Saturday, May 15, 2010

Lower Merion's education continues. Banning the cameras is the easy part, their lawyers should be advising them to stop gathering evidence that can be used against them. Writing a policy that satisfies the court may be a bit more difficult since they apparently have little experience in such matters...

Lower Merion permanently banned from webcam monitoring (update 2)

May 14, 2010 by Dissent

John P. Martin reports:

A federal judge Friday permanently barred the Lower Merion School District from using webcams or other intrusive technology to secretly monitor students through their school-issued laptops.

The five-page injunction signed by U.S. District Judge Jan E. DuBois also requires the suburban district to adopt transparent and expansive policies by September to govern its student laptop program.

It says Lower Merion can implement an alternative to webcam tracking to find missing or stolen computers, but only if the technology is “conspicuously disclosed” in a document signed by students and their parents.


Update 1: Another news source reports that:

A federal court judge is ordering the Lower Merion School District and a student suing for alleged cyber-spying over district-issued laptops to try to settle non-monetary issues.

The order is not yet up on PACER, but I’ll try to upload a copy later when it’s available.

[From this article:

A cost-effective alternative can be sought, but the court says that software must not allow remote activation or capturing screenshots of students.

The district gets until Sept. 1 to create a policy to deal more adequately with privacy issues, and Lower Merion schools will not be allowed to access student-created files ("including but not limited to documents, e-mails, instant messaging records, photographs, Internet usage logs, and Web browsing histories") except what's defined under its new policy.

Update 2: Here’s the order, and it’s a beaut in terms of protecting student privacy and enforcing transparency on the district’s part.


Judge orders L. Merion to halt monitoring

The district initially proposed showing the photos to the affected students and their parents, and asked Chief U.S. Magistrate Judge Thomas Rueter to manage the process. The ACLU, representing an unidentified Lower Merion family, objected, arguing that some teens might not want their parents to see the images.

"Our position is that the people whose privacy has been violated and the people whose private information is at stake here are the students, regardless of whether or not the students are minors," said Roper, the ACLU lawyer.

A second order DuBois signed Friday includes a sample letter to be sent to students. According to the letter, the teens will be allowed first to review the images alone.

"If there are any images you don't want [parents or guardians] to see, you may let Judge Rueter know and he will discuss with you how to handle that situation," it reads.

(Related) Isn't this just the non-technological equivalent of WebCamGate?

Court says students can sue over strip search

May 15, 2010 by Dissent

Dan Sewell reports:

A federal appeals panel ruled Friday staffers at an Pike County vocational school can be sued by high school nursing students who were strip-searched after a reported theft.

The three-judge panel of the 6th U.S. Circuit Court of Appeals rejected immunity for the school officials, standing by an earlier conclusion that the 2006 search was unconstitutional. The U.S. Supreme Court sent the case back in 2009 after ruling in a similar case that school officials violated an Arizona teen’s rights in a strip search for a prescription-strength drug, but that the officials weren’t financially liable.

Read more in the Chillicothe Gazette.

Just in case you thought the “inventor” of Facebook would be immune from all that “You ain't got no privacy” stuff...

Facebook CEO Slammed 'Dumb' Users Who Trusted Him in College

An instant message transcript slipped to Business Insider shows 19-year-old Mark Zuckerberg suggesting that users of the social network—fellow Harvard students at the time—were "dumb fucks" for trusting him.

Business Insider previously posted evidence that the Facebook CEO used login data from his social network to hack into fellow students' email accounts; that evidence also included instant message transcripts. Its current story follows below.

(Related) It will be useful to have a good source of bad examples! (Includes the code for making direct queries to Facebook.)

Website exposes embarrassing Facebook posts by users with low privacy settings

May 14, 2010 by Dissent

Michael Oliveira reports:

A new website is exposing embarrassing and potentially job-threatening Facebook messages posted by users who probably don’t realize their privacy settings are turned off.

There are posts with people brazenly admitting to playing hooky from work and others pull no punches in making fun of their bosses. Some are of a very personal nature, falling into the category of too much information.

The founders of FacebookSearch, which started Thursday, say they have no malicious intentions and simply hope to show naive Facebook users that there are real consequences to not guarding their privacy online.

Read more in the Winnipeg Free Press.

[Visit the website:

(Related) What is the electronic equivalent of “We didn't inhale?”

Google Admits to Snooping on Personal Data

May 14, 2010 by Dissent

Brad Stone writes:

On Friday, Google made a stunning admission: for over three years, it has inadvertently collected snippets of private information that people send over unencrypted wireless networks.

The admission, made in an official blog post by Alan Eustace, Google’s engineering chief, comes a month after regulators in Europe started asking the search giant pointed questions about Street View, the layer of real-world photographs accessible from Google Maps. Regulators wanted to know what data Google collects as its camera-toting cars methodically troll through cities and neighborhoods, and what Google does with that data.

Read more in the New York Times.

Basically, Google is saying that they had a privacy-invading “oopsie” by using code that sampled payload data and not just SSID information and MAC addresses. As a consequence, they will be disposing of all of the private data they collected and are discontinuing having Street View cars collecting WiFi network data entirely. Google also takes the opportunity to remind people of the dangers of unsecured WiFi networks. [After all, if Google could do this “inadvertently,” imagine what my Ethical Hacking students can do deliberately! Bob]

Note: direct link to Google blog post.

(Related) Google is doing something, what about all those other service?

Google to offer encrypted search next week

(Related) Is this more like Facebook or the Lower Merion snooping?

FYI, Pandora Makes Your Music Public

The innovative online music service Pandora lets you create personalized music stations that you can stream online, but it also makes those stations viewable to anyone on the internet who knows your e-mail address. And there seems to be nothing you can do to make them private.

For my Ethical Hacking class.

Single group did 66% of world's phishing

A single criminal operation was responsible for two-thirds of all phishing attacks in the second half of 2009 and is responsible for a two-fold increase in the crime, a report published this week said.

