Saturday, March 20, 2010

You can't make this stuff up. Even I know this is called “Undue Reliance” but if ALL your records are on the computer, what else could you rely on?;_ylt=AqCLxNmGZj9X8RoimuSH9bys0NUE;_ylu=X3oDMTNyNjZ2dWYxBGFzc2V0A2FwLzIwMTAwMzE5L3VzX3BvbGljZV93cm9uZ19hZGRyZXNzBGNjb2RlA21vc3Rwb3B1bGFyBGNwb3MDOARwb3MDNQRwdANob21lX2Nva2UEc2VjA3luX2hlYWRsaW5lX2xpc3QEc2xrA2NvcHNtaXN0YWtlbg--

NYC police: Computer glitch led to mistaken visits

Fri Mar 19, 12:26 pm ET

NEW YORK – A senior New York City police official apologized Friday for the 50 or so door-pounding visits police made to the home of a bewildered elderly couple.

It seems a glitch in computer records had led them over and over to Walter and Rose Martin's modest home in Brooklyn. [And no procedure to correct errors? That's even more scary. Bob]

On Thursday, detectives from the NYPD's Identity Theft Squad went to see the Martins again — this time to apologize. "And we wanted to be sure perps weren't using that address for identity theft," NYPD Deputy Commissioner Paul Browne told The Associated Press on Friday.

The detectives told 82-year-old Rose and 83-year-old Walter that Police Commissioner Raymond Kelly had ordered them to solve the problem, which had gone on for at least four years [That wasn't the motivator... Bob] and was reported this week in the New York Daily News. [...that was! Bob]

Police used the Brooklyn address as part of what Browne called "random material" to test an automated computer system that tracks crime complaints and records other internal police information. [Best Practice: Never ever use real data in a test. Bob]

The couple first complained about the harrowing police visits in 2007, "and we identified the problem then," Browne said. "It was a mistake by the police department."

Police wiped the Martins' address from the system.

Or so they thought, said Browne.

Instead, the visits continued.

Apparently, some computer files bearing the Martins' address stayed in the system. [and, apparently, there was no procedure to identify and remove them. Bob]

To make sure it will never happen again, Browne said the Martins' address has been flagged with alerts, so if there's any record indicating an officer should visit the address, "they're barred from doing it." [Sounds like an open invitation to crooks of all kinds. Bob]

A skeptical Rose Martin has asked the department to write her an official letter to that effect.

Fifth Third was TJX's bank. This could be related to that breach, but more likely is a new one.

New 5/3 debit cards ’safety precaution’

March 19, 2010 by admin

WOOD-TV reports:

A security breach through a third-party payment company prompted Fifth Third Bank to send new debit cards to its customers as a safety precaution.

Bank officials sent a letter to customers and said the debit cards may have been compromised, but other sensitive information, such as Social Security numbers, were not accessed.

The news station is trying to get more information from Fifth Third.

So, is they is or is they ain't going to protect my data?

Swiss upper house approves five bank data deals

March 19, 2010 by Dissent

The Swiss parliament’s upper house on Wednesday approved deals with the United States and four other countries to share data on potential tax dodgers, bringing the Alpine state closer in line with international standards.

Under the deals Switzerland will have banking data sharing arrangements with France, Britain, the United States, Denmark and Mexico in cases of tax fraud and tax evasion, in accordance with OECD standards, except when those requests are based on stolen data.

Read more on Reuters.

[From the Article:

Switzerland's relations with both France and Germany have been strained in recent months after both countries obtained stolen information on possible tax dodgers with Swiss bank accounts.

"We won't give administrative assistance if stolen data is presented. That's our sovereign right," finance minister Hans-Rudolf Merz told television show Classe Politique.

"France has stolen data," he said. "If we get a request for administrative assistance from France, we're not honouring it."

All five agreements have been signed bilaterally but still have to be passed by parliament's lower house, where the right-wing SVP, which has said it opposes them, has the most seats.

Most likely, this is a case of “We can use big words too” rather than a clear plan.

Cloud-Based, Open-Source Future For Teachers?

Written by Audrey Watters / March 16, 2010 4:00 PM

A computing device for every teacher and student so they can access the Internet at school or at home? That, along with an embrace of cloud computing, Creative Commons, and open-source technologies is part of a new set of recommendations from the U.S. Department of Education.

On March 5, the department released an 80-page draft of its National Educational Technology Plan entitled Transforming Education: Learning Powered by Technology. The plan lays out an ambitious agenda for transforming teaching and learning through technology.

Friday, March 19, 2010

Now this is more like it! Just when we're discussing “Cloud Computing” ( ) as a “new thing,” Tim O'Reilly goes and introduces another new term/concept!

Tim O'Reilly: 'Whole Web' is the OS of the future

(Related) Making the virtual real?

CloudCrowd Takes On CrowdFlower To Outsource Labor To The Cloud

by Leena Rao on Mar 19, 2010

… CrowdFlower is a labor as a service startup that helps businesses outsource mundane or repetitive tasks to the cloud. Now the startup has attracted a competitor, recently launched CloudCrowd, which also promises increase efficiency and lower costs to companies by breaking large projects into smaller tasks, and distributing them to its virtual workforce.

Most data breaches are not noticed by the “victims.” Think of those as far to the left on the bell curve. But, every now and then we have something far to the right – here is an almost “Perfect Storm!” Could it have been worse? Consider the Reporter getting the Lawyer's medical information...

Hospital Makes Changes After Billing Blunder

By Dissent, March 18, 2010 11:15 am

Rafael Sanchez reports on a breach involving him:

An Indianapolis hospital system is using a new registration and billing system after the wrong Rafael Sanchez received a 6News’ reporter’s medical bill.

Rafael Sanchez, an attorney at Bingham McHale, called the station in December after he was mailed a $2,051.45 bill from Methodist Hospital intended for 6News’ reporter Rafael Sanchez, in violation of federal law.

The invoices he received were for real [vs. fictional? Bob] medical care Sanchez the reporter received after he collapsed outside court while covering a mass murder trial on Dec. 10.

Clarian Health investigated the incident, and its facilities are now using a new system intended to minimize billing errors, especially for patients with similar names.

Read more on TheIndyChannel.

I wonder if TD paid back the money stolen rather than “recovered it.” Governments (even small town governments) might have more leverage than small businesses.

Town recovers $378,470 stolen by hackers

March 19, 2010 by admin

Michael Valkys reports:

Town of Poughkeepsie officials Thursday night announced the town has recovered more than $378,000 in town funds alleged to have been stolen by cyber thieves.

Supervisor Patricia Myers announced the recovery at a special Town Board meeting at Town Hall. She read a brief statement after the board’s approximately one-hour executive session.

“The Town of Poughkeepsie is pleased to announce that, with the assistance of TD Bank and various law enforcement authorities, the $378,470 which was diverted by cyber theft has been restored.”


Myers had been critical of TD Bank officials for not catching the theft, but praised the bank during Thursday’s announcement.

Town officials have said they implemented new security measures after the thefts were discovered. [Better late than never? What else have they failed to do? Bob]

“The town has reviewed and updated its internal computer systems and it recognizes the integrity and security of TD Bank’s online banking system,” Myers said

Read more in the Poughkeepsie Journal.

Yes we teach students “How to write a virus,” but no, this isn't one of ours.

(update) Virus that hit Mary’s Pizza “so new it was not even in virus database”

March 19, 2010 by admin

David Bolling provides more information on a breach reported here previously:

The Plaza location of Mary’s Pizza Shack has been identified as the target of Internet hackers who penetrated the restaurant’s computer system with a “logger” virus that captured credit card numbers at the transaction terminal.

The presence of a virus was discovered by a corporate official on Feb. 10 after the family-run company received reports from friends about unauthorized credit card charges. CEO Vince Albano, grandson of Mary’s founder Mary Fazio, said the company immediately contacted the four affected credit card companies – VISA, MasterCard, Discover and American Express, and then hired Trustwave, a Chicago-based data security firm recommended by the card companies.

Only credit card numbers were taken by the virus, Albano emphasized, no personal identification information, such as Social Security numbers or bank account records were exposed, [nor did they steal your car or gold from Fort Knox, but the PR people always look for something positive to say, even if it is totally unrelated. Bob] although VISA and MasterCard debit accounts were apparently raided. Trustwave identified and removed the virus doing the damage on Feb. 23.

Albano said he was told by Trustwave officials that the virus was so new it was not even in the company’s virus database.


Sonoma police, who have followed the case from the beginning, reported that Mary’s was not the only hacked card terminal in the Valley but they have not yet identified other company victims.

Albano told the Index-Tribune that Sheriff’s Office investigators reported there were at least 70 cases of stolen credit card number use reported, some 50 of which were traced to Mary’s.

Can you hear me now?”

FTC to Internet Companies: Start Using SSL

Deeplink by Peter Eckersley March 18th, 2010

HTTPS is the backbone of web security. The protocol, which is also commonly known as the Secure Sockets Layer (SSL), is what guarantees we can use the web to transmit sensitive information — financial, medical, or other — with relative confidence that it won't be intercepted or stolen. EFF has been arguing for years that best practices demand that all sensitive data be sent exclusively over SSL.

(Related) Could they be getting serious?

150,000 take FCC broadband speed test in first week

I wonder if California will use this as a revenue generator? They have to balance the budget somehow...

1st Trial Under California Spam Law Slams Spammer

Posted by timothy on Thursday March 18, @05:42PM writes

"In the first case brought by a spam recipient to actually go to trial in California, the Superior Court of California held that people who receive false and deceptive spam emails are entitled to liquidated damages of $1,000 per email under California Business & Professions Code Section 17529.5. In the California Superior Court ruling (PDF), Judge Marie S. Weiner made many references to the fact that Defendants used anonymous domain name registration and used unregistered business names in her ruling. This is different from the Gordon case, where one only had to perform a simple whois lookup to identify the sender; here, Defendants used 'from' lines of 'Paid Survey' and 'Your Promotion' with anonymously registered domain names. Judge Weiner's decision makes it clear that the California law is not preempted by the I CAN-SPAM Act. This has been determined in a few prior cases, including my own. (See for some of those cases.)"

Does a Social Network have “Community Values?” Could a case be made that this IS the community norm and we're just a bunch of old fuddy-duddies?

Court bars charges against teen who posed semi-nude

March 19, 2010 by Dissent

Dan Goodin reports:

A federal appeals court rebuked a Pennsylvania district attorney who threatened to file felony child pornography charges against teens who were photographed semi-nude unless they attended an “education program”.

In a unanimous decision issued Wednesday by the appeals court in Philadelphia, a three-judge panel said the threat amounted to a “Hobson’s Choice” that would retaliate against one of the girls and her family for exercising their constitutional right to free speech. A rare dose of government-issued sanity in the prosecutorial crusade against teenage ’sexting’, the ruling upheld a lower-court order issued last year in the case.

Read more in The Register.

Ashby Jones of the Wall Strreet Journal also covers the decision:

Do teens, tweens or anyone else under 18 have a First Amendment right to send sexually explicit messages or photos through their cell phones? …. The Third Circuit, in this opinion, decided to punt on the First Amendment issue. But the ruling was a win for the girl, a then 16-year-old from a town near Scranton, Pa. The three judges said a prosecutor could not charge her merely for appearing in a photograph without evidence she had engaged in distributing it.


Court: Cyberbullying Threats Are Not Protected Speech

We can arrest you AND the horse you rode in on...”

Killer Convicted, Using Dog DNA Database

Posted by timothy on Thursday March 18, @02:04PM

lee1 writes

"It turns out that the UK has a DNA database — for dogs. And this database was recently used to apprehend a South London gang member who used his dog to catch a 16-year-old rival and hold him while he stabbed him to death. The dog was also accidentally stabbed, [..causing dog lovers to demand immediate execution! Bob] and left blood at the scene. The creation of human DNA databases has led to widespread debates on privacy; but what about the collation of DNA from dogs or other animals?"

Plus ca change plus la meme chose”

Obama Administration Withholds FoIA Requests More Often Than Bush's

Posted by timothy on Thursday March 18, @02:31PM

bonch writes

"Agencies under the Obama administration cite security provisions to withhold information more often than they did under the Bush administration. For example, the 'deliberative process' exemption of the Freedom of Information Act was used 70,779 times in 2009, up from the 47,395 of 2008. Amusingly, the Associated Press has been waiting three months for the government to deliver records on its own Open Government Directive."

(Ditto) but perhaps now we can see the relationships more easily?

March 18, 2010 - New Web Site Reveals Money and Politics Links in New Ways

", the award-winning nonpartisan, nonprofit research organization dedicated to illuminating the connection between money and politics, has launched a new web site which shines the light of transparency and accountability in powerful ways as never before. The new site is being launched during Sunshine Week, a nonpartisan, national initiative to open a dialogue about the importance of open government and freedom of information. users will find on the new site robust tools to

  • illuminate how money aligns with votes

  • reveal data on individual legislators and how much money they have received from industry and organizations

  • expose specific contributions to persons, by parties, by committee, and within date ranges and important and vital features including

  • a new U.S. Congress research blog

  • a powerful search engine"

Thursday, March 18, 2010

Check Out the New Pages

I've recently added some new pages to Free Technology for Teachers. These pages, located just below the header banner, contain some presentations, how-to instructions, and resources for teaching with technology. The pages are a work in progress so check back from time to time for more content on the pages.

If you don't want to, would you mind if I did?

FeelHome: Remotely Access All Your Files From Anywhere

… You can install this free program on any Linux, Mac or Windows computer and access your computer files remotely from anywhere.

This might make a good quiz for my Computer Security students. “Recover the data on this drive – you have 15 minutes.”

How To Completely & Securely Erase Your Hard Drive [Windows]

Thursday, March 18, 2010

Usually, articles that address the topics we discuss in a Privacy Foundation's seminar are published well after the seminar. This is an exception, since the seminar is tomorrow.

Is a legal challenge to cloud inevitable?

March 17, 2010 9:30 PM PDT

I've been spending this week at the Cloud Connect conference at the Santa Clara Convention Center, in Santa Clara, Calif., listening closely to the broad range of opinions and concerns raise by both the customers of cloud and it's vendor community.

… The sense I am getting is that adoption of cloud is beginning to outstrip the ability of legal council to evaluate the liabilities that the cloud introduces to enterprise IT. [This seems inevitable. Legislators won't react until a significant portion of the voting public tells them to. Bob]

[Free (but untitled) presentation PDFs from Cloud Connect are here:

Maybe we shouldn't scoff. Looks like the prosecutor had a viable strategy.

Google Italy & Privacy: Not What You Might Think

March 18, 2010 by Dissent

Ryan Calo writes:

Reading through Italian news coverage of the Google Italy case, another picture emerges. User privacy may well be at issue, but not in the way you probably think. I grew up in Italy and now research and teach Internet law in the United States. When I heard about the verdict against three Google executives, one of them an alumnus of the law school where I work, I went first to American sources, then to Italian ones. What I found was that most Americans may be getting the basic facts and ideas of the case wrong.


The prosecutor brought two sets of charges against Google’s executives. The first sought to hold them criminally liable for the defamatory acts of the kids that uploaded the offending video. This charge was thrown out, likely on the basis of an Italian law—Article 17 of Legislative Decree 70—that mostly resembles our own federal immunity for content uploaded by third-parties. We’ll see when the court publishes its reasoning in a few months.

The second set of charges, of which the Google executives were actually convicted, are supposed to be about privacy—namely, criminal liability for violating provisions of the Italian Personal Data Protection Code. But as Susan Crawford told the New York Times, “[a]ny concern for privacy in this case is a pious cover.” Indeed, it appears that the prosecution sought to use these infractions as a way to defeat the above-mentioned immunity, on the theory that Article 17 protection is not available to criminals. (UPDATE: Chris Parsons pointed me toward a post over at Out-Law explaining that data privacy violations are not entitled to immunity at all under EU law.)

Read more on CIS.

I hope this translates to the US. Condemning tools for the work done with them is illogical. (If Spock didn't say that, he should have.)

P2P and P2P Links Ruled Legal In Spain

Posted by samzenpus on Thursday March 18, @02:12AM

Nieriko writes

e-Repo-man My hacking 101 students will love this! All we have to do is break a simple password?

Disgruntled Ex-Employee Remotely Disables 100 Cars

Posted by samzenpus on Wednesday March 17, @06:35PM

hansamurai writes

"Over one hundred cars equipped with a Webtech Plus blackbox were remotely disabled when a former employee of dealership Texas Auto Center got hold of his employer's database of users. Webtech Plus is repossession software that allows the dealership to disable a car's ignition or trigger the horn to honk when a payment is due. Owners had to remove the battery to stop the incessant honking. After the dealership began fielding an unusually high number of calls from upset car owners, they changed the passwords to the Webtech Plus software and then traced the IP address used to access the client to its former employee."

Can you say, “Slippery Slope?” “Next week, we're gonna add Republicans!”

Court: State Can Dump Non-Sex Offenders Into Registry

How to tell someone is fishing for a high paying job in the industry they regulate... This is Politics 101, not Political Science.

FTC member rips into Google’s privacy efforts

March 17, 2010 by Dissent

Grant Gross reports:

Several major U.S. Internet companies, including Google and Facebook, need to “step up” and better protect consumer privacy or face tougher penalties from the U.S. Federal Trade Commission, a commissioner said Wednesday.

Commissioner Pamela Jones Harbour, who is leaving the FTC next month, [Number One clue! Bob] ripped into Google for the launch of its Buzz social-networking tool in February, and she complained that many other Internet firms, including Facebook and Microsoft, aren’t encrypting the consumer data that lives in their clouds.

“I am especially concerned that technology companies are learning harmful lessons from each other’s attempts to push the privacy envelop,” she said during an FTC privacy workshop. “Even the most respected and popular online companies, the ones who claim to respect privacy, continue to launch products where the guiding privacy policy seems to be, ‘Throw it up against the wall and see if it sticks.’”

Read more on Network World.

I didn't see the annual Wiretaping report, but it might show up eventually.

March 17, 2010

Sources for Finding Mandated Reports to Congress by U.S. Federal Agencies

Rick McKinney: "The Law Librarians' Society of Washington, D.C., Inc. (LLSDC) is pleased to announce the availability on its Legislative Source Book Website of a new title called "Sources for Finding Mandated Reports to Congress by U.S. Federal Agencies" ( The site briefly describes and links to sources that list or may make available reports from Federal agencies mandated by Congressional statute. Other matters discussed include where the text of report provisions can be found in the law, who receives the reports, sunsetted report provisions that remain in the U.S. Code, general reporting provisions applicable to most agencies, and other matters."

I always use Yogi Berra to explain how statistics can fail:

Baseball is ninety percent mental and the other half is physical. “

“Half the lies they tell about me aren't true.

But one of the Comments said it best, “I would never believe a statistic that I did not make up myself! ”

Science and the Shortcomings of Statistics

Posted by samzenpus on Wednesday March 17, @09:30PM

Kilrah_il writes

"The linked article provides a short summary of the problems scientists have with statistics. As an intern, I see it many times: Doctors do lots of research but don't have a clue when it comes to statistics — and in the social science area, it's even worse. From the article: 'Even when performed correctly, statistical tests are widely misunderstood and frequently misinterpreted. As a result, countless conclusions in the scientific literature are erroneous, and tests of medical dangers or treatments are often contradictory and confusing.'"

It's a (brief) slideshow... Might show it in my Statistics class.

March 17, 2010

Pew Presentation: Teens and the internet -The future of digital diversity

Teens and the Internet: The Future of Digital Diversity, Kristen Purcell, Ph.D. Associate Director, Pew Internet Project, Fred Forward Conference, March 23, 2010.

Building a toolkit for geeks

Top 10 Most Downloaded Portable Apps [Movers & Shakers]

Wednesday, March 17, 2010

Interesting that the UK tax people would rely on data taken illegally. I wonder if they have any way to confirm the data?

UK To Acquire Stolen Private Banking Data Of HSBC In Switzerland

March 16, 2010 by admin

Tom Burroughes reports:

The UK government is to acquire the Swiss bank account details of up to 6,600 wealthy UK citizens suspected of evading tax after information was stolen from HSBC’s private bank in Switzerland by a software engineer, the Sunday Times (of London) reported.

The report comes shortly after it was reported that the Swiss authorities are to investigate the matter. HSBC’s private bank has apologised to clients about the theft, which affected a total of 24,000 accounts, of which 15,000 were in use at the time of the theft about three years ago.

HSBC told WealthBriefing that it has fewer than 6,000 UK clients of its Swiss private bank – a figure which is at odds with the newspaper’s report. The bank said it was unable to make further comment at this stage.

The UK tax authority declined to comment on the matter.

Read more on WealthBriefing.

Notice that the changes in volume or price were sufficient to bring these trades to the SEC's attention. Also notice that they never mention that they did notice it...

SEC: Hacker Manipulated Stock Prices

By David Kravets March 16, 2010 2:14 pm

U.S. regulators are moving to freeze the assets and trading accounts of a Russian accused of hacking into personal online portfolios and manipulating the price of dozens of stocks listed on the Nasdaq Stock Market and New York Stock Exchange.

A New York federal judge on Tuesday sided with the Securities and Exchange Commission and froze the assets of Broco Investments, believed to be a one-trader operation based in St. Petersburg, Russia. The SEC said Broco capitalized by artificially moving prices of more 38 thinly traded securities — enabling Broco to profit from up-or-down price swings.

“These transactions have created the appearance of legitimate trading activity and have artificially affected the prices of at least 38 issuers,”(.pdf) the Securities and Exchange Commission said in court filing.

… Broco would purchase these and other stocks in its own portfolio and immediately place unauthorized buy orders at inflated prices of the same securities in hacked Scottrade accounts, the SEC said.

“Immediately or shortly thereafter, the defendants capitalized on the artificially inflated share prices of the targeted securities by selling the shares previously acquired in their account,” the SEC alleged. “In other instances, the defendants profited by covering short positions previously established in their account while placing unauthorized sell orders through the compromised accounts at substantially lower prices.”

Along the way, victims lost $600,000 in market value the last few months alone, the SEC said. And Broco, believed to be a one-person company run by Valery Maltsev, reaped $255,000 in ill-gotten gains during the same time.

Daily trading volume in Pennsylvania-based financial services company AmeriServe Financial averaged about 11,300 shares in from Dec. 1 to Dec. 20, the SEC said. The next day, volume increased 20 times. At least 200,000 shares were bought and sold through Broco or hacked Scottrade accounts, allowing Broco to leverage the prices for its own profits.

“Broco grossed $141,500 in approximately 15 minutes,” the SEC said.

Not a problem if you are working on your desktop, but serious implications for “Cloud Computing.”

MS Virtual PC Flaw Defeats Windows Defenses

Posted by kdawson on Tuesday March 16, @06:01PM

Coop's Troops writes

"An exploit writer at Core Security Technologies has discovered a serious vulnerability that exposes users of Microsoft's Virtual PC virtualization software to malicious hacker attacks. The vulnerability, which is unpatched, essentially allows an attacker to bypass several major security mitigations — DEP, SafeSEH and ASLR — to exploit the Windows operating system. As a result, some applications with bugs that are not exploitable when running in a not-virtualized operating system are rendered exploitable if running within a guest OS in Virtual PC."

This is absolutely true, if you assign a very low value to “Trust” and “Reputation.” I hope senior management has more sense, but hope rarely wins in the face of bigger bonuses.

Users Rejecting Security Advice Considered Rational

Posted by kdawson on Tuesday March 16, @04:32PM

WeeBit writes

"Researchers have different ideas as to why people fail to use security measures. Some feel that regardless of what happens, users will only do the minimum required. Others believe security tasks are rejected because users consider them to be a pain. A third group maintains user education is not working. [Microsoft Research's Cormac] Herley offers a different viewpoint. He contends that user rejection of security advice is based entirely on the economics of the process."

Here is Dr. Herley's paper, So Long, And No Thanks for the Externalities: The Rational Rejection of Security Advice by Users (PDF).

File this in the “Lessons to be learned before we share electronic Health Records”

Caterers ‘had access to patient files’

By Dissent, March 17, 2010 8:07 am

Paul Melia reports in Ireland:

Catering staff were able to access confidential patient information held on a €60m HSE record system which is being rolled out across the country.

Workers in Kerry General Hospital were able to access information including the patient’s name, address, admission, discharge date and doctor information, an internal audit of the system last year found.

And the audit warned of five “high-level” security risks in the Integrated Patient Management System (IPMS) which is used by 10 acute hospitals and 20 HSE centres.

While no clinical data had been uploaded on to the system at the time of the breach, it also found there was no national security policy on how to protect patient records and that some hospitals were just using the new system to replace older technology. Fine Gael health spokesman Dr James Reilly last night said that unless doctors and patients were confident that information would remain confidential, they would not co-operate.

Read more in The Independent.

Is this really a “privacy” issue? Looks more like a fraud case to me.

Patient Loses Privacy Claim Against Doctor

By Dissent, March 16, 2010 7:52 pm

Jeff Gorman reports:

A doctor did not violate a patient’s privacy by telling her case workers that she needed to stop taking prescription drugs, the Tennessee Court of Appeals ruled.

Teresa Gard suffered a back injury on the job and sought treatment from Dr. Dennis Harris.

However, Harris stopped seeing Gard after watching a surveillance video of her activities, which was supplied to him by an insurance company. The video showed Gard riding in a boat, bending over in her front yard and entering a car without pain.

Read more on Courthouse News.

Related: Opinion in Gard v. Harris (pdf)

Aren't most new cars equipt with these devices? Individually, they might be somewhat useful, but if we had a “national database” what could we learn?

Texas Congressman Proposes a Mandate for Automobile Recording Devices

March 16, 2010 by Dissent

Shelley Childers reports:

A Texas congressman is planning to introduce legislation that would mandate electronic data recorders, also known as black boxes, in all new cars and trucks.


And Congressman Gene Green from Texas says this legislation is especially relevant considering the massive Toyota recall saying, “As we witnessed in the Toyota hearing, there is a demonstrated need of detailed crash information.”

But many are concerned that mandating a recording device breaches privacy.

Read more on CBS.

It's sort of a “don't ask, don't tell” kind of logic. If we pretend nothing 'illegal, immoral, or fattening” is happening, then we don't need to spend time thinking about it.

Federal Agents Quietly Using Social Media

Posted by kdawson on Tuesday March 16, @03:45PM

SpuriousLogic passes along this excerpt from the ChiTrib:

"The Feds are on Facebook. And MySpace, LinkedIn, and Twitter, too. US law enforcement agents are following the rest of the Internet world into popular social-networking services, going undercover with false online profiles to communicate with suspects and gather private information, according to an internal Justice Department document that offers a tantalizing glimpse of issues related to privacy and crime-fighting. ... The document... makes clear that US agents are already logging on surreptitiously to exchange messages with suspects, identify a target's friends or relatives and browse private information such as postings, personal photographs, and video clips. Among other purposes: Investigators can check suspects' alibis by comparing stories told to police with tweets sent at the same time about their whereabouts. Online photos from a suspicious spending spree... can link suspects or their friends to robberies or burglaries."

The FoIA lawsuit was filed by the EFF, which has posted two documents obtained from the action, from the DoJ and Internal Revenue (more will be coming later). The rights group praises the IRS for spelling out limitations and prohibitions on deceptive use of social media by its agents — unlike the DoJ. The US Marshalls and the BATFE could not find any documents related to the FoIA request, so presumably they have no guidelines or prohibitions in this area.

Maybe they are serious? Can they make China back down? (I kinda doubt it...)

Google appears to drop censorship in China

Internet giant denies change, but famous ‘Tank Man’ picture now accessible

Having lots of data can be extremely useful but also extremely difficult to store and analyze. This is forcing small businesses into the Cloud.

Big Data Is Less About Size, And More About Freedom

by Guest Author on Mar 16, 2010

Editor’s note: Big Data has been around for a long time between credit card transactions, phone call records and financial markets. Companies like AT&T, Visa, Bank of America, Ebay, Google, Amazon and more have massive databases they mine for competitive advantage. But lately, Big Data is finding its way to the smallest startups. The Web and cloud computing brings Big Data everywhere. But what exactly is pushing Big Data forward?

To answer that we brought in an expert, Bradford Cross. Bradford is the Co-Founder and Head of Research at FlightCaster. [ … ] The company analyzes large data sets to predict flight delays. Bradford is chair of the Dealing with Big Data track at Cloud Connect this week.


Spotify Consumes More Internet Capacity Than All Of Sweden

(Related) It's not that Google lost visitors, it's that there are more visits per user...

Report: Facebook Beats Google For Web's Most-Visited Site

If students don't know how to use tools on the Internet when they start researching, they will by the time they earn a passing grade!

How Students Use Wikipedia

Posted by kdawson on Wednesday March 17, @07:09AM

crazybilly writes

"First Monday recently released a study about how college students actually use Wikipedia. Not surprisingly, they found, 'Overall, college students use Wikipedia. But, they do so knowing its limitation. They use Wikipedia just as most of us do — because it is a quick way to get started and it has some, but not deep, credibility.' The study offers some initial data to help settle the often heated controversy over Wikipedia's usefulness as a research tool and how it affects students' research."

In theory, you can clip a scene from any movie and download it. I'll get a copy of “We don't need no stinking badges!” (Not many movies online yet.)


Tuesday, March 16, 2010

As Identity Theft migrates from personal credit cards to small business bank accounts, the dollar amounts go up – with apparently little additional effort!

Victim Asks Capital One, ‘Who’s in Your Wallet?’

March 15, 2010 by admin

Brian Krebs writes:

In December, I wrote about how a Louisiana electronics testing firm was suing its bank, Capital One, to recover the losses after cyber thieves broke in and stole nearly $100,000. It looks like another small firm in that state that was similarly victimized by organized crooks also is suing Capital One to recover their losses.

Joseph Mier and Associates Inc., a real estate appraisal company based in Hammond, L.a., lost more than $27,000 last year when four unauthorized automated clearing house (ACH) withdrawals were made from its accounts and sent to individuals around the United States.


Related: Complaint (pdf)

Something for those of us with both technical and business degrees? Since this would be a great source of “targeting” information for Computer Security, perhaps we should be the ones to set it up?

The Coming Botnet Stock Exchange

Posted by Soulskill on Monday March 15, @01:22PM

Trailrunner7 writes

"Robert Hansen, a security researcher and CEO of SecTheory, has been gleaning intelligence from professional attackers in recent months, having a series of off-the-record conversations with spammers and malicious hackers in an effort to gain insight into their tactics, mindset and motivation. 'He's not the type to hack randomly, he's only interested in targeted attacks with big payouts. Well, the more I thought about it the more I thought that this is a very solvable problem for bad guys. There are already other types of bad guys who do things like spam, steal credentials and DDoS. For that to work they need a botnet with thousands or millions of machines. The chances of a million machine botnet having compromised at least one machine within a target of interest is relatively high.' Hansen's solution to the hacker's problem provides a glimpse into a business model we might see in the not-too-distant future. It's an evolutionary version of the botnet-for-hire or malware-as-a-service model that's taken off in recent years. In Hansen's model, an attacker looking to infiltrate a specific network would not spend weeks throwing resources against machines in that network, looking for a weak spot and potentially raising the suspicion of the company's security team. Instead, he would contact a botmaster and give him a laundry list of the machines or IP addresses he's interested in compromising. If the botmaster already has his hooks into the network, the customer could then buy access directly into the network rather than spending his own time and resources trying to get in."

“We don't need no stinking warrant!” After delivery, a copy of your email sits in your “Sent” folder as well as the copy in my “Inbox” All that in addition to the “Hold for the government” folder. Perhaps we need to re-think e-mail?

11th Circuit Eliminates 4th Amend. In E-mail

Posted by CmdrTaco on Tuesday March 16, @08:34AM

Artefacto writes

"Last Thursday, the Eleventh Circuit handed down a Fourth Amendment case, Rehberg v. Paulk, that takes a very narrow view of how the Fourth Amendment applies to e-mail. The Eleventh Circuit held that constitutional protection in stored copies of e-mail held by third parties disappears as soon as any copy of the communication is delivered. Under this new decision, if the government wants get your e-mails, the Fourth Amendment lets the government go to your ISP, wait the seconds it normally takes for the e-mail to be delivered, and then run off copies of your messages."

Until this bill is passed, there is absolutely, positively no way to tell a US citizen from one-a them non-English-speaking fur-in-ers. Soon all the good jobs will be stolen by illiterate immigrants – even Senators might be illegal. (Oh wait, that's redundant.)

National Worker ID Proposed in Comprehensive Immigration Bill

March 16, 2010 by Dissent

I missed this story last week about newly proposed legislation that would create worker ID cards:

President Obama is scheduled to meet with Senators Chuck Schumer (D., N.Y.) and Lindsey Graham (R., S.C.) later this week to discuss a Comprehensive Immigration Reform (CIR) bill. At controversy is a proposed national worker ID which would be at the center of the Senators’ proposed immigration bill currently being worked on in the U.S. Senate.

To combat critics of CIR, who say that once it is passed more illegal immigrants will flood the United States, Senators Schumer and Graham will introduce a national worker ID. The new ID card would be embedded with information, such as fingerprints or a scan of the veins in the top of the hand, to tie the card to the worker. The ID card would be required for all legal U.S. workers, including citizens and immigrants. If implemented all new workers, including teenagers, would be phased in with an initial focus on industries that are known to employ illegal-immigrants.

Read more on MigrationExpert

(Related) Or maybe we could do it this way. After all, what fun is a national Health Care system for if you can't make your citizens prove they are “worthy” of care?

AU: Heath identifier function creep threatens data privacy says Coalition

By Dissent, March 15, 2010 11:48 am

Kareen Dearne reports:

The Senate Community Affairs committee has recommended passage of the controversial Healthcare Identifiers Bill, despite the minority Coalition members calling for amendments to ensure patient privacy and prevent personal identifiers being turned into a national identity regime.

Last night, the committee recommended developing a plan to introduce the scheme over the next two years, opening it to public comment before finalisation.

“The National E-Health Transition Authority in partnership with the Health Department and Medicare should more effectively engage all stakeholders in establishing the HI service,” it said.

Read more on Australian IT.

I suggest we start with his... All of it.

Yale Law Student Wants Government To Have Everybody's DNA

Posted by Soulskill on Monday March 15, @02:06PM

An anonymous reader writes

"Michael Seringhaus, a Yale Law School student, writes in the NY Times, 'To Stop Crime, Share Your Genes.' In order to prevent discrimination [Gack! That's carrying PC way too far. By extension, we could execute everyone, not just serial killers – fair is fair. Bob] when it comes to collecting DNA samples from criminals (and even people who are simply arrested), he proposes that the government collect a DNA profile from everybody, perhaps at birth (yes, you heard that right)."

Regarding the obvious issue of genetic privacy, Seringhaus makes this argument: "Your sensitive genetic information would be safe. A DNA profile distills a person’s complex genomic information down to a set of 26 numerical values, each characterizing the length of a certain repeated sequence of 'junk' DNA that differs from person to person. Although these genetic differences are biologically meaningless — they don’t correlate with any observable characteristics — tabulating the number of repeats creates a unique identifier, a DNA 'fingerprint.' The genetic privacy risk from such profiling is virtually nil, because these records include none of the health and biological data present in one’s genome as a whole."

Darn! Now I have to train my Hacker 101 class to bathe...

Bacteria Trail Betrays Identity Of Computer Users

March 15, 2010 by Dissent

Thomas Claburn reports that now our bacteria can compromise our privacy:

Scientists at the University of Colorado at Boulder have found that the bacteria trail left behind on objects like computer keyboards and mice can analyzed and used to help identify users of those devices.

“Your body is coated with bacteria inside and out,” says CU-Boulder assistant professor Noah Fierer in a video on YouTube. “You’re basically a walking microbial habitat. And we found that the diversity of bacteria just on the skin surface is really pretty incredible. You harbor hundreds of different bacteria species just on your palm, for example. We’ve also found that everybody is pretty unique. So of those let’s say hundred or so bacteria species, very few are of them are shared between individuals.”

What Fierer and his colleagues have demonstrated in a new study is that the distinctive combination of bacteria each of us carries and distributes can be used to help identify what we’ve touched.

Such work may one day help link individuals to malicious computer use or other crimes.

Read more on InformationWeek.

(For directions on knitting the bacteria [Huh? Bob] in the featured photo, click here.)

[Watch the video here:

(Related) Tools for Hackers... I'd never suggest such things to my students because, as Dick Nixon said, “That would be wrong!”

Try2StopMe: Bypass Restrictive Firewalls at Work & School

… Try2StopMe is essentially a web-based proxy service, which means your web traffic is routed through another computer before being sent to you. This can bypass censorship because so far as the corporate or national firewall can tell all you’re doing is browsing Try2StopMe.

Check out Try2StopMe @

Similar sites: AnonyMouse, CTunnel, Prime Proxies and Unblockall.

(Related) Now my Hackers will need some PhotoShop training. (Chapter 6 How to add Zeros)

Deposit Checks To Your Bank By Taking a Photo

Posted by kdawson on Tuesday March 16, @07:50AM

Pickens writes

"The Mercury News reports that consumers will soon be able to deposit a check by snapping a photo of it with a cell phone and transmitting an encrypted copy to their bank. Although some critics contend paperless deposits are an attempt by the banking industry to eliminate 'float,' the standard one- or two-day waiting period between the time someone writes a check and the time the money is actually taken out of their account, actually remote-deposit capture started out as a way for big companies and financial institutions to process huge numbers of checks without having to ship them around the country. 'Our customers are becoming more and more tech-savvy,' said an SVP for mobile banking at Citibank. 'We're trying to support those people on the go.' Although the process adds a new wrinkle to concerns about fraud and the privacy of financial data, banks and the technology companies helping them say they have largely overcome these concerns. Another bank SVP said, 'For many institutions struggling to raise deposits and differentiate, this is an outstanding offering they can roll out inexpensively [note: interstitial]. It's a sticky product.'"

There have been (FBI) press releases before, but here's the whole report. Interesting that the leader in the “Perpetrators per 100,000 People” category is Washington DC.

March 15, 2010

Internet Crime Complaint Center Annual Report

News release: "The Internet Crime Complaint Center (IC3), a partnership between the FBI and the National White Collar Crime Center (NW3C), released the 2009 Annual Report about fraudulent activity on the Internet today. Online crime complaints increased substantially once again last year, according to the report. The IC3 received a total of 336,655 complaints, a 22.3 percent increase from 2008. The total loss linked to online fraud was $559.7 million; this is up from $265 million in 2008."

Is this a model for RIAA fighters here?

Pirate Bay legal action dropped in Norway

March 15, 2010 by Dissent

Mikael Ricknäs reports:

Copyright holders have given up legal efforts to force Norwegian ISP Telenor to block filesharing site The Pirate Bay, one of the parties to the case said.

The copyright holders, led by Norway’s performing rights society TONO and by the International Federation of the Phonographic Industry Norway (IFPI Norge) Norway have lost two rounds in the Norwegian court system, and have now decided against appealing the case to Norway’s supreme court, the organisations said.

Read more in Computerworld UK. TorrentFreak also provides coverage.

I wonder how many of these are in my cereal? (Of course, these are only the “non-confidential” chemicals – apparently Mother Nature holds patents...)

March 15, 2010

EPA Makes Chemical Information More Accessible to Public For the first time

News release: "As part of Administrator Lisa P. Jackson’s strong commitment to increase information on chemicals, for the first time, EPA is providing web access, free of charge, to the Toxic Substances Control Act (TSCA) Chemical Substance Inventory. This inventory contains a consolidated list of thousands of industrial chemicals maintained by the agency. EPA is also making this information available on Data.Gov, a website developed by the Obama Administration to provide public access to important government information. This action represents another step to increase the transparency of chemical information while continuing to push for legislative reform of the 30 year old TSCA law."

Very focused search...

Top 6 Underground Search Engines You Never Knew About

By Ryan Dube on Mar. 15th, 2010

Torrent Finder is one of the most impressive meta-search engines for Torrent files around.

… great bargain search engine FreshBargains. FreshBargains aggregates results from 15 top websites, which is excellent. However, another fantastic and barely known website to find freebies is called Prospector.

… Earlier, I wrote an article about the best websites to find foreclosed homes. Public government sources seemed to provide the most information without requiring a paid membership. However, somehow I missed AOL Foreclosures.

… Another very common sought-after search engine that isn’t always very easy to find are those that offer free public records information. Nine times out of ten, if you try to find such a search engine, you’ll end up with results from one of the major commercial companies trying to sell paid public records search results to you. However, the Public Record Center is different.

… Ever hear of a search engine that lets you dig up legal information from the web? Neither did I, until I discovered Cornell’s Legal Information Institute.

… Of course, if we want to go really underground, we’ve got to go paranormal. And there’s really no better underground paranormal search engine out there than UFO Seek. Don’t let the name fool you, this particular niche search engine isn’t just focused on UFOs and aliens.

If his autobiography is anything to go on, his papers and letters might be interesting to read as well. The political cartoons are very interesting – especially those dealing with the Wall Street bailout.

March 15, 2010

Mississippi State University Libraries Posts Online Collection of Ulysses S. Grant's Papers

Newswise: "With the digitization process now complete, the 31 volumes of Ulysses S. Grant's collected papers now are available online through the Mississippi State University Libraries. The volumes contain thousands of letters written by and to the 18th U.S. president and former Civil War general and Union Army hero. Also including military documents, other materials and numerous photographs, the collection may be viewed free via the Ulysses S. Grant Association's Web site."

(Related) I think I've mentioned this before, but it never hurts to be redundant.

Tuesday, March 16, 2010

The Avalon Project - Hundreds of Primary Documents from US History

The Avalon Project is a good resource for students that need to find digital copies of original documents. For example, all of The Federalist Papers are available on the Avalon Project website.

I'll seriously suggest this type of tool to my students. I'd rather have them spend a reasonable amount of time every day than try to do all of their online assignments at one sitting.

xMinutesAt: Avoid wasting time by setting timer on any website

… xMinutesAt is a handy tool to helps avoid wasting time online. It is a small online timer that you can set before browsing any website, and it will remind you once the timer counts down to zero.

Similar tools: ToVisitOrNot, StayFocusd, MinutesPlease and KeepMeOut.