Saturday, July 10, 2010

I've long believed this was the case. It has implications for Identity Theft (e.g. Yesterday's article on a university Parking system that had data from 10 years ago in its hard drive.), e-Discovery and Data Mining (separating wheat from chaff), and of course the cost of storage.

Dell Says 90% of Recorded Business Data Is Never Read

Posted by timothy on Saturday July 10, @08:04AM

"According to a Dell briefing given to PC Pro, 90% of company data is written once and never read again. If Dell's observation about dead weight is right, then it could easily turn out that splitting your data between live and old, fast and slow, work-in-progress versus archive, will become the dominant way to price and specify your servers and network architectures in the future. 'The only remaining question will then be: why on earth did we squander so much money by not thinking this way until now?'"

As the writer points out, the "90 percent" figure is ambiguous, to put it lightly.

Justice is swift down under... But their laws are as strange as ours. Has anyone considered that if Google can do this “accidentally” then anyone (my Ethical Hackers, eastern European crime syndicates, CNN, NBC, NSA, etc.) could do the same thing deliberately? Remember: “Unencrypted communications has always relied on the kindness of strangers” Blanche DuBois

Google Found Guilty of Australian Privacy Breach

Posted by timothy on Saturday July 10, @12:06AM

"The Australian Privacy Commissioner has found Google guilty of breaching the country's Privacy Act when it collected unsecured WiFi payload data with its Street View vehicles. While the Commissioner could not penalize the company, Google agreed to publish an apology on its Australian blog, and work more closely with her during the next three years. Globally, Google is said to have collected some 600 GB of data transmitted over public WiFi networks. In May, the company put its high-definition Australian Street View plans on hold to audit its processes."

[From the article:

"[But] under the current Privacy Act, I am unable to impose a sanction on an organisation when I have initiated the investigation.

(Related) Okay, some one has considered the implications (opportunities?) of eavesdropping...

Consumer Group Sniffs Congresswoman’s Open Wi-Fi

We’re not sure what’s more humorous: That California Rep. Jane Harman, the ranking member of the House Intelligence Committee, maintains two unencrypted Wi-Fi networks at her residence, or that a consumer group sniffed her unsecured traffic in a bid to convince lawmakers to hold hearings about Google.

No Privacy issues here. These are not the 'droids we want.” You can think of it as spying or stalking or even as an automated paparazzi.

TwitFlink: Search For Tweets With Links On Any Twitter Account

TwitFlink is a simple, free to use website that helps visitors easily search for a Twitter user’s Tweets which contain links. On the homepage of the site you see a field where you can enter the Twitter username. The site executes a search for this name and searching for all their Tweets that contains links.

Similar tools: SiftLinks and Tlink.

Good law, bad math?

IAA's Tenenbaum Verdict Cut From $675k To $67.5k

Posted by Soulskill on Friday July 09, @05:01PM

"In SONY BMG Music Entertainment v. Tenenbaum, the Court has reduced the jury's award from $675,000, or $22,500 per infringed work, to $67,500, or $2,250 per infringed work, on due process grounds, holding that the jury's award was unconstitutionally excessive. In a 64-page decision (PDF), District Judge Nancy Gertner ruled that the Gore, Campbell, and Williams line of cases was applicable to determining the constitutionality of statutory damages awards, that statutory damages must bear a reasonable relationship to the actual damages, and that the usual statutory damages award in even more egregious commercial cases is from 2 to 6 times the actual damages. However, after concluding that the actual damages in this case were ~ $1 per infringed work, she entered a judgment for 2,250 times that amount. Go figure." That $2,250 per infringed work figure should look familiar from Jammie Thomas-Rassett's reduced damages judgment — $54,000 for 24 songs.

The article bemoans the difficulties of using even tiny exerpts of copyrighted material, but offers a great illustration and an interesting suggestion...

Curse of the Greedy Copyright Holders

Still, I can't help but wonder if major publishers might want to let economists, rather than copyright attorneys, govern their decisions in this area. If you agree, perhaps you might quote this essay to them. I'm sure we can work out a reasonable fee.

An interesting infographic. There are several blogs (sadly, not mine) in the top ten.

Which News Sites Are the Most Shared?

According to Backtype (who kindly provided the data), the following ten sites are the ‘most shared’ news sites online. The graphic illustrates how the sites are shared, who their biggest influencers are (via twitter), and what stories are being shared the most.

Open source Cloud Computing

IBM, EU partner on open source projects

IBM and the European Union are partnering on two projects that, in the end, aim to make government run more smoothly and businesses able to collaborate on web-based services.

Both will take advantage of and contribute to the open source community.

PINCETTE (which means "tweezers" in French) aims to be a new technology that will be able to hone in on even the smallest of software bugs in large networks that control the likes of electrical grids, water pipes and nuclear power plants.

… The other project, the Artifact-Centric Service Interoperation (ACSI) consortium, is meant to "help businesses more easily take advantage of Internet-based services - or 'e-services' - to create collaborative business operations and achieve shared business goals."

Basically, it will enable smaller businesses to make use of various technologies without having have the technological expertise in-house. Much of it will be done using open-source software, to enable easier blending and mixing of technologies that previously would have had to be custom-built for a company's needs.

For my Computer Security geeks.

REMnux, the Malware Analysis Linux OS

Posted by Soulskill on Friday July 09, @03:35PM

"A security expert has released a stripped-down Ubuntu distribution designed specifically for reverse-engineering malware. The OS, called REMnux, includes a slew of popular malware-analysis, network monitoring and memory forensics tools that comprise a very powerful environment for taking apart malicious code. REMnux is the creation of Lenny Zeltser, an expert on malware reverse engineering who teaches a popular course on the topic at SANS conferences. He put the operating system together after years of having students ask him which tools to use and what works best. He originally used Red Hat Linux, but recently decided that Ubuntu was a better fit. REMnux has three separate tools for analyzing Flash-specific malware, including SWFtools, Flasm and Flare, as well as several applications for analyzing malicious PDFs, including Didier Stevens' analysis tools. REMnux also has a number of tools for de-obfuscating JavaScript, including Rhino debugger, a version of Firefox with NoScript, JavaScript Deobfuscator and Firebug installed, and Windows Script Decoder."

Experiment with Cloud Computing! - Deploying Your Apps In The Cloud

By now, everybody is aware of the direct and indirect advantages that cloud computing has got, and nobody would think it strange if you (as a developer) wanted to deploy your applications there.

… The site provides a service for deploying and managing open source applications in the cloud.

… The main selling point of this service is that it brings cloud management into the hands of everybody, and that includes people with limited IT knowledge. [A scary thought. Bob] As a matter of fact, you can know nothing about IT and still use this service. And (in the end) that is the one aspect that gives Standing Cloud a true edge.

Even great universities can be home to truly lousy lecturers (and vice versa) The trick is to find the lecture that works best for you.

FreeVideoLectures: 700+ Free Online Video Courses From Leading Universities

The internet has made a big leap in providing people access to educational materials. People who cannot afford to go to Harvard or Oxford can now view podcasts, videos, and course materials without ever having to enroll.

This website has a great motto: “to organize the world’s educational videos and make them universally accessible and down-loadable”. They offer 700 + free online video courses from more than 25+ top universities on 30+ subjects.

Why? My Website students learn to read the underlying HTML of their favorite sites so they can see how they were built and emulate them.

Download Entire Sections Of The Internet To Read Offline With WinWSD

The most common use for applications like WinWSD is to download a “mirror” of an entire website. This will basically let you browse every single page on an entire website even though you’re offline. Obviously many external links or images won’t work properly, but all of the local files, scripts, images and videos will all work without an Internet connection.


This application is similar to the apps Tina covered in her mini series about offline browsing, where she covered Scrapbook and HTTrack.

This is an interesting variation on Amazon's “Associate” program. I could see “suggesting” books to my students. (It's in the UK. Perhaps we could develop a similar US service.) - Have Your Very Own Bookstore


Eclector is a service that will let you have your very own online bookstore and keep 50 % of the actual profits that are made through it.

[The “How it works” video:

Friday, July 09, 2010

Another “minor” suit out of the way. Was it worth the lawyers' time? (and of course the cops got bupkis)

Investor, TJX settle suit over data theft

July 8, 2010 by admin

Hiawatha Bray reports:

TJX Cos., which owns the T.J. Maxx and Marshalls discount retail chains, has settled an investor lawsuit related to the theft of millions of its customers’ credit card numbers.

The Louisiana Municipal Police Employees’ Retirement System, which holds shares of TJX stock, alleged that members of the TJX board of directors failed in their duty to protect customers’ personal data.

TJX announced yesterday that it had settled the lawsuit on Friday. A lawyer for the Louisiana police retirement fund, which filed its lawsuit in Delaware, where Framingham-based TJX is incorporated, did not return calls seeking comment. Bloomberg News reported the case was settled for $595,000 in legal fees and enhanced oversight of customer files.

Read more in the Boston Globe.

Gary Alexander (Law Librarian extraordinaire) finds another article I missed. It continuously amazes me that such trivial systems (parking) hold so much unsecured data for so long.

UH breach affects 53,000

University of Hawaii officials said yesterday that a hacker breached the security of a parking office computer server that contained personal information of 53,000 people.

There were 40,870 Social Security numbers and 200 credit cards that were possibly compromised, officials said.

… Although officials do not know how it happened, [We're a pretty clueless University... Bob] they believe a site in China was involved, Takayama said.

The affected people included: Anyone who did business with the parking office between Jan. 1, 1998, and June 30, 2009;

I would have expected better security for Pirate Bay. Now I suppose I'll get emails from the “Let me steal that for you” services.

Pirate Bay Hack Exposes User Booty

July 8, 2010 by admin

Brian Krebs reports:

Security weaknesses in the hugely popular file-sharing Web site have exposed the user names, e-mail and Internet addresses of more than 4 million Pirate Bay users, according to information obtained by

An Argentinian hacker named Ch Russo said he and two of his associates discovered multiple SQL injection vulnerabilities that let them into the user database for the site. Armed with this access, the hackers had the ability to create, delete, modify or view all user information, including the number and name of file trackers or torrents uploaded by users.


This pretty much sums things up. Organizations are better at finding the loopholes in the law than the loopholes in their own security practices.

Data Breaches: A Black Hole – ITRC

July 8, 2010 by admin

The Identity Theft Resource Center is singing to this choir. Their most recent press release:

As of June 30th, The Identity Theft Resource Center® recorded 341 individual breaches for the first six months of 2010. Unfortunately, hundreds of breaches have been veiled from the public, delayed in publication, or not listed on any public lists. The question still remains: How many breaches and victims are there?

Despite a law stating all medical breaches involving more than 500 people must be listed on the Health and Human Services (HHS) breach list, ITRC recorded medical breaches which never made the list. Why? The HHS list allows a “risk of harm” loophole, [Why not just say “We're passing this law to show the voters how tough we are, but we don't actually want to inconvenience our large contributors.” Bob] without requiring federal law enforcement verification. One state’s recent breach list reported more than 200 breaches. Most are not included in the ITRC Breach Report because they did not include sufficient pertinent details regarding the event. Some states now harbor a protected breach list which is not made public at all, or is only accessible by exercising the Freedom of Information Act.

The ITRC has a clearly defined policy on what constitutes a breach: an event in which an individual name plus Social Security Number (SSN), driver’s license number, medical record or a financial record/credit/debit card is potentially put at risk – either in electronic or paper format. Most agencies, state and federal, have a similar understanding of what constitutes a breach. Why is there such a disparity between the number of breach occurrences and the information made available to the public? Why is there not a greater effort for openness and transparency with the public? If an agency as small as the ITRC can publish a weekly breach list, then doing so is certainly within the abilities of any state or federal agency. The list posted by the New Hampshire Attorney General’s Office is a shining example of transparency in the interest of the public good.

It is important for the public, when becoming aware of the details of a data breach, to immediately have a broad understanding as to whether their personal information may be involved. Incomplete information feeds public fears and does not accomplish the intended transparency of most breach laws. This situation further encourages bad behavior on the part of companies who should be more concerned about the protection of the privacy of their customers. Consumers want to know if they are at risk from even a small breach. The details of a breach help determine their risk factors as well as guide them in proactive measures.

Since 2005, the ITRC has maintained a detailed breach list which is updated weekly. This list, and supplemental reports, allows the ITRC to compare data of known breaches and help form a partial picture of breach patterns. For 2010 we know:

  • 46% of all breaches do not disclose how many records were potentially affected

  • 38% of all known breaches didn’t disclose how the breach occurred

  • The business community accounted for 36% of all breaches, the highest category listed

  • 82% of all breaches were electronic and 18% were paper oriented

  • Data on the Move accounted for 17% of all breaches with the business community ranking highest. If added with Accidental Exposure (8%), 25% of data breaches were presumably non-malicious in nature

  • Insider Theft (17%) and hacking (17%) resulted in a combined total of 34% of breaches known to have occurred from malicious attacks.

ITRC and the public will not know the whole story about breaches until a public federal database is created listing all data breaches in detail. Until then, we teeter around the edge of a black hole getting only glimpses of light upon hidden breach events.

Is there “big bucks” in the “suing Privacy violators” business? We'll see.

Lawyers Who Won NSA Spy Case Demand $2.63 Million

How much does it cost to convince a federal judge your clients were victims of President Bush’s once-secret warrantless spy program? $2.63 million.

That’s the combined payment a team of eight lawyers is demanding from the government after proving their clients were illegally wiretapped under a once-secret National Security Agency spy program adopted in the wake of the 9/11 terror attacks.

… Judge Walker has given the government until Aug. 4 to dispute the fee proposal. Judge Walker has not ruled on Eisenberg’s motion to pay an additional $612,000 in damages, split evenly among his two clients and the charity.

I wonder if the state will keep records of your purchases and down the road send someone to offer memberships in AA?

Swipe, smile, blow: Pa. has wine vending machines

HARRISBURG, Pa. — Swipe your driver's license, look into the camera, blow into the breath sensor and — voila! — you have permission to buy a bottle of wine from a vending machine.

Pennsylvania, which has some of the most Byzantine liquor laws in the nation, recently introduced the country's first wine "kiosks." If the machines are successful in their test run inside two grocery stores, the state Liquor Control Board could place the high-tech alcohol automats in about 100 others.

I doubt it, but it might have some trivial effect. Interest to contemplate what would have to occur for Facebookies to abandon their egos.

Are Privacy Problems Finally Killing Facebook?

Interesting news from the world of Internet bean counters: Facebook's growth last month stalled to virtually nothing - at least here in the US. And a number of people are pointing to the social network's seemingly endless series of privacy and security gaffes as the culprits.

According to market research wonks Inside Facebook, the world's biggest social network added just 320,000 new US users in June.

This could be handy.

July 08, 2010

Library of Congress Global Legal Information Catalog

"The Global Legal Information Catalog includes information about publications which reprint the laws and regulations of multiple jurisdictions on a particular legal topic. The purpose of the database is to provide additional identifying information about titles, beyond that which is provided in the Library's online catalog. The database works as an interface with the Library of Congress’s online catalog and is searchable by jurisdiction, title, subject and keyword."

About time! I've had my students doing this for (Internet) ages!

July 08, 2010

National Archives Announces Launch of New "Our Archives" Wiki

"The National Archives announces the launch today of its first public wiki called “Our Archives” on Wikispaces located at: “Our Archives” provides a collaborative space for members of the public, researchers, and staff to share knowledge about National Archives records, resources and research. The wiki is an opportunity for researchers, historians, archivists, and citizen archivists to work together to create pages on specific records or topics as well as to share information and resources to connect with other researchers."

I think this is inevitable, but still a bit too complicated for the average non-geek.

Ask Maggie: On dumping cable for online video

This could mean a 95% reduction in government IT spending! (I wonder if Congress will pass a “Pimp compensation” bill for all those forced out of work?)

House votes to block Net porn on government PCs

For my Computer Security majors

NIST Updates Federal Cybersecurity Guidelines

The National Institute for Standards and Technology (NIST) on Wednesday released an updated set of guidelines that organizations can use to develop their security assessment plans, as well as their associated procedures for security controls.

For my Small Business Management students

AcceptPay: Send Free Electronic Invoices & Accept Payments Online

AcceptPay is a great new solution from American Express that lets you send free electronic invoices and accept payments online The free version called AcceptPayLite lets you send an 10 electronic invoices each month to as many customers as you want for free. You can even set up recurring invoices and manage your receivables online.

Similar sites: PaperFreeBilling, Invoice Journal, InvoiceASAP, BillPDF, InvoicePlace,

Thursday, July 08, 2010

The next Attorneys General dogpile?

