednesday (September 9th) by lawmakers, state Rep. Matt Lori announced.

The bipartisan package of identity theft protection bills also updates Michigan law by better defining what constitutes identity theft and increasing penalties. House Bill 4737, sponsored by Lori, makes victims of identity theft eligible for restitution from the Michigan Crime Victim Compensation Fund.

Interesting stats

Universities and Their Students Can Be Identity Theft Hacker`s "Dream"

Thu Sep 10, 2009 1:37pm EDT

… Identity Theft 911`s September newsletter, "Academia at Risk," examines a growing problem that makes American universities easy targets for hackers and identity thieves. Since 2005, data breaches at major institutions such as the Univ. of Miami, UCLA, Univ. of Fla., Ohio Univ., USC, Berkley-Calif., Boston College and others have affected more than 6.6 million personal records.

[Find the newsletter at:

I'm sure there are places that will allow you to barter for goods, using you chickens instead of that newfangled “money”

Google developing payment platform for newspapers: Nieman

September 9th, 2009

Harvard University's Nieman Journalism Lab said that Google had submitted a payment platform proposal to the Newspaper Association of America in response to a request made by the NAA to several major technology companies.

Google is not the only company seeking to develop a payment platform for newspapers.

A companion for your “anonymous email” account

Create Free Temporary Phone Numbers Easily With INumbr

Sep. 11th, 2009 By Karl L. Gechlik

Have you ever posted a Craigslist ad with your phone number? If you have not, trust me it is far from a good idea. You will wind up with whackos calling you in addition to voice spammers adding your phone number to their repository or database. I normally allow Craigslist to create one of their disposable email addresses and it simply forwards the email to your account.

This is exactly what iNumbr does for phone numbers. The free, temporary phone number you give out simply forwards to a number specified by you and then it will expire or self-destruct when you want it to!

Thursday, September 10, 2009


Heartland: Judge to Hear Motions to Dismiss Suits

September 9, 2009 by admin Filed under Financial Sector, Hack, Malware, Of Note, U.S.

Linda McGlasson of updates us on the status of lawsuits against Heartland Payment Systems and Heartland’s motion to dismiss:

There are two class action suits — one on the consumer side and the second on behalf of the financial institutions affected by the massive breach. Earlier in June, a Multidistrict Litigation (MDL) panel decided the suits would be held in Houston.

A separate set of securities cases, all filed in New Jersey, will be consolidated and brought to one court later this fall. The MDL panel will decide on those cases in October, Coffman notes. “Heartland is trying to get them consolidated and heard in Houston as well,” he says.


Coffman said that the biggest battle during the August 24 hearing was discovery; specifically, what Heartland will be required to produce now and what will be deferred until next spring after Heartland’s anticipated motion to dismiss is argued. Heartland already has filed a motion with the Court asking that all discovery be stayed until after the Court rules on the motion to dismiss. Coffman anticipated that the Court will rule on Heartland’s motion to stay discovery shortly.

Read the full coverage on

[From the article:

Coffman estimates that the number of financial institutions impacted by the data breach is much higher than the 670 reported on BankInfoSecurity's list ( Coffman believes the list probably reflects only about 20 percent of the institutions that have replaced compromised credit cards and debit cards and absorbed their customers' unauthorized charges.

“We can, therefore we must!” Sears wanted to know everything about you so they can sell you the appropriate Craftsman wrench? I suspect there is a more sinister reason. (But then, I'm a professional paranoid.)

FTC approves final consent order in Sears tracking software case

September 9, 2009 by Dissent Filed under Businesses, Featured Headlines, Govt, U.S.

The Federal Trade Commission has approved a final consent order in the matter of Sears Holdings Management Corporation, following a public comment period, and authorized the staff to provide responses to the commenters of record. According to the FTC’s administrative complaint, Sears represented to consumers that software it was placing on their computers would track their “online browsing.” The FTC charged, however, that the software also monitored consumers’ online secure sessions – including sessions on third parties’ Web sites – and collected consumers’ personal information transmitted in those sessions, such as the contents of shopping carts, online bank statements, drug prescription records, video rental records, library borrowing histories, and the sender, recipient, subject, and size for Web-based e-mails.

According to the Commission, the software also tracked some computer activities that were not related to the Internet. Only in a lengthy user license agreement, available to consumers at the end of a multi-step registration process, did Sears disclose the full extent of the information the software tracked. The complaint charged that Sears’s failure to adequately disclose the scope of the tracking software’s data collection was deceptive and violates the FTC Act.

Under the consent order settling the charges, in addition to destroying information previously collected, if Sears advertises or disseminates any tracking software in the future, it must clearly and prominently disclose the types of data the software will monitor, record, or transmit. This disclosure must be made prior to installation and separate from any user license agreement. Sears also must disclose whether any data will be used by a third party.

The Commission vote approving the final order was 4-0. (FTC File No. 082-3099)

Source: FTC

Related: Decision and Order. Other case-related documents are linked from here.

Canada is dealing with some serious Privacy issues – and not always getting it right... Could this infect our Congress?

Protecting Privacy for Canadians in the 21st Century”

September 10, 2009 by Dissent

Resolution of Canada’s Privacy Commissioners and Privacy Enforcement Officials on Bills C-46 and C-47

(Related) Eliminate the need for warrants

Privacy commissioners urge caution on expanded surveillance plan

September 10, 2009 by Dissent

(Related) “It's for the children.”

B.C. private schools hire private eyes to check parental gang ties

September 9, 2009 by Dissent Filed under Non-U.S., Youth

Sam Cooper reports:

Several Vancouver private schools are screening applicants to determine if their families are linked to gangs and pose a risk to students and staff.

“We have recently been engaged by private schools in the Vancouver area to conduct due diligence on the families of prospective students,” Kim Marsh, managing director of private investigation firm IPSA International, confirmed to the Vancouver Province.

Marsh, a former RCMP inspector who headed a police organized-crime unit, won’t identify the schools, for privacy reasons, but he acknowledged “it’s fair to say” his business has increased following the shooting of West Point Grey Academy parent Betty Yan, in April.


Inevitable? It should be interesting to see if they only offer objections or actually have a better idea. At minimum, we should assemble an “Arguments, Pro & Con” database so IP Law students can see what they will face.

Microsoft Blasts Google Book Deal

Posted by samzenpus on Thursday September 10, @04:50AM from the shaking-the-corporate-fist dept.

eldavojohn writes

"With authors, scholars, the DoJ and publishers ripping apart the Google book deal, it's Microsoft's turn. They're claiming it's frankly an illegal 'joint venture' and not a settlement. According to ZDNet, Microsoft's four complaints against the deal are:

1) Future infringements are covered by the settlement, affecting the exclusive rights of absent class members for the life of their copyrights.

2) The deal gives away to Google vast rights that were not contested in the underlying litigation. The lawsuits dealt with Google's displaying brief excerpts. Instead of compromising on that infringement, the parties instead agreed to give away the rights to display entire books.

3) The publishers who negotiated this deal each have undisclosed side deals with Google, which will likely give them better terms than the class will get.

4) The publishers plan to exclude their own works from the deal.

You might recall over a year ago Microsoft's own scanning effort died."


Microsoft’s Objections to the Proposed Settlement in the Google Books Lawsuits

Posted by David Bowermaster, Blog Administrator

Today, Microsoft filed a brief with the U.S. District Court for the Southern District of New York raising several objections to the proposed settlement in the copyright infringement lawsuits filed against Google in 2005 related to Google Books. You can find the brief here.

Microsoft's objections are among many filed raising concerns about the proposed settlement. Click here to view an index to other objections filed by a wide array of authors, publishers, academics, libraries, consumer advocacy groups, non-profit organizations, and companies around the world. Objections have also been filed recently by several governments, including Germany, France and the state of Connecticut.

Microsoft is sneaky-smart. It does you no good to be the best tool for the job if no one knows... That's where search keyword related adds come in...

Bing Loves The Porn Hounds

by Michael Arrington on September 9, 2009

Bing is an excellent search engine. For one thing the surprising early reviews probably forced Yahoo’s hand as they entered into one of the dumber corporate transactions I’ve ever seen. So, kudos to Bing. Golf clap. Etc.

But one thing about Bing really stands out – it may be the best porn search engine ever created (see Badda-Bing Indeed). In private conversations Microsoft employees always said that the porn search feature was an unintended byproduct of good video search. But we always wondered if that was true.

Anyway, in May we noticed Bing ads on Google, which seemed a little ironic to us given how seriously the two companies compete with each other.

But one thing we didn’t notice until now is that Bing is also advertising on Google for the query “pornography.”

I need to use these in my classes.

September 09, 2009

Sunlight Labs Posts Apps for America Winners

The Apps for America Winners [via Abi Morgan]:

  • DataMasher: "DataMasher helps citizens have a little fun with those data by creating mashups to visualize them in different ways and see how states compare on important issues. Users can combine different data sets in interesting ways and create their own custom rankings of the states."

  • GovPulse: "govpulse was built to open the doors of government to the people they work for. By making such documents as the Federal Register searchable, more accessible and easier to digest, govepulse seeks to encourage every citizen to become more involved in the workings of their government and make their voice heard on the things that matter to them, from the smallest to the largest issues."

  • ThisWeKnow: "Our long-term vision for ThisWeKnow is to model the entire catalog and make it available to the public using Semantic Web standards as a large-scale online database. ThisWeKnow will provide citizens with a single destination where they can search and browse all the information the government collects. It will also provide other application developers with a powerful standards-based API for accessing the data."

(Related) For the next few years, Democrats will be defined as “well-off and well-educated” – making Republicans poor and ignorant.

September 09, 2009

Pew Report: The Internet and Civic Engagement

The Internet and Civic Engagement, September 2009: "Just as in offline politics, the well-off and well-educated are especially likely to participate in online activities that mirror offline forms of engagement. But there are hints that social media may alter this pattern."

Geeky indulgence? Should be a source of interesting videos for my classes.


The best online video search application where in which you can learn your favorite programming languages (or) can be familiar with upcoming designing tools (or) can view and listen what experts says in the online seminars and conferences (or) interviews with experts (or) useful advice from an expert and more can be viewed at one place.

Not sure BASIC is the best way to start, but at least it IS a start.

Learn How To Program With Microsoft’s SmallBasic

Sep. 9th, 2009 By Guy McDowell

Somebody at Microsoft is doing things right in my humble opinion. What they’ve done with Small Basic is reintroduce hand-coding software, but with just a little less help than drag-and-drop or WYSIWYG interface.

Wednesday, September 09, 2009

Golly Gee Willikers, perhaps that warrantless wiretapping was worth it?

NSA-Intercepted E-Mails Helped Convict Would-Be Bombers

By Kim Zetter September 8, 2009 6:26 pm

For my Business Continuity class

Data Breaches: Patterns and Their Implications

What can we learn from statistical analysis of data breaches? Luther Martin digs in.

By Luther Martin, Voltage Security

September 08, 2009 — CSO — One problem that every information security organization faces is how to accurately quantify the risks that they manage. In most cases, there is not enough information available to do this, but there is now enough known about data breaches to let us draw interesting conclusions, some of which may even have implications in other areas of information security.

(Editor's note: See Bruce Schneier's analysis of ALE in Security ROI: Fact or Fiction?)

For my Forensics students. When your browser keeps your passwords for you, you tend to forget them. Here's a way to retrieve them.


FirePasswordViewer is the GUI version of popular FirePassword tool designed to decrypt sign-on secrets stored by Firefox. Firefox records the login details such as username and password for every website authorized by the user and stores them in the sign-on database file in encrypted format.

For my Hacking students (I request books like this through my locallibrary.)

New Book "Hacking: The Next Generation"

By Nitesh Dhanjani September 5, 2009

With the advent of rich Internet applications, the explosion of social media, and the increased use of powerful cloud computing infrastructures, a new generation of attackers has added cunning new techniques to its arsenal. For anyone involved in defending an application or a network of systems, Hacking: The Next Generation is one of the few books to identify a variety of emerging attack vectors.

Short, but on point!

German bloggers’ Internet Manifesto on journalism’s future makes waves

by Markus Goebel on September 9, 2009

After stirring up their own country, the German blogger elite has launched an international version of their Internet Manifesto in English. Fifteen authors of Germany’s most popular blogs have signed a declaration about How journalism works today. The 17 articles run down from statements like “the Internet is different” and “the Internet improves journalism” to sideswipes like “tradition is not a business model” and “the web constitutes an infrastructure for social exchange superior to that of 20th century mass media”. The manifesto is causing a lot of interest and briefly took the site out at one stage.

Why doesn't everyone love Google?

National coalition of authors urge rejection of Google Book Search deal

September 8, 2009 by Dissent Filed under Court, Featured Headlines, Internet

From EFF:

A coalition of authors and publishers—including best-sellers Michael Chabon, Jonathan Lethem, and technical author Bruce Schneier—is urging a federal judge to reject the proposed settlement in a lawsuit over Google Book Search, arguing that the sweeping agreement to digitize millions of books ignores critical privacy rights for readers and writers.

The group of more than two dozen authors and publishers, represented by the Electronic Frontier Foundation (EFF), the American Civil Liberties Union (ACLU), and the Samuelson Law, Technology, and Public Policy Clinic at the University of California, Berkeley, School of Law (Samuelson clinic), filed an objection to the settlement today. The coalition is concerned that Google’s collection of personal identifying information about users who browse, read, and make purchases online at Google Book Search will chill their readership.

For today’s filing:…

For more on this case:

Too accurate? Dilbert insightfully defines the future of Intellectual Property.

Just a thought, but if Twitter is suspending accounts because of “trends” (assumption is SPAM?) would they cut off accounts reporting on a major disaster?

Tweeting About The Gov 2.0 Summit May Cause Serious Account Suspension

by Robin Wauters on September 9, 2009

… Published author and blogging expert Debbie Weil also got banned from Twitter for the time being, and assumes it has something to do with the fact that the hashtag #gov20e was a trending topic yesterday and may have caused Twitter to automatically suspend the accounts of several users who have been keeping busy tweeting about and from the event using the identifier. Well in that case at least the company’s trying to combat spam.

Ah the power of my blog! I asked for this and got an immediate response!

Telecommunications Rate Comparison Main Page

The following links provide the specific information for:

Wireline (Landline)

"*"Wireless (Cellular)

"*"Voice Over Internet Protocol (VoIP)

"*"Long Distance and Prepaid Calling Cards

Congressional Twit: “Mtg w lobyst. Lrg campain donation convinces me. LAW2B” (Laughing all the way to the bank)

September 08, 2009

New Political Realtiy of Web 2.0 - Connecting With the Public Via Microblogging

Newsweek: Who’s Winning the Twitter Wars? How Democratic and Republican politicians use the popular microblogging service.

  • "For the foreseeable future, Republicans will continue to broadcast their message widely,while the left-most wing of the Democratic Party mounts a quiet, steady defense. Strategists on both sides agree that Twitter—or at least, the short-form communication that Twitter has pioneered—will be crucial to campaigns for years to come. It turns out that a powerful message can indeed be delivered with only 140 characters."

Two displays to 'emulate' the two pages of an open book? Is this the right direction for e-reader design? Should it become ever more book-like or move into new areas? I strongly suspect the latter.

