Saturday, April 03, 2010

Something for nothing!
April 2, 2010 10:19 AM PDT
Whole Foods working to curb Facebook-based scam
by Caroline McCarthy

The equivalent of shouting “You’re an idiot!” in a crowded theater?
Cyberbullying Held not Protected Speech in CA Civil Suit

Frequently lawyers have problems with technology, but they are usually good about telling others what needs to be done. These are lawyer-failure items.
The DOJ Criminal Division’s Laptop Computer Encryption Program and Practices – Audit Report
April 2, 2010 by admin
From the summary of findings in The Criminal Division’s Laptop Computer Encryption Program and Practices, Audit Report 10-23, March 2010:
Criminal Division-Owned Laptop Computers
Our review found that of the 40 laptops we tested for encryption software, 10 did not have encryption, and 9 of those 10 did not have Windows passwords enabled. All of the unencrypted laptops were in one Criminal Division section, the International Criminal Investigative Training Assistance Program (ICITAP), and all of those laptops contained sensitive departmental data.
In addition to our testing of laptops for encryption, we found weaknesses in other areas of the Criminal Division’s laptop encryption program. We determined that at least 43 laptops did not comply with DOJ standards and Criminal Division requirements for laptop security settings. Also, documentation was not maintained to verify the successful installation of whole disk encryption software for all laptop computers. In addition, the Criminal Division was unable to produce an accurate inventory of the universe of laptop computers it owns from ARGIS, DOJ’s official property management system.
Non-Criminal Division-Owned Laptop Computers
We found serious deficiencies with the [Offices, Boards, and Divisions] OBD 47 contractor-owned laptops. Specifically, seven out of nine OBD 47 contractors we tested processed sensitive Department data on laptops without encryption.
In addition to our testing of contractor laptops for encryption, we found weaknesses in oversight of data security policies for the Criminal Division’s contractors. For both the Mega 3 and OBD 47 contracts, we found that these contracts did not have the required security clause requiring encryption, and the Criminal Division had not implemented alternative controls to compensate for the contract deficiencies.
The entire audit can be found here (pdf).

For my Computer Security students
To Catch a Snoop: How To Tell If Someone Is Logging On To Your Wireless Network
by Tim Lenahan on Apr. 2nd, 2010

If the Republicans did this, they would call it profiling…
Personal traits will be used to screen U.S.-bound air passengers
April 2, 2010 by Dissent
David S. Cloud reports:
The Obama administration will announce Friday a new screening system for flights to the United States under which passengers who fit an intelligence profile of potential terrorists will be searched before boarding their planes, a senior administration official said.
The procedures, which have been approved by President Obama, are aimed at preventing another attack like the one attempted by Umar Farouk Abdulmutallab, the Nigerian suspected of ties to Al Qaeda who allegedly tried to blow up an airliner Christmas Day with a bomb hidden in his underwear, the official said.
After that attempt, the administration began mandatory screening of airline passengers from 14 high-risk countries, including Pakistan, Saudi Arabia and Nigeria.
Under the new system, passengers on flights from all countries could be subject to special screening before boarding if they have personal characteristics that match the latest intelligence information about potential attackers, the senior official said.
Read more in the Los Angeles Times.

What would the equivalent punishment have been before personal computers? You can’t own or use (read?) books and magazines?
Federal Appeals Court Says Sex Offender's Computer Ban Unfair
Posted by timothy on Friday April 02, @08:26PM
crimeandpunishment writes
"A federal appeals court says a 30-year computer restriction for a convicted sex offender was too stiff a punishment. The man, who was caught in an internet sex sting, had been ordered not to own or even use a computer." The D.C. Circuit Court's opinion in the case against Mark Wayne Russell is available as a PDF; slightly longer coverage from the Courthouse News Service.

If this happened here, the husband would still be on the Sex Offenders registry.
Stalker Jailed For Planting Child Porn On a PC
Posted by samzenpus on Friday April 02, @10:29AM
An anonymous reader writes
"An elaborate scheme, to get the husband of a co-worker with whom he was obsessed jailed, backfired on Ilkka Karttunen, 48, from Essex in the UK. His plan was to get the husband arrested so that he could have a go at a relationship with the woman, and to do this he broke into the couple's home while they were sleeping, used their family computer to download child pornography, and then removed the hard drive and mailed it anonymously to the police, along with a note that identified the owner."
[From the article:
Before sending the hard disk to the police, he downloaded its contents onto his computer, which he kept in the garden shed. A lot of personal information like pictures and credit and debt card information belonging to the family was discovered on it after the computer was analyzed.

This will be handy until we get adequate bandwidth…
Sync Folders With Your USB Drive Using Allway Sync [Windows]
The beauty of Allway Sync is that it’s versatile

Sometimes you have to play soothing music for your students.
Everything A Jazz Fan Needs To Find The Best Jazz Music

Friday, April 02, 2010

Perhaps we could do this next time…
Indian Census To Collect Fingerprints, Photos
Posted by timothy on Friday April 02, @02:08AM
adityamalik writes
"The Indian census kicks off on Thursday, with approximately 2.5 million people charged with conducting it across the billion-plus strong country. "Officials will collect fingerprints and photograph every resident for the first time for the register — a process described by Home Minister P. Chidambaram as 'the biggest exercise... since humankind came into existence.' Sensitivity towards collection of biometrics and personal details is quite low in India currently. Wonder how effective — and how powerful — the exercise will turn out to be for the country. Am also struggling to imagine how the photo and fingerprint collection is going to happen, technology-wise."

“Well yes, it does work the way the manual says it works. But we would never use it that way…”
April 01, 2010
EPIC: TSA Concedes Body Scanners Store and Record Images
Follow up to previous postings on government implementation of whole body scanning technology at airports, via EPIC: "In response to a Congressional inquiry, led by Congressman Bennie Thompson, the Transportation Security Agency acknowledged that images on body scanner machines would be recorded for "testing, training, and evaluation purposes." The TSA also did not dispute that test mode could be activated in airports, but said this "would" not happen. As part of an ongoing lawsuit, EPIC had previously obtained TSA documents describing the machines' capabilities to store and transmit detailed images of travelers' naked bodies."
• Homeland Security Blog: "TSA's deployment of new screening technology known as AIT. Public discussion and debate is good, and we at TSA have worked hard to inform, educate and adjust our screening protocols in the interests of security, efficiency, safety and privacy. Our FY 2011 budget request includes $573 million to purchase 500 Advanced Imaging Technology (AIT) units and to operationally staff, operate and maintain 1,000 units, which includes the 500 units we are deploying now. This is indeed an important investment decision and not something we take lightly. We don't take the threats we're facing lightly either."

A modern Solomon? (When was this article published?)
Judge Chin Says He Will Cut the Google Book Settlement
Posted by timothy on Thursday April 01, @07:42PM
Miracle Jones writes
"In a move that has shocked the publishing world, Judge Denny Chin has filed a brief saying that he has decided to cut the Google Book Settlement in half, letting Google host the first half of every book the company has scanned, and letting other interested stakeholders fight for the rights to the rest. 'We think this is a hard decision, but a fair one,' said John Peter Franks for Google. 'We would like to be able to host and control whole books, but at least we get the front half.'"

So maybe that business model might work after all?
Microsoft's big gamble with free Office
SAN FRANCISCO--Microsoft has a new plan to make more money from Office: give it away.

You can make money in the high-tech world with low tech services. - Destroy Your Hard Drive Securely
Driveburn is a secure hard drive data destruction company. The way it all works is easy and direct: you pay a set price (currently $ 25), you are sent a prepaid Ship Kit, and you send the drive back to Driveburn in order to be melted down. Free USPS priority shipping is paid by the company.
The destruction of the drive itself happens under video surveillance, and you will receive a photo certificate as confirmation that you drive has actually been toasted and wiped from the face of the Earth.
The Ship Kit that you are sent has a security seal that is unique - no other order has the same seal. This enables you to track and secure your data. Upon being received by the company, the driver itself is never installed or viewed - the moment the security seal is broken the drive is destroyed. And once the driver has been obliterated, then the remains (along with most of the actual packaging) are recycled in order to do something good for the environment.

For my geeks…
Build A Remote Control Internet TV & Drop Your Cable Company

How To Develop A Simple iPhone App & Submit It To iTunes

Thursday, April 01, 2010

You have to ask, “When is public data actually public?”
Data sifted from Facebook wiped after legal threats
March 31, 2010 by Dissent
As a follow-up to a report that Pete Warden was harvesting social network data discussed here, Jim Giles reports:
Legal threats from Facebook have led to the destruction of a social science dataset about to be released to researchers.
Lawyers from the social networking site contacted Pete Warden, an entrepreneur based in Boulder, Colorado, in February after he announced plans to release data he had collected from the public profiles of 210 million Facebook users.
Facebook may have lucked out that Warden does not have the resources to fight them, as Giles points out other instances where researchers have used crawler software to capture Facebook data. Facebook’s robots.txt file does not prevent such crawling.
Has the FTC ever looked at the issue of whether failure to at least try to block such crawling constitutes “reasonable security?” I don’t know.

The wispy uncertainty of Cloud Computing.
Yale Delays Move To Gmail
Posted by timothy on Wednesday March 31, @04:13PM
Mortimer.CA writes
"The Yale Daily News is reporting that the move to Gmail has been postponed. After further consultations with faculty and staff, the concerns raised 'fell into three main categories: problems with "cloud computing" (the transfer of information between virtual servers on the Internet), technological risks and downsides, and ideological issues.' In the latter category, 'Google was not willing to provide ITS with a list of countries to which the University's data could be sent [i.e., replicated], but only a list of about 15 countries to which the data would not be sent.'"

If Washington hadn’t insisted, the King of the United States would have these powers.
March 31, 2010
Court Rejects Government's Executive Power Claims and Rules That Warrantless Wiretapping Violated Law
Follow up to previous postings on the Domestic Surveillance Program, via EFF, Kevin Bankston: "Today, Chief Judge Vaughn Walker of the federal district court in San Francisco found that the government illegally wiretapped an Islamic charity's phone calls in 2004, granting summary judgment for the plaintiffs in Al-Haramain Islamic Foundation v. Obama. The court held the government liable for violating the Foreign Intelligence Surveillance Act (FISA). Today's order is the first decision since ACLU v. NSA to hold that warrantless wiretapping by the National Security Agency was illegal. The decision in ACLU v. NSA was overturned on other grounds in 2007, and the focus of the government's litigation strategy since then has been to avoid having any court rule on the merits of the issue. The court's thorough decision is a strong rebuke to the government's argument that only the Executive Branch may determine if a case against the government can proceed in the courts, by invoking state secrets. The Obama Administration adopted this "state secrets privilege" theory from the Bush Administration's legal positions in this and other warrantless wiretapping cases."

(Related) Another “read”
What Al-Haramain Says, And What It Doesn’t Say
April 1, 2010 by Dissent
Orin Kerr comments on the reporting of the Ninth Circuit’s decision in the Al-Haramain case, gently pointing out the the New York Times and others in the media somewhat mischaracterized the ruling: [Kell Supreeze, as the French say. Bob]
The New York Times reports on Judge Walker’s new decision in Al-Haramain Islamic Foundation v. Obama with the following opening:
A federal judge ruled Wednesday that the National Security Agency’s program of surveillance without warrants was illegal, rejecting the Obama administration’s effort to keep shrouded in secrecy one of the most disputed counterterrorism policies of former President George W. Bush. In a 45-page opinion, Judge Vaughn R. Walker ruled that the government had violated a 1978 federal statute requiring court approval for domestic surveillance when it intercepted phone calls of Al Haramain, a now-defunct Islamic charity in Oregon, and of two lawyers representing it in 2004. Declaring that the plaintiffs had been “subjected to unlawful surveillance,” the judge said the government was liable to pay them damages.
The ruling delivered a blow to the Bush administration’s claims that its surveillance program, which Mr. Bush secretly authorized shortly after the terrorist attacks of Sept. 11, 2001, was lawful. Under the program, the National Security Agency monitored Americans’ international e-mail messages and phone calls without court approval, even though the Foreign Intelligence Surveillance Act, or FISA, required warrants.
I’ve seen some similar reports online, so I thought I would register a somewhat technical objection to this characterization of the opinion. The Obama Administration wasn’t arguing that the surveillance program was lawful. As a result, the decision doesn’t rule that the program was unlawful. Rather, the Obama Administration was just arguing that Judge Walker couldn’t reach the merits of the case because of the state secrets privilege. After Judge Walker rejected the state secrets privilege claim, the case was over: DOJ not having argued that warrantless monitoring was lawful, Walker had no choice but to grant relief to the plaintiffs on their claim.
Read more on The Volokh Conspiracy.

Pam would know…
March 31, 2010
Report - The One-Way-Mirror Society: Privacy Implications of the New Digital Signage Networks
World Privacy Forum: "New forms of sophisticated digital signage networks are being deployed widely by retailers and others in both public and private spaces. From simple people-counting sensors mounted on doorways to sophisticated facial recognition cameras mounted in flat video screens and end-cap displays, digital signage technologies are gathering increasing amounts of detailed information about consumers, their behaviors, and their characteristics, like age, gender, and ethnicity. These technologies are quickly becoming ubiquitous in the offline world, and there is little if any disclosure to consumers that information about behavioral and personal characteristics is being collected and analyzed to create highly targeted advertisements, among other things. Few if any consumers expect that the video screen they are watching, the kiosk they are typing on, or the game billboard they are interacting with is watching them back while gathering images of them and behavioral information. This is creating a one-way-mirror society with no notice or opportunity for consumers to consent to being monitored in retail, public, and other spaces or to consent to having their behavior analyzed for marketing and profit. The privacy problems inherent in digital networks are profound, and to date these issues have not been adequately addressed by anyone. This report by the World Privacy Forum seeks to shed light in a dark area and to start a more robust public debate. In addition to the report, the WPF has released with a group of the nation's leading consumer groups a set of privacy principles to be used in digital signage networks."
The One-Way-Mirror Society, Privacy Implications of the new Digital Signage Networks, by Pam Dixon, January 27, 2010

No doubt some bright young law school student will read this and figure out how to ride this wave to fame and fortune.
March 31, 2010
Pew: The Impact of the Internet on Institutions in the Future
The Impact of the Internet on Institutions in the Future, Janna Quitney Anderson, Elon University, Lee Rainie, Pew Research Center’s Internet & American Life Project, March 31, 2010: "Technology experts and stakeholders say the internet will drive more change in businesses and government agencies by 2020, making them more responsive and efficient. But there are powerful bureaucratic forces that will push back against such transformation and probably draw out the timeline. Expect continuing tension in disruptive times.
"By an overwhelming margin, technology experts and stakeholders participating in a survey fielded by the Pew Research Center’s Internet & American Life Project and Elon University’s Imagining the Internet Center believe that innovative forms of online cooperation could result in more efficient and responsive for-profit firms, non-profit organizations, and government agencies by the year 2020."

For my Computer Security students.
To Catch A Snoop: How To Tell If Someone Has Been On Your Computer [Windows]

For my Math students.
How To Use Google As A Calculator

Thousands of years of scientific data vetted by politicians in weeks! We’re paying the wrong people!
House of Commons Finds No Evidence of Tampering In Climate E-mails
Posted by timothy on Wednesday March 31, @03:30PM
dwguenther writes
"The first of several British investigations into the e-mails leaked from one of the world's leading climate research centers has largely vindicated the scientists involved. The House of Commons' Science and Technology Committee said Wednesday that they'd seen no evidence to support charges that the University of East Anglia's Climatic Research Unit ... had tampered with data or perverted the peer review process to exaggerate the threat of global warming."
According to the article, the head of committee which produced the report "said the lawmakers had been in a rush to publish something before Britain's next national election, which is widely expected in just over a month's time"; two further inquiries are to examine the issue more closely. The "e-mails appeared to show scientists berating skeptics in sometimes intensely personal attacks, discussing ways to shield their data from public records laws, and discussing ways to keep skeptics' research out of peer-reviewed journals," but the committee concluded that East Anglia researcher Phil Jones was not part of a conspiracy to hide evidence that weakens the case for global warming. [Is that the same as “there was no conspiracy?” Bob]

Wednesday, March 31, 2010

Letters tip off patients
March 30, 2010 by admin
Pierrette J. Shields reports:
Boulder Community Hospital officials are investigating anonymous letters sent to patients of a Lafayette clinic along with medical records that the sender claims were pulled from the trash.
A Longmont woman told the Times-Call she received the anonymous letter Monday with a page from her son’s medical records that included private medical information and her Social Security number.
Mary Iannotti, a spokeswoman for Boulder Community Hospital, said Monday afternoon that four patients of the Family Medical Associates clinic in Lafayette, which is affiliated with BCH, fielded four calls from patients who reported receiving the anonymous letters.
The woman said the record had handwritten notes on it as though it had been used as scrap paper and that the information included notes about other patients, including a DUI notation and that a family had suffered from swine flu.
The letter urges the recipient to report the incident as a potential federal violation of laws that require medical records to be kept private.
A post office box listed as the return address belongs to the Boulder Community Hospital Foundation.
Iannotti said the foundation is not involved.
Read more in the Longmont Times-Call.

Heartland data is still on the market…
MidFlorida Credit Union Issuing New Cards
March 30, 2010 by admin
Kyle Kennedy reports that new fraud reports have emerged related to the Heartland Payment Systems breach disclosed in January 2009 and that a credit union is now replacing additional cards:
Some MidFlorida Credit Union members are getting new debit cards because of a fraud risk.
Kathy Britt, chief operations officer for Lakeland-based MidFlorida, said the firm is issuing 12,000 new debit cards after recent fraud attempts stemming from a previous data breach at Heartland Payment Systems.
MidFlorida issued new cards to about 5,000 of its members last year and is now sending out 12,000 new cards following recent fraud attempts on cards involved in the Heartland breach, Britt said.
The credit union has about 80,000 debit card holders.
Read more in The Ledger.

Is forced disclosure better for your corporate reputation?
Outed by judge, Wet Seal reveals 2008 breach
March 30, 2010 by admin
After being outed by a Massachusetts judge who felt that the retailer should have disclosed the incident in 2008, Wet Seal subsequently issued a statement acknowledging that they had a security breach that involved the hacking ring led by Albert Gonzalez.
According to Wet Seal’s statement:
In May 2008, we became aware that a criminal group obtained unauthorized access to our information systems in an attempt to steal credit and debit card data of our customers. Through an investigation led by an independent, third-party computer forensics firm, and corroborated by members of the U.S. Secret Service and U.S. Department of Justice who led the government’s prosecution of Mr. Gonzalez, we found no evidence to indicate that any customer credit or debit card data or other personally identifiable information was taken. In working with the major credit card processing agencies, we also have identified no instances of credit card fraud to suggest that any such data was taken.
Not revealed in their statement is whether Wet Seal discovered the breach themselves or were informed by federal investigators. And while the retailer pats itself on the back for responding promptly once they found out, it seems that they simply lucked out, as the indictment of Gonzalez in the New Jersey case indicated that:
In or about January 2008, Company B was the victim of a SQL Injection Attack that resulted in the placement of malware on its network.
In or about January 2008, over an internet messaging service, GONZALEZ sent P.T. a SQL Injection String that was used to penetrate Company B’s computer network (the “Company B SQL String”). The Company B SQL String was programmed to direct data to Hacking Platforms, including the ESTHOST Server and the Ukranian Server.
On or about April 22, 2008, GONZALEZ modified a file on the Ukranian Server that contained computer log datastolen from Company B’s computer network.
Between in or after March 2007 and in or about May 2008, GONZALEZ participated in a discussion over an internet messaging service in which one of the participants stated “core still hasn’t downloaded that [Company B] sh-t.”
From the above, it seems that at any point between January 2008 and May 2008, Gonzalez and his fellow hackers could have downloaded Wet Seal customer data and it is only a matter of Wet Seal’s good fortune that the hackers hadn’t gotten around to it before Wet Seal found out about the breach and secured their server.
Why Wet Seal felt that they were entitled to victim status and that their reputation and privacy should be respected escapes me, as it seems evident that their customers were lucky but still entitled to know that the retailer’s system had been breached. Maybe not entitled by law, but entitled.

Always the first question.
When will cloud computing start raining cash?
by Matt Asay March 30, 2010 8:24 AM PDT

May not be a useful precedent, after all this is strange, even for New Jersey!
March 30, 2010
New Jersey Supreme Court Rules in Favor of Employee Email Privacy
EPIC: "The New Jersey Supreme Court ruled in favor of a female employee whose employer read emails that she sent while using Yahoo Mail on a company-owned laptop. The employee, Marina Stengart, had exchanged emails with her attorney regarding a possible discrimination lawsuit against the employer. The employer then pulled the emails off of the laptop's hard drive and used them to prepare a defense to the discrimination suit. The New Jersey Supreme Court found that "Under the circumstances, Stengart could reasonably expect that e-mail communications with her lawyer through her personal, password-protected, web-based e-mail account would remain private, and that sending and receiving them using a company laptop did not eliminate the attorney-client privilege that protected them." The Supreme Court of the United States is set to consider employee privacy in City of Ontario v. Quon, in which EPIC submitted a "friend of the court brief."

Die SCO, die! (The end of the “case that would not die?”
Novell Wins vs. SCO
Posted by CmdrTaco on Tuesday March 30, @04:20PM
Aim Here writes
"According to Novell's website, and the Salt Lake Tribune, the jury in the SCO v. Novell trial has returned a verdict: Novell owns the Unix copyrights. This also means that SCO's case against IBM must surely collapse too, and likely the now bankrupt SCO group itself. It's taken 7 years, but the US court system has eventually done the right thing ..."
No doubt this is the last we will ever hear of any of this.

I love lists. I love free stuff. I really like lists of free stuff.,2817,2361876,00.asp
The Best Free Software of 2010
Get what you DON'T pay for: Here are 196 programs that cost nothing but will make your computing life richer—all while keeping your wallet fat.

Tuesday, March 30, 2010

It strikes me as unusual that we aren't hearing more about this. The government (elected officials) tends to ignore “issues” that do not generate a lot of publicity on their own. This story seemed to flash and fade. Is there something hidden here that will be dramatically revealed by someone seeking another term?

School laptop spy case prompts Wiretap Act rethink

March 29, 2010 by Dissent

Nate Anderson reports:

When Pennsylvania’s Lower Merion school district installed remote control anti-theft software on student laptops, it had no intention of dragging Congress into a national debate about wiretapping laws and webcams—but that’s exactly what it got (in addition to some unwanted FBI attention and a major lawsuit). The key question: should the school’s alleged actions be made illegal under US wiretap law?

The Senate Judiciary Subcommittee of Crime and Drugs schlepped out of DC today and wound up in Philadelphia’s US District Court, Courtroom 3B, to hold a field hearing on “video laptop surveillance.” The trigger issue was Lower Merion, which stands accused of using the anti-theft software to remotely peep on students using their own webcams, even outside of school hours.

The existing Wiretap Act already bans oral, wire, and electronic communications gathered without consent (unless a court orders it). “Oral” communication is clear enough, but “wired” communications also need to have an aural component, according to the law. And “electronic” communications only include data such as e-mails.

The upshot is that the Wiretap Act does not currently regulate silent video communication.


EFF lawyer Kevin Bankston blasted the current law in his testimony, telling the subcommittee this morning, “It makes no sense that if the Lower Merion School District’s administrators had eavesdropped on students’ conversations at home using the laptop’s microphone, or had intercepted a student’s private video chats, they would clearly be guilty of a felony violation of Title III, but surreptitious video surveillance is not regulated by the statute at all.”

Bankston called for an immediate change in the law, saying that webcams were “awesomely useful” but that “surreptitious video surveillance has become a pervasive threat.”

Read more on Ars Technica.

Electronic Health Record systems are not simple, but they will (eventually) be developed.

The Evolving e-Prescribing Landscape

Full Document (PDF; 852 KB)

[From the document:

Our primary intent in this paper is to first provide you with some essential information regarding e-prescribing: a history and overview and a discussion of the e-prescribing process. Next we’ll present a more detailed treatment of the e-prescribing landscape, focusing on: the regulatory environment; marketplace strategies and stakeholder incentives; and some critical e-prescribing challenges. Finally, we’ll present some recommended next steps to consider in support of your organization’s efforts to achieve a financially and functionally successful e-prescribing implementation.

The nuclear option? My students will want one, but will the TSA allow them on planes?

Self-Destructing USB Stick

Posted by samzenpus on Tuesday March 30, @07:57AM

Hugh Pickens writes

"PC World reports that Victorinox, maker of the legendary Swiss Army Knife, has launched a new super-secure memory stick that sounds like something out of Mission: Impossible. The Secure Pro USB comes in 8GB, 16GB, and 32GB sizes, and provides a variety of security measures including fingerprint identification, a thermal sensor, and even a self-destruct mechanism. Victorinox says the Secure is 'the most secure [device] of its kind available to the public.' The Secure features a fingerprint scanner and a thermal sensor 'so that the finger alone, detached from the body, will still not give access to the memory stick's contents.' While offering no explanation how the self-destruct mechanism works, Victorinox says that if someone tries to forcibly open the memory stick it triggers a self-destruct mechanism that 'irrevocably burns [the Secure's] CPU and memory chip.' At a contest held in London, Victorinox put its money where its mouth was and put the Secure Pro to the test offering a £100,000 cash prize ($149,000) to a team of professional hackers if they could break into the USB drive within two hours. They failed."

Colorado Tech is adding a class on the care and feeding of Cloud Computing (Buy or Lease, legal issues, return of data, etc.) About time the government started addressing it.

March 29, 2010

Federal Cloud Computing Initiatives Gain Traction

Follow up to previous postings on cloud computing, see this Special Report, April 2010 - Federal Cloud Computing Initiatives Gain Traction.

  • "The current administration recommends launching cloud computing pilot tests for applications ranging from communications and remote access, to virtual data centers, analytics/reporting, web portals, collaboration and both records and case management. And while U.S. Chief Information Officer Vivek Kundra intends to shrink the total number of government IT initiatives, cloud computing remains a top priority. In fact, public sector investment in cloud computing will likely more than double in the next five years, according to a recent report by analyst firm INPUT in Reston, Va. As the federal government modernizes IT infrastructures, agencies are exploring cloud computing as a viable alternative to buying and maintaining additional servers and software. Industry observers cite the administration’s Open Government Directive and the website as a prime example. NASA, meanwhile, launched Nebula, a home-grown cloud computing environment designed to let outside scientists contribute..."

(Related) No sooner do we recognize Cloud Computing as a viable paradigm when someone suggests it is obsolete. Of course, there's a bit of marketing involved here.

Hello, iPad. Hello, Cloud 2.

by Marc Benioff on Mar 29, 2010

… The future of our industry now looks totally different than the past. It looks like a sheet of paper, and it’s called the iPad. It’s not about typing or clicking; it’s about touching. It’s not about text, or even animation, it’s about video. It’s not about a local disk, or even a desktop, it’s about the cloud. It’s not about pulling information; it’s about push. It’s not about repurposing old software, it’s about writing everything from scratch (because you want to take advantage of the awesome potential of the new computers and the new cloud—and because you have to reach this pinnacle). Finally, the industry is fun again.

Cloud 1 ————————————->Cloud 2

Location Unknown————————->Location Known
Desktop/notebook————————->Smart phone/Tablet
Windows/Mac——————————>Cocoa/HTML 5

(Related) This is worth reading. Tim often gets it right and is always a good read.

The State of the Internet Operating System

Posted by CmdrTaco on Tuesday March 30, @09:24AM

macslocum writes

"Tim O'Reilly: "I've been talking for years about "the internet operating system", but I realized I've never written an extended post to define what I think it is, where it is going, and the choices we face. This is that missing post. Here you will see the underlying beliefs about the future that are guiding my publishing program as well as the rationale behind conferences I organize.""

Eventually, someone is going to get it right. Perhaps someone already has. But the lobbyists will never stop asking for changes.

EU Demands Canada Gut Its Copyright and Patent Laws

Posted by samzenpus on Tuesday March 30, @01:28AM

An anonymous reader writes

"Late last year, a draft of the European Union proposal for the intellectual property chapter of the Canada — EU Comprehensive Economic Trade Agreement leaked online. The leak revealed that the EU was seeking some significant changes to Canadian IP laws. Negotiations have continued and Michael Geist has now obtained an updated copy of the draft chapter, complete with proposals from both the EU and Canada. He says the breadth of the demands are stunning — the EU is demanding nothing less than a complete overhaul of Canadian IP laws including copyright, trademark, databases, patent, geographic indications, and even plant variety rights."

This is in the UK, but Warner Cable has offices here, perhaps my students would be interested in learning how to pirate movies? (So they could stop it of course...)

Warner Brothers Hiring Undercover Anti-Pirates

Posted by samzenpus on Monday March 29, @07:29PM

An anonymous reader writes

"TorrentFreak reports that Warner Brothers UK is hiring college students with an IT background to participate in an internship that will pit them against pirates on the world wide web in an effort to crack down on illegal digital distribution. The intern will literally be on the front-lines of the epic battle against pirated content, ensnaring users in incriminating transactions, issuing takedown requests, and causing general frustration amongst the file-sharing population on the Internet."

I've used SharpReader for years. Probably time to upgrade.

Top 10 Most Downloaded RSS Reader Apps [Movers & Shakers]

Monday, March 29, 2010

Free 33 Page Guide - Google for Teachers

… This guide avoids some of the obvious things, like using Google Docs for collaborative writing, and instead focuses on some of the lesser-used Google tools options like publishing an online quiz using Google Docs. In all there are 33 pages containing 21 ideas and how to instructions for creating Google Maps placemarks, directions creating and publishing a quiz with Google Docs forms, directions for embedding books into your blog, and visual aids for accessing other Google tools.

You can download the document from Yudu or DocStoc.

Monday, March 29, 2010

Similar to my idea for a municipality owned wholesale network, rather than a monopoly. In theory, you could set up an 'exclusive' ISP and pass the savings to your subscribers.

PE Firm Plans Open LTE Network to Challenge AT&T and Verizon

By Stacey Higginbotham Mar. 27, 2010, 7:33pm PDT

A New York private equity firm plans to build a multibillion-dollar 4G wireless network that will cover most of the country by 2015. The ambitious plan by Harbinger Capital Partners relies on deploying a Long Term Evolution network over spectrum owned by a few satellite companies — and would create an open wholesale wireless network available to retail companies, PC manufacturers or anyone who wants to offer mobile broadband.

Who makes the laws in this country?

Washington Lobbyists Cash in on Health Reform

… About 1,750 businesses and organizations hired about 4,525 lobbyists, total — eight for each member of Congress — and spent at least $1.2 billion to influence health care bills and other issues, according to a Center analysis of disclosure documents that included “health reform” or similar wording.

Full Report

The Geeky Lawyer Show?

March 28, 2010

New on Getting Educated at LegalTech New York 2010

Getting Educated at LegalTech New York 2010: Conrad J. Jacoby provides an overview of the New York LegalTech show and conference, long one of the preeminent opportunities to catch a glimpse of the future of legal technology. Conrad highlights how the conference provides a surprisingly accurate snapshot of litigation support, electronic discovery, and even the health of the legal industry as a whole.

[From the article:

So what are some of the more interesting things I picked up at LegalTech this year? Here are a few that come to mind.

  1. Clients are getting even more serious about taking direct charge of e-discovery projects to save costs and to reduce business disruption.

  2. Hosted litigation support platforms continue to take market share from local-based litigation support software. [i.e. Cloud Computing Bob]

  3. The phrase "Early Case Assessment" continues to be overused and under-defined.

  4. Outsourced document review remains on the cusp of wide-spread adoption.

This is interesting. Perhaps my wife is correct when she says more that half of the world is below average – assuming they are the ones who keep repeating the same search over and over.

Microsoft Lost Search War By Ignoring the Long Tail

Posted by Soulskill on Sunday March 28, @09:20AM

Art3x writes

"When developing search engine technology, Microsoft focused on returning good results for popular queries but ignored the minor ones. 'It turned out the long tail was much more important,' said Bing's Yusuf Mehdi. 'One-third of queries that show up on Bing, it's the first time we've ever seen that query.' Yet the long tail is what makes most of Google's money. Microsoft is so far behind now that they won't crush Google, but they hope to live side by side, with Bing specializing in transactions like plane tickets, said Bing Director Stefan Weitz."

(Related) In this case, the description is “good enough,” which also translates as: “We can sell it and probably won't get sued much.” Let's hope this doesn't occur in the proposed Electronic Health Records systems.

The Economics of Perfect Software

Posted by Soulskill on Sunday March 28, @01:40PM

An anonymous reader writes

"This article takes the interesting perspective that leaving bugs in software is good — little ones, at least. This quote is particularly insightful: 'How do you know whether a bug is big or little? Think about who's going to hit it, and how mad they'll be when they do. If a user who goes through three levels of menus, opens an advanced configuration window, checks three checkboxes, and hits the 'A' key gets a weird error message for his trouble, that's a little bug. It's buried deep, and when the user hits it, he says 'huh,' clicks a button, and then goes on his merry way. If your program crashes on launch for a common setup, though, that's a big bug. Lots of people will hit it, and they will all be pissed. ... The cost of fixing all the bugs in your program and then being sure you fixed them all is way too high compared to the cost of having a few users hit some bugs they won't care about."

Again, there is an indication that ethical companies make more money. Could it be that highly profitable companies can afford to spend money on ethics training? (If so, there are some big names missing from this list.)

March 27, 2010

2010 World’s Most Ethical Companies

Ethisphere: "The World’s Most Ethical Companies designation recognizes companies that truly go beyond making statements about doing business “ethically” and translate those words into action. WME honorees demonstrate real and sustained ethical leadership within their industries, putting into real business practice the Institute’s credo of “Good. Smart. Business. Profit.” There is no set number of companies that make the list each year. Rather, the World’s Most Ethical Company designation is awarded to those companies that have leading ethics and compliance programs, particularly as compared to their industry peers. This year, there are 100 World’s Most Ethical Companies. Of these companies, 26 are new to the list in 2010 and 24 companies dropped off from the 2009 list. These “drop offs” generally occurred because of litigation and ethics violations, as well as increased competition from within their industry."

For my Computer Security students.

6 Steps to Protect Your Facebook Privacy

For example, you can limit your search results to RSS feeds or to Videos, etc. - Search The Web In An Indexed Way

Yimmiy is a brand-new search tool. It doesn’t necessarily provide a radically different experience from what we are used to expect from sites like Google or Bing, but it is practical in its very own way.

Essentially, the site will enable you to carry a search for any kind of data, and have the results indexed by color for easier reference. That is, you have to check the relevant box from the ones reading “Web”, “Images”, “Videos”, “News”, “RSS” and “18+” and each of these categories has a color associated to it by default. The results will consequently be indexed for easier reference.

The above means that on this site you will be able to sift through search results in a different way – I don’t know if calling it a “better” search engine is warranted. Probably not.

I love lists, and occasionally I find something worth while...

125 Educational Sites Ranked in 25 Categories

Because you never know when you might need a quote from “Young Frankenstein”

Bnwmovies: Watch Classic Old Movies Online

If you are a fan of the classic black and white movies, then you should check out Black And White Movies. This website has a large collection classic old movies from the 1920’s up to the 1970’s. Movies are categorized into different genres such as Action, Adventure, Comedy, Drama, Horror, War, and more. You can also view movies alphabetically by letter.

Similar Tools: BMovies, Watch-Movies and Movski.

Sunday, March 28, 2010

Gee, perhaps we should have a Constitution.

Israel's Supreme Court Says Yes To Internet Anonymity

Posted by timothy on Sunday March 28, @01:08AM

jonklinger writes

"The Israeli Supreme Court ruled this week that there is no civil procedure to reveal the identity of users behind an IP address, and that until such procedure shall be legislated, all internet postings, even tortious, may remain anonymous. The 69-page decision acknowledges the right to privacy and makes internet anonymity de facto a constitutional right in Israel. Justice Rivlin noted that revealing a person behind an IP address is 'an attempt to harness, prior to a legal proceeding, the justice system and a third party in order to conduct an inquiry which will lead to the revealing of a person committing a tort so that a civil suit could be filed against him.'"

[From the article:

His decision rules, actually, that until a procedure will be legislated, petitions to reveal anonymous users may not be granted (and according to estimations, there is at least one daily request per ISP).

… The supreme court ruled that:

Shattering the ‘illusion of anonymity’, in a reality where a user’s privacy feeling is a myth, may raise associations of a “big brother”. Such violation of privacy should be minimized. In adequate boundaries the anonymity shelters should be preserved as a part of the Internet Culture. You may say that anonymity makes the internet what it is, and without it the virtual freedom may be reduced.

Those who do not study history (even the history of Computer Security) are doomed to repeat it. This has been true of every evolutionary step in the industry, from Mainframes to mini-computers, to microcomputers, to the Internet, to the web, to hand-held devices and now to “smart” devices.

Security Holes Found In "Smart" Meters

Posted by timothy on Sunday March 28, @08:11AM

Hugh Pickens writes

"In the US alone, more than 8 million smart meters, designed to help deliver electricity more efficiently and to measure power consumption in real time, have been deployed by electric utilities and nearly 60 million should be in place by 2020. Now the Associated Press reports that smart meters have security flaws that could let hackers tamper with the power grid, opening the door for attackers to jack up strangers' power bills, remotely turn someone else's power on and off, or even allow attackers to get into the utilities' computer networks to steal data or stage bigger attacks on the grid. Attacks could be pulled off by stealing meters — which can be situated outside of a home — and reprogramming them, or an attacker could sit near a home or business and wirelessly hack the meter from a laptop, according to Joshua Wright, a senior security analyst with InGuardians Inc, a vendor-independent consultant that performs penetration tests and security risk assessments."

"Wright says that his firm found 'egregious' errors, such as flaws in the meters and the technologies that utilities use to manage data (PDF) from meters. For example, smart meters encrypt their data but the digital 'keys' needed to unlock the encryption are stored on data-routing equipment known as access points that many meters relay data to so stealing the keys lets an attacker eavesdrop on all communication between meters and that access point (PDF). 'Even though these protocols were designed recently, they exhibit security failures we've known about for the past 10 years,' says Wright."

Clear, simple, do-able.

8 Layers of Security Every Computer Should Have

Posted by Sue Marquette Poremba Mar 26, 2010 4:17:58 PM

  • Firewalls.

  • A traditional scanner, such as antivirus, antimalware, and antispyware software.

  • A specialist Web-scanning layer to block most of the attacks immediately.

  • A behavior monitoring layer.

  • Newest version of your favorite browser.

  • Network-based restrictions and user management software.

  • Data encryption software.

  • Online backup system.

Making sense?

March 27, 2010

Political Considerations Another Facet of Google's Decision to Exit China

Follow up to Google Discontinues Censored Search in Mainland China and An Interview with David Drummond of Google about the company's new policies in China, additional perspective as follows:

  • New York Times, Google Searches for a Foreign Policy:"When Google announced last week that it would shut its censored online search service in China, it was doing more than standing up to a repressive government: it was showing that, with the United States still struggling to develop a foreign policy for the digital age, Internet companies need to articulate their own foreign policies."

  • Washington Post - On Leadership: Views on Google's refusal to continue censorship in China by Benjamin W. Heineman Jr., business ethics expert and senior fellow at Harvard University's schools of law and government.

We should be able to determine (rather quickly) if this will be a “voice of reason” or simply a “make sure those celebrity endorsements and contributions keep coming” voice.

Big Content: stopping P2P should be "principal focus" of IP czar

By Nate Anderson Last updated 2 days ago

Thanks to the recent PRO-IP Act, the US has for the first time has an "Intellectual Property Enforcement Coordinator" responsible for pulling together all the resources of the federal government. What should the IPEC be doing with her time and resources? The "core content industries" have an answer: she should turn the online world from a "thieves' bazaar to a safe and well-lit marketplace" by encouraging network admins to deploy bandwidth shaping, site blocking, traffic filters, watermark detectors, and deep packet inspection.

… One of Espinel's key interests was in gathering good data on IP infringement and what it costs the US economy. She asked for metrics, methodologies, and rigorous research (many of these sorts of numbers are pretty transparently bogus). What she got from the core copyright industries was two pages that cited four reports, all done by the same guy at the same think tank. As for methodology, etc., Espinel can just go look it up "in the text of the cited report."

One tool to grab them all? - Download & Save Videos To Your HD

… In general terms, it is a young site that will let you save video files hosted on the following portals: YouTube, Dailymotion, Metacafe, Veoh, Flickr, Google and

The process is the standard one in these cases: you paste the relevant URL in the provided box and after choosing the screen resolution that will suit you best you proceed to have the video downloaded. You can also set the format of the video itself from FLV, MP4 and 3GP.

Peek around your organization's Firewall.

VariablySFW: Peek NSFW Websites Before Opening Them

VariableSFW is a web app that lets you preview a questionable link and see if it is safe to open or not.

… To use VariablySFW, you only need to copy and paste the link into the text bar and click “Preview”. The app will then load a filtered preview of the page that you want to open. Adjust the slider to slowly see the page. You can fade in and fade out as you like. This way, you can check what the page is all about before the lurkers behind you find out what you are looking at.

VariablySFW is a handy tool for those who do not want to get caught looking at NSFW pages.