Saturday, May 22, 2010

As the judicial system starts to use/depend on technology, access to that technology will become critical. I have to side with the Judge here. This was at minimum highly disruptive. Could it have blocked the flow of documents to or from the Judge to the extent that deadlines were missed or stays of execution? I could probably come up with many nasty scenarios.

No Contempt, No Jail for Spamming a Judge

By David Kravets May 21, 2010 4:30 pm

A federal appeals court has overturned a criminal contempt citation and 30-day sentence issued to a civil litigant who urged his followers to e-mail the judge presiding over the case.

The case tested the reach of judicial contempt authority (.pdf) in the digital age. The 7th U.S. Circuit Court of Appeals said Thursday that, generally, it did not extend beyond the courtroom.

The brouhaha began in February, when TV pitchman Kevin Trudeau asked his radio and web followers to deluge U.S. District Judge Robert Gettleman with e-mail so he would side with him in a civil lawsuit.

The Chicago judge’s inbox was flooded with hundreds of messages, and his Blackberry froze. He promptly found Trudeau — who was being sued by the Federal Trade Commission — in contempt of court and sentenced him to jail. The term was stayed pending appeal.

The legal question at issue focused on whether contempt of court can occur in a court’s virtual presence.

“Because the conduct occurred outside the judge’s presence and, rather than being forced to stop proceedings by Trudeau’s behavior, the judge had to actually convene proceedings in order to get Trudeau before the court, summary contempt should never have been an option here,” (.pdf) the Chicago-based appeals court ruled.

Because the contempt citation was so unusual, the court left open the possibility for Judge Gettleman to refer the case to federal prosecutors, which would allow Trudeau a chance to defend himself against the charges.

During oral arguments in the case last month, the judge’s attorney, Gary Feinerman, told the three-judge appellate court that computers are part and parcel to a judge’s courtroom.

The court, at that point, was under attack,” Feinerman argued, according to the Chicago Sun-Times. He said U.S. Marshals are examining the messages to see if any are threatening.

Kimball Anderson, Trudeau’s lawyer, argued his client could only be sanctioned for courtroom behavior, and only if it affects the “administration of justice.”

Was this lousy lawyering or did it appear worse than it was?

Pennsylvania AG Dropping Twitter Subpoena

Will this be enough to get Congress interested? Fall elections + Publicity suggests Yes!

Facebook likely headed to court over privacy concerns, critics say

May 22, 2010 by Dissent

Sarah Schmidt reports:

Facebook likely will be hauled before a federal judge in Canada by the fall for thumbing its nose at the country’s privacy watchdog, online privacy experts predict.

The furor over privacy settings and how the social networking shares personal information with outside companies has been growing for the past few months, with Canada’s privacy commissioner Jennifer Stoddart now speaking openly about the possibility of a fresh investigation into Facebook for new violations of Canada’s private sector privacy act.

“Although they’ve done some things right, in a few areas, they seem to have gone in the opposite direction, and that’s been disappointing,” spokeswoman Anne-Marie Hayden said Friday.


(Related) Tim is a pretty knowledgeable guy, but I have to disagree here.

A Contrarian Stance On Facebook and Privacy

Posted by Soulskill on Saturday May 22, @09:18AM

"Amid the uproar over Facebook's privacy maneuvers, Tim O'Reilly offers a contrarian view. He writes: 'The essence of my argument is that there's enormous advantage for users in giving up some privacy online [Sharing information is one thing, losing control of that information is another. I give you my credit card ONLY to pay for a single transaction. If you use it for anything else, I'll sic Guido on you! Bob] and that we need to be exploring the boundary conditions — asking ourselves when is it good for users, and when is it bad, to reveal their personal information. I'd rather have entrepreneurs making high-profile mistakes about those boundaries, [I'd rather have them THINK about what could go wrong and explain the risks to customers before asking them to Opt-In. But that's too much work for the Marketing Department. Bob] and then correcting them, than silently avoiding controversy while quietly taking advantage of public ignorance of the subject, or avoiding a potentially contentious area of innovation because they are afraid of backlash. It's easy to say that this should always be the user's choice, but entrepreneurs from Steve Jobs to Mark Zuckerberg are in the business of discovering things that users don't already know that they will want, and sometimes we only find the right balance by pushing too far, and then recovering.'"

Facebook has confirmed it is working on more changes to its privacy policy in response to feedback from users.

Well, it's a start.

Google rolls out encrypted Web search option

by Elinor Mills May 21, 2010 12:30 PM PDT

Google began offering an encrypted option for Web searchers on Friday and said it planned to roll it out for all of its services eventually.

People who want to use the more secure search option can type "" into their browser, scrambling the connection so the words and phrases they search on, and the results that Google displays, will be protected from interception.

… The encryption protects only data in transit between an individual's browser and the Google search server. When people click on a search result and are directed to another Web site, they leave the encrypted channel.

Offering encrypted connections to means that users in China and other regimes that engage in significant surveillance will--assuming the connection is not blocked in the first place--be able to conduct searches without governments knowing the search terms.

Would you like your doctor to discuss your treatment on Facebook? Why would Twitter be any better? Looks like another “can of worms” area of the law.

E-Health and Web 2.0: The Doctor Will Tweet You Now

By Computerworld Staff May 21, 2010 11:05 am

… American Well partnered with Microsoft to use its HealthVault EMR service, which allows patients to securely store their entire medical history online. Test results and radiological images can also be uploaded to the online records. Patients control access to their information and must specify who can see the records. Google Health is another popular online EMR service also being used to access patient information online.

BlueCross and BlueShield of Minnesota makes the online patient services available to employers, who then offer it to employees. There is a $10 or $20 co-payment fee for members, and nonmembers can use the services for $50 per session. In other states, however, BlueCross and BlueShield offers the services to any member, regardless of employer.

… Jeff Livingston, an obstetrician and gynecologist in Irving, Texas, said his 10-doctor practice has about 600 Facebook fans and more than 1,500 Twitter followers. They not only use the social networking service to communicate through text messaging, but can read and comment on postings about birth control, breast feeding and a variety of other health care topics.

