Saturday, November 06, 2010

It amazes me how often the topics we discuss at the Privacy Foundation [] forums appear soon after in news articles. Panelists suggested that Class Action lawsuits would become an increasingly common tool to “persuade” companies to reconsider their “We can, therefore we must” strategies.

Class Action Lawsuit Accuses Ringleader Digital of Hacking Cell Phones to Create ‘Zombie Databases’

November 5, 2010 by Dissent

Adam Klasfeld of Courthouse News reports:

Ringleader Digital, an advertising company “hacked the mobile phones of millions of consumers” to create a database of customers’ demographic information for the benefit of major media networks such as Fox News and CNN, according to a federal class action.

Delaware-based Ringleader “stamped” a “Unique Device Identifier” into customers’ cell phones, compatible with iPhone, iPad, iTouch and PDAs and other devices, the complaint states.

Once entered into their phones, the class claims, say the code sent their private information to a database that Ringleader shared with AccuWeather, CNN, ESPN, FOX News, Go2 Media, Merriam-Webster, Travel Channel, and WhitePages, all of them named as defendants.

Essentially, defendants hacked the mobile phones of millions of consumers … by embedding a tracking code in each user’s mobile device database to circumvent users’ browser controls for managing web privacy and security,” the complaint states.

The class claims the database collected information about “gender, age, race, number of children, education level, geographic location, and household income.”


The class seeks millions of dollars in punitive damages against Ringleader and its media partners for violations of the Computer Fraud and Abuse Act, Electronic Communications Privacy Act, New York General Business Law, and trespass.

Read more on Courthouse News.

It's a 'man bites dog' story and another illustration of “experts” who clearly should know better.

Cooks Source Copyright Infringement Becomes an Internet Meme

An internet firestorm is brewing over a small New England magazine accused of publishing recipes and articles lifted from the web without permission.

The dust-up began when food blogger Monica Gaudio discovered that Cooks Source had published a 6-year-old online article she wrote about apple pie, titled “A Tale of Two Tarts.” Gaudio e-mailed the magazine’s editor, Judith Griggs, to complain, asking Cooks Source to post a public apology on its Facebook page and make a $130 donation to Columbia School of Journalism.

It was Griggs’ response that set off the still-raging internet backlash.

But honestly Monica, the web is considered ‘public domain’ and you should be happy we just didn’t ‘lift’ your whole article and put someone else’s name on it! It happens a lot, clearly more than you are aware of, especially on college campuses, and the workplace. If you took offence and are unhappy, I am sorry, but you as a professional should know that the article we used written by you was in very bad need of editing, and is much better now than was originally. Now it will work well for your portfolio. For that reason, I have a bit of a difficult time with your requests for monetary gain, albeit for such a fine (and very wealthy!) institution. We put some time into rewrites, you should compensate me! I never charge young writers for advice or rewriting poorly written pieces, and have many who write for me… ALWAYS for free

(Related) It's no coincidence that articles like this start appearing after an “insult” to web authors.

Tools for rooting out Web plagiarism, copyright violations

Reducing “Health Care” costs?

Data Breaches Cost Hospitals $6B Yearly

By Dissent, November 5, 2010

Dom Nicastro writes:

Hospitals spend $6 billion annually because of data breaches, and Federal regulations enacted under the HITECH Act have not improved the safety of patient records research from The Ponemon Institute shows.

Among the data security and privacy research firm’s findings:

  • Hospitals are not protecting patient data

  • Hospitals admit to being vulnerable to a data breach

  • Breaches of patient information are occurring frequently and often go unreported, putting patients’ privacy at risk

  • A small percentage of healthcare organizations rely on security technologies to prevent and detect data breach incidents

  • Federal regulations—HITECH—have not improved the safety of patient records

Read more on HealthLeaders Media

Another lawsuit aimed at the “Security theater” issue. If for no other reason, the suit should win on the “ineffective” argument alone.

EPIC Files Lawsuit To Suspend Airport Body Scanner Use

Posted by Soulskill on Friday November 05, @12:13PM

"The Electronic Privacy Information Center filed a petition for review and motion for an emergency stay, urging the District of Columbia Court of Appeals to suspend the Transportation Security Administration's full body scanner program. EPIC said that the program is 'unlawful, invasive, and ineffective' (PDF). EPIC argued that the federal agency has violated the Administrative Procedures Act, the Privacy Act, the Religious Freedom Restoration Act, and the Fourth Amendment. EPIC cited the invasive nature of the devices, the TSA's disregard of public opinion, and the impact on religious freedom."

For my Ethical Hackers: To know how a system works is to be halfway (Okay, 90%) to hacking that system.

How Facial Recognition Works in Xbox Kinect

Hey! How come the best I can get now is 40 Megabites? 10 times faster would be good, but clearly 250 times faster is better. In the old days (pre WWW) they would bring new MODEM models out when they could provide a 4X speed increase or better.

Video: Verizon Tests A 10 Gbps Connection For Both Upload And Download. Want.

Despite the United States’ position as an Internet powerhouse, the state of broadband in this country compared to some other places around the world is pretty pitiful — both in speed and reach. Google is trying to do their part to fix the speed issue with their 1 Gbps fiber optic network tests. And Verizon is on the case as well — with a 10 Gbps network.

Now, to be clear, the video above is just a test. We’re unlikely to see these kinds of speeds in our homes any time soon. But this is a field test, not a test done in some lab.

And it’s awesome. 10 Gbps both is both the download and upload speed. Watch towards the end of the video when a 2.3 gigabyte movie is transfered in 4 seconds.

Maybe an Intro to Computing class would find these interesting.

