Saturday, February 06, 2010

This has the appearance of a well designed security plan. Many organizations could learn from this!

WY: Kid Care CHIP Client Information Exposed Online

February 5, 2010 by admin

The Wyoming Department of Health (WDH) announced today an error has lead to potential online exposure of personal information provided by clients and applicants of the Wyoming Kid Care CHIP program.

WDH Information Technology was notified Thursday that personal information of Kid Care clients was improperly appearing in Google search results. [I wonder who discovered the files? Bob] Thirty seconds upon receiving the call, Information Technology shut down the web site involved. [Unbelievably fast, if “upon” means “after.” Who made the call? Bob] The files that were being searched by the search engine have also been removed from the web site.

“I want to make it crystal clear that NO health record information was compromised by this error,” said Dr. Brent Sherard, Wyoming Department of Health director and state health officer. “However, personal information such as address information and children’s social security numbers provided by clients and applicants of the Wyoming Kid Care CHIP program may have been exposed.”

Lee Clabots, Wyoming Department of Health deputy director for administration, said “We are still investigating exactly what happened and do not yet have all the answers. [Honesty! How unusual. Bob] However, we do know the problem was not caused by intentional wrongdoing.”

WDH provided automated recorded calls [Very fast notification. Another unusual plus! Bob] to about 5,000 affected families this afternoon with an initial notice about the situation. Each family will also be receiving detailed letters in the coming days.

The department is contracting with Debix, an identity protection service, to offer free help to affected families. “This company’s services will offer additional security to families to help ensure the children’s information is not stolen or improperly used,” Clabots said. Affected families will be asked to contact Debix at 877-676-0371 beginning Saturday morning.

Sherard said, “While we believe at this point the potential harm was minimal, this is a situation we are taking very seriously. My staff is working diligently to ensure this does not happen again.”

Source: Wyoming Department of Health

Ah ha! Here's another “citizen that spent several minutes at “”

FBI wants records kept of Web sites visited

February 5, 2010 by Dissent

Declan McCullagh reports:

The FBI is pressing Internet service providers to record which Web sites customers visit and retain those logs for two years, a requirement that law enforcement believes could help it in investigations of child pornography and other serious crimes.

FBI Director Robert Mueller supports storing Internet users’ “origin and destination information,” a bureau attorney said at a federal task force meeting on Thursday.

As far back as a 2006 speech, Mueller had called for data retention on the part of Internet providers, and emphasized the point two years later when explicitly asking Congress to enact a law making it mandatory. But it had not been clear before that the FBI was asking companies to begin to keep logs of what Web sites are visited, which few if any currently do.

Read more on CNET.

(Related) Does Big Brother want to start tracking citizens before they are born?

The New National Health Plan Is Texting

Posted by timothy on Saturday February 06, @07:48AM

theodp writes

"With a gushing press release, Federal CTO Aneesh Chopra announced the launch of Text4baby, 'an unprecedented mobile health public-private partnership' designed to promote maternal and child health. Expectant women are instructed to 'Enter the date of the first day of your last menstrual period' to start receiving 'timely and expert health information through SMS text messages' until their child reaches the age of 12 months (limited to 3 free messages/week). The White House Blog has more information on the 'historic collaboration between industry, the health community and government.' Separately, the White House announced plans to spend $3,000 on 'Game-Changing' Solutions to Childhood Obesity. Once again, Dilbert proves to be scarily prescient."

Ha! I called this one. (Okay, it was obvious, but I still want the points!) When bureaucrats see potential tax money, they can easily ignore the ethical questions surrounding rewarding criminals.

London moves to buy stolen bank data

February 5, 2010 by admin Filed under Financial Sector, Insider, Non-U.S., Theft

Vanessa Houlder reports:

Britain has approached Germany to buy data stolen from a Swiss bank in an effort to discover details of accounts hidden in the country by potential UK tax evaders.


A number of German politicians, as well as the Swiss government, have criticised Berlin’s decision to purchase the stolen data.

Although the same criticism is likely to be levelled at the Revenue, the UK tax authorities are allowed to pay a reward for information in return for extra taxes collected.

The Dutch, Belgian and Austrian governments have also signalled they wish to buy data from the same disc relating to their citizens.

Read more in The Financial Times.

If governments pay data thieves for the proceeds of crime, doesn’t that only encourage more potential data thieves? [I'm gonna ask for a bigger classroom. Bob]

Cloud is all there is... “ Perhaps in the marketing departments, but then it's all in the definition.

Oracle signals change of tone about cloud

by James Urquhart February 5, 2010 5:55 PM PST

Software heavyweight Oracle's acquisition of Sun Microsystems has (and will have) a wide impact on the technology market.

Oracle's strategy of targeting an "all in one" relationship with its customers--providing hardware, software, and services--is something to which the rest of the high-technology industry will have to pay close attention. Modeling yourself after the "IBM of the 1960s" is not a bad target, especially when you consider market share. [So is Cloud Computing a “Back to basics” strategy? Bob]

… Said Ellison: "Everything's called cloud now. If you're in the data center, it's a private cloud. There's nothing left but cloud computing. People say I'm against cloud computing--how can I be against cloud computing when that's all there is?" [So Cloud Computing Computing just French for “Stuff the Geeks do?” Bob]

(Related) Another definition. If it's available online, it's in the Cloud.

Authors Guild: ‘To RIAA or Not to RIAA’

By David Kravets February 5, 2010 5:39 pm

… Yet building that library in the clouds would be allowed without the rights-holders’ consent — which the Justice Department and others contend is a complete and fundamental alteration of copyright law.

Not to keep pounding on Al Gore (There's an Al Gore heat wave dumping a couple of feet of snow on Washington today) but backing your political arguments with indisputable facts is much better. (Not that any politician bothers with “truth, justice or the American way.”)

India Ditches UN Climate Change Group

Posted by ScuttleMonkey on Friday February 05, @04:54PM

Several readers have told us that the Indian Government is moving to establish its own group to address the science of climate change since it "cannot rely" on the official United Nations panel. [No real surprise there. Bob]

"The move is a severe blow to the UN's Intergovernmental Panel on Climate Change (IPCC) following the revelation parts of its 3000 page 2007 report on climate science was not subjected to peer review. A primary claim of the report was the Himalayan glaciers could disappear by 2035, but the claim was not repeated in any peer-reviewed studies and rebuffed by scientists. India's environment minister Jairam Ramesh announced that the Indian government will established a separate National Institute of Himalayan Glaciology to monitor climate change in the region. 'There is a fine line between climate science and climate evangelism,' Ramesh said. 'I am for climate science.'"

How education will work in the very near future. (Notice the IM style name?)

2tor Raises $20 Million Series B To Go After The High End Of Online Education

by Erick Schonfeld on February 5, 2010

… One startup trying to bring entire degree programs online is 2tor

… “What is unique about 2tor is they are the first online education program to go after the high end—elite programs at elite schools,” says Paul Maeder, a founder and general partner at Highland who will be taking a board seat. 2tor was founded by John Katzman, who previously founded test-prep giant Princeton Review.

(Related) A Mindomo mindmap

Teaching & Learning in the Digital Age

It looks like MakeUseOf is down (one hopes temporarily) but I'll include the blurb from their RSS feed that I thought was interesting. The links to the sites work, those to the MakeUse Of pages don't

3ouTube – There are number of tools for downloading videos from YouTube, but none quite as simple as 3outube – the easiest YouTube downloading tool to use in the entire world. Don’t believe me? To download a video from YouTube using this tool, all you need to do is browse to your video and change the “y” in “” to a “3″. Read more: 3ouTube: The Simplest YouTube Downloading Tool Ever.

I've already ordered this book from the library! A great lady and true evangelist for computers. (and I still have the nanosecond she handed me!)

Think It’s Hard Being a Woman in Tech? Try It in the 1940s.

by Sarah Lacy on February 5, 2010

… you should start by reading the new book “Grace Hopper and the Invention of the Information Age,” by Kurt W. Beyer.

Friday, February 05, 2010

“We didn't waste any time or thought on security, but when it came to protecting our jobs no effort was spared.” No indication the records were encrypted or that ANY security process was followed.

NY: Social Security loses a CD with personal info

February 4, 2010 by admin Filed under Breach Incidents, Government Sector, Lost or Missing, U.S.

Peter C. Mastrosimone reports:

A computer disc containing detailed personal information about 969 New Yorkers was lost by a Social Security Administration employee traveling to Queens from the Bronx back in late October.

Three months later, on Jan. 22, the agency sent out letters to those people, explaining the situation and assuring them that officials have not seen any questionable activity [Why would they? It's your information that was lost. Bob] that would lead them to believe anyone had found the disc and engaged in identity theft.

The Queens Chronicle learned of the situation last Friday, when a copy of the letter was faxed to the paper’s office.


The agency took three months to notify people of the mishap because officials wanted to determine how best to go forward, [This common management technique is known as CYA. Bob] according to Shallman.

“We regret that it took this long to notify people about the loss,” he said in an email. “It took time to thoroughly analyze and identify the loss and determine the best method of proceeding. In the meantime, as the letter states, we have reviewed Social Security records and found no inappropriate activity. We have no indication that any unauthorized individual has actually retrieved or used this personal information.”

The disc was lost as the employee was going to the Queens Social Security hearing office, and the information on it included administrative decisions, medical evidence and internal agency documents containing the people’s names and Social Security numbers.

Read more in the Queens Chronicle.

This went quite quickly. Have they learned what buttons to push?

Heartland Payment Systems and Visa Inc. Announce Acceptance Rate of Over 97 Percent for Data Security Breach Settlement Agreement

February 5, 2010 by admin

From the press release:

Financial institutions representing more than 97 percent of eligible Visa-branded credit and debit cards have accepted the Alternative Recovery Offers they received pursuant to the settlement entered into by Visa Inc. (NYSE:V), Heartland Payment Systems® (NYSE: HPY) and Heartland’s sponsoring acquirers last month. This level of acceptance fulfills the 80 percent opt-in condition that was one of the requirements of the $60 million settlement. The settlement provides these issuers with a recovery from Heartland with respect to losses they may have incurred from the 2008 criminal breach of the payment processor’s payment system network.

What a great time to be born!

Routine DNA Tests For Newborns Mean Looming Privacy Problems

pogopop77 writes

"CNN has an interesting story about how newborn babies in the United States are routinely screened for a panel of genetic diseases. Since the testing is mandated by the government, it's often done without the parents' consent. However, many states store that DNA information indefinitely, and even make it available to researchers with little or no privacy safeguards. Sometimes even the names are attached! Here is information on state-by-state policies (PDF) of the handling of the DNA information."

I'm not sure if this is a Privacy story or an economic stimulus story. Do they hire students with cameras to roam the malls?

Google Maps To Add “Google Store Views”

Does this de-cloudify the cloud?

Vint Cerf Scares Web Dudes by Mentioning Time-sharing

Posted by Michael Pinto on Feb 4, 2010

When everyone started talking about the cloud my first thought was “isn’t this a throw back to mainframe computers from a pre-PC era when dumb terminals always needed to dial in?” So I was blown away to watch this video of Vint Cerf (who has been credited as the father of the Internet) suddenly mention mainframe time-sharing in the middle of a chat on cloud-to-cloud operability. It’s also interesting to hear that Cerf feels that it will take about five years for real standards to occur that allow one cloud to share data with another. By the way it’s interesting to note that Google now employs Cerf which is quite a coup.

Interesting. Does this suggest that Microsoft has copyrighted ways to defeat forensic examination?

Microsoft hits DECAF with DMCA take-down notice

by Steve Ragan - Feb 4 2010, 17:00

DECAF, an application that defends a system from forensic tools such as EnCase and Helix, as well as Microsoft’s COFEE, earned a good bit of attention towards the end of 2009. Apparently, it earned too much attention, because after the initial hype died down, Microsoft finally acted and served the team behind DECAF with a DMCA notice, causing their hosting provider to pull their site.

Not the clearest description of what is occurring here, but you get the idea. The perfect place for unscrupulous lawyers (is that redundant?)

Lord Lucas Says Record Companies "Blackmail" Users

Posted by timothy on Friday February 05, @02:02AM from the lord-timothy-yields-his-time dept.

Kijori writes

"Lord Lucas, a member of the UK House of Lords, has accused record companies of blackmailing internet users by accusing people of copyright infringement who have no way to defend themselves. 'You can get away with asking for £500 or £1,000 and be paid on most occasions without any effort having to be made to really establish guilt. It is straightforward legal blackmail.' The issue is that there is no way for people to prove their innocence, since the record company's data is held to be conclusive proof, and home networking equipment does not log who is downloading what. Hopefully, at the very least, the fact that parliament has realised this fact will mean that copyright laws will get a little more sane."

This story misses the point. You are signed up when you click – not by specifically purchasing the “services”

GameStop, Other Retailers Subpoenaed Over Credit Card Information Sharing

New York State's Attorney General, Andrew Cuomo, has subpoenaed a number of online retailers, including GameStop, Barnes & Noble, Ticketmaster and Staples, over the way they pass information to marketing firms while processing transactions. MSNBC explains the scenario thus: "You're on the site of a well-know retailer and you make a purchase. As soon as you complete the transaction a pop-up window appears. It offers a discount on your next purchase. Click on the ad and you are automatically redirected to another company's site where you are signed up for a buying club, travel club or credit card protection service. The yearly cost is usually $100 to $145. Here's where things really get smarmy. Even though you did not give that second company any account information, they will bill the credit or debit card number you used to make the original purchase. You didn't have to provide your account number because the 'trusted' retailer gave it to them for a cut of the action." While there is no law preventing this sort of behavior, Cuomo hopes the investigation will pressure these companies to change their ways, or at least inform customers when their information might be shared.

Beware the posturing politician.

House Overwhelmingly Passes Cybersecurity Bill

Posted by timothy on Thursday February 04, @02:00PM from the critical-mass-of-buzzwords dept.

eldavojohn writes

"The Caucus, a NY Times Blog, is reporting on the overwhelming majority vote (422 yeas) the House gave a new cybersecurity bill. The Cybersecurity Enhancement Act, H.R. 4061 has a number of interesting provisions. Representative Michael Arcuri, a Democrat of New York who sponsored the bill called cybersecurity the 'Manhattan Project of our generation' [“Without the budget or science or all that other stuff politicians don't understand.” Bob] and estimated the US needs 500 to 1,000 more 'cyber warriors' every year in order to keep up with potential enemies. The new bill 'authorizes one single entity, the director of the National Institute of Standards and Technology, to represent the government in negotiations over international standards and orders the White House office of technology to convene a cybersecurity university-industry task force to guide the direction of future research.'"

Resource The video equivalent of Twitter's 140 character limit? “Attention” was once the goal of Internet sites, but that attention span has shortened dramatically.

5min Rules The How-To Video Space

by Leena Rao on February 3, 2010

We recently wrote about the traction that how-to video site and producer Howcast is seeing online. But there’s another information and how-to video startup that is dominating the space: 5min. The company is a syndication platform for instructional, knowledge and lifestyle videos, both professionally produced and user-generated. The service’s video library boasts 150,000 of videos across a variety of categories (e.g. food, health, home and garden ), submitted by media companies and independent producers from around the world.

(Related) Attention spans are shrinking due to Global Warming! Notify Al Gore at once!

Blogging Is Out, Facebook Is In, Study Finds

Thursday, February 04, 2010

ATTENTION HACKERS! Hacking into bank accounts in tax havens can pay for your college education and fully fund your retirement, all in one swell foop! Remember our deal. If you are one of my students, I get 10% (or I'll create an account for you in Lichtenstein and rat you out to the Germans.)

Why Germany Is Paying Millions in Ransom For Stolen Bank Data

February 3, 2010 by admin Filed under Financial Sector, Insider, Non-U.S.

Tristiana Moore reports:

The announcement may have caused some super-rich Germans to tremble in their designer shoes. On Tuesday, German Finance Minister Wolfgang SchaĆ¼ble said the government has agreed to buy a computer CD from an anonymous informant that contains the stolen bank details of up to 1,500 people suspected of evading German taxes by stashing their money away in Swiss bank accounts.


Two years ago, Germany paid an informant $6.3 million to obtain stolen bank details for several hundred members of the LGT banking group who were suspected of evading taxes by putting their money in bank accounts in Liechtenstein. That deal reportedly helped the government recover $250 million in lost revenue by the end of last year. One of the suspects, Klaus Zumwinkel, the former head of Deutsche Post, was also convicted of tax evasion and received a two-year suspended prison sentence and a fine of $1.4 million. “We can’t do the opposite now of what we did two years ago,” [Are you sure this guy is a politician? Bob] SchaĆ¼ble said in an interview with ZDF public television on Monday night.

Read more in Time.

(Related) Need a hacker?

Clinton calls parliament chief over bank data deal

February 4, 2010 by Dissent Filed under Non-U.S., Surveillance

Valentina Pop reports:

US secretary of state Hillary Clinton has called EU parliament chief Jerzy Buzek to voice concern over a vote due next Tuesday in which MEPs could scrap a deal allowing American investigators to track down terrorist funding via European bank transactions.

Ms Clinton’s late-night phonecall to Mr Buzek comes on top of other efforts by the US administration to try and convince EU lawmakers not to reject the agreement.

On Wednesday, US ambassador to Brussels William E. Kennard went to the European Parliament and held talks with several political group leaders and MEPs dealing with justice and home affairs.

Read more on the EUobserver.

Update (Register for a copy of the report) If this is not the Chinese government, (and I'll be shocked if it isn't),it looks like it could be the electronic equivalent of Murder, Inc. (Perhaps Hackers, Inc.?)

Report Details Hacks Targeting Google, Others

February 3, 2010 by admin Filed under Commentaries and Analyses, Hack

Kim Zetter reports:

It’s been three weeks since Google announced that it and numerous other U.S. companies were targeted in a recent sophisticated and coordinated hack attack dubbed Operation Aurora.

Until now we’ve only known that the attackers got in through a vulnerability in Internet Explorer and that they obtained intellectual property and access to the Gmail accounts of two human rights activists whose work revolves around China. We also know a few details about how the hackers siphoned the stolen data, which went to IP addresses in Taiwan, and about 34 mostly undisclosed companies were breached.

Now a leading computer forensic firm [Mandiant] is providing the closest look so far at the nature of the attacks, and attackers, that struck Google and others. The report never mentions Google by name, or any other companies, but focuses on information gathered from hundreds of forensic investigations the firm has conducted that are identical to what we know about the Google hack.

Read more on Threat Level.

[From the article:

What the information indicates is that the attack that hit Google is identical to publicly undisclosed attacks that have quietly plagued thousands of other U.S. companies and government agencies since 2002 and are rapidly growing. They represent a sea change from the kinds of attacks that have commonly hit networks and made headlines.

“The scope of this is much larger than anybody has every conveyed,” says Kevin Mandia, CEO and president of Virginia-based computer security and forensic firm Mandiant. “There [are] not 50 companies compromised. There are thousands of companies compromised. Actively, right now.”

… Called Advanced Persistent Threats (APT), the attacks are distinctive in the kinds of data the attackers target, and they are rarely detected by antivirus and intrusion programs. What’s more, the intrusions grab a foothold into a company’s network, sometimes for years, even after a company has discovered them and taken corrective measures.

… The non-APT hackers target only financial data or sensitive customer data for identity theft, while the APT attackers never target such data. Instead, their focus is espionage. [Do breach laws require disclosure of espionage? Bob] They attempt to take every Microsoft Word, PowerPoint and Adobe PDF document from every machine they compromise, as well as all e-mail, says Mandia.

… One mark of APT attacks is that they have especially hit companies with dealings in China, including more than 50 law firms.

If you’re a law firm and you’re doing business in places like China, it’s so probable you’re compromised and it’s very probable there’s not much you can do about it,” Mandia says.

(Related) Who will be the student, who the master?

Google and NSA Teaming Up

Posted by samzenpus on Thursday February 04, @09:28AM from the meet-my-big-brother dept.

i_frame writes

"The Washington Post reports that 'Under an agreement that is still being finalized, the National Security Agency would help Google analyze a major corporate espionage attack that the firm said originated in China and targeted its computer networks, according to cybersecurity experts familiar with the matter. The objective is to better defend Google — and its users — from future attack.'"

(Related) Wouldn't China be very interested in Carbon Swaps?

Huge Phishing Attack On Emissions Trade In Europe

Posted by timothy on Wednesday February 03, @04:09PM from the feel-good-measures dept.

bratgitarre writes

"A targeted phishing scam on companies trading with greenhouse gas emission certificates in Europe has reaped millions, Der Spiegel reports. By sending phishing e-mails to companies in Australia and New Zealand purporting to be from the German Ministry for Environmental Protection (German article, Google translation) the criminals obtained login credentials for companies owning polluting permissions. They then swiftly sold them to other polluters in various European countries. Damages are probably huge for a single incident, as 'one medium-sized German company alone had lost allowances worth €1.5 million ($2.1 million).' German federal officials, who can trace some of the transactions, claim that out of 2000 certificate sellers, seven responded to the scam."

For Computer Security people, this is a “Well, DUH!” article. But it never hurts to remind the C-levels that they can't always control who sees their data (and would you like encryption now?)

Cisco’s Backdoor For Hackers

February 3, 2010 by Dissent Filed under Breaches, Featured Headlines, Internet

Andy Greenberg reports:

Activists have long grumbled about the privacy implications of the legal “backdoors” that networking companies like Cisco build into their equipment–functions that let law enforcement quietly track the Internet activities of criminal suspects. Now an IBM researcher has revealed a more serious problem with those backdoors: They don’t have particularly strong locks and consumers are at risk.

In a presentation at the Black Hat security conference Wednesday, IBM Internet Security Systems researcher Tom Cross unveiled research on how easily the “lawful intercept” function in Cisco’s IOS operating system can be exploited by cybercriminals or cyberspies to pull data out of the routers belonging to an Internet service provider (ISP) and watch innocent victims’ online behavior.

Read more on Forbes.

Most interesting! I wonder if the court would buy the argument that cell phones send a whole bunch of very small files (packets) and therefore I can intercept them without running afoul of the Privacy laws? (Cordless phones are already wide open...)

File sharing on an unsecured wireless network? No reasonable expectation of privacy – court

February 3, 2010 by Dissent Filed under Court, Internet

Sharing files on an unsecured wireless router? Be very careful about what files you are willing to share with the world — and the courts. Over on, John Wesley Hall Jr. notes a recent Oregon ruling:

Defendant’s computer was set to share files on his wireless network. A neighbor’s wireless router failed, and her computer which regularly shared files, too, automatically picked up defendant’s system, and she saw folders indicative of child pornography. The defendant had no reasonable expectation of privacy in the files that could be shared by anybody who accessed his wireless network. United States v. Ahrndt, 2010 U.S. Dist. LEXIS 7821 (D. Ore. January 28, 2010)


A soft target? Even if their security (Prevent) wasn't adequate, they did notice (Detect) the breach and take immediate action. (Or maybe the bank noticed transfers to the Cayman Islands.)

Hackers Try to Steal $150,000 from United Way

February 4, 2010 by admin Filed under Hack, Miscellaneous, U.S.

Brian Krebs writes:

Hackers broke into computer systems at a Massachusetts chapter of the United Way last month and attempted to make off with more than $150,000 from one of the nation’s largest charities.

Patricia Latimore, chief financial officer at the United Way of Massachusetts Bay and Merrimac Valley, said unknown attackers tried to initiate a number of bogus financial transfers out of the organization’s bank account, but that the United Way was able to work with its bank to block or reverse the unauthorized transfers.

Read more on KrebsonSecurity.

(Related) This is what happens when a bank assumes transfers to the Ukraine are normal.

NY: Hacker stole $378,000 from town account, sent it to Ukraine

February 4, 2010 by admin Filed under Government Sector, Hack, U.S.

Michael Valkys reports:

A computer hacker broke into a Town of Poughkeepsie bank account and stole $378,000 by transferring the money to banks in Ukraine, Supervisor Patricia Myers said Wednesday.

Ending two weeks of silence about the incident, Myers read a statement before the Town Board’s meeting at Town Hall. She said four illegal transfers from the town’s TD Bank account were made last month over two business days — and that “efforts are still under way to catch those responsible.”

Officials said $95,000 of the stolen money, one of the unauthorized transfers, was recovered from a Ukraine bank. In all, she said “nine attempts were made via online access to steal monies” from the TD Bank account.

Read more in the Poughkeepsie Journal.

State laws are for second class citizens. File this in the “How the world REALLY works” folder.

Australia Post ’spying’ on workers

February 4, 2010 by Dissent Filed under Court, Non-U.S., Workplace

Kirsty Needham reports:

Australia Post has been accused of secretly monitoring Sydney postal workers using computerised street-side red letter boxes in breach of NSW surveillance laws.

But the postal service says it is entitled to spy on its staff because it is not subject to state laws.

The NSW Attorney-General, John Hatzistergos, has intervened in the dispute and will appear personally in the Federal Court today to argue Australia Post is answerable to criminal prosecution under the state workplace surveillance act.

Read more in The Age.

[From the article:

All street-side collection mail boxes in NSW are monitored by computer. Australia Post is able to track when and where each postie or driver accesses the boxes with individual computer keys.

[The “excuse” given at the time was: Bob] The system was introduced as a measure to stop mail theft.

If at first you don't succeed, be sure to point out that you are right and the rest of the world (including those ignorant, incompetent judges) are wrong. Then you are justified (in your own mind) to keep to your strategy.

AU: Film industry loses landmark piracy case

February 4, 2010 by Dissent Filed under Court, Featured Headlines, Internet, Non-U.S.

Andrew Ramadge reports:

Internet service provider iiNet has won a major legal battle over whether it should be held responsible for its customers downloading content illegally.

The case, against the Australian Federation Against Copyright Theft, could have had major implications for the way internet providers police their users.

If AFACT had won, providers would likely have been forced to penalise or disconnect users who illegally downloaded copyrighted material such as movies and songs.

However Federal Court judge Justice Dennis Cowdroy today found iiNet was not responsible for the infringements of its users.


AFACT hit back by saying the ruling hinged on a technicality.

“We believe this decision was based on a technical finding [Computers don't work the way we said they do. Bob] centred on the court’s interpretation [The judge didn't listen to us! Bob] of the how infringement’s occur and (iiNet’s) ability to control them,” said executive director Neil Gane.

“We are confident that the Government does not intend a policy outcome where rampant copyright infringement is allowed to continue unaddressed and unabated via the iiNet network.”


Wow! Next they'll be telling us they need to give telecom companies billions of dollars to spread broadband. Oh... Wait! (I'd like to ask Mr Technology here if we would have this problem if broadband in this country was a fast as, say, Outer Mongolia?

US Government: iPad and other smart mobile devices may strain networks

by Dave Caolo (RSS feed) on Feb 3rd 2010 at 6:30PM

Not much on computers or the internet. Are we legally ready for a cyber war?

February 03, 2010

Law of War Deskbook, 2010

Law of War Deskbook, 2010, International and Operational Law Department, The United States Army Judge Advocate General’s Legal Center and School, Charlottesville, VA

  • "This Law of War Deskbook is intended to replace, in a single bound volume, similar individual outlines that had been distributed as part of the Judge Advocate Officer Graduate and Basic Courses and the Operational Law of War Course. Together with the Operational Law Handbook and Law of War Documentary Supplement, these three volumes represent the range of international and operational law subjects taught to military judge advocates. These outlines, while extensive, make no pretence of comprehensively covering this complex area of law. Our audience is the beginning and intermediate level practitioner; our hope is that this material will provide a solid foundation upon which further study may be built."

(Related) Contrast the Law of War with, which returned 36940 results for keyword "computer" and 30836 results for keyword "privacy"

February 03, 2010

Improvements to Make for Easier Access to Federal Regulations

News release: "As part of President Obama’s commitment to more effective and open government, the public can more quickly access federal regulations at, thanks to comments received during the Exchange online forum held last year. provides one-stop public access to information related to current and forthcoming regulations issued by the federal government. The eRulemaking Program made the following specific-site improvements to

  • a new rotating panel of images and video clips offering a preview to the latest Web site changes

  • a dashboard of regulatory documents housed on

  • a new A-Z index of rules and proposed rules categorized by topic

  • instructional video-clips highlighting site functions

  • improvements to the site's homepage and search wizard."

If you missed this on Broadcast TV, or on Cable, Don't Panic! You can still watch it on your computer or your cell phone.

February 03, 2010

PBS - Digital Nation: Life on the Virtual Frontier

"Within a single generation, digital media and the World Wide Web have transformed virtually every aspect of modern culture, from the way we learn and work to the ways in which we socialize and even conduct war. But is the technology moving faster than we can adapt to it? [No, axiomatically. Bob] And is our 24/7 wired world causing us to lose as much as we've gained? [No, logically. Bob] In Digital Nation: Life on the Virtual Frontier, FRONTLINE presents an in-depth exploration of what it means to be human in a 21st-century digital world. Continuing a line of investigation she began with the 2008 FRONTLINE report Growing Up Online, award-winning producer Rachel Dretzin embarks on a journey to understand the implications of living in a world consumed by technology and the impact that this constant connectivity may have on future generations. "I'm amazed at the things my kids are able to do online, but I'm also a little bit panicked when I realize that no one seems to know where all this technology is taking us, or its long-term effects," says Dretzin."

(Related) An example of people overwhelmed by technology? (After all, faxes have only been around since 1848, they'll take some getting used to.)

USPTO Won't Accept Upside Down Faxes

Posted by samzenpus on Thursday February 04, @08:41AM from the left-handed-reading-glasses dept.

bizwriter writes

"This may seem like a joke, but it's not. The US Patent and Trademark Office will not accept patent filings faxed in if they arrive upside down. That's right, the home of innovation of the federal government is incapable of rotating an incoming fax file, whether electronically or on paper."

Just in case you every want to research a company.

February 03, 2010

New on - Business Intelligence Online Resources

Business Intelligence Online Resources: This extensive guide by search expert Marcus P. Zillman includes a wide range of sources designed to serve as a foundation for knowledge discovery specific to business intelligence resources on the Internet.

This could be the most valuable scientific journal ever! However, I suspect that no one will read it. Politicians have this type of information readily available (it's called History) but none of them ever bother to try to understand it. Humans seems convinced that they would never make the mistakes hundred or thousand have made before them.

The Journal of Serendipitous and Unexpected Results

Posted by samzenpus on Thursday February 04, @12:23AM from the well-that-didn't-work dept.

SilverTooth writes

"Often, when watching a science documentary or reading an article, it seems that the scientists were executing a well-laid out plan that led to their discovery. Anyone familiar with the process of scientific discovery realizes that is a far cry from reality. Scientific discovery is fraught with false starts and blind alleys. As a result, labs accumulate vast amounts of valuable knowledge on what not to do, and what does not work. Trouble is, this knowledge is not shared using the usual method of scientific communication: the peer-reviewed article. It remains within the lab, or at the most shared informally among close colleagues. As it stands, the scientific culture discourages sharing negative results. Byte Size Biology reports on a forthcoming journal whose aim is to change this: the Journal of Serendipitous and Unexpected Results. Hopefully, scientists will be able to better share and learn more from each other's experience and mistakes."

“Dude, I got a hot stick! I'll send you a letter, technology is banned!”

Brokers Get Strict Social Networking Rules

Posted by samzenpus on Thursday February 04, @03:17AM from the no-farmville-at-work dept.

eldavojohn writes

"If you're a broker or work for a brokerage firm then you better think twice before posting content to Facebook and Twitter. It seems the static parts of the pages like your profile must be approved and fall under the watch of FINRA. But a post to Facebook or a tweet might constitute a 'public appearance' representing your firm. Which means that 'firms must supervise these interactive electronic communications under NASD Rule 3010 in a manner reasonably designed to ensure that they do not violate the content requirements of FINRA's communications rules.' It's days like these I'm glad I don't work on Wall Street or have jury duty."

Another industry in consolidation.

Monster buys Yahoo's HotJobs for $225 million

by Tom Krazit February 3, 2010 2:51 PM PST

For my students

10 best IT jobs right now

With many industry watchers speculating about a jobless economic recovery, IT job seekers could find work in a few key technology areas.

By Denise Dubie, Network World February 02, 2010 12:02 AM ET

1. Security specialist/ethical hacker

2. Virtual systems manager

5. Open source specialist

  1. Electronic health records systems manager

Not for my students. They goof off enough as it is. - Watching TV On The Internet

FreeTube is a site that will let you watch television on your browser without having to pay anything for the privilege, and without having to go out of pocket for any software or hardware in order to get connected either. As long as you have a web-enabled computer you are ready to start watching live Internet channels.

Tools & Techniques “You will weawy weawy wove this one!” E. Fudd - Who Knows Who On Twitter

Do you ever wonder in which ways people are connected which other on the Twitterverse? It has nothing to do with being merely nosy - if you were to do business with anybody, knowing the connections he has would give you something of a headstart and a much better understanding of where to put your expectations on. This site will enable you to do exactly that, and find out who follows who straightaway. The provided search functionality will allow you to see who share the same followers, and determine how influential someone is.

For me: I WANT ONE!

Multitouch Future: Stick-on Plastic Film Can Make 108-Inch Touchscreens

Be the cloud! (Do we trust French companies enough to use their services?) - Cloud Computing Made Easy

Nuxinov is a company providing services in the field of cloud computing. They have developed a solution named Feel Home in order to give everybody a ready chance to access different data or files

The aim of FeelHome is to connect both personal and professional computers to the cloud in a one-click procedure. The system dispenses with configuring anything, and upon carrying out the basic connection you can access your files and your folders from practically anywhere. You have to download a small application in order to make the connection and create an account first, but that is mostly it. There is no initial charge or periodic fees to be paid at all.

Wednesday, February 03, 2010

Why do all these government reports come out on Groundhog's Day? What does “Puxatony Phil” know, and when did he know it?

February 02, 2010

Annual Threat Assessment of the US Intelligence Community for the Senate Select Committee on Intelligence

Annual Threat Assessment of the US Intelligence Community for the Senate Select Committee on Intelligence, Dennis C. Blair, Director of National Intelligence, February 2, 2010

  • "The national security of the United States, our economic prosperity, and the daily functioning of our government are dependent on a dynamic public and private information infrastructure, which includes telecommunications, computer networks and systems, and the information residing within. This critical infrastructure is severely threatened. This cyber domain is exponentially expanding our ability to create and share knowledge, but it is also enabling those who would steal, corrupt, harm or destroy the public and private assets vital to our national interests. The recent intrusions reported by Google are a stark reminder of the importance of these cyber assets, and a wake-up call to those who have not taken this problem seriously. Companies who promptly report cyber intrusions to government authorities greatly help us to understand and address the range of cyber threats that face us all. I am here today to stress that, acting independently, neither the US Government nor the private sector can fully control or protect the country’s information infrastructure. [I smell the need to prepare us for a failure in the (undeclaired) cyber war to come. Perhaps they wish to crawl into Phil's hole? Bob] Yet, with increased national attention and investment in cyber security initiatives, I am confident the United States can implement measures to mitigate this negative situation."

[From the report:

The strategic landscape has changed considerably for US interests over the past year. We see some improvements, but also several entrenched problems and slow progress in some areas for the foreseeable future. Several large-scale threats to fundamental US interests will require increased attention, and it is on one of these threats that I will focus our initial discussion.

About what you'd expect. “We're doing a great job, but details are too sensitive to discuss here.”

February 02, 2010

DHS Quadrennial Homeland Security Review Report to Congress

The Department of Homeland Security delivered to Congress the Quadrennial Homeland Security Review (QHSR) Report, A Strategic Framework for a Secure Homeland, Februaru 10, 2010 on February 1, 2010. The QHSR outlines the strategic framework to guide the activities of participants in homeland security toward a common end.

  • "The purpose of the first-ever Quadrennial Homeland Security Review (QHSR) is to outline the strategic framework to guide the activities of participants in homeland security toward a common end. A safe and secure homeland must mean more than preventing terrorist attacks from being carried out. It must also ensure that the liberties of all Americans are assured, privacy is protected, and the means by which we interchange with the world through travel, lawful immigration, trade, commerce, and exchange are secured... The Nation’s first QHSR takes as its aim a vision for our homeland as safe, secure, and resilient against terrorism and other hazards where American interests, aspirations, and way of life can thrive."

They do this because it works.

February 02, 2010

Phishing Activity Trends Report, 3rd Quarter / 2009

The quarterly APWG (AntiPhishing Working Group) Phishing Activity Trends Report analyzes phishing attacks reported to the APWG by its member companies, its Global Research Partners, through the organization’s website and by email submissions. APWG also measures the evolution, proliferation and propagation of crimeware drawing from the research of our member companies. In the last half of this report you will find tabulations of crimeware statistics and related analyses."

Go where there is lots of data and it is easy to steal.

Cybercrime Checks Into The Hotel Industry

February 2, 2010 by admin Filed under Commentaries and Analyses

Andy Greenberg reports:

Over the past year America’s hotels have had some uninvited guests: a wave of increasingly sophisticated invasions by organized cybercriminals.

That’s one finding of a report that cybersecurity researcher Nicholas Percoco plans to present Tuesday at the Black Hat security conference in Arlington, Va. His data shows a spike in hacking incidents that successfully targeted hotels and resorts, what Percoco describes as relatively unprotected sources of thousands or even millions of credit card account details.

Percoco, who works as a security auditor and data breach investigator for the security firm Trustwave, plans to outline the results of around 1,900 audits and 200 breach investigations that his company performed over the last year. The central anomaly in that data: While only 3% of the audits Trustwave performed proactively for companies were commissioned by the hospitality industry, hotels and resorts were victims in 38% of investigations following successful cybercriminal attacks.

Read more in Forbes.

[From the article:

In most cases Percoco says the methods cybercriminals used to gain access to their victims weren't particularly new. In fact, Trustwave tracked cases in which hackers exploited 10-year old software vulnerabilities that had long ago been patched by the software vendors but hadn't been updated by the companies using the applications--or, in many cases, the contractors that hotels hired to handle their information technology support.

Even unive3rsity support staffs can learn!

Univ. Help Desk Staffer Extorts Over Copyright Violations

Posted by timothy on Wednesday February 03, @10:15AM from the judge-jury-and-accounts-payable dept.

McGruber writes

"The Atlanta fishwrap is reporting that an University of Georgia 'IT security support' employee was accusing students of copyright violations, then demanding money to clear their names. Sounds like he's been caught stealing the RIAA business model."

Good on ya, mate!

Internet uprising overturns Australian censorship law

By Nate Anderson | Last updated February 2, 2010 11:59 AM

… The cries of the outraged citizenry have had an effect. While defending the new rules as recently as yesterday, Atkinson suddenly backed off from them today. He sent a statement to AdelaideNow, one remarkable for its candor.

"From the feedback we've received through AdelaideNow, the blogging generation believes that the law supported by all MPs and all political parties is unduly restrictive. I have listened. I will immediately after the election move to repeal the law retrospectively... It may be humiliating for me, but that's politics in a democracy and I'll take my lumps."

(Related) As usual, Bruce is right!

Anonymity and the Internet

February 3, 2010 by Dissent Filed under Featured Headlines, Internet

Bruce Schneier writes:

Universal identification is portrayed by some as the holy grail of Internet security. Anonymity is bad, the argument goes; and if we abolish it, we can ensure only the proper people have access to their own information. We’ll know who is sending us spam and who is trying to hack into corporate networks. And when there are massive denial-of-service attacks, such as those against Estonia or Georgia or South Korea, we’ll know who was responsible and take action accordingly.

The problem is that it won’t work. Any design of the Internet must allow for anonymity. Universal identification is impossible. Even attribution — knowing who is responsible for particular Internet packets — is impossible. Attempting to build such a system is futile, and will only give criminals and hackers new ways to hide.

Read more on Schneier on Security.

I think this is a first...

U.S. Court Compels Discovery of German Personal Information

February 3, 2010 by Dissent Filed under Court, Featured Headlines

In AccessData Corporation v. ALSTE Technologies GmbH, 2010 U.S. Dist. LEXIS 4566 (D. Utah Jan. 21, 2010) the U.S. District Court for the District of Utah, Central Division, compelled the production of personal information about customers of the German defendant after finding that German laws did not necessarily bar the production of such information and that the Hague Convention did not apply to the requested discovery.

In this breach of contract case, AccessData claimed that ALSTE, a German corporation, owed nearly $80,000 in unpaid invoices for reselling software manufactured by AccessData to ALSTE customers.

In response, ALSTE alleged that the software was defective, and counterclaimed that AccessData violated a separate agreement by failing to pay ALSTE for providing technical support to certain users of the software in Germany.

During discovery, AccessData sought information regarding customer complaints and related injuries. ALSTE’s objections included that disclosing information relating to its customers and their employees would violate German law. AccessData then moved to compel.

Read the eData NewsFlash by Morgan Lewis (pdf).

I can be private! Where's my grant?

Google gives millions of dollars in research awards

by Lance Whitney February 2, 2010 10:45 AM PST

… The grants cover four specific areas of interest to Google--machine learning, using mobile phones to collect information on health and the environment, energy-efficient computing, and privacy.


  • Ed Felten of Princeton University

  • Lorrie Cranor of Carnegie Mellon University

  • Ryan Calo of Stanford University's Center for Internet and Society

  • Andy Hopper of Cambridge University Computing Laboratory

Police want backdoor to Web users' private data

by Declan McCullagh February 3, 2010 4:00 AM PST

Anyone with an e-mail account likely knows that police can peek inside it if they have a paper search warrant.

But cybercrime investigators are frustrated by the speed of traditional methods of faxing, mailing, or e-mailing companies these documents. They're pushing for the creation of a national Web interface linking police computers with those of Internet and e-mail providers so requests can be sent and received electronically.

… The survey, according to two people with knowledge of the situation, is part of a broader push from law enforcement agencies to alter the ground rules of online investigations. Other components include renewed calls for laws requiring Internet companies to store data about their users for up to five years and increased pressure on companies to respond to police inquiries in hours instead of days.

Is this my “get out of jury duty free” card? I must use email to teach my students – I send my tests via email. (In fact, the restriction only applies to communications about the case, but it is interesting to see the list of technologies.)

Courts Move To Ban Juror Use of Net, Social Sites

Posted by kdawson on Wednesday February 03, @02:09AM from the tell-no-one dept.

coondoggie passes along a NetworkWorld report on the pronouncement of a judicial conference committee recommending that trial judges specifically instruct jurors not to use any electronic communications devices or sites during trial and deliberations.

"If you think you're going to use your spanking new iPhone to entertain yourself next time you're on jury duty, think again. Judges are going to take an even dimmer view of jury member use of Blackberry, iPhone, or other electronic devices as a judicial policy-setting group has told district judges they should restrict jurors from using electronic technologies to research or communicate. ... The instructions state jurors must not use cell phones, e-mail, Blackberry, iPhone, text messaging, or on Twitter, or communicate through any blog or website, through any internet chat room, or by way of any other social networking websites, including Facebook, MySpace, LinkedIn, and YouTube."

Here's the committee report (PDF)

A Democrat and a Republican from Colorado are Twitterers. Wish they had something useful to say.

February 02, 2010

Congress and Twitter - A Growing Relationship

Congress Is All Atwitter, Daniel Newhauser, Roll Call: "Since the microblogging Web site Twitter launched in 2006, tens of millions of people have logged on and churned out billions of 140-character messages called tweets. And Congress has certainly embraced the trend. In fact, by early last year, some 20 Members were using the site, according to Tweet Congress, which monitors Members’ Twitter use. The current count, the group says, is 162 (plus 16 committees and seven caucuses). But computer-savvy political junkies already know that. Whether politicians are using Twitter to its full potential is another matter entirely."

News as entertainment? Avatar meets Walter Cronkite? For my Visual Communications students. (Wait 'till the supermarket tabloids start using this technology!) Seems many of the commenters agree...

And Now, the Animated News

Posted by samzenpus on Tuesday February 02, @02:39PM from the portions-of-this-report-have-been-re-enacted dept.

theodp writes

"'You have a lot of missing images, in the TV, in the news reporting,' explains billionaire Jimmy Lai. It's a gap that Lai's Next Media intends to fill with its animated news service. Artists lift details from news photos while actors in motion sensor suits re-create action sequences of stories making headlines. Animators graft cartoon avatars to the live-motion action, and the stories hit the Web. When news agencies didn't have footage of scenes from the Tiger Woods car crash, Lai's team raced to put together animation dramatizing the incident that became a YouTube sensation. Thus far, Lai has been denied a television license, but with or without his own station, he thinks his animations are headed for televisions worldwide. His company is currently in talks with media organizations to churn out news animations on demand using Next Media's graphic artists and software tools

Ah ha! I'll use this to explain correlation to my Statistics students, assuming I can find someone to explain it to me.

February 02, 2010

Report - Correlation in Credit Risk

Correlation in Credit Risk, Xiaoling Pu, Xinlei Zhao. Office of the Comptroller of the Currency, Economics Working Paper 2009-5, February 2, 2010.

  • "Abstract: We examine the correlation in credit risk using credit default swap (CDS) data. We find that the observable risk factors at the firm, industry, and market levels and the macroeconomic variables cannot fully explain the correlation in CDS spread changes, leaving at least 30 percent of the correlation unaccounted for. This finding suggests that contagion is not only statistically but also economically significant in causing correlation in credit risk. Thus, it is important to incorporate an unobservable risk factor into credit risk models in future research. We also find, consistent with some theoretical predictions, that the correlation is countercyclical and is higher among firms with low credit ratings than among firms with high credit ratings.

(Related) ...and I can use this as a cautionary tale. Not all correlations make sense. Sometimes a symptom is misinterpreted as a cause.

Could Cars Have Caused the Mortgage Meltdown?

By Keith Barry February 2, 2010 8:30 am

In yet another analysis of the causes behind the current financial crisis, it turns out that vehicle ownership and a lack of access to public transportation may be just as predictive of mortgage foreclosure rates as low credit scores and high debt-to-income ratios.

Such are the results of a study, commissioned by the Natural Resources Defense Council, of foreclosure rates in San Francisco, Chicago and Jacksonville, Florida. The survey found mortgage holders were less likely to face foreclosure (.pdf) if they lived in “compact” neighborhoods with sufficient public transit to make owning a car optional.

Tools & Techniques Intercept and listen to ANY iPhone

New iPhone Attack Kills Apps, Reroutes Web Traffic

Posted by kdawson on Tuesday February 02, @04:11PM from the dead-cert dept.

Trailrunner7 sends in a article on exploiting flaws in the way the iPhone handles digital certificates. "[Several flaws] could lead to an attacker being able to create his own trusted certificate and entice users into downloading malicious files onto their iPhones. The result of the attack is that a remote hacker is able to change some settings on the iPhone and force all of the user's Web traffic to run through any server he chooses, and also to change the root certificate on the phone, enabling him to man-in-the-middle SSL traffic from that phone. ... Charlie Miller, an Apple security researcher at Independent Security Evaluators, said that the attack works, although it would not lead to remote code execution on the iPhone. 'It definitely works. I downloaded the file and ran it and it worked,' Miller said. 'The only thing is that it warns you that the file will change your phone, but it also says that the certificate is from Apple and it's been verified.'"

The market for free software. Remember, Open Office started as an IBM sponsored project in Europe. Also note that the research method apparently required no interaction with people.

OpenOffice Tops 21% Market Share In Germany

Posted by kdawson on Tuesday February 02, @11:07PM from the camel's-head-and-neck dept.

hweimer writes

"A novel study analyzes the installed base of various office packages among German users. (Here is the original study report in German and a Google translation.) While Microsoft Office comes out top (72%), open source rival OpenOffice is already installed on 21.5% of all PCs and growing. The authors use a clever method to determine the installed office suites of millions of web users: they look for the availability of characteristic fonts being shipped with the various suites. What surprised me the most is that they found hardly any difference in the numbers for home and business users."

(Related) The trend continues.

Denmark chooses open formats

AF Julian Isherwood

As of April next year, Danish state communication will be in open formats that fulfill set principles for open standards.

After four years of discussion, Parliamentary parties have decided to use open formats and to produce a list of acceptable document types.

A previous suggestion that this immediately precludes Microsoft's OOXML format proves not to be the case.

My ambition is that in the future we will only communicate using open standards,” Science Minister Helge Sander told Parliament.

But he later rejected as 'ridiculous' media reports that the decision excluded Microsoft's products.

For parents?

GrowShow: Time Lapse Imaging Tool For Parents

Everybody has tons of pictures for their kids starting right from their birth. GrowShow is a time lapse imaging tool that lets you organize those pictures into a chronological order without any extra effort. Simply upload the pictures to GrowShow and they will automatically be sequenced.

Similar sites: Baby-Connect and Kidmondo.

Tools & Techniques Something for my website class (and all the programmers)

QuickHighlighter: Free Code Syntax Highlighter Online

Quick Highlighter is a simple code syntax highlighter that highlights any programming code for easier reading and sharing. It converts any code to a formatted and highlighted text so you can quickly paste it to your webpage and share it with your readers.

Quick Highlighter supports over a hundred programming languages including Javascript, CSS, HTML, XML, Visual Basic, and many more.

Free, no signup is required. had an interesting article on making your printer wireless, but they seem to be having a database connection glitch, so I found some alternative articles. Now my wife can print from her laptop without bothering asking for my assistance.