New mothers also share baby photos through a popular Facebook community page created by patients [How secure would that be? Bob] of his practice, MacArthur OB/GYN. And MacArthur OB/GYN’s Facebook fans can connect with one another through the social networking site to discuss their own experiences with medical procedures.

… Livingston said that he is well aware of potential privacy issues but feels that the issue is really much ado about nothing.

“To me, it’s very simple and not controversial, but people like to make it controversial,” he said. “You cannot diagnose, treat or discuss any personal health information in a nonsecure environment. So if a patient asks me a very specific question on Facebook, I cannot answer it legally.” [Even to save a life? Bob]

You no longer need to buy a Politician (they're cheap, but the maintenance is costly) Now you can supply him with pre-written laws (and talking points) that make him look like he understands the topic! Of course, this works both ways... Right Mr. Gore?

Ghostwriting the Law for Corporate America

Source: American Association for Justice

The American Legislative Exchange Council (ALEC) has secretly taken millions of dollars in corporate money to infiltrate state legislatures and push legislation that, amongst other anti-consumer measures, would give complete immunity to asbestos manufacturers and undermine recently-passed health care reform, according to a new report released today.

(Related) Then there are the traditionalists...

Big Bank Lobbyists Fighting Financial Reform Outnumber Pro-Reform Lobbyists by 11-1

This seems to have been a website in Beta. They claim they didn't actually have photos but were going to provide links to them. Coupled with a face recognition tool, this might have been an interesting site for scandal mongers...

ImageLogr Scrapes "Billions" of Images Illegally

Posted by Soulskill on Friday May 21, @04:02PM

"In what must be one of the largest attempts to scrape images from the Web, the site 'claims to be scraping the entire "free web" and seems to have hit Flickr especially hard, copying full-sized images of yours and mine to their own servers, where they are hosting them without any attribution or links back to the original image in violation of all available licenses on Flickr.' The site even contains the option to directly download images that ImageLogr has scraped. What makes this endeavor so amazing is that it isn't a case of 'other people gave us millions of infringing images, help us remove the wrong ones,' but one of 'we took all the images on the Web; if we got one of yours, oops!' The former gets some protection from the DMCA, whereas the latter is blatant infringement. ImageLogr's actions have caused a flurry of activity, and the site's owners have subsequently taken it offline, displaying the following message: ' is currently offline as we are improving the website. Due to copyright issues we are now changing some stuff around to make people happy. Please check back soon.'"

Another wave of computerization: from Mainframes, which ran applications for the entire organization; to Mini-computers which could support a single department; to microcomputers supporting a single user – now we can use the cloud to do any or all of those things at the same time.

How Google is redefining the enterprise

by Dave Rosenberg May 21, 2010 12:11 PM PDT

With all of the talk about Android, the open Web, and video taking place at this week's Google I/O conference, big software vendors could have easily been lulled into underestimating how much Google is actually targeting enterprises with new and updated offerings.

That would be a mistake.

Google has become such a prolific creator of technology that suits its own business needs, somewhere down the line it crossed over into the future of the enterprise, or at least a version of the future--one that develops software to consume and manage IT services and resources without having to build your own infrastructure.

… And really, cloud is far more about users than it is vendors. As Forrester Research's James Staten wrote recently, "cloud computing isn't your future--it's a new part of your overall IT portfolio." It's the ability to use cloud services to augment your environment that matters to users. Services such as Amazon EC2, AppEngine, and Rackspace Cloud are all just extensions of your infrastructure.

Apple is the Walmart of Internet music stores? Who'd a thunk it?

Apple's iTunes lead increasing, now selling 26.7% of US music

For my Computer Security students. We'll be pushing this technology into our homes.

Reporters' Roundtable: Our perilous infrastructure (podcast)

(Related) Computer Forensics this time.

How to Check if Your Gmail Account Has Been Hacked

(Related) Another simple way to secure sensitive data?

Use PenyuLocker To Lock Or Encrypt A Windows Folder

For all my students

7 Best Places to Download FREE Textbooks

Searching for websites like the ones you use?

5 Methods to Find and Discover Related Sites

Also try:

Friday, May 21, 2010

So, should this case be widened to include a forensic exam of all the laptops to determine if someone is using this hack to spy on the students?

School Spy Program Used on Students Contains Hacker-Friendly Security Hole

By Kim Zetter May 20, 2010 4:09 pm

A controversial remote administration program that a Pennsylvania school district installed on student-issued laptops contains a security hole that put the students at risk of being spied on by people outside the school, according to a security firm that examined the software.

The LANrev program contains a vulnerability that would allow someone using the same network as one of the students to install malware on the laptop that could remotely control the computer. An intruder would be able to steal data from the computer or control the laptop webcam to snap surreptitious pictures.

… In the hack demonstrated in the video below, Leviathan researcher Joel Voss is seen intercepting communication between a LANrev computer and its server, and then impersonating the server to install a remote control program that gives him complete and surreptitious control over the machine. He can operate its web camera to capture imagery of the person sitting in front of the machine.

(Related) How far should schools go to “protect” students?

Ex-student sues Tunkhannock Area, authorities over cell phone seizure

May 21, 2010 by Dissent

David Singleton reports a follow-up to a Pennsylvania student sexting case that was covered previously on this site when a federal judge chastised a district attorney for threatening to prosecute the students. The injunction was later upheld by the Third Circuit.

A former Tunkhannock Area High School student accused school and Wyoming County law enforcement officials of violating her privacy rights by seizing and searching her cell phone and punishing her for storing nude and semi-nude photos of herself on the device.

The woman, who was a 17-year-old senior at the time, contends in a civil rights suit filed Thursday that the intimate photos were intended to be viewed “only by herself and, perhaps, her longtime boyfriend.” She is seeking unspecified damages and the destruction of all electronic and hard copies of the photos.


