Saturday, October 24, 2009

For your Computer Security manager. (This is why we want to bring back flogging)

Scan of Internet Uncovers Thousands of Vulnerable Embedded Devices

By Kim Zetter October 23, 2009 4:25 pm

Researchers scanning the internet for vulnerable embedded devices have found nearly 21,000 routers, webcams and VoIP products open to remote attack. Their administrative interfaces are viewable from anywhere on the internet and their owners have failed to change the manufacturer’s default password. [Works with sites like this one: Bob]

Linksys routers had the highest percent of vulnerable devices found in the United States — 45 percent of 2,729 routers that were publicly accessible still had a default password in place. Polycom VoIP units came in second, with default passwords lingering on about 29 percent of 585 devices accessible over the internet.

Maybe we just do this for fun...

Spying on a stolen laptop

by Elinor Mills October 23, 2009 5:32 PM PDT

… Someone broke into the car of an employee working for an InertLogic customer and stole the laptop, which had work and personal information on it.

Months went by [too often the case Bob] before anyone realized that technology InertLogic uses to help manage equipment remotely was sitting on the laptop and could be flipped on to monitor it. The technology, from Kaseya, captures screenshots from remote machines and can be used to install keyloggers, as well as record audio and images from a Webcam.

Fleener relied only on the screenshots that were taken captured every 5 or 10 seconds to see what the user of the laptop was up to. Within a short time, he learned the name, address, and other sensitive information about the man using the laptop. (Fleener is careful not to accuse the individual of being the thief because there is no proof of that.) [Is that why the keylogger wasn't turned on? Bob]

The man visited Facebook, MySpace, and other social networks, according to Fleener. He used Google to search for auto parts and did queries on how to remove security tags from merchandise. He looked at porn and made pirate copies of DVDs, including "Harry Potter and the Half-Blood Prince." Every time the laptop went online, typically on weekend nights and never on Tuesday, Fleener and others got paged.

Benjamin Lavalley, a senior engineer at Kaseya, figured out that by looking at the nearby Wi-Fi access points and doing an online map search, they could try to find out the exact location of the laptop.

Interesting, but if Congress investigated every government entity that failed to do their job they'd have no time to do anything they like (like fund raising)

Privacy Coalition Seeks Investigation of DHS Chief Privacy Office

October 24, 2009 by Dissent Filed under Govt, Surveillance, U.S.


EPIC joined the Privacy Coalition letter sent to the House Committee on Homeland Security urging them to investigate the Department of Homeland Security’s (DHS) Chief Privacy Office. DHS is unrivaled in its authority to develop and deploy new systems of surveillance. The letter cited DHS use of Fusion Center, Whole Body Imaging, funding of CCTV Surveillance, and Suspicionless Electronic Border Searches as examples of where the agency is eroding privacy protections.

The Coalition’s letter argues, in part:

The primary statutory duty of the Chief Privacy Officer is to assure “that the use of technologies sustain, and do not erode, privacy protections.”5 The CPO has not done so, focusing instead almost exclusively on the fourth statutory duty, conducting a “privacy impact assessment”6 on each Department action. The structure of the annual report reveals the Office’s confusion of these two duties, to the detriment of the former. The report notes that the Office “is divided into two major functional units: Privacy Compliance; and Departmental Disclosure and FOIA.”7 The report claims that the Compliance Group “manages statutory and policy-based responsibilities by working with each component and program throughout the Department to ensure that privacy considerations are addressed when implementing a program, technology, or policy.”8 This description should encompass the fulfillment of the statutory responsibility to prevent erosion of privacy. Yet the section of the annual report entitled “Compliance” barely discusses ways in which the Office has done so; it focuses almost entirely on the conducting of assessments.9 In fact, the “Privacy Compliance Process” graphic describes the process as containing Review, Privacy Threshold Analysis (PTA), Privacy Impact Assessment (PIA), and if necessary, a System of Records Notice (SORN), followed by a repetition of the cycle after three years for programs still in force.10

Looks like the school is screwed, unless “dropping” the phone is the same as “using” the phone and at the same time creates “reasonable suspicion”

School had no right to read messages on student’s cell phone, family say

October 23, 2009 by Dissent Filed under Breaches, Court, U.S., Youth

Eric Been reports:

Owensboro High School violated the Constitution by confiscating a student’s cell phone after it slipped from his pocket during class, and expelling him because of the text messages that school officials read on it, the student’s family claims in Federal Court.

The student, identified only as G.C., says his teacher confiscated his phone “pursuant to school policy,” on Sept. 2. The teacher, the principal and two assistant principals then performed a “warrantless and illegal search” by reading the text messages on the phone, the family says.

The family says G.C. was expelled “as a result of the warrantless and illegal search.”

Read more on Courthouse News.

Related: Lawsuit: G.C. III v. Owensboro Public Schools (pdf)

According to the district’s policies:

Student Search & Seizure

Although students have the right to freedom from unreasonable search and seizure, school officials have the right, under the law, to search students or their property when there is a reasonable suspicion they have something that violates school rules or endangers others.

Searches may include the student, his/her locker, desk, automobile, cell phone or other personal belongings. The Police Detection Canine Team may conduct random and unannounced searches of general school areas, including school lockers and parking lots.

A school official having reasonable suspicion that the student is in possession of a weapon may use a hand-held metal detector.


Possession of Telecommunication Devices Prohibited

Under state law (KRS 158.165), a student in the Owensboro Public School District may not activate a telecommunications device on school property or while at a school-related activity or school sponsored activity during the regular school hours unless he/she is acting in the capacity of a volunteer fire fighter or emergency medical service worker.

“Telecommunication devices” refers to devices that emit an audible signal, vibrates, displays a message, or otherwise summons or delivers a communication to the processor, including, but not limited to, a paging device and a cellular telephone. This offense will be treated as “refusal to follow directives” under the Code of Acceptable Behavior and Discipline.

Reference KRS 158.165

Consequences for Violation of the Policy

1st Offense – The school administrator will confiscate the telecommunication device. A required parent conference must take place before the telecommunication device is returned.

2nd Offense – Same as 1st offense with the option of in-house suspension for 4 days. The student loses the privilege to carry a device for the remainder of the year.

3rd Offense — Same as 2nd offense with the option of in-house suspension for 7 days.

4th Offense or more – Forfeit telecommunication device and suspend to a hearing with the DPP.
Disciplinary options:

  • Long-term alternative placement

  • Beyond control charges filed

Cloudy with a chance of... and cloud-to-cloud integration

by Dave Rosenberg October 23, 2009 11:07 AM PDT

One of the less appealing aspects of using cloud services is integrating various applications--both those in the cloud and those in your enterprise in an easily manageable way. A practical use case is the ability to use one CRM (customer relationship management) system and a different file storage system, both in the cloud.

So, Friday when I saw that was directly integrating its cloud-based storage service with, I saw the confluence of two major trends, cloud storage and integration appear all in one fell swoop.

It sounds rather mundane, but it is the future of collaboration. Customers want to use best-of-breed solutions and be able to directly integrate with their applications of choice without being forced to use a third-party integrator.

(Related) The flip side?

Reporters' Roundtable: The Dangers of cloud computing

by Rafe Needleman October 23, 2009 5:06 PM PDT

This should make for some interesting discussion. My guess is that it will come down to a formula that guarantees a share of a pipe with diameter “X” to “Y” retail customers.

October 23, 2009

FCC Seeks Public Input on Draft Rules to Preserve the Free and Open Internet

News release: "In the next chapter of a longstanding effort to preserve the free and open Internet, the Federal Communications Commission is seeking public input on draft rules that would codify and supplement existing Internet openness principles. In addition to providing greater predictability for all stakeholders, the Notice is aimed at securing the many economic and social benefits that an open Internet has historically provided. It seeks to do so in a manner that will promote and protect the legitimate needs of consumers, broadband Internet access service providers, entrepreneurs, investors, and businesses of all sizes that make use of the Internet."


October 23, 2009

FCC Announces Release of Report on Barriers to Broadband Adoption by the Advanced Communications Law & Policy Institute

News release: "The Advanced Communications Law & Policy Institute (ACLP) at New York Law School has released a report identifying major barriers to broadband adoption among senior citizens and people with disabilities, and across the telemedicine, energy, education, and government sectors. This report was prepared in coordination with staff of the Omnibus Broadband Initiative (OBI) for use in the development of the FCC's National Broadband Plan."

Because no one expects the Spanish Inquisition (or an evil Bill Gates) Actually, what would a computer look for to identify a “fake” email from Bill?

Major Secure Email Products And Services Miss Spear-Phishing Attack

Experiment successfully slips fake LinkedIn invite from 'Bill Gates' into inboxes

Oct 22, 2009 | 01:17 PM By Kelly Jackson Higgins DarkReading

A spear-phishing experiment conducted during the past few days by a researcher has netted some disturbing results: Most major enterprise email products and services were unable to detect a fake LinkedIn invitation on behalf of "Bill Gates," which landed successfully in users' inboxes.

… "I tested [this on] six different enterprise networks using the latest email security technology from most of the major vendors, and not a single one picked up on the spoofed email," Perrymon says. He has written a white paper on the attack and plans to reveal the vendors in the test after he has contacted them and received their responses.

Perrymon says he tested 10 different combinations of email security appliances, services, and open-source and commercial products; four major client email products; and three major smartphone brands.

Perrymon's white paper.

It might be amusing to compare this with the proprietary code leaked earlier this week.

Open Source Voting Software Concept Released

Posted by Soulskill on Friday October 23, @10:01PM from the one-for-you-and-two-for-me dept.

filesiteguy writes

"Wired is reporting that the Open Source Digital Voting Foundation has announced the first release of Linux- and Ruby-based election management software. This software should compete in the same realm as Election Systems & Software, as well as Diebold/Premiere for use by County registrars. Mitch Kapor — founder of Lotus 1-2-3 — and Dean Logan, Registrar for Los Angeles County, and Debra Bowen, California Secretary of State, all took part in a formal announcement ceremony. The OSDV is working with multiple jurisdictions, activists, developers and other organizations to bring together 'the best and brightest in technology and policy' to create 'guidelines and specifications for high assurance digital voting services.' The announcement was made as part of the OSDV Trust the Vote project, where open source tools are to be used to create a certifiable and sustainable open source voting system."

Who says you can't make money blogging?

Personalized money

Create your own personalized money bill at the click of a mouse button

Tools & Techniques. Just because these are handy to have.

25+ Useful Linux and Unix Cheat Sheets

Posted on 23. Oct, 2009 by Mohamed Rias

For my Disaster Recovery class: Dilbert translates what I'm finding in class to the business world.

Always a surprise...

3 Free Microsoft Software Offerings You Might Not Know

Oct. 23rd, 2009 By Guy McDowell

[The one I find worth playing with is Microsoft Producer for PowerPoint Bob]

Microsoft Producer for PowerPoint

It works much like any basic movie editing software would, like Microsoft MovieMaker. So you can have music spanning several slides, and have a richer visual experience. This product is also ideal for creating stand-alone presentations that don’t require you to be there talking.

Friday, October 23, 2009

Looks like someone is selling a “Small Crime Kit”

McDonald’s Canada targeted by debit fraud

October 23, 2009 by admin Filed under Breach Incidents, Business Sector, ID Theft, Non-U.S., Skimmers

McDonald’s Canada is co-operating with Winnipeg police as they investigate allegations of debit card fraud targeting at least one of the fast-food chain’s local outlets and ranging as far as Quebec.

The news Thursday came one day after Winnipeg police said hundreds of people were victimized after debit card machines and PIN pads had been compromised by thieves at a few local restaurants.

Police would not comment on specific names or locations of the restaurants but said their investigation so far has revealed fewer than five establishments are involved.

Read more on CBC News.

Worth a read?

Group looks at ID theft definitions, research

October 22, 2009 by admin Filed under Commentaries and Analyses

A new workshop report from the Identity Theft Prevention and Identity Management Standards Panel (IDSP) addresses various facets of how research companies measure identity theft. The report finds that disparities exist in the way that terms are defined in statute versus in practice—terms such as identity theft, identity fraud and data breach.


Rick Kam, president of ID Experts, led a team that cataloged 166 research studies on identity theft and data breach trends, identity theft protection services, and information security solutions. “Our group observed some contradictory results in research findings attributable to differences in terminology, research methodology, and even potential bias in research sponsorship,” said Kam. “We also noted a number of gaps in existing research such as the effects of identity theft versus identity fraud, breach correlation to identity theft, and the effectiveness of identity theft protection services and information security solutions.”

Read more on DigitalIDNews.

Related: IDSP Workshop Report: Measuring Identity Theft (download with free ANSI registration)

What happens on the net, stays on the net. (Perhaps it didn't come with an instruction manual?)

Dutch Gov't Has No Idea How To Delete Tapped Calls

Posted by timothy on Friday October 23, @04:41AM from the these-days-neither-do-the-swiss dept.

McDutchie writes

"The law in the Netherlands says that intercepted phone calls between attorneys and their clients must be destroyed. But the Dutch government has been keeping under wraps for years that no one has the foggiest clue how to delete them (Google translation). Now, an email (PDF) from the National Police Services Agency (KLPD) has surfaced, revealing that the working of the technology in question is a NetApp trade secret. The Dutch police are now trying to get their Israeli supplier Verint to tell them how to delete tapped calls and comply with the law. Meanwhile, attorneys in the Netherlands remain afraid to use their phones."

(Related) We don't know how voting machines work either.

California Investigating Problems With Voting-Machine Audit Logs

By Kim Zetter October 22, 2009 11:06 am

LOS ANGELES — California is conducting a months-long investigation into audit logs inside the state’s electronic voting systems after reports of serious flaws with the logs — including the ability for an election official or someone else to delete votes without leaving an electronic trail.

800 down, a googolplex left to shut down. Not clear from the articles how the victim notification will work.

Nigerian "Scam Police" Shut Down 800 Web Sites

Posted by timothy on Thursday October 22, @10:22PM from the had-to-pay-shipping-on-them-first dept.

Sooner Boomer writes

"Nigerian police in what is named Operation 'Eagle Claw' have shut down 800 scam web sites, and arrested members of 18 syndicates behind the fraudulent scam sites. Reports on and Pointblank give details on the busts. The investigation was done in cooperation with Microsoft, to help develop smart technology software capable of detecting fraudulent emails. From Breitbart 'When operating at full capacity, within the next six months, the scheme, dubbed "Eagle Claw," should be able to forewarn around a quarter of million potential victims.'"

For my Business Continuity class.

Congressional commission focuses on China's cyberwar capability

by Mark Rutherford October 22, 2009 5:03 PM PDT

In war and possibly in peace, China will wage cyberwar to control the information flow and dominate the battle space, according to a new report compiled for a congressional commission.

Chinese military strategists see information dominance as the key to overall success in future conflicts and will continue to expand the country's computer network exploitation capabilities, according to the report, titled "Capability of the People's Republic of China to Conduct Cyber Warfare and Computer Network Exploitation."

… In a conflict, China will likely target the U.S. government and private industry with long-term, sophisticated computer network exploitation and intelligence collection campaigns, the report concludes. U.S. security agencies can expect to face disciplined, standardized operations; sophisticated techniques; high-end software; and a deep knowledge of the U.S. networks, according to the report (PDF).

In for a penny, in for a £ (Also installs Windows7)

Psystar releases Mac clone software

by Jim Dalrymple October 22, 2009 2:01 PM PDT

Psystar, the clone company Apple is suing for selling generic hardware with the Mac OS pre-installed, is expanding its business to include selling software that will allow anyone to install Apple's operating system.

Psystar said on Thursday that its Rebel EFI suite is available for download from its Web site. The software will allow anyone to install any modern operating system on their computer, including Apple's Mac OS X Snow Leopard.

… A demo version of the software is available for download so users can "test-drive" it before they buy. Psystar says the demo would allow users to install Mac OS X, but with "limited hardware functionality as compared with the full version."

Always looking. I signed up as a beta tester.

iCurrent: A news aggregator that works

by Rafe Needleman October 22, 2009 2:54 PM PDT

iCurrent rewards the engaged reader, but it doesn't require much work at all to make it a compelling experience. As I said at the top of this story, there's nothing really amazing here, just a good understanding of how today's users consume news, and enough technology to put that news in front of them.

… The product is in private beta now and should be available shortly. You can sign up to be alerted when it goes public. I recommend that.

Rao says iCurrent will make money from advertising. It might. It's more likely it'll make money when Yahoo or Microsoft buys it.

Tools & Techniques for the Swiss Army folder provides detailed information about most file extension and links to free programs that can open and create each type of file.

I've mentioned Lulu before. Since I've posted at least 10,000 articles, I may publish “The Collected Wisdom of Centennial-Man”

How To Publish Your Own Book (In Print) Cheaply

Oct. 22nd, 2009 By Jack Cola

… The only downside with eBooks is that it is only available online in an electronic format. What happens if you want to publish it and have it in print? You are up for a lot of fees, printing, and publication costs. You need to get legal advice, find a publisher to publish your book and the list goes on.

Thankfully there is a solution where you can publish your own book, or sell it in a bookshop. The best thing is, you don’t even have to spend a cent. And here’s how. allows you to sell your book in bookshops, online and allow buyers to purchase printed copies in a simple 5-step process. If you have created eBooks before, this is a service that you must use. You easily and cheaply get your book published in a printed format with its own ISBN number.

I think my website students will like this one. Collects the images from listed sites.


follow sites visually

Thursday, October 22, 2009

Not huge, but it allows me to continue my rant against “security” systems that don't detect breaches for months... (Also I wonder why customer data is stored with their website)

The Vernon Company database accessed; customers notified

October 21, 2009 by admin Filed under Breach Incidents, Breach Types, Business Sector, Hack, U.S.

Iowa-based The Vernon Company recently discovered that its system had been accessed via its web site. The breach was discovered on October 6, and the company shut down the web site until it could patch the vulnerabilities were patched. Further investigation suggested that the breach originated in Singapore, and may have occurred as early as July 2009. The company notified the FBI of the incident and notified (pdf) the New Hampshire Attorney General’s Office on October 12 that 19 New Hampshire residents were affected by the incident.

The breach may have resulted in access to customers’ names, addresses, credit or debit card numbers, and card expiration dates. The company says it has no evidence that the data have been acquired or misused, and did not offer affected customers any free credit monitoring services.

Harassment on the face? Or is it a crime to get a “B” in a Journalism class?

Northwestern journalism students fight subpoenas

October 21, 2009 by Dissent Filed under Court, Featured Headlines, U.S., Youth

The Student Press Law Center reports:

Journalism students working on the Medill Innocence Project at Northwestern University’s Medill School of Journalism are fighting subpoenas requesting their grades, off-the-record interviews, electronic communications, notes, course syllabi, grading criteria for the course and receipts for expenses that students incurred for their investigation of the case of Anthony McKinney, who was convicted and jailed in 1978 for allegedly shooting a security guard in Harvey, Ill.

Illinois assistant state’s attorneys sent Medill professor David Protess, the instructor of the Innocence Project course, a subpoena May 20 to appear in Cook County’s Circuit Court on June 11 with the requested materials. Protess and his students retained the services of Richard J. O’Brien and Linda R. Friedlieb of Sidley Austin LLP, and they are attempting to quash the subpoena on the grounds that the students are protected by the Illinois Reporter’s Privilege Act and the Family Educational Rights and Privacy Act (FERPA), according to the Medill Innocence Project’s Web site.

Read more on The Student Press Law Center. Professor Protess provides the background and commentary on the McKinney case on the Medill Innocence Project web site.

I can't wait. Well, actually I can.

Why Google and Bing's Twitter Announcement is Big News

Tweets will finally become first class web citizens

by James Turner

Lurking innocently on Google's blog this afternoon, like many of their big announcements, was the bombshell that they have reached an agreement with Twitter to make all tweets searchable. This followed an earlier announcement at the Web 2.0 conference by Microsoft that Bing has also arranged to make tweets searchable.

This is not only a huge thing for Twitter, it is also well past due. Until now, Twitter really hasn't been a first class web citizen, because you're not really part of Web 2.0 until you're searchable by Google (and, I suppose, Bing).

… The Bing interface is interesting, it seems to be a hybrid of a web search engine and a twitter search.

Has the time for encryption finally come?

PCI DSS and HIPAA drive encryption projects

by Steve Ragan - Oct 21 2009, 16:30

Thales recently released their Key Management benchmark survey, reporting that of all the things that could drive an encryption project in IT, HIPAA and PCI DSS are the top two reasons companies are moving forward with encryption initiatives.

… Their findings show that in Europe, 52-percent of those who answered the survey are planning encryption projects so that they can comply with PCI DSS regulations. In the U.S., 53-percent said their encryption projects are based on compliance needs for HIPAA.

… Another issue with availability is key management, the central part to any encryption project, no matter what the solution is. The Thales survey showed that eight percent of those surveyed have had to deal with a lost encryption key in the last two years. [Compare with the percentage of drivers who lock their keys in the car? Bob] According to the survey report, these losses resulted in business disruptions or permanent data loss for 39-percent of those who’ve dealt with the issue.

… Moreover, when asked about their own company's plans for cloud computing, 47-percent said they would not move to the cloud unless data was encrypted, and another 43-percent said they have no cloud-based plans at all.

Should we wait for congress? (AKA: the next Ice Age)

Is Net Neutrality a FCC Trojan Horse?

Commentary by Corynne McSherry October 21st, 2009

… But Congress has never given the FCC any authority to regulate the Internet for the purpose of ensuring net neutrality. In place of explicit congressional authority, we expect the FCC will rely on its "ancillary jurisdiction," a position that amounts to “we can regulate the Internet however we like without waiting for Congress to act.” (See, e.g., the FCC's brief to a court earlier this year). That’s a power grab that would leave the Internet subject to the regulatory whims of the FCC long after Chairman Genachowski leaves his post.

(Related) Does Canada get it right? I don't think so.

CRTC Issues Net Neutrality Rules

Posted by samzenpus on Wednesday October 21, @07:10PM from the play-fair-eh dept.

An anonymous reader writes

""The CRTC today introduced a new framework to guide Internet service providers in their use of Internet traffic management practices. ISPs will be required to inform retail customers at least 30 days, and wholesale customers at least 60 days, before an Internet traffic management practice takes effect. At that time, ISPs will need to describe how the practice will affect their customers' service. The Commission encourages ISPs to make investments to increase network capacity as much as possible. However, the Commission realizes that ISPs may need other measures to manage the traffic on their networks at certain times. Technical means to manage traffic, such as traffic shaping, should only be employed as a last resort.""

Should we offer classes in Twitter starting in grade school? Probably have replaced it by the time we work out a syllabus.

October 21, 2009

Pew Report: Twitter and Status Updating, Fall 2009

Twitter and Status Updating, Fall 2009, by Susannah Fox, Kathryn Zickuhr, Aaron Smith - Oct 21, 2009

  • "Some 19% of internet users now say they use Twitter or another service to share updates about themselves, or to see updates about others. This represents a significant increase over previous surveys in December 2008 and April 2009, when 11% of internet users said they use a status-update service. Three groups of internet users are mainly responsible for driving the growth of this activity: social network website users, those who connect to the internet via mobile devices, and younger internet users – those under age 44."

E-discovery in complex litigation. How long does it take to review 1,000,000,000 emails?

Jason R. Baron – The Movie

Jason R. Baron is well known as a lawyer, writer, editor, and thought leader on e-discovery search. This blog is a 30 minute video excerpt of Jason teaching Bill Hamilton and my law school class this week at the University of Florida. Jason’s talk will give you a better understanding of the problem of search, why it is so difficult, and the latest research and trends in this area.

… Jason Baron’s efforts to bridge the disciplines of law and information science are driven by his desire to help the law cope with the sudden explosion in the volume of information. Jason is on the front line of this problem as the Director of Litigation of the National Archives and Records Administration. NARA, among other things, handles White House email litigation and other federal records disputes. He lives in a world where the management of billions of emails and government records are routine. He understand far better than most the need of law to work with science to cope with these issues.

Hacker news

Metasploit Project Sold To Rapid7

Posted by Soulskill on Wednesday October 21, @11:07AM from the onward-and-upward dept.

ancientribe writes

"The wildly popular, open-source Metasploit penetration testing tool project has been sold to Rapid7, a vulnerability management vendor, paving the way for a commercial version of Metasploit to eventually hit the market. HD Moore, creator of Metasploit, was hired by Rapid7 and will continue heading up the project. This is big news for the indie Metasploit Project, which now gets full-time resources. Moore says this will translate into faster turnaround for new features. Just what a commercial Metasploit product will look like is still in the works, but Rapid7 expects to keep the Metasploit penetration testing tool as a separate product with 'high integration' into Rapid7's vulnerability management products."

For those times you need to play “computer security guy” Lists 27 specific malware titles

Remove A Plethora Of FAKE Antivirus Software With This Free App

Oct. 22nd, 2009 By Karl L. Gechlik

I love lists. This one has some boring sites, but a few Easter Eggs too

50 Kick-Ass Websites You Need to Know About

Posted 10/21/09 at 11:00:00 AM by Alex Castle, Norman Chan, and Forence Ion

Wednesday, October 21, 2009

I'm not aware of anything like this before. Will they also fine TJX, For failure to encrypt their wireless connections?

SEC fines broker-dealer $100,000 over computer security failures

October 21, 2009 by admin Filed under Of Note

Finextra reports:

US broker-dealer Commonwealth Financial Network has been fined $100,000 for failing to insist its registered representatives maintain anti-virus software on their computers. The failure led to an intruder gaining access to the firm’s Intranet, accessing customer accounts and entering unauthorised purchase orders worth over $523,000.

According to an SEC cease and desist order – first published by ZDNet – an intruder used a computer virus in November 2008 to obtain the login credentials of a Commonwealth registered representative.

Some time later that month, the intruder used the login credentials to enter Commonwealth’s Intranet site and view information on how to execute trades.


I wonder if my Wi-Fi Router has the same bug?

Time Warner testing fix to hole in home router

by Elinor Mills October 20, 2009 2:45 PM PDT

Time Warner has rolled out a temporary patch and is testing a permanent fix for a security hole in a combination cable modem/Wi-Fi router that could allow anyone to access the private network of its customers, snoop on sensitive data, and direct customers to malicious Web sites.

… "We are aware of the issue and we are hard at work on a solution and have been for quite some time," [When were they going to tell their customers? Bob] Alex Dudley, a Time Warner Cable spokesman, said on Tuesday.

"The manufacturer has developed a fix," he added. "We believe it will work and we are testing it now to make sure it won't affect our network in other ways."

… Chen wrote that he discovered that the administration features of the router had been disabled via JavaScript and that he was able to access all the features of the router by disabling JavaScript in the browser. [Now that's a simple hack! Bob]

Attention Hackers and coding geeks! Here's you chance to see where your vote went!

Sequoia Voting Systems Source Code Released

Posted by kdawson on Tuesday October 20, @07:06PM from the redaction-fail dept.

Mokurai sends a heads-up about Sequoia Voting Systems, which seems to have inadvertently released the SQL code for its voting databases. The existence of such code appears to violate Federal voting law:

"Sequoia blew it on a public records response. ... They appear... to have just vandalized the data as valid databases by stripping the MS-SQL header data off, assuming that would stop us cold. They were wrong. The Linux 'strings' command was able to peel it apart. Nedit was able to digest 800-MB text files. What was revealed was thousands of lines of MS-SQL source code that appears to control or at least influence the logical flow of the election, in violation of a bunch of clauses in the FEC voting system rulebook banning interpreted code, machine modified code and mandating hash checks of voting system code."

The code is all available for study or download, "the first time the innards of a US voting system can be downloaded and discussed publicly with no NDAs or court-ordered secrecy," notes Jim March of the Election Defense Alliance. Dig in and analyze.

Attention Hackers! Now you can extend the “unplug grandma” feature of the Obama Health Care Plan to anyone in Oregon! Got an irritating neighbor? Unhappy with your local politician? Sign them up!

Oregon end-of-life forms go electronic

by Elizabeth Armstrong Moore October 20, 2009 7:35 PM PDT

Officials at Oregon Health and Science University (OHSU) announced Tuesday that the state's Physician Orders for Life-Sustaining Treatment (POLST) registry is going digital on or near December 1.

Interesting. Should we expect IBM to push non-Microsoft alternatives whenever they release new versions of their products? (IBM has free versions for most of them.)

IBM's Answer To Windows 7 Is Ubuntu Linux

Posted by kdawson on Tuesday October 20, @07:57PM from the riding-the-pr-coattails dept.

An anonymous reader writes

"It looks like IBM isn't much of a friend of Microsoft's anymore. Today IBM announced an extension of its Microsoft-Free PC effort together with Canonical Ubuntu Linux. This is the same thing that was announced a few weeks back for Africa (a program that began a year ago), and now it's available in the US. The big push is that IBM claims it will cost up to $2,000 for a business to move to Windows 7. They argue that moving to Linux is cheaper."

Q: How big is the Cloud? A: How big do you want it to be?

Google Envisions 10 Million Servers

Posted by kdawson on Tuesday October 20, @02:52PM from the up-scale dept.

miller60 writes

"Google never says how many servers are running in its data centers. But a recent presentation by a Google engineer shows that the company is preparing to manage as many as 10 million servers in the future. At this month's ACM conference on large-scale computing, Google's Jeff Dean said he's working on a storage and computation system called Spanner, which will automatically allocate resources across data centers, and be designed for a scale of 1 million to 10 million machines. One goal: to dynamically shift workloads to capture cheaper bandwidth and power. Dean's presentation (PDF) is online."

Is this the future of publishing? In theory, you could pick up your newspapers, magazines and book-of-the-month club selections at your local library or supermarket.

HP can't save print. But big props for trying

by Rafe Needleman October 21, 2009 12:01 AM PDT

Hewlett-Packard is announcing two projects at the Web 2.0 Summit in San Francisco on Wednesday it hopes will give new life to print--books and magazines in particular. Additions to two projects, BookPrep and MagCloud, let content that's been too expensive or difficult to print get out to readers more easily.

The future of the internet?

U2 concert to be streamed live from Rose Bowl

by Daniel Terdiman October 20, 2009 4:00 PM PDT

Tools & Techniques Test you hacks on someone else's computer.

codepad is an online compiler/interpreter, and a simple collaboration tool. Paste your code below, and codepad will run it and give you a short URL you can use to share it in chat or email.

Language: C C++ D Haskell Lua Ocaml PHP Perl Plain Text Python Ruby Scheme Tcl

Is this a health site or a cover for a sex site? Or maybe it's just easier to market health if there's lots of sex talk too?

Health Guru

Something for the Business students? Launches Massive Structured Database Of People And Companies

by Michael Arrington on October 21, 2009

It isn’t often that a startup can raise nearly $12 million dollars and work in stealth for a year and a half without anyone noticing. But that’s exactly what Tracked has done – and today they’re launching a massive structured database for tracking people and businesses.

...You can, for example, view public company financial statements, compensation data and insider trading for public company executives, or just overviews (and news items) for countless business people and other notable individuals. You can also create watchlists of people, companies or industries, and the service will create a customized feed of news relevant to the items on your watchlist.

Tuesday, October 20, 2009

ChoicePoint was the first and remains a whipping boy in the Identity Theft field. You would think they would expend some resources to ensure they eventually get out of the headlines. My Disaster Recovery class will be discussing this tonight...

FTC settles latest charges against ChoicePoint

October 19, 2009 by admin Filed under Breach Incidents, Business Sector, Of Note, U.S.

ChoicePoint, Inc., one of the nation’s largest data brokers, has agreed to strengthened data security requirements to settle Federal Trade Commission charges that the company failed to implement a comprehensive information security program protecting consumers’ sensitive information, as required by a previous court order. This failure left the door open to a data breach in 2008 that compromised the personal information of 13,750 people and put them at risk of identify theft. ChoicePoint has now agreed to a modified court order that expands its data security assessment and reporting duties and requires the company to pay $275,000.

In April 2008, ChoicePoint (now a subsidiary of Reed Elsevier, Inc.) turned off a key electronic security tool used to monitor access to one of its databases, and for four months failed to detect that the security tool was off, according to the FTC. During that period, an unknown person conducted unauthorized searches of a ChoicePoint database containing sensitive consumer information, including Social Security numbers. The searches continued for 30 days. After discovering the breach, the company brought the matter to the FTC’s attention.

The FTC alleged that if the security software tool had been working, ChoicePoint likely would have detected the intrusions much earlier and minimized the extent of the breach. The FTC also alleged that ChoicePoint’s conduct violated a 2006 court order mandating that the company institute a comprehensive information security program reasonably designed to protect consumers’ sensitive personal information.

Under the agreed-upon modified court order, filed on the FTC’s behalf by the Department of Justice, ChoicePoint is required to report to the FTC – every two months for two years – detailed information about how it is protecting the breached database and certain other databases and records containing personal information.

The FTC’s prior action against ChoicePoint involved a data breach in 2005, which compromised the personal information of more than 163,000 consumers and resulted in at least 800 cases of identity theft. The settlement and resulting 2006 court order in that case required the company to pay $10 million in civil penalties and $5 million in consumer redress. [What is it worth to the company to avoid that level of fine again? Bob] The company also agreed to maintain procedures to ensure that sensitive consumer reports were provided only to legitimate businesses for lawful purposes; to maintain a comprehensive data security program; and to obtain independent assessments of its data security program every other year until 2026. The new court order extends the record-keeping and monitoring requirements of the 2006 order, and gives the FTC the right to request up to two additional biennial assessments of ChoicePoint’s overall data security program.

The Commission vote to approve the modified stipulated order was 4-0. The order was filed in the U.S. District Court for the Northern District of Georgia, and entered by the court on October 14, 2009.

This article gets filed in our “Identity Thieves are getting more aggressive” folder. A wide variety of “petty” crimes are now tied to Identity theft, and whoever is organizing the crimes seems to be recruiting these little crooks for a small slice of the pie.

ID theft ring traced to stolen MVD document

October 19, 2009 by admin Filed under Breach Incidents, Government Sector, ID Theft, Paper, Theft, U.S.

KOAT reports a breach out of New Mexico:

About a month ago, Target 7 reported that Rod White, of Los Ranchos, was indicted on charges of fraud, forgery and identity theft. White tried to pass off fake checks using the state Taxation and Revenue Department’s account number. Officials knew little then, but APD detectives said they have linked White to an organized crime ring that stole identities.

Investigators believe they used various methods to obtain personal information, including a stolen cache of state Motor Vehicle Division documents. One victim said a woman stole her purse right out of her hand in broad daylight at an Albertson’s in the Northeast Heights. Purse snatchings like that one led police to five more people who are also now accused in the theft ring. Those people told detectives that they worked with White. The six are accused of also stealing mail from neighborhoods all over the Duke City. Detectives said the six had a postmaster key they used to open up mail boxes and get information from hundreds of victims. A search of two of the alleged thieves’ homes uncovered more than 400 potential victims. A cache of state Motor Vehicle Division documents with names, Social Security numbers and addresses was also found. Detectives said that the documents were stolen from an MVD worker’s car, parked outside of his home. [Why paper records? Why take the records home? Bob] The documents were used to make fake IDs and fake checks. Police said more arrests are coming soon as the case unfolds..

So I checked this site and I don’t see where we knew about any breach involving the Motor Vehicle Division. Was that breach ever publicly reported? Second, why did the MVD worker have documents in a car? Was that consistent with MVD policy?

Updating the local story...

UPDATE: Credit cards also involved in Cheers Liquor breach

October 19, 2009 by admin Filed under Breach Incidents, Business Sector, Hack, ID Theft, Of Note, U.S.

Wayne Heilman reports:

A security breach in the credit-card processing system at Cheers Liquor Mart involves both credit and debit cards and likely involves customers of dozens, if not hundreds, of financial institutions nationwide, the Colorado Springs-based retailer said today.

Cheers has shut down a wireless broadband system that was used to process credit-card transactions and replaced it with an older dial-up system that is more secure and difficult to hack, said James Wall, a Denver-based spokesman for Cheers. The wireless broadband system was first accessed illegally in mid-September, and was shut down last week and replaced with a paper-based system until the dial-up system was installed on Friday, he said.

Read more in The Gazette.

Is this how you get the data breach laws toughened in the UK?

BNP membership list appears on Wikileaks (yes, again!)

October 20, 2009 by Dissent Filed under Breaches, Featured Headlines, Non-U.S.

Robert Booth reports:

A detailed membership list of the British National party containing names, addresses and telephone numbers was published on the internet this morning.

The list, which contains thousands of names, was published on Wikileaks, a website that purports to be a clearing house for information to be published anonymously. [link to list inserted by Dissent]


The publication of the list represents the third significant time the details of the BNP’s membership have been made public. In November 2008, a list of members’ names, contact details and in some cases jobs and hobbies was leaked by disgruntled members said to have become frustrated that the party had become too soft under Griffin.

Read more in the Guardian.

Maybe there is a market for some of the things the Army taught me (translated into more modern technology than flintlocks)

Exclusive: U.S. Spies Buy Stake in Firm That Monitors Blogs, Tweets

By Noah Shachtman October 19, 2009 12:03 pm

In-Q-Tel, the investment arm of the CIA and the wider intelligence community, is putting cash into Visible Technologies, a software firm that specializes in monitoring social media. It’s part of a larger movement within the spy services to get better at using ”open source intelligence” — information that’s publicly available, but often hidden in the flood of TV shows, newspaper articles, blog posts, online videos and radio reports generated every day.

Who are they trying to sell? No details, no facts, only a lot of “wouldn't it be cool to do this” kind of scenes – sounds like they are targeting politicians.

Demo of EU's Planned "INDECT" Hints At Massive Data Mining, Little Privacy

Posted by timothy on Monday October 19, @03:33PM from the greater-good-strikes-back dept.

Ronald Dumsfeld writes

"Wikinews puts together some of the details around the EU's five-year-plan called Project INDECT, and brings attention to a leaked 'sales-pitch' video: 'An unreleased promotional video for INDECT located on YouTube is shown to the right. The simplified example of the system in operation shows a file of documents with a visible INDECT-titled cover stolen from an office and exchanged in a car park. How the police are alerted to the document theft is unclear in the video; as a "threat," it would be the INDECT system's job to predict it. Throughout the video use of CCTV equipment, facial recognition, number plate reading, and aerial surveillance give friend-or-foe information with an overlaid map to authorities. The police proactively use this information to coordinate locating, pursing, and capturing the document recipient. The file of documents is retrieved, and the recipient roughly detained.'"

(Related) What standards do you need to make INDECT possible?

October 19, 2009

National Information Exchange Model Enables Critical Enterprisewide Info Sharing

"NIEM, the National Information Exchange Model, is a partnership of the U.S. Department of Justice and the Department of Homeland Security. It is designed to develop, disseminate and support enterprise-wide information exchange standards and processes that can enable jurisdictions to effectively share critical information in emergency situations, as well as support the day-to-day operations of agencies throughout the nation. NIEM enables information sharing, focusing on information exchanged among organizations as part of their current or intended business practices. The NIEM exchange development methodology results in a common semantic understanding among participating organizations and data formatted in a semantically consistent manner. NIEM will standardize content (actual data exchange standards), provide tools, and managed processes."

(Related) Interesting in that they didn't require him to decrypt his files. Would the results be different if he had been charged with terrorism? Perhaps they haven't heard of waterboarding?,23739,26232570-952,00.html

Secret code saves man who spied on flatmates

Jeremy Pierce October 19, 2009 11:00pm

A MAN who established a sophisticated network of peepholes and cameras to spy on his flatmates has escaped a jail sentence after police were unable to crack an encryption code on his home computer.

Now here's a court ruling I don't agree with. Why? Because I remember that, "Oceania has always been at war with Eastasia." How can there be an accurate history if the versions change?

Newspaper archives can lose libel protection as stories change, rules High Court

October 20, 2009 by Dissent Filed under Court, Featured Headlines, Non-U.S.

A newspaper which continued to publish a defamatory article on its website after its subject was cleared in an investigation lost its right to claim a special journalistic defence against libel, the High Court has said.

The ruling makes it clear that while responsible journalism is given some libel protection, that protection can evaporate if the crucial facts of the case change. Web archives of stories must change to reflect this, the ruling said.

Read the full story on The ruling can be found here.

The ruling not only is significant for traditional publishers, but is also of concern to bloggers, who have been increasingly under legal assault. Simon Singh, who has been sued by the British Chiropractic Association for libel, had an interesting column last week in The Times, ,England’s libel laws don’t just gag me, they blindfold you, in which he wrote:

One of the main fears, expressed repeatedly during the evening, was the sheer cost of a libel case. Although the damages at stake might be just £10,000, going to trial can mean risking more than £1m. This means that a blogger has to ask whether he or she can afford the possibility of bankruptcy. Even if a blogger is 90% confident of victory, there is still a 10% chance of failure, which is why bloggers often back down, withdraw and apologise for material they believe is true, fair and important to the public.

I should point out that I am being sued for libel by the British Chiropractic Association. Indeed, last week I was at the Court of Appeal where I received permission to appeal against an earlier ruling on the meaning of my article. The original article was published 18 months ago, the case has cost me £100,000 and there is still a long way to go. My reason for not backing down is that I believe my article is accurate, important and a matter of public interest, as it relates to the use of chiropractic in treating various childhood conditions, such as asthma and ear infections.

But as Singh points out, the reality is that most bloggers do not have the resources he has to fight libel or defamation suits, even if their stories are accurate or are protected speech. This latest UK ruling seems to open up a new Pandora’s box, and seems to suggest that once a story is published, the publisher is responsible for it in perpetuity should important facts come out later that could affect someone’s reputation.

Any real controversy here? Is getting your news faster a bad thing?

Who Needs Cameras? Judges Allow Twitter in the Courtroom

October 19th, 2009 | by Jennifer Van Grove

… We’ve already seen journalists in the United States granted permission to tweet while in court, but Australia is breaking some interesting ground when it comes to Twitter and the legal system.

After a recent trial that involved journalists tweeting the proceedings, FOXNews is reporting that the Federal Court in Australia has decided that as with other media, individual judges will be able to decide on a case by case basis if they will allow live Twitter coverage from within their courtrooms.

Apparently earlier in the month two technology journalists, one from ZDNet Australia, used Twitter to report live regarding an iiNet copyright case around movie piracy. The presiding judge, Dennis Cowdroy, soon became aware of their tweets, but saw no issue with their behaviors.

I don't see this as a battle of “the haves vs. the have nots” Rather it seems a battle of “the we know how to use the Internet vs. the what are you doing with our telephone lines?”

Amazon, Facebook, and Google back FCC on Net neutrality

by Marguerite Reardon October 19, 2009 3:43 PM PDT

Tools & Techniques (and because I haven't caught up with their new toys yet)

A Guide To Google’s New Search Features

Oct. 19th, 2009 By Eyal Sela

Tools & Techniques (something for every hacker)

NirLauncher – Awesome Portable Utilities To Have On Your Flash Drive

Oct. 19th, 2009 By Varun Kashyap

Actually more like a list of sites, and you know I like lists!

Top 8 Things For Bored Teenagers To Do Online

Oct. 19th, 2009 By Jackson Chung

Monday, October 19, 2009

I fear this is the only way Privacy will come to the land of Big Brother (and is likely to be the way we lose ours)

Privacy law established by stealth in Britain, report says

October 18, 2009 by Dissent Filed under Non-U.S.

Robert Verkaik reports:

Britain has established a privacy law by stealth which has made inroads into all parts of society, a leading human rights law review shows today.

The use of legal arguments based on the claimant’s right to a private life were once almost exclusively restricted to cases brought by celebrities against newspaper groups, but just two of the 28 privacy court cases reported in the last year had any connection with the traditional battle between high-profile individuals and the media.


Jonathan Cooper, barrister at London’s Doughty Street Chambers and the editor of Sweet & Maxwell’s European Human Rights Law Review, said the UK’s legal system was “playing catch-up with other countries where the concept of privacy has been taken more seriously”. He added: “The absence of privacy rights has been a defect of UK law.”

Read more in The Independent.

Seems correct to me (and I don't often agree with the Ninth Circuit) how else can we be assured that citizens actually signed the petition?

Ninth Circuit overturns preliminary injunction restraining release of names of anti-domestic-partnership petition signers

October 19, 2009 by Dissent

Eugene Volokh comments on a recent Ninth Circuit decision concerning the release of signatures on a public petition:

I don’t think that secrecy of signatures is constitutionally mandated by the First Amendment, just as I don’t think that a secret ballot is constitutionally mandated by the First Amendment. True, the anonymous speech precedents bar the government from requiring that people sign their political statements. But political statements are just speech. Signing an initiative, referendum, or recall petition is a legally operative act — it helps achieve a particular result not just because of its persuasiveness, but because it is given legal effect by the state election law.

The government is surely entitled to require that people who want their signature to have such a legally operative effect must disclose their identities to the government. And I see no reason why the government might not then disclose those identities to the public, who after all are in charge of the government. To do that is to inform the people about who is taking legally operative steps to change the state’s laws (or the state’s elected representatives, in the case of a recall).

Read more on The Volokh Conspiracy.

As long as we're changing the world, why not change politics?;_ylt=AvKzh4QrIa0tcjpSvWkc_9.s0NUE;_ylu=X3oDMTFmaW1rNDUxBHBvcwMxMDAEc2VjA2FjY29yZGlvbl9idXNpbmVzcwRzbGsDc3RhdGVzd2VpZ2hj

States weigh campaign rules for the Internet age

MADISON, Wis. – To promote his recent campaign for mayor of St. Petersburg, Fla., Scott Wagman bought an ad that popped up online when anyone ran a Google search for his opponents' names.

He was hardly the first to employ the tactic, which didn't stop a rival campaign from complaining the ad did not have a "paid for by" disclaimer. The Florida Elections Commission ordered Wagman to remove it and pay a $250 fine, even though the required disclaimer was longer than the 68 characters allowed in the text of the ad, which wasn't "paid for" until someone clicked on it.

For those times when you want to exercise your inner MBA...

October 18, 2009

New on LLRX: Competitive Intelligence - A Selective Resource Guide - Updated and Revised

Competitive Intelligence - A Selective Resource Guide - Updated and Revised October 2009: Sabrina I. Pacifici's completely revised and updated pathfinder focuses on leveraging selected reliable, focused, free and low cost sites and sources to effectively profile and monitor companies, markets, countries, people, and issues. This guide is a "best of list" of web, database and email alert products, services and tools, as well as links to content specific sources produced by government, academic, NGOs, the media and various publishers.

(Related) So will Wall Street go RIAA on them, or just wait for the SEC?

KaChing takes on mutual fund industry

by Rafe Needleman October 18, 2009 4:47 PM PDT

When I wrote about KaChing last December, the site was a fantasy stock market where you could track the pretend portfolios of other investors. But the game of make-believe is coming to an end at the company, and KaChing is now letting users attach real money to their accounts. In doing so, this company is taking on the $11.5 trillion U.S. mutual fund industry. It looks like a great opportunity, both for the investors in the company and consumer equity investors.

Perhaps we should look into Cloud Health Care?

The Economics of Federal Cloud Computing Analyzed

Posted by kdawson on Monday October 19, @01:11AM from the clouds'-illusions-i-recall dept.

jg21 writes

"With the federal government about to spend $20B on IT infrastructure, this highly analytical article by two Booz Allen Hamilton associates makes it clear that cloud computing has now received full executive backing and offers clear opportunities for agencies to significantly reduce their growing expenditures for data centers and IT hardware. From the article: 'A few agencies are already moving quickly to explore cloud computing solutions and are even redirecting existing funds to begin implementations... Agencies should identify the aspects of their current IT workload that can be transitioned to the cloud in the near term to yield "early wins" to help build momentum and support for the migration to cloud computing.'"


October 18, 2009

New on LLRX: Legal Implications of Cloud Computing - Part Two (Privacy and the Cloud)

Legal Implications of Cloud Computing - Part Two (Privacy and the Cloud): As a follow-up to last month's article that provided an overview of cloud computing in the context of significant legal issues, this article by Tanya Forsheit reviews the issues of privacy and cross-border data transfers.

(Related) In case you thought Cloud Computing isn't happening yet.

Google Expands “Going Google” Ad Campaign Worldwide

by Michael Arrington on October 18, 2009

Google continues to hit milestones with Google Apps – 2 million businesses and 20 million users in over 100 countries and 40 languages (up from 1.75 million businesses in June). And they aren’t slowing down the advertising, either.

Strangely enough, this too relates to high-volume search and analysis.

October 18, 2009

New on LLRX: Using Technology To Estimate, Control And Manage Litigation Document Review Budgets

Using Technology To Estimate, Control And Manage Litigation Document Review Budgets: Conrad J. Jacoby details approaches and exercises that contribute to a successful process for calculating - and staying within - a realistic budget for a litigation or regulatory document review.

People now read books on digital e-readers. Book stores are doomed, right?


Meta search 20+ ebook sites with one click

(Related) Digital is the way to go...

EU Makes 50 Years of Historical Documents Available Online for Free

By Zee on October 18, 2009

At the world’s largest book fair in Frankfurt, the European Union officially launched the EU Bookshop’s digital library, an archive of 50 years of documents in about 50 different languages, all available online for free.

… The library’s contents will also be a part of Europeana, a very impressive site we’ve written about before and devoted to all things European.

Do people still read music?

Top 6 Sites to Find and Print Free Sheet Music

Oct. 18th, 2009 By Mahendra Palsule

Too early to be shopping for Christmas?

Plastic Logic’s Que e-reader: One for the businesspeople in the audience (apparently)

by Nicholas Deleon on October 19, 2009

… What does it do? Well, Timmy, it e-reads all sorts of stuff, including Microsoft Office documents and books from Barnes & Noble.

… Other goodies:

• 8.5×11-inch touchscreen display

• 3G (provided by AT&T), Wi-Fi

• Ability to edit said Office documents on the device itself

… Extra thin, lightweight and wireless-enabled, QUE is the size of an 8.5 x 11 inch pad of paper, less than a 1/3 inch thick, and weighs less than many periodicals.