Saturday, February 19, 2011

Step Two (after shooting a few protesters)

Libya Blocks Internet Access As Citizens Protest

"As protests rage across the Middle East, in particular gaining strength in Libya, Djibouti, Iraq, Bahrain, and Yemen over the past two days, Libya has taken the lead role in blocking internet access to its citizens. Residents of Tripoli, Libya are reporting wide-spread internet blockage for most sites, and access to circumvention tools like OperaTor and VPN is also being blocked."

(Related) Step Two in the US? Would that include shutting off Twitter, for example? Or New York City?

Internet 'kill switch' bill gets a makeover

A Senate proposal that has become known as the Internet "kill switch" bill was reintroduced this week, with a tweak its backers say eliminates the possibility of an Egypt-style disconnection happening in the United States.

As CNET reported last month, the 221-page bill hands Homeland Security the power to issue decrees to certain privately owned computer systems after the president declares a "national cyberemergency." A section in the new bill notes that does not include "the authority to shut down the Internet," and the name of the bill has been changed to include the phrase "Internet freedom."

But the revised wording (PDF) continues to alarm civil liberties groups and other critics of the bill, who say the language would allow the government to shut down portions of the Internet or restrict access to certain Web sites or types of content.

One big change: Earlier versions of the bill barred companies from filing a lawsuit objecting to being placed on that list. The revised version explicitly permits judicial review as long as the lawsuit is filed in the District of Columbia.

Interesting statistics

February 18, 2011

UK Cabinet Office Report: The Cost Of Cyber Crime

The Cost of Cybercrime: A Detica Report in Partnership with the Office of Cyber Security and Information Assurance in the Cabinet Office, February 17, 2011

  • "Few areas of our lives remain untouched by the digital revolution. Across the world, there are now nearly two billion internet users and over five billion mobile phone connections; every day, we send 294 billion emails and five billion SMS messages. Over 91 per cent of UK businesses and 73 per cent of UK households have internet access and £47.2 billion was spent online in the UK alone in 2009. Our society is now almost entirely dependent on the continued availability, accuracy and confidentiality of its Information and Communications Technology (ICT). We need it for our economic health, for the domestic machinery of government, for national defence and for our day-to-day social and cultural existence. As well as significant benefits, the technology has also enabled old crimes to be committed in new and more subtle ways. In its National Security Strategy4, cyber threats are recognised by the Government as one of four ‘Tier One’ risks to the UK’s security. But estimates of the cost of cyber crime have until now not been able to provide a justifiable estimate of economic impact and have failed to address the breadth of the problem. Therefore, the Office of Cyber Security and Information Assurance (OCSIA) worked with Detica to look more closely at the cost of cyber crime in the UK and, in particular, to gain a better appreciation of the costs to the UK economy of Intellectual Property (IP) theft and industrial espionage. Further developments of cyber crime policy, strategies and detailed plans will thus benefit from this insight."

Is “the future of the music industry” already here?

Radiohead’s Day Early Online Release Of ‘The King Of Limbs’ Goes Viral

It’s as if Radiohead got the lion’s share of Internet awareness, leaving the rest of the music industry completely clueless. Pretty much all anyone can talk about right now is Radiohead’s The King of Limbs, for a number of reasons (not least of which is because it’s amazing) but primarily because Radiohead mirrored the patterns of digital album leaks, generating major buzz.

… The band surprised everyone this morning by tweeting out “It’s Friday… It’s almost the weekend… You can download ‘The King of Limbs’ now if you so wish,” which led to coverage from Pitchfork to tech blogs , over 2000 retweets and #thekingoflimbs hashtag surpassing Queen Gaga to an impressive position at the top of Twitter trending topics.

… Having primed the digital sales pot with “the pay what you will” model of 2007 release In Rainbows, which “sold” 3 million copies, this time fans have to pony up a fixed amount of cash, $9.00 for MP3s and $14.00 for higher quality WAV files. Further driving in the nail in the coffin of physical music sales, Radiohead is releasing what it is calling a “Newspaper Album” three months from now which will include 625 pages of artwork, a MP3 ($48) or WAV ($53) version of the album and two, 10-inch vinyls — More a collector’s item than anything else.

For my Computer Security students.

National Security Jobs To Rival Silicon Valley Over the Next 10 Years?

"The Capital reports on a new cyber curriculum at a Maryland high school to feed the ever growing needs of the NSA and Cyber Command. A quote from Dutch Ruppersberger (D-MD) about job growth in the local national security sector stands out: '... in 10 years, there are going to be more tech jobs than Silicon Valley.' Could the new funding for the expansion of the National Security Agency and the Army's new Cyber Command be the next big growth area for the US?"

Because sometimes a snippet of popular culture gets a concept across better than a textbook...

How To Download Videos From Hulu The Easy Way

Every once in a while, you come across a video that you think is so great that adding it to your favorites just isn’t good enough, so you seek to download it. This is relatively easy if you’re on YouTube. There are dozens of apps out there capable of getting the job done (YouTube Downloader is my personal favorite).

Hulu‘s an entirely different story. They’ve gone to great lengths to protect their videos from downloaders, primarily because Hulu is home to a lot of television episodes and clips, rather than user-uploaded content. Is it impossible to download videos from Hulu? No, but a lot of the time, it’s just frustrating enough to cause you to give up prematurely – until now at least.

… You’re going to need two programs to start downloading and watching Hulu videos on your computer. The first is StreamTransport, the program you will use to locate, capture, and download the videos you’re looking for. The second, which you should have anyway, is VLC Player, because, well, it plays everything.


Friday, February 18, 2011

Embed Plus - Clip & Annotate YouTube Videos

Embed Plus allows you to start a video at any point you specify. You can also use Embed Plus to skip scenes in a video, play it in slow motion, zoom into an area of a video, and annotate a video.

For my students – because a picture is worth a thousand words (except in assigned research papers)

Friday, February 18, 2011

Use Your Own Data in the Google Public Data Explorer

Last spring Google launched the Public Data Explorer. The Public Data Explorer allows anyone with a Google account to create visualizations of public data sets. Until this week, the only data you could visualizer was the data from Google's preferred providers (World Bank, US CDC, US Bureau of Labor, and others). This week Google announced that you can now upload and create visualizations of your own datasets in the Public Data Explorer. To do this you need to use the new Data Set Publishing Language (DSPL) developed by Google. The process of upload data in the DSPL format isn't something you'll learn in minutes, but if you're really interested in doing it Google does have a step-by-step tutorial for you to follow.

Again for my students – introducing them to alternatives... - The Best Web Services

For every web service that you use, there are at least a couple more that can get the very same job done every bit as well. And maybe even better. The question is, how do you find out about these services? And the answer is found on a site such as Digler.

In a nutshell, Digler is a very encompassing aggregator that brings all the best sites on the Web under the same roof. You will be able to access all these sites that are known to perform nothing short of excellently, all from the same page. Providers of webmail, video portals, search engines... they are all found on Digler

These sites are obviously arranged by category, and the eight top sites within each area are highlighted in each and every case. And by clicking on the flags that are provided on the right-hand side of the screen you will be able to swap the country at will. The US, the UK, Canada, Spain, Italy, Brazil... these are just some of the many countries that are already supported.

Friday, February 18, 2011

Sex offenders, felons on probation and school children. Actually, it's all about the money!

Kids Who Skip School Get Tracked By GPS

"Frustrated by students habitually skipping class, police and the Anaheim Union High School District are turning to GPS tracking to ensure they come to class. The six-week pilot program is the first in California to test GPS. Seventh- and eighth-graders with four unexcused absences or more this school year are assigned to carry a handheld GPS device, about the size of a cell phone. Five times a day, they are required to enter a code that tracks their locations – as they leave for school, when they arrive at school, at lunchtime, when they leave school and at 8 p.m."

[From the article:

Students and their parents volunteer for the monitoring as a way to avoid continuation school or prosecution with a potential stay in juvenile hall.

… Overall, the six-week program costs about $8 per day for each student, or $18,000.

… Because schools lose about $35 per day for each absent student, the program can pay for itself and more if students return to class consistently, Miller said.

Lots of links to other 'proposals,' little detail.

NSA chief wants to protect 'critical' private networks

SAN FRANCISCO--The head of the National Security Agency said today that the U.S. military should have the authority to defend "critical networks" from malware and other disruptions.

Gen. Keith Alexander, who is also the head of the Pentagon's U.S. Cyber Command, said at the RSA Conference here that the NSA's "active defenses" designed to defend military networks should be extended to civilian government agencies, and then key private-sector networks as well.

It looks awfully spotty west of the Mississippi...

February 17, 2011

National Broadband Map Launched

"The National Broadband Map is a searchable and interactive website that allows users to view broadband availability across every neighborhood in the United States. The NBM was created by the National Telecommunications and Information Administration (NTIA), in collaboration with the Federal Communications Commission (FCC), and in partnership with 50 states, five territories and the District of Columbia. The NBM is a project of NTIA's State Broadband Initiative. The NBM will be updated approximately every six months and was first published on February 17, 2011."

A difficult and expensive process, but the threat is real?

'Hurt Locker' lawyers launch nationwide copyright fight

After several setbacks, Dunlap, Grubb & Weaver, the law firm that last year filed copyright suits against thousands of accused illegal file sharers on behalf of independent filmmakers, has made good on promises to push on with the cases.

Dunlap has begun to refile lawsuits across the country against people accused last year of pirating movies via peer-to-peer networks. To do that, Dunlap established a network of lawyers who are licensed to operate in different federal districts.

Won't this just clutter things up?

Google Search Finally Going Fully Social With Shared Twitter Links And Even Quora Data

What Google is sort of downplaying as just an “update” to social search, is actually much more. Google is taking those social circle links at the bottom of the page, pumping them with social steroids, and shoving them towards the top of results pages. For the first time, social is actually going to affect Google Search in a meaningful way.

We had a chance to speak with Mike Cassidy, Google’s Product Management Director of Search, about the updates yesterday. He outlined three key things Google is focusing on: blending the results, increasing the social coverage, and giving users more control. The first two are the meat, and the third is simply overdue.

By “blending” results, Cassidy means that Google is now going to be showing social results in the regular search results stream. The link itself will look the same as every other link — blue, underlined — but it will say something like “YOUR FRIEND’S NAME shared this” below it, along with that user’s profile icon.

… And it’s not just tweets that Google is taking into account for this new social push. Flickr and Quora content is included as well. The latter is somewhat surprising because the startup is relatively new.

… Interestingly enough, Google’s full push into this arena comes just a day after Greplin, a startup in the social search space that we like a lot, finally opened its doors to all.

Greplin has many more social hooks than Google right now (they ask you to authorize third-party services whereas Google, again, is just going after public data), but the search giant promises that today’s rollout is just one step in the move towards social. There is more to come.

Good news for students at a “Technical University?” Lot's of categories defined, if rather loosely...

February 17, 2011

WSJ: Technology is eating jobs

Is Your Job an Endangered Species? - "Technology is eating jobs—and not just obvious ones like toll takers and phone operators. Lawyers and doctors are at risk as well... Forget blue-collar and white- collar. There are two types of workers in our economy: creators and servers. Creators are the ones driving productivity—writing code, designing chips, creating drugs, running search engines. Servers, on the other hand, service these creators (and other servers) by building homes, providing food, offering legal advice, and working at the Department of Motor Vehicles. Many servers will be replaced by machines, by computers and by changes in how business operates. It's no coincidence that Google announced it plans to hire 6,000 workers in 2011."

[An example from the article:

But eDiscovery is the hottest thing right now in corporate legal departments. The software scans documents and looks for important keywords and phrases, displacing lawyers and paralegals who charge hundreds of dollars per hour to read the often millions of litigation documents. Lawyers, understandably, hate eDiscovery.

For my Computer Security students. (and for me to teach them...)

February 17, 2011

OPM Issues Competency Model for Cybersecurity

"The U.S. Office of Personnel Management (OPM), the Chief Information Officers (CIO) Council and the Chief Human Capital Officers Council's Workforce Development Subcommittee identified cybersecurity related occupations as high priorities for Governmentwide competency models. In November 2009, OPM initiated a Governmentwide study to identify critical competencies for cybersecurity work, working with the CIO Council and the National Initiative for Cybersecurity Education (NICE). Subject matter experts provided key insights, and employees and supervisors across the Government completed surveys to paint a comprehensive picture of cybersecurity work. We are pleased to provide the attached Cybersecurity competency model to support your human resources initiatives. The competencies identified may be used in such agency efforts as workforce planning, training and development, performance management, recruitment, and selection. When used for selection, the competencies must be used in conjunction with the appropriate qualification standard."

Thursday, February 17, 2011

Lesson: Listen to your auditors...

Foreign Hackers Attack Canadian Government

"According to the CBC: 'An unprecedented cyberattack on the Canadian government from China has given foreign hackers access to highly classified federal information, and forced at least two key departments off the internet, CBC News has learned. The attack, first detected in early January, left Canadian counter-espionage agents scrambling to determine how much sensitive government information may have been stolen and by whom.' It should be noted that the Auditor-General warned of this months ago and was ignored by everyone as she usually is. It should also be noted that public sentiment towards China is getting very, very testy."

“Just a bit over aggressive” or practicing for the Internet Kill Switch?

US Gov't Mistakenly Shuts Down 84,000 Sites

"Last Friday, the United States Department of Homeland Security (DHS) seized ten websites accused of selling counterfeit goods or trafficking in child pornography. However, in the process, about 84,000 unrelated websites were taken offline when the government mistakenly seized the domain of a large DNS provider, FreeDNS. By now, the mistake has been corrected and most of the websites' domains again point to the sites themselves, rather than an intimidating domain seizure image. In a press release, the DHS praised themselves for taking down those ten websites, but completely failed to acknowledge their massive blunder."

Will this eventually force us to “design for surveillance?”

FBI to Announce New Internet-Wiretapping Push

February 17, 2011 by Dissent

Yesterday, I noted that there is a hearing in the House of Representatives this morning on surveillance. Declan McCullagh reports:

The FBI is expected to reveal Thursday that because of the rise of Web-based e-mail and social networks, it’s “increasingly unable” to conduct certain types of surveillance that would be possible on cellular and traditional telephones.

FBI general counsel Valerie Caproni will outline what the bureau is calling the “Going Dark” problem, meaning that police can be thwarted when conducting court-authorized eavesdropping because Internet companies aren’t required to build in backdoors in advance, or because technology doesn’t permit it.

Read more on CBS.


Hearing: “Going Dark: Lawful Electronic Surveillance in the Face of New Technologies”

February 16, 2011 by Dissent

The House Judiciary Committee Subcommittee on Crime, Terrorism, and Homeland Security is holding a hearing Thursday morning, Feb. 17 at 10:00 am:

“Going Dark: Lawful Electronic Surveillance in the Face of New Technologies”

The scheduled witness list is:

Valerie E. Caproni General Counsel, Federal Bureau of Investigation

Chief Mark A. Marshall President, International Association of Chiefs of Police

Susan Landau, PhD Radcliffe Institute for Advanced Study, Harvard University

Their written statements will most likely be available on the hearing page during the hearing.

“An OVER-abundance of caution?”

AU: Accused win battle to delete web history

February 17, 2011 by Dissent

Geesche Jacobsen reports:

Newspapers, including the Herald, have been ordered to remove old articles from their websites after a court ruled they might interfere with a fair trial.

The decision, one of the first of its kind, came after lawyers for three accused men argued jurors might develop prejudice by reading any of 10 selected articles.

The Supreme Court yesterday ordered the removal of these reports from the online sites of various newspapers for the duration of the trial over the death of the former drug dealer Terry Falconer, due to start next week.

Read more in The Age.

[From the article:

But the decision has no impact on thousands of other internet hits for the names of one or more of the accused - Anthony John Michael Perish, Mathew Robert Lawton, and Andrew Michael Perish. The court heard a Google search last month found 6930 references to the name of one of the men on Australian sites alone.

The order was imposed even though jurors will be told not to look up the case on the internet or discuss it with anyone.

… The barrister Dauid Sibtain had argued the orders were unnecessary and the media organisations should not be in a position ''less favourable'' than others who had posted material.

The orders ''lacked practical utility'' because other copies of the article may remain online, but Justice Price rejected this.

Sort of like a fear of public speaking, but with a global audience?

