Wednesday, September 22, 2010

Being a lawyer may complicate things a bit. I wonder how many sole practitioners understand how to secure their data?

A home invasion leads to a breach for a New Hampshire lawyer

September 22, 2010 by admin

Two heads are better than one.

Evan Francen noticed a breach report on the New Hampshire Attorney General’s site that I apparently missed back in July. A laptop containing confidential and personal information of clients of attorney George R. LaRocque, Jr. was stolen during a home invasion.

Read more about the incident with Evan’s commentary on The Breach Blog.

Old school, but effective.

Man Facing 27 Charges for Allegedly Spying on ATM to Steal ID's

A Racine County man is accused of spying on ATM customers with binoculars, and then using ID numbers to grab money from their bank accounts.

... Some victims told police they never closed their ATM sessions when they drove away, and Kasprovich allegedly tried to get money.

Video from a convenience store was eventually used to arrest the man. All the thefts occurred in late August.

Not all infrastructure hacks would result in a mushroom cloud. (Okay, more like Chernobyl)

Stuxnet Worm May Have Targeted Iranian Reactor

Posted by CmdrTaco on Tuesday September 21, @01:02PM

"Analysis of the Stuxnet worm suggests its target might have been Iran's nuclear program. "Last week Ralph Langner, a well-respected expert on industrial systems security, published an analysis of the Stuxnet worm, which targets Siemens software systems, and suggested that it may have been used to sabotage Iran's Bushehr nuclear reactor. A Siemens expert, Langner simulated a Siemens industrial network and then analyzed the worm's attack. Experts had first thought that Stuxnet was written to steal industrial secrets, but Langner found something quite different. The worm actually looks for very specific Siemens settings — a kind of fingerprint that tells it that it has been installed on a very specific Programmable Logic Controller (PLC) device — and then it injects its own code into that system."

Quite a buzz in the security blogs about this one. But it is just the latest of many similar “super-cookies”

Evercookie: the latest way to subvert browser privacy settings?

September 22, 2010 by Dissent

Just what we needed: another way to subvert our privacy preferences and browser settings. Evercookie is generating a lot of (negative) buzz on Twitter among those concerned with privacy. It was released a few days ago by Samy Kamkar, who describes it this way:

evercookie is a javascript API available that produces extremely persistent cookies in a browser. Its goal is to identify a client even after they’ve removed standard cookies, Flash cookies (Local Shared Objects or LSOs), and others.

evercookie accomplishes this by storing the cookie data in several types of storage mechanisms that are available on the local browser. Additionally, if evercookie has found the user has removed any of the types of cookies in question, it recreates them using each mechanism available.

More info on evercookie can be found here.

I don't think they define “closed” the same way my students would...

DHS releases its annual privacy report to Congress

September 21, 2010 by Dissent

The Department of Homeland Security Privacy Office has released its annual privacy report to Congress. You can access it here (pdf). Here’s a snippet from the report:

A total of 279 privacy incidents were reported to the DHS EOC [Enterprise Operations Center] during the reporting period. The majority of the incidents affected a small number of individuals and data, while a select few incidents involved larger amounts of data. Mitigation and remediation of each incident is coordinated among the DHS Privacy Office, EOC, component privacy officers and PPOCs, and Information Systems Security Managers. DHS investigated, mitigated, and closed 250 or 90% of the reported privacy incidents. Of those reported, 10% remain open. By comparison, during the previous reporting year, the Office mitigated and closed 77% of the reported privacy incidents, and 23% remained open. The average number of days during which an incident remained open decreased from 46 in the previous reporting period to 27. The decrease is due to the constant communication and collaboration among the many offices mentioned above.

[From the report:

The components and the DHS Privacy Office report disposition of complaints in one of the following two categories:

• Closed-Responsive Action Taken. The component or the DHS Privacy Office reviewed the complaint and a responsive action was taken. For example, an individual may provide additional information to distinguish himself from another individual. In some cases, acknowledgement of the complaint serves as the responsive action taken. [“We got your letter.” is a long way from “We fixed the problem.” Bob] This category may include responsive action taken on a complaint received from a prior reporting period.

• In-Progress. The component or the DHS Privacy Office is reviewing the complaint to determine the appropriate action or response. This category identifies in-progress complaints from both the current and prior reporting periods.

It means something different when the government “Googles” you.

U.S. Government Requests for Google Data Rise 20%

September 21, 2010 by Dissent

Ryan Singel writes:

The number of U.S. government requests for Google data rose 20% in the last six months, according to new data released by the search giant Monday.

U.S. government agencies sent Google 4,287 requests for data on Google users and services from January 1 to June 30, 2010, an average of 23.5 a day. That’s compared to 3,287 for July 1 to December 31, 2009, the company reported Tuesday in an update to its unique transparency tool.

Read more on Threat Level

[The map is here:

You knew this was coming...

Govt appeals Maynard decision on GPS monitoring in public places

September 21, 2010 by Dissent

David Kravets writes:

The Obama administration has urged a federal appeals court to allow the government, without a court warrant, to affix GPS devices on suspects’ vehicles to track their every move.

The Justice Department is demanding a federal appeals court rehear a case in which it reversed the conviction and life sentence of a cocaine dealer whose vehicle was tracked via GPS for a month, without a court warrant. The authorities then obtained warrants to search and find drugs in the locations were defendant Antoine Jones had travelled.

The administration, in urging the full U.S. Court of Appeals for the District of Columbia to reverse a three-judge panel’s August ruling from the same court, said Monday that Americans should expect no privacy while in public.

Read more on Threat Level.

Related: Petition for Rehearing en Banc (pdf)

Could be interesting.

Supreme Court Eyeing RIAA ‘Innocent Infringer’ Case

The case pending before the justices concerns a federal appeals court’s February decision ordering a university student to pay the Recording Industry Association of America $27,750 — $750 a track — for file-sharing 37 songs when she was a high school cheerleader. The appeals court decision reversed a Texas federal judge who, after concluding the youngster was an innocent infringer, ordered defendant Whitney Harper to pay $7,400 — or $200 per song. That’s an amount well below the standard $750 fine required under the Copyright act.

The RIAA has decried Harper as “vexatious,” because of her relentless legal jockeying.

The justices, without comment, asked the RIAA to respond (.pdf) to Harper’s petition to review the appellate court’s ruling.

A Texas federal judge had granted Harper the innocent-infringer exemption to the Copyright Act’s minimum fine, because the teen claimed she did not know she was violating copyrights. She said she thought file sharing was akin to internet radio streaming.

The appeals court, however, said she was not eligible for such a defense, even though she was between 14 and 16 years old when the infringing activity occurred on LimeWire. The reason, the appeals court concluded, is that the Copyright Act precludes such a defense if the legitimate CDs of the music in question carry copyright notices.

“Harper cannot rely on her purported legal naivety,” the New Orleans–based 5th U.S Circuit Court of Appeals ruled, 3-0.

Attorneys for Harper told the justices (.pdf) that she should get the benefit of the $200 innocent-infringer fine, because the digital files in question contained no copyright notice.

Could be even more interesting...

Newspaper May Have Given Implicit License To Copy

Posted by timothy on Wednesday September 22, @08:07AM

"Following up on the story of Righthaven, the 'copyright troll' that is working with the Las Vegas Journal Review to sue lots of websites (including one of Nevada's Senate candidates) for reposting articles from the LVRJ, a judge in one of the cases appears to be quite sympathetic to the argument that the LVRJ offered an 'implied license' to copy by not just putting their content online for free, but including tools on every story that say 'share this' with links to various sharing services (including one tool to 'share' via Slashdot!)."

Update. Even with the fix already in hand, the bad guys were faster!

Twitter Closes Web Hole After Attack Hits Up to 500,000

The security hole was patched at about 9:45 AM ET, according to a post by Del Harvey (@delbius), the head of Twitter's Trust and Safety Team. In a blog post Bob Lord on the Twitter Security Team said that the company first learned of the exploit at 5:54 AM Eastern Daylight Time. The hole in question had been patched internally by the company last month, but was inadvertently reintroduced with a Web site update, Lord wrote.

… In the intervening two hours, the attacks spread like wildfire across the social network, with up to 100 users per second falling victim at its height, according to data from

… Victims included high profile Twitter users including White House Press Secretary Robert Gibbs, who was perplexed by the balky javascript tweeted to more than 97,000 followers.

… Kaspersky researchers identified at least two worms that also launched on Tuesday morning, leveraging the same hole. Worm code was circulating on IRC within minutes of the discovery of the cross site scripting hole, Kaspersky Lab researcher Wicherski said in a blog post on the bug.

The FBI issues a guide to increased paranoia?

Doc of the Day: Feds’ Guide To Snitching on Your Terrorist Neighbor

Relyance on technology means “You need a backup plan” ...and don't leave home without your spare batteries!

What happens if your heart pump's battery dies?

Christian Volpe was shopping with his wife when an alarm started beeping to warn that only 15 minutes of battery power was left on the implanted heart pump that was keeping him alive.

… Dr. Donna Mancini, Volpe's cardiologist and director of the heart failure and transplant program at NewYork-Presbyterian/Columbia, said the hospital had not encountered a situation like this before.

"But with these devices getting more use, it may arise," Mancini said.

What technology really helps students?

Australian Schools Go iPad-Crazy

Posted by timothy on Wednesday September 22, @06:23AM

"Looks like it's not just Apple fanboys that are going wild for the iPad: in Australia, virtually every state education department is trialling the tablet in schools — and some schools are even trialling it without the official support of their department. One university in Adelaide has even abolished textbooks for first year science students [One way to increase the number of science majors? Bob] and is allocating free iPads to first year students instead. It will be interesting to see what happens when the inevitable wave of Android tablets hits over the next six months."

For my Website students...

GooEdit: Adds Basic Image Editor To Chrome

... This tool lets you do light image editing from your browser.

Unlike desktop image editors, you can take an image from any website and edit them on the spot with GooEdit.

GooEdit is very easy to use. Once the extension is installed, you have several image options available to you. You can flip, crop, and rotate images, adjust brightness, view and edit the histogram, and add effects. Image effects include sepia, grayscale, solarize, invert, blur, sharpen, and sepia.

First, get your thoughts down on paper in the word processor, then clean it up.

The fast, free way to clean up text in MS Word

There's nothing easy about reformatting text in a Microsoft Word document. You can use the Format Painter to apply the formatting of one paragraph to others with a single click, and Word's Find and Replace features let you remove unwanted characters (or strings of characters), but these tools make their changes one at a time and often require additional cleanup.

I wish I had discovered Greg Maxey's free Clean Up Text add-on for Word years ago. The retired U.S. Navy submarine ordnance officer and former Microsoft Word MVP has created a Word .dot template that removes unwanted leading, trailing spaces and characters, carriage returns, and empty paragraphs. The add-on also applies the default formatting to all or part of the document, applies Normal formatting, and replaces line breaks with paragraph formatting--all with a single click

Gooder is... well, gooder!

AIType: Fixes Your English As You Type, Helps You Write Gooder

AIType is for folks who generally speak and understand a language but aren’t quite certain on some of the rules and conventions. For example, a foreigner writing a note to someone in English will often mix up word order or futz up word choice. AIType is a predictive system for writing that, in short, lets you sound like you know what you’re doing.

Based on a catalog of phrases, the system searches for the next applicable word and lets you translate that word into your own language, ensuring you mean what you say. It’s not perfect.

… It works like a combination spell check, grammar checker, and Google Scribe. AIType is free and you can download it right now to add its features to almost any Windows application (no OS X support yet).

… The service supports multiple languages and has a number of databases already compiled. It learns based on texted entered most of the rules of usage.

No comments: