Saturday, July 24, 2010

Why free speech is necessary? An indication that Queen Victoria still rules the mind of her subjects?

Australian Enterprises Block Sex Party's Political Site

Posted by timothy on Saturday July 24, @05:57AM

"Corporate web filters in some organizations are blocking web access to the Australian Sex Party, which is a registered political party that is contesting Australia's upcoming August 21 Federal Election. The site features policies and campaign material, including opposition to the Government's mandatory internet filtering proposal. Party convener Fiona Patten said that although the term 'sex' in the party's website URL could be responsible for its filtering woes, the party is unlikely to consider a name change: 'I think the fact that people are still blocking our site just because of the word "sex" in the name shows that we need this political movement.'"

If Wal-mart used RFID can the rest of the world be far behind?

Wal-Mart to use RFID tags to track clothing

July 23, 2010 by Dissent

Miguel Bustillo of the Wall Street Journal reports that Wal-Mart is about to expand its use of RFID tags to track clothing:

Starting next month, the retailer will place removable “smart tags” on individual garments that can be read by a hand-held scanner. Wal-Mart workers will be able to quickly learn, for instance, which size of Wrangler jeans is missing, with the aim of ensuring shelves are optimally stocked and inventory tightly watched. If successful, the radio-frequency ID tags will be rolled out on other products at Wal-Mart’s more than 3,750 U.S. stores.

Bustillo discusses the potential privacy concerns about the use of such tags on clothing. Dennis Kneale of CNBC Tech Check, however, poo-poos the privacy concerns and derides what he calls the “privacy police.”

Think of this as preparation for the military's version of Behavioral Advertising analysis – you only get a missile if it looks like you really want one.

Air Force Wants Drones to Sense Other Planes’ ‘Intent’

This shows how difficult it is to “prove your innocence” How can you tell by looking at a document if it is copyright free, copyright expired, copyrighted but sharable, or has been licensed?

Study Finds 0.3% of BitTorrent Files Definitely Legal

Posted by timothy on Saturday July 24, @12:08AM

"It's common knowledge [Translation: The RIAA's assertion Bob] that the majority of files distributed over BitTorrent violate copyright, though the exact percentage is unclear. The Internet Commerce Security Laboratory of the University of Ballarat in Australia has conducted a study and found that 89% of files examined were in fact infringing, while most of the remaining 11% were ambiguous but likely to be infringing. Ars Technica summarizes the study: 'The total sample consisted of 1,000 torrent files—a random selection from the most active seeded files on the trackers they used. Each file was manually checked to see whether it was being legally distributed. Only three cases—0.3 percent of the files—were determined to be definitely not infringing, while 890 files were confirmed to be illegal. ' The study brings with it some other interesting statistics; out of the 1,000 files, 91 were pornographic, [Less than 10%? Impossible! Bob] and approximately 4% of torrents were responsible for 80% of seeders. Music, movies and TV shows constituted the three largest categories of shared materials, and among those, zero legal files were found."

[From the article:

"[M]any files were tagged as amateur (suggesting no copyright infringement) but further inspection revealed that they were in fact infringing," wrote the researchers.

[Princeton did a similar study with similar results:

For my Statistics students. When to ask Dad for money?

July 23, 2010

Pulse of the Nation: U.S. Mood Throughout the Day inferred from Twitter

Pulse of the Nation: U.S. Mood Throughout the Day inferred from Twitter, by Alan Mislove, Sune Lehmann, Yong-Yeol Ahn, Jukka-Pekka Onnela, J. Niels Rosenquist - researchers from Northeastern University and Harvard University, studying the characteristics and dynamics of Twitter.

For those times when you absolutely, positively need to rot your brain.

Clicker Adds Mobile Apps, Social Sharing, And Check-Ins To TV Guide For Online Video

We’re big fans of Clicker, a comprehensive search engine for TV content on the web. Clicker, which made its debut at TechCrunch50 last fall, indexes over 650,000 full length TV episodes spanning 10,000 shows The startup also recently started indexing live programming on the web. Today, the startup is taking its online video guide to the next level with launch of Clicker Social, which allows people to discover, share, rate, discuss, and check-in to shows on Clicker and third party partner sites, and Clicker Mobile, which allows users to access Clicker’s service through free Android and iPhone apps.

About time they updated this interface. Really opens up another major search tool.

4 New Cool Improvements Of Google Image Search

This update added many new features that make Image Search quicker and easier to use. Some of the new features are obvious, but some are a bit under-the-hood, so you may not realize that they’re there unless you go looking.

Improved Tile Interface

The first new feature you’ll notice when you use Google Image Search is that revamped tile layout that is used to display images.

Better Image View Pane

Clicking on a thumbnail now loads a full size version of the photo instantly in the foreground.

Better Keyboard Integration

New Search Methods

For example, you can now search for individual images based on color. Let’s say you want to find red bicycles. On the left side of Image Search there is a color palette. If you select red and then search for bicycles you will only receive images of red bicycles.

Other search functions, like the ability to search only for faces, photos, clip art or line drawings, remain.

Because you can never have enough research tools... - Find & Download PDFs is a new search engine that will give you the chance to download not only PDFs but also MS Word documents and data sheets of every type, along with various other documents. The site can be used entirely at no cost, and the database is constituted by .pdf and .doc files that come from all over the Internet - resources such as blogs, forums and bulletin board systems are extensively crawled. This database is regularly checked for file validity, too.

PDFs have long been the preferred format for manuals and guides, but they are also extensively used when it comes to journals and (of course) scanned books. There are so many PDFs available (and so many are surface every day) that having a site like HQPdf at hand is nothing short of vital.

Tools to augment tools – you gotta love it. (Some of my students report other instructors refuse to allow them to cite Wikipedia. How 1990s... )

The 7 Coolest Wikipedia Plugins for Your Browser

Wikipedia is one of the foremost sources of information online and there is no limit to how the site can be used for both research and for contributing information. Regardless of what your browser of choice is, you’re bound to find a plugin that will enhance your Wikipedia experience, making it easier to search through the website’s endless wealth of information.

[I particularly like:


Googlepedia integrates Wikipedia search directly into Google dividing your search page into two columns. The first column contains the original google results, while in the second, the relevant Wikipedia article is displayed.

Friday, July 23, 2010

Locals can fail just as easily as any one else.

Colorado agency notifies 105,470 clients of stolen hard drive

July 22, 2010 by admin

The Colorado Department of Health Care Policy & Financing is notifying 105,470 clients receiving state-provided health insurance that a stolen hard drive contained some of their personal information. A statement on the agency’s web site does not provide much detail and simply says:

State officials discovered that there was an unauthorized removal of a computer hard drive housed at the Office of Information Technology (OIT).

The information did NOT include addresses, dates of birth, social security numbers or any other financial information that could be used for identity theft. It included name, state ID number and the name of the client’s program.

Approximately 111,000 clients, or one-fifth of those receiving public health insurance, will receive notification by first-class mail, as required by HIPAA.

Please email your questions to or call us at 1-866-668-2656 (toll-free) or 303-866-4431.

We take client privacy very seriously [but not to the point of actually encrypting the data. Bob] and are doing everything we can to recover the missing hard drive. To support our efforts, the Colorado Bureau of Investigation is conducting a criminal investigation based on our request.

...and I thought the solution would be heavenly.

NZ: Hell – The Right Approach to a Data Breach

July 23, 2010 by admin

BarneyC writes:

There are any number of approaches to data breaches in business today. Whilst regulation is ever trying to get to the point where notification of breach is mandatory there are still plenty of businesses out there who will go to all sorts of lengths to sweep things under the carpet rather than own up.

Not so Hell – a truly rocking pizza company in New Zealand. Certainly no stranger to controversy – some of their marketing campaigns have been widely criticised, Hell seems to be taking the bull-by-the-horns and going all out to keep people happy.

Today I received an email from them…

Dear Valued Hell Customer,

We have been approached by a party claiming to be in possession of customer details from the previous Hell website which is no longer in operation. The samples that we received included details of four customers from 2006, including phone numbers and email addresses and order information. We can confirm that credit card data was not at risk as this is held independently on a secure banking website. [Shouldn't everyone do it this way? Bob]

Read more on Exponere.

See? It is possible to alert people to a breach or security problem and wind up with the customer feeling pleased with how the company handles things.

I'm no geneticist, but I'm pretty certain you can't breed a Horse and a dOG to make a HOG...

Iowa Department of Agriculture and Land Stewardship Database Potentially Compromised

July 22, 2010 by admin

From the agency’s web site, dated today:

A computer and protective case has been stolen from a locked state vehicle of an Iowa Department of Agriculture and Land Stewardship employee. This theft has placed at risk the personal information of Iowans that are participating in the Department’s Horse and Dog Breeding Program. Through this program the Department provides financial awards to breeders of successful Iowa born racing greyhounds and racehorses at the close of each racing season.

On Thursday, July 22, the state vehicle used by an employee of the Department’s Horse and Dog Breeding Program was broken into in the State of Iowa parking ramp at the corner of Grand Avenue and Pennsylvania in Des Moines. While the computer did have an encryption protection, there is concern that unauthorized access could be gained [Suggesting that the encryption was optional? Bob] to the names, address, phone number and social security number of 3,404 Iowans who participate in the Iowa Horse and Dog Breeding Program.

As a result of this security breach, the Department is encouraging potentially affected Iowans to place a fraud victim alert on your credit report by contacting the following credit reporting companies. A letter will be mailed tomorrow to all those potentially affected.

Via The Des Moines Register.

Although it’s disturbing that once again, a device containing personal information has been stolen from a vehicle, it is noteworthy that we seem to be seeing more prompt and timely disclosures of breaches.

(Related) It's never hard to find shocking statistics of Computer Security failures.

UK: MoD loses a staggering 340 laptop computers in TWO YEARS…and most of them were not encrypted

July 22, 2010 by admin

The Ministry of Defence has lost or had stolen 340 laptops worth more than £600,000 in the last two years, figures reveal today.

A total of 593 CDs, DVDs and floppy disks, 215 USB memory sticks, 96 removable hard disk drives and 13 mobile phones have also disappeared from the department since the release of a scathing report into MoD data losses. [Scathing perhaps, but not enough to motivate anyone to take action? Bob]

Only one in five of the hi-tech devices that disappeared was encrypted, leading security experts to criticise the ‘cavalier attitude’ to the protection of data.

Read more in the Daily Mail, where they print the results of the full survey. The survey results generally do not indicate how many devices contained personally identifiable information, but this entry caught my eye, as I don’t remember any media reports involving this agency:

Foreign and Commonwealth Office – six official laptops containing personal data.

The argument behind Behavioral Advertising? Isn't that the rapist's argument too?

Interview With Tim O’Reilly on Reasons to Give up Some Privacy

July 22, 2010 by Dissent

Marshall Kirkpatrick writes:

This Spring, Tim O’Reilly was surprised to find himself defending Facebook’s changes to its privacy policy. “There’s enormous advantage for users in giving up some privacy online and [so] we need to be exploring the boundary conditions,” the founder of O’Reilly Media and international technology thought leader wrote. “It’s easy to say that this should always be the user’s choice, but entrepreneurs from Steve Jobs to Mark Zuckerberg are in the business of discovering things that users don’t already know that they will want, and sometimes we only find the right balance by pushing too far, and then recovering.”

That’s an interesting argument when it comes to consumer products and innovation, but I got to sit down with O’Reilly on the first day of his big OSCON conference yesterday and talk about privacy in a different context: health care, government, global cultural change and a crisis of crises.

Read the interview on ReadWriteWeb. Via LawandLit

(Related) Does this mean we are becoming more concerned about our privacy or merely that we are more aware of the lack of privacy?

2010 Privacy Trust Study of the United States Government

July 22, 2010 by Dissent

A new study conducted by Ponemon, “2010 Privacy Trust Study of the United States Government,” reveals that Americans have less trust in the government’s commitment to protect our privacy than we did when the survey was conducted in 2004. Privacy trust declined from an average of 52% in 2005 to 38% in 2009. The survey was released June 30 and asked participants to rate specific governmental agencies:

Our list of top performing government organizations remains relatively consistent from 2009 with one notable exception – that is, the U.S. Census Bureau dropped from an average PTS [Privacy Trust Score] of 78 percent last year to 39 percent in 2010. The U.S. Postal Service once again earns top honors with a PTS of 87 percent. Albeit small declines from 2009, the Federal Trade Commission and the Internal Revenue Service earn second and third place, respectively.

Noteworthy is which agencies we don’t feel are committed to protect our privacy:

[Graphic omitted. Bob]

Read the entire survey here, courtesy of Federal Computer Week.

(Related) You can trust the government to give you the supporting facts...

Report: Political Appointees Vetted DHS Public Records Requests

The political appointees were allowed to vet records requests that were deemed politically sensitive and require career employees to provide them with information about who requested records — for example, where the requester lived and worked, whether the requester was a private citizen or journalist and, in the case of congressional representatives, whether they were Republican or Democrat.

This translates pretty well from the Canadian...

Ca: PIPEDA for Business

July 22, 2010 by Dissent

The Office of the Privacy Commissioner of Canada has created a new video for small businesses and organizations, “PIPEDA for Business: What You Need to Know About Protecting Your Customers’ Privacy.” You can view it on the OPC’s web site or on YouTube.

Being a true cynic, I wonder how long this has been going on before someone noticed? Lots of indications that IT was not working for the hospital – they were just playing with their computers.

Patient treatment stopped due to faulty IT

By Dissent, July 22, 2010 6:52 am

A somewhat scary story out of Sweden. We want a facility’s IT department to routinely scan for viruses and security issues, but not in the middle of a procedure:

Doctors were forced to suspend treatment of a patient with a heart condition when the hospital’s IT department suddenly took control of a medical computer, the National Board of Health and Welfare (Socialstyrelsen) reported on Friday.

The incident has prompted Skåne Regional Council (Region Skåne) to change its routines [Note that this had been the routine procedure! Bob] regarding computers for medical treatments.

In January 2009, a patient who had an irregular heartbeat was connected to a medical treatment computer with electrodes. During a discussion with the patient, the council’s IT department suddenly took over the computer by remote control without warning.

The computer was not labelled as a medical computer, [Who made that decision? Bob] but a council one. Medical-labelled computers cannot be taken over by remote control with (sic) prior approval from the user.

After an investigation, it was revealed that the computer had been replaced in the summer of 2008. The previous computer had been marked as a medical computer and despite protests, the new computer, which had administrative privileges from the council IT department, was designated as a council one.

Read more in The Local (Se).

(Related) “...never do harm to anyone.” Hippocrates

SFLC Wants To Avoid Death by Code

Posted by timothy on Thursday July 22, @07:37PM

"The Software Freedom Law Center has released some independent research on the safety of software close to our hearts, that inside of implantable medical devices like pacemakers and insulin pumps. It turns out that nobody is minding the store at the regulatory level and patients and doctors are blocked from examining the source code keeping them alive. From the article: 'The Food and Drug Administration (FDA) is responsible for evaluating the risks of new devices and monitoring the safety and efficacy of those currently on market. However, the agency is unlikely to scrutinize the software operating on devices during any phase of the regulatory process unless a model that has already been surgically implanted repeatedly malfunctions or is recalled. ... Despite the crucial importance of these devices and the absence of comprehensive federal oversight, medical device software is considered the exclusive property of its manufacturers, meaning neither patients nor their doctors are permitted to access their IMD's source code or test its security.'"

For my Ethical Hackers. Probably not the best way to defend yourself.

Town official doubly insulted by spyware allegation

On June 21, Mr. Garieri said at a selectmen's meeting his "IT guy" (which, he said, this week is the same person who hooked up his printer) picked up spyware attached to e-mails sent by Mr. Creamer. Given Mr. Creamer's "prior employment history" of making others' "personal information available," Mr. Garieri said, he felt it necessary to block all of Mr. Creamer's incoming e-mails.

The story describes Creamer as having been "a consultant" to the U.S. Department of Justice, but for purposes of this post we will leap to the entirely unsupported assumption that he was (if not still is) a full-blown government spook. Because not only does Creamer categorically deny sending any spyware, he contends that the mere fact Garieri's "IT guy" suspects him of doing so is proof he did not because -- are you following me here? -- if he had he would have left no fingerprints; he's that good. you no longer need to surrender the soul of your first-born.

Court: Violating Terms of Service Is Not a Crime, But Bypassing Technical Barriers Might Be

July 22, 2010 by Dissent

Marcia Hofmann writes:

Good news: another federal judge has ruled that violating a website terms of service is not a crime. But there’s bad news, too — the court also found that bypassing technical or code-based barriers intended to limit access to or uses of a website may violate California’s computer crime law.

The decision comes in Facebook v. Power Ventures, a case in which Facebook is suing a company that offers a tool for users to access and aggregate their personal information across social networking sites. Because Facebook’s terms of service don’t allow users to access their information through “automated means,” Facebook claimed that Power accesses its service “without permission” in violation of California Penal Code Section 502. Facebook has also argued that Power broke the law by evading Facebook’s effort to block the Power browser’s IP address, which was meant to try to keep users from accessing their Facebook accounts though the Power website.

Read more on EFF.

For my Ethical Hackers What did you know and when did you know it?

Microsoft Makes Major Shift In Disclosure Policy

Posted by timothy on Thursday July 22, @03:02PM

"Microsoft is changing the way in which it handles vulnerability disclosures, now moving to a model it calls coordinated vulnerability disclosure, in which the researcher and the vendor work together to verify a vulnerability and allow ample time for a patch. However, the new philosophy also recognizes that if there are attacks already happening, it may be necessary to release details of the flaw even before a patch is ready. The new CVD strategy relies on researchers to report vulnerabilities either directly to a vendor or to a trusted third party, such as a CERT-CC, who will then report it to the vendor. The finder and the vendor would then try to agree on a disclosure timeline and work from there."

Here's Microsoft's announcement of the new strategy.

For my Ethical Hackers and others... Lots of useful forensic features.

6 Cool IrfanView Plugins To Enhance This Simple Image Editor

IrfanView is a compact graphic viewer for Windows. It’s small, fast, and offers an incredible amount of features. Best of all, it’s freeware.

Per default, IrfanView comes with some basic features, including multi-language support, a large number of supported file formats, paint options, slideshow capability, batch conversion, and a lot more. The application can be enhanced further by installing a myriad of IranView plugins.

SLIDESHOW: Save Slideshows As An .exe or .scr file

EXIF: View Exif Data From JPGs Exchangeable Image File Format (Exif) data provide information about the camera settings used to take the respective picture. The EXIF plugin makes this information viewable for JPG images.

MPG: Extract Frames From MPEG Files

OCR_KADMOS: Adds OCR Features OCR_Kadmos is an optical character recognition (OCR) component for IrfanView. It will recognize and extract text from loaded images.

We have previously written about IrfanView:

Facebook Infographic

'cause no one takes the time to read the whole thing?

Open Source OCR That Makes Searchable PDFs

Posted by timothy on Thursday July 22, @03:21PM

"In my job all of our multifunction copiers scan to PDF but many of our users want and expect those PDFs to be text searchable. I looked around for software that would create text searchable pdfs but most are very expensive and I couldn't find any that were open source (free). I did find some open source packages like CuneiForm and Exactimage that could in theory do the job, but they were hard to install and difficult to set up and use over a network. Then I stumbled upon WatchOCR. This is a Live CD distro that can easily create a server on your network that provides an OCR service using watched folders. Now all my scanners scan to a watched folder, WatchOCR picks up those files and OCRs them, and then spits them out into another folder. It uses CuneiForm and ExactImage but it is all configured and ready to deploy. It can even be remotely managed via the Web interface. Hope this proves helpful to someone else who has this same situation."

(Related) Tools & Techniques

How To Convert A PDF File Into A Flash Movie

The Adobe PDF format is one of the most common document formats in the world today. It is versatile, portable, and allows for the creation of professional looking digital documents. MakeUseOf has an entire section devoted to PDF guides. E-books are also often distributed in PDF format.

However, while PDF is extremely common, it isn’t universal. There are some devices, such as some MP3 players, that don’t support PDF files. It is also not possible to view PDF files on a computer unless you download and install the PDF viewer software. Usually you’ll do this on your own computer, but you may not be able to on a public computer.

If you are in a situation where you’re using a device that can’t open PDF files, you can try to work around the problem with a tool that convert the PDF to a SWF (Shockwave Flash) file. Flash files can be opened by any web browser that has Flash installed and many portable devices. To do the conversion however, you’ll need to use conversion software such as PDF2SWF, one of the many tools made available by SWFTools.

Thursday, July 22, 2010

I'm seeking legal advice. Should I tell my students it is ethical to steal customer data if you can sell it to the government? Is it ethical to solicit bids from various governments for a 'steal to order' hack? Does anyone know of a lawyer who would contact everyone on my CD to see if they can make a bigger counter-offer?

New CD on German tax dodgers surfaces

July 22, 2010 by admin

Another CD packed with evidence of German tax evasion on money totalling €500 million has been spirited out of a bank in Liechtenstein and is being offered to investigators, media reported Thursday.

The data was offered to tax authorities in the northern state of Schleswig-Holstein months ago. The CD contains details of hundreds of Germans suspected of hiding taxable money in accounts at the Liechtensteinische Landesbank (LLB), daily Süddeutsche Zeitung reported.

Read more in The Local (De).

I'm not sure what he's talking about. Seems light on facts. Can't they do this now?

New “reform” law destroys financial privacy

July 21, 2010 by Dissent

Bob Barr writes:

Hallelujia! We’ll now have another “Reform!” law — this one designed to “reform” our “financial services” industry to prevent any further meltdowns such as that which struck in 2008 and continues to cripple segments of our economy two years later. The president himself could hardly contain his hyperbole in describing the legislation he is today set to sign into law; he calls it “innovative” and “creative.” Yet, lurking within its hundreds of pages of fine print, are provisions that will essentially destroy what little financial privacy remains for virtually every consumer of financial services in the country. In that respect, yes, the legislation certainly is ”creative”; but that is one kind of creativity we can do without.

But it’s really too late. Thanks to this financial services “reform” law, federal bureaucrats will have ready access to virtually every financial transaction that will take place in the country — from the largest bank acquisition to the smallest ATM withdrawal. The guise under which federal regulators will be able to gather and data-base such detailed financial transaction information will be the responsibility given them in this new law to ensure that every “financial product or service” is “fair, transparent and competitive.”

Read more on The Barr Code.

Maybe it's not too smart to provide ammunition to talented communicators... A follow-up video from the guy Best Buy fired. (Strong language)

Fired Because Of Twitter [Video]

You’ve likely seen the EVO 4G vs. iPhone video. Maybe you’ve seen the follow up. And maybe you’ve read the story about how these videos almost got the guy who made them fired from his job at Best Buy. Well, he’s back with another video. And it’s good.

TweetFired is the story of Peter, a man who gets in trouble with his job because of the tweets he posts.

… When Peter asks how his boss even found the tweets, his boss replies: “I simply cross-referenced your interests on Facebook, checked your favorite hobbies on MySpace, researched your work history on LinkedIn, read your personal diary on Xanga, and then broke into your house in the middle of the night and videotaped you and your wife making love.

Have these scanners actually detected any threats? You'd think it would have been news-worthy if they had.

July 21, 2010

DHS Announces Dramatic Expansion of Airport Body Scanner Program

Follow up to previous postings on government implementation of whole body scanning technology at airports, via EPIC: "On July 20, 2010, the Department of Homeland Security announced a substantial change in the deployment of body scanners in US airports. According to the DHS Secretary, the devices, which had once been part of a pilot program for secondary screening, will now be deployed in 28 additional airports. The devices are designed to capture and store photographic images of naked air travelers. EPIC has filed an emergency motion in federal court, urging the suspension of the program and citing violations of several federal statutes and the Fourth Amendment. Public opposition to the program is also growing."

There are so many things I could say that I'm tongue tied.

Playboy Launches Safe For Work Website

Posted by samzenpus on Wednesday July 21, @02:33PM

If you're one of the three people in the world who actually reads Playboy for the articles, today is your lucky day. Every young boy's favorite magazine to find in their uncle's closet has launched a "safe for work" website. From the article: " will contain none of the nudity that makes NSFW — not suitable for work. Instead, it'll rely on humor to reach Playboy's target audience, men 25 to 34 years old, when they are most likely to be in front of a computer screen."

[From the article:

``A lot of our audience logs on (to after work and we saw that we were missing a golden opportunity to reach guys when they're online the most: when they're sitting at their desk, not working, sending e-mails to their friends,'' said Jimmy Jellinek, Playboy's editorial director.

(Related) Perhaps computers are melting our brains.

World of Warcraft Can Boost Your Career

Posted by samzenpus on Thursday July 22, @01:31AM

"Forbes reports that although videogames have long been thought of as distractions to work and education rather than aids, there is a growing school of thought that says game-playing in moderation, and in your free time, can make you more successful in your career. 'We're finding that the younger people coming into the teams who have had experience playing online games are the highest-level performers because they are constantly motivated to seek out the next challenge and grab on to performance metrics,' says John Hagel III, co-chairman of a tech-oriented strategy center for Deloitte. Elliot Noss, chief executive of domain name provider Tucows, spends six to seven hours a week playing online games and believes World of Warcraft trains him to become a better leader."

Interesting choices. Not sure I'd include Twitter, but the citation add-on and the mind-mapping tool are definitely useful.

GradeGuru’s Top Ten Student Tools for 2010

After monitoring digital trends in student technology and tools for some time, GradeGuru, a McGraw-Hill Education startup has worked out which tools are the most useful for students.

1. Skype

2. Google Docs

3. Twitter

4. GradeGuru Citation Manager is a free Firefox Add-on and Javascript bookmarklet which allows you to highlight text, click on the bookmarklet and automatically collect all of the citation data for your quote. Later you can easily paste it into your assignments using APA or MLA format.

5. Chegg is an American textbook rental company.

6. Studyrails is primarily a student planner, offering very handy services for a small monthly fee.

7. Study Tracker is an iPad app designed by Grade Guru. It’s a brilliantly simple idea: Students enter their study time and their grades. This allows students to evaluate the time spent versus grade outcome and decide how their time is best allocated.

Editor’s note: At the time of writing, this app hasn’t been launched. As soon as its on the iTunes Store, we’ll link to it.

8. Mindmeister is a fantastic mind-mapping tool which allows you to work online, offline and in groups in real time. It’s even available as an iPhone app!

9. Quizlet is a really easy-to-use online flashcard tool.

10. Design Your Dorm is targetted at American students, making it very easy to set the room size according to American schools, shop for furniture from American stores, plan your room, collaborate with room-mates and even get those goods delivered directly to your school.

And a few more

I’d personally also add Netvibes and Delicious to this list, because my studies would have been far more difficult without them.

You might also be keen to check out other MakeUseOf Study Tools, including:

Wednesday, July 21, 2010

A local faux pas?

Search warrant for computers was clearly invalid because of lack of crime or particularity in search warrant

July 21, 2010 by Dissent

In a Colorado criminal libel investigation against a college student’s website, the ADA issued a search warrant for the student’s house and his computers were seized. The DA’s office later refused to file a case against him, likely because the website was clearly protected speech. The search warrant violated the Fourth Amendment for lack of a discernable crime and any showing of particularity. Mink v. Knox, 08-1250 (10th Cir. July 19, 2010).


The warrant authorized the search and seizure of all computer and noncomputer equipment and written materials in Mr. Mink’s house, without any mention of any particular crime to which they might be related, essentially authorizing a “general exploratory rummaging” [Neat phrase. Bob] through Mr. Mink’s belongings for any unspecified “criminal offense.”


A swarm of articles about our favorite uneducated (In matters of privacy) educators. Surely they'll eventually figure this out? Some articles suggest policy is already in place, others that nothing has changes. Some mentioned “Written authorization” from both student and parents. What happened to clear reporting in Philadelphia? Perhaps I need to find a student blog or Facebook page to learn the facts?

Sued Pa. District Weighs New Laptop Security Plan

Under the proposed rules, a student would have to acknowledge remote access to the laptop by school staff. And the student and parent or guardian would have to approve the use of tracking software to recover a missing computer.

Every student should be in a class...

LM lawyers argue against class certification

“Class certification is unnecessary and unwarranted,” the filing reads. “The pending equitable claims can be fully resolved simply by making permanent the interim relief that the Court has already entered, and that the District has already put into effect in any event.”

I can see a few circumstances where videotapers would be “interfering” (blocking access) and others where they could be in danger (following officers into a suspects home) but in general this isn't the modern equivalent of gawking?

Growing Number of Prosecutions for Videotaping the Police

July 20, 2010 by Dissent

Ray Sanchez reports on a case reported previously on as well as other similar cases where people have been arrested for videotaping police in the performance of their public duties:

…. Arrests such as Graber’s are becoming more common along with the proliferation of portable video cameras and cell-phone recorders. Videos of alleged police misconduct have become hot items on the Internet. YouTube still features Graber’s encounter along with numerous other witness videos. “The message is clearly, ‘Don’t criticize the police,’” said David Rocah, an attorney for the American Civil Liberties Union of Maryland who is part of Graber’s defense team. “With these charges, anyone who would even think to record the police is now justifiably in fear that they will also be criminally charged.”

Carlos Miller, a Miami journalist who runs the blog “Photography Is Not a Crime,” said he has documented about 10 arrests since he started keeping track in 2007. Miller himself has been arrested twice for photographing the police. He won one case on appeal, he said, while the other was thrown out after the officer twice failed to appear in court.

Read more on ABC.

Until “can be improved” changes to “has been improved” I think I'll pass.

July 20, 2010

Modernized e-File Will Enhance Processing of Electronically Filed Individual Tax Returns - Security Issues Remain

Treasury Inspector General for Tax Administration - Modernized e-File Will Enhance Processing of Electronically Filed Individual Tax Returns, but System Development and Security Need Improvement, May 26, 2010, Reference Number: 2010-20-041

  • "The Modernized e-File Project’s (MeF) goal is to replace the Internal Revenue Service’s (IRS) current tax return filing technology with a modernized, Internet-based electronic filing platform. This will allow more individual taxpayers to take advantage of the benefits of electronic filing, while streamlining the IRS’ filing processes and reducing the costs associated with paper tax returns. The IRS’ management of the Project’s risks, requirements, and security can be improved to ensure the capabilities expected and approved to be deployed are appropriately implemented

Update: Interesting. I can not imagine why changing the password would have any impact on how the software controls machines. Perhaps this isn't the only problem? Or it may be an indication of how stupid they believe their customers are...

Siemens warns Stuxnet targets of password risk

Siemens has advised its customers not to change the default passwords hard-coded into its WinCC Scada product, even though the Stuxnet malware that exploits the critical infrastructure systems software is circulating in the wild.

Changing the passwords could affect the operations of critical infrastructure organizations such as utilities companies and electricity suppliers, according to Siemens.

"We will be publishing customer guidance shortly, but it won't include advice to change default settings as that could impact plant operations," said Siemens spokesman Michael Krampe in a statement on Monday.

It may soon be possible for my Computer Security students to earn a living as independent “Bug Hunters.”

Google Up Ante For Disclosure Rules, Increases Bug Bounty

Posted by kdawson on Tuesday July 20, @11:03PM

"In a recent post by seven members of their security team, Google lashed out against the current standards of responsible disclosure, and implicitly backed the recent actions of Tavis Ormandy (who is listed as one of the authors). The company said it believed 60 days should be an 'upper bound' for fixing critical vulnerabilities, and asked to to be held to the same standard by external researchers. In another, nearly simultaneous post to the Chromium blog, Google also announced they are raising the security reward for Chrome vulnerabilities to $3133.7, apparently in response to Mozilla's recent action."

If you find the current offerings onerous, create your own ISP. Could we do this here in the land of the free?

Swedish Pirate Party Launches ISP

Posted by kdawson on Tuesday July 20, @04:41PM

"Torrentfreak is reporting that the Swedish Pirate Party has launched an ISP. Starting with 100 residents in a housing organization in the city of Lund, Pirate ISP hopes to gain 5% of the market in Lund before spreading to other markets. Headed by longtime Pirate Party member Gustav Nipe (video interview in English), the company aims to provide Internet service with the sort of guarantees one would expect from the Pirate Party. Most notable are the promises to keep no logs of subscriber activity and thus to provide no data to law enforcement or private corporations."

(Related) Strangely, it was the US trying to impose our laws overseas that pushed PirateBay...

US Senate Passes 'Libel Tourism' Bill

Posted by kdawson on Wednesday July 21, @08:20AM

"AFP reports that the US Senate has passed (by a 'unanimous consent' voice vote) a bill that prevents US federal courts from recognizing or enforcing a foreign judgment for defamation that is inconsistent with the First Amendment to the US Constitution, which guarantees freedom of speech. If the bill becomes law it will shield US journalists, authors, and publishers from 'libel tourists' who file suit in countries where they expect to get the most favorable ruling. 'While we cannot legislate changes to foreign law that are chilling protected speech in our country, we can ensure that our courts do not become a tool to uphold foreign libel judgments that undermine American First Amendment or due process rights,' said Senate Judiciary Committee chairman Patrick Leahy. Backers of the bill have cited England, Brazil, Australia, Indonesia, and Singapore as places where weak libel safeguards attract lawsuits that unfairly harm US journalists, writers, and publishers. The popular legislation is headed to the House of Representatives, which is expected to approve it. 'This bill is a needed first step to ensure that weak free-speech protections and abusive legal practices in foreign countries do not prevent Americans from fully exercising their constitutional right to speak and debate freely,' said Senator Jeff Sessions, the top Republican on Leahy's committee."

So, why are there 500 million users? (...and how could we do better?)

Survey: Facebook Lovers Hate Facebook

A survey that went out this morning called the American Customer Satisfaction Index (ACSI), garnered a lot of attention around the blogosphere. While this survey is nothing new, this year, they included a few “social media” sites for the first time. And the results were interesting. Or, at least, the results basically said Facebook sucks.

According to ACSI, users have issues with the following:

  • privacy and security concerns

  • the technology that controls the news feeds

  • advertising

  • the constant and unpredictable changes

  • spam

  • navigation troubles

  • annoying applications with constant notifications

  • functionality

For my “Ethical Hackers” Capabilities – intercept and analyze communications in real time.

With PokerBuddy Pro, You Can Go “All In” With More Confidence

Using PokerBuddy Pro is quite simple, all you need to do is keep it open alongside your Zynga Poker window, and just follow its advice. It will keep it coming as it continuously updates its hand-play recommendations based on assessment of hole cards (your hand), the flop cards (top facing cards on the table), the number of cards dealt, and pot size.

How does it gather this data? Good question. All I was able to get out of CEO Alex Frenkel is that evidently it’s not all that difficult to do using deep level of communication protocols.

For my “Ethical Hackers” How do you reach networks that are not attached to the Internet? Get someone to carry your software (via thumb drive) to the target!

Details of the first ever control system malware (FAQ)

The security world is aflutter over new malware that has been spreading via USB devices and is programmed to steal data from systems running specific software used in utilities and industrial manufacturing plants.

If you don't normally search for Images, you should give this a try.

Google revamps Google Images Search

… Around 10 percent of Google Images Search users are seeing the new interface at the moment, and it will roll out for the rest of its users over the coming week.

(Related) Who is stealing my images?

… But what if you've located an image and want to see how it's been used and reused on the web? That's where TinEye comes in. TinEye is a reverse image search engine. Here's how it works, upload an image to TinEye or paste an image url into TinEye and it will scour the web to locate other uses of that image. TinEye will give you the links to where your specified image has been used.

Learn more about TinEye in the video below.

These are always worth a look...

LightShot: Lightweight Screen Capture Utility

LightShot is one of the lightest screen capture tools available. It works as a desktop client as well as an add-on for major browsers including Firefox, Chrome and Internet Explorer. Once installed, just click the little LightShot icon whenever you want to capture an image. Then select the area you want to capture.

Similar tools: CaptureFullPage, Snapcasa and WebSnapr.

These too

Screenjelly - Quick and Easy Screencasting

Screenjelly is a free web-based tool that allows anyone to quickly create a screencast video. To use Screenjelly all you need to do is go to and click the big red "record" button. Once clicked Screenjelly will begin recording your screen and your voice (if you choose) for up to three minutes. When you're done recording press "stop" and you can then share your video on Twitter and other social networks. You can also embed your Screenjelly recording into your blog or website.

[Also see: 3 Web-based Tools for Creating Screencast Videos

Tuesday, July 20, 2010

Typical weasel words covering the fact that they had no clue what was happening. Apparently they didn't have the skills “in house” to press a delete key or shred magnetic tapes.

South Shore Hospital Breach Could Affect 800,000

July 19, 2010 by admin

South Shore Hospital today reported that back-up computer files containing personal, health and financial information may have been lost by a professional data management company. [Doesn't sound very “professional” to me. Bob] The hospital had engaged the company to destroy the files because they were in a format the hospital no longer uses. The hospital has no evidence that information on the back-up computer files has been accessed by anyone. [Were they expecting a Thank You card from the thieves? Bob] An independent information-security consulting firm has confirmed that specialized software, hardware, and technical knowledge and skill would be required to access and decipher information on the files. [You would need a Word Processor, a Computer and knowledge of the “On Switch” Hardly PhD level stuff. Bob]

Based upon South Shore Hospital’s investigation so far, the back-up computer files could contain personally identifiable information for approximately 800,000 individuals. Included among those individuals are patients who received medical services at South Shore Hospital – as well as employees, physicians, volunteers, donors, vendors and other business partners associated with South Shore Hospital – between January 1, 1996 and January 6, 2010. The information on the back-up computer files may include individuals’ full names, addresses, phone numbers, dates of birth, Social Security numbers, driver’s license numbers, medical record numbers, patient numbers, health plan information, dates of service, protected health information including diagnoses and treatments relating to certain hospital and home health care visits, and other personal information. Bank account information and credit card numbers for a very small subset of individuals also may have been on the back-up computer files.

South Shore Hospital’s back-up computer files were shipped for offsite destruction on February 26, 2010. When certificates of destruction were not provided to the hospital in a timely manner, the hospital pressed the data management company for an explanation. South Shore Hospital was finally informed on June 17, 2010 that only a portion of the shipped back-up computer files had been received and destroyed.

South Shore Hospital immediately launched an investigation when it learned that its back-up computer files may have been lost. The investigation has included working with the data management company and shippers to search for the missing back-up computer files, taking steps to verify the scope and types of information contained in the back up computer files, and assessing the possibility that someone could access that information. South Shore Hospital has advised the MA Attorney General’s office, the MA Department of Public Health, and the US Department of Health and Human Services about this matter. The hospital also has ceased the offsite destruction of back-up computer files and is putting in place policies to ensure that a similar situation cannot occur. [“...even though we don't yet know what happened.” Bob] The investigation into the matter remains ongoing.

“I am deeply sorry that these files may have been lost,” said Richard H. Aubut, South Shore Hospital president and chief executive officer. “Safeguarding confidentiality is fundamental to our mission of healing, caring and comforting. I recognize that this situation is unacceptable and would like to personally apologize to all those who have trusted us with their sensitive information.”

South Shore Hospital is working to verify whose information may have been on the missing back-up computer files. Formal notification letters will be sent to them in the next several weeks. In the meantime, a sample individual notification letter has been posted.

… Information about this matter is posted to South Shore Hospital’s website at and is available through a special automated toll-free Information Line at (877) 309-0176.

Source: South Shore Hospital Press Release

Eight will get you ten they underestimated (or never considered) the many risks such a juicy target posed. Too busy dreaming up ways to spend their profits?

NDP: B.C.’s new online gambling website may have been hacked

July 20, 2010 by admin

Vivian Luk reports:

British Columbians’ personal information may have been compromised when the government’s online gambling website,, crashed last week, according to the New Democratic Party.

PlayNow, the first government-sanctioned online casino in North America, was shut down only hours after it was launched last Thursday.

The B.C Lottery Corp. said unexpectedly high traffic caused the server to crash, so it had to be pulled down to be fixed. Minister of Housing and Social Development Rich Coleman, who is responsible for BCLC, also told CTV News on Friday that visitors’ information may have leaked.

“It does appear that some information — because of all the data hitting at once [Horse droppings. Bob] — might have been displayed on somebody’s computer, so we are dealing with that,” he said.

The NDP however, believes the website crashed because it was hacked, though it has no hard evidence to support that claim. “Experts have made assertions that hacking was a possibility,” said Shane Simpson, NDP critic for housing and social development. “But the most concerning thing is that the government and BCLC has not been definitive that there wasn’t some kind of activity that breached the security of the site.”

Read more in the Vancouver Sun.


Survey of 103 e-Discovery Cases in the First Half of 2010, the “Campbell Soup” case, and the Wisdom of Andy Warhol

A new survey on 103 e-discovery cases from the first half of 2010 shows that sanctions are up, along with motions to compel. It also shows that judges are fed up with hide-the-ball aggressive tactics, and continue to urge attorneys to learn how to cooperate.

Another example of “How to think(?) like a Lawyer”

Lawsuit Dropped; Claimed That Copyright-Filtering Violates Copyright

Lawyers have abandoned a closely watched lawsuit against the document-sharing site Scribd that alleged the site’s copyright filtering technology is itself a form of copyright infringement.

The Texas federal court case broached a novel legal theory that the U.S. courts have never squarely decided.

The Scribd suit maintained that the copying and insertion of a copyrighted work into a filtering system without compensating the copyright holder, or obtaining their consent, was a violation of the Copyright Act. The suit said the filters breached copyrights because Scribd “illegally copies the work into its copyright protection system” without authorization.

[In other words, “We want you to identify copyrighted works but you can't actually look at the copyrighted works to do it – unless you pay us!” Bob]

(Related) And “How to think (??) like a Government”

Search Top Secret America’s Database of Private Spooks

U.S. spy agencies, the State Department and the White House had a collective panic attack Friday over a new Washington Post exposé on the intelligence-industrial complex. Reporters Dana Priest and William Arkin let it drop Monday morning.

It includes a searchable database cataloging what an estimated 854,000 employees and legions of contractors are apparently up to. Users can now to see just how much money these government agencies are spending and where those top secret contractors are located.

Check out the Post’s nine-page list of agencies and contractors involved in air and satellite observations, for instance. No wonder it scares the crap out of official Washington: It’s bound to provoke all sorts of questions — both from taxpayers wondering where their money goes and from U.S. adversaries looking to penetrate America’s spy complex.

... Still, in compiling all this information, there’s a risk that the Post provides a hostile foreign agent looking to infiltrate the U.S. security apparatus with an online yellow pages for sending out his resume.

(Related) That's 0.00033% of our population. India would have almost 4000 and China nearly 4400 just based on population.

Cyberwarrior Shortage Threatens U.S. Security

"We don't have sufficiently bright people [Probably not what he meant to say... Bob] moving into this field to support those national security objectives as we move forward in time," says James Gosler, a veteran cybersecurity specialist who has worked at the CIA, the National Security Agency and the Energy Department.

Gosler estimates there are now only 1,000 people in the entire United States with the sophisticated skills needed for the most demanding cyberdefense tasks. To meet the computer security needs of U.S. government agencies and large corporations, he says, a force of 20,000 to 30,000 similarly skilled specialists is needed.

A chilling effect? Will this require hosts to adopt a test similar to the “check for copyrighted material” RIAA wants? How many suspect blogs out of 70,000 are enough to shut down a host?

Blog Platform Shut Down as FBI Probes al-Qaida Posts

Blogging platform was cut off by its hosting company last week after the authorities said al-Qaida “terrorist material” was found on one of its servers, said a statement from web host BurstNET Technologies Monday.

Blogetery, a platform for some 70,000 blogs, was taken down by BurstNET after the Federal Bureau of Investigation asked BurstNET “to provide information regarding ownership” of the server hosting,” BurstNET said.

BurstNET shuttered Blogetery at its own discretion, after concluding it was violating its “Acceptable Use Policy.”

“It was revealed that a link to terrorist material, including bomb-making instructions and an al-Qaida ‘hit list,’ had been posted to the site,” BurstNET said.

Not scholarly or complete, but we do need to remind our geeks every now and then. Maybe I could take an expanded version on the rubber chicken circuit – “101 Ways You c\Could Go To Jail!”

How IT Pros Can Avoid Legal Trouble

Interesting statistic and a missed point.

Amazon Says E-Book Sales Outpace Hardcovers Inc. said it reached a milestone, selling more e-books than hardbacks over the past three months.

But publishers said it is still too early to gauge for the entire industry whether the growth of e-books is cannibalizing sales of paperback books, a huge and crucial market. [Similar to asking is Television spelled the end of Radio. Missing the fact that books are now created and edited on computer, so when it is ready to go to the printer it is also ready to go online – instantly and with zero printing cost. Bob ]

Some hacks are too easy to make it into the weekly quiz, let alone a MidTerm Exam.

SCADA System’s Hard-Coded Password Circulated Online for Years

A sophisticated new piece of malware that targets command-and-control software installed in critical infrastructures uses a known default password that the software maker hard-coded into its system. The password has been available online since at least 2008, when it was posted to product forums in Germany and Russia.

This could make the Hacking Mid-Term. Carefully identify your target and deliver a totally inappropriate ad. Extra points for humor.

Japan tests billboards that know your gender, age

A tool for stalkers?

Pick ‘n Zip: Easily Download Entire Facebook Albums

Similar tools: Facepad.


Some Tips & Tricks While Using Google Earth Street View

Like a little yellow sticky note on your videos - Watch Only The Best Parts Of Videos

Coming across a YouTube video that lasts five full minutes and which has only one minute which is remarkable is quite commonplace, for the simple reason that you are watching something which was uploaded by an individual who wanted to capture something the exact way he saw it.

VidScan is a ... tool that can delineate the best parts of any YouTube video, as determined by viewers.

VidScan utilizes the YouTube API in order to check for usable time comments, and if these are found then you will be able to skip straight to that part. A “usable time comment” is something as simple as a time snippet that reads “mm:ss”. Any video that has got that (which is not something uncommon to begin with) will be compatible with this system to the full.

Another tool for creating very large slideshows... - Slideshows Made Easy

Kizoa is a slideshow maker that is usable by just anybody, at absolutely no cost. It will let you take as many pictures as you want and concatenate them together in order to come up with a slideshow that can also include music and sound effects. Besides, images can be edited using the provided interface, and effects can be readily applied to them.

And once you have done that, you will be capable not only of sharing the results online with all your loved ones, but also of burning it all into a DVD.

After teaching for a few years, I probably have more than enough information to create a few classes... Probably try a few “Free” courses, then some larger “for Pay” courses. Free: “How to turn on your computer” For Pay: “How to do something useful”


SpacedEd is a platform designed to allow learners and teachers to harness the educational benefits of spaced education. Spaced education is a novel method of online education developed and rigorously investigated by Dr. B. Price Kerfoot (Associate Professor, Harvard Medical School).

It is based upon two core psychology research findings: the spacing effect and the testing effect.

You may include photos, YouTube videos, audio, animations, and hyperlinks in your course.

For courses priced between $1.99 and $20 ($1.99 minimum), course authors will receive 60% of gross revenue. For courses priced above $20, course authors will receive 80% of the balance above $20 for each enrollee.

If you wish, you may post your course for free. In this case, SpacedEd reserves the right to place advertising and/or sponsorship on the course materials.

Please consider interacting with the learners on the Answer Blogs for each question. This is an excellent method to create a community of learners around your course. The learners may also be able to identify errors in the questions, make suggestions for improvements, and/or add new information and references on the topic on hand.

You can follow the progress of learners and their ratings of your course the 'course reports' pages.