Wednesday, December 08, 2010

Not a bad day's haul. I wonder how many government agencies have the same security weaknesses?

TX: Cyber thieves hit Gregg County for $200K

December 7, 2010 by admin

Glenn Evans reports:

An international cyber attack on the Gregg County Tax Assessor has cost at least seven taxing entities a total of about $200,000, officials said Monday. Other Texas counties could also be victims.

The cyber theft hijacked local tax payments from a daily electronic transfer, that day totaling $690,000, destined for schools and cities in what tax assessor/collector Kirk Shields described as the first such incident he’s seen in his 14 years leading the department. He spent Monday afternoon informing the entities how much each had lost.


An employee who inadvertently unleashed the malware has been suspended for violating security policies.

For my Computer Security students. See why we shouldn't allow users to use any technology? They have no situational awareness!

$1.9 million violin stolen: Great ad for Windows Phone?

If you were a famous violinist who happened to carry a $1.9 million Stradivarius around with you, it would surely be hard to concentrate on anything else.

Unless, perhaps, there was an iPhone in the vicinity.

You might be familiar with the new ad campaign for Windows Phone (they've dropped the "7" in the ads, as it confused people). This would be the campaign in which people look very silly because they're staring into their iPhones (presumed) all day instead of, say, paying attention to their scantily clad lovers.

Perhaps Min-Jin Kym, being a well-traveled concert violinist from South Korea, hasn't had the chance to see these ads. Someone who works in a London sandwich shop might suggest to her that she should.

You see, according to the Daily Mail, Kim was passing through London's Euston railway station, when she stopped at Pret A Manger sandwich shop (expensive, but a lot better than Subway) for sustenance.

She placed her more than 300-year-old Strad on the ground for but a few moments, or so it seemed. However, these were enough moments for the Strad to be had.

Thieves allegedly wafted off with the case containing the precious violin and two very precious bows. Kim didn't own the Strad, and the company that insures the violin is offering a reward for its recovery.

However, Hafid Salah, who was working in Pret A Manger when the theft took place, offered the Mail a most contemporary perspective on the theft.

Speaking of Kim, he said: "She and her friend were on computers and iPhones and not looking at their bags."

Sometimes it's the “little accidents” that point the way to bigger things. Imagine a cyber war-planner using this technique to shut down GPS and communications satellites.

Rogue Satellite Shuts Down US Weather Services

"On Sunday, the drifting rogue 'zombie' Galaxy 15 satellite with a stuck transmitter interfered with the satellite data distribution system used by NOAA's National Weather Service (NWS), effectively shutting down data sharing between NWS offices nationwide, as well as weather support groups for the US Air force. This left many forecasters without data, imagery, and maps. Interference from Galaxy 15 affected transmissions of the SES-1 Satellite, which not only serves NOAA with data relay services, but also is used to feed TV programming into virtually every cable network in the US NOAA's Network Control Facility reports that the computer system affected was NOAA's Advanced Weather Interactive Processing System (AWIPS) used to issue forecasts and weather bulletins which uses the weather data feed. They also state the problem is likely to recur again this month before the satellite drifts out of range and eventually dies due to battery depletion."

It should be obvious. Who has more cash, WikiLeaks or the US government?

PayPal VP On Blocking WikiLeaks: State Department Said It Was Illegal

Milo Yannopoulos’ very first question on stage to PayPal’s VP of Platform Osama Bedier was about why PayPal blocked WikiLeaks payments and froze its account. The last part of the question was met with boos from the mostly European audience.

In his answer Bedier made it seem like PayPal had complied with a governmental request to deny service to WikiLeaks, “We have an acceptable use policy and their job is make sure that our customers are protected, making sure that we comply with regulations around the world and making sure that we protect our brand.”

Bedier also said that the State Department deemed WikiLeaks illegal in a letter sent on November 27th, a statement that was not followed up on by Yiannopoulos. It is still unclear what exact US laws WikiLeaks is breaking.

(Related) For Academic purposes only!

CABLESEARCH is an attempt for an user friendly search engine of already published documents from Wikileaks.

Gary Alexander tipped me to this one. It raises the question: Would WikiLeaks be in as much hot water if they had only told everyone how to break into the system that stores the diplomatic cables?

INTERNET LAW - Federal Anti-hacking Law Does Not Prohibit Verbal Disclosure Of Computer Security Flaws

The U.S. District Court in Massachusetts recognized the right of several MIT student hackers to publicly expose flaws in the ticketing methods of the Boston mass transit system, removing a prior 10-day injunction. The information provided by the hackers facilitated free public access to Boston’s mass transit system.

… The MBTA alleged that "disclosure of this information will significantly compromise the CharlieCard and CharlieTicket systems" and that it "constitutes a threat to public health or safety."

… The requested order would also prevent them from circulating a summary of their talk, providing technical information, and distributing any circumventing software.

… However, the Massachusetts Federal Court denied the MBTA’s motion, ruling that the Federal anti-hacking law, known as the Computer Fraud and Abuse Act, does not prohibit the public disclosure of computer-security flaws.

… Pursuant to this ruling, the MIT students were permitted to discuss additional details of their research. Notwithstanding, much of the students’ research was already revealed in a class presentation and was actually published at the Defcon conference earlier in the month.

A sad commentary of the times? “God is dead, but surveillance lives!”

Hi-Tech Nativity Security

To combat vandalism and theft of their holiday displays, many churches and cities are turning to a technological answer. After one of their cows was stolen, St. Marks Episcopal Church in Glen Ellyn, Ill. installed GPS devices in the figurines of its nativity scene. This year the village of Wellington, Fla. added security cameras to protect their display. From the article: "BrickHouse Security in New York City offered churches and synagogues free GPS and cameras to protect their displays this season. Seventy have signed up so far. About 24 of them are also installing security cameras. In Merrick, N.Y., the Chabad Center for Jewish Life is putting GPS in its 8-foot menorah on display in a park."

Well, I suppose it is another way to remind drivers that they are under constant surveillance.

Traffic Camera Enters Drivers Who Obey Speed Limit Into Lottery

The winning entry in "The Fun Theory" contest is a traffic camera that instead of just ticketing speeders, it also enters people who drive the speed limit into a lottery. Randomly selected winners get paid out of a portion of the tickets paid by the scofflaws.

Is this a new Homeland Security requirement? Why else would they spend the time (equals money) to do this? I guess it could be worse. They could require a scan or pat-down or cavity probe before accepting this 1 in a billion risk. (If you refuse, do they confiscate your package?)

UPS to require photo IDs for shipping packages

December 8, 2010 by Dissent

If you’re planning to ship any holiday gifts via UPS, make sure you’ve got photo ID. The Associated Press reports:

UPS is now requiring photo identification from customers shipping packages at retail locations around the world, a month after explosives made it on to one of the company’s planes.

The Atlanta-based package courier said Tuesday the move is part of an ongoing review to enhance security. The directive will apply at The UPS Store, Mail Boxes Etc. locations and other authorized shipping outlets.

Read more on Yahoo!

Oh sure, now I have to give cops the finger when I get pulled over? (Who says they have to give it back?)

Fingerprint scanner use raises privacy concerns in N.C.

December 8, 2010 by Dissent

Thomasi McDonald reports:

Next month, 13 law enforcement agencies in the region will begin using a new handheld device that lets an officer scan a person’s fingerprints and seek a match in an electronic database – all without going anywhere.

Police say taking fingerprints in the field will allow them to work more efficiently and safely. But the ACLU North Carolina in Raleigh worries that the device may allow officers to violate privacy rights.

The ACLU is concerned about what will become of fingerprint scans that are sent to other databases, such as the National Crime Information Center. [They will be matched against the prints from an identity thief, and I'll be arrested as an imposter. Bob]

Read more on News & Observer. Law enforcement is denying any risk, it seems:

But those concerns are unwarranted, said Sam Pennica, director of the City-County Bureau of Identification, the agency that processes fingerprints in Wake County and is providing the devices to local agencies. The software for the device, known as Rapid Identification COPS Technology, would not store fingerprints of any individuals, even those charged with a crime, Pennica said. [“We do transmit them to the FBI, Interpol, and Facebook – but we don't store them.” Bob]

It will not retain the fingerprints of any individuals under any circumstances,” he said, adding that fingerprints would only be compared to those in the Wake County database. “They will not be submitted to any state or federal agency.” [I'm sure this string will be attached to any Homeland Security funding... Bob]

The non-storage assurance sounds like what we were told about TSA’s nude body scanners, too. Of course, that was before we found out that 30,000 of such images were stored at a federal courthouse and some of them were uploaded to the web. But of course, that doesn’t mean that we’re being lied to about this. It only means that we should ask questions and insist on seeing technical documentation of devices as well as policy manuals.

Fighting the wrong battle?

Why Money Doesn't Motivate File-Sharers

"File-sharers aren't motivated by financial gain, but by altruism, according to an economist. Joe Cox, of the Portsmouth Business School, said those uploading content for others to share don't see what they're doing as illegal, meaning current tactics to deter piracy are doomed to fail. 'The survey data suggested there was a deep-seated belief that this type of activity shouldn't be illegal, that there was no criminal act involved.'"

Another tool in the continuous quest for better legal arguments?

December 07, 2010

Legal Information Institute of India Launched

"The Legal Information Institute of India (LII of India) is now open for public access prior to its formal launch in India in early 2011. LII of India at present has 50 databases, including over 300,000 decisions from 37 Courts and Tribunals, Indian national legislation from 1836, over 800 bilateral treaties, law reform reports and about 500 law journal articles. The LawCite citator tracks case and journal article citations. Further case law, and State and Territory legislation, will be added by the time of the formal launch. LII of India has been developed through cooperation between four leading Indian Law Schools (NALSAR University of Law, Hyderabad; National Law School of India University, Bangalore; National Law University, Delhi, and Rajiv Gandhi School of Intellectual Property Law, Indian Institute of Technology - Kharagpur) in partnership with AustLII. The technical hub of the project will be NALSAR in Hyderabad, with initial development and ongoing support from AustLII. Prof VC Vivekanandan of NALSAR is the Director. Funding support has been provided primarily by AusAid, with additional support from the Australian Research Council and the Commonwealth Secretariat." [via Graham Greenleaf AM, Professor of Law & Information Systems, University of New South Wales]

There's nothing like settling down with a good e-book.

December 07, 2010

Commentary on the Future of Academic Libraries - Rising Prices, Sustainability, Digitization, and Copyright

The Library: Three Jeremiads, by Robert Darnton, New York Review of Books, December 23, 2010.

  • "In fact, more printed books are produced each year than the year before. Soon there will be a million new titles published worldwide each year. A research library cannot ignore this production on the grounds that our readers are now “digital natives” living in a new “information age.” If the history of books teaches anything, it is that one medium does not displace another, at least not in the short run. Manuscript publishing continued to thrive for three centuries after Gutenberg, because it was often cheaper to produce a small edition by hiring scribes than by printing it. The codex—a book with pages that you turn rather than a scroll that you read by unrolling—is one of the greatest inventions of all time. It has served well for two thousand years, and it is not about to become extinct. In fact, it may be that the new technology used in print-on-demand will breathe new life into the codex—and I say this with due respect to the Kindle, the iPad, and all the rest."

Another fearless forecast of the future.

PC Era Forecasted To End In 18 Months

"In a historic shift, shipments of smartphones, tablets and other app-enabled devices will overtake PC shipments in the next 18 months, an event that may signify the end of the PC-centric era, market research firm IDC said. IDC said worldwide shipments this year of app-enabled devices, which include smartphones and media tablets such as the iPad, will reach 284 million. In 2011, makers will ship 377 million of these devices, and in 2012, the number will reach 462 million shipments, exceeding PC shipments. In 2012, there will be 448 million PC shipments. One shipment equals one device. PC sales will continue to climb, but will no longer rule."

A factual future rather than a frivolous forecast.

With Chrome OS, Google Doubles Down on the Cloud

SAN FRANCISCO — Google unveiled a beta version of its Chrome OS and an early test version of its branded netbook Tuesday morning, a big bet by the search giant to help drive computing to the cloud — and to the popular web-based services that are its bread and butter.

Google’s release of the new OS, related but separate to its mobile OS Android, comes after a year of development and at a time when cloud computing — and the simpler machines that access applications on distant servers rather than running them on a hard drive — seems to have passed a sort of tipping point of respectability. It’s no coincidence, surely, that Microsoft is touting its own cloud-based approach in a huge marketing campaign.

Google is giving out netbooks to journalists [Hey Google! I'm a journalist – sort of... Bob] at a press event to widen their beta and is also handing out a few of the pilot laptops to its Facebook fans. It also launched a pilot program to get hardware running Chrome OS into developers’ hands. Early adopters can sign up to get a black, unbranded Chrome OS notebook (codenamed Cr-48).

… Google has also partnered with Citrix for easy installation of enterprise apps with secure, company-only sharing features. The Citrix platform will launch during the first half of 2011, the company says. [This could solve a lot of security problems! Bob]

… If you want to try it out today, you can join Google’s developer program and install Chrome OS on a wide range of hardware.

“The question is, how comfortable are you compiling from source,” joked Google VP of engineering Linus Upson.

For my website (and programming) students

11 Robust Web Based Editors To Code Directly From Your Browser

This is interesting, even if I'm not sure how I'll use it. Perhaps to walk my students through some web resources? (You can lead a student to knowledge but you can't make him think)

WalkThe.Net - All The Guidance You Could Ever Need

Walk The Net is here to make the process of mastering any topic a much simpler proposition. On this site, you can see the guides that others have created for researching specific topics and follow them step by step. You are shown how to approach traditionally difficult issues, and how to turn knowledge into a catalyst for positive action.

When going on any of these web walks you are actually asked to mark each step that you have taken. Why? Because at the end of the walk you will actually get a badge that you will then be able to display on your site or blog, and show others that you have been doing your homework.

The site has recently launched and there are not really that many walks to choose from now. And the ones that are featured a bit... how to say it... insular. For example, there is a web walk about a fellow looking back on his birthday and seeing if it was a worthwhile day or not. But there is also a couple dealing with topics like analytics and other broader subjects. Hopefully, these will become the norm.

No comments: