Saturday, December 11, 2010

Do these email addresses come from information provided by customers filling prescriptions? Why is this data less secure that any other? (IS it less secure?)

Hackers steal Walgreens e-mail list, attack consumers

December 10, 2010 by admin

Bob Sullivan reports:

Pharmacy giant Walgreens had to swallow some bitter medicine on Friday when it told customers that a computer criminal had stolen its e-mail marketing list. The criminal used the list to send out realistic-looking spam that asked recipients to enter their personal information into a Web page controlled by hackers.

“We are sorry this has taken place and for any inconvenience to you,” the e-mail said.

No prescription information or other health information was stolen, the company said — the criminal only managed to pilfer customer e-mail addresses.

Read more on Technolog.

Student Privacy Takes Hit in Cell Phone Search Case

December 10, 2010 by Dissent

Matthew Heller discusses the DeSoto cellphone case discussed previously on this blog and seems to be as derisive of the court’s opinion as I was. His commentary begins:

A Mississippi judge has chilled the privacy rights of students by ruling that school officials were justified in viewing photos on a student’s cell phone after he was caught using it on campus in violation of school rules.

In one of the first decisions of its kind, Chief U.S. District Judge Michael P. Mills summarily dismissed the Fourth Amendment claims of a Southaven, Miss., middle-school student identified only as R.W., giving school administrators broad authority to “search” cell phones “to determine to what end the student was improperly using that phone.” [e.g. Reporting criminal activity by a teacher? Bob]

Read more on OnPoint.

[From the article:

“In the court’s view, a student’s decision to violate school rules by bringing contraband on campus and using that contraband within view of teachers appropriately results in a diminished privacy expectation in that contraband,” Mills wrote in his opinion.

Under U.S. Supreme Court precedent, a search of a student by a school official must be “justified at its inception” and is “permissible in its scope when the measures adopted are reasonably related to the objectives of the search and not excessively intrusive in light of the age and sex of the student and the nature of the infraction.” New Jersey v. T.L.O., 469 U.S. 325 (1985).

Mills said R.W. may well have been “engag[ing] in some form of cheating, such as by viewing information improperly stored in the cell phone.” But he did not address whether officials at Southaven Middle School went too far by looking at the photos in the phone rather than simply confiscating it.

What cheating R.W. could possibly have been doing is unclear — according to his complaint, “he was caught using his cell phone to review a text message sent to him by his father during football period.”

An Ethical Hacker research project: Is there a simple method for determining what records are public and what information they are likely to contain?

Why we’re publishing the names

December 10, 2010 by Dissent

Mike Reilly of the Omaha World-Herald explains the paper’s decision to publish the names of over 28,000 people who signed a petition to recall Mayor Jim Suttle:

… These names are not secret. The petitions are public record under Nebraska law. They are available to anyone who visits the Douglas County Election Commission. Basically, our database gives you convenient access to something you are legally entitled to examine.

Unlike voting, the act of signing a recall petition is an extremely public act.


In our database of names, the newspaper is holding back some information as a precaution against the possibility of identity theft. You will not see individual signatures or individual addresses even though those, too, are part of the public record.

But we have included each individual’s age, political affiliation and middle initial, as well as the home ZIP code.

Read more in the Omaha World-Herald.

A lot of people sign petitions and don’t seem to realize that petitions may be public records, as a recent Supreme Court case reveals.

For my Ethical Hackers and Computer Forensics students.

Canon camera encryption cracked

There's a new reason to take note of a Russian programmer who rose to modest fame with his detainment in the United States in 2001: his work to help crack encryption used in Canon cameras.

The programmer and encryption expert is Dmitry Sklyarov, and his company, Elcomsoft, has found a vulnerability in Canon's OSK-E3 system for ensuring that photos such as those used in police evidence-gathering haven't been tampered with.

The result is that the company can create doctored photos that the technology thinks are authentic. To illustrate its point, it released a few doctored photos that it says passes the Canon integrity checks. [Examples accompany the article. Bob]

Sklyarov presented the findings at the Confidence 2.0 conference last week.

Canon didn't immediately respond to a request for comment.

Sklyarov discussed his methods in a conference presentation (PDF). In it, he offered some advice on how Canon could fix the issue in future cameras. Along with the technical advice was this: "Hire people who really understand security."

(Related) I'm not certain, but I suspect this is how Governor Schwarzenegger (that wimp) got his face on my body...

ThatsMyFace: Create Action Figures of Yourself

Imagine yourself as an action figure being played with and collected by many. Or how about getting a mask of your face? If you are interested in these kinds of personal gifts, then you should check out ThatsMyFace.

This web service creates a 3D human face from your own pictures which are then attached to action figures, 3D portraits and other products, making it a great personalized gift item for your friends.

Similar Tools: PhotoFace, Digimi, and Gizmoz.

For my Ethical Hackers...

How To Build A Basic Web Crawler To Pull Information From A Website (Part 1)

Web Crawlers, sometimes called scrapers, automatically scan the Internet attempting to glean context and meaning of the content they find. The web wouldn’t function without them. Crawlers are the backbone of search engines which, combined with clever algorithms, work out the relevance of your page to a given keyword set.

Today, I’d like to teach you how to make your own basic crawler – not one that scans the whole Internet, though, but one that is able to extract all the links from a given webpage. [We can modify it later. Bob]

For my website and programming students. Handles: HTML, PHP, Ruby, CSS, Python, Perl, and JavaScript

ShiftEdit: Web Based IDE For Programming In The Cloud

If you are looking for a quick integrated development environment to work on the go, then you should check out ShiftEdit. Like any IDEs, ShiftEdit offers basic syntax highlighting and the web app interface allows you to edit your work and save it in the cloud.

Similar Tools: Ideone, PHPAnywhere and CodeRun.

Hate PowerPoint but still need to give presentations?

The 4 Best Free Alternatives To Microsoft PowerPoint

For those of us with vast stock portfolios (or even half-vast portfolios) and my Finance students. - Screening Covered Calls For You

In case you are not familiar with the concept, covered calls are one of the best investment strategies available. They are easy to get acquainted with and not very risky - industry professionals recognize them as the one conservative investment strategy that uses options. Covered calls imply a buy-write strategy that has the same payoffs as writing a put option (provided an equilibrium between the actual call option and the underlying instrument which is transacted is reached, that is).

Well, Born To Sell is a new website that makes covered calls something understandable and usable by just anybody. The site acts as a screener that any person who already owns stocks can use to identify opportunities and write options, as well as a search engine for already-existing covered calls. As it stands right now, the site will let you search over 150,000 covered calls at once.

And knowing these concepts might be a bit hard to grasp at first, the ones behind this site have come up with a comprehensive tutorial explaining just how to use such calls in order to generate a tangible income much faster.

What's new? Note: This website is getting accessed heavily enough to make the host think it's being attacked. Keep trying. Gives Early Adopters A Heads Up creator Marc Köhlbrugge has started curating an online list of not yet public startups that are currently or will soon give out invites to their private betas.

This really looks slick, and very comprehensive. BUT, in addition to requiring my email address to “sign up” prior to downloading the software, they want me to send “invitations” to two of my friends. I don't think they are planning to “do evil.” but clearly they aren't “privacy friendly” either.

Watch Your Favorite TV Shows Online With the iTVMediaPlayer

There are plenty of sites where you can watch live television, and we’ve covered a whole lot of them here at MakeUseOf. A while back, Aibek posted a list of 7 sites where you could find TV shows and Mark covered the popular desktop app Livestation, where you can find just about any news channel you’d want. More recently, I reviewed a few more tools you can use to watch TV on your computer, and then of course there’s the popular Boxee option that Justin recently wrote about.

Now with all of those options to choose from, you would think that letting go of cable would be easy. The problem is that it’s hard to find a place to offers live programming from the most popular channels like MTV, HBO, Disney or SyFy. With all of that said, I think that our cable connection has finally come to an end, because I’ve finally discovered iTVMediaPlayer.

Humor: Dilbert's commentary on the state of technology?

...and Google summarizes 2010 in 3 minutes.

As The World Searched: Google Zeitgeist 2010 [Video]

Friday, December 10, 2010

Sound risk management practices would include (at minimum) another layer that “assumes” loss/theft of “portable” devices is inevitable and requires encryption. (Is there any reason the data is on a portable device in the first place? Perhaps there is no Internet in Canada?)

Alberta’s Privacy Commissioner shocked over digital devices (updated)

December 9, 2010 by admin

A rash of theft and loss of digital devices has Alberta’s Information and Privacy Commissioner scratching his head.

In the past month, there have been seven self reported breaches of personal information, each involving a stolen or lost laptop or digital device.

Two of those are government computers and personal information is at risk.

Frank Work says he finds it incomprehensible that in this day and age organizations can’t figure out how to properly protect personal information.


Do we know about all seven of the incidents? Thanks, Bart, for sending this in!

Update: Bart kindly sent me a second link. The breaches are described in this companion story in the Calgary Herald and involve healthcare sector, business sector, and other breaches involving sensitive PII and/or PHI.

For my Ethical Hackers

Beating Censorship By Routing Around DNS

"Last month, the US gov't shut down a number of sites it claimed were infringing copyright. They did it by ordering VeriSign to change the sites' authoritative domain name servers. This revealed that DNS is subject to government interference — and now a number of projects have emerged to bypass DNS entirely."

(Related) As 'Advertisers' and governments increase surveillance, tools to reduce surveillance proliferate.

BitTorrent Client Offers P2P Without Central Tracking

"While BitTorrent is the most popular P2P protocol, it still relies on several centralized points for users to find the files they are looking. There have been several attempts at making BitTorrent more decentralized, and the latest Tribler 5.3 client is the first to offer the BitTorrent experience without requiring central trackers or search engines. Tribler offers some very interesting technologies; the latest version enables users to search and download files from inside the client. Plenty of other clients offer search features, including the ever-popular Torrent, but Tribler's results come from other peers rather than from a dedicated search engine. Users can search and download content without a server ever getting involved; everything is done among peers, without the need of a BitTorrent tracker or search indexer."

A case of “data isn't important, until it is.” This is the same government that wants all of our health records online to make them accessible.

AP Enterprise: FAA loses track of 119,000 aircraft

The Federal Aviation Administration is missing key information on who owns one-third of the 357,000 private and commercial aircraft in the U.S. — a gap the agency fears could be exploited by terrorists and drug traffickers.

The records are in such disarray that the FAA says it is worried that criminals could buy planes without the government's knowledge, or use the registration numbers of other aircraft to evade new computer systems designed to track suspicious flights. It has ordered all aircraft owners to re-register their planes in an effort to clean up its files. [“Because we haven't been able to handle the data as it dribbled in, we want to try handling a flood of data.” Bob]

… The amount of missing or invalid paperwork has been building for decades, the FAA says. Up to now, owners had to register their planes only once, at the time of purchase. The FAA sent out notices every three years asking owners to update their contact information if needed, but there was no punishment for not doing so.

… The problem became more acute [Translation: “more obvious” Bob] after the government launched a new computer system for tracking flights called the Automatic Detection and Processing Terminal, or ADAPT, the FAA says. The system combines dozens of databases, from a list of stolen aircraft to the names of diplomats. [Because the FAA registers Diplomats too? Bob] It flags suspicious flights in red on a map. [...and? Then it ignores them? Bob]

Should I assume the hospital will accept all risk related to the shots?

NC Judge: Hospital Employees Must Get Flu Shot

December 9, 2010 by Dissent

Can’t say that I’m surprised by this one. Here’s the outcome of a workplace case mentioned previously on this blog:

The fight over flu shots at Anderson Area Medical Center is over and an employee who filed suit to keep the hospital from firing her if she didn’t get a shot has a deadline.

The judge in the case found in favor of the hospital, and now Bertha Hunter has until December 15 to get the shot or face losing her job.

The hospital requires employees to either get a flu shot or lose their jobs.

Read more on WSPA.

Bad user, bad!

US Trials Off Track Over Juror Internet Misconduct

"The explosion of blogging, tweeting and other online diversions has reached into US jury boxes, in many cases raising serious questions about juror impartiality and the ability of judges to control their courtrooms. A study by Reuters Legal found that since 1999, at least 90 verdicts have been the subject of challenges because of alleged Internet-related juror misconduct — and that more than half of the cases occurred in the last two years. Courts were fighting back, with some judges now confiscating all phones and computers from jurors when they enter the courtroom."


AU: Attorneys-general to discuss legal gags on Facebook

December 9, 2010 by Dissent

Options to enforce legal gags on users of social networking websites like Facebook will be discussed today at a meeting of Australia’s attorneys-general.

One of the attorneys-general, John Rau, from South Australia, this morning said he would raise concerns about the effectiveness of suppression orders in the age of social networking.

“The publishing on a site such as Facebook of the name of an accused, whose identity is suppressed, could prejudice a fair trial and prevent justice being done,” he said.

Read more in The Age.

If there is no further consequence, won't they just keep on sending those extortion letters? After all, they only lost four cases – after “settling” hundreds!

UK Copyright Blackmailers Rebuked By Court

"The first eight ACS:Law cases have reached the courts, and have already fallen on their face. The law firm hit the headlines when it demanded money from tens of thousands of Britons for illegal file sharing, threatening legal action. It seems its bark was worse than its legal bite, as default judgments have been refused in six of the cases for such egregious errors as attempting to make a claim when one is not even the copyright holder. Two of the cases were found in default as the defendants had failed to respond, but not on the merits of ACS:Law's case."

I suppose this is humor, but like all humor it has a more than a grain of truth.

The first truly honest privacy policy

December 6, 2010 — It’s been a hell of a year for consumer privacy, or the lack thereof. From Facebook leaking personally identifiable information to advertisers, to data brokers harvesting reams of user information on social nets, to Google’s Wi-Fi slurping, 2010 may be remembered as the year the privacy chickens came home to roost -- and quickly got roasted.

Now Congress is debating new privacy laws and the FTC has weighed in with proposals for a No Tracking List to thwart nosy Web advertisers. The agency has also called for sites to create privacy policies a wee bit shorter and more accessible than, say, Facebook’s 5,830-word privacy opus. Not surprisingly, the online data industry immediately began trash talking the FTC’s ideas, calling for even more ‘self regulation’ and forming yet another industry consortium, the Open Data Partnership, to avoid a Federal smack down.

Apparently, the 10 years online data mongers have been given to come up with privacy protections that actually protect privacy hasn’t been enough. Just give them another 10 years and they promise they’ll get it right.

I’ve got a better solution. Instead of a welter of new laws or regulations, how about just one: The Honest Privacy Policy Act. The HPPA would require every company to post a simple, direct, and brutally honest policy detailing what really happens to your data.

To help this proposal along I’ve come up with one of my own – and it’s 5,085 words shorter than Facebook’s. Here’s what a real privacy policy might look like:

All new technologies “cloud” the law.

Do your cloud vendors disclaim security responsibility

Cloud computing contracts often contain significant business risks for end user organisations, according to independent research by UK academics. Some contracts even have clauses disclaiming responsibility for keeping the user's data secure or intact.

Others reserve the right to terminate accounts for apparent lack of use, which is potentially important if they are used for occasional backup or disaster recovery purposes, according to the Cloud Legal Project at Queen Mary, University of London.

Other contracts can be revoked for violation of the provider's Acceptable Use Policy, or indeed for any or no reason at all, the academics found.

The Cloud Legal Project surveyed 31 Cloud computing contracts from 27 different providers and found that many included clauses that could have a significant impact, often negative, on the rights and interests of customers. Only three of the contracts surveyed - Google Apps Premier, Iron Mountain and Salesforce CRM - state that changes to the T&C may only be in writing with the agreement of both parties.

For my Data Mining and Analytics students.

December 09, 2010

Strategic Use of Analytics in Government

Strategic Use of Analytics in Government: "Governments use analytics (often described as “business intelligence”) to enable and drive their strategies and performance in an ever more volatile and turbulent environment. Analytics and fact-based decision making can make a powerful contribution to the achievement of government missions, just as they are now making to the accomplishment of corporate business objectives. In their report, Professors Davenport and Jarvenpaa explore several important applications of analytics in government agencies and develop an assessment framework for those that either have not yet embarked on the analytics journey or are still in the early stages. The report focuses on four governmental mission and management areas — health care, logistics, revenue management, and intelligence — to which analytics has been applied. While the opportunities from analytics for improving efficiency and effectiveness in government appear limitless, there is much less clarity about the readiness of government to embrace analytics. [Why? Bob] While analytics is often depicted as a technological innovation, Davenport and Jarvenpaa are careful to point out that the use of analytics requires managerial innovation." [Because... Bob]

Thursday, December 09, 2010

Nothing attracts lawyers sharks lawyers like blood in the water.

Judge Won’t Alter Award in Equifax ID Theft Case

December 8, 2010 by admin

Maria Dinzeo reports the latest development in what is probably one of the most well-known ID theft cases:

A cancer survivor who won more than $1 million from Equifax for improperly handling his identity theft report can keep the full award, a federal judge ruled.

U.S. District Judge Susan Illston rejected the credit reporting agency’s motions for a new trial or to set aside so-called “excessive” damages.

Eric Drew, who was twice referred to hospice care by hospitals that said they could not treat his cancer, had his identity stolen in 2003 by a phlebotomist working at the cancer center where he had undergone treatment.

Read more on Courthouse News, where you can also read the court’s order denying Equifax’s motion.

Note that Drew’s case is also somewhat famous for being the first criminal prosecution and conviction under HIPAA, although that was not at issue in this civil suit under the Fair Credit Reporting Act.

(Related) OR (to mix a metaphor) has that ship sailed?

House and Senate Enact Amendment of FCRA, Limit Scope of Red Flags Rule

December 8, 2010 by admin

Boris Segalis writes:

The Blog of Legal Times is reporting that late on December 7, 2010 the House of Representatives passed a bill on a voice vote that amends the definition of “creditor” in the Fair and Accurate Credit Reporting Act (FCRA) and, as a result, dramatically limits the scope of the Red Flags Rule. The House bill is identical to the legislation enacted by the Senate last week. We previously covered in detail on our blog both the House bill and the Senate bill.

Read more on InformationLawGroup.

Indeed, the House did pass the bill (S. 3987) on a voice vote, as the Congressional Record reflects.

[From the article:

The legislation has the effect of largely limiting the applicability of the Red Flags Rule to financial institutions and entities commonly understood to be "creditors".

… The legislation limits the definition of "creditor" under the FCRA to entities that:

  1. obtain or use consumer reports, [Not 'produce' Bob] directly or indirectly, in connection with a credit transaction;

  2. furnish information to consumer reporting agencies (see 15 U.S.C. 1681s-2) in connection with a credit transaction; or

  3. advance funds to or on behalf of a person (based on the person's obligation to repay the funds or repayable from property pledged by or on behalf of the person).

I think there are clearly conversations (sidebars?) and subjects (facts under some type of seal) that should not be part of a public record, but does a judge have a right to privacy in open court? Is this really “Wiretapping?”

The War on Cameras

December 9, 2010 by Dissent

Radley Balko has a terrific article on about an issue that has been mentioned a number of times on this blog: whether public servants such as the police have any right to privacy in the performance of their duties.

The question garnered a lot of public attention earlier this year after a motorcyclist, Anthony Graber, recorded being pulled over for a traffic stop and uploaded it to YouTube, but I’ve also covered other cases of that kind and the issues they raise.

Balko describes a case in an Illinois court that seems destined for follow-up. It’s a case where a judge claimed that a defendant who wanted a recording of the trial and who had been denied a court reporter, was told that not only couldn’t he record the proceedings himself, but that he broke a whole bunch of wiretapping laws. Balko writes:

Just after he walked through the courthouse door the next day, Allison says Crawford County Circuit Court Judge Kimbara Harrell asked him whether he had a tape recorder in his pocket. He said yes. Harrell then asked him if it was turned on. Allison said it was. Harrell then informed the defendant that he was in violation of the Illinois wiretapping law, which makes it a Class 1 felony to record someone without his consent. “You violated my right to privacy,” the judge said.

Allison responded that he had no idea it was illegal to record public officials during the course of their work, that there was no sign or notice barring tape recorders in the courtroom, and that he brought one only because his request for a court reporter had been denied. No matter: After Harrell found him guilty of violating the car ordinance, Allison, who had no prior criminal record, was hit with five counts of wiretapping, each punishable by four to 15 years in prison. Harrell threw him in jail, setting bail at $35,000.

The judge had a right to privacy in his official capacity in open court? Oh really? Read the Reason article, as it reviews a number of cases of the issue of privacy of public servants and various states’ laws.

Via Bert Knabe: Do public servants have right to privacy?


CO Medical Marijuana Rules: Law Enforcement Trumps Patient Privacy

By Dissent, December 8, 2010

Over on TalkLeft, Jeralyn writes:

One step forward, two steps back. Colorado’s proposed regulations on medical marijuana are 90 pages long. You can read them here.

As part of her discussion, she quotes (via Westword) the Cannabis Therapy Institute:

The Colorado constitution sets up a confidential registry run by the state health department,” she continues, “and the only reason law enforcement ever gets to question the registry is if they stop somebody or detain them — and then they can call the registry and ask if this person is on the registry. That’s as far as it’s supposed to go.

But they’re talking about replacing that with this monstrous database that’s shared by the Department of Revenue, the department of health and law enforcement that’s going to confirm not just that a person is a patient, but what medicine they bought, when they bought it and where they bought it.

And there’ll be a 24-7 video surveillance system of dispensaries and grow operations. Wherever medical marijuana is processed, cultivated or sold is going to be under surveillance accessible to law enforcement on demand. It’s going to be the most scrutinized substance on the planet.”

…not only is this an issue of violating the confidentiality requirement in the Colorado constitution, but it’s a question of medical-records privacy, which is a broader issue than just for medical marijuana patients. It’s giving law enforcement access to medical information on an unprecedented scale.

Read more on TalkLeft.

“We know he's guilty, we just need to figure out what he's guilty of...”

December 08, 2010

CRS: Criminal Prohibitions on the Publication of Classified Defense Information

Criminal Prohibitions on the Publication of Classified Defense Information, Jennifer K. Elsea, Legislative Attorney, December 6, 2010

  • "The recent online publication of classified defense documents and diplomatic cables by the organization WikiLeaks and subsequent reporting by the New York Times and other news media have focused attention on whether such publication violates U.S. criminal law. The Attorney General has reportedly stated that the Justice Department and Department of Defense are investigating the circumstances to determine whether any prosecutions will be undertaken in connection with the disclosure. This report identifies some criminal statutes that may apply, but notes that these have been used almost exclusively to prosecute individuals with access to classified information (and a corresponding obligation to protect it) who make it available to foreign agents, or to foreign agents who obtain classified information unlawfully while present in the United States. Leaks of classified information to the press have only rarely been punished as crimes, and we are aware of no case in which a publisher of information obtained through unauthorized disclosure by a government employee has been prosecuted for publishing it. There may be First Amendment implications that would make such a prosecution difficult, not to mention political ramifications based on concerns about government censorship. To the extent that the investigation implicates any foreign nationals whose conduct occurred entirely overseas, any resulting prosecution may carry foreign policy implications related to the exercise of extraterritorial jurisdiction and whether suspected persons may be extradited to the United States under applicable treaty provisions."

Pretty simple. Makes me think this is more to educate teachers than students....

New teacher guide to promote Freedom of Information and protection of Privacy is headed for Ontario classrooms

December 9, 2010 by Dissent

Ontario’s Information and Privacy Commissioner, Dr. Ann Cavoukian, released a new grade 10 guide for Civics teachers, What Students Need to Know about Freedom of Information and Protection of Privacy.

“Lessons in the guide should clearly demonstrate to students how material obtained through freedom of information requests can have a dramatic impact on their own lives,” said Commissioner Cavoukian. “One lesson includes a story that outlines how a reporter, who had become ill after eating at a Toronto restaurant, used FOI to obtain the results of health inspections at a large number of Toronto restaurants. A public outcry led the City of Toronto to start posting inspection results on a public website – a practice a number of other cities have since followed.”

The Cloud is coming!

December 08, 2010

Treasury Moves Website to Amazon Cloud

GCN: "The Treasury Department on Monday rolled out a new design of its website at, which incorporates a cloud computing infrastructure and other emerging technologies. “The new"> website is a major step forward in our efforts to improve the way citizens access the wealth of the data and information Treasury produces on a day-to-day basis,” said Dan Tangherlini, Treasury's assistant secretary for management, as well as the department's CFO and Chief Performance Officer. “For the first time, the new will use advanced technologies like cloud computing, an official blog, and data visualizations to better communicate and connect with citizens.” is providing new data visualizations, including interest rate data and Recovery Act data. The step into the cloud is the first from a cabinet-level U.S. Agency. Treasury is using Amazon’s EC2 cloud service to host the site and associated data applications."

(Related) Oh lookie. They are “the first” too!

December 08, 2010

USDA Moves 120,000 Users to Microsoft’s Cloud

News release: "The United States Department of Agriculture (USDA) announced today that it is moving its on-premises e-mail and productivity applications to Microsoft’s cloud infrastructure, becoming the first cabinet-level federal agency to embrace the cloud. In one of the largest cloud federal government deployments ever, the USDA is moving its 120,000 users to Microsoft Online Services, consolidating 21 different messaging and collaboration systems into one, said Chris Smith, the USDA’s chief information officer. The USDA plans to start the shift within the next four weeks. “This is really about increasing collaboration and communications across the breadth of 120,000 users in 5,000 offices across the country and 100 countries around the globe to better deliver on the USDA’s mission,” he said. “For us a move to the cloud was a question of performance, service, and cost, and this solution will help us streamline our efforts and use taxpayer dollars efficiently.” The USDA will use Microsoft Exchange Online for messaging and calendaring, SharePoint Online for document collaboration, Office Communications Online for instant messaging, and Office Live Meeting for Web conferencing. Smith said that improvements in productivity and communication, such as the ability to see colleagues’ availability and choose whether they want to communicate via chat, voice, or mail, mean that employees will now be able to collaborate more efficiently."

Global Warming! Global Warming!

Doubling of CO2 Not So Tragic After All?

"The Register reports on a study from NASA and the US National Oceanic and Atmospheric Administration that claims that new climate models that account for the effects of increased CO2 levels on plant growth result on a 1,64 C increase for a doubling of CO2 concentrations, a far less gloomy scenario than previously considered."

Visualizing large collection of data

Wednesday, December 8, 2010

Many Eyes - Many Ways to Make Data Visualizations

Many Eyes is an online data visualization tool developed by IBM. Many Eyes provides tools for creating a wide variety of data visualizations using your data sets or data sets hosted by IBM. If you're not interested in creating visualizations but just want to explore the visualizations created by others, you can do that on Many Eyes too.

… There are six categories of data visualization types offered by Many Eyes. Within each of those categories you will find three or four tools for creating visualizations. You will find common visualizations like line graphs, bar graphs, maps, and word clouds. You will also find some less commonly used and or more difficult-to-create data visualization displays like treemaps for comparison, block histograms, bubble charts, and phrase nets.

[Also see:

For students in my 9AM class

9 Free Online Alarm Clocks To Help You Wake Up

This could be really useful! Get rid of those services that were once useful but have morphed into “things I could easily live without”

Unsubscribe: Unsubscribe From Mailing Lists With One Click

Do you want to get rid of those pesky e-mails that seem to creep back into your inbox even when you filter them out? It’s maybe because you are doing it wrong. Each mailing list provides its own way for you to unsubscribe, but if you don’t want to deal with any of that, then you should check out Unsubscribe.

This service provides a one-click button in your e-mail to unsubscribe from any e-mail or marketing list that you have signed up with.

To start using Unsubscribe, you’ll need to sign up and download a plugin for your specific e-mail account. The downloaded plugin will then an add an unsubscribe button in your e-mail inbox. Just click that and it will take care of the rest.

The tool currently supports Gmail and Outlook with more clients on the way. You can also forward any unwanted e-mail to using any client to unsubscribe.

  • Free users get 5 unsubscribes per month.

  • $20 for unlimited unsubscribes.

Wednesday, December 08, 2010

Not a bad day's haul. I wonder how many government agencies have the same security weaknesses?

TX: Cyber thieves hit Gregg County for $200K

December 7, 2010 by admin

Glenn Evans reports:

An international cyber attack on the Gregg County Tax Assessor has cost at least seven taxing entities a total of about $200,000, officials said Monday. Other Texas counties could also be victims.

The cyber theft hijacked local tax payments from a daily electronic transfer, that day totaling $690,000, destined for schools and cities in what tax assessor/collector Kirk Shields described as the first such incident he’s seen in his 14 years leading the department. He spent Monday afternoon informing the entities how much each had lost.


An employee who inadvertently unleashed the malware has been suspended for violating security policies.

For my Computer Security students. See why we shouldn't allow users to use any technology? They have no situational awareness!

$1.9 million violin stolen: Great ad for Windows Phone?

If you were a famous violinist who happened to carry a $1.9 million Stradivarius around with you, it would surely be hard to concentrate on anything else.

Unless, perhaps, there was an iPhone in the vicinity.

You might be familiar with the new ad campaign for Windows Phone (they've dropped the "7" in the ads, as it confused people). This would be the campaign in which people look very silly because they're staring into their iPhones (presumed) all day instead of, say, paying attention to their scantily clad lovers.

Perhaps Min-Jin Kym, being a well-traveled concert violinist from South Korea, hasn't had the chance to see these ads. Someone who works in a London sandwich shop might suggest to her that she should.

You see, according to the Daily Mail, Kim was passing through London's Euston railway station, when she stopped at Pret A Manger sandwich shop (expensive, but a lot better than Subway) for sustenance.

She placed her more than 300-year-old Strad on the ground for but a few moments, or so it seemed. However, these were enough moments for the Strad to be had.

Thieves allegedly wafted off with the case containing the precious violin and two very precious bows. Kim didn't own the Strad, and the company that insures the violin is offering a reward for its recovery.

However, Hafid Salah, who was working in Pret A Manger when the theft took place, offered the Mail a most contemporary perspective on the theft.

Speaking of Kim, he said: "She and her friend were on computers and iPhones and not looking at their bags."

Sometimes it's the “little accidents” that point the way to bigger things. Imagine a cyber war-planner using this technique to shut down GPS and communications satellites.

Rogue Satellite Shuts Down US Weather Services

"On Sunday, the drifting rogue 'zombie' Galaxy 15 satellite with a stuck transmitter interfered with the satellite data distribution system used by NOAA's National Weather Service (NWS), effectively shutting down data sharing between NWS offices nationwide, as well as weather support groups for the US Air force. This left many forecasters without data, imagery, and maps. Interference from Galaxy 15 affected transmissions of the SES-1 Satellite, which not only serves NOAA with data relay services, but also is used to feed TV programming into virtually every cable network in the US NOAA's Network Control Facility reports that the computer system affected was NOAA's Advanced Weather Interactive Processing System (AWIPS) used to issue forecasts and weather bulletins which uses the weather data feed. They also state the problem is likely to recur again this month before the satellite drifts out of range and eventually dies due to battery depletion."

It should be obvious. Who has more cash, WikiLeaks or the US government?

PayPal VP On Blocking WikiLeaks: State Department Said It Was Illegal

Milo Yannopoulos’ very first question on stage to PayPal’s VP of Platform Osama Bedier was about why PayPal blocked WikiLeaks payments and froze its account. The last part of the question was met with boos from the mostly European audience.

In his answer Bedier made it seem like PayPal had complied with a governmental request to deny service to WikiLeaks, “We have an acceptable use policy and their job is make sure that our customers are protected, making sure that we comply with regulations around the world and making sure that we protect our brand.”

Bedier also said that the State Department deemed WikiLeaks illegal in a letter sent on November 27th, a statement that was not followed up on by Yiannopoulos. It is still unclear what exact US laws WikiLeaks is breaking.

(Related) For Academic purposes only!

CABLESEARCH is an attempt for an user friendly search engine of already published documents from Wikileaks.

Gary Alexander tipped me to this one. It raises the question: Would WikiLeaks be in as much hot water if they had only told everyone how to break into the system that stores the diplomatic cables?

INTERNET LAW - Federal Anti-hacking Law Does Not Prohibit Verbal Disclosure Of Computer Security Flaws

The U.S. District Court in Massachusetts recognized the right of several MIT student hackers to publicly expose flaws in the ticketing methods of the Boston mass transit system, removing a prior 10-day injunction. The information provided by the hackers facilitated free public access to Boston’s mass transit system.

… The MBTA alleged that "disclosure of this information will significantly compromise the CharlieCard and CharlieTicket systems" and that it "constitutes a threat to public health or safety."

… The requested order would also prevent them from circulating a summary of their talk, providing technical information, and distributing any circumventing software.

… However, the Massachusetts Federal Court denied the MBTA’s motion, ruling that the Federal anti-hacking law, known as the Computer Fraud and Abuse Act, does not prohibit the public disclosure of computer-security flaws.

… Pursuant to this ruling, the MIT students were permitted to discuss additional details of their research. Notwithstanding, much of the students’ research was already revealed in a class presentation and was actually published at the Defcon conference earlier in the month.

A sad commentary of the times? “God is dead, but surveillance lives!”

Hi-Tech Nativity Security

To combat vandalism and theft of their holiday displays, many churches and cities are turning to a technological answer. After one of their cows was stolen, St. Marks Episcopal Church in Glen Ellyn, Ill. installed GPS devices in the figurines of its nativity scene. This year the village of Wellington, Fla. added security cameras to protect their display. From the article: "BrickHouse Security in New York City offered churches and synagogues free GPS and cameras to protect their displays this season. Seventy have signed up so far. About 24 of them are also installing security cameras. In Merrick, N.Y., the Chabad Center for Jewish Life is putting GPS in its 8-foot menorah on display in a park."

Well, I suppose it is another way to remind drivers that they are under constant surveillance.

Traffic Camera Enters Drivers Who Obey Speed Limit Into Lottery

The winning entry in "The Fun Theory" contest is a traffic camera that instead of just ticketing speeders, it also enters people who drive the speed limit into a lottery. Randomly selected winners get paid out of a portion of the tickets paid by the scofflaws.

Is this a new Homeland Security requirement? Why else would they spend the time (equals money) to do this? I guess it could be worse. They could require a scan or pat-down or cavity probe before accepting this 1 in a billion risk. (If you refuse, do they confiscate your package?)

UPS to require photo IDs for shipping packages

December 8, 2010 by Dissent

If you’re planning to ship any holiday gifts via UPS, make sure you’ve got photo ID. The Associated Press reports:

UPS is now requiring photo identification from customers shipping packages at retail locations around the world, a month after explosives made it on to one of the company’s planes.

The Atlanta-based package courier said Tuesday the move is part of an ongoing review to enhance security. The directive will apply at The UPS Store, Mail Boxes Etc. locations and other authorized shipping outlets.

Read more on Yahoo!

Oh sure, now I have to give cops the finger when I get pulled over? (Who says they have to give it back?)

Fingerprint scanner use raises privacy concerns in N.C.

December 8, 2010 by Dissent

Thomasi McDonald reports:

Next month, 13 law enforcement agencies in the region will begin using a new handheld device that lets an officer scan a person’s fingerprints and seek a match in an electronic database – all without going anywhere.

Police say taking fingerprints in the field will allow them to work more efficiently and safely. But the ACLU North Carolina in Raleigh worries that the device may allow officers to violate privacy rights.

The ACLU is concerned about what will become of fingerprint scans that are sent to other databases, such as the National Crime Information Center. [They will be matched against the prints from an identity thief, and I'll be arrested as an imposter. Bob]

Read more on News & Observer. Law enforcement is denying any risk, it seems:

But those concerns are unwarranted, said Sam Pennica, director of the City-County Bureau of Identification, the agency that processes fingerprints in Wake County and is providing the devices to local agencies. The software for the device, known as Rapid Identification COPS Technology, would not store fingerprints of any individuals, even those charged with a crime, Pennica said. [“We do transmit them to the FBI, Interpol, and Facebook – but we don't store them.” Bob]

It will not retain the fingerprints of any individuals under any circumstances,” he said, adding that fingerprints would only be compared to those in the Wake County database. “They will not be submitted to any state or federal agency.” [I'm sure this string will be attached to any Homeland Security funding... Bob]

The non-storage assurance sounds like what we were told about TSA’s nude body scanners, too. Of course, that was before we found out that 30,000 of such images were stored at a federal courthouse and some of them were uploaded to the web. But of course, that doesn’t mean that we’re being lied to about this. It only means that we should ask questions and insist on seeing technical documentation of devices as well as policy manuals.

Fighting the wrong battle?

Why Money Doesn't Motivate File-Sharers

"File-sharers aren't motivated by financial gain, but by altruism, according to an economist. Joe Cox, of the Portsmouth Business School, said those uploading content for others to share don't see what they're doing as illegal, meaning current tactics to deter piracy are doomed to fail. 'The survey data suggested there was a deep-seated belief that this type of activity shouldn't be illegal, that there was no criminal act involved.'"

Another tool in the continuous quest for better legal arguments?

December 07, 2010

Legal Information Institute of India Launched

"The Legal Information Institute of India (LII of India) is now open for public access prior to its formal launch in India in early 2011. LII of India at present has 50 databases, including over 300,000 decisions from 37 Courts and Tribunals, Indian national legislation from 1836, over 800 bilateral treaties, law reform reports and about 500 law journal articles. The LawCite citator tracks case and journal article citations. Further case law, and State and Territory legislation, will be added by the time of the formal launch. LII of India has been developed through cooperation between four leading Indian Law Schools (NALSAR University of Law, Hyderabad; National Law School of India University, Bangalore; National Law University, Delhi, and Rajiv Gandhi School of Intellectual Property Law, Indian Institute of Technology - Kharagpur) in partnership with AustLII. The technical hub of the project will be NALSAR in Hyderabad, with initial development and ongoing support from AustLII. Prof VC Vivekanandan of NALSAR is the Director. Funding support has been provided primarily by AusAid, with additional support from the Australian Research Council and the Commonwealth Secretariat." [via Graham Greenleaf AM, Professor of Law & Information Systems, University of New South Wales]

There's nothing like settling down with a good e-book.

December 07, 2010

Commentary on the Future of Academic Libraries - Rising Prices, Sustainability, Digitization, and Copyright

The Library: Three Jeremiads, by Robert Darnton, New York Review of Books, December 23, 2010.

  • "In fact, more printed books are produced each year than the year before. Soon there will be a million new titles published worldwide each year. A research library cannot ignore this production on the grounds that our readers are now “digital natives” living in a new “information age.” If the history of books teaches anything, it is that one medium does not displace another, at least not in the short run. Manuscript publishing continued to thrive for three centuries after Gutenberg, because it was often cheaper to produce a small edition by hiring scribes than by printing it. The codex—a book with pages that you turn rather than a scroll that you read by unrolling—is one of the greatest inventions of all time. It has served well for two thousand years, and it is not about to become extinct. In fact, it may be that the new technology used in print-on-demand will breathe new life into the codex—and I say this with due respect to the Kindle, the iPad, and all the rest."

Another fearless forecast of the future.

PC Era Forecasted To End In 18 Months

"In a historic shift, shipments of smartphones, tablets and other app-enabled devices will overtake PC shipments in the next 18 months, an event that may signify the end of the PC-centric era, market research firm IDC said. IDC said worldwide shipments this year of app-enabled devices, which include smartphones and media tablets such as the iPad, will reach 284 million. In 2011, makers will ship 377 million of these devices, and in 2012, the number will reach 462 million shipments, exceeding PC shipments. In 2012, there will be 448 million PC shipments. One shipment equals one device. PC sales will continue to climb, but will no longer rule."

A factual future rather than a frivolous forecast.

With Chrome OS, Google Doubles Down on the Cloud

SAN FRANCISCO — Google unveiled a beta version of its Chrome OS and an early test version of its branded netbook Tuesday morning, a big bet by the search giant to help drive computing to the cloud — and to the popular web-based services that are its bread and butter.

Google’s release of the new OS, related but separate to its mobile OS Android, comes after a year of development and at a time when cloud computing — and the simpler machines that access applications on distant servers rather than running them on a hard drive — seems to have passed a sort of tipping point of respectability. It’s no coincidence, surely, that Microsoft is touting its own cloud-based approach in a huge marketing campaign.

Google is giving out netbooks to journalists [Hey Google! I'm a journalist – sort of... Bob] at a press event to widen their beta and is also handing out a few of the pilot laptops to its Facebook fans. It also launched a pilot program to get hardware running Chrome OS into developers’ hands. Early adopters can sign up to get a black, unbranded Chrome OS notebook (codenamed Cr-48).

… Google has also partnered with Citrix for easy installation of enterprise apps with secure, company-only sharing features. The Citrix platform will launch during the first half of 2011, the company says. [This could solve a lot of security problems! Bob]

… If you want to try it out today, you can join Google’s developer program and install Chrome OS on a wide range of hardware.

“The question is, how comfortable are you compiling from source,” joked Google VP of engineering Linus Upson.

For my website (and programming) students

11 Robust Web Based Editors To Code Directly From Your Browser

This is interesting, even if I'm not sure how I'll use it. Perhaps to walk my students through some web resources? (You can lead a student to knowledge but you can't make him think)

WalkThe.Net - All The Guidance You Could Ever Need

Walk The Net is here to make the process of mastering any topic a much simpler proposition. On this site, you can see the guides that others have created for researching specific topics and follow them step by step. You are shown how to approach traditionally difficult issues, and how to turn knowledge into a catalyst for positive action.

When going on any of these web walks you are actually asked to mark each step that you have taken. Why? Because at the end of the walk you will actually get a badge that you will then be able to display on your site or blog, and show others that you have been doing your homework.

The site has recently launched and there are not really that many walks to choose from now. And the ones that are featured a bit... how to say it... insular. For example, there is a web walk about a fellow looking back on his birthday and seeing if it was a worthwhile day or not. But there is also a couple dealing with topics like analytics and other broader subjects. Hopefully, these will become the norm.