The woman was a schoolmate of three girls who sued when they were threatened with prosecution by former District Attorney George Skumanick after photos of them in various states of undress were circulated among Tunkhannock Area students in 2008. In April, a federal judge barred prosecutors from pursuing charges in the “sexting” case.


Shannon P. Duffy also discusses the case in the Legal Intelligencer.

Study: ITRC Encouraged by 2009 Victim Aftermath Study

May 21, 2010 by admin

The Identity Theft Resource Center has released its annual Aftermath study. From their press release:

For the first time in 7 years, The Identity Theft Resource Center (ITRC)® can state that it is encouraged by the findings of the Identity Theft: The Aftermath 2009™. It is becoming clear that some areas of great distress in the past have become less worrisome for the victims. This is true in terms of victim time involvement, cost to victim, support from friends, level of satisfaction in interactions with law enforcement, and fewer negative consequences.

  • Victim hours repairing damage: Victims reported spending an average of 68 hours repairing the damage done by identity theft to an existing account used or taken over by the thief, down from an average of 76 hours in 2008. In cases where a new account, criminal, governmental or a combination of several situations were involved, respondents reported an average of 141 hours to clean up the fraud. This is a significant decrease from the average of 265 hours in 2008.

  • Costs to victim: Respondents in 2009 spent an average of $527 dollars in out-of-pocket expenses for damage done to an existing account. This is down from the $741 reported in 2008.

  • Important Relationships: In 2009, 44% of the respondents indicated support from friends, while only 9% said friends were not supportive.

Unfortunately, the 2009 Aftermath, once again, shows a number of negative issues that victims continue to encounter. Check fraud is on the increase, along with cases involving governmental and criminal identity theft issues. The moment of discovery of the case continues to be adverse, indicating that the public and business sections have been less successful in proactive measures to stop identity theft crimes before they happen or become complicated. In addition, the victim’s inability to easily resolve negative records continues to be a stated point of frustration and source of anger, including short-term and long-term emotional impact.

  • Inability to clear negative records: Unfortunately, while victim time involvement may have decreased, there continues to be an inability to easily clear negative records. Nearly 1/3 of the respondents were unable to remove any negative items.

  • Victim discovery of crime: It is disturbing to note that self-proactive measures decreased from 2008, despite growing educational efforts nationwide to enhance consumers’ knowledge of this issue. It is equally disturbing that business-proactive measures reflect only a nominal increase.

  • Uses of victim information: Opening new lines of credit continues to remain the most frequently occurring use for a victim’s identity (55%). Ranking second in use of personal information are charges on stolen credit cards and debit cards at 34%. Check fraud continued to reflect an increase in 2009 either by synthesizing or theft of checks.

Since 2003, the ITRC has conducted annual victimization surveys to study the impact of identity theft crimes on its victims. The goal of these surveys and reports, now with seven years of information, is to view identity theft from the victim’s perspective. These annual studies provide a snapshot of each victim at the time they took the study.

Other general highlights include:

  • Prevalence of types of identity theft crimes: The “unlawful use of personal identifying information” for only financial identity theft crimes was reported by 74% of the respondents. The remaining 26% reflect cases of criminal identity theft, governmental identity theft, and/or combinations of the above.

  • Child identity theft: Responses indicate a shift in criminal behavior relation to child identity theft from family members to unknown perpetrators.

  • Emotional Impact: Dr. Charles Nelson (crime victim specialist), analyzed the short term and long term emotions felt by victims. He reached the following conclusions:

    • Despite media coverage and education about identity theft, the public still believes this happens to someone else. Thus, when this crime touches their lives, disbelief and denial are intensified, followed by anger and rage, similar to the stages of grief.

    • The ITRC is seeing an increase in long term shame, embarrassment, a sense of being an outcast, and undeserving of help. This may be due to strong consumer messaging about protecting yourself from identity theft.

    • Many victims “have on-going symptoms and do indicate that they are wrestling with long term dysfunctional changes in their behavior and thought patterns.”

The full report and all tables may be found on the ITRC website:

The Joys of Behavioral Advertising (and the power of Data Mining)

Facebook Knows Who You'll Hook Up With

… As the service's engineers built more and more tools that could uncover such insights, Zuckerberg sometimes amused himself by conducting experiments. For instance, he concluded that by examining friend relationships and communications patterns he could determine with about 33 percent accuracy who a user was going to be in a relationship with a week from now. To deduce this he studied who was looking which profiles, who your friends were friends with, and who was newly single, among other indicators.

(Related) The technology behind Behavioral Advertising can be used for other purposes...

Darpa Wants Code to Spot ‘Anomalous Behavior’ on the Job

By Noah Shachtman May 20, 2010 10:22 am

Can software catch a cyberspy’s tricky intentions, before he’s started to help the other side? The way-out researchers at Darpa think so. They’re planning a new program, “Suspected Malicious Insider Threat Elimination” or SMITE, that’s supposed to “dynamically forecast” when a mole is about to strike. Also, the code is meant to flag “inadvertent” disclosures “by an already trusted person with access to sensitive information.”

“Looking for clues” that suggest a turncoat or accidental leaker is about to spill (.pdf) “could potentially be easier than recognizing explicit attacks,” Darpa notes in a request for information.

I can't believe companies didn't know what data they were receiving. Someone had to look at the data in order to accurately parse it into formats that they could load into their database.

MySpace, Facebook and a half dozen other companies just screwed up. Big time.

Posted by Brad McCarty Follow Brad McCarty on twitter on May 21st, 2010

This is, to put it very lightly, not good. The Wall Street Journal is reporting that some of our largest fears have been realized. All of those promises that sites such as MySpace and Facebook have made regarding the safety of our personal information has been proven to be nothing but cheap talk.

… According to the article:

“Several large advertising companies identified by the Journal as receiving the data, including Google Inc.’s DoubleClick and Yahoo Inc.’s Right Media, said they were unaware of the data being sent to them from the social-networking sites, and said they haven’t made use of it.”

… Search Engine Land had a great article that talked about the convergence between privacy and advertising.

A long article, exploring Facebook's Guide to Privacy

Every Facebook Privacy Feature Revealed and Explained

Tools for Stalkers! Hey, that might make an interesting subject for a website. Think there's any money in it?

3 Fascinating Search Engines That Search For Faces

facesearch – Face Search Engine

Did you know you could make Google search for faces only, by adding a small bit of code? When you go to Google Image Search, enter your query and then add “&imgtype=face” (without the quotes of course) to the end of the URL. It will give you similar results as facesearch above.

PicTriev – Face Recognition Search Engine

Viewdle – Face Recognition Video Search Engine

Perhaps “Let's Get Google” would be a better name for the site?

May 20, 2010

Consumer Watchdog Launches Inside Google Website To Focus Light on Internet Giant

"Consumer Watchdog today formally launched its new Website, Inside Google, to focus attention on the company’s activities and hold Google accountable for its actions. The nonpartisan, nonprofit public interest group is launching Inside Google to educate the public and opinion leaders about Google’s dangerous dominance over the Internet, computing and consumers’ online lives. Inside Google’s blog is authored by experienced consumer advocates and journalists working to expose the “black box” at Google with an eye towards holding Google engineers accountable to social mores, ethical customs and the rule of law."

Isn't this like the fingerprint database (until they start deporting people with undesirable DNA)

House Votes To Expand National DNA Arrest Database

Posted by timothy on Thursday May 20, @05:19PM

"Millions of Americans arrested for but not convicted of crimes will likely have their DNA forcibly extracted and added to a national database, according to a bill approved by the US House of Representatives on Tuesday. By a 357 to 32 vote, the House approved legislation that will pay state governments to require DNA samples, which could mean drawing blood with a needle, from adults 'arrested for' certain serious crimes. Not one Democrat voted against the database measure, which would hand out about $75 million to states that agree to make such testing mandatory. ... But civil libertarians say DNA samples should be required only from people who have been convicted of crimes, and argue that if there is probable cause to believe that someone is involved in a crime, a judge can sign a warrant allowing a blood sample or cheek swab to be forcibly extracted."

A simple illustration of who is doing what. More informative than those simple bar charts I've been showing my Statistics students.

Thursday, May 20, 2010

Infographic - Which Age Groups Use Social Media

For my geeks

5 Alternative Ways To Install Ubuntu [Linux]

For the Ethical Hacker class (I'll claim it was stolen from the Secret Archives of the New York Times)

Lost Hacking Documentary Surfaces on Pirate Bay

By Kevin Poulsen May 20, 2010 12:00 pm

After collecting cobwebs in a studio vault for the better part of a decade, an unreleased documentary on the 2003 hacking scene leaked onto the Pirate Bay Thursday.

Narrated by actor Kevin Spacey, the 90-minute Hackers Wanted follows the exploits of Adrian Lamo, who pleaded guilty in 2004 to cracking the internal network of The New York Times.

Something for the students who annoy me!

Earwurm: Songs That Stick In Your Head

… Earwurm is a collection of such song that stick in your head. You can listen to a new tune every day or search the collection for a specific one.

It is a great way to get a tune stuck in somebody else’s mind too. Simply find a tune and forward it to them.

This might be fun for my Intro to Computers class ALSO might be a simple way to provide handouts... - Creating Temporary Web Pages

Page Easy is a tool that you can use in order to build a temporary web page. This can be used by those who don’t have a blog and who can’t be bothered to get one, and also by the ones who want an alternative to HTML email.

Using this site you can easily host a video online, or any picture that you want others to see without needing to be a programmer. As a matter of fact, you don’t have to type a single line of code - uploading a file is as easy as uploading an attachment when sending out an email.

Thursday, May 20, 2010

Only a few thousand more like this and this case is closed!

MasterCard Reaches Settlement With Heartland Payment Systems To Provide Issuers Worldwide Up To $41.4 Million For Data Breach Claims

May 19, 2010 by admin

MasterCard Worldwide today announced it has reached a settlement with Heartland Payment Systems (Heartland) to resolve claims by MasterCard and its issuers in connection with Heartland’s previously announced data security breach.

The settlement agreement calls for Heartland to fund up to $41.4 million of “alternative recovery offers” [Translation: I'll give you this if you promise not to sue. Bob] to be made to eligible MasterCard card issuers to settle their claims for operational costs and fraud losses alleged to have been incurred by them as a result of the breach. Issuers accepting their offers must agree to certain terms and conditions.

Source: Press Release

(Related) There's settlement and there's settlement.

PlainsCapital, former customer settle cyber fraud dispute

Dallas Business Journal - by Chad Eric Watt Staff Writer Wednesday, May 19, 2010, 10:37am CDT

PlainsCapital Bank has settled a lawsuit it brought against a Plano business after cyber thieves transferred more than $800,000 from the company's PlainsCapital bank account.

Hillary Machinery Inc. and PlainsCapital were able to recover about $600,000 of the funds sent from its account to eastern Europe.

When it asked PlainsCapital to repay the remaining $229,000, the bank responded by filing a lawsuit, said Troy Owen, sales vice president and co-owner at Hillary.

After we were ripped off, PlainsCapital filed suit against us for protection from us getting money back from them,” Owen said before the case was settled.

Hillary countered with its own claims, arguing that the Sunday morning wire transfers from Plano to Romania and Italy should have set off red flags in the bank’s fraud detection systems.

A PlainsCapital spokesman declined to comment Wednesday. Hillary has moved its bank accounts to another institution. Terms of the settlement were not disclosed. [Darn... Bob]

Clearly, they are capable of learning all the basic (if not “Best”) security practices – so I can only conclude they had no interest in actually implementing any of them before they were breached.

BCBS of Tenn. Breach: Lessons Learned

By Dissent, May 19, 2010 4:49 pm

Howard Anderson writes:

In the wake of an information breach affecting nearly 1 million people, executives at BlueCross BlueShield of Tennessee have many lessons to share and plenty of advice to offer.

On Oct. 2, 2009, someone stole 57 unencrypted hard drives from servers at a call center the insurer had recently closed. So far, there have been no arrests, nor any evidence of fraud committed, the company reports.


Among the actions the Tennessee plan has taken and the lessons it has learned are:

  • Adding a layer of physical security [Doors got locks! Bob] to protect servers is a prudent step.

  • Encryption should be applied widely, including on servers. [Theft of encrypted data is not a Breach! Bob]

  • Appointing a chief security officer [Find someone other than Senior Management to blame! Bob] helps to ensure coordination of all security efforts.

  • Organizations should carefully assess how long to store information. [Have a Records Retention Policy! Bob]

  • In preparing a breach notification plan, be sure to prepare a pre-selected list of vendors that can help with various tasks. [Avoid vendors who are too expensive and those whose services suck! Bob]

  • Train customer service representatives to deal with breach-related questions from the public.

  • Communicate frequent updates on breach investigations through the media and a Web site.

Read more on Interestingly, one of the lessons that I think everyone should have learned from this incident is not included in their list: think about recording calls for quality assurance purposes and ensure you have a way to retrieve PII and PHI if need be — and securely destroy such data on a frequent and regular basis. BCBS spent extraordinary time trying to figure out what was on the audio tapes. Of course, if strong encryption is used, some of that might not be necessary.

Previous coverage of the BCBS Tennessee breach can be found in these earlier blog entries.

Don't get mad, get even!

Corbett’s attempt to unmask anonymous critics sparks outrage

May 19, 2010 by Dissent

Earlier today, I posted a link to a TechCrunch story by Robin Wauters about how Pennsylvania Attorney General Tom Corbett, now the Republican candidate for Governor, had a grand jury subpoena Twitter to appear before the grand jury to “testify and give evidence regarding alleged violations of the laws of Pennsylvania.” As part of the subpoena, Twitter is to provide “any and all information” pertaining to two Twitter accounts, @bfbarbie and @CasaBlancaPA. Both of those accounts, and their companion blog, CasablancaPA, have been the source of frequent criticism of Corbett.

Not surprisingly, the blogosphere is lighting up over this subpoena, with most commenters speculating that Corbett is abusing his office and power to uncover the names of people who have anonymously criticized him. For his part, Corbett has not made any statement about the nature of the investigation or what Pennsylvania laws might have been violated. As WTAE reports:

During a Wednesday afternoon campaign rally at the Allegheny County Airport in West Mifflin, Corbett told Channel 4 Action News, “I can’t comment on that right now. That’s something that it’s a grand jury matter.” But Corbett did say the legal action is not about targeting people on Twitter who say things that he doesn’t like. Instead, he said this is related to an investigation.

Corbett was also quoted as saying:

“I don’t care about Twitter. If people — they twitter all the time. You know, I read it once. In fact, I only read — my only use of Twitter was to watch what you guys were saying during the (Bonusgate) trial. That’s how I kept on top of it day by day.”

So why, then, does Corbett want to know the identities of the two Twitter account holders? What did they tweet in 140 characters that is relevant to the grand jury? And if it was their blog entries that contain information relevant to an investigation, why not subpoena the account information on the blog? Is Corbett gambling that Twitter won’t put up as much of a fight as Google would?

And did Corbett inform the grand jury that he was asking them to subpoena the information on two people who had been highly critical of him?

Civil liberties groups are already watching this case. WTAE reported that:

Vic Walczak, of the ACLU’s Pittsburgh office, told Channel 4 Action News that the organization expects to get involved in this case.

“Attorney General Corbett’s subpoena to Twitter for identity information about people who have been criticizing him raises grave concerns about abuse of the grand jury process to retaliate against political critics and opponents, a most serious First Amendment violation,” Walczak said. “People in this country have a right to criticize government officials and to do so anonymously, as did Thomas Payne and the authors of the Federalist Papers.”

Matt Zimmerman of the Electronic Frontier Foundation also has concerns based on what’s been publicly revealed. In a statement to, Zimmerman noted that EFF has had frequent concerns about attempts to unmask anonymous Does because of critical speech, but

the concerns are heightened even more in this context, when you have the chief law enforcement officer of the state going after people who said mean things about him. It doesn’t look very good.

Zimmerman notes that things may not be what they seem, however, and that “we may all be wrong.”

Has there been an abuse of power or abuse of process? Without more facts, it is impossible to know. What is clear to this blogger, however, is that at the very least, Corbett has a serious public perception problem over the use of his police power in this case.

For its part, Twitter has apparently notified the account holders so that they can fight the subpoena, and the bloggers note that they are trying to arrange for legal representation.

(Related) You know you're in trouble when:

Wikileak Founder's Passport Confiscated

Siobhan Chapman, May 17, 2010 10:50 pm

Julian Assange, the founder of the whistleblower website Wikileaks, has had his passport confiscated by immigration officials when he arrived at Melbourne Airport last week.

According to reports, the passport was returned to him after about 15 minutes, but Assange was told by authorities that his passport was going to be cancelled because it was looking worn.

But Assange told the Australian current affairs programme Dateline that he has since received a letter from the Australian Communication Minister Steven Conroy's office stating that the the Australian Federal Police (AFP) has been asked to investigate the recent disclosure on Wikileaks of the Australian government's blacklist of banned websites.

Somehow, I never viewed Aussies as Puritans.

Australia Air Travelers' Laptops To Be Searched For Porn

Posted by CmdrTaco on Thursday May 20, @09:20AM

"Australian customs officers have been given the power to search incoming travelers' laptops and mobile phones for porn. Passengers must declare whether they are carrying pornography on their Incoming Passenger Card. The Australian government is also planning to implement an Internet filter. Once these powers are in places, who knows how they will be used."

Is this how the Founding Fathers would have written it into the Constitution?

A Bill of Privacy Rights for Social Network Users

May 19, 2010 by Dissent

Kurt Opsahl writes:

Social network service providers today are in a unique position. They are intermediaries and hosts to our communications, conversations and connections with loved ones, family, friends and colleagues. They have access to extremely sensitive information, including data gathered over time and from many different individuals.

Here at EFF, we’ve been thinking a lot recently about what specific rights a responsible social network service should provide to its users. Social network services must ensure that users have ongoing privacy and control over personal information stored with the service. Users are not just a commodity, and their rights must be respected. Innovation in social network services is important, but it must remain consistent with, rather than undermine, user privacy and control. Based on what we see today, therefore, we suggest three basic privacy-protective principles that social network users should demand:

#1: The Right to Informed Decision-Making

#2: The Right to Control

#3: The Right to Leave

Read more on EFF.

Interesting. Apparently a rootkit (maybe) on the defendants computer logged everything he did (to send home to the rootkit author?) including his hack of the email. Note to Hackers: Make certain your systems are malware free!

Malware and Search Warrant

May 19, 2010 by Dissent

Susan Brenner discusses an aspect of the search warrant and inspection of computer belonging to David C. Kernell, the young man who was subsequently convicted of hacking into Sarah Palin’s e-mail account:

A recent decision from a federal district court addresses an issue I hadn’t seen before: whether searching malware on the suspect’s computer was outside the scope of the search warrant issued for that computer. It seems a narrow issue, and unfortunately the opinion issued in the case doesn’t tell us a whole lot about what happened; but I thought the issue was worth writing about, if only to note that it arose.

Read excerpts from the court record and her commentary on Cyb3rcrim3.

Everything you ever said is on the Internet!

Elena Kagan - Nominee to be an Associate Justice of the U.S. Supreme Court - Committee Questionnaire

We need a “stock market” for Alternative Litigation. I'd like to invest in a few myself!

May 19, 2010

Rand: Overview of Alternative Litigation Financing in the United States

  • Alternative Litigation Financing in the United States: Issues, Knowns, and Unknowns - May 17, 2010, Steven Garber: "Alternative litigation financing (ALF) — also known as “third-party” litigation financing — refers to provision of capital by parties other than plaintiffs, defendants, their lawyers, or defendants' insurers to support litigation-related activity. This paper provides an overview of policy issues related to the legal ethics, social morality, and, especially, potential economic effects of ALF. It provides a snapshot of the only three segments of the ALF industry that appear to be fairly active as of early 2010, all of which provide support to plaintiffs or their lawyers. It offers lessons for policymakers, emphasizing distinctions that are often under appreciated in discussions of ALF. The paper concludes by suggesting that, for the next five to ten years, policymakers might best limit themselves to interventions that do not fundamentally interfere with the potential for increased competition to solve what appear to be important information problems that may limit the contributions of ALF to national economic performance."

Coming soon! HP Brand Dairy Products! Can Google Cheese be far behind?

10,000 Cows Can Power 1,000 Servers

Posted by samzenpus on Thursday May 20, @03:37AM

"Reducing energy consumption in data centers, particularly with the prospect of a federal carbon tax, is pushing vendors to explore an ever-growing range of ideas. HP engineers say that biogas may offer a fresh alternative energy approach for IT managers. Researchers at HP Labs presented a paper (download PDF) on using cow manure from dairy farms and cattle feedlots and other 'digested farm waste' to generate electricity to an American Society of Mechanical Engineers conference, held this week. In it, the research team calculates that 'a hypothetical farm of 10,000 dairy cows' could power a 1 MW data center — or on the order of 1,000 servers. One trend that makes the idea of turning organic waste into usable power for data centers is the moves by several firms to build facilities in rural locations, where high-speed networks allow them to take advantage of the cost advantages of such areas. But there are some practical problems, not the least of which is connecting a data center to the cows. If it does happen, the move could call for a new take on plug and play: plug and poo."

Might make a great tool for Student collaboration...

Google Wave Now Open to All

Last year at the Google I/O conference, the search giant created a tsunami of interest when it revealed Google Wave. This year the company is making the invite-only, real-time communication tool available to everyone — including Google Apps users — at

As you may recall, when invites first started rolling out last September, online users were clamoring to get in to Google Wave. Since then, Google. has made a number of important tweaks to the preview stage product, including e-mail notifications, read-only wave access and undo/redo options.

What? Times New Roman isn't sufficient?

Google offers free fonts for the Web

Anything that guide students through the resume creation process is good.

Doyoubuzz Launches In The US To Crush Word-Processed Resumes

Failure to backup your data is an admission that it is worthless.

Top 10 Backup Software Apps For Your PC

How to research when you have no idea what you are looking for? I resemble that remark!

3 Google Tricks When You Don’t Know What to Search For

Dilbert: How the tech-literate view the tech-illiterate.

Wednesday, May 19, 2010

This could be amusing. Google was “sampling” WiFi. How much data could be collected as they drove down your street? The formula would have to include: time of day, speed of the car, security of the WiFi, etc.

Class action lawsuit over Google wi-fi data collection filed

May 19, 2010 by Dissent

Karina Brown reports on what is likely to be only one of many lawsuits filed over Google’s revelation that it inadvertently collected personal information during its Street View operations:

In Portland, lead plaintiff Vicki Van Valin claims Google operates vehicles mounted with “wireless sniffers” that decode Wi-Fi data. She claims Google captured and decoded her Social Security number, banking information, medical records and other personal information, then stored the data on servers where “hundreds if not thousands” of Google employees could see it.

Read more on Courthouse News.

A copy of the complaint can be found here.

It seems that the plaintiffs claim that because they use an open wi-fi network, and because they transmit personal and sensitive information over it, and because Google has been on their street, then their personal information has been available, without their consent, to “hundreds of thousands” of Google employees.

A German court recently held that wi-fi users had an obligation to secure their network. We have no such law here, but I would pose this to the privacy law scholars who read this site: does a wi-fi user have a reasonable expectation of privacy if they do not secure their wi-fi network? [The term should be “Delusion of Privacy” Bob]

Some schools give Freshmen iPads, Berkeley gives DNA testing? I knew Berkeley was weird crazy different, but I don't get this at all...

UC Berkeley Asking Incoming Students For DNA

May 19, 2010 by Dissent

UC Berkeley is adding something a little different this year in its welcome package — cotton swabs for a DNA sample.

In the past, incoming freshman and transfer students have received a rather typical welcome book from the College of Letters and Science’s “On the Same Page” program, but this year the students will be asked for more.

The students will be asked to voluntarily submit a DNA sample. The cotton swabs will come with two bar code labels. One label will be put on the DNA sample and the other is kept for the students own records.

The confidential process is being overseen by Jasper Rine, a campus professor of Genetics and Development Biology, who says the test results will help students make decisions about their diet and lifestyle.

Read more on KTVU.

[From the article:

The results of the test will be put in a secure online database where students will be able to retrieve their results by using their bar code.

Rine hopes that this will excite students to be more hands-on with their college experience. [I must admit, I don't understand that connection... Bob]

… There will also be a science-themed art contest that will award the four best entries with a full genetic analysis. [Don't get that either... Bob]

How many of my Computer Security students match this profile?

Four Kids From South Florida Led the World’s Biggest Online Identity Heist

May 18, 2010 by admin

For those who are interested in the backgrounds and psychological aspects of hackers, Tim Elfrink has an article in the Broward – Palm Beach New Times on Albert Gonzalez, Jonathan James, Christopher Scott, Stephen Watt, names recognizable for their roles in the massive credit card number hacks that became cautionary tales.

Local and unreported to the State

VA breaches more numerous than we knew

By Dissent, May 18, 2010 12:02 pm

Miami VA Healthcare System wasn’t the only VA center that experienced a breach involving paper records containing protected health information on January 19 of this year. According to OCR’s web site, VA Eastern Colorado Health Care System also experienced a breach involving paper records:

VA Eastern Colorado Health Care System

State: Colorado

Approx. # of Individuals Affected: 649

Date of Breach: 1/19/10

Type of Breach: Improper Disposal

Location of Breached Information: Paper Records

These breach revelations, not reported in the media, and relatively small by some standards, come on the heels of other recent breaches involving the VA, some of which have gained Congress’s attention.

There are still a few procedural changes to be made before data is “secure”

P2P networks a treasure trove of leaked health care data, study finds

By Dissent, May 18, 2010 8:31 am

Jaikumar Vijayan reports:

Nearly eight months after new rules were enacted requiring stronger protection of health care information, organizations are still leaking such data on file-sharing networks, a study by Dartmouth College’s Tuck School of Business has found.

In a research paper to be presented at an IEEE security symposium Tuesday, a Dartmouth College professor Eric Johnson will describe how university researchers discovered thousands of documents containing sensitive patient information on popular peer-to-peer (P2P) networks.

One of the more than 3,000 files discovered by the researchers was a spreadsheet containing insurance details, personally identifying information, physician names and diagnosis codes on more than 28,000 individuals. Another document contained similar data on more than 7,000 individuals. Many of the documents contained sensitive patient communications, treatment data, medical diagnoses and psychiatric evaluations. At least five files contained enough information to be classified as a major breach under current health-care breach notification rules.

Read more on Computerworld.

A new target for hackers? How many Social Security checks does it take to retire comfortably in Brazil?

May 18, 2010

Broad New Treasury Initiative to Increase Electronic Transactions, Save More Than $400 Million, 12 Million Pounds of Paper in First Five 5 Years

News release: "With Americans poised to celebrate the 40th anniversary of Earth Day this week, the U.S. Department of the Treasury today announced a broad new initiative to dramatically increase the number of electronic transactions that involve Treasury and millions of citizens and businesses, a move that is expected to save more than $400 million and 12 million pounds of paper in the first five years alone. In addition to greatly reducing costs, enhancing customer service and minimizing Treasury's environmental impact, the move from paper to electronic transactions will increase reliability, safety and security for benefit recipients and taxpayers... Treasury will require individuals receiving Social Security, Supplemental Security Income, Veterans, Railroad Retirement and Office of Personnel Management benefits to receive payments electronically. Individuals will be able to receive benefits either through direct deposit into a bank account or Treasury's Direct Express debit card."

Like many PhD candidates, he has a firm grasp of the obvious.

Privacy expert: It’s good PR to say no to the government

May 18, 2010 by Dissent

Nancy Gohring reports:

A leading privacy researcher is urging companies to say no to government requests for data, arguing that it’s good for business.

“Or rather, saying yes can be really bad for business,” said Chris Soghoian, an Indiana University PhD candidate and security and privacy researcher.

Speaking on Monday at a Law Seminars International event in Seattle, Soghoian offered companies tips for handling law enforcement requests for data.

Consumers do care about their privacy and their reaction to news about companies that too willingly help the government access their data — or resist such requests — proves it, he said.

Smart lawyering or evil lawyering?

Did EFF lawyer cross line in LimeWire case?

by Greg Sandoval May 18, 2010 5:12 PM PDT

The lawyers who do most of the jousting over Internet copyright issues were abuzz last week after learning that a federal court judge suggested one of the more prominent among them had advised clients to destroy evidence.

On Wednesday, U.S. District Court Judge Kimba Wood issued a 59-page decision in Manhattan granting summary judgment in favor of the Recording Industry Association of America in its long-running copyright fight against file-sharing service LimeWire. The order opened the door for the top four record companies to force a closure of the service.

In addressing an issue of whether statements made by a former LimeWire executive should be considered by the court, Wood called out Fred von Lohmann, the much-quoted senior staff attorney at the Electronic Frontier Foundation, an advocacy group that fights for the rights of Internet users and technology companies. According to Wood, LimeWire founder Mark Gorton testified that he and former company Chief Technology Officer Greg Bildson received questionable advice from von Lohmann.

Something for Lawyers and whistle blowers...

How To Scrub Metadata From Word Documents [Windows]

The process you can use to scrub that personal metadata from Word documents is quite simple. It involves downloading and installing a free program called “Doc Scrubber.”

… Check out Karl’s article about scrubbing metadata from photos.

An amusing look at software licenses...

I could license you to use this software, but then I’d have to kill you

3 Ways To Recover Serial Numbers In Windows

Having to re-install your Windows operating system is nothing unheard of. Unfortunately, it has to be done at regular intervals. Before you start however, not only make sure all your data is backed up, but also that you have all the serial numbers of programs you would like to reinstall.

Something for everyone on Facebook? (and it's FREE)

New tool will check privacy settings on Facebook

… As it is now, Privacy Scanner will check your account’s Instant Personalization settings, which allows Facebook partners to customize their sites based on your public information. In addition to that check, it will also look at personal information, contact information, the information that friends can share about you, as well as the settings within friends, tags, and connections.

Tuesday, May 18, 2010

I kinda doubt it, although this article addresses government data in the Cloud.

DIA official says privacy, security different for cloud

May 17, 2010 by admin

Stephen Bell reports:

The government may have to make sacrifices in such treasured concepts as privacy and sovereignty, so that public sector organisations can take advantage of the “convenience” of the cloud, says a Department of Internal Affairs (DIA) project manager.

Adam Stapleton is managing a project for DIA’s Government Technology Services (GTS) arm, to produce “guidance to allow public sector agencies to reduce the barriers” to adoption of cloud computing services. He spoke at the Future Perfect digital continuity conference, held in Wellington recently.

Read more in Computerworld (NZ). Thanks to Brian Honan for sending the link to this.

[From the article:

The current GTS project that Stapleton oversees aims to provide an authoritative definition of cloud computing, track trends in its evolution “and talk about what is the opportunity space tactically for the next one or two years and the constraints – legislation and policy and other [factors] that may preclude some classes of information being used for some types of cloud computing services.

For my Computer Forensics students. Gathering Behavioral data for advertising doesn't depend on cookies...

Web Browsers Leave ‘Fingerprints’ Behind as You Surf the Net

May 17, 2010 by Dissent

From a new press release from EFF:

New research by the Electronic Frontier Foundation (EFF) has found that an overwhelming majority of web browsers have unique signatures — creating identifiable “fingerprints” that could be used to track you as you surf the Internet.

The findings were the result of an experiment EFF conducted with volunteers who visited The website anonymously logged the configuration and version information from each participant’s operating system, browser, and browser plug-ins — information that websites routinely access each time you visit — and compared that information to a database of configurations collected from almost a million other visitors. EFF found that 84% of the configuration combinations were unique and identifiable, creating unique and identifiable browser “fingerprints.” Browsers with Adobe Flash or Java plug-ins installed were 94% unique and trackable.

“We took measures to keep participants in our experiment anonymous, but most sites don’t do that,” said EFF Senior Staff Technologist Peter Eckersley. “In fact, several companies are already selling products that claim to use browser fingerprinting to help websites identify users and their online activities. This experiment is an important reality check, showing just how powerful these tracking mechanisms are.”

EFF found that some browsers were less likely to contain unique configurations, including those that block JavaScript, and some browser plug-ins may be able to be configured to limit the information your browser shares with the websites you visit. But overall, it is very difficult to reconfigure your browser to make it less identifiable. The best solution for web users may be to insist that new privacy protections be built into the browsers themselves.

“Browser fingerprinting is a powerful technique, and fingerprints must be considered alongside cookies and IP addresses when we discuss web privacy and user trackability,” said Eckersley. “We hope that browser developers will work to reduce these privacy risks in future versions of their code.”

EFF’s paper on Panopticlick will be formally presented at the Privacy Enhancing Technologies Symposium (PETS 2010) in Berlin in July.

For the full white paper: How Unique is Your Web Browser?:

For more details on Pantopticlick:…

For more on online behavioral tracking:

This suggests a couple of solutions. One, ensure that your originating error rate is 19.9% so any change sends the rate over the threshold. Two, measure the rate and send the recipient that number – significant deviation is another indicator of intercept.

Commercial Quantum Cryptography System Hacked

Posted by Soulskill on Monday May 17, @06:14PM

"Any proof that quantum cryptography is perfect relies on idealized assumptions that don't always hold true in the real world. One such assumption is related to the types of errors that creep into quantum messages. Alice and Bob always keep a careful eye on the level of errors in their messages because they know that Eve will introduce errors if she intercepts and reads any of the quantum bits in a message. So a high error rate is a sign that the message is being overheard. But it is impossible to get rid of errors entirely, so Alice and Bob have to tolerate a small level of error. This level is well known. Various proofs show that if the quantum bit error rate is less than 20 percent, then the message is secure. However, these proofs assume that the errors are the result of noise from the environment. Now, physicists have come up with an attack based on the realization that Alice also introduces errors when she prepares the required quantum states to send to Bob. This extra noise allows Eve to intercept some of the quantum bits, read them and then send them on, in a way that raises the error rate to only 19.7 percent. In this kind of 'intercept and resend attack,' the error rate stays below the 20 percent threshold and Alice and Bob are none the wiser, happily exchanging keys while Eve listens in unchallenged. The physicists say they have successfully used their hack on a commercial quantum cryptography system from the Geneva-based startup ID Quantique."

Sometimes you need to repeat, repeat, repeat...

New Study Finds That a National Value-Added Tax Could Permit Major Cuts in Corporate Income Taxes, Payroll Taxes


Tax Forms Cost Americans Billions of Hours – and Dollars, Taxpayer Group’s Study Finds

...and 'cause sometimes you need to cover your tracks!

iSendr: Send files directly to another computer over the web

… iSender is a web-based program that creates a link for you to send files directly to another computer without uploading it to a third party server.

Similar tools: FilesOverMiles, PipeBytes and JetBytes.