Asus Plans Dual-Display E-Reader

Posted by kdawson on Tuesday September 08, @09:52PM from the blurring-the-lines dept.

adeelarshad82 writes

"Yet more confirmation has emerged that Asus plans its own e-book reader. An Asus representative in the UK appears to have confirmed this, with the additional details that there may be a value-priced as well as a premium version. The article guesses at the price point for the low-end model — around £100 ($192). Unlike current e-book readers, which take the form of a single flat screen, the Asus device has a hinged spine, like a printed book. This, in theory, enables its owner to read an e-book much like a normal book, using the touchscreen to 'turn' the pages from one screen to the next. Asus showed off a prototype of the device at the CeBIT trade show in March."

Reader NeverBotedBush adds, "Asus's e-reader will likely have color touch screens, a speaker, a webcam, and a microphone, along with the capability to make inexpensive Skype calls." The color screen rules out using E Ink technology, so long battery life seems to be unlikely.


4 Websites With LOTS Of Completely Free Ebooks That Don’t Suck

Sep. 8th, 2009 By Simon Slangen

Planet eBook

Planet eBook is a classy site that offers classic literature for free. These books, because they’re out-of-copyright, can be offered to you in an entirely legal fashion.


ManyBooks works in the same way as Planet eBook, they offer pieces of classic literature for free that are out-of-copyright. However, where Planet eBook presents a carefully selected array of literature, ManyBooks handles in bulk (as the name truthfully implies).

Classic Reader

Classic Reader takes a conceptual place in between Planet eBook and ManyBooks. It offers noticably more books than Planet eBook (3,629 titles at the time of writing), its material is still more selected (by a 1-man Canadian company) and controlled.


Contrary to the three previously mentioned sites, PublicBookshelf is NOT filled with works of classic literature. Instead, PublicBookshelf relies completely on new, promising authors who publish online as a means of promoting their printed books.

[...and my own favorite:

the Baen Free Library

Banned in Bob's class! (Yes, I'm cruel, that's what professor means! (^_~) )

15 Popular Codes For Smiley Faces & Their Meanings

Sep. 8th, 2009 By Tina

Tuesday, September 08, 2009

“Surprise! Surprise! Surprise!” G. Pyle

Anonymized” data really isn’t—and here’s why not

September 8, 2009 by Dissent Filed under Other

Nate Anderson writes:

The Massachusetts Group Insurance Commission had a bright idea back in the mid-1990s—it decided to release “anonymized” data on state employees that showed every single hospital visit. The goal was to help researchers, and the state spent time removing all obvious identifiers such as name, address, and Social Security number. But a graduate student in computer science saw a chance to make a point about the limits of anonymization.

Latanya Sweeney requested a copy of the data and went to work on her “reidentification” quest. It didn’t prove difficult.

Read more on Ars Technica

[The full paper:

On the other hand, here is a source of overly-identified personal data. What a hacker target!

What the DHS Knows About You

Posted by kdawson on Tuesday September 08, @08:13AM from the shirt-size-and-toothbrush-color dept.

Sherri Davidoff writes

"Here's a real copy of an American citizen's DHS Travel Record, retrieved from the US Customs and Border Patrol's Automated Targeting System and obtained through a FOIA/Privacy Act request. The document reveals that the DHS is storing: the traveler's credit card number and expiration; IP addresses used to make Web travel reservations; hotel information and itinerary; full airline itinerary including flight numbers and seat numbers; phone numbers including business, home, and cell; and every frequent flyer and hotel number associated with the traveler, even ones not used for the specific reservation."

Interesting in that this was not supposed to have been politically motivated. (I don't believe that either.) If there were racial/religious/gender questions, would they be allowed to ask those questions? Should “politics” be a protected class? Can there be an 'all Republican' jury of your peers?

Student accused of accessing Palin’s email can’t screen jury on political views

September 7, 2009 by Dissent Filed under Breaches, Court, U.S.

The Associated Press reports that a federal judge in Knoxville denied a request by lawyers for David C. Kernell to screen potential jurors by questionnaire about their political views and their attitudes about Sarah Palin.

Kernell is on trial after being indicted (pdf) for accessing Palin’s e-mail account. He allegedly figured out the correct answers to her personal security questions by using information about her available on the Web.

Thanks to Brian Honan for this link.


Password Hackers Do Big Business With Ex-Lovers

Posted by ScuttleMonkey on Monday September 07, @12:46PM from the time-to-get-sneakier dept.

Hugh Pickens writes

"The Washington Post reports that disgruntled lovers and spouses considering divorce are flocking to services like that boast they have little trouble hacking into Web-based e-mail systems like AOL, Yahoo, Gmail, Facebook and Hotmail. The services advertise openly, and there doesn't appear to be much anyone can do about it because while federal law prohibits hacking into e-mail, without further illegal activity, it's only a misdemeanor, says Orin Kerr, a law professor at George Washington University. 'The feds usually don't have the resources to investigate and prosecute misdemeanors,' [Unless they are aimed at Politicians. Bob] says Kerr. 'And part of the reason is that normally it's hard to know when an account has been compromised, because e-mail snooping doesn't leave a trace.' It's not clear where is located, but experts suspect that most password hacking businesses are based overseas."

Did Thomas Jefferson get it wrong? Technology has no effect, does it?

The "Copyright Black Hole" Swallowing Our Culture

Posted by Soulskill on Monday September 07, @02:25PM from the sanity-optional dept.

An anonymous reader writes

"James Boyle, professor at Duke Law School, has a piece in the Financial Times in which he argues that a 'copyright black hole is swallowing our culture.' He explains some of the issues surrounding Google Books, and makes the point that these issues wouldn't exist if we had a sane copyright law. Relatedly, in recent statements to the still-skeptical European Commission, Google has defended their book database by saying that it helps to make the Internet democratic. Others have noted that the database could negatively affect some researchers for whom a book's subject matter isn't always why they read it."

(Related) and highly amusing...

Copyright Troubles For Sony

Posted by kdawson on Tuesday September 08, @05:19AM from the billion-here-billion-there dept.

ljaszcza writes

"Daily Tech brings us a story about Sony's run-in with the Mexican police. (Billboard picked up the story as well.) It seems that they raided Sony's offices and seized 6,397 music CDs after a protest from the artist, Alejandro Fernandez. Fernandez had signed a seven-album deal with Sony Music; he completed that commitment and then left for Universal. During the time with Sony, he recorded other songs that did not make it into the agreed-upon seven albums. Sony Music took it upon themselves to collect that material and release it as an eighth album. Fernandez claims that he fulfilled his contract with Sony, and residual material belongs to him. Hmm. Precedent from the Jammie Thomas infringement and distribution case gives us $80K per song. Sony vs. Joel Tenenbaum gives $22.5K per song. So 6,397 CDs at an average of 8 songs/CD is 51,176 infringing songs, with (IMHO) intent to distribute. The damages to Fernandez should be $1,151,460,000 using the Tenenbaum precedent or $4,094,080,000 using the Thomas precedent. Seems very straightforward to me."

As a follow-up to one of yesterday's articles – maybe kids DO hate talking on the phone, even to 911

Trapped kids update Facebook rather than ring police

'Little Joey is stuk in stm drain lolz'

By Patrick Goss Monday at 09:49 BST

Very much in the category of 'you couldn't make this up' comes the news that two girls trapped in a storm drain in South Australia chose to update their Facebook status to get help – rather than ringing the emergency services.

The South Australian Metropolitan Fire Service has expressed worry that the two girls – ages 12 and 10 – chose to turn to social networking rather than ringing triple zero, the Aussie equivalent of 999.

Sometimes you gotta remind yourself that the road from concept to commodity is neither short nor smooth. Thus the Gartner “Hype Cycle” chart.

Good point. Lots of comments, strangely they all seem to have been typed!

The Case For Mandatory Touch-Typing In High School

Posted by kdawson on Tuesday September 08, @02:27AM from the quick-brown-fox dept.

Hugh Pickens writes

"With the perspective of forty-plus years since my graduation, I would say the single most useful course I took in high school was a business class in touch-typing that gave me a head start for writing and with computers that I have benefited from my entire life. So it was with particular interest that I read Gordon Rayner's essay in the Telegraph proposing that schools add a mandatory course in touch typing to the cornerstones of education: reading, writing and arithmetic. 'Regardless of the career a child takes up when they leave school, a high percentage of them will use a keyboard in their daily work, and all of them are likely to use a keyboard in their leisure time,' writes Rayner. 'Touch-typing would help every child throughout their lives — so why are our schools so blind to this?'"

[Of course, you can also learn online:

...and you can get this miracle drug without a prescription! (For my Statistics class)

Placebos Are Getting More Effective

Posted by ScuttleMonkey on Monday September 07, @11:58AM from the time-to-start-treating-with-placebos dept.

Wired is reporting that the well-known "placebo effect" seems to be increasing as time goes on. Fewer and fewer medications are actually making it past drug trials since they are unable to show benefits above and beyond a placebo.

"It's not only trials of new drugs that are crossing the futility boundary. Some products that have been on the market for decades, like Prozac, are faltering in more recent follow-up tests. In many cases, these are the compounds that, in the late '90s, made Big Pharma more profitable than Big Oil. But if these same drugs were vetted now, the FDA might not approve some of them. Two comprehensive analyses of antidepressant trials have uncovered a dramatic increase in placebo response since the 1980s. One estimated that the so-called effect size (a measure of statistical significance) in placebo groups had nearly doubled over that time."

Monday, September 07, 2009

Governments are better than people. People shouldn't question governments.

Administration seeks to keep terror watch-List data secret

September 6, 2009 by Dissent Filed under Featured Headlines, Govt, Surveillance, U.S.

Ellen Nakashima reports:

The Obama administration wants to maintain the secrecy of terrorist watch-list information it routinely shares with federal, state and local agencies, a move that rights groups say would make it difficult for people who have been improperly included on such lists to challenge the government.

Intelligence officials in the administration are pressing for legislation that would exempt “terrorist identity information” from disclosure under the Freedom of Information Act. Such information — which includes names, aliases, fingerprints and other biometric identifiers — is widely shared with law enforcement agencies and intelligence “fusion centers,” which combine state and federal counterterrorism resources.

Read more in The Washington Post.

Defense strategy for the Internet Age? At minimum, a new 'theory of the crime'

Accused Killer Asks For Online Media Users' IDs

Posted by timothy on Sunday September 06, @06:16PM from the who's-poisoned-which-well dept.

SpaceGhost writes

"According to the Houston Chronicle, the attorney for a Texas man charged in the death of a four-year-old 'has asked several local media outlets to provide the names of readers and listeners who commented about his client online,' stating that his client 'was struck by the conclusions people drew about his client and the specificity of some comments that made it appear they came from people with personal knowledge of the case.' Media outlets who have been subpoenaed include The Houston Chronicle, the Conroe Courier, KHOU (Houston area Channel 11, CBS affiliate) and KTRK (Houston area Channel 13, ABC affiliate)."

Tools & Techniques Zoom and drag your image - Pictures & Much More

… you just need to indicate any image’s url and the system will give you the chance to have an interactive animation with the image and a coded so you can upload it to your site.

[For example, try this image that was the basis for “the Streisand Effect”:

Tools for stalking the government!

September 06, 2009

Political Tools and Visualizations

5 Online tools for following US government officials: "The 2008 U.S. election season may be over, but the real work has only just begun. The following tools are tracking the every move of President Barack Obama and Congress in easy to use online tools that can turn any user into a political watchdog."

Technology evolves. Blame Darwin.

Has the WebOS Finally Arrived?

Posted by timothy on Sunday September 06, @02:54PM from the alien-craft-constructed-entirely-of-buzzwords dept.

SphereOfInfluence writes

"Dion Hinchcliffe over on ZDNet declared in a new post that the Web OS has finally arrived and that businesses and IT departments must adjust to the fact that everything's starting to move to the cloud. He cites John Hagel's so-called big business shifts of the 21st century and claims cloud computing, crowdsourcing, open APIs, Software-as-a-Service are the future of the workplace. He goes on to present a compelling visual model of the Web OS circa 2009 and examples to back up some of the statements."

Oh Canada! See what happens when the nose of the camel is in the tent? Next it will be any recording device, including paper (you could write down copyrighted lyrics!)

iPod Fee Proposed For Canada

Posted by timothy on Monday September 07, @01:15AM from the when-organized-interests-meet-diffuse-ones dept.

innocent_white_lamb writes

"The Canadian Private Copying Collective is pushing for the implementation of an iPod fee in Canada to compensate them for 'losses' when people copy music to their digital music players. They have collected a fee from every CDR sold in Canada since 1997 and now want to extend that to digital music players. From the article: 'Some have argued that once they buy a CD they shouldn't have to pay again and again to listen to those songs — which they already purchased — on a personal compilation CD or on their MP3 player. But for people like Milman and Basskin, it's about recognizing the value of those works. "There has to be some sort of way to compensate the artist for the hours and the sweat and the blood and the tears and the extreme, extreme expense that goes into making music," Milman said.'"

(Related) What do you say we take the source code and create one for the US?

Cell Phone Cost Calculator Killed In Canada

Posted by Soulskill on Sunday September 06, @09:26AM from the careful-with-that-light-of-day dept. writes

"Internet and law genius Michael Geist writes about some shenanigans by the cell phone carriers and the Canadian government in his column in The Star. Canadian taxpayers funded a 'Cell Phone Cost Calculator' so that the average person could theoretically wade through the disjointed and incongruent package offerings. The calculator wound up being yanked a couple weeks before launch. Geist suggests that the major cell carriers lobbied the appropriate public officials to have the program nixed because it would bite into their profit if the general public could make sense out of pricing and fees. Geist continues, 'Sensing that [Tony] Clement (Industry Minister) was facing pressure to block the calculator, Canadian consumer groups wrote to the minister, urging him to stick with it.' Moving forward, Michael makes a novel suggestion, one that would show an immense level of understanding by the government: 'With public dollars having funded the mothballed project, the government should now consider releasing the calculator's source code and enable other groups to pick up where the OCA (Office of Consumer Affairs) left off.'"

The world, she is a changing.

Has Texting Replaced Talking For Teens?

Posted by Soulskill on Sunday September 06, @12:38PM from the children-should-be-seen-and-not-heard dept.

Hugh Pickens writes

"Sue Shellenbarger has an interesting essay in the WSJ where she talks about the 2,000 incoming text messages her son racks up every month — more than 60 two-way communications via text message every day — and her surprise that 2,000 monthly text messages is about average for today's teenagers. 'I have seen my son suffer no apparent ill effects (except a sore thumb now and then), and he reaps a big benefit, of easy, continuing contact with many friends,' writes Shellenbarger. 'Also, the time he spends texting replaces the hours teens used to spend on the phone; both my kids dislike talking on the phone, and say they really don't need to do so to stay in touch with friends and family.' But does texting make today's kids stupid, as Mark Bauerlein writes in his book ' The Dumbest Generation: How the Digital Age Stupefies Young Americans and Jeopardizes Our Future? 'I don't think so. It may make them annoying, when they try to text and talk to you at the same time,' writes Shellenbarger, adding, 'I have found him more engaged and easier to communicate with from afar, because he is constantly available via text message and responds with a faithfulness and speed that any mother would find reassuring.'"

Tools & Techniques

Trash All Your Duplicate Files with Auslogics Duplicate File Finder

Sep. 6th, 2009 By Saikat Basu

Find Dave Brubeck's “Blue Rondo A La Turk ” (for the search engine challenged: )

September 06, 2009

Google MP3 Search

MP3 SEARCH - Search mp3 download sites