10 Great Online Tools That Help You Find Out A Lot About Live Websites

[For example:

IP address, owner’s name, daily visitors, title, and description, and date of going live, server location’s (on a map), inbound links, hosted servers, indexed pages, blog entries

AdSense and Google Analytics status, changes in Feedburner subscribers, mentions on Twitter, Google Pagerank, Quantcast Rank, Alexa Rank,

This has real potential but is just starting into Beta testing so there is not much there (yet) Remember me when you list your favorite blogs! - Aggregating Useful Sites Together

The aim of this website is to connect people who know where to look for the answers to common questions with the ones who need that information. Through the site, user-edited lists can be created and shared. Each list is called a Tuesl (which is the short form for Top User Edited Site Lists), and there answers are provided in the shape of links leading to the relevant sites or knowledge bases.

… And just anybody can contribute to a Tuesl once it has been created. Again - that only makes too much sense. The only way to gather the most accurate collections of links on the Web is by having everybody submit the ones they know.

For my students, who use their phones 24/7 anyway...

Two Apps To Use Your Android Phone On Your Computer

… sometimes you just want to integrate your cellphone functionality into your computer. When you’re working or in class, sending messages fast, easy and covertly is a huge advantage.


Droid2Desk is a mighty impressive application that will do just that. It’s written in Java, so it’s effectively platform-independent. In theory, Droid2Desk will work with any Android 2.0 phone and any kind of computer. Spending half my computer hours on Mac, that’s a big plus.

You can use the application to view notifications and phone data (e.g. battery), receive and send SMS messages and send files to and fro over a wireless network. You can even view the camera on your computer and snap new pictures. Video feed support is reportedly being worked on.


Like Droid2Desk, you’ll need to have Java installed to run Texdro; you can download it here. Also similar to Droid2Desk, Texdro can run on any platform that supports Java. For only $2.99, the pro version allows you to connect over Bluetooth or USB, but you can use the free version without limitations if you don’t mind going over Wireless LAN. Your computer can be connected to the internet using a wired connection, but the WiFi is needed to connect to your phone.

Friday, November 05, 2010

We can, therefore we must!” Motto of too many Big Brother wanna-bes

We can, therefore we hack!” Motto of my Ethical Hackers

Scariest speed camera of all… It checks your insurance, tax and even whether you are tailgating or not wearing a seatbelt

November 5, 2010 by Dissent

Luke Salked reports:

Even the most law-abiding driver might feel a shiver down the spine when spotting this speed camera at the roadside.

For as well as detecting speeding, it is packed with gizmos that check number plates to make sure insurance and tax are up to date. It also measures the distance between vehicles to spot tailgating and takes pictures of the inside of the car – to make sure you are wearing a seat belt.

Read more in the Daily Mail

Perhaps we could make this mandatory for some people?

EU to create ‘right to be forgotten’ online

November 5, 2010 by Dissent

Bob Sullivan reports:

Just days after U.S. voters threw overboard one of their top privacy advocates in Congress, the European Commission announced Thursday that it will push for creation of a Web users’ “right to be forgotten.”

The commission, which is the executive body of the European Union, plans to update 15-year-old laws governing collection and use of consumer information to reflect the age of Google and Facebook. Changes could come early next year.

“Strengthening individuals’ rights so that the collection and use of personal data is limited to the minimum necessary,” the commission said in a statement.

Read more on Red Tape.

Just in case you assumed regulators (or their political bosses) wanted to be informed about the facts...

The Future of Privacy: How Privacy Norms Can Inform Regulation

November 4, 2010 by Dissent

The following is a rough version of a talk given by Danah Boyd at the 32nd International Conference of Data Protection and Privacy Commissioners in Jerusalem, October 29, 2010

… Given the “Generations” theme at the conference this year, I’ve been asked to talk with you today about my research on teens’ understandings of social norms with respect to privacy. I am an ethnographer, a sociologist. My work focuses on how everyday people engage with social media as part of their everyday lives. And so I’ve been spending a lot of time talking with teens about their notions of privacy, in part because the notion that kids don’t care about privacy is completely inaccurate.

I’m completely baffled by the persistent assumption that social norms around privacy have radically changed because of social media. This rhetoric is pervasive and is often used to justify privacy invasions. There is little doubt that the Internet is restructuring social interactions, but there is no radical shift in social norms because of social media. Teenagers care _deeply_ about privacy. But they also want to participate in public life and they’re trying to find ways to have both. Privacy is far from dead but it is definitely in a state of flux.

The goal of my talk today is to help you understand engagement with social media through the eyes of young people, exploring social norms around privacy. I believe that understanding the cultural logic of people who are engaged with technology can help you think critically about technology and policy.

Read the rest of her outstanding talk on her web site. And if you’re a parent, definitely read this talk as it may give you greater insights into how your child’s generation views things.

...and the pendulum swings yet again...

Federal Judge Finds Warrantless Cell Phone Tracking Unconstitutional

November 4, 2010 by Dissent

The ACLU blogs about a court opinion mentioned previously on this blog. The opinion is now available online and I expect that EFF will also have something to say about this case:

In August, we blogged about a court decision from the federal court in the Eastern District of New York that held that law enforcement agents are constitutionally obligated to get a warrant based on probable cause before obtaining historical cell phone location information. And in September, we wrote about an opinion from the 3rd Circuit Court of Appeals holding that judges may order the government to get a warrant based on probable cause for historical cell phone location information. However, the 3rd Circuit also held that judges are not obligated to require probable cause, and cautioned that they should only require the government to meet this high standard on rare occasions. Now another court has joined the fray. In a detailed opinion (PDF) citing documents obtained through litigation by the ACLU and Electronic Frontier Foundation, Judge Stephen Smith of the Southern District of Texas held that “warrantless disclosure of cell site data violates the Fourth Amendment.”

Read more on the ACLU’s blog.

Because the RIAA wasn't enough?

Data Protectionism Begins In Earnest

Our post earlier tonight about Google shutting down Facebook’s access to Gmail data exports makes me think two things. First, I’m not sure there’s much data that Facebook doesn’t already have with it’s 600 million users (although 1.3 billion people visit Google sites a week, so they’re not exactly slumming). And second, the data protectionist era has now begun in earnest.

I’m seeing all the signs of a “data war” beginning now. It’s not among nations, though. The players are the big Internet companies who have lots of user data today, and want more (all of it) tomorrow.

For a long while the webmail companies have generally been lenient about exporting user data via an API to other applications. It’s what the user wants, and most everyone is reciprocal. Or, they’re too small to matter yet. This is a “free data trade” type situation with the best economic consequences.

Well, everyone but Facebook. They’ve just pretty much refused to let users export social graph data, even though they import it like crazy from every source they can get their hands on.

This is a game theory situation. One party isn’t playing ball, but’s reaping the benefits of open data policies by all it’s big competitors. That forces competitors to protect their data as well (Google’s done it in a surgical way to avoid fallout with other non-Facebook companies).

I am amazed and amused! Let's hope he can put up with the bureaucracy long enough to have an impact.

FTC Taps Ed Felten As First Chief Technologist

Posted by timothy on Thursday November 04, @03:20PM

"Looks like the Federal Trade Commission got its first choice of Chief Technologist, because it's hard to think of anyone better to serve in that capacity than Princeton computer science professor Ed Felten, a guy whose CV makes everyone from Microsoft to Diebold shudder in embarrassment."

Not the actions of a naive teenager. Much more like a military team.

Zeus Attackers Turned the Tables On Researchers

Posted by CmdrTaco on Thursday November 04, @09:59AM

"The attackers behind a recent Zeus Trojan exploit that targeted quarterly federal taxpayers who file electronically also set up a trap for researchers investigating the attack as well as their competing cybercrime gangs. They fed them a phony administrative panel with fake statistics on the number of Zeus-infected machines, as well as phony 'botnet' software that actually gathers intelligence on the researcher or competitor who downloads it."

Definitions of “thoroughly tested” vary greatly.

Firm finds security holes in mobile bank apps

A security firm disclosed holes today in mobile apps from Bank of America, USAA, Chase, Wells Fargo and TD Ameritrade, prompting a scramble by most of the companies to update the apps.

Specifically, viaForensics concluded that: the USAA's Android app stored copies of Web pages a user visited on the phone; TD Ameritrade's iPhone and Android apps were storing the user name in plain text on the phone; Wells Fargo's Android app stored user name, password, and account data in plain text on the phone; Bank of America's Android app saves a security question (used if a user was accessing the site from an unrecognized device) in plain text on the phone; and Chase's iPhone app stores the username on a phone if the user chose that option, according to the report.

Meanwhile, the iPhone apps from USAA, Bank of America, Wells Fargo, and Vanguard and PayPal's Android app all passed the security tests and were found to be handling data securely.

This is becoming common – “We know more than you, so we'll just make a few 'improvements'”

CDN Optimizing HTML On the Fly on Friday

Posted by timothy on Friday November 05, @04:57AM

"Cotendo, which is a content distribution network, has taken to altering HTML as it passes through their CDN to optimize web pages for faster rendering. This is essentially a repackaging of the Apache mod mod_pagespeed (from Google), with the critical difference being that the rewriting of HTML occurs inline rather than at the web server. We all know that well-written HTML can result in much better rendering of whatever your content is; the questions are 'Will this automatic rewriting cause other problems, i.e. browser quirks?' and 'Assuming that only the web pages of Cotendo's customers are altered, are there nonetheless potential legal troubles with someone rewriting HTML before delivery to a browser?'"

I am always looking for ways to improve the performance of my Math students. I'm thinking that if a milliamp is good, running a 220 line into the classroom should allow me to create Einsteins!

The electrical zap that makes you better at math

researchers in Britain have discovered, at least according to the Telegraph, that if you aim a low-level zap at just the right part of a math-deficient's brain, you might improve their numerical ability.

In this study, if the charge--one milliamp--went from the right side of the parietal lobe to the left, then mathematical skills appear to have been doubled.

If you go the other way, the recipient will struggle to add 1 and 0. I exaggerate. Slightly. The participants who were charged in this direction seemed to suddenly have the math skills of a 6-year-old. Which might make them look a little silly on "Are You Smarter Than a Fifth-Grader?"

Tools & Techniques If the school would add this to their website, my students could download files like: Large computer logs (Computer Security) Detailed Census data (Statistics) All the records of Swiss banks (Ethical Hackers)

BurnBit: Create A Torrent For Large Downloads

You find that awesome video on RapidShare but downloading a 300 MB video with your unreliable internet connection is a pain. BurnBit is a tool that can help in such situations by creating a torrent file for the download so you can download it using your favorite torrent client at your pace.

The fact that you will be downloading from an actual server as well as your peers makes BurnBit a better option than traditional downloads.

BurnBit can also be used by webmasters to allow users to download files as torrents by embedding a torrent button. Registration is not required but gives you access to many additional features.

Tools & Techniques

Read Free Books From Google On Your PC With Blio eBook Reader

One of the most recent eBook readers to come about is the Blio eReader, an underdog rising to challenge the Kindle Store, iBooks and others.

What is cool is the Free Books section, which is tied to Google Books. Using Blio you can search through the huge number of publicly available works listed on Google. This includes many classic titles in various genres of literature, science and philosophy.

Thursday, November 04, 2010

Cyber war? A cautionary tale at least... No indication in the article as to who might be behind the attack. Some are claiming the government is doing it to ensure they can manipulate the elections on Nov 7th.

DDoS: Myanmar attacks larger than those against Estonia and Georgia

Starting towards the end of October, the nation of Myanmar (previously known as Burma) has suffering through a massive Denial of Service attack, leaving Web access at a crawl when it is available. According to Arbor Networks, the Myanmar attack is producing far more traffic than what was observed during the DDoS attacks on Estonia and Georgia.

“Papers, citizen” After all, they need to be able to identify “political dissidents” (anyone who voted for the other guy) in order to “reeducate” them.

Germany’s new e-ID cards raise hackles over privacy

November 3, 2010 by Dissent

Michelle Martin reports:

Germany has introduced electronic identity cards that store personal data on microchips, raising fears over data protection in a country especially wary of surveillance due to its Nazi and Stasi past.

The so-called eIDs enable owners to identify themselves online and sign documents with an electronic signature, which the government says should “increase the safety and convenience of e-business and e-commerce.”

Read more on Reuters.

Where do you draw the line between religion and politics? As we become an increasingly global society, whose laws apply?

UK Pressures the US To Takedown Extremist Videos

Posted by samzenpus on Wednesday November 03, @05:43PM

"BBC News and the Telegraph are reporting that the British government has pressured the US government to take down privately hosted extremist web sites and videos, particularly on YouTube. The request follows the conviction of a 21 year old woman who attempted to murder MP Stephen Timms after watching YouTube videos of radical American Muslim cleric Anwar al-Awlaki. YouTube hosts more than 5,000 videos featuring al-Awlaki, but has begun to remove them following the British government's complaints. The issue obviously raises First Amendment issues in the US, but Security minister Baroness Neville-Jones has said 'Those websites would categorically not be allowed in the UK. They incite cold-blooded murder and as such are surely contrary to the public good. If they were hosted in the UK then we would take them down but this is a global problem. Many of these websites are hosted in America and we look forward to working even more closely with you to take down this hateful material.'"

“...because you don't actually own the phone you bought, so we should still be allowed to control what you can do with it.”

“Hey! Great idea! We have computers in our cars now, so we should be able to turn them off if you drive too fast!” Car Companies

“We're going to put computers in our refrigerators, and turn them off if you store anything less healthy than broccoli!”

Microsoft Outlines Windows Phone 7 Kill Switch

Posted by samzenpus on Wednesday November 03, @02:12PM

"Microsoft has outlined how it might use the little publicized 'kill switch' in Windows Phone 7 handsets. 'We don't really talk about it publicly because the focus is on testing of apps to make sure they're okay, but in the rare event that we need to, we have the tools to take action,' said Todd Biggs, director of product management for Windows Phone Marketplace. According to Biggs, Microsoft's strict testing of apps when they are submitted for inclusion in Marketplace should minimize kill switch use, but he explained how the company could remove apps from the marketplace or phones, when devices check-in to the system. 'We could unpublish it from the catalog so that it was no longer available, but if it was very rogue then we could remove applications from handsets - we don't want things to go that far, but we could.'"

[From the article:

Apple's iPhone and Google's Android phone software also have kill switches built-in to cover the evetuality that they need to remove malware, or even just apps that break guidelines,...

“From a high-level perspective, phones check in to see if there are any downloads or updates available and it will also check if there are any apps that shouldn't be on there,” he said. “There might be instances where we would remove the app.”

Microsoft was reluctant to give examples of situations that would warrant app deletion, but agreed privacy and security concerns would be on the list.

(Related) Or, you could just cover up your failures...

Skyfire's iPhone browser 'sells out' due to shaky bandwidth

Skyfire for iPhone ($2.99) may be one of the shortest-lived apps in the iPhone App Store, surviving only five hours today before Skyfire pulled it from the marketplace after noticing strain on their servers that resulted in poor user experience.

"The servers haven't crashed," a Skyfire spokesperson said, but they did stutter as customers who bought the browser streamed Flash video. The Webkit-based Skyfire app (also available for Android) delivers Flash video to users--ordinarily forbidden by Apple--by streaming it through their own servers first in a process known as proxy browsing.

Skyfire issued a press release earlier tonight declaring that the app has "sold out," and that the company will issue "a new batch" of downloads once Skyfire increases its server capacity

(Related) Extending “Behavioral Advertising” tools to fight negative comments?

Cisco Social Software Lets You "Stalk" Customers

Posted by samzenpus on Wednesday November 03, @10:24PM

"Cisco this week unveiled software designed to let companies track customers and prospects on social media networks like Twitter, Facebook, blogs and other public forums and sites. Cisco SocialMiner allows users to monitor status updates, forum posts and blogs of customers so they can be alerted of conversations related to their brand. The software is designed to not only enable enterprises to monitor the conversations of their customers but to engage those that require service, Cisco says."

[From the article:

If discussions included information of a sensitive matter they would then be taken offline, Hernandez says. [This may mean the discussion would move to email or phone, but since the activity must pass through Cisco servers to be detected in the first place, what keeps them from 'blocking' the offending user? Bob]

You watch and we watch you watch, so watch out!

Going to the movies? Prepare to be watched while you watch

November 4, 2010 by Dissent

wconeybeer writes:

Gaining entry to some movie theaters lately gives patrons an experience that is on par with going through a TSA security checkpoint at the airport. Then once you’ve gained access, there are cameras strategically positioned that record your every move. Unfortunately, the extent to which these companies monitor movie-goers is only going to get worse.

In an effort to further combat piracy, some cinemas have incorporated the use of an infrared scanning system that detects recording devices in the audience and if detected, sounds an alarm to alert management. Now the company that offers those services, Aralia Systems, is working to enhance the system by incorporating technology which will scan and read the audiences’ physical expressions and emotions.

Aralia Systems is teaming up with Machine Vision Lab of the University of the West of England to develop the technology to turn their anti-piracy devices into a dual-purpose system that will gather data about how the crowd reacts to what they’re seeing at any particular moment.

Read more on myce.

As Ernesto writes on TorrentFreak:

The main question that comes to mind is how far these systems can go without specifically asking for consent from theater visitors. What was once a relaxing evening out might be turning into an interactive consumer research lab, with cameras carefully analyzing, recording and storing your every move – while you’re being charged for the privilege

I have no idea how to characterize this one other than “Huh?”

Do Firefox Users Pay More For Car Loans?

Posted by CmdrTaco on Thursday November 04, @09:21AM

"Someone wrote in to The Consumerist to report an interesting discovery: while shopping online for a car loan, Capital One offered him different rates, depending on the browser he used! Firefox yielded the highest rate at 3.5%, Opera took second place with 3.1%, Safari was only 2.7%, and finally, Google's Chrome browser afforded him the best rate of all: 2.3%! A commenter on the article claims to have been previously employed by Capital One, and writes: If you model the risk and revenue of applicants, the type of browser shows up as a significant variable. Browsers do predict an account's performance to some degree, and it will affect the rates you will view. It isn't a marketing test. I was still a bit dubious, but at least one of her previous comments backs up her claims to have worked for a credit card company. Considering the outcry after it was discovered that Amazon was experimenting with variable pricing a few years back, it seems surprising that consumers would be punished (or rewarded), based solely on the browser they happen to be using at the time!"

Easy money for my Ethical Hackers?

November 03, 2010

SEC Proposes New Whistleblower Program Under Dodd-Frank Act

News release: "The Securities and Exchange Commission today voted unanimously to propose a whistleblower program to reward individuals who provide the agency with high-quality tips that lead to successful enforcement actions. The SEC’s proposed rule under the Dodd-Frank Wall Street Reform and Consumer Protection Act maps out a simple, straightforward procedure for would-be whistleblowers to provide critical information to the agency. It conveys how would-be whistleblowers can qualify for an award through a transparent process that provides them a meaningful opportunity to assert their claim to an award."

I wonder if they also look at Amazon's “people who bought this book also bought...” feature?

How Google Is Solving Its Book Problem

Posted by samzenpus on Thursday November 04, @07:57AM

"Alexis Madrigal writes in the Atlantic that Google's famous PageRank algorithm can't be deployed to search through the 15 million books that Google has already scanned because books don't link to each other in the way that webpages do. Instead Google's new book search algorithm called 'Rich Results' looks at word frequency, how closely your query matches the title of a book, web search frequency, recent book sales, the number of libraries that hold the title, how often an older book has been reprinted, and 100 other signals. 'There is less data about books than web pages, but there is more structure to it, and there's less spam to contend with,' writes Madrigal. Yet the focus on optimizing an experience from vast amounts of data remains. 'You want it to have the standard Google quality as much as possible,' says Matthew Gray, lead software engineer for Google Books. '[You want it to be] a merger of relevance and utility based on all these things.'"

You know you've become iconic when...

'Sesame Street' skit slaps 'an app for that' concept

Wednesday, November 03, 2010

For my Computer Security students. How do you block this or at least detect it?

A Chilling Case of ‘Sextortion’

November 2, 2010 by Dissent

From the FBI:

The hacker knew every move the unsuspecting victim made. He controlled her computer webcam and microphone. He could see her in her bedroom, hear her conversations, knew every keystroke she made online. And he threatened to expose her secrets unless she bowed to his demands.

It may sound like the plot for a scary teen movie, but it actually happened, and there wasn’t just one victim—there were more than 200, and dozens of them were adolescent girls.

… The hacker, a 31-year-old California man who was arrested in June after a two-year investigation, used malicious code to infect and control the computers of his victims. Then he searched for explicit pictures from their computers, downloaded them, and used the images in an attempt to extort more pictures and videos from them.

What’s so frightening about this case was how easily the victims’ computers were compromised,” said Special Agent Jeff Kirkpatrick, one of our Los Angeles cyber investigators who worked the case.

… “And this guy was no computer genius,” Agent Kirkpatrick said. “Anybody could do what he did just by watching an online video and following the directions.”

… Victims—particularly teenage girls—were understandably devastated when they learned their privacy had been so completely violated. Many were afraid to tell their parents about the situation.

… “If he hadn’t attempted to contact the victims,” Agent Rogers said, “he could have done this forever and gone undetected—the victims would never have known he was listening and watching. That,” she added, “is one of the most disturbing things about this case.”

(Related) Perhaps my “fly armed and naked” idea was somewhat on point?

In Opening Brief, EPIC Urges Federal Appeals Court to Suspend Airport Body Scanner Program

November 2, 2010 by Dissent


EPIC has filed the opening brief in EPIC v. DHS, No, 10-1157, a case that challenges the unilateral decision of the TSA to make body scanners the primary screening technique in U.S. airports. Three frequent air travelers are joining EPIC in the lawsuit: security expert Bruce Schneier, human rights activist Chip Pitts, and the Council on American-Islamic Relations legal council Nadhira Al-Khalili. The Petitioners have brought claims under the Administrative Procedure Act, the Privacy Act, the Video Voyeurism Prevention Act, the Religious Freedom Restoration Act, and the Fourth Amendment. The Petitioners are seeking the suspension of the body scanner program. In its brief, EPIC argues that the Department of Homeland Security “has initiated the most sweeping, the most invasive, and the most unaccountable suspicionless search of American travelers in history.” EPIC further argues that the Transportation Security Administration “must comply with relevant law, and it must not be permitted to engage in such a fundamental change in agency practice without providing the public the opportunity to express its views.” For more information, see EPIC: EPIC v. DHS and EPIC: Whole Body Imaging Technology.

A project for my Ethical Hackers.

Credit Cards With Computer Chips: Coming to a Wallet Near You This Month

We’ve been hearing the refrain for years: the US is losing the credit card technology race. In Europe they have microchips. In Asia, people pay with their phones.

You’d think it’s only a matter of time before the US dumps its ancient magnetic stripes and joins the 21st century.

… Each of Mullen’s credit cards has a fully functional computer inside, controlled by touch-sensitive buttons on the card surface. Card 2.0 plastic works with all of those 10 million stripe readers in the wild, and merchants don’t even have to know you’re using a special card.

… Why do you want buttons on your card and a computer in your pants? Features. The first Card 2.0 plastic to hit the market is a rewards card. Press one button to pay with credit. Press the other button to pay with reward points.

Conundrum. How can a website offer data for “personal and non-commercial use only” and also forbid that use? A double-secret change of policy?

UK's National Rail Shuts Down Free Timetable App

Posted by timothy on Wednesday November 03, @07:24AM

"sad tale of one developer's trying time with the National Rail, the owners of the UK's train timetable data, which flies in the face of the recent assertion of Chris Scoggins (Chief Executive, National Rail Enquiries) in Wired recently stating that they had 'opened up' their data, 'often free of charge.'"

This is a good case for keeping your old emails handy; the app's author uses cut-and-paste to excellent effect in his correspondence with the rail system.

Perhaps by sponsoring a blog?

Google Emails All U.S. Gmail Users About The Buzz Settlement — And To Say They’re Not Getting A Dime

… Instead, the $8.5 million settlement money will be placed into an independent fund which Google says will support organizations working on privacy education and policy on the web.

Not new, but this video explains clearly how voting without risk of fraud could be done.

David Bismark: E-voting without fraud

Video interview with Google insider. Google TV, self-driving cars, etc.

October, 2010 Digg Dialogg with Marissa Mayer of Google — What happened when President Obama visited her home and a rooftop sniper showed up? How will the Google TV change our TV viewing habits? Is Google Skynet?

Read free online...

November 02, 2010

Proceedings of a Workshop on Deterring CyberAttacks: Informing Strategies and Developing Options for U.S. Policy

Proceedings of a Workshop on Deterring CyberAttacks: Informing Strategies and Developing Options for U.S. Policy, October 2010.

  • "In a world of increasing dependence on information technology, the prevention of cyberattacks on a nation's important computer and communications systems and networks is a problem that looms large. Given the demonstrated limitations of passive cybersecurity defense measures, it is natural to consider the possibility that deterrence might play a useful role in preventing cyberattacks against the United States and its vital interests. At the request of the Office of the Director of National Intelligence, the National Research Council undertook a two-phase project aimed to foster a broad, multidisciplinary examination of strategies for deterring cyberattacks on the United States and of the possible utility of these strategies for the U.S. government. The first phase produced a letter report providing basic information needed to understand the nature of the problem and to articulate important questions that can drive research regarding ways of more effectively preventing, discouraging, and inhibiting hostile activity against important U.S. information systems and networks. The second phase of the project entailed selecting appropriate experts to write papers on questions raised in the letter report. A number of experts, identified by the committee, were commissioned to write these papers under contract with the National Academy of Sciences. Commissioned papers were discussed at a public workshop held June 10-11, 2010, in Washington, D.C., and authors revised their papers after the workshop. Although the authors were selected and the papers reviewed and discussed by the committee, the individually authored papers do not reflect consensus views of the committee, and the reader should view these papers as offering points of departure that can stimulate further work on the topics discussed. The papers presented in this volume are published essentially as received from the authors, with some proofreading corrections made as limited time allowed."

How DHS sees risk. Explains what they are talking about?

November 02, 2010

DHS Risk Lexicon

"Developed by the DHS Risk Steering Committee (RSC), the purpose of the DHS Risk Lexicon is to establish and make available a comprehensive list of terms and meanings relevant to the practice of homeland security risk management and analysis. Accomplishing this goal improves the capability of the Department to assess and manage homeland security risk. To support integrated risk management for the Department, the DHS Risk Lexicon:

  • Promulgates a common language to ease and improve communications for the Department and its partners;

  • Facilitates the clear exchange of structured and unstructured data, essential to interoperability amongst risk practitioners; and

  • Garners credibility and grows relationships by providing consistency and clear understanding with regard to the usage of terms by the risk community across the Department."

Notice to geeks: Think of the fun we could have using this technique!

Truthy Project Uncovers Political Astroturfing On Twitter

Posted by Soulskill on Tuesday November 02, @05:10PM

An anonymous reader writes with a follow-up to the launch of the Truthy Project we discussed last month.

"Tens of thousands of tweets this election season have turned out to be automated messages generated by employees of political campaigns, Indiana University researchers have found. Quoting: 'In one case, a network of nine Twitter accounts, all created within 13 minutes of one another, sent out 929 messages in about two hours as replies to real account holders in the hopes that these users would retweet the messages. The fake accounts were probably controlled by a script that randomly picked a Twitter user to reply to, and a message and a Web link to include. Although Twitter shut the accounts down soon after, the messages still reached 61,732 users.'"

Ethical lawyers, crazy client?

Win-At-All-Costs” Litigation Using Illegal e-Discovery Leads to Dismissal of a Billion Dollar Case

Last week I mentioned the mean streets of litigation and my guess that most judges do not know how bad it has become. Two federal judges in South Florida know: District Court Judge Patricia A. Seitz and Magistrate Judge John J. O’Sullivan. Leor Exploration & Production LLC v. Aguiar, 2010 WL 3782195 (Sept. 28, 2010, S.D.Fl.). They have seen and responded to some real Dr. Evil type of conduct by the defendant in this case over One Billion Dollars. The misconduct culminated in illegal e-discovery where defendant hacked into the opposing party’s email and read his lawyers’ advice and strategies for the case. Judge O’Sullivan found, and Judge Seitz agreed, that defendant had a “win-at-all-costs mentality regarding this litigation.” Leor, supra at *4.

Some of my fellow teachers believe that Wikipedia is evil. I think it makes a great starting point for research.

Wikipedia Book Creator: Create eBooks From Wikipedia Pages

… If you’re the kind of person who likes to print lengthy Wikipedia articles to read offline at leisure, you should give the Wikipedia Book Creator a try.

The Book Creator is a new feature from Wikipedia that lets you select one or more pages from the online encyclopedia and add them to a PDF eBook that you can then download and read offline at your leisure. You can even get a printed book delivered to your doorstep, for a small fee.

If you would like to make some changes to the pages that you just saved, you can even download the eBook in the OpenDocument Text format. [Easily read by your normal word processor... Bob]

Perhaps I could make my own InfrGraphics? At lest some “step by step” flowcharts for my students. - Graphing Just Anything You Want

Grapholite is a web-based tool that makes creating graphs, charts and diagrams an absolute cinch. It is usable right on the browser, and it can be employed to come up with just anything you might need: organizational charts, floor plans, network diagrams...

… And every single diagram that you create via Grapholite can be saved in all the most popular text and image formats currently used, and imported into your favorite application(s).

It must also be mentioned that Grapholite is available in a desktop version.

Tuesday, November 02, 2010

Clearly they use words differently. But is this just a reporter with a cheap thesaurus, or actual quotes?

Capitol Hill credit card fraud wave 'adjudicated' -- Secret Service task force claims break in case

A special task force that combines Secret Service investigators with local law enforcement experts has made a major break in the case of a large wave of fraudulent activity involving credit card accounts belonging to people who live and work on Capitol Hill, CHS has learned.

According to David A. Iacovetti, Special Agent in Charge of the Electronic Crimes Task Force Seattle office, investigators made a break on the case late Friday night. "We addressed it so no further fraud could be conducted," Iacovetti said. [What to bet? Bob]

Iacovetti would not confirm that this wave involved a skimming device on a point of sale system somewhere on the Hill. Because this is an open and ongoing investigation, Iacovetti said it's too soon to release details of how the accounts were defrauded but that the situation has been "adjudicated." [Am I wrong to think 'adjudicated' has always meant 'resolved within the judicial system?' Bob] "Our guys got on it quick," Iacovetti said.

Iacovetti said the investigation continues and people should remain vigilant of suspicious activity on their accounts. "We're continuing," he said. "There was a point of interest that we were working on Friday. That threat was reduced." [“Reduced” does not suggest “resolved” does it? Bob]

Iacovetti tells CHS that agents will work to "reverse engineer" the circumstances and could be able to trace back all fraudulent activity for victims.

Cyber War Corporate risk analysis does not typically consider attacks by a foreign military – ignoring history again...

November 01, 2010

Google Confronts China's "Three Warfares"

Google Confronts China’s “Three Warfares”, by Timothy L. Thomas. Parameters, Summer 2010, Vol. 40, No. 2, U.S. Army War College.

  • "In early January 2010, Google announced that a computer attack originating from China had penetrated its corporate infrastructure (in mid-December) and stolen information from its computers, most likely source code. The hackers also accessed the Gmail accounts of some human-rights activists and infiltrated the networks of 33 companies. In April 2010, journalist John Markoff wrote: A person with direct knowledge of the investigation now says that the losses included one of Google’s crown jewels, a password system that controls access by millions of users worldwide to almost all of the company’s Web services, including e-mail and business applications. The program, code named Gaia for the Greek goddess of the earth, was attacked in a lightning raid taking less than two days last December, the person said." .. China’s recent incursions into US military computer networks and Google’s cyber systems are of concern when viewed in isolation. They reflect a more serious problem when viewed as part of a short-term goal of conducting “preemptive reconnaissance” that accommodates a longer-term goal of affecting US military planning or the US economy. Many factors indicate that this may be China’s goal."

[From the article:

An example of a civilian source that emphasizes economic and digital issues is the Chinese book Internet Wars. It also focused on the Internet confrontation in general. The book has 18 chapters. Several chapters draw the reader’s attention immediately. They are: “The Inevitable Internet War;” “Battles for Internet Control;” “Offensive and Defensive Internet Wars;” “The Internet Will Determine Victory in Future Wars;” “Dangerous Virtual Reality;” and “Financial Wars in the Internet World.”31 The latter should be of particular interest to US analysts.

[Also see the PowerPoint at:

[Also see the book:

Unrestricted Warfare

(Related) ...and is the reverse also true?

Kindle Allowing Chinese Unfettered Access

Posted by Soulskill on Tuesday November 02, @12:02AM

"Apparently, some Chinese Kindle owners have discovered that they are able to access banned sites such as Twitter and Facebook without a problem. The article speculates that Amazon may be operating a local equivalent to Amazon Whispernet with a Chinese 3G provider. Professor Lawrence Yeung Kwan, of the University of Hong Kong's electrical and electronic engineering department, told the paper that mainland internet patrols might have overlooked the gadget (perhaps because they consider it solely a tool to purchase books). How long before Kindle traffic is locked down?"

(Related) I hope not! (daylight savings time ends Sunday Nov. 7th in the US)

iPhone Alarm Bug Leads To Mass European Sleep-in

Posted by CmdrTaco on Monday November 01, @10:

"A flaw in the alarm clock in iPhone 4s gave Europeans a bit of a lie-in this morning. While the Apple handsets automatically adjusted to daylight savings time, a bug in the alarm system meant many were woken up an hour later than they should have been, after clocks rolled back over the weekend. Annoyingly, Australia was hit by a similar problem last month, but Apple failed to fix the problem or even warn users. American Apple fans, consider yourselves warned. The iOS4 bug can apparently be avoided by using one-off alarms, rather than pre-set regular wake-up calls."

This looks more like typical political ass-covering. They seem to be using these request to flag areas where they may have screwed up in order to have a timely 'rebuttal' ready when the evidence is released.

November 01, 2010

FOIA, Transparency and Additional Reviews Based on Origin of Requests

DHS Singles Out EFF’s FOIA Requests for Unprecedented Extra Layer of Review: "The Identity Project notes on its blog today that the Department of Homeland Security singled out EFF, along with other activist groups and media representatives such as the ACLU, EPIC, Human Rights Watch, AP, etc, for an extra layer of review on its FOIA requests. Records posted online by the DHS in response to one of the Identity Project’s FOIA requests show that the agency passed certain requests through extra levels of screening. According to a policy memo from DHS’s Chief FOIA Officer and Chief Privacy Officer, Mary Ellen Callahan, DHS components were required to report “significant FOIA activities” in weekly reports to the Privacy Office, which the Privacy Office then integrated into its weekly report to the White House Liason. Included among these designated "significant FOIA activities" were requests from any members of "an activist group, watchdog organization, special interest group, etc." and “requested documents [that] will garner media attention or [are] receiving media attention."

“The world according to ___________” Could be useful to know haw they other guys think(?) but I doubt it will be used that way... I wonder if they have a Forrest Gump option?

Blekko Launches a Search Engine With Bias

Posted by CmdrTaco on Monday November 01, @10:45AM

"Previous specialized search engines including Cuil, Hakia, Powerset, Clusty, and RedZ — each had a special trick, but they've all faded from memory, some after crashing in flames, some after making their founders rich. Now Rafe Needleman reports at Cnet that along comes Blekko, whose claim to fame is that you can tilt your search results in the direction you like by using a category of bias, like 'liberal' or 'conservative.' Categorization lists are applied by appending a 'slashtag.' The query, 'climate change /conservative' will give you politically slanted results, for example. 'Climate change /science' will restrict your results to hits from scientific Web sites. Blekko won't have a real, Web-wide impact unless its concept — that bias is good and more aggressive search filtering is needed — gets some traction, writes Needleman. But 'Blekko is a solid alternative to Google and Bing for anyone, and more importantly it's got great potential for researchers, librarians, journalists, or anyone who's willing to put some work into how their search engine functions in order to get better results.'"

Speaking of bias... Or perhaps lobbying?

Google Sues US Gov't For Only Considering Microsoft

Posted by Soulskill on Monday November 01, @04:20PM

"Late last week, Google sued the US government for putting out a Request For Quotation for the messaging needs of the Department of the Interior that specified only Microsoft solutions would be considered. Google apparently had spent plenty of time talking to DOI officials to understand their needs and make sure they had a solution ready to go — and were promised that there wasn't a deal already in place with Microsoft. And then the RFQ came out. Google protested, but the protest was dismissed, with the claim that Google was 'not an interested party.'"

Big Brother Barbie? “Train them young?” Have children (or parents) demanded surveillance enabled toys?

Call to boycott Barbie with built-in camera

November 1, 2010 by Dissent

Daniella Miletic reports:

MATTEL’S trademark vinyl doll is getting older but she has embraced technology – Barbie’s new built-in camera abilities are worrying some privacy advocates and psychologists.

The Barbie Video Girl doll has been criticised for enabling children to film themselves and others using a hidden camera in Barbie’s necklace.

The doll, which retails for about $110, also has a small colour LCD screen in her back and the capacity to record 30 minutes of video, which can be transferred to a computer.

Read more in The Age.


State Electronic Harassment or "Cyberstalking" Laws

November 2, 2010 11:54

State Electronic Harassment or "Cyberstalking" Laws

Source: National Conference of State Legislatures

Law enforcement agencies estimate that electronic communications are a factor in from 20 percent to 40 percent of all stalking cases. Forty-seven states now have laws that explicitly include electronic forms of communication within stalking or harassment laws. State laws that do not include specific references to electronic communication may still apply to those who threaten or harass others online, but specific language may make the laws easier to enforce.

I'm sure the RIAA will agree, as long as they have the majority of seats on the panel...

UK: Minister proposes privacy mediation service and good-privacy kitemark

November 1, 2010 by Dissent

A UK Government minister has proposed the creation of a mediation service for people who think their right to privacy has been violated on the internet. The mediation could result in the removal of material, Ed Vaizey said..

Vaizey is Parliamentary Under-Secretary of State for Culture, Olympics, Media and Sport, and told a House of Commons debate that there should be a mediation service for content to match the Nominet-run service run to resolve domain name disputes.

“Nominet, the charity that is responsible for internet domain names, runs an extremely effective mediation service, so that people who are disputing the ownership of an internet domain name may be involved in a low-cost process to discuss how to resolve that dispute,” he said.


“Gee Prof. Bob, I'm just studying!”

Oxford, Rice, Open University release eBooks on iTunes U

The Open University has released 100 free, interactive eBooks and promises an additional 200 titles by the end of the year. The school said its eBooks aren't just digital versions of existing books, but rather books that are designed specifically for the electronic format.

As an example, Martin Bean, vice chancellor of The Open University, said that if you are learning about Schubert, you can hear the music while you follow the score and read the text.

In June, The Open University became the first school to reach 20 million downloads of its material on iTunes U. It now has over 27 million downloads worldwide.

Oxford University joined the eBook release party as it pushed out Shakespeare's entire First Folio. Oxford's Shakespeare contribution is available free from iTunes U.

Oxford said it is also making six plays by contemporaries of Shakespeare available, including "The Duchess of Malfi" by John Webster.

Rice University released 18 of its most popular free textbooks available as part of its open education initiative, Connexions.

The books are available for download on iTunes U in the open ePub format. iTunes U, providing free educational material such as lab demonstrations and lectures, launched in 2007.