Saturday, November 14, 2009

The technology exists, therefore we have the right to use it however we choose! (This attitude explains why my father described Ireland as a country “where, on occasion, peace breaks out.”) Also note the number of misspellings in the article. Perhaps they should concentrate on teaching?

Ie: School in row over CCTV cameras in bathrooms

November 13, 2009 by Dissent Filed under Non-U.S., Surveillance, Youth

From the Irish Examiner:

A Kildare school is at the centre of a dispute over CCTV cameras in the bathrooms.

It follows a walk out by students at Scoile Mhurie in Clane in protest over the installation fo (sic) the cameras in the school toilets.

The board of managment (sic) at the school is insisting that privacy is preserved.

Parents claim they were not informed of the decision which the school says is in response to vandalism.

Kildare Fine Gael Councillor Bernard Meld, a member of the school board, has said the cameras are staying.

Thanks to Brian Honan for this link.

In separate coverage of the walk-out, J.P. Anderson writes:

However, a statement from the Department of Education said that, while the supervision of students is the responsibility of the Board of Management, the installation of cameras in toilets may be illegal.

“The guidance available from the Data Protection Commissioner said the use of CCTV to monitor areas where individuals would have a reasonable expectation of privacy such as in toilets and rest rooms would be difficult to justify under data protection legislation,” a statement read.

Ha! I thought so. That's why we teach Ethics as part of our CS degrees.

Bernie Madoff's Programmers Arrested

Posted by ScuttleMonkey on Friday November 13, @03:55PM from the what-corporate-veil dept.

ZipK writes

"With their former boss cooling his heels on a 150-year sentence, programmers Jerome O'Hara and George Perez are now in the US Attorney's crosshairs. They've been arrested and charged with criminal conspiracy, and 'accused of producing false documents and trading records at Bernard L. Madoff Investment Securities LLC in New York.' Apparently Madoff's fraud was too large and too complex to be foisted entirely by hand." [Anyone can steal, but to steal Billions, you need a computer? Bob]

Wouldn't these arguments apply to any Cloud vendor?

Amazon called out over cloud security, secrecy

November 14, 2009 by Dissent Filed under Internet

Jon Brodkin reports:

Amazon’s cloud computing service should not be used for applications that require advanced security and availability, the Burton Group analyst firm says in a report accusing Amazon of secrecy regarding its cloud data centers.


Specifically, Burton Group says Amazon customers have no way of determining the “physical redundancy level and data protection” of physical components such as servers, storage devices, network and power infrastructure. Burton Group also faulted Amazon for replication rates in its Simple Storage Service and a lack of failover between data center regions.

Amazon spokeswoman Kay Kinton said the Burton Group report contains inaccurate statements. For example, the report says Amazon lacks SAS 70 security certification, when in fact Amazon does have that certification, Kinton writes in an e-mail to Network World.

Read more on Network World.

Video discussing the need for Cyber-Warriors and the high school kid who won. Note that his high school does not teach Security.

Gov 2.0 Summit 09: Alan Paller and Michael Coppola, "Cybersecurity Challenge"

Of course it works. Strange that only 4 percent were sufficiently paranoid to check. Will that number jump to 115% of registered voters if Chicago ever goes to this system?

Cryptographic voting debuts

A new system for ensuring accurate election tallies, which MIT researchers helped to develop, passed its first real-world test last Tuesday.

Larry Hardesty, MIT News Office

… Going into the Takoma Park trial, the crucial question was whether 2 percent of voters would bother to write down their codes and check them online. According to Poorvi Vora, a member of the Scantegrity team at George Washington University, 1,722 votes were cast and 66 people checked their codes — almost 4 percent.

With all the code now available free, we may be kick starting another generation of phone phreaks!

Android 2.0 source released, already ported to the G1

by Greg Kumparak on November 14, 2009

… As the sun set over the Silicon Valley last night, Google pushed the source code for Android 2.0 to the Android Open Source Project. Within two hours, the endlessly able Android community had it up and running on the eldest Android of them all, the T-Mobile G1.

Follow the money...

Google Books settlement sets geographic, business limits

by Elinor Mills November 13, 2009 10:19 PM PST

… The settlement now applies only to out-of-print books registered with the U.S. Copyright office or published in the U.K., Australia, or Canada, countries that have a common legal heritage and similar book industry practices, according to the FAQ on the revised settlement.

This is interesting. Will consumers flee the free and queue up to pay Murdoch? More likely, Google will buy Reuters or CNN

How Murdoch Can Really Hurt Google And Shift The Balance Of Power In Search

by Michael Arrington on November 13, 2009

Mahalo CEO Jason Calacanis, who used to work for Murdoch’s Digital Chief Jonathan Miller when the two were at AOL, posted a video last week (embedded below) with a simple suggestion: Not only should Murdoch de-index from Google, but he should get Bing to pay him for the exclusive right to index it. TechCrunch Europe’s Mike Butcher has been sniffing down a similar trail.

(Related) Lest you think this was too far out.

Badda Bing! Microsoft woos newspapers by funding their stick to beat Google

by Mike Butcher on November 13, 2009

As Microsoft shed its beta tag for the launch of the UK version of Bing today, TechCrunch Europe has learnt that it held a secret meeting with a group of big European publishers, mainly newspapers.

Moving steadily toward the model I've been describing for years. Watch how the debate in the comments plays out...

Time To Ditch Cable For Internet TV?

Posted by Soulskill on Friday November 13, @07:55PM from the slowly-but-surely dept.

itwbennett writes

"A flurry of announcements from YouTube, Boxee, Dell and Clicker on Thursday brought good news for anyone considering canceling their cable service in favor of internet TV. First, YouTube announced that within the next few days it will start offering full 1080P HD streams; better than your cable company can offer. Next, Boxee announced a 'Boxee Box' that promises to make it easier to get the content off your computer and onto your TV. Or you could hook up Dell's Inspiron Zino HD instead. 'This is an 8" x 8" PC running Windows 7 (with an option for Ubuntu) that you certainly could use as a desktop machine, but the form factor just screams 'Hook me up to your TV!' via its HDMI port,' says Peter Smith. And, last but not least in this roundup of announcements is the launch of Clicker, a programming guide for internet TV that aims to help you find what you want, when you want it."

Hi there! We're the department of defense. Let's twitter and friend each other before we bomb you back to the stone age.

November 13, 2009

Directory of DoD Social Media

Directory of DoD Social Media Links: "The appearance of external hyperlinks does not constitute endorsement by the United States Department of Defense of the linked web sites, or the information, products or services contained therein. For other than authorized activities as military exchanges and Morale, Welfare and Recreation (MWR) sites, the United States Department of Defense does not exersise any editorial control over the information you may find at these locations. All links are provided consistent with the mission of" [via Wired Danger Room]

Do you suppose this would work (i.e. That I could make money) in other disciplines like law, computer security, etc.?

Medpedia to best the more democratic Wikipedia?

by Elizabeth Armstrong Moore November 13, 2009 6:43 PM PST

Medpedia, a collaborative project for medical information launched in February, is getting beyond the medical-data basics as it adds answers, alerts, and analysis.

… While Medpedia uses the open-source software Mediawiki (also used by Wikipedia), it is less collaborative than the vast encyclopedia site, allowing only physicians and Ph.D.s approved by an editor to contribute to and edit articles. (The less medicine-literate masses are allowed to create accounts and suggest changes, but not actually make them.)

Another tool for finding videos to show my students.

Clicker is the complete guide to Internet Television. Our mission is to make it simple for you to find the right show, right now.

For those of us who teach...

Best of the Ed Tech Freebies

… You can access all the links for all the programs in a Zumlink here.

Friday, November 13, 2009

Once this data is in the hand of the bad guys, use becomes inevitable. How do bank justify waiting until bogus charges (which they guarantee) appear before replacing the cards rather than replacing the cards immediately?

Heartland Update: Some St. Mary’s debit cards compromised

November 12, 2009 by admin Filed under Breach Incidents, Financial Sector, Hack, ID Theft, U.S.

Cards that were “low-risk” from Heartland breach recently used for fraud.

Denis Paiste reports:

St. Mary’s Bank is reissuing about 3,500 debit cards it had been monitoring since a security breach at a national processor in January.

We were told they were low-risk cards, but very recently we’ve been seeing some fraudulent activity,” St. Mary’s Director of Operations Carole Landry said.

The credit union’s Falcon software successfully blocked some attempted fraudulent transactions but about $5,000 in fraudulent transactions got through.

[Article link:

Update (The extortion is new...) Hacking is a global industry.

Follow-up: Settlement OK’d in DA Davidson hacker lawsuit, extortionists indicted

November 13, 2009 by admin Filed under Financial Sector, Hack, Of Note, U.S.

In January 2008, Davidson Companies, a Great Falls-based investment company, revealed that a hacker had broken into a database in 2007 and obtained the names and Social Security numbers of some 226,000 Davidson clients. A lawsuit filed against the company in April was re-filed in May of 2008. Now the lawsuit has settled and there has been progress on the law enforcement front in identifying those involved and bringing them to justice.

Claire Johnson of the Billings Gazette reports that a class action lawsuit filed against the company has now been settled. The terms of the settlement include a $1 million reserve for class members for reimbursement if they suffer losses through identity theft. The agreement also reportedly gives them until June 2011 to file a claim for losses.

Meanwhile, a criminal investigation into the hacking of Davidson’s computer files appears to have borne fruit. Investigators followed a trail that led to the arrest of three Latvians in the Netherlands. The suspects allegedly were to pick up money from the company in an extortion plot in which D.A. Davidson initially was advised to send the money to Russia.

The three Latvian suspects were extradited from the Netherlands and arrived in the United States on Oct. 22. Aleksandrs Hoholko, 29, Jevgenijs Kuzmenko, 25, and Vitalijs Drozdovs, 33, pleaded not guilty during an arraignment in Great Falls on Oct. 26.

A fourth “John Doe” defendant, identified as Robert Borko, has not appeared on charges.

Prosecutors allege that it was the fourth defendant who hacked into D.A. Davidson’s computer system and downloaded more than 300,000 client files.

He then sent the company an e-mail advising that their clients’ financial information had been compromised and attached 20,000 account records to prove his claim. In more e-mails, the hacker suggested that the company may want to keep the breach confidential, identified himself as a information technology security consultant and agreed to delete all the stolen information and identify security weaknesses.

Read more in the Billings Gazette.

Maybe my memory is shot, but I don’t recall ever hearing about the extortion aspects of this incident until now.

If they fought to get this information from Europe, do they already have it form this end?

EU draft council decision on sharing of banking data with the US and restructuring of SWIFT

November 12, 2009 by Dissent Filed under Non-U.S., Surveillance, U.S.



The CIA and other intelligence agencies have long been interested in the Society for Worldwide Interbank Financial Telecomminications (sic), or SWIFT. The Society, headquartered in Belgium, is the primary system used for international, and some national, bank transfers. Whoever controls SWIFT has access to the full details of millions of yearly bank transfers, including, banks, time, names, amount and account numbers. Since 2002 the US government entered into a secret agreement to acquire SWIFT records.

Data handed over each year [to the CIA] by the Society for Worldwide Interbank Financial Telecommunication, or Swift, includes the details of an estimated 4.6 million British banking transactions.[1][2]

This document (see below) presents a new classified draft Council of the European Union decision on the “processing and transfer of Financial Messaging Data” from the EU to the US, as part of the “Terrorist Finance Tracking Programme”. The 24 paged draft, dated 10th of November 2009, if agreed to, will have substantial impact on the European SWIFT banking system and the privacy of European financial data.

Draft available on

Is the Governor a tech wizard who knows more than the lawmakers? Or is he just operating on really weird advice?

Rhode Island Governor Vetoes Restrictions on RFID

November 13, 2009 by Dissent Filed under Legislation, Surveillance, U.S., Youth

Claire Swedberg reports:

Rhode Island’s governor, Donald Carcieri (R), has vetoed the latest effort by the state’s legislature to pass a bill limiting how RFID technology would be employed to track students at schools and school functions, as well as vehicles as they are tracked by E-ZPass or other toll-collection systems. With his veto of Senate Bill 211 (S. 211) on Monday, Carcieri stated that local school and community officials should be allowed to decide if they need to use RFID to track students. He cited the potential for weather-related natural disasters, terrorist attacks or crimes that might prompt a school district to want to do so.

Read more on RFID Journal.

[From the article:

This is the third time the governor has vetoed a bill from the state's general assembly that would restrict the use of RFID technology.

Ignorance of the law is no excuse. “Gimme $200! It's the law!”

City Laws Only Available Via $200 License

Posted by kdawson on Friday November 13, @09:00AM from the calling-doctor-malamud dept.

MrLint writes

"The City of Schenectady has decided that their laws are copyrighted, and that you cannot know them without paying for an 'exclusive license' for $200. This is not a first — Oregon has claimed publishing of laws online is a copyright violation."

This case is nuanced. The city has contracted with a private company to convert and encode its laws so they can be made available on the Web for free. While the company works on this project, it considers the electronic versions of the laws its property and offers a CD version, bundled with its software, for $200. The man who requested a copy of the laws plans to appeal.

Why do I think this is unworkable?

Confidential plans for 1.2 billion ID cards for India

November 13, 2009 by Dissent Filed under Featured Headlines, Non-U.S.


This confidential working paper (49 pp) presents the current plan for India’s Unique ID Databse (sic) Project. Numerous RTI (Right to Information ) petitions failed to obtain this document about the world’s biggest citizen identification scheme.

Because the project will likely become a model for many countries the document is of global interest.

Jounalists can contact Nandan Nilekani, Chairman of UIDA, the Unique Identification Authority.

In order to create an ID, they propose collecting the following information:

  • Name

  • Date of birth

  • Place of birth

  • Gender

  • Father’s name

  • Father’s UID number (optional for adult residents)

  • Mother’s name

  • Mother’s UID number (optional for adult residents)

  • Address (Permanent and Present)

  • Expiry date

  • Photograph

  • Finger prints

Section 7 of the report deals with privacy and security issues.

To download the report, see Wikileaks.

“Free” just got more expensive.

Hotmail imposes tracking cookies for logout

November 12, 2009 by Dissent Filed under Internet

Chris Williams reports:

Hotmail users are now unable to log out of their account if the browser they are using does not accept third party cookies.

The move by Microsoft raises security concerns, particularly as PCs on corporate networks and in cybercafes and libraries are often set to reject cookies.

The error screen* that greets users who try to log out tells them they must re-enable third party cookies or close every browser window.

Read more on The Register.

[From the article:

*Complete with typo.

Hey kids! Have fun with Grandma!

Keeping Pacemakers Safe From Hackers

Posted by samzenpus on Thursday November 12, @05:08PM from the blackest-of-black-hats dept.

An anonymous reader writes

"Researchers from the Swiss Federal Institute of Technology in Zurich and the French National Institute for Research in Computer Science and Control have now developed a scheme for protecting implantable medical devices against wireless attacks. The approach relies on using ultrasound waves to determine the exact distance between a medical device and the wireless reader attempting to communicate with it."

I had no idea that things have gotten so bad that hearts are being hacked.

Unusual. Extending the rules for politicians to us second class citizens.

TSA Changes Rules On Airport Searches … Very Quietly

November 12, 2009 by Dissent Filed under Court, Govt, Surveillance

TSA hassled the wrong person. Previous coverage here.

TSA has changed two rules about airport searches after an aide to Congressman Ron Paul recorded an incident on his iPhone. The rules changes have prompted the ACLU to drop legal action against TSA on behalf of Steve Bierfeldt.

Bierfeldt was detained in March while attempting to board a plane at Lambert-St. Louis International Airport carrying $4,700 in cash. TSA agents spent half an hour questioning him about why he was carrying so much cash, and Bierfeldt recorded the exchange on his iPhone.

Bierfeldt is the director of development for ‘Campaign for Liberty’, a group formed by Congressman Ron Paul’s after his failed presidential bid. Bierfeldt attempted to send a metal box with the cash and checks through a metal detector at the airport, precipitating the confrontation.

Read more on Aero-News Network. Hat-tip, Infowarrior

[From the article:

The new rules say "screening may not be conducted to detect evidence of crimes unrelated to transportation security" and that large amounts of cash do not comprise a threat to an airliner. The second directive says "traveling with large amounts of cash is not illegal." However, TSA said it would not release copies of the directives without a Freedom of Information request.

(Related) It could have been worse. TSA might give all its agents this new iPhone App... (Humor)

Nude It - New iPhone App

Description: Do you want to see someone nude? Yeah, there's an app for that.

(Related) Not humorous. “Breath here, Comrade Citizen.” Another “No search warrant needed” technology? Perhaps we could call it the Hypochondriac's Friend?

Cough into your cell phone, not your sleeve

by Elizabeth Armstrong Moore November 12, 2009 2:06 PM PST

… Trained health workers are already able to distinguish cough types by sound. Thanks to software currently being developed by Star Analytical Services, people may soon be able to install an app to have this audio know-how at their fingertips.

Google is going beyond “look for it” to provide “Here you go” – at least, for topics that interest them.

November 12, 2009

World Bank Data Now in Google Search Results

News release: "Now, a special Google public data search feature will show numeric results for 17 World Development Indicators (WDI) reliably sourced to the World Bank, with a link to Google's public data graphing tool. Google's feature lets users see and compare country-by-country statistics and offers customized graphs with a ‘link’ or web address that can be easily embedded and shared in other websites. From the Google Public Data graphing tool, users can learn more about the data on the new World Bank Data Finder, which allows them to access indicator definitions, quick facts, interactive maps, and additional World Bank related resources."

(Related) Useful if the word gets to the right people...

November 12, 2009

Google: Finding flu vaccine information in one easy place

"This year, it's especially important to have clear information on what you can do to prepare for the flu season. With this in mind, we are happy to share a new feature for the U.S. which allows you to more easily find locations near you for getting both the seasonal and H1N1 flu vaccine. After expanding Google Flu Trends to a total of 20 countries and 38 languages, allowing more people to see near real-time estimates of flu activity, we began brainstorming with the U.S. Department for Health and Human Services (HHS), their collaborators and the American Lung Association on the flu shot finder and other ways Google can be helpful to people this flu season. You can check out the flu shot finder at The same tool will also be available shortly on and the American Lung Association websites. It's important to note that this project is just beginning and we have not yet received information about flu shot clinics for many locations. In addition, many locations that are shown are currently out of stock. We launched this service now in order to help disseminate information about locations where vaccines are available, and also to make more vaccine providers aware of the project so that they can contribute."

A couple of these are verrrry interesting.

Infinity Ventures Summit In Miyazaki, Japan: 12 Demos From Japanese Startups

by Serkan Toto on November 12, 2009

Moji Moji TV by Catalog (winner of the demo pad)

Best of show went to Moji Moji TV, which appears to be a very powerful speech recognition and transcription service for videos launched in private alpha last month. The engine supports Japanese only, but English and Chinese versions are in the works. Moji Moji extracts audio from a video (self-made movies, YouTube clips etc.) and automatically displays the spoken words as text, which then can be edited by the users. The text can be used to tag and sub movies, and it’s also possible to search for certain words or expressions within them. There’s also an iPhone app called Shabetter that automatically transcribes what you say into the iPhone mic and posts it to Twitter. More information on Moji Moji TV in English can be found here.

AEGISGUARD by KLab (fourth runner-up)

AEGISGUARD is anti-virus software that’s not only free to download but also completely available in English. The main purpose of the program is to protect your important files and folders from viruses (of which more than 5 million exist today) and malware by granting only white-listed programs access to them. [A security function that has been missing? Bob] AEGISGUARD developer KLab says this way, unknown or new viruses are effectively fenced out. The solution can be installed with conventional, blacklist-based antivirus software on the same PC.

I'll add this to my Swiss Army folder, since I often wind up sending entire books to my students. - No More USB Devices is a new service that will allow you to send and receive a much larger amount of files in a highly secure and flexible way.

Send 20GBs per session, 2GB max per file, unlimited usage - 100% FREE!

Thursday, November 12, 2009

I expect this crime will be much more common in the “let's put all your medical records online/mine are in the secure congressional health-care vault” future.

Indian outsourcing boss arrested for selling medical records

November 11, 2009 by admin Filed under Breach Incidents, Healthcare Sector, ID Theft, Insider, Non-U.S., Of Note, Subcontractor

From the Mail Foreign Service:

The head of an Indian outsourcing company has been arrested for selling confidential medical records of patients treated at one of Britain’s top private hospitals.

Police arrested Vikas Dhairyashil Bansode on Tuesday after an undercover investigation revealed the records were being sold for as little as £4 each.

Hundreds of files containing intimate details of patients’ conditions, home addresses and dates of birth were allegedly sold by Bansode, 29, and his accomplices.


Police in India confirmed Bansode, the director of Pro BPS, an outsourcing company in Pune, had been arrested for stealing medical data and selling it to middle men who would market the private records in internet chat rooms. He remains in police custody.

Read more in the Daily Mail.

[From the article:

'Police seized the laptop of Bansode and after checking his emails they found that he had sent out the medical data to several companies,' said investigating officer Insp Bhandkoli. [Obviously a rookie. He should have taken my “How to Commit Computer Crime” class Bob]

The arrest raises serious questions about the security of health records sent abroad by NHS and private hospitals. [All together now: “Well, DUH!” Bob]

Normally too trivial to report here, note that 1) use of the data was virtually immediate (less than one week) and 2) it was detected because someone actually noticed unusual activity(!!!) probably by reviewing the log. Very unusual.

WA: Fraud ‘hits’ follow local data breach

November 11, 2009 by admin Filed under Breach Incidents, Education Sector, Hack, ID Theft, U.S.

As an update on a story posted here yesterday, Howard Buck reports that over 3,000 employees were affected by the breach of Vancouver Public Schools, and that:

Already, several Vancouver district employees have reported “hits” of suspicious personal banking account activity after their financial institutions were alerted to possible fraud, by the district or by employees directly.

“They are out there,” Steve Olsen, VPS chief fiscal officer, said of the Social Security numbers, along with names, birth dates and other personal identification and banking information believed compromised.

It now appears someone who gained I.D. password access cracked into the Citrix software “server farm” hosted by Educational Service District 112, based in Vancouver. That person obtained personal payroll data, said Olsen and Linda Turner, the district’s technology officer.

An out-of-order “process,” or computer data run, first drew attention of managers last Friday, Turner said.

“We believe it was an outsider that hacked into the system,” Turner said.


Thanks to Wilma of ITRC for providing this link.

Part of my Hacker class is writing a simple program to randomly surf the net from your computer (IP address) while you are off hacking from your neighbor's (or any other inadequately secured) computers

Facebook status update saves man from jail

by Chris Matyszczyk November 11, 2009 2:49 PM PST

According to The New York Times, Rodney Bradford decided to update his status with a call from the soul. "Where's my pancakes?" is the Times' translation of a status update it says was written in "indecipherable street slang." The fact that Bradford did this at 11:49 a.m. on October 17, using his father's computer, meant that he would not have to suffer pancakes of a more distasteful nature in the local penitentiary.

Bradford, you see, was arrested the next day for robbery. However, after he was booked, his lawyer was intelligent enough to update the district attorney with news of Bradford's Facebooking.

Should Privacy allow someone to change history?

German privacy law vs. our First Amendment

November 11, 2009 by Dissent Filed under Court, Featured Headlines

David Kravets writes:

Wikipedia is under a censorship attack by a convicted German murderer invoking his country’s privacy laws in a bid to remove references to him killing Bavarian actor Walter Sedlmayr in 1990.

Lawyers for Wolfgang Werle, of Erding Germany, sent Wikipedia a cease-and-desist letter (.pdf) demanding the free encyclopedia remove Werle’s name from its entry on the actor he and his half-brother killed. The lawyers cite German court rulings that “have held that our client’s name and likeness cannot be used any more in publication regarding Mr. Sedlmayr’s death.”

German media have already ceased using the Werle’s full name regarding the attack. Jennifer Granick, an attorney with the Electronic Frontier Foundation, says German publications must also alter their online archives in a bid to comport with laws designed to provide offenders an avenue to “reintegrate back into society.”

“It’s not just censorship going forward. It’s asking outlets to go back and change what is already being written,” Granick said in a telephone interview.

Read more on Threat Level.

So now what? Although Kravets describes this as a “censorship attack,” and many here would likely agree with that characterization, the German law firm, Stopp & Stopp, are described as a pro-privacy law firm. And while the German approach to privacy in attempting to reintegrate the convicted killers is thought-provoking and might merit some voluntary support, the lawyers’ letter to San-Francisco-based WikiMedia Foundation seems to assert that we are all subject to German law, an approach that raises this Brooklyn-born blogger’s hackles:


As your article deals with a local German public figure (such as the actor Walter Sedlmayr), we expect you are aware that you have to comply with applicable German law.

German law provides that our client is not a public figure after many year have passed [sic] since the crime. The German courts including several Courts of Appeals, have held that our client’s name and likeness cannot be used any more in publication regarding Mr. Sedlmayr’s death (cf. e.g. Nuremburg Court of Appeals Judgment dated December 12, 2006, File No. 3 U 2023/06, published in Magazindienst 2007, 313-31,OLGR Nuremberg 2007, 227,ZUM-RD 2007, 133-134 and Court of Appeals Frankfurt, Judgment dated February 6, 2007, File. No. 11 U 51/06).

Our client is currently litigating against you in the trial court of Hamburg (file no. 324 O 740/07).

We therefore ask you to sign the attached cease and desist declaration, which is a binding commitment under German law. In case you do not sign the cease and desist declaration, we are authorized to pursue all available remedies against you.

You are also obligated to pay for our client’s attorney’s fees under applicable German law.

Jennifer Granick of the Electronic Frontier Foundation also discusses the cease and desist letter and conflict between American and German laws here.

So… does every American web site that names names in reporting this news story of public interest and import get a cease and desist letter? Do the German lawyers really intend to sue every American blog that covers this? I wonder if they’ve heard of the Streisand Effect. A search of Google News shows three stories that now name convicted murderers whereas there were none until now and over 60 results on Google web, mostly all new and in response to the legal threat.

It’s one thing to argue, as a UK court did recently, that news publications must issue corrections or go back and amend archived stories or risk losing libel protection, but does Germany really expect to be able to censor non-German publications under their privacy laws?


Futile, but amazing.

The economics of a maturing industry? I've repeatedly made reference to Paul David's paper “The Dynamo and the Computer” (available here: ) and I see this as an indication that the infrastructure of computing is finally changing to optimize performance.

Cloud to suck money out of market, report says

by Matt Asay November 11, 2009 7:20 AM PST

A recent survey suggests that CIOs are loosening the purse strings on IT spending. IT vendors may want to hold off their celebrations, though, because much of the spending appears to be headed for deflationary forces like cloud computing, virtualization, and their kissing cousin, open source.

An economic rebound never looked so dire.

That's unless you're an IT buyer, of course, suggests a new report from Goldman Sachs. In this week's report, titled "A Paradigm Shift for IT: The Cloud," Goldman Sachs said it expects that pent-up IT dollars will flow in the short term to building out next-generation data centers (e.g., cloud computing). But in the long term, less money is expected to find its way into fewer wallets:

After the initial build-out, Cloud Computing could drive some headwinds for the IT industry, as a result of two factors. First, we see virtualization as a deflationary technology. Second, we see IT spending consolidating in the hands of fewer buyers--the Cloud providers, hosting vendors, and large enterprises. These factors will likely dampen IT spending growth due to greater utilization and buyer pricing power.

I can't count the number of times I told you this business model would eventually dominate the Internet. Now even Hollywood seems to 'get it.” I'm gonna invest in this company before it explodes like Google or Google buys it. (You should be able to capture these movies with the DownloadHelper add-on to Firefox)

Hollywood Backs Swedish Movie Streaming Site

Posted by samzenpus on Thursday November 12, @05:24AM from the take-a-peek dept.

paulraps writes

"Forget Spotify and Skype: the latest strangely-named-but-hey-it's-free service from Sweden offers users streamed on-demand movies free of charge, has deals with two major Hollywood studios, and is called Voddler. Since its launch two weeks ago, the service has signed up a quarter of a million users and has almost the same number queuing for an invitation. After signing deals with Disney and Paramount, the company provides access to thousands of films, which are shown uninterrupted after a barrage of ads. The target is the file-sharing generation: 'Our customers can be sure that Voddler is totally legal, secure, and that there are no risks of computer viruses infecting their machines from downloaded files,' says executive vice president Zoran Slavic."

“There are some things man was not meant to know.” Or at least, things that I won't encourage my hacker class to try out.

How to DDOS a federal wiretap

November 12, 2009 by Dissent Filed under Surveillance

Robert McMillan reports:

IDG News Service – Researchers at the University of Pennsylvania say they’ve discovered a way to circumvent the networking technology used by law enforcement to tap phone lines in the U.S.

The flaws they’ve found “represent a serious threat to the accuracy and completeness of wiretap records used for both criminal investigation and as evidence in trial,” the researchers say in their paper, set to be presented Thursday at a computer security conference in Chicago.

Read more on Computerworld

[From the article:

This time, the team wanted to look at newer devices, but they couldn't get a hold of a switch. So instead they took a close look at the telecommunication industry standard -- ANSI Standard J-STD-025 -- that defines how switches should transmit wiretapped information to authorities. This standard was developed in the 1990s to spell out how telecommunications companies could comply with the 1994 Communications Assistance for Law Enforcement Act (CALEA).

"We asked ourselves the question of whether this standard is sufficient to have reliable wiretapping," said Micah Sherr, a post-doctoral researcher at the university and one of the paper's co-authors. Eventually they were able to develop some proof-of-concept attacks that would disrupt devices. According to Sherr, the standard "really didn't consider the case of a wiretap subject who is trying to thwart or confuse the wiretap itself."

… Luckily for the cops, criminals usually don't take their communications security that seriously.

Over hyped? We'll find out today.

Clicker launches for all today. Watch it.

by Rafe Needleman November 12, 2009 6:00 AM PST

The online video directory service Clicker launches Thursday at the NewTeeVee Live conference. If you watch TV, you will love this site.

Clicker is not a full-on video search engine, like Bing or Google, and it's not a video-viewing site like Hulu. It is, instead, a carefully curated directory of full-length video content, with several extremely nice features and user interface flourishes that make it a good first stop online if you're looking for an episode of your favorite show to watch.

… This service does an amazing job of taming the morass of online video, and I cannot recommend it highly enough. The site has been in private beta for a few months; it is scheduled to go live Thursday at 10:30 a.m. PST.

Look, this is serious, why do I see straight lines everywhere?

There’s No Sex When Google Shows You Colored Balls

November 11th, 2009 by Jennifer Van Grove

An alternative to “Forums?”


With VoiceThread, group conversations are collected and shared in one place from anywhere in the world. All with no software to install.

A VoiceThread is a collaborative, multimedia slide show that holds images, documents, and videos and allows people to navigate pages and leave comments in 5 ways - using voice (with a mic or telephone), text, audio file, or video (via a webcam). Share a VoiceThread with friends, students, and colleagues for them to record comments too.

Users can doodle while commenting, use multiple identities, and pick which comments are shown through moderation. VoiceThreads can even be embedded to show and receive comments on other websites and exported to MP3 players or DVDs to play as archival movies.

I use these in my classes. Honest!

5 Really Cool Video Entertainment Sites You Should Check Out

Nov. 12th, 2009 By Karl L. Gechlik

Got more text that you'd like to type? Take a picture (like in those old spy movies) and let the Cloud convert it for you.

Free Online OCR is a brand new free online OCR (Optical Character Recognition) service. Whether you have a scanned document or a photo, can analyze the text in any image file that you upload, and then convert the text from the image into text that you can easily edit on your computer.

Wednesday, November 11, 2009


Heartland revises results for third quarter due to breach costs

November 10, 2009 by admin Filed under Breach Incidents, Financial Sector, Hack, Of Note

Breach costs force a revision in estimates. From their press release:

…. subsequent to the release of its earnings for the third quarter on November 3, 2009, Heartland engaged in settlement discussions that resulted in an increase in settlement offers made to certain claimants in an attempt to resolve certain of the claims asserted against Heartland relating to the criminal breach of Heartland’s payment systems environment (the “Processing System Intrusion”). Heartland believes that SFAS No.5, “Accounting for Contingencies” (ASC 450-20) requires it to increase its Reserve for Processing System Intrusion from the amount included in the financial results reported in Heartland’s November 3, 2009 earnings release to reflect this increase in such settlement offers. As a result of the increase in this reserve, Heartland reported in its Form 10-Q, which was filed with the SEC yesterday, a GAAP net loss for the quarter ended September 30, 2009 of $37.1 million, or $0.99 per share, and a GAAP net loss for the nine months ended September 30, 2009 of $42.2 million, or $1.12 per share. Results for the quarter are after $73.3 million (pre-tax), or $1.22 per share, of various expenses, accruals and reserves, all of which are attributable to the Processing System Intrusion, including charges related to settlement offers made by Heartland in attempts to resolve certain Processing System Intrusion related claims and expected costs of settling certain other claims as to which settlement discussions between Heartland and the claimants are underway. Such expenses, accruals and reserves for the nine month period totaled $105.3 million (pre-tax) or $1.74 per share. The increase in the Reserve for Processing System Intrusion has no impact on the Adjusted Net Income and Earnings per Share reported in the November 3, 2009 earnings release.

Now that’s a really costly breach. Or is it a bargain? If the U.S. Attorney’s claims that 130 million records or accounts were involved in the intrusion, then it’s less than $1 per record. All in all, though, I think most would agree that this has been a very costly breach for HPS.

Another update

Four indicted for RBS WorldPay hack

November 10, 2009 by admin Filed under Breach Incidents, Financial Sector, Hack, Of Note, U.S.

Sergei Tsurikov, 25, of Tallinn, Estonia; Viktor Pleshchuk, 28, of St. Petersburg, Russia; Oleg Covelin, 28, of Chisinau, Moldova; and a person known only as “Hacker 3;” have been indicted by a federal grand jury in Atlanta, Ga., on charges of hacking into a computer network operated by the Atlanta-based credit card processing company RBS WorldPay, which is part of the Royal Bank of Scotland,

… Igor Grudijev, 31, Ronald Tsoi, 31, Evelin Tsoi, 20, and Mihhail Jevgenov, 33, each of Tallinn, Estonia, have also been indicted by a federal grand jury in Atlanta, Ga., for access device fraud.

The 16-count indictment charges Tsurikov, Pleshchuk, Covelin and “Hacker 3″ with conspiracy to commit wire fraud, wire fraud, conspiracy to commit computer fraud, computer fraud, access device fraud and aggravated identity theft. The indictment alleges that the group used sophisticated hacking techniques to compromise the data encryption that was used by RBS WorldPay to protect customer data on payroll debit cards. Payroll debit cards are used by various companies to pay their employees. By using a payroll debit card, employees are able to withdraw their regular salaries from an ATM.

Once the encryption on the card processing system was compromised, the hacking ring allegedly raised the account limits on compromised accounts, [Something they could change on the card? Seems unlikely. Bob] and then provided a network of “cashers” with 44 counterfeit payroll debit cards, which were used to withdraw more than $9 million from more than 2,100 ATMs in at least 280 cities worldwide, including cities in the United States, Russia, Ukraine, Estonia, Italy, Hong Kong, Japan and Canada. The $9 million loss occurred within a span of less than 12 hours.

The hackers then allegedly sought to destroy data stored on the card processing network in order to conceal their hacking activity. The indictment alleges that the “cashers” were allowed to keep 30 to 50 percent of the stolen funds, but transmitted the bulk of those funds back to Tsurikov, Pleshchuk and other co-defendants. Upon discovering the unauthorized activity, RBS WorldPay immediately reported the breach.

Good legal strategy, let's hope it fails. Judge Lamberth does not suffer fools (AKA: government lawyers) gladly.

Obama administration tries to vacate adverse rulings

November 10, 2009 by Dissent Filed under Court, Featured Headlines, Govt, Surveillance

Kim Zetter of Threat Level reports on how the government’s motion to vacate prior rulings in Horn v. Huddle may seriously impact other pending cases such as al-Haramain v. Obama.

In Horn v. Huddle, the government settled a 15-year old lawsuit filed by a former DEA agent who claimed he was subjected to illegal eavesdropping. But as part of the settlement, Horn agreed not to oppose the government’s motion to vacate previous rulings in the case by the D.C. courts.

“The opinions will be a valuable resource for litigants and courts as these issues arise in other cases,” the lawyers wrote in their brief (.pdf) Friday.


The Justice Department is “willing to pay absolute top dollar [in the D.C. Case] [$3,000,000 Bob] to get out from some very damaging opinions” says Jon Eisenberg, attorney for the plaintiffs in the Al-Haramain case. “They are desperate to make the decisions go away and to deprive me of the ability to cite those decisions in the future.”

Although district court opinions aren’t binding elsewhere, they are regularly published and cited in other cases.

The D.C. rulings could help convince the California court to let plaintiffs view and use the classified document in their case, Eisenberg says. He notes that the D.C. rulings could be particularly persuasive to the San Francisco judge in the Al-Haramain case because they come from U.S. District Judge Royce Lamberth, head of the Foreign Intelligence Surveillance Court until 2002, who is overseeing the coffee table case. The intelligence court is responsible for approving government requests for wiretaps and other types of surveillance in the U.S. in cases involving foreign spying and terrorism.

When Judge Lamberth speaks on a matter of national security, people listen,” Eisenberg told Threat Level.

Read more on Threat Level.

[From Threat Level:

Earlier this year, Lamberth ruled in the coffee table case that a judge has authority to determine whether lawyers in a state secrets case have a “need to know” classified information.

… the judge accused the CIA of deliberately misleading the court about Brown’s covert nature to get the case dismissed the first time. He unsealed hundreds of documents that had been sealed since 1994.

Who did the best job?

Resource: Comparing breach notification laws

November 10, 2009 by admin Filed under Breach Laws, Commentaries and Analyses, Of Note

International Security Breach Notification Survey” is a new resource prepared by Foley & Larnder LLP and Eversheds LLP, November 2009. The report summarizes and compares the laws in various countries in tabular format, with comparisons based on:

Notice Requirements (to who – (i)individual and (ii)regulator?),

Timing of Disclosure (does it have to be done in a particular time period?),

Form of Disclosure (does it have to be submitted in a particular way or with particular content?),

Are there reporting or other obligations on entities that maintain data (ie Data Processors)?,

Existing Policies (can the controller use their own procedures as opposed to those prescribed by law?),

Exemptions from Disclosure, Damages/Enforcement, and

Preemption (is there deemed compliance with the local law if you comply with another specified law?)

For U.S. states, the notification laws are compared on the basis of: Notice Requirements, Timing of Disclosure, Form of Disclosure, Entities that Maintain Data, Existing Policies, Exemptions from Disclosure, Damages/Enforcement, and Preemption.

View or download the free 158-page report here.

Here's an evil thought. This isn't limited to celebrities, exactly the same information could be available for anyone. I suspect the celebrities are getting more press than I would...

Celebrity Web site allegedly used by burglars

November 11, 2009 by Dissent Filed under Businesses, Surveillance

Andrew Blankstein reports:

Suppose you could look at the pool in back of James Cameron’s Malibu estate. Or admire the ornate garden at Haim Saban’s Beverly Hills mansion. Or check out the tennis court at Tiger Woods’ Florida home.

Should you?

The Web site makes possible exactly that sort of high-tech snooping, listing addresses and aerial photos of the homes of hundreds of celebrities, corporate titans, politicians and others.

To a lot of stars and their lawyers, that’s a big problem.

Read more in the Chicago Tribune.

Goolge tool for self-surveillance.

Google Latitude Now Tells You Where You’ve Been

by Erick Schonfeld on November 10, 2009

Don’t you sometimes wish you had a map of every place you’ve ever been? Well, if the concept of such detailed self-tracking doesn’t creep you out, you can now do that with Google Latitude, the mobile app that lets you broadcast your location to your friends.

Google Latitude just turned on Location History as a new feature in Google Latitude. Whenever Google Latitude is on, it records your location, and you can go back to see where you’ve been.

It's good to know that someone isn't accepting all those marketing claims without proof.

Chicago Court Throwing Out LIDAR Speeding Tickets

Posted by timothy on Tuesday November 10, @01:18PM from the should-happen-more-often dept.

bridgeco writes

"Chicago Traffic Court Judges have been throwing out speeding cases in which the driver's speed was measured with a LIDAR. Judges are asking for a special 'Frye Hearing' to determine the accuracy of these devices. Many motorists nabbed for speeding by a laser gun, instead of radar, are seeing their tickets thrown out at Chicago's traffic court because of a legal issue that the city's law department has been unable to overcome. Within the past year judges in Cook County Traffic Court in Chicago determined that speeds captured by lidar were not admissible because the devices had not been proven scientifically reliable in an Illinois court, said Jennifer Hoyle, spokeswoman for the law department, which prosecutes most speeding tickets in the city."

(Here's some background on LIDAR from Wikipedia.)

(Related) Would these be tossed out too? Better tools make convincing juries easier... (No doubt a Blackberry version is available for ambulance chasing lawyers...) - Sketching Out Accident Scenes

A truly novel tool, Accident Sketch will come in quite useful if you have had the misfortune of being involved in a car crash or related accident. Basically, using it you will be capable of setting down your version of what has just happened.

The UK does have wacky laws (left over from wacky monarchs?)

UK: Libel law reform campaigners seek £10,000 damages cap

November 10, 2009 by Dissent Filed under Internet, Non-U.S.

English PEN, a charity that promotes the human rights of writers and publishers, and Index on Censorship, a body that promotes freedom of expression, spent a year investigating English libel laws. Their joint report, Free Speech Is Not For Sale, was published today.

[My personal favorite:

  1. Not everything deserves a reputation

How to advertise in the Internet Age?

Indie Movie Explodes on BitTorrent, Makers Bless Piracy

Written by Ernesto on November 10, 2009

Hollywood often complains about the billions of dollars allegedly lost due to piracy. Indie film makers, on the other hand, tend to welcome the free buzz generated when their film is pirated. The makers of Ink belong to this latter group, and are thanking the hundreds and thousands of people who downloaded their movie on BitTorrent.

Thanks to the pirated copy their movie jumped to 16th place on IMDb’s movie meter, and according to the makers this increased popularity also boosted DVD and Blu-ray sales.

Benevolence, thy name is Google.

Google Gives the Gift of Free Airport Wi-Fi

Posted by kdawson on Tuesday November 10, @07:27PM from the no-self-interest-here-no-sir dept.

itwbennett writes

"Google is giving you something to be thankful for as you travel this holiday season. The company announced today that it is offering free Wi-Fi at 47 airports across the US between now and January 15. If you haven't booked your flights yet, you want to factor this into your plans. Here's a list of the 47 airports, which cover about 35% of all US passengers, according to Google. The Burbank and Seattle airports will continue to offer the free Google Wi-Fi indefinitely."

The HuffPo notes another altruistic note in Google's gesture: "As another way to pass on the spirit of the season, once they log on to networks in any of the participating airports, travelers will have the option [of making] a donation to Engineers Without Borders, the One Economy Corporation, or the Climate Savers Computing Initiative. Google will match the donations made across all the networks up to $250,000, and the airport network that generates the highest amount per passenger by January 1, 2010 will receive $15,000 to donate to the local nonprofit of their choice."

(Related) Not a freebie, but this is more storage space that some billion dollar companies provide.

Google Offers A 16 Terabyte Cloud Drive For $4,096 A Year

by MG Siegler on November 11, 2009

This is interesting. Currently limited to Digg videos (whatever they are) but it might make finding new sources of “how to” videos easier if they ever open it up.

Tune in to DiggTV

by mmasermmaser at 1pm, November 10th, 2009 in Digg Company

Today we’re excited to announce the premiere of DiggTV, a one-stop destination for all Digg shows.

Interesting question. I'm going to play with some of the solutions the commenters suggest because I'm reaching my saturation point. I have six different logonIDs/passwords for one university because they are not integrating their various services as they bring them online.

Best Tool For Remembering Passwords?

Posted by kdawson on Tuesday November 10, @08:30PM from the encrypted-plain-text-file-on-a-stick dept.

StonyCreekBare writes

"Lately I've been rethinking my personal security practices. Should my laptop be stolen, having Firefox 'fill in' passwords automatically for me when I go to my bank's site seems sub-optimal. Keeping passwords for all the varied sites on the computer in a plain-text file seems unwise as well. Keeping them in my brain is a prescription for disaster, as my brain is increasingly leaky. A paper notepad likewise has its disadvantages. I have looked at a number of password managers, password 'vaults' and so on. The number of tools out there is a bit overwhelming. Magic Password Generator add-in for Firefox seems competent, but it's tied to Firefox, and I have other places and applications where I want passwords. And I might be accessing my sites from other computers that don't have it installed. The ideal tool in my mind should be something that is independent of any application, browser, or computer; something that is easily carried, but which if lost poses no risk of compromise. What does the Slashdot crowd like in password tools?"

Another freebie to check out...

Go, Google's New Open Source Programming Language

Posted by kdawson on Wednesday November 11, @12:21AM from the blatently-bracist dept.

Many readers are sending in the news about Go, the new programming language Google has released as open source under a BSD license. The official Go site characterizes the language as simple, fast, safe, concurrent, and fun. A video illustrates just how fast compilation is: the entire language, 120K lines, compiles in under 10 sec. on a laptop. Ars Technica's writeup lays the stress on how C-like Go is in its roots, though it has plenty of modern ideas mixed in:

"For example, there is a shorthand syntax for variable assignment that supports simple type inference. It also has anonymous function syntax that lets you use real closures. There are some Python-like features too, including array slices and a map type with constructor syntax that looks like Python's dictionary concept. ... One of the distinguishing characteristics of Go is its unusual type system. It eschews some typical object-oriented programming concepts such as inheritance. You can define struct types and then create methods for operating on them. You can also define interfaces, much like you can in Java. In Go, however, you don't manually specify which interface a class implements. ... Parallelism is emphasized in Go's design. The language introduces the concept of 'goroutines' which are executed concurrently. ... The language provides a 'channel' mechanism that can be used to safely pass data in and out of goroutines."

A simple question for my lawyer friends: If I use this to “speak” my blog instead of using the written word, is that “cruel and unusual punishment?” Another scary thought, I could record a few of my rants and they'd be on the Internet forever...

Gizmoz – A 3D Talking Character Maker That Uses Your Photo

Nov. 10th, 2009 By Saikat Basu

Well, that’s what Gizmoz is. A Web 2.0 3d character maker that lets us create, customize and animate lifelike 3D talking characters and share it on sites like YouTube and Facebook. Yes, your very own talking, blabbering avatar.

I still like the old fashioned feel of a book, but free is free and that's good. And now I can give all my students free books for Christmas (Yes I'm cheap. Youse gotta problem wid dat?)

How To Download Completely Free Amazon Kindle eBooks To Your PC

Nov. 11th, 2009 By Karl L. Gechlik

You can turn your portable computer or even your desktop computer into a full featured Kindle. It may not look like a Kindle but it can let you read, bookmark and annotate your eBooks.

… Let’s take a look at how to download, install and start reading eBooks. Your Kindle for PC will also let you download and pay for books as well. But as we cover free software here we will focus on some free eBook downloading and reading.

I started by downloading the software from here. After the download is completed, run the installer and install the application. Then you will see a screen that looks like this: