Cyber War: Consider this “target selection”
Report: Hackers penetrated Nasdaq computers
Federal authorities are investigating repeated intrusions into the computer network that runs the Nasdaq stock exchange, according to a Wall Street Journal report that cited people familiar with the matter.
The intrusions did not compromise the tech-heavy exchange's trading platform, which executes investors' trades, but it was unknown which other sections of the network were accessed, according to the report.
"So far, [the perpetrators] appear to have just been looking around," one person involved in the Nasdaq matter told the Journal.
The Secret Service reportedly initiated an investigation involving New York-based Nasdaq OMX Group last year, and the Federal Bureau of Investigations has launched a probe as well. Investigators are considering a range of motives for the breach, including national security threat, personal financial gain, and theft of trade secrets, the newspaper reported.
… Investigators have not been able to follow the intruders' path to any specific individual or country, but people familiar with the matter say some evidence points to Russia, according to the report. However, they caution that hackers may just be using Russia as a conduit for their activities.
One downside risk of “push” updates...
Security Warning Over Web-Based Android Market
"Security researcher Vanja Svajcer is warning that cybercriminals may be particularly interested in stealing your Google credentials, after discovering a way of installing applications onto Android smartphones with no interaction required by the phone's owner. The new web-based Android Market retrieves the details of Android devices registered to the Google address, and automatically installs software onto the associated smartphones with no user interaction required on the phone itself. Svajcer summarizes: 'Google should make changes to the remote installation mechanism as soon as possible. As a minimum, a dialog should be displayed on the receiving device so that the user must personally accept the application that is being installed.'"
There is no Security Silver Bullet. Definitely an article worth reading...
Facebook HTTPS: False sense of security?
The rollout of Facebook's new Hypertext Transfer Protocol Secure encryption is about complete. (Elinor Mills described the feature in a post on her InSecurity Complex blog last week.) While encryption is a welcome addition to the social network, it is far from a Facebook security panacea.
To enable encryption in Facebook, click Account in the top-right corner and choose Account Settings. Select Change next to Account Security to view your current settings. Check the option under Security Browsing (https). You may also want to check "Send me an email" under "When a new computer or mobile device logs into this account" to be alerted to possible unauthorized access to your account.
Just another name for the technique that allows “Behavioral Advertising”
History Sniffing Code Collides With Privacy Concerns
February 5, 2011 by Dissent
E. Todd Presnell and Sepideh C. Khansari write:
…History sniffing is now the centerpiece of a growing number of consumer class action lawsuits against name-brand companies seeking unspecified damages arising from invasion of privacy, common law tort claims, and statutory violations. And these history-sniffing actions and resulting lawsuits have attracted attention from other class action lawyers, academic researchers, investigative journalists, and federal regulators.
Read their discussion of cases in the courts on Law.com.
Medicine is a business, just a poorly run business.
FTC Offers Businesses Tips for Dealing with Medical Identity Theft
By Dissent, February 5, 2011
The Federal Trade Commission, the nation’s consumer protection agency, has information for health care providers and insurers about how to help patients minimize the risk of medical identity theft and deal with the consequences if they become victims of it. Here are the highlights of the FTC’s new publication, Medical Identity Theft FAQs for Health Care Providers and Health Plans:
How would people know if they’re victims of medical identity theft?
What should health care providers and insurers do if they learn that a patient may be the victim of medical identity theft?
What should health care providers and insurers tell a patient who is the victim of medical identity theft?
How can health care providers and insurers help patients deter, detect, and defend against medical identity theft?
[From the FTC website:
What should I do if I learn that a patient may be a victim of medical identity theft?
Conduct an investigation. For example, if your billing department gets a call from a patient who claims she was billed for services she didn’t receive, review your records relating to the services performed and any supporting documentation that verifies the identity of the person receiving the services. You also should review the patient’s medical record for inconsistencies.
If you determine there was medical identity theft, notify everyone who accessed the patient’s medical or billing records. Tell them what information is inaccurate in the patient’s files, and ask them to correct the records.
[I would like to believe that “inconsistencies” would be immediately recognized by my doctor. “Well, it looks like your appendix grew back...” I'm much less confident that providers would know who had accessed my records, and I have no confidence that they could insure corrections were made. Bob]
Court: Husband’s Access of Wife’s Email to Obtain Information for Divorce Proceeding is not Outrageous
February 4, 2011 by Dissent
Venkat Balasubramani discusses a case in Arkansas:
Miller v. Meyers, 09-cv-6103 (W.D. Ark.; Jan 21, 2011)
This case presents another fact pattern involving an increasingly common twist to the modern divorce proceeding – someone surreptitiously accesses his or her spouse’s email and on-line accounts to gather information to be used in a family law proceeding. The now ex-spouse brings a claim for violation of statutes protecting the privacy of communications. Here, the ex-spouse gets summary judgment on her Stored Communications Act claim, and the parties shortly settle after the court’s ruling.
Finally, the court rejects plaintiff’s claims for intentional infliction of emotional distress, finding that defendant’s conduct was not shocking or outrageous. Here the court throws out a zinger:
Defendant’s conduct of monitoring the internet traffic on his home network and using a keylogger to access his then wife’s emails, and then using copies of those documents in divorce and custody proceedings is not extreme and outrageous conduct. A husband prying into his wife’s email, after learning that she was engaging in conversations and photo sharing, and then using damaging emails in a divorce and custody proceedings can hardly be considered “extreme and outrageous,” “beyond all possible bounds of decency,” or “utterly intolerable in a civilized society.”
Say what? I guess all is fair in love and war (including violating federal statutes), in this court’s view.
Read more on Technology & Marketing Blog.
What really struck me about this case is how civil it all was. if this was Michigan and not Arkansas, the snooping spouse might be charged with a felony. So what would this Arkansas judge say – that felonious behavior is neither extreme nor outrageous conduct in a marriage?
Will anyone notice?
The Personal Data Protection Act: Everyone Has Something to Hide
February 4, 2011 by Dissent
Wendy Kaminer comments that we all need to be more concerned about protecting our privacy from state or government surveillance. A bill introduced in the Massachusetts legislature offers an opportunity for Massachusetts residents to push back against increasing surveillance and fusion centers:
Massachusetts has a chance to take the lead in protecting individual privacy and First Amendment rights. A Privacy and Personal Data Protection Act aimed at limiting the reach and secrecy of fusion centers has recently been introduced in the state legislature. It would prohibit data collection involving someone’s political or religious views, associations or activities [Except for things like Red Light cameras, which are triggered by an “illegal event” and “information” (evidence?) gathered only to identify the perpetrator. Bob] absent reasonable suspicion of criminal conduct, and it would afford people limited rights to access the information stored about them. Federal agents could still exempt information from state privacy requirements by labeling it classified, and whatever data Massachusetts might be prohibited from collecting could be collected by other states or by the federal government (though perhaps not accessed by Massachusetts).
But if the individual rights protected by this bill would be limited, as a practical matter, efforts to pass it could raise awareness of fusion center abuses; and passage of the bill could have significant symbolic value. Fusion centers are part of a national surveillance regime that individual states lack power to restrain and federal authorities lack will to dismantle. We can only hope that the people cease accommodating, much less celebrating, the panopticon and begin to rebel against it.
Read her entire commentary in The Atlantic.
The ACLU has produced a fact sheet about the bill, available on their site. The bills are SD 1449 and HD 1539 in the Massachusetts Senate and House, respectively.
If this is not precisely a scam, it certainly pushes ethical boundaries...
UK File-Sharing Lawyers ACS:Law Shut Up Shop Ahead of Court
"Controversial legal firm ACS Law and its sole file-sharing client Media CAT have shut down their businesses, days before a ruling is due in a case they brought to the UK Patent Court. ACS Law is infamous for sending out letters to alleged illegal file sharers, demanding payment and threatening law suits. Now that ACS has a case before a judge, it's trying to drop the cases, and has now completely closed its doors. The defendants' lawyers are trying to keep the case going, in order to be able to claim back costs."
That sounds right in line with other recent ACS happenings, from getting upbraided by a judge to being blacklisted by an ISP, and even putting the brakes on the file-sharing cases themselves.
This confirms anecdotal information available since the early days (1980's) of “shareware.”
Piracy Boosts Anime Sales, Says Japanese Government Study
"A new study seems to confirm what a lot of the Slashdot crowd thinks, and the opposite of what the **AAs say: 'A prestigious economics think-tank of the Japanese government has published a study which concludes that online piracy of anime shows actually increases sales of DVDs. The conclusion stands in sharp contrast with the entertainment industry's claims that "illicit" downloading is leading to billions of dollars in losses worldwide. It also puts the increased anti-piracy efforts of the anime industry in doubt.' More specifically, '(1) YouTube viewing does not negatively affect DVD rentals, and it appears to help raise DVD sales; and (2) although Winny [a popular P2P program in Japan] file sharing negatively affects DVD rentals, it does not affect DVD sales.'"
An interesting little something for my IP lawyer friends...
Trademark Database Trademarkia Debuts Automatic Activity Notifications
Applications for the “new data” available on the Internet.
Giant Archaeological Trove Found Via Google Earth
"Using detailed satellite imagery available through Google Earth, Australian researchers have discovered what may be tombs that are thousands of years old in remote stretches of Saudi Arabia (abstract). 'Kennedy scanned 1240 square kilometers in Saudi Arabia using Google Earth. From their birds-eye view he found 1977 potential archaeological sites, including 1082 "pendants" — ancient tear-drop shaped tombs made of stone. According to Kennedy, aerial photography of Saudi Arabia is not made available to most archaeologists, and it's difficult, if not impossible, to fly over the nation. "But, Google Earth can outflank them," he says. Kennedy confirmed that the sites were vestiges of an ancient life — rather than vegetation or shadow - by asking a friend in Saudi Arabia, who is not an archaeologist, to drive out to two of the sites and photograph them. By comparing the images with structures that Kennedy has seen in Jordan, he believes the sites may be up to 9000 years old, but ground verification is needed."
Algorithm Contest Aims To Predict Health Problems
"The April 4 launch of the $3 million Heritage Health Prize has been announced by the Heritage Provider Network, a network of doctors. The competition challenges data hackers to build algorithms that predict who will go to the hospital in the next year, so that preventative action can be taken. An algorithm might find that somebody with diabetes, hypertension and high cholesterol is a 90 per cent risk for hospitalization. Knowing this, it might be cheaper [Words that result in funding... Bob] for an HMO to enroll them in an exercise program now rather than pay the likely hospital bill. The competition takes the same approach as the $1 million Netflix Prize, but solves a far more significant problem."
I think these have a place in the “Intro to IT” course...
Mozilla Announces Game On Competition Winners
"Mozilla has announced the winners of the Game On competition, a contest designed to encourage the development of games based on web technologies. In the various competition categories Far 7 won Best Technology, Sketchout won Best Aesthetics, Favimon won Most Original, Websnooker won Most Polished, and Robots Are People Too won Most Fun. Z-Type won the Community Choice category and Marble Run won Best Web-iness and Best Overall."
I always points these out to my students, then mention that I have better tools available through the college.
Plagiarisma: Easily Check Any Text For Plagiarism Online
Plagiarisma is a simple and free to use website that tests a given text for plagiarism. It does so by breaking down the text into various pieces and checking if those pieces can be found online on different websites. The search can be executed on Google, Bing, and Yahoo! search engines – it depends on your choice. The results are then displayed in a comprehensive and understandable manner.
You can enter text in three ways: by simply pasting/typing it, by entering the text’s URL, or by uploading a document file.
Also read related articles: