Saturday, February 12, 2011

Now do you see why we recommend encryption?

NYC: Health Records Stolen From Van, 1.7 Million People Affecte

February 12, 2011 by admin

Susanna Griffee reports on a breach involving backup tapes stolen from a vehicle that had been left unattended:

The personal information of 1.7 million patients, hospital staff and associated employees was recently stolen, and city officials are notifiying potential victims to warn them about the loss of the files.

The files were reported stolen in late December from a van operated by GRM Information Management Services, when the driver left the van unattended and unlocked.

The city’s Health and Hospitals Corporation says the files contain personal health records along with names, addresses, Social Security numbers and other private information.

The affected facilities are Jacobi Medical Center, North Central Bronx Hospital, Tremont Health Center and Gunhill Health Center.

Patients who have received care at North Bronx Healthcare Network hospitals since 1991 could have had their information stolen. Those who have worked at those centers also could be affected.


GRM did not respond to calls for comment.

According to HHC spokeswoman Pamela McDonnell, the data is not readily accessible without “highly specialized and technical expertise and certain tools.”

“The person who took them probably wouldn’t know what to do with them,” she said. “The files just look like cassette tapes in a box.”

Read more on NBC.

… A copy of the notification letter is also posted to the hospitals’ web sites. It lists the types of patient information on the backup tapes as name, address, telephone numbers, social security number, medical record number, health insurance information, diagnosis and treatment information, and birth, admission and discharge dates.

A video to start the discussion? How about Facebook has better “proof” of identity than most governments? If your employer won't buy you a tech tool (say, an iPhone) that you purchase an use to do your job, do they have any rights to access that tech?

Reporters' Roundtable: Who owns your online identity?

Today, we're talking about identity. You own your identity, right? That's why we talk about identity theft: Identity is clearly personal, and it can be stolen from us. But it can also, in some cases, be legally taken. If you work at a modern business and you create relationships with people during that employment, it can be argued that, if those relationships are work-related, your employer owns them. But if you create a rich social profile that supports your work, say on Facebook or Twitter, it can be unclear whose identity, persona, or reputation that is.

Meanwhile, Facebook, and to a lesser extent Google, are becoming de facto universal electronic identity providers. You can log in to many new Web sites with nothing but a Facebook ID. So does Facebook own our identity?

Do they mean 'oversight' as 'due process' or do they mean 'without their supervisor's knowledge?'

Justice Department assertion: FBI can get phone records without oversight

February 12, 2011 by Dissent

Marisa Taylor reports:

The Obama administration’s Justice Department has asserted that the FBI can obtain telephone records of international calls made from the U.S. without any formal legal process or court oversight, according to a document obtained by McClatchy Newspapers.

That assertion was revealed – perhaps inadvertently – by the department in its response to a McClatchy Newspapers request for a copy of a secret Justice Department memo.

Critics say the legal position is flawed and creates a potential loophole that could lead to a repeat of FBI abuses that were supposed to have been stopped in 2006.

Read more in the Miami Herald.

Old job or new jobs. (My job or your job.) If you want to make any process more efficient, you have to cut the dead wood.

The White House Asks: What's Blocking Innovation in America? - My Answer: IP Laws

… Let's take some specific examples to show why that is so. When Napster first showed up, it was innovative. Heaven knows it changed the world. And instead of letting this creativity flourish, make money, and create jobs, the law was used to kill it. And kill it it did. The law is still trying to kill or at least marginalize peer-to-peer technology, and so it has never been used to the full.

(Related) An example of peer-to-peer that doesn't result in the RIAA or MPAA sending letters to downloaders – but maybe the Teachers Union will?

BitTorrent and Khan Academy To Distribute Education

"BitTorrent, Inc. announced this morning that they have launched a partnership with the Khan Academy to distribute open education videos. They launched with more than 2,000 videos, covering high school and college level curriculum, across science, math, history, finance and test prep. All of the videos are free to download and open licensed with Creative Commons."

It's public, but it's not really public?

CMLP and Cyberlaw Clinic Urge First Circuit to Affirm First Amendment Right to Make Cellphone Recording of Police

February 11, 2011 by Dissent

David Ardia writes:

With the help of Harvard Law School’s Cyberlaw Clinic, the Citizen Media Law Project and a coalition of media and advocacy organizations submitted an amicus curiae brief last week to the United States Court of Appeals for the First Circuit in a case involving a lawyer who was arrested for using his cellphone camera to record on-duty police officers. Joined by a broadamicus coalition that included Dow Jones & Company, Inc., GateHouse Media, Inc., Globe Newspaper Company, Inc., The Massachusetts Newspaper Publishers Association, Metro Corp., NBC Universal, Inc., New England Newspaper and Press Association, Inc., The New York Times Company, Newspapers of New England, Inc., the Online News Association, and the Reporters Committee for Freedom of the Press, CMLP urged the court to affirm the First Amendment right to gather news in public places.

Read more on Citizen Media Law Project (another terrific organization worthy of your donation dollars).

The case is Glik v. Cunniffe.

Food for thought. Something for my Intro to Technology class? (Some are obvious, others may need a brief explanation for us old-timers...

Things Babies Born in 2011 Will Never Know

Video tape

Travel agents

The separation of work and home

Books, magazines, and newspapers

Movie rental stores


Paper maps

Wired phones

Long distance

Newspaper classifieds

Dial-up Internet


Forgotten friends: The next generation will automatically be in touch with everyone they've ever known even slightly via Facebook.

The evening news: The news is on 24/7.


Film cameras

Yellow and White Pages: Why in the world would you need a 10-pound book just to find someone?


Hand-written letters: For that matter, hand-written anything.

Mail (Snail mail, that is)

Hiding: Not long ago, if you didn't answer your home phone, that was that -- nobody knew if you were alive or dead, much less where you might be. Now your phone is not only in your pocket, it can potentially tell everyone -- including advertisers -- exactly where you are.

Friday, February 11, 2011

“We were hacked, but nobody noticed.”

eHarmony Hacked

February 10, 2011 by admin

Brian Krebs writes:

Online dating giant eHarmony has begun urging many users to change their passwords, after being alerted by to a potential security breach of customer information. The individual responsible for all the ruckus is an Argentinian hacker who recently claimed responsibility for a similar breach at competing e-dating site


Joseph Essas, chief technology officer at eHarmony, said Russo found a SQL injection vulnerability in one of the third party libraries that eHarmony has been using for content management on the company’s advice site – Essas said there were no signs that accounts at its main user site — — were affected.

“The SQL dump contained screen names, email addresses, and hashed passwords for account login on the Advice site.”


“We can handle any emergency!”

FEMA Loses Lessons Learned Data

The Federal Emergency Management Agency (FEMA) has been without access to years' worth of lessons-learned data for nine months, unable to recover access to it since a server failure in May 2010, according to a newly issued report by the Department of Homeland Security's inspector general.

While the data was recovered by November 2010, the software needed to read it hasn't been restored, meaning that FEMA personnel aren't able to access certain historical data stretching back to 2004, before Hurricane Katrina, California wildfires, and other major recent disasters.

Lots of links...

Cloud computing: An opportunity and a legal maze

February 11, 2011 by Dissent

There’s a nice overview of cloud computing issues and positions from EurActiv. Here are some parts of it:


Rewriting data protection rules

The European Commission admits that its Data Protection Directive is outdated and is currently reading industry responses to a consultation before reviewing the law.

The current directive sets out guidelines for data controllers who process and handle the data. But the EU will need to tweak these definitions, as cloud computing allows the processing and handling of data to be carried out at a far-flung data centre if businesses so wish.

The current Data Protection Directive requires data to either be stored in the European Economic Area (EEA) or in a territory that has equivalent legal privacy laws.

As of September 2009, the Commission decided that Argentina, Australia, Canada, Switzerland, the Faroe Islands, Guernsey, the Isle of Man, Jersey and the United States had adequate protection for privacy.


Security and data privacy

Cloud computing has been described as putting all of your eggs in one basket. But if that basket gets hit, is everything lost? What if everyone’s personal data, bank account details, credit history, criminal records and tax payments moved to the cloud and got lost?

Regulators will need to act quickly as new research shows that clouds are not being upfront about the services they provide.

A study by the Queen Mary experts in London concludes that cloud business contracts sometimes waive responsibility for data storage or delete data if it not used for a while. Such contracts are usually difficult to understand as they sometimes amount to 60-page documents written in dense legalese. Many users, however, want the cloud precisely because they need to store data they no longer use but may well need in the future.

While essential security aspects are addressed by most tools, the cloud is potentially geographically vast and may need more prescriptive rules on data replication and distribution.

Customers are also concerned that they will no longer “own” their data, as they are not the de facto data handler if it is hovering in a cloud somewhere. This could also create difficulties in accessing data or in moving to another supplier.

In a recent survey, customers’ top concern was the security of their data in the cloud, followed by performance, privacy and cost.

The EU’s ePrivacy Directive, which was updated in 2009, created data breach notifications whereby any communications provider or Internet service provider (ISP) must inform individuals about data breaches of their personal information.

Germany, which is recent years has seen a dramatic increase in data breaches, revised its data protection rules to go beyond the EU regulation.

To try and smooth over legal discrepancies, the industry suggests that a worldwide agreement could be found under World Trade Organisation (WTO) rules for online services and software.

Read more on EurActiv

Is this California statute the only one of its kind?

Class Claims Facebook Violates Kids’ Privacy

February 10, 2011 by Dissent

A class action claims Facebook misappropriates the names and likeness of children and uses them in ads without permission from their parents or grandparents. The class claims that children are unable to stop Facebook from using their names and photos on a Facebook page if they have “liked” it.

This constitutes an “endorsement,” and use of the kids’ names and photos in “Friend Finder” also constitutes commercial use without legal consent, according to the complaint in Superior Court.


The class claims this violates Article 1 Section 1 of the California Constitution, on privacy; and section 3344 of the Civil Code, the right of publicity law.

Read more on Courthouse News. I expect we’ll see more about this case in mainstream media but in the interim, I’m trying to get more information.

Another California only law?

Consumer groups cheer court’s ruling on consumer privacy protections

February 11, 2011 by Dissent

There’s been a lot of media coverage of a decision reported here yesterday in which the California Supreme Court held that Williams-Sonoma violated a state law when it requested and recorded a customer’s zip code during a credit card transaction in a store.

In a joint press release, Privacy Rights Clearinghouse and Consumer Federation of California write:

Today the California Supreme Court ruled that retail stores are not allowed to request and record a consumer’s zip code as part of a credit card transaction. According to the Privacy Rights Clearinghouse and the Consumer Federation of California, that jointly filed an amicus brief with the Supreme Court on this case, the ruling gives further protection to California consumers and helps prevent unlawful use of personal identification information (PII).

The ruling remanded the class action lawsuit Pineda v. Williams-Sonoma Stores, Inc., no. S178241 back to the trial court for further proceedings, which began in 2008 when Jessica Pineda paid Williams-Sonoma using a credit card. As part of the transaction process, the housewares retailer requested Pineda’s zip code. Unbeknownst to Pineda, Williams-Sonoma used a process called “reverse appending” to find out her mailing address. The retail giant then sent Pineda catalogs and used the information it had collected for other business purposes.

… Pineda’s attorney, Gene Stonebarger, argued that Williams-Sonoma’s deceptive actions violated the Song-Beverly Credit Card Act of 1971 (Civ. Code, § 1747.08), which was designed to protect consumer privacy by placing limits on what PII retailers are allowed to request or record when dealing with credit card transactions. The Supreme Court agreed.

“The ruling is significant because it confirms that the definition of PII includes part of a person’s address; the zip code,” states Beth Givens, founder of Privacy Rights Clearinghouse, a consumer education and advocacy group. “In ruling in favor of the plaintiff, the Justices acknowledge advances in technology, in which the use of databases can turn a name plus a zip code into a full address.”

… The ruling reversed both the trial court and the Court of Appeals. The Supreme Court is allowing the decision to be applied retroactively to past consumer transactions. Each violation carries a civil penalty of up to $1,000. A PDF of the ruling can be found at

Statistics I've been trying to tell you, the amount of data we will need to process is rather large...

How much information is there in the world? Scientists calculate the world's total technological capacity

… Looking at both digital memory and analog devices, the researchers calculate that humankind is able to store at least 295 exabytes of information. (Yes, that's a number with 20 zeroes in it.)

… That's 315 times the number of grains of sand in the world. But it's still less than one percent of the information that is stored in all the DNA molecules of a human being.

• 2002 could be considered the beginning of the digital age, the first year worldwide digital storage capacity overtook total analog capacity. As of 2007, almost 94 percent of our memory is in digital form.

• From 1986 to 2007, the period of time examined in the study, worldwide computing capacity grew 58 percent a year, ten times faster than the United States' GDP.

• Telecommunications grew 28 percent annually, and storage capacity grew 23 percent a year.

For my Computer Security students

Google Adds Two-Factor Authentication To Gmail

"Google has introduced a new two-step authentication feature for Gmail users that it says will significantly increase the security of the free mail service. The system enables users to set up a method for obtaining a secret code that will be required, along with a password, to access a Gmail account. The new two-factor authentication system is a voluntary program right now, although it could become mandatory at some point in the future. Gmail, like virtually all other webmail services, has been a frequent target of attacks, both sophisticated and mundane, aimed at hijacking users' accounts. The most famous of these was an attack that was part of the Aurora operation against Google and others, part of which targeted the Gmail accounts of Chinese dissidents."

(Related) Not all “upgrades” act as expected...

Security Patch Breaks VMware Users' Windows Desktops

"VMware is telling customers that two Windows 7 security patches have left VMware View users incapable of accessing their Windows desktops. Security updates issued on Patch Tuesday fixed Windows but broke the VMware View connection between users' PCs and remotely hosted Windows 7 desktops. Users will have to upgrade VMware View or uninstall the Microsoft patches in order to regain access to their desktops."


Chinese Hackers Strike Energy Companies

"Chinese hackers working regular business hours shifts stole sensitive intellectual property from energy companies for as long as four years using relatively unsophisticated intrusion methods in an operation dubbed 'Night Dragon,' according to a new report from security vendor McAfee."

Reader IT.luddite links this informative PDF from CERT.

I use an RSS reader every day, but this is for my Intro to IT students...

How RSS Feeds Work In Simple Terms [Technology Explained]

A RSS feed works by creating a source of data that is machine (computer) readable. RSS uses XML, which stands for eXtensible Markup Language, to encode a variety of information sources in a standardized way, allowing other websites and applications to process that information and make it readable to you however the programmer desires.

Thursday, February 10, 2011

“After all, they're of no use to us locked up...”

Russian Convicted of $9 Million RBS WorldPay Hack Avoids Jail

Yevgeny Anikin, 27, received a suspended sentence of five years on Monday, according to Russian state news agency RIA Novosti, after pleading guilty to what the U.S. has called “perhaps the most sophisticated and organized computer fraud attack ever conducted.”

Anikin reportedly expressed remorse for his role in the caper, telling the court this week, “I want to say that I repent and fully admit my guilt.” He had been under house arrest since 2009 and reportedly bought two apartments in Novosibirsk and a luxury car with his spoils. He told the court that he had begun to pay back the stolen money.

He’s the second hacker in the caper to avoid jail time.

Last September Viktor Pleshchuk, 29, received a six-year suspended sentence for the heist. Pleschuk also got four years of probation and was ordered to pay $8.9 million in restitution. He received a reduced sentence for cooperating with authorities.

“If you buy online, you owe us sales tax.”

North Carolina Dept. Of Revenue, Amazon Reach Settlement In Privacy Case

February 9, 2011 by Dissent

The North Carolina Department of Revenue has agreed to stop gathering personal data on on-line buyers.

The agreement came in the settlement of a lawsuit filed by Amazon to stop the NCDOR from collecting information. The American Civil Liberties Union, ACLU-NCLF, and ACLU of Washington got involved in the lawsuit on behalf of several Amazon customers.

A federal judge ruled in October 2010 that the government’s requests about Amazon customers violate internet users’ rights to free speech, anonymity and privacy.

Read more on NBC17.

A statement on the ACLU’s blog says, in part:

The North Carolina Department of Revenue (NCDOR) has agreed to stop asking for personally identifiable customer information in combination with details about the titles of customers’ purchases from Internet retailers. The agreement came in the settlement of a lawsuit originally brought by to stop NCDOR from collecting such information. The ACLU and its affiliates in North Carolina and Washington state (where Amazon is headquartered) intervened in the lawsuit on behalf of several Amazon customers whose private information was at stake.


This settlement is a great win for privacy. While the court’s ruling concerned only the specific request issued to Amazon, the settlement covers requests to all Internet retailers who sell books, movies, music, and similar expressive materials. North Carolina has apparently issued similar requests to other Internet retailers, and previously indicated that it planned to issue more such requests in the future. We are pleased that North Carolina has agreed to take a new approach. Requesting information about what people are purchasing online causes real harm, to real people, and it is unconstitutional in these circumstances.

The best defense is a good offense?

Bank of America using three intelligence firms to attack WikiLeaks

You would almost need to be disconnected from the Internet to not know about Aaron Barr, the CEO of HBGary Federal, feeling the wrath of Anonymous after Barr told of his intentions to expose the leaders of Anonymous at an upcoming Security B-Sides conference. But today, WikiLeaks published a document called "The WikiLeaks Threat" [PDF] which revealed two other intelligence firms, besides HBGary, were working to develop a strategic plan of attack against WikiLeaks on the behalf of Bank of America.

When I saw that, I wanted to relate what I saw in the proposal.

"The WikiLeaks Threat" outlines a plan by three private data intelligence firms, Palantir Technologies, HBGary Federal, and Berico Technologies, which were hired to effectively combat and attack WikiLeaks. The intel firms were "acting upon request from Hunton and Williams, a law firm working for Bank of America." According to The Tech Herald, "Hunton and Williams were recommended to Bank of America's general council by the Department of Justice. [So, is that a 'get out of jail, free” card? Bob]

This appears to be exactly the wrong thing to do if you want to remain a dictator – educate your people and allow them to communicate freely...

Sudan Dictator: I’ll Use Facebook to Crush Opposition!

Omar al-Bashir, the president of Sudan, isn’t known for being a technophile. He’s more famous for being an indicted war criminal, owing to his role in the Darfur genocide. But like his northern neighbor Hosni Mubarak, he’s endured two weeks of protests by youths banding together through social networks and text messages. So now Bashir wants to beat them at their own game.

According to the official Sudanese news agency, Bashir today instructed his government to expand rural electrification efforts “so that the younger citizens can use computers and Internet to combat opposition through social networking sites such as Facebook.”

How 'big brotherly' is this?

UK Surveillance Gone Wild: Coventry’s Stoke Park School has 112 CCTV cameras

February 9, 2011 by Dissent

Pupils at Coventry’s Stoke Park School are being watched by an astonishing 112 CCTV cameras, the Telegraph can reveal.

Stoke Park School & Community Technology College, in Dane Road, has 79 security cameras inside its buildings and 33 outside. The startling statistic has led to accusations of “over the top snooping”.

It is easily the most-watched school in the city – with more than three times the number of cameras of the next highest.

The school says the cameras are needed to keep pupils safe.

But a teachers’ union and a national campaign group have criticised the figures.

Read More Coventry Telegraph

[From the article:

There are 1,090 pupils at Stoke Park – roughly one camera for every 10 pupils.

(Related) What's the magic “too much” number for a city?

Chicago emergency officials defend city’s extensive camera network after scathing ACLU report

February 10, 2011 by Dissent

Sophia Tareen of Associated Press reports:

Chicago emergency management officials defended the city’s expansive network of cameras following a scathing report from a leading civil rights group that raised concerns about the loss of privacy, a lack of regulation and fears the technology could violate the First Amendment.

The American Civil Liberties Union of Illinois called for a full review of the system — with at least 10,000 cameras mounted at locations from skyscrapers to utility poles — saying city officials won’t release basic information such as the exact number and cost of the cameras, nor any incidents of misuse.

Read more in the Chicago Tribune.

Related: ACLU: Chicagoans among most-watched citizens in U.S.

Related: Chicago’s video surveillance cameras: A pervasive and unregulated threat to our privacy (ACLU report)

It's all in how you measure...

Study shows music piracy on the decline, porn the most popular of it all

Anti-piracy and counterfeiting prevention company Envisional recently released a report detailing the 10,000 most popular files crossing the streams of BitTorrent trackers. Porn has taken the top, uh, seed, followed closely by non-porn film, while music was near the bottom of the list. What happened?

For my Computer Security students: It's not broken, it's a new feature!

Microsoft Kills AutoRun In Windows

"Microsoft has finally decided to push out an update to disable AutoRun in its XP operating system, a Windows feature that had been increasingly exploited by virus writers over the years. But because Microsoft still sees AutoRun as a feature and not a security hole, it isn't calling its Windows Update a "security update" but rather an "Important, non-security update" — but it effectively disables the AutoRun feature anyway."

An interesting application of technology. Not only located potholes, but allows you to prioritize based on the number of commuters that hit that hole.

Gov App Detects Potholes As Your Drive Over Them

"The City of Boston has released an app that uses the accelerometer in your smartphone to automatically report bumps in the road as you drive over them. From the article: 'The application relies on two components embedded in iPhones, Android phones, and many other mobile devices: the accelerometer and the Global Positioning System receiver. The accelerometer, which determines the direction and acceleration of a phone’s movement, can be harnessed to identify when a phone resting on a dashboard or in a cupholder in a moving car has hit a bump; the GPS receiver can determine by satellite just where that bump is located.' I am certain that this will not be used to track your movements, unless they are vertical."

Attention Ethical Hackers: Free coffee!

Starbucks’ iPhone barcode app easily scammed by screengrab

Someone has noticed that the Starbucks’ iPhone application can be copied with a screen grab from a neglected handset, enabling the thief to gorge themselves on free coffee.

The payment system relies on reading a bar code from the iPhone’s screen, identifying the customer and debiting their account. But the barcode doesn’t change – and the iPhone has a screen-grabbing function built in, so leaving your handset on the table could allow anyone nearby to make an instant copy of your details and even mail them straight to themselves right from the phone.

Kelley Langford, of System Innovators, based in Florida, reckons he can do that in 20 seconds, and has demonstrated the process repeatedly – showing people just how insecure the Starbucks application is, and presumably drinking a lot of free coffee while doing so.

Read more on The Register.

(Related) And free access to anything the iPhone's owner thought was “secure”

IPhone Attack Reveals Passwords In Six Minutes

"Researchers in Germany say they've been able to reveal passwords stored in a locked iPhone in just six minutes and they did it without cracking the phone's passcode. The attack, which requires possession of the phone, targets keychain, Apple's password management system. Passwords for networks and corporate information systems can be revealed if an iPhone or iPad is lost or stolen."

Wednesday, February 09, 2011

Fewer “big hacks” but lots more by your friends and neighbors...

Identity Fraud Fell 28 Percent in 2010 According to New Javelin Strategy & Research Report

February 8, 2011 by admin

The 2011 Identity Survey Report, released today by Javelin Strategy & Research (, reports that in 2010 the number of identity fraud victims decreased by 28 percent to 8.1 million adults in the United States, three million fewer victims than the prior year. Total annual fraud decreased from $56 billion to $37 billion, the smallest amount in the eight years of the study. While overall fraud declined, consumer out-of-pocket costs rose significantly, mainly due to the types of fraud that were successfully perpetrated and an increase in “friendly fraud.”

Read more of the press release on MarketWatch.

[Download the “Consumer Version” here:

Why isn't there a project at some law school to define technology for judges so everyone is on the same page? No doubt a lawyer once suggested to Shakespeare that “A rose is a rose, except in certain jurisdictions and under specific yet varying circumstances...” leading Bill to reply, “The first thing we do, let's kill all the lawyers.”

If it’s Tuesday, your cell phone is a computer

February 9, 2011 by Dissent points us to a case in the Eighth Circuit holding that a cell phone is a “computer” for purposes of the U.S. Sentencing Guidelines: United States v. Kramer, 10-1983 (8th Cir. February 8, 2011).

Reading the excerpt from the opinion explaining their legal reasoning, I was left wondering, “Well wait…. if a cell phone is a computer in this context, why isn’t a cell phone always a computer for purposes of “search incident to arrest?” Thankfully, my confusion was reinforced by John Wesley Hall’s comment under the excerpt:

[Note: So, how can the government now argue that a cell phone seized in a search incident is not a computer, too? When is a cell phone a mere storage device and not a computer? Only when the government wants it to be not a computer, apparently.]

Over on Simple Justice, criminal defense attorney Scott Greenfield also comments on the decision, while Orin Kerr approves of the decision over on The Volokh Conspiracy.

So if I understand this (and I clearly don’t!), your cell phone will be treated as a “computer” if using a “computer” makes your crime somehow worse, but that same device may be essentially just a pack of cigarettes if it’s near you when you are arrested because a pack of cigarettes can be searched without a warrant as “incident to an arrest.”

I wish Congress would enact legislation that gives Fourth Amendment protections to personal electronic devices. As long as law enforcement can seize the device incident to an arrest, evidence would be protected from destruction and they could then apply for a warrant to search it. I realize it would not be as convenient for law enforcement, but I think the abuses involving border searches of laptops and other cases indicate that law enforcement and government have got to be checked by statutes that protect the privacy of the citizenry.

This is sure to become a fun debate. Why don't we have a clear definition of “emergency response” and which laws it allows the police to violate? Treating police as “unlike mere citizens” is, of course, not appropriate. (It might be fun to FOIA local jurisdictions that have 'red light' cameras to see how often this happens...),0,6988221.story

Crime Scenes: No break for cops caught on camera

Police officers are getting caught, and are crying foul. The camera doesn't care whether a cop is off-duty and going shopping in his personal pickup truck or is on duty and speeding to a bank robbery in a marked police cruiser, lights flashing and siren blaring.

… Even on-duty officers in marked patrol cars aren't getting out of paying the fines. Many Maryland jurisdictions are holding officers and other emergency workers personally liable for the tickets, unless they can prove they were responding to legitimate emergencies at the time.

… Just how many police officers get caught by the many red light and speed cameras popping up at intersections in Baltimore and elsewhere could not be ascertained. Police officials said statistics were not available. [Yet they have statistics that “Prove” the cameras are a “good idea.” Bob]

The policy for Baltimore police is the same for most other jurisdictions when a marked emergency vehicle is captured on camera speeding or running a red light. Department spokesman Anthony Guglielmi said officials review dispatch records and if the driver wasn't responding to an emergency, "they are issued tickets and are responsible for paying them."

Police union leaders say that rules requiring lights and sirens when responding to emergencies aren't always practical, or prudent. For example, cops don't speed to bank robberies or burglary calls with lights flashing and siren wailing, to avoid alerting the criminals they're coming, but they still need to get there fast. [What are they saying? “No lights, no dispatch records?” Bob]

… He said most officers simply pay the fines rather than risk an internal investigation and questions about driving techniques that if not illegal, don't always conform to the letter of departmental rules.

Cherry said that an officer might blow a light or speed without using lights and sirens for a variety of reasons, such as to investigate a tip that a guy on the next block had a gun or was selling drugs. In cases like these, the "emergencies" aren't always on dispatchers' official records.

Attention Ethical Hackers: At what point does “failure to fix a known bug” make a vendor liable for the damages it causes?

Java Floating Point Bug Can Lock Up Servers

"Here we go again: Just like the recently-reported PHP Floating Point Bug causes servers to go into infinite loops when parsing certain double-precision floating-point numbers, Sun/Oracle's JVM does it, too. It gets better: you can lock up a thread on most servers just by sending a particular header value. Sun/Oracle has known about the bug for something like 10 years, but it's still not fixed. Java Servlet containers are patching to avoid the problem, but application code will still be vulnerable to user input."

Has the Porn Industry gone beyond “Early Adopter” to “Innovator?”

Porn studio could teach Apple, Google about cloud

Home-video innovations always seem to go back to porn.

The fingerprints of the adult-film industry can be found on the development of VHS and Blu-ray discs. Soon, the sector may teach us about the cloud.

Pink Visual, a porn studio with a history of embracing new technologies, appears to be the first film studio in the United States to offer the kind of streaming-video features that Apple and Google were said to be considering last year.

Instead of storing digital movies they own on computer hard drives, Pink Visual customers will be able to store clips they buy from the studio on the company's servers, said Quentin Boyer, a company spokesman. For a one-time fee, buyers can access their films from any time and as many times as they choose. [I think this is the wrong model. I've speculated that a very small, per-viewing price is the way things will go in the future. Bob]

… In video, Pink Visual could help determine whether these cloud services are a slice of heaven or just vapor. The company will be among the first to tackle issues of pricing, copyright protection, and most importantly, gauge consumer demand.


Already, managers at Pink Visual are asking important questions.

There was a debate at the porn studio about whether it should store and stream content created by other filmmakers, according to Boyer. At least at the start, Pink Visual will handle only its own content but could open up its cloud later, he said.

Why the hesitation?

"We don't want to accidentally have a lot of liability," Boyer said. "We don't want to become fertile ground for copyright infringement [should users upload pirated content to the company's cloud]."

So it's not just your imagination...

February 08, 2011

NOAA: U.S. Cooler and Much Drier than Normal in January

News release: "Last month was the coolest January since 1994, according to scientists at NOAA’s National Climatic Data Center (NCDC) in Asheville, N.C. Across the contiguous United States, the average January temperature was 30.0 F, which is 0.8 F below the 1901-2000 average. And despite several large winter storms across the country, last month was the ninth driest January on record, much drier than normal. Average precipitation across the contiguous United States was 1.48 inches, 0.74 inch below the 1901-2000 average. This monthly analysis, based on records dating back to 1895, is part of the suite of climate services NOAA provides."

(Related) I blame this all on Al Gore – but then, I blame liberals for all kinds of things.

Magnetic polar shifts causing massive global superstorms

Forget about global warming—man-made or natural—what drives planetary weather patterns is the climate and what drives the climate is the sun's magnetosphere and its electromagnetic interaction with a planet's own magnetic field.

… Magnetic polar shifts have occurred many times in Earth's history. It's happening again now to every planet in the solar system including Earth.

The magnetic field drives weather to a significant degree and when that field starts migrating superstorms start erupting.

… "There is, however, a growing body of evidence that the Earth's magnetic field is about to disappear, at least for a while.

… Possible magnetic pole reversal may also be initiating new Ice Age

According to some geologists and scientists, we have left the last interglacial period behind us.

… So, the start of a new Ice Age is marked by a magnetic pole reversal, increased volcanic activity, larger and more frequent earthquakes, tsunamis, colder winters, superstorms and the halting of the Chandler wobble.

Unfortunately, all of those conditions are being met.

e-Caligraphy? Want to bet that my Ethical Hackers can't “download” the font?

Tuesday, February 8, 2011

Pilot Handwriting - Write by Hand on Your Keyboard

Pilot Pen has created a neat website through which you can capture your handwriting on paper then use it to type and send emails. Pilot Handwriting provides you with a simple grid to print and complete by hand. After you've filled in the grid just hold it up to your webcam and Pilot captures your handwriting to use as a font. You can then type on your keyboard using your very personalized font. Unfortunately, that font can only be used to send emails to your friends from the Pilot Handwriting. If they make downloading the font an option then they'll really be on to something good. Learn more in the video below.

For staying current...

3 Great Ways To Read Your Google Reader Feeds

[Also see:

Tuesday, February 08, 2011

How should I read this? Children can't be prosecuted for creating and distributing “child porn?”

TX: Attorney General Abbott, Sen. Watson Announce Sexting Prevention Legislation

February 7, 2011 by Dissent

Texas Attorney General Greg Abbott today joined State Sen. Kirk Watson, who announced the filing of Senate Bill 407, legislation that will help curb the dangerous practice of sexting.

If enacted, SB 407 would classify a sexting offense as a Class C misdemeanor for first-time violators less than 18 years old. Judges would be authorized to sentence minors convicted of sexting – and one of the minor’s parents – to participate in an education program about sexting’s long-term harmful consequences. The new law would also allow teens to apply to the court to have the sexting offense expunged from their records.

“Studies show that teenage students are increasingly taking, sending and receiving explicit pictures of themselves on their mobile telephones,” Attorney General Abbott said. “This dangerous trend is harmful to young Texans. We are joining with Sen. Kirk Watson to address the growing problem of sexting and educate – not criminalize – young Texans who make the unwise decision to participate in it.”

“This bill ensures that prosecutors – and, frankly, parents – will have a new, appropriate tool to address this issue,” Sen. Watson said. “It helps Texas laws keep up with technology and our teenagers.”

Sexting – a harmful and dangerous practice – typically occurs when teenage students use cell phones to send each other sexually explicit messages or images electronically, primarily between cell phones. A 2008 report from The National Campaign to Prevent Teen and Unplanned Pregnancy indicates that 22 percent of teen girls said they have electronically sent or posted online nude or semi-nude images of themselves.

Sexting message senders have no control of their message’s ultimate distribution. Embarrassing or sexually explicit messages can be forwarded to other students and later spread quickly through a school or anywhere in the world.

Under current Texas law, anyone who transmits an explicit image of a teen can face felony charges of possessing or trafficking child pornography. As a result, children who send images of themselves and their friends face serious criminal repercussions. SB 407’s legal provisions ensure that minors are punished for their improper behavior, but do not face life-altering criminal charges.

Source: Attorney General Greg Abbott


February 07, 2011

State Cyberbullying Laws

State Cyberbullying Law - A Brief Review of State Cyberbullying Laws and Policies, Sameer Hinduja, Ph.D. and Justin W. Patchin, Ph.D., Cyberbullying Research Center, updated January 2011

You can criticize your boss, but only if you are in a union?

Company settles Facebook firing case

A Connecticut ambulance company that fired an employee after she criticized her boss on Facebook agreed Monday to settle a complaint brought by the National Labor Relations Board.

The NLRB sued American Medical Response of Connecticut on October 27, 2010, claiming the employee, Dawnmarie Souza, was illegally fired and denied union representation after she posted negative comments about her supervisor to her Facebook page.

… In response to the NLRB complaint last year, AMR claimed Souza's comments were not protected activity. However, the NLRB contended that AMR's termination of Souza's employment violated the National Labor Relations Act, which allows employees to discuss the terms and conditions of their employment with co-workers and others.

The Chinese government gets behind Cloud Computing. (and the comments are priceless...)

China Building City For Cloud Computing

"First it was China's 'big hole' sighting that brought us the supercomputing race. Now China is building a city-sized cloud computing and office complex that will include a mega data center, one of the projects fueling that country's double-digit growth in IT spending. The entire complex will cover some 6.2 million square feet, with the initial data center space accounting for approximately 646,000 square feet, says IBM, which is collaborating with a Chinese company to build it. A Sputnik moment? Patrick Thibodeau reports that these big projects, whether supercomputers or sprawling software development office parks, can garner a lot of attention. But China's overall level of IT spending, while growing rapidly, is only one-fifth that of the US."


February 07, 2011

Facebook Enables Full-Session Encryption

EPIC: "Facebook will now allow full-session HTTPS. The switch to encrypted cloud-based computing promotes privacy and security, particularly when users access Facebook from public Internet access points. Previously, Facebook only used HTTPS when users’ passwords were being sent to the site. Third party applications currently do not support HTTPS. Users can opt into HTTPS through their “Account Settings;” however, HTTPS is not yet the default. Facebook will use "social authentication, rather than traditional CAPTCHA, to deter hackers. EPIC has previously recommended the adoption of strong privacy techniques for cloud-based services. In 2009, EPIC filed a complaint with the Federal Trade Commission, urging an investigation into Google’s cloud computing services to determine the adequacy of privacy and security safeguards. Google subsequently established HTTPS by default for Gmail. For related information, see EPIC: Facebook, EPIC: Cloud Computing, and EPIC: Social Networking Privacy."

Un-Googling yourself?

Crazy Characters Help Indie Bands Outsmart Google

On the Internet, new-band buzz travels faster than the speed of sound. So how can emerging musicians maintain their indie cred as they amass fans? Create a completely unintelligible moniker. A growing number of artists—largely from a dark electronic genre known as witch house—have found that by using symbols in their name they can make it to the top of playlists even if they’re not ranked at the top of Google results.

Using crazy characters to subvert the music industry isn’t entirely novel. Prince did it when he became . MIA made a similar move by calling her latest album . But the new symbolists, like and , are not only hard for search engines to unearth but also nearly impossible to talk about offline (how do you pronounce “ ” again?).

The musicians fronting this movement, however, say the use of characters is largely aesthetic and note that their names aren’t meant to alienate listeners. Some say they’re simply speaking to an audience raised on the web. “Nothing’s un-Googleable to a 14-year-old,” says Chris Dexter, who performs as oOoOO.

It is government's duty to protect its citizens (especially those who contribute...)

White House will propose new digital copyright laws

The Obama administration has drafted new proposals to curb Internet piracy and other forms of intellectual property infringement that it says it will send to the U.S. Congress "in the very near future."

It's also applauding a controversial copyright treaty known as the Anti-Counterfeiting Trade Agreement, or ACTA, saying it will "aid right-holders and the U.S. government to combat infringement" once it enters into effect.

Those disclosures came from a report released today by Victoria Espinel, whom President Obama selected as the first intellectual property enforcement coordinator and was confirmed by the Senate in December 2009. There's no detail about what the proposed law would include, except that it will be based on a white paper of "legislative proposals to improve intellectual property enforcement," and it's expected to encompass online piracy.

The 92-page report (PDF) reads a lot like a report that could have been prepared by lobbyists for the recording or movie industry: it boasts the combined number of FBI and Homeland Security infringement investigations jumped by a remarkable 40 percent from 2009 to 2010.

No less than 78 percent of political contributions from Hollywood went to Democrats in 2008, broadly consistent with the trend for the last two years, according to

(Related) “We can't risk eliminating either a tax or payments to large contributors.”

FCC Moves To Convert Phone Fund To Broadband Fund

"The Federal Communications Commission is expected to change the Universal Service Fund so that the funds are directed toward broadband infrastructure instead of rural phone infrastructure. '... while the world has changed around it, USF – in too many ways – has stood still, and even moved backwards. The program is still designed to support traditional telephone service. It’s a 20th century program poorly suited for the challenges of a 21st century world.' You can see a transcript of what was presented to the FCC (PDF) online."

It is good to know that Academia is studying these things.

Study: Facebook replacing Craigslist for prostitutes

When Craigslist withdrew from the adult services business last year, some wondered whether the prostitution business would be driven to less obvious and, perhaps, more dangerous places.

However, a Columbia University professor is suggesting that the business might have gravitated to somewhere even more obvious: Facebook.

Sociology professor Sudhir Venkatesh published the results of his work among New York prostitutes on Wired. And it makes for a stimulating insight into how technology is influencing the prostitution business.

Technology seems to have made men's behavior suddenly sophisticated.

"No self-respecting cosmopolitan man looking for an evening of companionship is going to lean out his car window and call out to a woman at a traffic light," Venkatesh said.

Instead, Venkatesh estimates that 83 percent of prostitutes have a Facebook page. Moreover, he believes that by the end of 2011, Facebook "will be the leading online recruitment space." Indeed, he says, even before Craigslist beat its retreat, Facebook was becoming a happy home for many prostitutes.

“We gotta have a way to deliver our nukes!”

Iran's New Space Program

"Coinciding with the 32nd anniversary of the Iranian revolution, Iran opened a center to receive satellite images built 'entirely by Iranian engineers.' Iran promised that by the end of their year (March of 2011) they would launch two observational satellites: Fajr (Dawn) and Rasad-1 (Observation-1). You might recall two years ago when they launched Omid, which completed about 700 orbits in two weeks. There are reports that new launch rockets will be revealed in February to launch the new satellites — all equipment is claimed to be entirely Iranian made. Iranian media is reporting that one of the satellites 'carries remote measuring equipment that would be used in meteorology and identifying sea borders.' The Iranian Student News Agency says Explorer 4 (Kavoshgar 4) is meant to transport humans and other living organisms into space, and that the sensory on the satellites 'is able to find gas and oil resources, identify coal mines, jungles and agricultural products as well as salty-marsh and contaminated environments.' These rapid fire achievements are not the only bragging Iran has done as of late; they also claim 'new gamma radiation units for medical treatments and a supercomputer billed as among the top 500 most powerful in the world. But, fact or fiction aside, the satellites have old enemies speculating."

The world, she is a changing.

ComScore: Hulu Is Watched Twice As Much As The 5 Major TV Networks Online Combined


ComScore Says You Don’t Got Mail: Web Email Usage Declines, 59% Among Teens!

Here's one I'd buy, buy it's probably vaporware... Could even be an electronic etch-a-sketch.

NoteSlate, an E-Ink Tablet Made for Writing

The NoteSlate is … an E Ink tablet which comes with a pop-out stylus to write on the screen, and while it also comes in white, the black version looks just like a real slate –- those stone chalkboards on which schoolkids worked in the dreary mists of the past.

A huge 13-inch display takes up most of the front panel of the device.

… The NoteSlate has a single purpose: to act like a piece of paper. You can sketch and write, and the three hardware buttons let you delete a whole page (with the pen acting as an eraser for localized corrections), store the current page, or flip to the previous page (no mention is made of skipping to the next page).

At $99, it looks like an awesome gadget, but has the distinct whiff of vaporware. The mockups on the site show a color version along with the black-and-white ones, and promise a “free Wi-Fi module on request with order”.

… The launch date is promised as June 2011, and I’d love to see something like this as a replacement to paper notebooks. I have a sneaking feeling, though, that this will just disappear and never be seen again. I have set myself a calendar reminder for the middle of June to check up on things.

Is this the ultimate ego booster? - Turn Your Emails Into A Book

A book with all your emails. That is what this new site will let you have created and delivered straight to your doorstep. You will be able to specify a time period for the application to focus on, and also to individualize these contacts whose interactions you want to have compiled. Once you have chosen that, you will be given the chance to customize the way the book will look like.

For the time being, the two email providers which are supported include both Gmail and Yahoo. Pricing itself is actually determined based on which kind of content you choose to have featured. Obviously, the more contacts you go for and the longer the time period then the more pages the book is having, and the more expensive the book is going to be.

For the Swiss Army folder...

FreeOnlineOCR: Convert PDF Files & Images To Text

If you have an image that contains text, FreeOnlineOCR is one of the quickest tools to convert it into text. It works with several image formats including JPG, GIF, PNG, BMP, TIFF and even PDF files. Simply upload your image, select the desired output format, click convert and the tool will convert your document into text.

You can have your output in TXT, DOC, PDF or RTF format. No registration is required and no tools need to be downloaded. The tool automatically takes care of low-resolution images and rotates the image if need be. It keeps the layout and formatting and read the text from within your image with great precision. The tool can also be used simply to convert PDF documents to Microsoft Word.

Similar tools: OCRConvert, OnlineOCR, OCRTerminal, Free-ORC and OCROnline.

Also read related articles: