Saturday, September 26, 2009

This is heading off in strange directions. I could lose my email (without notice!) because someone I have no dealings with screws up? Did they at least send this poor guy an email asking him to contact them?

Judge orders Google to deactivate user’s Gmail account, but wait, there’s more…

September 26, 2009 by Dissent Filed under Breaches, Court, Featured Headlines, U.S.

Wendy Davis reports that in the Rocky Mountain Bank case previously covered here:

In a highly unusual move, a federal judge has ordered Google to deactivate the email account of a user who was mistakenly sent confidential financial information by a bank.

The order, issued Wednesday by U.S. District Court Judge James Ware in the northern district of California, also requires Google to disclose the Gmail account holder’s identity and contact information. The Gmail user hasn’t been accused of any wrongdoing.


Some lawyers say the Ware’s order is problematic because it affects the Gmail account holder’s First Amendment rights to communicate online, as well as his or her privacy rights.

“It’s outrageous that the bank asked for this, and it’s outrageous that the court granted it,” says John Morris, general counsel at the Center for Democracy & Technology. “What right does the bank have and go suspend the email account of a completely innocent person?”

He adds: “At the end of the day, the bank obviously screwed up. But it should not be bringing a lawsuit against two completely innocent parties and disrupting one of the innocent party’s email contact to the world.”

Read the full story on MediaPost. One of the provisions in the order was that:

Google shall immediately disclose to Plaintiff and the Court the status of the Gmail Account, specifically, whether the Gmail Account is dormant or active, whether the Inadvertent Email was opened or otherwise manipulated, and in the event that the Gmail Account is not dormant, the identity and contact information for the Gmail account holder. [But first, let's screw this guy by cutting him off! Bob]

The temporary restraining order is available here, courtesy of the How Appealing blog.

But that’s not the end of the story. Google and Rocky Mountain Bank subsequently filed a joint motion stating that the case is now moot and asking the federal district court to vacate the temporary restraining order so that Google could reactivate the email account in question.

The joint motion does not unring the privacy bell on this case, however. Should the court have complied with the bank’s request to invade a Gmail user’s privacy because the bank screwed up?

This is worth a read.

Social Network Site Privacy: A Comparative Analysis of Six Sites

September 26, 2009 by Dissent Filed under Internet, Non-U.S.

Research by Jennifer Barrigar for the Office of the Privacy Commissioner of Canada compares Facebook, Hi5, LinkedIn, LiveJournal, MySpace, and Skyrock.

This report was prepared for the Office of the Privacy Commissioner by Jennifer Barrigar, a consultant and researcher with experience in both privacy law and developments in internet technology. It was originally commissioned in late 2008, and a final report was delivered to the Office in February 2009.

Social networks frequently make amendments or additions to their privacy policies and protections. As a result, some of the observations made in this report may appear outdated or even incorrect. This is certainly the case with Facebook, one social network that has undertaken successive rounds of privacy amendments in 2009.

This is not the case with many of the other social networking sites identified by Ms. Barrigar. They are among the most popular sites with Canadians, but are largely developed and headquartered outside Canada. As a result, they offer significantly different levels of privacy protection for their users. This report identifies areas where these sites need to improve their policies and take steps to effectively protect the personal information of their users.

Colin McKay
Director of Research, Education and Outreach

PDF version of report HTML version of report

Don't ya just love these...

Photojournalist sues government over raid

September 25, 2009 by Dissent Filed under Court, Surveillance, U.S.

Laura Sennett is a photojournalist who covers political demonstrations and protests and often publishes her photographs under the alias of “Isis.”

On April 12,2008, Sennett was photographing protests in Washington, D.C. related to the spring meeting of the International Monetary Fund (IMF). The protests became violent, and Sennett claims that like others, she ran away after smoke-generating devices went off.

What happened next is the subject of a lawsuit Sennett has filed against the U.S. Department of Justice, Attorney General Eric Holder, the FBI Joint Terrorism Task Force, Prince William County Police Department, Arlington County Police Department, and two individual detectives who allegedly acted at the direction of these federal entities and under color of federal authority.

Sennett claims that although she was not a target of any criminal investigation and there was never anything connecting her to causing or participating in any violence at the demonstration, the defendants subsequently ordered or conducted a general search of her home and seized and kept Sennett’s work-related equipment, including computer hardware and data, digital cameras and memory cards, a still camera, digital storage devices, and a digital voice recorder. They also allegedly seized and retained work product and documentary materials directly related to Sennett’s profession as a photojournalist, including photographs, other work products, and personal belongings.

Sennett claims that their actions violated the Privacy Protection Act of 1980, and the First and Fourth Amendments to the United States Constitution.

According to the complaint, the authorities did have a search warrant, but the warrant was issued on the basis of false and misleading information purposefully provided by the defendants. Specifically, the affidavit in support of the warrant signed by one of the detectives allegedly failed to state that Sennett was a photojournalist, even though Sennett cites other statements by the defendants that demonstrate that they knew she was a photojournalist engaged in photojournalism at the time they applied for the warrant.

Sennett was never charged criminally nor arrested in connection with either the protest nor any materials obtained via the search or seizure.

The entire complaint can be found here.

Hat-tip, Courthouse News.

Up To 9 Percent Of Machines In An Enterprise Are Bot-Infected

Most are members of tiny, unknown botnets built for targeting victim organizations

Sep 24, 2009 | 03:59 PM By Kelly Jackson Higgins DarkReading

Bot infections are on the rise in the enterprise, and most come from botnets you've never heard of nor ever will.

In a three-month study of more than 600 different botnets found having infiltrated enterprise networks, researchers from Damballa discovered nearly 60 percent are botnets that contain only a handful to a few hundred bots built to target a particular organization.

… The bad guys are also finding that deploying a small botnet inside a targeted organization is a more efficient way of stealing information than deploying a traditional exploit on a specific machine. And Ollmann says many of the smaller botnets appear to have more knowledge of the targeted organization as well. "They are very strongly associated with a lot of insider knowledge...and we see a lot of hands-on command and control with these small botnets," he says.

Another “term of art” for my Computer Security students. Sounds like they detect malware and precipitate a denial of service attack at the same time.

Ants Vs. Worms — Computer Security Mimics Nature

Posted by Soulskill on Saturday September 26, @05:14AM from the incompatible-with-raid dept

An anonymous reader writes with this excerpt from Help Net Security:

"In the never-ending battle to protect computer networks from intruders, security experts are deploying a new defense modeled after one of nature's hardiest creatures — the ant. Unlike traditional security devices, which are static, these 'digital ants' wander through computer networks looking for threats ... When a digital ant detects a threat, it doesn't take long for an army of ants to converge at that location, drawing the attention of human operators who step in to investigate. 'Our idea is to deploy 3,000 different types of digital ants, each looking for evidence of a threat,' [says Wake Forest Professor of Computer Science Errin Fulp.] 'As they move about the network, they leave digital trails modeled after the scent trails ants in nature use to guide other ants. Each time a digital ant identifies some evidence, it is programmed to leave behind a stronger scent. Stronger scent trails attract more ants, producing the swarm that marks a potential computer infection.'"

Scraping the bottom of the barrel? (Probably won't make it into those “I'm a Mac. I'm a PC” ads.

Hackers pay 43 cents per hijacked Mac

Russian cyber crime gangs after Apple's Macs, too, says researcher

By Gregg Keizer September 25, 2009 01:58 PM ET

… Mac OS X's security has been roundly criticized by vulnerability researchers, but even the most critical have acknowledged that the Mac's low market share -- it accounted for just 5% of all operating systems running machines that connected to the Internet last month -- is probably enough protection from cyber criminals for the moment.

Samosseiko's paper on Partnerka can be downloaded from Sophos' site (download PDF).

(Related) In fact, from the same paper as the previous article. e-Crime pays!

Viagra spam brings bulging returns of more than $4,000/day

A peek into the world of spam affiliate networks has revealed that there is indeed a lot of money to be made by pushing all those Viagra and Cialis e-mails. Even if only a few people make purchases, it's enough to make spamming worthwhile and guarantee that the rest of our inboxes will remain crowded.

By Jacqui Cheng Last updated September 25, 2009 1:06 PM CT


STUDY: Time Spent on Social Networks Has Tripled

September 25th, 2009 | by Christina Warren

Social networking usage by Americans continues to soar. According to a new report from The Nielsen Company, Americans spent 17% of all their Internet time using social networking sites. This was nearly triple the time spent a year ago.

Sharp lawyering? No one will invoke: “to have compulsory process for obtaining witnesses in his favor” will they?

CA City Mulls Evading the Law On Red-Light Cameras

Posted by kdawson on Friday September 25, @11:32AM from the wrong-on-so-many-levels dept.

TechDirt is running a piece on Corona, CA, where officials are considering ignoring a California law that authorizes red-light cameras — cutting the state and the county out of their portion of the take — in order to increase the city's revenue. The story was first reported a week ago. The majority of tickets are being (automatically) issued for "California stops" before a right turn on red, which studies have shown rarely contribute to an accident. TechDirt notes the apparent unconstitutionality of what Corona proposes to do:

"The problem here is that Corona is shredding the Sixth Amendment of the US Constitution, the right to a trial by jury. By reclassifying a moving violation... to an administrative violation... Corona is doing something really nefarious. In order to appeal an administrative citation you have to admit guilt, pay the full fine, and then apply for a hearing in front of an administrative official, not a judge in a court. The city could simply deny all hearings for administrative violations or schedule them far out in advance knowing full well that they have your money, which you had to pay before you could appeal."

[From the article:

Since May, the red light cameras in the city of Corona, California have issued a total of 6511 citations worth $2,903,906. [I make that $446 per ticket! And these guys want more? Bob]

… Currently Corona only collects $133.80 out of each $446 ticket.

Lawyers as lobbyists.

Legal Group Says Unlimited Broadband Promotes Piracy

Posted by Soulskill on Saturday September 26, @02:15AM from the not-to-mention-unrestrained-tweeting dept.

bennyboy64 writes

"Unlimited broadband plans are all too familiar in many countries; in Australia they're scarce. One ISP offering such a plan between the hours of 8pm and 8am, AAPT, is being looked at as a matter of high interest by a legal group representing the interests of the global film industry, AFACT (the Australian Federation Against Copyright Theft). It said AAPT was encouraging users to download copyrighted material. AAPT's advertising states: 'If you want unlimited music, unlimited games and unlimited movies — get unlimited off-peak broadband downloads from AAPT.' AFACT executive director Adrianne Pecotic said: 'In the context of the AAPT promotion, we have a concern that it could be misconstrued to promote illegal downloads [Apparently, it has – but only by lawyers. Bob] and that's something that we'd like clarified.' AFACT is currently involved in what will be a landmark court case with Australian ISP iiNet. It recently claimed in court proceedings that there was a link between iiNet upgrading the service plans of heavy-internet users and the proliferation of film piracy."

Expect straight A's. How could I not? My computer writes my papers. (Note: This only works in English. It will take years to translate it to “Amurikin”)

Computers To Mark English Essays

Posted by Soulskill on Saturday September 26, @12:19AM from the i-fear-the-day-scantron-wakes-up dept.

digitig writes

"According to The Guardian, computers are to be used in the UK to mark English examination essays. 'Pearson, the American-based parent company of Edexcel, is to use computers to "read" and assess essays for international English tests in a move that has fueled speculation that GCSEs and A-levels will be next. ... Pearson claims this will be more accurate than human marking. 'Can computers now understand all the subtle nuances of language, or are people going to have to learn an especially bland form of English to pass exams?"

For my Forensics students

Sept. 25, 2009

Digital Fingerprints Led Feds to Zazi

Investigators Followed a Digital Path to Track Down the Incriminating Evidence on Suspected Terrorist

… As you read the indictment and order for permanent detention you can almost picture the various connected databases and monitoring techniques at work. Simply put, Internet surveillance and information technology sleuthing played a big role in the Zazi case. FBI agents arrested Zazi in Colorado.

Jeffrey Knox, an assistant U.S. attorney, tells the tale in the permanent detention document.

For my statistics students. NOW do you see why I used that test question? (and yes, it is the auditor in me!)

Math Indicates Pollster Is Forging Results

Posted by Soulskill on Friday September 25, @08:25PM from the lies-damned-lies-and-statistics dept.

An anonymous reader writes

"Nate Silver suggests the political pollster Strategic Vision is 'cooking the books. And whoever is doing so is doing a pretty sloppy job.' Silver crunched five years worth of their polling data, and found their reported results followed a suspicious pattern which traditionally suggests fraud. The five-year distribution of the numbers 'is not random. It's not close to random.' The polling firm had already been reprimanded by the American Association for Public Opinion Research for failing to disclose their methodology, though the firm argues they did comply with the organization's request. Their response to Silver's accusation? ' We have a call in to our attorney on this and fully intend to take action that will vindicate us.'"

[From the article:

Blogger Nate Silver crunched over four years of data from the firm's polls -- and says he's discovered the pollster's most-commonly reported numbers end in either a seven or an eight. "Over a sample of more than 5,000 data points, such an outcome occurring by chance alone would be an incredible fluke," Silver argues, "millions to one against."

It's not all free, but any site with 152 listings for “covert surveillance” has to be worth a look. - Find & Download Software Online

Are you looking for free Web 2.0 software downloads and don’t know exactly where to head to in order to achieve that aim? If that is so, then this site will most likely point you in the right direction. In principle, it acts as a directory of such software, split into a wealth of categories including “Business”, “Home & Hobby”, “Education” and so forth.

Most interesting. I'd like to see this applied to our online class “Forums” to organize the comments. Be sure to watch the video!

Washington Post Develops Visual, Web-like Commenting System

Posted by Patrick Thornton at 6:15 AM on Sep. 1, 2009 has developed a new commenting interface dubbed "WebCom" that arranges comments in a web based on which ones are most-liked by readers and spur the most discussion.

I need to work with this, but if it will allow me to store cites in APA Style, I'm hooked!

iCyte: Capture Web Pages And Highlight Text In A Flash

Sep. 25th, 2009 By Dean Sherwin

iCyte is a browser add-on that allows you to capture web pages, highlight text and save it to your account.

Go to the web page you would like to save. If there is text on the page of particular relevant to you then highlight it using the mouse as you would if your were going to Copy & Paste. While the text is highlighted, click the iCyte button along the top of the browser in the iCyte toolbar. A window will open.

He invented global warming, no reason he shouldn't make a buck on it... (...and no doubt the Fins can develop a car easier and better than Detroit.) Anyone want to “develop” a golf cart for commuting?

$529M Gov't Loan To Develop $89,000 Hybrid Sports Car

Posted by Soulskill on Saturday September 26, @10:16AM from the please-tell-me-it-has-lasers dept.

theodp writes

"The WSJ reports that a tiny car company backed by former VP Al Gore has just gotten a $529M US government loan to help build an $89,000 hybrid sports car in Finland. The award this week to California startup Fisker Automotive follows an earlier $465M government loan to Tesla Motors, purveyors of a $109,000 British-built electric Roadster. Fisker's other investors (PDF) include the Al Gharaffa Investment Co., a Cayman Islands corporation."

Friday, September 25, 2009

Another case of hackers getting through “all required security measures.” Another question: Why is the identifying data online? Is there a scientific connection between your Social Security number and breast cancer? (HIPAA violation as well?)

Hacker hits UNC-Chapel Hill study data

September 25, 2009 by admin Filed under Breach Incidents, Breach Types, Education Sector, Hack, Of Note, U.S.

From McClatchy Newspapers:

A hacker has infiltrated a computer server housing the personal data of 236,000 women enrolled in a UNC-Chapel Hill research study.

Among the information exposed: the Social Security numbers of 163,000 study participants.

Though the intrusion was detected in late July, computer forensics experts say it may have happened two years ago, said Matthew Mauro, chairman of the UNC-CH Department of Radiology.

And though UNC-CH officials and a private computer forensic expert have spent two months investigating, they still don’t know who did the hacking, where the attack originated, or even whether data was downloaded.

”There’s no direct evidence that any information has been removed,” Mauro said. “But we can’t say for sure.”

The compromised server had all required security measures, Mauro said. It was one of two servers housing data on more than 662,000 women. The data are part of the Carolina Mammography Registry, a 14-year-old project that compiles and analyzes mammography results submitted by radiologists across the state.

Read more in News-Record.comr.

Mostly extreme back-patting, but I'll have to read it more carefully to see what they aren't saying.

DHS issues annual privacy report to Congress

September 24, 2009 by Dissent Filed under Featured Headlines, Govt, Other, U.S.

The Department of Homeland Security Privacy Office has released its privacy report [pdf] for the period July 2008 – June 2009.

Another perspective.

Cyveillance: More than half of the active threats online go undetected

by Steve Ragan - Sep 24 2009, 17:00

Cyber intelligence-based security vendor Cyveillance recently released the results of an internal study that says, even with the latest anti-Virus protection, users have a 1-in-2 chance of being infected by Malware. In short, the report says traditional Malware protections are failing you.

… If you want to read the report, you can view it online here.

Help Google spend its money.

Google announces Project 10^100 themes

by Tom Krazit September 24, 2009 1:17 PM PDT

Google has finally whittled down the more than 150,000 ideas submitted as part of its Project 10^100 to 16 themes that will compete for $10 million in funding.

It's taken far longer than Google had originally anticipated, but the results of the company's 10th anniversary project to solicit ideas that could change the world are ready for inspection. Google is asking the public to vote on the most worthy of the 16 "idea themes" that it has identified from the submissions it has received over the past year.

For my Forensic students? In any case, my local library has it on order, so now I'm HOLD number 1 of 1. Simple.

Microsoft Office plays detective in new novel

by Ina Fried September 25, 2009 4:00 AM PDT

Like many who spend their days trapped inside a cubicle, Microsoft Office probably dreams of living a more exciting life. Perhaps, when it was just a beta, it thought maybe it would grow up to be a policeman.

Well, in "Crush," a new crime novel, the mundane piece of software gets its chance. Office, or at least one key Office document, ends up playing a central role in the pursuit of a serial killer.

Without giving away too much of the plot, it's fair to say that a certain PowerPoint file becomes a key piece of evidence, with a worker at Microsoft finding central clues within the document's metadata.

… Gadgetry infuses the pages of Crush. While Office has the starring role, a number of products make cameos, including Windows Live, Surface, Outlook and even RoundTable, which Microsoft handed off last year to Polycom. In fact, there were so many Microsoft products, I thought perhaps it was some sort of paid placement.

I've had some interesting results playing with this. Give it a try yourself. - Search Everywhere By Searching Just Once

Bigola is a new portal that will enable you to combine the results from Twitter, Youtube, Digg, Friendfeed and Technorati when executing a single search. That is, you supply the query that represents your interests and then proceed to filter the results by clicking on the corresponding logo from the ones grouped on the right-hand side of the screen , underneath the “Filter by site” banner.

In this way, you can jump from results within one site to the other and have a very good overview of the way things are shaping up socially. If you have just launched a product, for example, you will be able to realize the impact it is having so far and take any corrective measures that might be necessary while there is still time.

Social media is not huge – it is actually immense, and it escalates by the second. to discover who is talking about what, and find exactly the kind of talk that is taking place have a definitive niche

For my website students

101 Five-Minute Fixes to Incrementally Improve Your Web Site

These quick tweaks will help you keep visitors engaged.

By Inside CRM Editors

Global Warming! Global Warming!

Photo: The Sun Gets Its Spots (Back)

By Alexis Madrigal September 24, 2009 6:27 pm

Two sunspots are visible on our star’s face for the first time in more than a year, possibly ending an unexpected lull in solar activity.

[Why does Al Gore care, you ask?

Here’s the mystery when it comes to sunspots:

The small increase in energy emitted by the sun during solar maximums (the peak of sunspot activity) doesn’t seem to match the higher temperatures observed on earth. During sunspot years, the sun’s total energy output rises by just one-tenth of one percent. During those years, average sea surface temperatures increase by about 0.1 degrees C. But scientists calculate that, to get those higher temperatures, the amount of solar energy reaching earth would have to increase by about 0.5 Watts per square meter. And that’s where observed reality refuses to align with scientists’ number-crunching. During the peak of the sunspot cycle, the energy reaching Earth only increases by about 0.2 Watts per square meter – less than half what scientists think is necessary.

In short, Earth seems to warm up too much during solar maximums. Where is that extra energy coming from? [My guess? Congressional hot air! Bob]

Thursday, September 24, 2009

Definitely something to watch. If I read this correctly, I can annotate your website. Will you like what I say? Can you do anything about it?

Google Sidewiki

Google Sidewiki is a browser sidebar that lets you contribute and read information alongside any web page.

Perhaps not the best strategy.

Acorn sues filmmakers, cites privacy law

September 24, 2009 by Dissent Filed under Breaches, Court

Ben Nuckols of Associated Press reports:

Acorn and two former employees of its Baltimore office filed a multimillion-dollar lawsuit Wednesday against the makers of a hidden-camera video that showed the employees giving tax advice to a man posing as a pimp and a woman posing as a prostitute.


The lawsuit names James O’Keefe III and Hannah Giles, who played the pimp and prostitute in the video, as defendants. It also names conservative columnist and blogger Andrew Breitbart of Los Angeles, who posted it on his Web site,

Read the full story on Delaware Online. The lawsuit alleges that the defendants violated Maryland Wiretap Law.

Related: Complaint (pdf)

Factual but ultimately futile? “We're your bank, our money is safe with us!”

Construction firm sues after $588,000 online theft

September 24, 2009 by admin Filed under Breach Incidents, Business Sector

Jeremy Kirk reports:

A construction company in Maine is suing its bank after about $588,000 disappeared from its accounts, alleging the bank failed to spot suspicious account activity before it was too late.

Over a week-long period in May, fraudsters made six transfers from the online bank accounts of Patco Construction Company, a family-owned developer in Sanford, Maine, according a copy of the lawsuit on the Washington Post’s Web site.


Patco argues that Ocean Bank did not offer two-factor authentication, which often involves the use of a token that displays a one-time password or a verification telephone call.

Patco also said the transfers were initiated from IP (Internet Protocol) addresses that had never been used by Patco, the transfers far exceeded what the company normally performed and were on days other than Friday, when the company paid its employees by direct deposit.

None of these transactions triggered any suspicious activity alerts on the part of Ocean Bank,” the lawsuit alleges.

Read more in The Standard.

Can politicians be that ignorant? How does this protect anything?

Ohio Officials, Insurers Look to Protect Policyholder Data

September 23, 2009 by admin Filed under Legislation, State/Local

Starting Nov. 2, 2009, Ohio regulators and all insurance companies that do business in the state will begin new procedures designed to protect policyholders’ personal information.

Insurance companies will be required to report any loss of policyholder information within their possession to the Department of Insurance within 15 days of the discovery that the information has been lost or stolen, according to Insurance Director Mary Jo Hudson.

Read more on Insurance Journal.

[Here is the actual “Bulletin”:

Well, here's a shocker.

Sneak-and-peek’ searches being used for regular crimes

September 23, 2009 by Dissent Filed under Featured Headlines, Govt, Surveillance, U.S.

Raw Story reports:

The Justice Department made 763 requests for “sneak-and-peek” warrants in 2008, but only three of those had to with terrorism investigations, Sen. Russ Feingold told a Senate Judiciary Committee hearing on Wednesday.

“Sneak-and-peek” warrants allow law enforcement officials to break into homes and businesses and search the premises without the investigated party knowing. The authority for them was passed as part of the USA Patriot Act in late 2001, ostensibly as a counter-terrorism measure.

Read the full article on Raw Story.

Video of some of Assistant Attorney General Dave Kris’s testimony and interaction with Senator Feingold:

...and we thought texting while driving was dangerous!

12mail: Short video messaging arrives on iPhone

by Harrison Hoffman September 23, 2009 7:28 AM PDT, a micro video messaging service dubbed by some as "Twitter for video," is bringing the same short format to private video messaging in its second iPhone app, 12mail.

The basic gist of the app, released this week, is that you can record a video, up to 12 seconds, and send it off to one of your friends. Your friend then gets a push notification and can watch it.

For my Business Continuity students. Can you say “Clogged filters?”

Aussie Data Centres Brace For Dust Storm Barrage

Posted by samzenpus on Thursday September 24, @12:48AM from the sand-gets-in-your-tubes dept.

An anonymous reader writes

"Data centers and telcos in the Australian cities of Sydney and Brisbane have shut off external ventilation systems, restricted loading dock access and attended false alarms after a major dust storm choked the cities today. The storm is said to be the worst of its type ever recorded in Australia. Macquarie Telecom disengaged automatic deployment of fire-prevention gas from the fire alarm to prevent gas being released on a false alarm. Other major data center operators reported clogged air filters and heat exchangers and said they would be performing cleaning and maintenance operations this week."

Seven e-book sites.

Find a great e-book to read online with these sites

by Don Reisinger September 23, 2009 1:24 PM PDT

Tools & Techniques: Forensics

How to Recover Data From a Corrupt Memory Card or USB Drive

Sep. 24th, 2009 By Karl L. Gechlik

Wednesday, September 23, 2009

What happened to “an abundance of caution?”

Rocky Mountain Bank reveals “oops” in court papers

September 22, 2009 by admin Filed under Breach Incidents, Breach Types, Exposure, Financial Sector, Of Note

As noted on yesterday, Thomas Claburn of Information Week reports that when Rocky Mountain Bank tried to get a court to seal its lawsuit against Google to compel disclosure of information on the recipient of an errant Gmail containing sensitive customer information, the court declined.

It looks like the Streisand Effect has struck again, as now the media are not only reporting details of the breach that were included in the judge’s ruling denying the seal, but Rocky Mountain Bank may get a worse reputation for trying to perhaps justify not disclosing their error to the 1,325 customers whose details were mis-sent to the wrong Gmail address.

So in the absence of an actual breach disclosure notification by the bank, this site views the court order as a breach disclosure. A copy of the judge’s order (pdf, courtesy of Threat Level) indicates that the court did not agree that determining whether the email had been opened was necessary in order to inform customers of the breach:

Plaintiff argues that if its complaint and motion papers are not filed under seal, all of its customers may learn of the inadvertent disclosure. Plaintiff further argues that publication of the disclosure before it determines whether the Gmail account is active or dormant will unnecessarily create panic among all of its customers and result in a surge of inquiry from its customers. In his declaration, Mark Hendrickson, states that “until there is a determination that the Confidential Customer Information was in fact disclosed and/or misused, the Bank cannot advise its customers on whether there was an improper disclosure.” (See Declaration of Mark Hendrickson in Support of Motion to File Under Seal, filed herein on September 18, 2009, ¶ 18.)

An attempt by a bank to shield information about an unauthorized disclosure of confidential customer information until it can determine whether or not that information has been further disclosed and/or misused does not constitute a compelling reason that overrides the public’s common law right of access to court filings. Plaintiff is already able to advise its customers that there has been an unauthorized disclosure of confidential customer information, and inform them of the steps it is taking to rectify the situation.4 And Plaintiff has not shown that disclosure of the information contained in its complaint and motion papers “could result in improper use of the material for scandalous or libelous purposes or infringement upon trade secrets,” or invasion of any personal privacy rights that might warrant protection under Federal Rules of Civil Procedure 26(c). Plaintiff has not disclosed any actual customer information in its pleadings or motion papers.5

4 The possibility that the email has not been opened, or that the information has not been misused, does not change the fact that there already was an unauthorized disclosure of the information to an unknown third party.

The usual question: What was the compelling reason for this data to be on a laptop computer or to be out of the office?

Laptop with some of Madoff victims’ data stolen

September 22, 2009 by admin Filed under Breach Incidents, Business Sector, Of Note, Theft, U.S.

It just seems to get worse and worse for Bernie Madoff’s victims.

Now AlixPartners, the court-appointed claims agent for the liquidation of Bemard L. Madoff Investment Securities LLC reports (pdf) that in late July, a laptop computer of theirs was stolen from an employee’s locked vehicle. The laptop contained historical information from 1995 and earlier which may include some of the personal information of up to 10 residents of New Hampshire and an unspecified total number of individuals. The personal information included the individuals’ names, addresses, Social Security numbers, and/or account numbers (which are now defunct).

Although the theft was reported to the Dallas police promptly, the police reportedly asked AlixPartners to delay notification until September 15 so as not to impede their investigation. The laptop was one of several stolen from parked vehicles that same day in that area.

The company has offered affected individuals two years’ worth of free credit monitoring.

Update: Newsday reports that 2.246 investors were affected by this incident.

There seems to be a lot of these types of lawsuits.

First Amendment lawsuit challenges Florida ‘Police Privacy Statute’

September 22, 2009 by Dissent Filed under Court, Featured Headlines, Govt, Internet, Legislation, U.S.

Robert Brayshaw says that the City of Tallahassee arrested and prosecuted him twice for publishing a police officer’s address online at Now Brayshaw is challenging the constitutionality of Florida Statute §843.17, which states:

Any person who shall maliciously, with intent to obstruct the due execution of the law or with the intent to intimidate, hinder, or interrupt any law enforcement officer in the legal performance of his or her duties, publish or disseminate the residence address or telephone number of any law enforcement officer while designating the officer as such, without authorization of the agency which employs the officer, shall be guilty of a misdemeanor of the first degree, punishable as provided in s. 775.082 or s. 775.083.

Brayshaw contends that the statute interferes with his First Amendment rights and that the information he published was not only truthful but was publicly available on the Web already. As alleged in the complaint:

One of Plaintiff’s postings, on March 31, 2008 (the only posting he made that day) stated:

Annette Pickett Garrett, 47 years old, 7 kids, Single, Divorced Anthony Edward “Tony” Drzewiecki, 38 yo, Home: 1929 xxxxxxxxx Drive, Tallahassee, Florida 32303-7123, Home Est. $167,500. Built in 1973, 1669 square feet. Cingular Cell-Phone: (xxx) xxx-xxxx, E-Mail Address:

This personal information regarding Officer Garrett was truthful and, at the time, publicly available. Plaintiff obtained this information through searches on the Internet. In fact, Officer Garrett’s name and address are still publicly available on the Leon County Clerk of Court’s website at: book=3644&page=02266&type=OR&subnet= (last visited September 18, 2009).

(Note: all of the officer’s details are provided in unredacted form in the complaint, but I have redacted some of them here — Dissent)

In some sense, this case is reminiscent of The Virginia Watchdog case. Although that case was in Virginia, the federal judge presiding over that case wrote:

The relevant case law is clear that, if the State wishes to claim that the confidentiality of a certain piece of information is a State interest of the highest order, then the State should not make that information publicly available.” [That's called logic. Bob]

Will the Florida courts agree with that line of reasoning?

Hat-tip, Courthouse News

Politicians! We plan to act more openly/ethically/fiscally responsibly, but that plan doesn't apply to how we are acting currently. (Talk like a Democrat, act like a Republican?)

Obama to Set Higher Bar For Keeping State Secrets

September 23, 2009 by Dissent Filed under Govt

Carrie Johnson reports:

The Obama administration will announce a new policy Wednesday making it much more difficult for the government to claim that it is protecting state secrets when it hides details of sensitive national security strategies such as rendition and warrantless eavesdropping, according to two senior Justice Department officials.

The new policy requires agencies, including the intelligence community and the military, to convince the attorney general and a team of Justice Department lawyers that the release of sensitive information would present significant harm to “national defense or foreign relations.” In the past, the claim that state secrets were at risk could be invoked with the approval of one official and by meeting a lower standard of proof that disclosure would be harmful.


The policy, however, is unlikely to change the administration’s approach in two high-profile cases, including one in San Francisco filed by an Islamic charity whose lawyers claim they were subjected to illegal government wiretapping. That dispute, involving the al-Haramain Islamic Foundation, provoked an outcry from the American Civil Liberties Union and other public policy groups this year after the Obama Justice Department followed the Bush strategy and asserted “state secrets” arguments to try to stop the case.

Read the full story in The Washington Post.

It's avoidance, not evasion. Change the law and Microsoft might re-locate! (Then what happens to your tax base?)

Microsoft Tax Dodge At Issue In Washington State

Posted by kdawson on Tuesday September 22, @09:03PM from the office-at-area-fifty-one dept.

newscloud writes

"With Washington State facing a billion-dollar biennial budget deficit, the spotlight again shifts to Microsoft's software licensing office in Reno, Nevada. 'Although the majority of its software development is performed in Washington State, Microsoft records its estimated $18 billion in licensing revenue per year through a corporate office in Reno, Nevada where there is no licensing tax. Just by enforcing the state's existing tax law from 2008 onwards, we could reduce Washington's revenue shortfall by more than 70 percent. Alternately, we could pursue the entire $707 million from Microsoft's thirteen years of tax dodging and cover most of the expected deficit going forward.' We have discussed Microsoft's creative capitalism in the past."

av u alw wtd 2 txt lk a teen? (Have you always wanted to text like a teenager?)


Translate text messages from Lingo to plain English, or from plain English to lingo

For my Forensics students

Universities Spar Over Disappearing Electronic Messages

September 22, 2009 by Dissent Filed under Internet

John Markoff reports:

In less than two months after a group of University of Washington computer researchers proposed a novel system for making electronic messages “disappear” after a certain period of time, a rival group of researchers based at the University of Texas at Austin, Princeton, and the University of Michigan, has claimed to have undermined the scheme.


The Vanish attackers have created a demonstration system they call “Unvanish” and they said they had undone the Vanish model for gradually eroding encryption keys by subverting the peer-to-peer file sharing system. Their insight was to use a single computer to masquerade as a large number of members of a file sharing network. That rogue machine would simply need to capture and store anything that looked like a Vanish key fragment. The researchers said that this was simple, as the Vanish fragments are identifiable because of their size. Later it would be possible to reconstruct a Vanish message by simply consulting the Unvanish archive.

Read more in The New York Times.

For my students who know everything... except that strange term on the test.


The only online dictionary and search engine you need for computer and Internet technology definitions.

Might be a good resource for my website students

September 22, 2009

Fotopedia - the first collaborative photo encyclopedia

"Fotopedia is breathing new life into photos by building a photo encyclopedia that lets photographers and photo enthusiasts collaborate and enrich images to be useful for the whole world wide web."

(Related) Generate various clock widgets for your website.


Someday I'll teach a course on the DaVinci Code

Search The Collections Of Famous Libraries & Museums Online

Sep. 22nd, 2009 By Mark O'Neill

Know something? Can you teach? Record it and get paid! - Video Classes On The WWW

VidSchool is an educational platform that has one simple aim: enabling teachers to provide tutoring sessions without having to incur into the expenses or the trouble of building their own websites. That is, VidSchool focuses on pre-recorded classes that are suitable for all levels – both children and grown-ups could benefit for them. And parents of these students under 18 are also able to track the way their children are progressing. In this way, they can know about the learning environment their little ones are immersed in, as well as checking attendance. That is achieved via the provided VidSchool parenting analytics package.

Tuesday, September 22, 2009

Interesting argument. Who else would be “required” to review their email? Teachers? Lawyers?

German court rules against spammers

September 22, 2009 by Dissent Filed under Court, Internet, Non-U.S.

A German doctor who had previously requested that a company stop sending him email advertisements took the company to court when they continued sending him unwanted email.

According to a story in The Local, the doctor had had brief correspondence with the company but then had requested that they stop sending him email. Explaining why he didn’t just ignore the unwelcome email, he claimed that his medical duties required him to look at every email he received, which made the advertisements a nuisance. The court agreed and ruled that prior email contact without permission to send ads is not grounds to assume spam is welcome. The offending company has now been legally forbidden from sending the doctor any more emails.

What a concept! The opposite would be much harder to define...

FCC Chairman wants network neutrality, wired and wireless

FCC Chairman Julius Genachowski waded directly into the network neutrality fight today, launching a new proceeding designed to turn the FCC's existing "principles" into "rules"—and to add two more. The rules would apply equally to wired and wireless connections.

By Nate Anderson | Last updated September 21, 2009 10:39 AM CT

… But when it's over, he wants the FCC to add two new principles to its existing "four freedoms" (PDF): nondiscrimination and transparency.

[Video & transcript here:

(Related) ...but that won't stop the Republicans from trying.

GOP Senators Move to Stop Obama Net Neutrality Rules

By Ryan Singel Email Author September 21, 2009 6:24 pm

So my students can get smart...

5 Great Sites with Free Video Lectures from Top Colleges

Sep. 21st, 2009 By Guy McDowell

You know you always wanted a Blog!

How To Build A Self-hosted Wordpress Blog For Free

Sep. 22nd, 2009 By Jeffry Thurana

Monday, September 21, 2009

This is a bit obscure, but if I read their website correctly they are trying to “tag” video in order to make search (and connections by geography and time) easier.

September 20, 2009

EU: intelligent information system supporting observation, searching and detection for security of citizens in urban environment

EU Project INDECT - "The main objectives of the INDECT project are: to develop a platform for: the registration and exchange of operational data, acquisition of multimedia content, intelligent processing of all information and automatic detection of threats and recognition of abnormal behaviour or violence, to develop the prototype of an integrated, network-centric system supporting the operational activities of police officers, providing techniques and tools for observation of various mobile objects, to develop a new type of search engine combining direct search of images and video based on watermarked contents, and the storage of metadata in the form of digital watermarks, to develop a set of techniques supporting surveillance of internet resources, analysis of the acquired information, and detection of criminal activities and threats."

Interesting, but not new. Very similar to the techniques we used to establish an order of battle based on communications links.

MIT Project "Gaydar" Shakes Privacy Assumpitons

Posted by kdawson on Sunday September 20, @02:57PM from the it's-who-you-know dept.

theodp writes

"At MIT, an experiment that identifies which students are gay is raising new questions about online privacy. Using data from Facebook, two students in an MIT class on ethics and law on the electronic frontier made a striking discovery: just by looking at a person's online friends, they could predict whether the person was gay. The project, given the name 'Gaydar' by the students, is part of the fast-moving field of social network analysis, which examines what the connections between people can tell us, from predicting who might be a terrorist to the likelihood a person is happy, fat, liberal, or conservative."

MIT professor Hal Abelson, who co-taught the course, is quoted: "That pulls the rug out from a whole policy and technology perspective that the point is to give you control over your information — because you don't have control over your information."

Help! Help! The lawyers are conspiring!

September 20, 2009

Survey: Substantial Growth in Online Social Networking by Lawyers Over the Past Year

2009 Networks for Counsel Study - A Global Study of the Legal Industry’s Adoption of Online Professional Networking, Preferences, Usage and Future Predictions - Sample Composition: "The survey was administered to 1,474 counsel – 764 private practice lawyers and 710 corporate counsel –in May and June of 2009; 33 countries were represented. Financial Services, Manufacturing and Healthcare were the top three industries represented."

  • Key Findings: "Networking remains critical to the legal industry, yet resource constraints make it more difficult than ever; Use of social networking sites has grown significantly over the past year, with three-quarters of all counsel now reporting they are members of a social or professional network.."

  • Related, via Bloomberg: Lawyer Fees Cut as Company Counsel Network for Tips - "Cash-strapped in-house attorneys are swapping such ideas and other information on Web sites like those owned by LinkedIn Corp., which connects professionals around the world. Corporate lawyers’ use of social networks -- some invitation-only -- grew about 50 percent in 2009, LexisNexis said after surveying 1,474 attorneys."

This is depressing. Grace Hopper said (back before the World Wide Web) that COBOL should be replaced. I don't think we even teach it any more...

COBOL Celebrates 50 Years

Posted by CmdrTaco on Monday September 21, @08:52AM from the cobol-is-for-old-people dept.

oranghutan writes

"The language used to power most of the world's ATMs, COBOL, is turning 50. It also runs about 75 per cent of the world's business applications, so COBOL should be celebrated for making it to half a century. In cricketing terms, that's a good knock. The author says: 'COBOL's fate was decided during a meeting of the Short Range Committee, the organization responsible for submitting the first version of the language in 1959. The meeting was convened after a meeting at the Pentagon first laid down the guidelines for the language. Half a century later, Micro Focus published research which showed people still use COBOL at least 10 times throughout the course of an average working day in Australia. Only 18 per cent of those surveyed, however, had ever actually heard of COBOL.'"

Has technology allowed us to better understand content? Interesting concepts – anyone can make art, not everyone can make a living with their art.

News Content As a Resource, Not a Final Product

Posted by Soulskill on Sunday September 20, @10:48AM from the also-the-book-is-a-hat dept.

Paul Graham has posted an essay questioning whether we ever really paid for "content," as publishers of news and music are saying while they struggle to stay afloat in the digital age. "If the content was what they were selling, why has the price of books or music or movies always depended mostly on the format? Why didn't better content cost more?" Techdirt's Mike Masnick takes it a step further, suggesting that the content itself should be treated as a resource — one component of many that go into a final product. Masnick also discussed the issue recently with NY Times' columnist David Carr, saying that micropayments won't be the silver bullet the publishers are hoping for because consumers are inundated with free alternatives. "It's putting up a tollbooth on a 50-lane highway where the other 49 lanes have no tollbooth, and there's no specific benefit for paying the toll." Reader newscloud points out that the fall 2009 issue of Harvard's Nieman Reports contains a variety of related essays by journalists, technologists, and researchers.

(Related) A resource for content?

September 20, 2009

Federal Register On HeinOnline is Updated Daily

HeinOnline blog: "HeinOnline has had Federal Register coverage back to 1936 for several years now, but restrictions in our production process limited how quickly we could get new Federal Register days online. Recently, those production restrictions were eliminated, and starting at the end of July HeinOnline began updating the Federal Register on a daily basis. This means that you are now able to access yesterday’s Federal Register today. This current content is completely browseable, full-text searchable, and image-based, just like all other content in HeinOnline."

Interesting. Think about the market for education. Postulate students who qualify for a Harvard-level education, but can't go there for any of a hundred reasons (cost being the big one) What is the best alternative?

Bringing Convenience and Open Source Methods To Higher Education

Posted by Soulskill on Sunday September 20, @09:20AM from the i'll-have-a-mcdegree-and-a-diet-coke dept.

Business Week has a piece discussing the effects internet-based technology and open sharing are having on the standards of higher education. The author says every product's success or failure depends on its fidelity — the overall quality of experience — and convenience. Since the internet has made the sharing of even expert-level knowledge convenient, he wonders how long it will be until some school or company raises the fidelity enough to have their degrees accepted alongside those of professional-grade colleges. Quoting:

"Once in a while, a market gets completely out of balance. Forces conspire to prevent either a high-fidelity or high-convenience player from emerging. All the offerings crowd around one end or the other. Eventually, someone nails a disruptive approach. Customers and competitors rush in and the marketplace wonders why that great idea didn't come sooner. The higher education market is a lot like that. For centuries the university model dominated because nothing else worked. No technology existed that might deliver an interactive, engaging educational experience without gathering students and teachers in the same physical space. ... These days broadband Internet, video games, social networks, and other developments could combine to create an online, inexpensive, super-convenient model for higher education. You wouldn't get the sights and sounds of a campus, personal contact with professors, or beer-soaked frat parties, but you'd end up with the knowledge you need and the degree to prove it."

Tools & Techniques

3 Simple Free Virtual Drive Tools to Mount Disks & ISO Images

Sep. 20th, 2009 By Saikat Basu

… The ISO file (.iso) is just an archive file format of an optical disk. It can be said to be an exact clone of a file system because it’s a byte for byte copy of a disk with all of its data and metadata.

… Using widely available tools called free virtual drive software or Disk Emulators, it’s easy to mount an ISO file (or a disk for that matter) and use it as one would with a disk loaded in the CD tray.

Tools & Techniques

PDF to Word

Using our PDF-to-Word conversion technology, you can quickly and easily create editable DOC/RTF files, making it a cinch to re-use PDF content in applications like Microsoft Word, Excel, OpenOffice, and WordPerfect.

Best of all, it's entirely free!

Tools & Techniques


Register & use it anywhere, anytime. No download. Compatible with Windows, Mac OS X, Linux. Capture videos of onscreen action in one click. Record screencasts, tutorials, demos, training, lectures and more. Share and stream videos online in Flash. Embed them on blogs and webpages or send them by email.