Legal proceedings against Facebook for illegally accessing and saving personal data of people who don’t use Facebook

July 7, 2010 by Dissent

A German data protection official said Wednesday he launched legal proceedings against Facebook, which he accused of illegally accessing and saving personal data of people who don’t use the social networking site.

… “We consider the saving of data from third parties, in this context, to be against data privacy laws,” Caspar said in a statement.

Facebook has until Aug. 11 to respond formally to the legal complaint against it. Its response will determine whether the case goes further.

Read more on Hot Indie News.

[From the article:

In April, Facebook changed its privacy settings to allow users to block access to the contacts listed in their e-mail, but Caspar argues that the previously saved contacts have not been erased and are being used for marketing purposes.

Another country heard form. Literally.

IE: Breach notification guidance and code available online

July 8, 2010 by admin

The Breach Notification Guidance and Data Security Breach Code of Practice have been posted to the web site of the Data Protection Commissioner of Ireland.

How would you control Behavioral Advertising?

UK: Behavioural advertising is fair if users can opt out, says privacy watchdog

July 8, 2010 by Dissent

The Information Commissioner’s Office (ICO) has published its first code of practice for the gathering and processing of personal data online. It gives companies guidance on how to treat the information they gather when offering services on the internet.

Some internet users and privacy groups have expressed concern about the increasingly common practice of tracking users’ behaviour and showing them advertising based on that activity in a bid to increase its relevance and effectiveness.

The ICO’s new guide has said that there is nothing wrong with that practice when it is conducted fairly.


Related: The code of practice (pdf), 2.3 MB

The BBC covers the story here.

E-Traffic Cameras?

U.S. Plans Cyber Shield for Utilities, Companies

The federal government is launching an expansive program dubbed "Perfect Citizen" to detect cyber assaults on private companies and government agencies running such critical infrastructure as the electricity grid and nuclear-power plants, according to people familiar with the program.

The surveillance by the National Security Agency, the government's chief eavesdropping agency, would rely on a set of sensors deployed in computer networks for critical infrastructure that would be triggered by unusual activity suggesting an impending cyber attack, though it wouldn't persistently monitor [Translation: Sporadic? Bob] the whole system, these people said.

… An NSA spokeswoman said the agency had no information to provide on the program.

… A U.S. military official called the program long overdue and said any intrusion into privacy is no greater than what the public already endures from traffic cameras. It's a logical extension of the work federal agencies have done in the past to protect physical attacks on critical infrastructure that could sabotage the government or key parts of the country, the official said.

Say what you mean and mean what you say.” In the original email, TSA said it would block websites with "controversial opinion." If that was wrong – something bureaucracies rarely admit – wouldn't they use the same words to reverse their new rule? Sounds like someone misstated their position and a different someone responded to the uproar. So, who's in charge?

TSA Responds to Web Blocking Memo

Responding to a story first reported by CBS News on Saturday, the Transportation Security Administration (TSA) today said it, "uses a security technology to limit access to categories of web sites that pose an increased security risk. TSA does not block access to critical commentary about the organization..."

Automating a “legal review” is difficult, but if they can significantly reduce the number of items requiring human review, they can save a ton of money – and Google spends tons of money every day. Perhaps this could be adapted for e-Discovery?

Google's New Scheme To Avoid Unlicensed Music

Posted by samzenpus on Wednesday July 07, @09:10PM

"Complaints about copyright infringement on YouTube keep Google busy. If you have any doubts, just look at the Viacom copyright suit. But the problems aren't just about uploaded videos, but sometimes the music accompanying the videos. A patent application shows that Google has worked on a system to automatically identify infringing music by comparing a digital signature of a soundtrack to signatures of existing music. Users who upload videos could opt to completely remove the video, swap the soundtrack for something approved, or to mute the video. Of course, there doesn't seem to be a provision if you're using existing music with permission."

Q: How can you not like a lawyer who rhymes? A: Same as any other.... (Don't miss the e-Discovery poem at the end of the article.)

The Poetry of e-Discovery: People Not Only Make Mistakes, They Lie, Steal, Cheat and Fake

Kind of a backhanded slap. Why hire “inferior” workers?

Chinese Company Seeks US Workers With 125 IQ

Posted by samzenpus on Thursday July 08, @07:57AM

"A Chinese IT outsourcing company that has started hiring new US computer science graduates to work in Shanghai requires prospective job candidates to demonstrate an IQ of 125 or above on a test it administers to sort out job applicants. In doing so, Bleum Inc. is following a hiring practice it applies to college recruits in China. But a new Chinese college graduate must score an IQ of 140 on the company's test. The lower IQ threshold for new US graduates reflects the fact that the pool of US talent available to the company is smaller than the pool of Chinese talent, Bleum said."

Statistics. Long live the Twits!

Twitter Now the World's Fastest Growing Search Engine

According to cofounder Biz Stone, who spoke yesterday at the Aspen Ideas Festival, Twitter now reaches some 800 million search queries per day. That's over 24 billion searches per month, more than Bing (4.1 billion) and Yahoo (9.4 billion) combined.

While Stone's company is still a long way off from Google, which supports around 88 billion search queries per month, Twitter is quickly catching up.

(Related) With growth comes pain. I would imagine it is difficult to grow your infrastructure as rapidly as their usage is growing, but should you take that out on your users?

Twitter Throttling Hits Third-Party Apps

Posted by timothy on Wednesday July 07, @03:52PM

"Twitter's battle to keep the microblogging service from falling over is having a dire affect on third-party Twitter apps. Users of Twitter-related apps such as TweetDeck, Echofon and even Twitter's own mobile software have complained of a lack of updates, after the company imposed strict limits on the number of times third-party apps can access the service. Over the past week, Twitter has reduced the number of API calls from 350 to 175 an hour. At one point last week, that number was temporarily reduced to only 75. A warning on TweetDeck's support page states that users 'should allow TweetDeck to ensure you do not run out of calls, although with such a small API limit, your refresh rates will be very slow.'"

Scientists acting like teenagers? Why not. Politicians do it all the time.

July 07, 2010

The Independent Climate Change E-mails Review July 2010

Follow up to postings on the Intergovernmental Panel on Climate Change (IPCC), this news release: "The Independent Climate Change Email Review, undertaken by Sir Muir Russell and his team, has issued its report on issues arising from the publication of hacked emails from the University of East Anglia's Climatic Research Unit."

The Independent Climate Change E-mails Review, July 2010. From the Executive Summary:

  • "Climate science is a matter of such global importance, that the highest standards of honesty, rigour and openness are needed in its conduct. On the specific allegations made against the behaviour of CRU scientists, we find that their rigour and honesty as scientists are not in doubt.

  • In addition, we do not find that their behaviour has prejudiced the balance of advice given to policy makers. In particular, we did not find any evidence of behaviour that might undermine the conclusions of the IPCC assessments.

  • But we do find that there has been a consistent pattern of failing to display the proper degree of openness, both on the part of the CRU scientists and on the part of the UEA, who failed to recognise not only the significance of statutory. [requirements but also the risk to the reputation of the University and, indeed, to the credibility of UK climate science."]

If you can view it, you can probably capture it. The Simplest Way To View Full Length Movies For Free Online is different. The service stands out because of its super smooth user experience. While doesn’t host any movies, they crawl the best sites for high-quality movies and bring them to you for a better viewing experience. If the movie at the original source is in 6 different parts, will combine them for you so you don’t see a lag. Most of the movies are DivX based so the quality is much better than the FLV counterparts.

Large collection of foreign movies. No registration required.

Wednesday, July 07, 2010

Some insight into the minds of management?

“We know nothing about security, so we only do something if we are forced to.”

“We never do anything based on risk. Saving a few bucks now is more important than avoiding huge costs in the future.”

“Passwords are adequate security.”

“We believe you have no idea how software works, so you will buy our BS about proprietary software being the only possible way to read data.”

Hospital Explains its Breach Decisions

July 6, 2010 by admin

Joseph Goedert reports:

Lincoln Medical and Mental Health Center in Bronx, N.Y., recently notified 130,495 patients of a breach of their protected health information after seven CDs a business associate FedEx’d were lost (see story). In a statement to Health Data Management, the hospital, part of NYC Health and Hospitals Corp., explains why the data was not encrypted and free identity and credit protection services were not offered to affected patients.

Under the HIPAA security regulations, encryption is not a legal requirement but a suggested ‘addressable’ method of safeguarding electronic protected health information. Nevertheless, the Siemens CDs had been safeguarded using password protection. Moreover, in the very unlikely event that an unauthorized user managed to crack or bypass the password, that individual would need to know how to access and utilize Siemens’ proprietary software in order to view the information.

Read the rest of their rationale on Health Data Management

A first, but the e-book is a bit hard to read online (there is a print option for you tree killers)

UK: New rules for privacy online

July 7, 2010 by Dissent

Organisations that flout privacy online risk a double whammy of enforcement action by the Information Commissioner’s Office and the loss of trust from customers. In a major speech on privacy protection today, Christopher Graham, the Information Commissioner, appealed to businesses, charities and public bodies to be straight with consumers so that people know why their personal information is being collected, how it will be used and who else may end up seeing it.

Launching the Personal information online code of practice– the first guidance document of its kind – Christopher Graham said: “The benefits of the internet age are clear: the chance to make more contacts, quicker transactions and greater convenience. But there are risks too. A record of our online activity can reveal our most personal interests. Get privacy right and you will retain the trust and confidence of your customers and users; mislead consumers or collect information you don’t need and you are likely to diminish customer trust and face enforcement action from the ICO.”

Organisations that adhere to the good practice tips in the Code of Practice will enable consumers to make an informed choice about whether they sign up for a particular online service. Keeping out of date records or not holding personal information securely help nobody and could result in enforcement action.

Christopher Graham added: “Organisations must be transparent so that consumers can make online privacy choices and see how their information will be used. Individuals can take control by checking their privacy settings and being careful about the amount of personal details they post to social networking sites and elsewhere online.”

A guide for consumers is published alongside the Code giving advice on avoiding online scams, the importance of being cautious about who you are disclosing information to and using privacy settings effectively.

Source: Information Commissioner’s Office

[This PDF is easier to read:

This relates to some earlier “terms of use” and “privacy policy change” issues Asks Judge To Dismiss Privacy Lawsuit, Claiming Info Was Public Before Policy Change

July 6, 2010 by Dissent

Wendy Davis reports:

Reunion site is asking a federal judge to dismiss a lawsuit alleging that the site violated users’ privacy by revising its default settings to make users’ information accessible via Facebook, iPhone apps, and other third-party services.

In a motion arguing that the case should be dismissed, says that users’ profile information was available to other Web users before its change in terms.

Read more on MediaPost.

[From the article:

Ferguson and Fahy allege that Classmates broke its contract with users by changing its privacy policy and default settings on an opt-out basis.

But the company contends that it didn't violate its contract with users because it said in its original privacy policy that it reserved the right to change its practices at any time.

Ferguson and Fahy counter that a clause allowing Classmates to change its privacy terms at will is not valid. "If Classmates has carte blanche to decide any day that is not bound by any of the contract provisions that comprise the privacy policy, then there is no contract -- it is completely illusory," they argue.

Let's hope this is not a model for the nation-wide health care record system

R.I. ACLU sues state over rules governing medical records

By Dissent, July 6, 2010 11:07 am

Felice J. Freyer reports:

A suit filed [last] Tuesday alleges that newly adopted regulations fail to adequately protect patient privacy under the state’s developing system for exchanging electronic medical records.

The suit by the Rhode Island affiliate of the American Civil Liberties Union says that regulations developed by the state Department of Health are full of gaps that leave patients vulnerable.

The regulations govern the Health Information Exchange, a system that will enable doctors, hospitals, laboratories and pharmacies to easily access and exchange patient information.

Read more in the Providence Journal.

A copy of the complaint can be found on the ACLU’s web site, as can their press release.

[From the article:

The ACLU asserts that the regulations fail to spell out: the process by which patients or providers can learn that participation is voluntary; how patient confidentiality will be addressed; what the authorization form will look like; how the recipients of confidential information will be authenticated; and how one goes about terminating participation in the exchange.

There is a erason why this is described ans the electronic equivalent of “whack-a-mole”

US Pirate Movie Site DNS Seizure Fail

Posted by timothy on Tuesday July 06, @01:40PM

"Last week, the US government in a highly publicized copyright protection frenzy took the extraordinary step of seizing domain names from foreign movie sites like and While the seizure raises confusing Internet legal / jurisdiction questions (the US and perhaps the state of Kentucky can seize domain names for foreign companies?), this study shows the legal issues may be moot — the raids mostly failed. Within hours of domain name seizure, was back up and running (but this time using a Chinese registrar and a Cocos Islands ccTLD)."

Corporate cultures impact more than employees. We've already seen this in the newspaper industry (and RIAA, MPAA, etc.)

Microsoft Out of Favor With Young, Hip Developers

Posted by kdawson on Tuesday July 06, @06:42PM

"Microsoft's failures with the KIN phone (only two months on the market, less than 10,000 phones sold) are well-known to this community. Now the NY Times goes farther, quoting Tim O'Reilly: 'Microsoft is totally off the radar of the cool, hip, cutting-edge software developers.' Microsoft has acknowledged that they have lost young developers to the lures of free software. 'We did not get access to kids as they were going through college,' acknowledged Bob Muglia, the president of Microsoft's business software group, in an interview last year. 'And then, when people, particularly younger people, wanted to build a start-up, and they were generally under-capitalized, the idea of buying Microsoft software was a really problematic idea for them.' Microsoft's program to seed start-ups with its software for free requires the fledgling companies to meet certain guidelines and jump through hoops to receive software — while its free competitors simply allow anyone to download products off a website with the click of a button."

I must have some students who would find this interesting...

Quantum Physics For Everybody

Posted by kdawson on Tuesday July 06, @05:11PM

fiziko writes in with a self-described "blatant self-promotion" of a worthwhile service for those wishing to go beyond Khan Academy physics: namely Bureau 42's Summer School.

"As those who subscribe to the 'Sci-Fi News' slashbox may know, Bureau 42 has launched its first Summer School. This year we're doing a nine-part series (every Monday in July and August) taking readers from high school physics to graduate level physics, with no particular mathematical background required. Follow the link for part 1."

Here's a simple service that could probably be done with free software by the author, but will likely find a home because many authors are too busy to spend time getting technical. Not free - Turn A Text Or A PDF Into An eBook

Publish Green is a company that specializes in turning PDFs into eBooks. That is, through the site anybody can upload a PDF that he has created and have it instantly turned into a great-looking eBook that can be visualized using a device like an iPad, a Kindle or a Nook.

And there is more to it, as the eBook that you create like this can actually be distributed as widely as you want. You can have your pick from three different packages: distribution through Amazon, distribution through Amazon and Apple’s iBookstore, and a global distribution package that includes over 28 different resellers such as My Book Orders, Indigo Chapters, Infibeam and Bookstrand. You can earn 90 % to 100 % net royalties of these sales, too.

There are currently three different eBook formatting packages for you to choose from: “Basic”, “Advanced” and “Premium”. It is important to note that in each and every case the eBook formatting is done by a human editor - the conversion is never automated. The main difference between these packages lies in the number of formats that are actually supported, and the number of included revision cycles.

Ah Grammar. I knew him well, Horatio.

The Best Free Online Grammar Resources

Tuesday, July 06, 2010

“We couldn't stuff all your cash into the envelope, so we just sent the cards.”

HSBC Bank Sends Activated Debit Cards Through Mail

Posted by kdawson on Monday July 05, @08:04PM

"At least two divisions at HSBC Bank apparently failed card issuing 101 and are mailing out debit cards pre-activated. Because they are debit cards, fraudulent transactions come directly out of a victim's checking account. A similar report from 2004 suggests this issue is longstanding and widespread. When confronted with the evidence, HSBC would not commit to fixing this issue, preferring instead to offer vague statements like, 'Through our systems and analytics, we focus on the greatest and most active threats in an effort to avoid negatively impacting customer experience.'"

(Related) What were they thinking? “We can save one ten-thousandth of a cent per picture if we leave off all security!”

Photo Kiosks Infecting Customers' USB Devices

Posted by kdawson on Tuesday July 06, @05:29AM

The Risky Biz blog brings news that Big W, a subsidiary of Woolworths, has Windows-based Fuji photo kiosks in at least some of its stores that don't run antivirus software, and are therefore spreading infections, such as Trojan-Poison-36, via customers' USB storage devices. Here is the account of the original reporter.

"It's not just the lack of AV that's the problem... it appears there's been zero thought put into the problem of malware spreading via these kiosks. Why not just treat customers' USB devices as read-only? Why allow the kiosks to write to them at all? It would be interesting to find out which company — Fuji, Big W, or even some other third party — is responsible for the maintenance of the machines. It would also be interesting to find out if there are any liability issues here for Big W in light of its boneheaded lack of security planning."

Old school, but if no one is thinking it still works. (How many “The check is in the mail” jokes can you generate in 10 minutes?)

FL: Citizens Property Insurance didn’t get its mail, warns of fraud

July 6, 2010 by admin

Jeff Harrington reports:

Someone filled out a change-of-address form for Citizens Property Insurance. But it wasn’t Citizens.

Now the state-run insurer is warning policyholders that mail sent to its headquarters in late June, including payment checks, may have been fraudulently misdirected to a Hialeah apartment.

The insurer of last resort, which has more than 1 million policyholders, said U.S. Postal Service investigators and other agencies are working to figure out the scope of the fraud.


If you want to create a “Thought Police” you must first make certain the thoughts of the police are controlled. I'm sure we could find scenarios where access to each of these categories was essential to TSA's mission, but I also certain that Osama appreciates knowing where he can send messages without worrying about someone at TSA noticing...

TSA Internally Blocking Websites With 'Controversial Opinions'

Posted by Soulskill on Monday July 05, @04:10PM

"The Transportation Security Administration is blocking certain websites from the federal agency's computers, including halting access by staffers to any Internet pages that contain a 'controversial opinion,' according to an internal email obtained by CBS News. The new rules came into force on July 1, and prevent TSA employees from accessing such content, though what is deemed 'controversial opinion' is not explained."

[From the CBS News article:

The categories include:

• Chat/Messaging

• Controversial opinion

• Criminal activity

• Extreme violence (including cartoon violence) and gruesome content

• Gaming

(Related) What Oil Spill? Another attribute of Big Brother: He never does anything evil where innocent eyes can watch. Perhaps they are soaking up the oil with baby pelicans? Perhaps they are pumping oil from the booms rather than sucking it up? Enquiring minds want to know...

Ban On Photographing Near Gulf Oil Booms

Posted by kdawson on Monday July 05, @11:55PM

"The day before yesterday CNN's Anderson Cooper reported that, from now on, there is a new rule in effect, which de facto bars photographers from coming within 65 feet of any deployed boom or response vessel around Deepwater Horizon (official announcement). The rule, announced by the US Coast Guard, forbids 'photographers and reporters and anyone else from coming within 65 feet of any response vessel or booms out on the water or on beaches. In order to get closer, you have to get direct permission from the Coast Guard captain of the Port of New Orleans,' while 'violators could face a fine of $40,000 and Class D felony charges. What's even more extraordinary is that the Coast Guard tried to make the exclusion zone 300 feet, before scaling it back to 65 feet.'"

Read below for the Coast Guard's statement on the new rule.

"The Coast Guard Captain of the Port of New Orleans has delegated authority to the Coast Guard Incident Commander in Houma to allow access to the safety zones placed around all Deepwater Horizon booming operations in Southeast Louisiana. The Coast Guard Incident Commander will ensure the safety of the members and equipment of the response before access is granted. The safety zone has been put in place to prevent vandalism to boom and to protect the members and equipment of the response effort by limiting access to, and through, deployed protective boom."

“We've got plenty of lawyers. What we don't have is a budget to fix our ATMs!”

ATM Vendors Threaten, Stop Research Presentation

Posted by Soulskill on Monday July 05, @01:41PM

"A presentation about 'The Underground Economy,' by Italian white hat hacker and security expert Raoul Chiesa, was replaced at the last minute during last week's Hack In The Box conference. The reason behind this cancellation was that Chiesa received legal pressure from ATM vendors over the fact that the originally scheduled presentation covers details of various techniques and exploits of vulnerabilities that cyber criminals use to break into ATMs — flaws that have been known for a long time."

Never challenge a hacker! One thing a Security Geek should not be is arrogant. What else has this guy screwed up?

Employees Challenged To Crack Facebook Security, Succeed

Apparently Facebook noticed the slap down that the FTC gave Twitter in June because it “failed to prevent unauthorized administrative control of its system.” Shortly afterwards one of the senior engineers at Facebook responsible for SRE (site reliability engineering) challenged Facebook employees to try to compromise him and gain access to Facebook’s administrative system via information obtained from him.

They succeeded.

It’s absolutely a smart thing for Facebook to do this, and other companies should too. But if a security engineer at Facebook was compromised, even though he knew it was coming, imagine how trivial it would be for other people to get hit, too.

“We don't bother to check legalities, we leave that to our entry level computer geeks.”

Many companies distributing open source software don't know it

Too many companies have no idea that they're distributing open source software and therefore violating the GPL, a survey by OpenLogic found.

“Ignorance of the _____ is no excuse!” But is it criminal or a breach of contract?

Can terms of service turn you into a criminal?

If you live in the United States, a warning: you may want to read the terms of service of the websites you use a little more carefully. That's because a government prosecutor in New Jersey is pursuing criminal charges against the operators of a company that used an automated process to purchase event tickets on for resale.

The charges are being brought under the Computer Fraud and Abuse Act (CFAA), which was passed in 1986 with the purpose of cracking down on the unauthorized accessing of computers (read: hacking). In U.S. v. Lowson, the prosecutor seeks to extend the CFAA to cover the violation of the terms of service, which forbids individuals and companies from accessing the website in an automated fashion.

The Electronic Frontier Foundation (EFF), which filed an amicus brief in the matter, thinks this extension of the CFAA could have profound implications.

(Related) Some terms of service are self-defeating...

Paperless Tickets Flourish Despite 'Grandma Problem'

Posted by kdawson on Tuesday July 06, @08:17AM

"Is a concert ticket a piece of property that its holder has the right to buy and sell as he sees fit, or is it merely a seat-rental contract subject to restrictions determined by its issuer? The Washington Post reports that in an effort to thwart scalpers and dampen ticket reselling on the so-called secondary market, musicians as diverse as Bruce Springsteen, Miley Cyrus, and Metallica have adopted 'paperless ticketing' for some or all of the seats at their live shows. Ticket issuers Ticketmaster and Veritix tout paperless tickets as a way to eliminate worries about lost, stolen, or counterfeit tickets, and to banish long will-call lines. But paperless tickets aren't really tickets at all, but essentially personal seat reservations, secured electronically like airline tickets. Fans buy tickets with a credit card and must then go to the venue with the same credit card and a photo ID to gain admittance. The problem is that Ticketmaster's paperless tickets can't be transferred from a buyer to a second party. The inability to pass along a seat creates what has become known in the industry as the 'grandma problem': it's almost impossible for a grandma living at one end of the country to buy a paperless ticket to giver to a grandchild living at the other end. Without the ability to transfer virtual tickets, brokers and dealers fear being run out of business, and consumers have a harder time selling unwanted tickets. 'People should be free to give away or sell their tickets to whomever they want, whenever they want,' says Gary Adler, a Washington attorney who represents the National Association of Ticket Brokers. 'An open market is really best for consumers.'"

(Related) Can your terms of service be used against you?

Woot To The AP: Nice Story About Our Sale — You Now Owe Us $17.50

… Woot noticed that the AP covered the story of their sale five days ago. But in doing so, they also noticed that the AP used a number of quotes from CEO Matt Rutledge’s blog post about the sale. According to the AP’s own ridiculous rules for using quotations, Woot figures that the AP owes them $17.50.

(Completely unrelated) This is explained under the “You can't believe a thing I say” section... And this article falls under the Streisand Effect...

Copyright As Weapon In US Senate Campaign

Posted by timothy on Tuesday July 06, @09:05AM

"Sharron Angle, the Republican candidate for US Senate in Nevada, is using a copyright 'cease-and-desist' letter to stop her opponent, incumbent Harry Reid (currently majority leader in the US Senate), from reposting old versions of her campaign website. The old pages are politically sensitive because Angle campaigned from the far right in the primary, but is now toning that down for the general election."

As kfogel notes, the letter "also accuses the Reid campaign of intending to impersonate Angle's campaign, which seems doubtful, but who knows?

Best summation I've heard in a long while... Available as a eBook – see below!

Clay Shirky: 'Paywall will underperform – the numbers don't add up'

If you are reading this article on a printed copy of the Guardian, what you have in your hand will, just 15 years from now, look as archaic as a Western Union telegram does today. In less than 50 years, according to Clay Shirky, it won't exist at all. The reason, he says, is very simple, and very obvious: if you are 25 or younger, you're probably already reading this on your computer screen. "And to put it in one bleak sentence, no medium has ever survived the indifference of 25-year-olds."

I'm not an old fuddy-duddy, I'm a techno-historian (technology-reenactor?)

10 Technologies That Should Be Extinct (But Aren't)

1. The Telegraph

2. Typewriters

3. Fax Machines

4. Landline Telephones

5. Turntables

6. Cash Registers

7. Instant Cameras

8. Disc Drives

9. Cathode Ray Tubes

10. CB Radios

Great summary.

What Do the URL Domain Extensions Stand For and Why Are They Needed? [In Case You Were Wondering]

For my Computer Security class

8 Best Sources to Follow Computer Virus News and Alerts

Sure enough, my local library subscribes.

July 05, 2010

Internet Archive's Launches Digital Lending Library

"Checking out digital versions of books that are automatically returned after two weeks is as easy as logging onto the Internet Archive’s Open Library site, announced digital librarian and Internet Archive founder Brewster Kahle. By integrating this new service, more than seventy thousand current books – best sellers and popular titles – are borrowable by patrons of libraries that subscribe to's Digital Library Reserve. Additionally, many other books that are not commercially available but are still of interest to library patrons, are available to be borrowed from participating libraries using the same digital technology. According to Kahle, "Digital technologies promise increased access to both old and new books. The Internet Archive, through its site, is thrilled to be adding the capacity to lend newer books over the internet, in addition to continuing to provide the public with all access, free downloadable older materials.” He added, "We expect the number of books in the digital lending library to grow annually."

Currently, is making available:

  • More than one million digital versions of older books are now available for free download in a variety of formats.

  • Over 70,000 current digital books to those with a library card from many of the over 11,000 libraries that subscribe to the OverDrive service.

  • Genealogical books from the Boston Public Library.

  • How-to and technical book collection via the Internet Archive.

  • Marine life reference materials from the Marine Biological Laboratory and Woods Hole Oceanographic Institution in Woods Hole, Massachusetts.

  • Spanish texts from Universidad Francisco MarroquĂ­n in Guatemala.

Useful little tool..

How To Create Your Own Hosted Online Survey With LimeSurvey

For the Swiss Army Toolkit. (Seriously, I have a Bookmark folder named 'Swiss Army') - Converting Files Of Every Type

Online Converter will let you do exactly what its name implies: take a file (any kind of file) and have it converted into a different format.

You can convert audio, videos, images, documents, ebooks and hashes by merely clicking on the corresponding drop-down menus and picking the desired output files.

Using this service does not require you to download or install any kind of software. There is no need to set up or configure anything either. And there are no fees to be paid.