… Central to Avalanche's success is its use of fast-flux botnets to host phishing sites. The use of peer-to-peer communications makes it impossible for a single ISP or hosting provider to to pull the plug on the infrastructure. The gang also excels at launching attacks from a relatively small number of domain names that often appear confusingly identical to each other, such as and Those abilities also fuel the success.

… A PDF of the report is here

Are you storing too much on your computer? (Want to quickly locate the “good stuff” on those computers you hacked into?)

Identity Finder: What secrets are hidden in your computer?

Identity Finder, from the company of the same name, is a discovery tool for home or business users that searches through data stored on individual Windows and Macintosh computers for personal data such as credit card, Social Security, bank account, driver's license and passport numbers; personal addresses, phone numbers, passwords -- even your mother's maiden name.

dentity Finder comes in Home, Professional and Enterprise versions for Windows, as well as a more limited Mac edition and a very limited free Windows version. Capabilities vary greatly between editions...

Think of this as a significant technological improvement on those tattoos the Germans used in the camps. Perhaps we could use cell phone towers to locate the people we want to stalk...

Taiwanese Researchers Plug RFIDs As Disaster-Recovery Tools

Posted by timothy on Friday May 14, @11:03PM

Velcroman1 writes

"Scientists tag animals to monitor their behavior and keep track of endangered species. Now some are asking whether all of mankind should be tagged too. Looking for a loved one? Just Google his microchip. Taiwanese researchers postulate that the tags could help save lives in the aftermath of a major earthquake. And IBM advocated chips for humans in a speech earlier this week. The ACLU disagrees. 'Many people find the idea creepy,' spokesman Jay Stanley told"

Whatever you do, don't tell anyone you had a copy of this in college – they'll never believe it was research for an Abnormal Psych paper. (and what is “useful for acts of terror” anyway? Street maps? Rental vans? Cell phones?)

In UK, First "Anarchist's Cookbook" Downloaders' Convictions

Posted by timothy on Saturday May 15, @05:11AM

analysethis writes

"In the UK last month the author/compiler of the well-known-in-internet-circles 'terrorist handbook' pleaded guilty to seven counts of collecting information that could have been used to prepare or commit acts of terrorism, with a maximum jail term of 10 years. Today the first people caught with downloaded copies have been put behind bars — a white-supremacist father and son pairing getting 10 & 2 years respectively, convicted of three counts of possessing material useful for acts of terror. How many will be emptying their recycle bins after this conviction? As of writing, the book is still freely available on to buy."

Note: it seems that there's some overlapping nomenclature at play. Terrance Brown, the man who pleaded guilty to terror charges last month, is said to have been distributing a CD set including among other things extracts from Al-Qaeda manuals. His "cookbook" differs then from William Powell's 1971 book by a similar title, though (confusingly enough) the linked Wikipedia article implies that the father-and-son pair arrested possessed a copy of the Powell book as well; its text may well have been among the materials that Brown distributed.

A name to describe an environment that is not a “free for all”

Overwhelmed? Welcome the Age of Curation

By Eliot Van Buskirk May 14, 2010 2:48 pm

Forrester Research analyst Sarah Rotman Epps coined a phrase Friday for something many have been talking about since Apple launched the iPad about six weeks ago. “Curated computing” refers to the way Apple staff examines each piece of software written for iPhone OS devices before allowing it into (or blocking it from) the App Store.

… Epps is onto something with this word, curated.

Curation is the positive flip side of Apple’s locked-down approach, decried as a major, negative development in computing by many observers, present company included. Who would have thought that in 2010, so many people would pay good money for a computer that only runs approved software?

… Curation is already fundamental to the way in which we view the world these days, and the iPad is hardly the first technology to recognize this.

For example:

1) Facebook curated the web.

When given the option to create our own webpages online, most of us recoiled from that open-ended freedom, though many embraced it initially. Even if you took the time to learn HTML and keep your page updated, there was no guarantee that your friends would be able to find it.

That’s why personal websites remain the domain of geeks while Facebook (and its predecessors), LinkedIn, Tumblr, Flickr and other pre-fab web-presence providers flourish, despite valid privacy concerns.

2) Music curation vs. music criticism

Today, you can discover in seconds how nearly any band in the world sounds, assuming it wants to be heard, on YouTube, MySpace, Spotify, The Pirate Bay and other services. At that point, the role of the music critic shrinks considerably and becomes more about curation than criticism.

3) News publications filter the news.

Before the internet and Google all we had was curated news, in that readers typically got all of their news from one or two paper publications, which are closed systems.

4) Consumption devices curate functionality.

Finally, we arrive at the sort of curation Epps is talking about. The Kindle, cellphone, MP3 player, GPS and other specific-purpose devices curate functionality in order to deliver a better experience than a general-purpose desktop computer could ever deliver. This holds especially true for devices designed around consumption, such as portable MP3 players or big-screen televisions.

(Related) On the other hand, isn't this good too?

New Voices: Social media cheapens pols and TV news shows

April 24, 2010 By Courtney Lindwall Special to the Sentinel

The media and the political world's expansion into the 21st century's new realm of communication is understandable. Hooked up to multiple online profiles, channels like CNN, MSNBC and Fox News have created segments to incorporate their viewers' texts, tweets and Facebook statuses.

A new level of participation with our news programs has been unleashed, and in a way, this hands-on approach to political interaction exemplifies our nation's focus on citizen involvement. Integrating individual voices throughout the media's political discussion is just another example of the democratic way America likes to do things.

That is, of course, until the tweets from politicians, texts from angry viewers and misspelled online rants from Facebook begin to create a tinge of unprofessionalism and make the news seem more like a comedic free-for-all blog than a source for informed, valuable commentary.

For my students – especially those trying to “sell” their tech skills. Might be an interesting model for the University to sponsor for their Alumni... - Resumes That Truly Show Who You Are

Everything is based on the browser today, and there isn’t really a reason why resumes should be aloft to the phenomenon. After all, is there a better way to show who you are to potential employers that by coming up with a truly multimedia representation of yourself that can be accessed from just anywhere?

The ones who devised the BriteTab website certainly knew that. The site will let you create and host a resume that brings together all the information that paper resumes always include such as qualifications and previous experience with the richness of video resumes. Besides, the resumes you can build up on the site can include other media such as pictures along with downloadable attachments.

This service is available both for free and at a fixed cost. The paid incarnation of BriteTab comes with some very interesting features such as the ability to create many resumes and rotate them according to the opportunity in question, as well as using themes to go with different industries. Also, bear in mind that videos and attachments can only be added if you buy a premium subscription.

Before your cousin posts that picture of you picking your nose (not that that has happened to me) you should add a copyright, trademark, patent and “Guido will break your legs” notice to all your images.

How To Batch Watermark Images with Jouba Converter

My students play these during my lectures, how much less attention would they pay if they could build their own?

How to Make Your Own First Person Shooter Game for Free

For my student-geeks (geeky students?)

Students now get priority access to Google Voice

Google on Friday began giving students priority access to its Google Voice service, which has remained in a closed beta since its transition from GrandCentral in March of last year.

Typically, invites for the service can take anywhere from a few hours to several months to arrive after a user signs up. But the company is now promising those who have an e-mail address that ends with .edu access to the service within 24 hours. Google had done something similar for active members of the U.S. military back in August.

This could simplify my life.

CaptureFox: Record A Screencast In Firefox

Firefox has tons of add-ons that let you capture screenshots. But CaptureFox goes one step further and allows you to record a screencast along with the audio and finally save it as a video file. Once installed from the Mozilla site. CaptureFox lets you start recording videos with a single click.

A little icon in the status bar shows you how many seconds have elapsed. You can also adjust the audio/video codec and specify a time delay before the recording starts. You can also choose to capture the whole screen or just the Firefox window, adjust the video quality and set frames per second. Once captured, the video is saved as an *.avi file to your hard drive.

Similar sites: ShowMeWhatsWrong, Screenr, ScreenJelly, ScreenToaster, FreeScreenCast, uTIPu and Screencast-O-Matic.

Friday, May 14, 2010

This is rather depressing but not surprising. Management in a bureaucracy is much more about gaining political power than actual management. Note that they don't even bother with enforcing their own policy!

Laptop stolen from VA contractor contains veterans’ personal data

May 13, 2010 by admin

Bob Brewin reports on a breach that I don’t think we knew about here:

A laptop belonging to a contractor working for the Veterans Affairs Department was stolen earlier this year and the personal data on hundreds of veterans stored on the computer was not encrypted, a violation of a VA information technology policy, said the top-ranking Republican on the House Veterans Affairs Committee.

The VA reported the theft of the laptop from an unidentified contractor to the committee on April 28 and informed members the computer contained personally identifiable information on 644 veterans, including data from some VA medical centers’ records, according to a letter Rep. Steve Buyer, R-Ind., sent to VA Secretary Eric Shenseki.

The VA declined to identify the contractor:

The laptop was stolen from a contractor employee’s car on April 22, and she notified local police within 10 minutes, said Roger Baker, chief information officer at VA, in an interview. Although the vendor had certified to VA that it had encrypted laptops that stored department data, Baker confirmed the data on the stolen laptop was unencrypted.

The vendor, who Baker declined to identify because he said it would make it more difficult for contractors to report future data breaches if they knew their name would be made public, reported the theft to VA on April 23. [“We can't think of any other way to get their cooperation.” Bob

So contractors for entities covered by HIPAA/HITECH have their names made public by HHS but the VA decides it can withhold the contractor’s identity? If that laptop contained any unprotected health information on the veterans (and the laptop had access to medical center data), then the contractor *will* be publicly identified on OCR’s site (unless it’s a “private practice” contractor), as over 500 individuals were affected. In any event, I firmly believe that all contractors who leave laptops with unencrypted PII or PHI in a vehicle for stealing should be publicly named, at the very least.

But the news is even worse:

After learning about the unencrypted laptop, Buyer investigated how many VA contractors might not be complying with the encryption requirement and learned that 578 vendors had refused to sign new contract clauses that required them to encrypt veteran data on their computers, an apparent violation of rules.

Buyer told Shinseki that the vendor had 69 contracts in more than half of the department’s 21 regional medical networks operated by the Veterans Health Administration, and 25 of those contracts, more than a third, did not have a clause that required data be encrypted.

Note that it’s not totally clear to me whether the vendor with 69 contracts is the same contractor that had the laptop stolen with 644 veterans’ info on it. Representative Buyer’s letter indicates that there were two breaches in Texas in the past two weeks and he prefaces the comments about the vendor with 69 contracts saying, “The most current breach involved a service disabled veteran owned business that had an unencrypted laptop stolen.” Was this the same laptop theft or the second one? It may be the second one alluded to. It really would help if they would name the vendors!

Read the full news coverage on Nextgov.

(Related) Just in case you thought it was an isolated incident.

Stolen Laptop Exposes Personal Data on 207,000 Army Reservists

May 13, 2010 by admin

Brian Krebs reports:

A laptop stolen from a government contractor last month contained names, addresses and Social Security numbers of more than 207,000 U.S. Army reservists, has learned.

The U.S. Army Reserve Command began alerting affected reservists on May 7 via e-mail. Col. Jonathan Dahms, chief public affairs for the Army Reserve, said the personal data was contained on a CD-Rom in a laptop that was stolen from the Morrow, Ga. offices of Serco Inc., a government contractor based in Reston, Va.


(Related) It remains to be seen if this type of legislation would “cure” the problem

Application of New Massachusetts Data Security Regulations to Out-of-State Businesses

May 13, 2010 by admin

Amy Crafts writes:

Massachusetts’s new data security regulations, effective as of March 1, 2010, currently set forth the country’s most stringent requirements for protecting data. Extending beyond what is required by other states, Massachusetts specifies that, for example, covered entities must implement a written information security program and must encrypt personal information that will be transmitted over the Internet, or that is kept on laptops and other portable devices. Massachusetts regulators and enforcement agencies would likely make the following three arguments that out of state entities must also comply with the new regulations….

Read more on Proskauer Privacy Law Blog.

[From the article:

First, Massachusetts would likely argue that, in order to determine whether an entity is subject to the regulations, the threshold inquiry involves an assessment of information owned or licensed by the entity – not an assessment of where that entity is located.

Second, based on discussions that occurred before the regulations went into effect, it is safe to expect that Massachusetts regulators will assert the right to enforce the regulations against out-of-state entities.

Third, Massachusetts would likely argue that owning or licensing personal information is sufficient for jurisdictional purposes.

The UK is changing (publicly) We'll see how much is “fulfilling campaign promises” and how much is real policy.

Coalition government to roll back privacy and civil liberties intrusions

May 13, 2010 by Dissent

The U.K.’s new coalition government has issued a statement of agreement on some key issues. What is sure to warm the cockles of privacy advocates’ hearts, here’s the section on civil liberties:

The parties agree to implement a full programme of measures to reverse the substantial erosion of civil liberties under the Labour Government and roll back state intrusion.

This will include:

  • A Freedom or Great Repeal Bill.

  • The scrapping of ID card scheme, the National Identity register, the next generation of biometric passports and the Contact Point Database.

  • Outlawing the finger-printing of children at school without parental permission.

  • The extension of the scope of the Freedom of Information Act to provide greater transparency.

  • Adopting the protections of the Scottish model for the DNA database.

  • The protection of historic freedoms through the defence of trial by jury.

  • The restoration of rights to non-violent protest.

  • The review of libel laws to protect freedom of speech.

  • Safeguards against the misuse of anti-terrorism legislation.

  • Further regulation of CCTV.

  • Ending of storage of internet and email records without good reason.

  • A new mechanism to prevent the proliferation of unnecessary new criminal offences. has a discussion of the agreement.

Probably, if you haven't been using Facebook for Months, it's too late.

How Facebook And Twitter Are Changing Business Models, Shaping Brand Identity [Video]

by Evelyn Rusli on May 13, 2010

… The keynote speaker, Jeremiah Owyang, a Partner of the Altimeter Group, offered four laws of social business: don’t fondle the hammer (don’t focus on the specific tools, think about your broader marketing agenda), live the 80% rule (get your company ready for social media, that’s “80% of success”), customers don’t care what department you’re in, and real time is not fast enough. You can access Owyang’s presentation, along with all the other Smash presentations, here.

(Related) The NYT graphic showing how simple it is to manage your privacy on Facebook.

Facebook Privacy: A Bewildering Tangle of Options

To manage your privacy on Facebook, you will need to navigate through 50 settings with more than 170 options.


"Kill Your Facebook Page" Backlash Gains Speed

Calls for people to delete their Facebook accounts are gathering momentum. Critics cite privacy concerns and plummeting trust in the company and its leader, Mark Zuckerberg.

This should never happen in a modern (designed from the ground up) datacenter.

Car Hits Utility Pole, Takes Out EC2 Datacenter

Posted by timothy on Thursday May 13, @10:47PM

1sockchuck writes

"An Amazon cloud computing data center lost power Tuesday when a vehicle struck a nearby utility pole. When utility power was lost, a transfer switch in the data center failed to properly manage the shift to backup power. Amazon said a "small number" of EC2 customers lost service for about an hour, but the downtime followed three power outages last week at data centers supporting EC2 customers. Tuesday's incident is reminiscent of a 2007 outage at a Dallas data center when a truck crash took out a power transformer."

AH! I've been looking for a Mid Term Exam for my Hacking class. It will be even more fun when we attach a WiFi remote...

Hacking Automotive Systems

Posted by kdawson on Friday May 14, @08:55AM

alphadogg writes

"University researchers have taken a close look at the computer systems used to run today's cars and discovered new ways to hack into them, sometimes with frightening results. In a paper set to be presented at a security conference in Oakland, California, next week, the researchers say that by connecting to a standard diagnostic computer port included in late-model cars, they were able to do some nasty things, such as turning off the brakes, changing the speedometer reading, blasting hot air or music on the radio, and locking passengers in the car. The point of the research isn't to scare a nation of drivers, already made nervous by stories of software glitches, faulty brakes, and massive automotive recalls. It's to warn the car industry that it needs to keep security in mind as it develops more sophisticated automotive computer systems. Other experts describe the real-world risk of any of the described attacks as low."

Here is the researchers' site, and an image that could stand as a summary of the work.

For my website students

CSSDesk: Simple Online CSS Sandbox Tool

Working with CSS on your webpage can be quite tricky especially if you have to sort through a lot of code. Fortunately, CSSDesk is a handy CSS sandbox that lets you put in HTML and CSS codes and view the preview instantly. It is very useful for testing out codes before implementing them in your website permanently.

Similar Tools: CleanCSS, CSSColorEditor, and StyleNeat.

Not just for Math teachers...

Dan Meyer: Math class needs a makeover

Yesterday I posted an article about MS Word template sites. These are Open Office, but the two are compatible...

Useful Free Open Office Templates To Make You More Productive

If you need inspiration or want to produce a specific kind of document, never fear! Their free user-created Open Office templates are awesome, and can save you lots of time and money!


Educators will find many of the OOO templates quite handy! Instead of purchasing expensive software or trying to create a tool on your own, you can instead peruse their repository of templates.

Lesson Plan Templates


Formatted Paper Guidelines, Formatted Paper Templates

Grid Paper

Gradebook Templates

Thursday, May 13, 2010

Change of scope.

Spy-cam family drops plan for class-action damages

By John P. Martin INQUIRER STAFF WRITER Posted on Wed, May. 12, 2010

From the outset of the Lower Merion School District's webcam saga, a question has persisted:

How many students were really like Blake Robbins? How many students, like him, were secretly photographed in their bedroom by a school-issued computer, then confronted with one of those pictures by a principal?

A hint of an answer came Wednesday: Maybe none.

In a new filing, the attorney for Robbins and his parents said they would drop plans to seek monetary damages for all Lower Merion students, acknowledging that his case, the one that lit the firestorm over the district's laptop tracking, was unique.

The move could pave the way for a quicker settlement between the district and the Robbinses and minimize the costs of the webcam furor. But it also opens the door to more individual lawsuits over the now-disabled tracking program.

The Robbinses' attorney, Mark Haltzman, said they weren't backing away from their claim that the district violated high school students' civil rights by secretly snapping photos and capturing screen shots from school-issued laptops over the last two school years.

Haltzman said that all sides were close to agreeing on a permanent injunction that would protect the would-be class members - students at Lower Merion and Harriton high schools - from future webcam monitoring.

Small, but with some interesting (if true) twists.

Picante restaurant is victim of credit card scam

May 12, 2010 by admin

Frances Dinkelspiel reports:

Picante, the popular Mexican restaurant on 6th Street [in Berkeley, California] , has been the target of an international credit card fraud operation, its owner says today.

Thieves from as far away as Russia managed to penetrate the restaurant’s credit card encryption system [First time I've heard of any hacker penetrating the encryption. This could just be something the reporter was told by the restaurant owner... I hope... Bob] and steal the numbers of dozens of customers, says Jim Maser, who has owned Picante for 16 years. The thieves then used the stolen numbers to create phony credit cards, which they turned around and sold, he says.


Picante first became aware of the security breach last Thursday, May 5, and has been working with the U.S. Secret Service since then, says Maser. The restaurant hired a private security company to find the source of the breach, fix it, and make sure it does not happen again. The restaurant is replacing its credit card swiping hardware and software. [If it is the fault of the hw & sw, tell us so we can replace it! Bob]

The Secret Service arrested a number of people on Tuesday in connection with the theft, says Maser.

Read more on Berkeleyside.

[From the article:

The Secret Service arrested a number of people on Tuesday in connection with the theft, says Maser. They were arrested on the East Coast after they tried to make a purchase at an Apple store. But the masterminds of the theft probably came from overseas, perhaps from Russia or Dubai, Secret Service agents told Maser.

… Maser says the Secret Service told him that international thieves are targeting businesses that do more than $500,000 in business a year. [Not sure how anyone would know this, unless the volume of crime is huge or they have been talking to one of the hackers. Bob]

Interesting procedure: Try to authenticate the money transfer, but if you get a busy signal, assume everything is okay and let the money flow...

Thieves Flood Victim’s Phone With Calls to Loot Bank Accounts

By Kim Zetter May 12, 2010 5:17 pm

Bank thieves have rolled out a new weapon in their arsenal of tactics — telephony denial-of-service attacks that flood a victim’s phone with diversionary calls while the thieves drain the victim’s account of money.

A Florida dentist lost $400,000 from his retirement account last year in this manner, and the FBI said the attacks are growing.

The FBI says the calls were a diversionary tactic, meant to tie up Thousand’s line so that Ameritrade couldn’t reach him to authenticate the money transfer requests.

Translating from Lawyer to English

VA: Personal info accidentally released by Campbell schools

May 13, 2010 by admin

Jessie Pounds reports:

Campbell County Schools inadvertently released “personally identifiable material” as part of a response to a Freedom of Information Act request, Superintendent Robert Johnson said Wednesday.

Darryl Whitesell, an attorney and Gladys Elementary School parent, said he received a document that appeared to include school employee names, schools and full Social Security numbers, for hundreds to more than 1,000 individuals.

Johnson said school board attorney David Hawkins told him he believes there was no legal breach. [Translation: “Please don't sue us!” Bob]

Read more in The News & Advance.

[From the article:

Johnson could not personally confirm [Translation: I don't have time to look at that stuff! Bob] that the document contained Social Security numbers.

… Johnson said: “We have had discussion internally about how information is released,” in response to a question about what he would do to make sure something similar would not happen again. [I bet the discussion was: “Do you know what to do?” “Nope” “Me neither.” Bob]

Does Facebook even notice the sharks circling?

European data protection group faults Facebook for privacy setting change

May 13, 2010 by Dissent

The Article 29 Working Party press release issued yesterday may also have something to do with Facebook’s emergency privacy meeting today:

The Article 29 Working Party, the group of European data protection authorities, told Facebook in a letter today that it is unacceptable that the company fundamentally changed the default settings on its social-networking platform to the detriment of a user.

Facebook made the change only days after the company and other social networking sites providers participated at a hearing during the Article 29 Working Party’s plenary meeting in November 2009.

… The Working Party emphasised the need for a default setting in which access to the profile information and information about the connections of a user is limited to self-selected contacts. Any further access, such as by search engines, should be an explicit choice of the user.

… The Article 29 Working Party also raised the issue of data of third persons contained in users’ profiles. Providers of social networking sites should be aware that it would be a breach of data protection law if they use personal data of other individuals contained in a user profile for commercial purposes if these other individuals have not given their free and unambiguous consent.


Facebook Privacy: Confusion and Backlash

May 13, 2010 by Dissent

Facebook’s privacy concerns and backlash are becoming daily staples of privacy news. Here’s a small roundup of some coverage today:

Nick Bilton reports:

Pop quiz: Which is longer, the United States Constitution or Facebook’s Privacy Policy?

If you guessed the latter, you’re right. Facebook’s Privacy Policy is 5,830 words long; the United States Constitution, without any of its amendments, is a concise 4,543 words.


The new opt-out settings certainly are complex. Facebook users who hope to make their personal information private should be prepared to spend a lot of time pressing a lot of buttons. To opt out of full disclosure of most information, it is necessary to click through more than 50 privacy buttons, which then require choosing among a total of more than 170 options.

Read more in The New York Times, and take a look at the related graphic.

Is it any surprise that “How do I delete my Facebook account?” is one of the most common “How do I…” questions in Google Search, as ReadWriteWeb reports? Or that Facebook is reportedly holding a big meeting on privacy today? As Sam Diaz blogs on ZDnet:

The internal meeting comes two days after Elliot Schrage, Facebook’s VP for public policy, conducted a written Q&A from New York Times readers on the Bits blog. The post featured some pretty frank questions from readers who clearly see a financial motive for Facebook increasingly pushing the limits with revisions to its privacy policy.

More importantly, the exec was asked a simple question about why everything is set up for opt-out instead of opt-in, forcing people to go into the settings to re-adjust their privacy controls. Schrage’s answer, while truthful and honest, was also borderline arrogant – something that could hurt the company if readers (like me) perceive that to be taken in a “you don’t have to be a member if you don’t like our rules” kind of way. His short answer: “Everything is opt-in on Facebook. Participating in the service is a choice.”

If you missed EFF’s write-up on how Facebook privacy policy has devolved over the years, you can read it here. And do see Matt McKeon’s animated visualization of the “Evolution of Privacy on Facebook.”

Local impact

Qwest Seeks Customer Views on Updated Privacy Policy

May 13, 2010 by Dissent

Qwest Communications issued a press release that they are updating their privacy policy and are seeking customer feedback before it becomes effective this summer. You can see their policy here.

Privacy is good!

Unpaid Parking Tickets Linked To Police Officers

May 13, 2010 by Dissent

David Goldstein reports that some police officers are able to get away with not paying parking tickets because the privacy laws that protect their addresses from would-be criminals also makes it difficult for state agencies to track them down to send them notices that their parking tickets haven’t been paid:

Officer William Grundy with the Los Angeles County Police is sworn to uphold the law, but we found that he has hundreds of unpaid parking tickets for personal vehicles registered in his name.

Officer Grundy was happy to see me until he found out why we were there.

David Goldstein: “You have more than 250 citations on the two cars you have. Do you know that?”

Officer Grundy: “No, I didn’t know that.”

David Goldstein: “You have five pages of citations, all around your house. How don’t you know that?”

Officer Grundy: “I can’t talk about it but it’s nice seeing you.”

Read more on CBS.

The new government rolls back 1984?

UK: ID cards, National Identity Register scrapped

May 13, 2010 by Dissent

David Meyer reports:

The Conservative-Liberal Democrat government has confirmed that it will scrap the ID cards scheme and the National Identity Register.

“Applications can continue to be made for ID cards, but we would advise anyone thinking of applying to wait for further announcements,” the Home Office said in a note on its website on Wednesday.

Wednesday was the first day of the new government, a coalition between the Tories and Lib Dems that was formed after last week’s election resulted in a hung parliament.

“Both parties that now form the new government stated in their manifestos that they will cancel identity cards and the National Identity Register,” the Home Office note said. “We will announce in due course how this will be achieved.”

Read more on ZDnet.

Removing the “Get out of jail, free” card?

UK Court Finds Company Liable For Software Defects

Posted by samzenpus on Thursday May 13, @03:18AM

normsky writes

"A software company's stipulation that it couldn't be held accountable for the poor performance of its software was unfair and could not be enforced, the High Court has said. 'Pursuant to the Sale of Goods Act 1979, a term is to be implied into the contract that Entirety would be fit for the purpose for which it was bought, namely that the system would increase revenue and occupancy levels and would allow quicker check-in and check-out, including accurately processing groups and making changes to group reservations while preserving the accuracy of the system. I am satisfied that Entirety was not fit for the purpose for which it was sold,' his Honor Judge Toulmin wrote."

We believe that individuals are too stupid to take care of themselves, so the government must do it for them.”

MD 1st to bar schools releasing tests to military

May 12, 2010 by Dissent

Kathleen Miller of the Associated Press reports:

A first-of-its-kind law bars public high schools in Maryland from automatically sending student scores on a widely used military aptitude test to recruiters, a practice that critics say was giving the armed forces backdoor access to young people without their parents’ consent.

This is really big in terms of student privacy. For years, parents have had the right to opt-out of having their children’s records sent, but despite periodic news coverage, most parents either never seem to find out about that right or don’t follow up by signing the opt-out form. [Or don't agree with the politicians? Bob]

Read more of the AP’s coverage on Deseret News.

A different take. Companies should let customers know what's going on?

Is Europe's cure for wireless "bill shock" right for the US?

This year the European Union put the kibosh on tourists and travelers getting hit with €8,000 to €31,500 mobile Internet bills if they happen to download a TV show in the wrong neighborhood in France. EU-governed mobile companies must offer consumers a monthly cut-off limit for roaming broadband access. Once their bill goes past that sum, they'll be informed that their wireless connection to the Internet has been temporarily blocked, and asked how they want to proceed.

A different take. The individual is responsible. (Does this effectively ban free wifi? What will Starbucks do to attract customers?)

German court orders wireless passwords for all

Germany's top criminal court ruled Wednesday that Internet users need to secure their private wireless connections by password to prevent unauthorized people from using their Web access to illegally download data.

Internet users can be fined up to euro100 ($126) if a third party takes advantage of their unprotected WLAN connection to illegally download music or other files, the Karlsruhe-based court said in its verdict.

"Private users are obligated to check whether their wireless connection is adequately secured to the danger of unauthorized third parties abusing it to commit copyright violation," the court said.

Grow your own computer? Will this cause some radicals to create PETC (People for the Ethical Treatment of Chips?)

Researchers Create Logic Circuits From DNA

Posted by samzenpus on Wednesday May 12, @06:56PM

separsons writes

"Researchers at Duke University recently used DNA to craft tiny chips used in computers and electronic circuits. By mixing DNA snippets with other molecules and exposing them to light, researchers created self-assembling, DNA-based logic circuits. Once perfected the tech could serve as an endlessly abundant, cheap alternative to silicon semiconductors. Chris Dwyer, lead researcher on the project, says that one grad student using DNA to make self-assembling circuits could produce more logic circuits in one day than the global silicon chip industry can create in an entire month!"

A search engine for forums. Haven't seen this before, not sure how useful it is...

Omgili is a specialized search engine that focuses on "many to many" user generated content platforms, such as, Forums, Discussion groups, Mailing lists, answer boards and others.

Security through Obscurity? At least you bypass the 25 user limit.

Wednesday, May 12, 2010

YouTube Adds New "Unlisted" Privacy Option

Now YouTube gives you the option to make your videos "unlisted." Using the unlisted setting means your videos can only be seen by people to whom you've given the direct url for your video. Unlisted videos will not appear in search results or related video lists. So while the videos you or students post as unlisted video won't be 100% private, you will have much greater control over who can or cannot see them. [Actually, you will have no control. Bob]

I'll have to have someone (probably a student) explain why I might want to do this. Students already talk too much...

Wednesday, May 12, 2010

HootCourse - A Classroom Application for Twitter

HootCourse uses Twitter, Facebook, Blogger, WordPress, Posterous, and Xanga to create a conversation channel for your courses.

Here are some related items that may be of interest to you:

Neat Chat - Quickly Create an Ad-Free Chatroom

Five Platforms for Classroom Back-channel Chat

Back-channeling During a Class Viewing of Glory

I feel geeky,

oh so geeky”

I don't use a cellphone, but the Wolfram aspect is interesting.

Create Your Own Ringtones For Your Mobile With Wolfram Tones

These can be useful...

Top 5 Sites To Find The Best Microsoft Word Templates

Think of this as rapid prototyping – gathering all the screenshots you'll need for you video or slideshow.

How To Take Multiple Screenshots In Bulk With Firefox

Screen capture tools are so plenty that you may easily get lost which one to choose and why.

I listed quite a few tools to make screenshots in my post last year and I am still using those listed there.

Grab Them All is a handy Firefox extension that allows you to take multiple screenshots with just a few clicks. The tool supports Windows and Linux platforms and has an Open Source licence.

This post provides further guidelines, screencast and reviews.

Wednesday, May 12, 2010

Now who is getting an education?

Amy Feldman: FBI Can View Webcam Pics

A judge has ruled the FBI can view computer evidence gathered in the Lower Merion Webcam investigation.

Attorney Amy Feldman says "now the fun begins because now what you're looking at is criminal charges."

Sort of the reverse of the Lower Merion school district's approach...

Students Who Caught Gym Teacher Stealing Money From Lockers May Get Punished

from the that-doesn't-seem-right... dept

A few years back, we had a story about some students using a mobile phone camera to record a teacher's outburst on film. Rather than disciplining the teacher who appeared way out of line, and who had pulled a chair out from under a student, the school disciplined the students for filming the teacher. In what may be a similar situation, reader Pickle Monger alerts us to the story of some students who got upset about money regularly disappearing from their lockers. After complaining to school officials and getting no help at all, they set up a mobile phone camera to record what happened to the lockers... and actually caught their gym teacher breaking into the lockers to steal the students' money.

So how is the school reacting? Celebrating the ingenuity and the sleuthing skills of the kids in catching a bad teacher stealing money from students? Nope:

A school spokesman said it's possible the student who recorded the cell phone video could get in trouble as well because students are not supposed to use their phones during the day.

School officials said they are not allowed to record video in locker rooms because of privacy.

Now, obviously the situation is a little more complicated due to the privacy issues in a locker room, but there's no indication that there were any privacy problems here at all. The whole purpose was to catch the thief that the school wouldn't catch. Punishing students for breaking those rules, while ignoring the reasons why they did it, teaches a really bad lesson to students.

The future of personal information (including Health Records?) in America?

Personal cellphone data ends up for sale at Mexico flea market

May 11, 2010 by admin

Tracy Wilkinson reports:

When the government launched a nationwide campaign to register cellphones, millions of Mexicans refused. And thousands of others registered with a familiar name: Felipe Calderon, the country’s president…. Some said they were convinced that the government would use the information to spy on dissidents or anyone else out of favor. Others said they feared the information would end up in the wrong hands.


They were proved right last month when the confidential data of millions of Mexicans from official state registries suddenly became available for a few thousand dollars at Mexico City’s wild Tepito flea market.


In Mexico, unlike the U.S., voter sign-up rolls and motor vehicle registrations are not a matter of public record. Mexicans, in theory at least, expect privacy. So when these databases began turning up in the chaotic Tepito market, Mexicans were not pleased.

Read more in the Los Angeles Times.

What words activate the “pay attention” nerve in organizations? Apparently, “I'm a reporter and I have a few questions...” is a fairly universal stimulus.

A failure to protect medical privacy

May 11, 2010 by admin

An editorial from the St. Petersburg Times:


For more than half a year, strangers’ medical records jammed the home fax machine of Hudson resident Elizabeth Reed. The records described patients’ illnesses, lab results and prescription refill requests. The flow of records so disrupted the family’s home phone service that they resorted to using cell phones. Reed discovered that an incorrect phone number on a doctor’s prescription pad was to blame, but her calls to the doctor’s office, pharmacies and the state Department of Health didn’t stem the tide.

And for months, strangers’ medical records have been delivered in the mail to Elsie Huebner’s Safety Harbor home, including details of a woman’s visit to a psychiatrist, a man’s chest pains, and another man’s oxycodone prescription.

Huebner discovered the medical records came from Aetna and UnitedHealth Group insurance companies, which had mistaken her home address for a medical office where 10 doctors worked. She called the doctors and wrote “Return to Sender” on envelopes. She even contacted the federal agency responsible for enforcing HIPAA. But at best, she got only a form letter response — until the St. Petersburg Times wrote about her problem last week. Now both insurance companies have contacted her and are urgently retrieving the misdirected medical records.

Read more in the St. Petersburg Times.

Is it just my impression or does this type of repeated problem tend to happen more in the healthcare sector than other sectors? Yes, banks erroneously mail records to the wrong party, but I doubt if a bank would continue sending bank records to the same wrong address once they were notified of their mistake. And yet, over the years, I’ve read a number of news stories involving people who continue to receive faxes or mailings with medical records and they are unable to get the sending party to stop. It would be nice if HHS/OCR investigated and actually started fining parties for repeated violations.

I'm see evidence that the courts are taking the impact of these crimes more seriously. No longer viewing them as a 'White Color misdemeanor'

Judge won’t accept pleas in Jackson Memorial Hospital ID theft case

May 11, 2010 by admin

Jay Weaver reports:

A husband-and-wife duo charged with running a racket to pilfer patient records from Jackson Memorial Hospital to sell to lawyers for injury claims [or maybe she needs a lever to get the names of the lawyers? Bob] tried to plead guilty Tuesday in Miami federal court.

But U.S. District Judge Joan Lenard said she couldn’t accept their pleas because she didn’t think the prescribed punishment fit their crime under their agreements with the U.S. attorney’s office.

Ruben E. Rodriguez, the leader, faces up to 12 years in prison. His wife, Maria Victoria Suarez, faces up to five years, under their plea agreements.

“These charges are much too serious — much too serious for our community,” Lenard said. “Violations of the law in the healthcare industry have become too much the norm. There are real victims here.”

Read more in the Miami Herald.

Beyond ensuring appropriate disciplinary measures were taken, what good does this do? Some level of deterrence? Get caught porning and we'll post your name on the 'bad boys' list?

Lawsuit Wants SEC to ID Porn Snoopers

May 11, 2010 by Dissent

Jim McElhatton reports:

The Securities and Exchange Commission is facing a federal lawsuit for keeping secret the names of dozens of its supervisors, employees and contractors who spent their workdays looking at pornography on their government computers.

The lawsuit, filed Friday by a Denver- and Washington-based law firm, accuses the SEC of violating federal open-records law by shielding the identities of more than two dozen current and past porn-snooping workers.

“There simply is no privacy right or interest to search pornography on SEC computers, particularly during work hours,” says the 17-page complaint, filed in federal court in Denver.


The case is Steese, Evans & Frankel v. United States Security and Exchange Commission. I’ve uploaded a copy of the complaint, without attachments, here (pdf, 17 pages). They seem to make a strong case for disclosure under FOIA. See what you think.

[From the Complaint:

Among the pornographic and sexually explicit websites frequented by SEC employees using SEC computers during SEC work hours were the following [Ah! All is explained. They want the list of porn sites that follow. Bob]

Before she gets to rule on Privacy matters, we must strip all Privacy from her for the amusement of politicians.

May 11, 2010

Resources on Supreme Court Nominee Elena Kagan

Elena Kagan Nominated to the Supreme Court: "On April 9, 2010 Justice John Paul Stevens announced that he would retire after nearly 35 years on the bench of the U.S. Supreme Court. President Obama announced the nomination of Solicitor General Elena Kagan to replace Stevens on May 10, 2010. This is President Obama's second nomination to the nation's highest court, following his selection of Justice Sonia Sotomayor in May 2009. Notably the first female Solicitor General and first female dean of Harvard Law School, if Kagan is confirmed, she will also be the fourth woman to serve on the Court. To serve congressional and public requests for resources pertaining to this historic nomination, the Law Library of Congress has developed a web presentation on Kagan on its Supreme Court Nominations site. Visit our bibliography to find out more about the new Supreme Court nominee." [Emily Carr, Legal Reference Specialist, Law Library of Congress]

Competing with “free”

May 11, 2010

Windows Announces Free Web Version of Word Coming In June

New York Times: "This latest version of Office, which includes applications like Word, Excel, Outlook and PowerPoint, is Microsoft’s long-awaited effort to modernize one of its most lucrative products and to thwart rivals like Google that are nipping at its heels with free Web software. For the first time, Microsoft will provide a free online version of Office that lets people store their documents on the Web rather than on their personal computers... Microsoft has said that Office 2010 will range in price from a limited, free Web version supported by ads to a full-blown version that costs $500, both to be available to consumers in June."

An attempt to describe the 'semantic web' Could be useful for my Data Analysis class

Web 3.0, The Movie [Video]

A tool for my Statistics students? The results could be improved by identifying those who aer inconsistent and dropping them from future surveys.

Using Twitter Data To Approximate a Telephone Survey

Posted by kdawson on Tuesday May 11, @09:30PM

cremeglace writes

"A team led by a computer scientist at Carnegie Mellon University has used text-analysis software to detect tweets pertaining to various issues — such as whether President Barack Obama is doing a good job — and measure the frequency of positive or negative words ranging from 'awesome' to 'sucks.' The results were surprisingly similar to traditional surveys. For example, the ratio of Twitter posts expressing either positive or negative sentiments about President Obama produced a 'job approval rating' that closely tracked the big Gallup daily poll across 2009. The analysis also produced classic economic indicators like consumer confidence."

By averaging several days' worth of tweets on presidential job approval, the researchers got results that correlated 79% with daily Gallup polling. Lead researcher Noah Smith said, "The results are noisy, as are the results of polls. Opinion pollsters have learned to compensate for these distortions, while we're still trying to identify and understand the noise in our data. Given that, I'm excited that we get any signal at all from social media that correlates with the polls." Here is CMU's press release.

Some things just happen at the wrong time. Where was this technology when I was younger? Perhaps I should buy it for the collector value? (I used to buy it for the articles...)

Playboy 'readers' get 3-D centerfold in June issue

Some students have strange names...

Inogolo: Find Out Correct Name Pronunciations

Similar tools: TheNameEngine, HowToSayThatName and PronounceNames.

Interesting interactive graphic

How Much Energy Do Your Home Appliances Use? [INFOGRAPHIC]

Another interesting use of graphics

The Evolution of Privacy on Facebook