Number of Facebook Friends Linked To Anxiety

"WebProNews reports that according to a new survey, the more Facebook friends you have, the more likely you are to feel stressed out by the site. 'The results threw up a number of paradoxes,' says Dr Kathy Charles, who led the study. 'For instance, although there is great pressure to be on Facebook there is also considerable ambivalence amongst users about its benefits.' Causes of stress included deleting unwanted contacts, the pressure to be entertaining, and having to use appropriate etiquette for different types of friends. 'Like gambling, Facebook keeps users in a neurotic limbo, not knowing whether they should hang on in there just in case they miss out on something good.'"


The Personally Controlled eHealth Record (PCEHR) Checklist of Privacy Concerns

By Dissent, February 17, 2011

Draft paper by the Australian Privacy Foundation can be found on their site. Many of the concerns they raise are the same ones we’ve seen here and elsewhere, and need to be addressed.

Another privacy guide...

Data at Your Fingertips: Biometrics and the Challenges to Privacy

February 16, 2011 by Dissent

From the Office of the Privacy Commissioner of Canada:

Canadians are witnessing a growing interest among government and private-sector organizations in adopting systems that use biometric characteristics to automatically identify people or verify their identity. But whether a fingertip, a face or an iris is being scanned, what’s being collected is personal information about an identifiable individual.

And that makes it our interest too.

The Office of the Privacy Commissioner of Canada has prepared this primer on biometrics and the systems that use them. It also describes some of the privacy implications raised by this emerging field, as well as measures to mitigate the risks.

Data at Your Fingertips: Biometrics and the Challenges to Privacy (pdf)

Clearly, the future is cloudy...

February 16, 2011

Federal Cloud Computing Strategy Published

"The Federal Cloud Computing Strategy was published February 13, 2011, marking a milestone in the Administration’s 25-Point Implementation Plan To Reform Federal IT Management. The strategy is designed to help the government deliver value to the public by increasing the operational efficiency of Federal IT dollars, and responding faster to taxpayer needs. In releasing the report, Federal CIO Vivek Kundra noted, “The adoption of cloud computing will play a pivotal role in helping the government close the productivity gap between the public and private sectors.” The strategy outlines how the Federal government can accelerate the safe, secure adoption of cloud computing, and provides agencies with a framework for migrating to the cloud. It also examines how agencies can address challenges related to the adoption of cloud computing, such as privacy, procurement, standards, and governance... Moving forward, agencies are required to evaluate their technology sourcing strategies so that cloud computing options are fully considered, consistent with the “Cloud First” policy outlined in the 25-Point Implementation Plan, which states: “The three-part strategy on cloud technology will revolve around using commercial cloud technologies where feasible, launching private government clouds, and utilizing regional clouds with state and local governments where appropriate.”

“You can 'buy' our toy, but you have to play the games we want you to play – or we take our toy and go home.”

Sony's Official Statement Regarding PS3 Hacking

"Sony has stepped up its stance on anyone circumventing protection of any kind on the PlayStation 3 and released a statement addressing it. Most recently Sony had barred George Hotz (Geohot) from releasing any more information about the console whatsoever. Now, Sony has their eyes set on other users that may be trying to use pirated software or modded PlayStation consoles on their network. The statement reads: 'Notice: Unauthorized circumvention devices for the PlayStation 3 system have been recently released by hackers. These devices permit the use of unauthorized or pirated software. Use of such devices or software violates the terms of the "System Software License Agreement for the PlayStation 3 System" and the "Terms of Services and User Agreement" for the PlayStation Network/Qriocity and its Community Code of Conduct provisions. Violation of the System Software Licence Agreement for the PlayStation 3 System invalidates the consumer guarantee for that system. In addition, copying or playing pirated software is a violation of International Copyright Laws. Consumers using circumvention devices or running unauthorized or pirated software will have access to the PlayStation Network and access to Qriocity services through PlayStation 3 system terminated permanently.'"

Finding 'stuff' in your many online tools...

Greplin’s Social Search Opens Its Doors To All

Greplin, the service that indexes and lets you search all of your online social stuff (Gmail, Twitter, Facebook, etc.), has just opened its doors to everyone.

… Why would you want to use Greplin? Because it lets you search across all of your emails, Facebook data and Twitter stuff with one query. And they haven’t stopped there. You can also authorize Google Apps, Dropbox, LinkedIn, Google Calendar, Google Docs, Evernote, Yammer, Salesforce,, Basecamp, Google Voice, Google Reader, Google Contacts and more. And then find stuff in those apps with a single query.

Wednesday, February 16, 2011

Another “We're not sure...” breach report. Why would data need to be stored at all? Couldn't the machine upload information to a secure, central repository immediately?

Baylor Health Care System notifies over 8,000 patients after portable ultrasound machine with PHI is stolen

By Dissent, February 15, 2011

Baylor Heart and Vascular Center in Texas reports that over 8,000 patients might have been affected by the theft of a portable ultrasound diagnostic machine. The device was stolen from a patient’s room in Baylor’s Jack and Jane Hamilton Heart and Vascular Hospital (BHVH) in Dallas on the evening of December 2 or the early morning of December 3, 2010. A statement on Baylor Health Care System’s site linked from their home page says:

We believe the ultrasound machine may have contained limited data on a small number of patients seen at the hospital from December 26, 2006 to December 2, 2010. Patient health information on the machine is limited to patient names, dates of birth, blood pressure, height, weight, and limited health information in the form of ultrasound images of patient’s hearts. Approximately 8,000 patient procedures were performed on the ultrasound machine. However, Baylor believes only a very small fraction of the 8,000 patients’ information was actually contained on the device because the data is regularly purged and overwritten. Therefore, Baylor is not able to determine exactly which patients’ information was on the device. Out of an abundance of caution, Baylor is notifying all patients that could have information contained on the device.

In its notification to the U.S. Dept. of Health & Human Service, Baylor reported that 8,241 patients were being notified.

Baylor also indicated that the stolen machine contained patient health information from patients of both BHVH and Baylor University Medical Center at Dallas. No financial information or social security numbers were affected.

Coming soon to a school near you!

FERPA’s “directory information” inconsistent with privacy protection

February 16, 2011 by Dissent

A Princeton student who tried to raise awareness about how much information the university makes available about students online may have bought himself some trouble with the university.

Anastasya Lloyd-Damnjanovic reports:

“Congrats on using Gmail for your Princeton email,” Dan Li ’11 wrote in the hundreds of e-mails he sent out over the last few days to students who forward e-mails from their Princeton accounts to their Gmail e-mail addresses. “If you’re creeped out because I know your Gmail address, read on.”

The e-mails included personal details about each student including their names, e-mail and mailing addresses, dorm room addresses and student identification numbers, which, he said, were publicly accessible through the University’s web-based directory.

Li said he sent the e-mails in an effort to raise awareness about a perceived security breach in the University’s Lightweight Directory Access Protocol server that could allow anyone outside the community to access the personal information about students that Li included in his e-mails.

Read more on The Daily Princetonian.

Toward ubiquitous surveillance...

Police chief: Hack your kids' Facebook passwords

Where are your kids tonight? Virtually speaking.

… The police chief of Mahwah, N.J., James Batelli, believes that you shouldn't be sitting there and wondering. He believes parents should be using any methods they can to spy on their kids.

… Batelli reportedly sees nothing wrong with using spyware to monitor their every virtual move and hack their passwords to Facebook and any other site for which they might have a regular fondness.

Indeed, his detectives hold free seminars to teach parents how to install spyware on all their computers at home.

… "If it means buying an $80 package of software and putting it on and seeing some inappropriate words you don't want your child to say. Then that's part of society," he told NBC New York.

Unfortunately, another part of society is that kids tend to be more adept computer-wise than their parents. What will happen when the kids realize they're being spied on? What kind of pouting might such an outing cause? And what might kids find if, in retaliation, they decide to hack into their parents' laptops?

(Related) Would this be a way around Internet spyware? (Yes, Bob, it would.)

Facebook-Direct Phones — and Facebook Right On the SIM

"Gemalto, a Dutch digital security company, has announced Facebook for SIM at the Mobile World Congress in Barcelona. The company's software development team has effectively shrunk Facebook down so that it fits onto a standard SIM card, enabling anyone with a GSM phone to enjoy the service even if without a data plan. In fact, the company is claiming the Facebook application is compatible with 100 percent of SIM-compliant mobile phones. As a result, it works on prepaid as well as on subscription-based mobile plans. In doing so, Gemalto is offering Facebook to millions of mobile phone users regardless of their handset type. Facebook for SIM doesn't require a data connection because it taps into a handset's SMS connectivity to allow the user to interact with the service; users can sign up for Facebook, log in directly, and even check out friend requests, status updates, wall posts, and messages, all via the dedicated SIM application."

And if that's just a bit too Facebook-centric for you, a notch down are two phones from HTC just announced in Barcelona, the Salsa and the ChaCha, with dedicated Facebook buttons.

Interesting, if true.

On Retirement, Israeli General Takes Credit for Stuxnet Attacks

"Last month, The New York Times run a story about Stuxnet having been developed by the Americans and the Israelis as a part of a joint project, but it was based on the claims by confidential sources. But, it now seems that the information from these sources was correct. The Haaretz — Israel's oldest daily newspaper — reports about the a surprising video that was played at a party organized for General Gabi Ashkenazi's last day on the job."

Sneaky, I love it

Could Your Firm's E-Mail Policy Run Afoul of the Federal Wiretap Act?

The act's robust damages scheme triggers a significant risk profile because businesses can now violate the Federal Wiretap Act much more easily and much more frequently than in the past. The act makes it unlawful intentionally to intercept an oral, wire or electronic communication using an electronic, mechanical, or other device.

Courts have consistently rejected claims by employees seeking to apply this statutory language to an employer's review of stored e-mail, holding that an "interception" under the act requires the acquisition of the content of an e-mail contemporaneously with transmission, not in storage. Because e-mail, by its very nature, cannot easily be acquired in transmission, this line of authority seemed to insulate employers from the act's rich remedial scheme.

A recent decision by the 7th U.S. Circuit Court of Appeals, however, has raised the specter of substantial civil liability for unlawful interceptions despite extant precedent in the area. In U.S. v. Szymuszkiewicz, the court affirmed the criminal conviction for Federal Wiretap Act violations of an IRS agent who, unbeknownst to his supervisor, activated the supervisor's Microsoft Outlook "autoforwarding" feature.

… The 7th Circuit's decision turned principally on whether autoforwarding e-mail constitutes an "interception" as defined by the Federal Wiretap Act. The court answered that question in the affirmative because the autoforwarding permitted the IRS agent to obtain the content of e-mail stored in his supervisor's e-mail inbox.

The 7th Circuit's decision is significant for employers because corporate IT departments commonly use Outlook's autoforwarding feature. IT departments, for example, routinely activate this feature after an employee has left an organization, or when an employee is on an extended leave of absence, so that a supervisor or co-worker can promptly respond to e-mail intended for the employee.

It also is not uncommon for corporate IT departments to rely on "e-mail journaling" to create a duplicate set of outgoing and incoming e-mail for archival purposes. Journaling essentially functions the same as autoforwarding except that the duplicate e-mail content is stored on a server for possible future retrieval rather than being transmitted directly to a third party's e-mail inbox.

E-mail journaling is a basic tool of electronic discovery as it permits the automated preservation of e-mail.

For my Computer Security students.

Your guide to the seven types of malicious hackers

Cyber criminals

Spammers and adware spreaders

Advanced persistent threat (APT) agents

Corporate spies


Cyber warriors

Rogue hackers

Are Facebook users paranoid enough to use this? I kinda doubt it.

How To Check If Someone Else Is Accessing Your Facebook Account

Tools for Geeks. You need this to move an OS from one machine to another, right?

How To Remove Windows Activation So You Can Install On A Different Computer

With piracy a constant concern for computer software companies, methods of registering and validating software are now the norm. Operating systems are no different. Microsoft Windows has long used a product key that validates the operating system.

The complexity of the validation used, however, has increased over time. Today, Microsoft has online activation servers that must validate your installation key, and your installation key is often tied to your computer. Installing a copy of Windows with the same key on a different computer can cause issues, but it’s possible to get around them.

(Related) For those intense 'cut & paste' projects...

Keep Your Computer’s Text Clipboard History With ClipCube [Windows]

You need to copy every item that you want to paste, even though that item has been copied to the clipboard before. If you are working with a long document and need to copy and paste multiple items several times, this limitation is really inconvenient.

That’s why we have clipboard managers. These tools will create a larger clipboard that can keep more items inside, keep a track of clipboard history, and give access to users to easily choose and paste any item from the history. There are many clipboard managers out there, but if you want a really tiny and portable one that handles nothing beyond text, maybe you could try ClipCube.


Windows on Speed: Ultimate PC Acceleration Manual

DOWNLOAD Windows On Speed or Read now on Scribd

Tuesday, February 15, 2011

“They made it public, we're just making sure everyone knows about it.”

Facebook Data of 1.2 Million Users from 2005 Released: Limited Exposure, but Very Problematic

February 15, 2011 by Dissent

Michael Zimmer writes:

Last week, a Facebook dataset was released by a group of researchers (Amanda L. Traud, Peter J. Mucha, Mason A. Porter) in connection with their paper studying the role of user attributes – gender, class year, major, high school, and residence – on social network formations at various colleges and universities. The dataset — referred to by the researchers as the “Facebook 100″ — consists of the complete set of users from the Facebook networks at 100 American schools, and all of the in-network “friendship” links between those users as they existed at a single moment of time in September 2005.

The research paper indicates that the Facebook data was provided to the researchers “in anonymized form byAdam D’Angelo of Facebook.” (D’Angelo left Facebook in 2008.) Curious as to what precisely was included in the data release, and what steps towards anonymization were taken, I downloaded the data (200 MB zip file) on the morning of February 11.


Thus, the datasets include limited demographic information that was posted by users on their individual Facebook pages. The identity of users’ dorm and high schools were obscured by numerical identifiers, but to my surprise, the dataset included each user’s unique Facebook ID number. [So, not really anonymous. Bob] As a result, while user names and extended profile information were kept out of the data release, a simple query against Facebook’s databases would yield considerable identifiable information for each record. In short, the suggestion that the data has been “anonymized” is seriously flawed.


“The Internet was designed so we could make money.”

Google Wants Case About Leaked Name Dismissed

February 14, 2011 by Dissent

Wendy Davis reports the latest development in Gaos v. Google, a lawsuit mentioned previously on this blog that involves referrer urls that may leak personal information:

Google is urging a federal court to dismiss a privacy lawsuit filed by San Francisco resident Paloma Gaos who alleges that her name was leaked to Web sites she visited after conducting vanity searches.

Automatically transmitting search queries to publishers — even when the queries include users’ names — “is actually a routine and foundational aspect of the Internet,” Google asserts in a motion filed late last week in U.S. District Court in San Jose, Calif. The search giant also argues that the lawsuit filed by Gaos should be dismissed because she isn’t alleging any economic loss — which some courts have held necessary in privacy lawsuits.

Read more on Media Post.

Related: Google’s motion.

Apparently, this is not a Saturday Night Live skit.

Senate Judiciary names Franken head of new privacy, tech subcommittee

Sen. Al Franken (D-Minn.) on Monday was named chairman of a new Judiciary subcommittee for Privacy, Technology and the Law. Sen. Tom Coburn (R-Ok.) will serve as ranking member, according to a release by the Senate Judiciary Committee.

Franken, an outspoken former comedian and author, has been an ardent supporter of tech policies such as net neutrality and warned of too much power being consolidated through Comcast's acquisition of NBC Universal.

… Franken said in a release that an unprecedented amount of personal information is in the hands of large companies that are "unknown and unaccountable to the American public." [Fifth Columnists? Perhaps they are in the “Fortune Secret 500?” Bob]

… The Subcommittee on Privacy, Technology and the Law will oversee laws and policies governing the collection, protection, use and dissemination of commercial information by the private sector, including online behavioral advertising, privacy within social networking Web sites and other online privacy issues.

“Our students are like terrorists. We have to keep them under surveillance at all times!”

NYC: ‘Spier’ education: Officials pull plug on website promoting hidden camera gadgets for principals

February 14, 2011 by Dissent

Rachel Monahan reports that the New York Daily News uncovered some really nasty spying in the NYC schools:

School principals-turned-Inspector Gadgets had their online spy-gear store shuttered after the Daily News exposed their link to the sleuthing market.

The city Education Department pulled the plug on its website portal to an I-Spy-type arsenal where principals browsed for hidden cameras to trick out their halls.

Among the 45 undercover devices The News found listed on the site, were:

  • A fluffy teddy bear with a built-in camera.

  • A mini-cam fitted electric pencil sharpener.

  • Neckties that double as spy-ties.

After inquiries from The News, the city pulled the spy gear down from its site [...because until then, “no one had any complaints...” Bob] and the New York Civil Liberties Union blasted the the online bazaar as Big Brother Gone Wild.


City Education Department spokeswoman Deidrea Miller said the agency has asked the special commissioner for investigation to look into the spying.

“Purchasing hidden cameras would not be an appropriate use of school funds,” she said. “We are aware of an allegation that one school is using a device.”

Read more in the Daily News.

Wait a minute. They’re asking for an investigation into the spying. Wasn’t this their own web site portal?

I expect we’ll see more on this story as we do not yet know whether any images were stored, who was viewing them, etc.

Could “the next Bird Flu” require us to create a town (state) of “Typhoid Marys?”

February 14, 2011

New York State Public Health Legal Manual - A Guide for Judges, Attorneys and Public Health Professionals

"In today’s world, we face many natural and man-made catastrophic threats, including the very real possibility of a global influenza outbreak or other public health emergency that could infect millions of people. While it is impossible to predict the timing or severity of the next public health emergency, our government has a responsibility to anticipate and prepare for such events. An important element of this planning process is advance coordination between public health authorities and our judicial and legal systems. The major actors in any public health crisis must understand the governing laws ahead of time, and must know what their respective legal roles and responsibilities are. What is the scope of the government’s emergency and police powers? When may these be invoked, and by which officials? What are the rights of people who may be quarantined or isolated by government and public health officials? These questions must be researched and answered now—not in the midst of an emergency—so that the responsible authorities have a readymade resource to help them make quick, effective decisions that protect the public interest. This New York State Public Health Legal Manual - A Guide for Judges, Attorneys and Public Health Professionals, Michael Colodner, Editor-in Chief, is designed to serve this purpose. It will be an absolutely essential tool in guiding us through the effective management of future public health disasters."


Dept. Homeland Security: Handbook for Safeguarding Sensitive Personally Identifiable Information at DHS

February 14, 2011 by Dissent

Handbook for Safeguarding Sensitive Personally Identifiable Information at DHS Updated 1-19-2011

The Handbook provides step-by-step guidance on how to identify and protect Sensitive PII:

  • In the office or an alternate worksite

  • On a portable device, such as blackberry or laptop

  • When sent by email, fax, or other electronic transfer

  • When sent by mail: external, overseas and inter-office

  • When stored on a shared drive

  • When you are on official travel

The Handbook also provides simple instructions on:

  • Encrypting Sensitive PII

  • Securing Sensitive PII when it is not in use

  • Disposing of Sensitive PII

Department of Homeland Security: Handbook for Safeguarding Sensitive Personally Identifiable Information at DHS

[From the Handbook:

Remember that you must secure Sensitive PII in a locked drawer, cabinet, cupboard, safe, or other secure container when you are not using it. Never leave Sensitive PII unattended and unsecured. [Could this be considered a mandate for encryption? Bob]

Who's who?

February 14, 2011

2011 Worldwide Threat Assessment of the U.S. Intelligence Community

Statement for the Record on the Worldwide Threat Assessment of the U.S. Intelligence Community for the House Permanent Select Committee on Intelligence, James R. Clapper, Director of National Intelligence, February 10, 2011

  • "This statement goes into extensive detail about numerous state and non-state actors, crosscutting political, economic, and military developments and transnational trends, all of which constitute our nation's strategic and tactical landscape. Although I believe that counterterrorism, counterproliferation, and counterintelligence are at the immediate forefront of our security concerns, it is virtually impossible to rank—in terms of long-term importance—the numerous, potential threats to U.S. national security. The United States no longer faces—as in the Cold War—one dominant threat. Rather, it is the multiplicity and interconnectedness of potential threats—and the actors behind them—that constitute our biggest challenge. Indeed, even the three categories noted above are also inextricably linked, reflecting a quickly-changing international environment of rising new powers, rapid diffusion of power to non-state actors and ever greater access by individuals and small groups to lethal technologies. We in the Intelligence Community believe it is our duty to work together as an integrated team to understand and master this complexity. By providing better strategic and tactical intelligence, we can partner more effectively with Government officials at home and abroad to protect our vital national interests."

“Well, see, it's not really a sale. We're leasing you the right to treat the book like you own it, up to the point where you would try actually doing something...” (Perhaps only libraries should buy books?)

E-Book Lending Stands Up To Corporate Mongering

"Publishing Perspectives is talking today about the rise of e-book lending, which, one would hope, will lead to a rise in questioning exactly how far one's digital rights extend. Although the articles are mostly talking about the authorized lending programs through Kindle and Nook ('The mechanics are simple: ebook owners sign up and list books that they want to allow others to borrow. When someone borrows one of the ebooks you have listed, you earn a credit. Credits can also be purchased for as little as $1.99 from eBook Fling'), we have to ask ourselves why we are suddenly paying publishers more for less. In the case of iBooks, you can't even transfer your books to another device, let alone another user, but then at least the prices are somewhat controlled. In the case of sites like BooksOnBoard, you've got ridiculously out-of-control prices with a greatly decreased cost of delivery. It's not all bad, don't get me wrong; Kobo offers competitive prices that never leave me feeling ripped off or stuck with an inferior product. Still, I can't help but think: digital rights management, sure! Where are my rights, as a consumer, and who is managing them? I wouldn't mind selling the rights back to the publisher or store for in-store credit; I also wouldn't be terribly bothered if they got a reasonable cut off the resale of the product to someone else. What I won't like is if they never allow it or continue to make it impossible for me to sell what's rightfully mine."

(Related) Of course, it could never happen with hardware...

Best Buy Brings In Ozzy And Bieber To Completely Hose TechForward, Says Lawsuit

You don’t see total betrayals like this every day. But if the facts that TechForward are alleging in their lawsuit (embedded below) against Best Buy are true, this is some truly sleazy stuff.

… TechForward says that the way they do the buybacks is important – price, exercise rates, etc. BestBuy allegedly held out the promise of a partnership and got TechForward to give them highly proprietary data under a confidentiality agreement.

And then the best part. Just six weeks after the disclosure of information, Best Buy ended discussions and:

Best Buy announced to the world that it was implementing its own buyback program — called the Buy Back Plan (“BBP”) — which is virtually identical to TechForward’s Guaranteed Buyback Plan in its program structure, marketing materials and terms and conditions. To make matters worse, the Best Buy executives who supposedly “developed” this buyback program are the exact same executives who worked with TechForward on the pilot Guaranteed Buyback Plan program for Best Buy and who received TechForward’s highly confidential information.

… The plans have almost exactly the same terms. Here’s Best Buy, and here’s TechForward.

For student research...

Most Useful Discovery Engines: Search for Similar Pages

We all know how the Web search works

… But what if you don’t exactly know how to describe the concept or the topic you are interested in?

… In this case, you need to try discovery search engines: these tools rank the Web by similarity (not by popularity). They allow you to discover more pages based on the one you found most relevant.

Google’s Related: Operator

I have mentioned this neat search operator when listing google tricks when you don’t know what to search for. I also reviewed the visualization tool based on this operator called TouchGraph which can be used as discovery tool as well.

Similar Pages

Similar Pages is a standalone tool that uses its own technology and claims to let users dig into the “hidden” parts of the web

Similar Sites

SimilarSites (and its FireFox addon Similar Web) works similarly to the above one. We have written a review of SimilarSites previously.

Dilbert comments on corporate ethics...

Monday, February 14, 2011

Interesting question...

UConn tries to keep donors private

February 13, 2011 by Dissent

The Associated Press reports:

The University of Connecticut is fighting in court to prevent the release of lists naming its supporters, arguing they amount to trade secrets that other institutions could use to lure away Huskies fans’ dollars and loyalties.

Open-records experts say it’s the first time Connecticut’s courts will have to decide whether public entities, not just businesses, can invoke a trade-secret exemption to keep information private – even if it was created at public expense.

Read more on CNN.

I don't think there is a “conservative” v. “liberal” version of security except for the fundamentals: How much government? Who is responsible?

February 13, 2011

Backgrounder - 10 Conservative Principles for Cybersecurity Policy

10 Conservative Principles for Cybersecurity Policy, by Paul Rosenzweig, George Washington University School of Law; Posted FEbruary 10, 2011

  • "In the age of the Internet, which now determines daily life for Americans, many threats to the U.S. now exist in the cyber domain. Cybersecurity is a near constant theme in Washington, as well as for private companies around the country. Congress and government agencies are clamoring to develop policies and strategies to protect national security and commercial interests. Internet attacks are already a standard feature of modern life, and the threats and their implications—from hacking into company sites to steal credit card numbers to hacking into government computers for espionage—are growing fast. Cybersecurity must be addressed—the right way. This Heritage Foundation paper outlines the basic facts of the Internet—and the policy principles to which they lead."

Does this sound reasonable to you? Aren't they merely automating existing paperwork systems?

Ca: Huge police database in works

February 13, 2011 by Dissent

Karen Kleiss reports:

The Alberta government is quietly building a $65-million police information database that will allow officers across the province to share details about proven and suspected criminal activity in real time.

The Alberta Law Officers’ Network, or Talon, is meant to help police catch increasingly sophisticated criminals, but civil liberties groups and academics worry it unnecessarily invades citizens’ privacy and will be open to abuse.


Talon will allow them to quickly access information about a person of interest, just as the Canadian Police Information Centre does, though the databases contain different kinds of information.

CPIC contains details about pending charges and a permanent record of convictions, as well as information about recent acquittals and discharges.

Talon contains much more sensitive and personal information, including speculations, unproven allegations, investigation theories, details of 911 calls — virtually any record of a citizen’s contacts with the police.

Police services in Alberta already collect this information and share it thorough traditional channels, but Talon gives them instantaneous, real-time access to information from Lethbridge to High Level, Jasper to Lloydminster.

Unlike CPIC, officers will not have to provide a reason for accessing the information.

Read more on Edmonton Journal.

(Related) As long as we don't totally rely on the computer...

Virus Shuts Down Australian Ambulance Dispatch Service

"Computers which co-ordinate ambulances in NSW, Australia, are back online in three of the state's regions after a major virus forced staff to shut them down for more than 24 hours. The virus crept into the Ambulance Service of NSW's dispatch system, prompting staff to co-ordinate paramedics by telephone and handwritten notes. The cause and source of the virus are not yet known."

Interesting that the “support forum” is currently unavailable...

Recent HP Laptops Shipped CPU-Choking Wi-Fi Driver

"Computer manufacturers have recently come under fire for the continued practice of shipping machines with excessive bloatware. Software preinstalled on some recent HP laptops was worse than normal though, consuming anywhere from 25-99% CPU by making incessant WMI queries, resulting in overheating laptops and reduced battery life. Users on a computer Q&A site did some sleuthing, and revealed that HP Wireless Assistant — software which does nothing but tell the user when their WiFi adapter is turned on or off — was causing the problem. According to an HP support forum, the problem is fixed in later versions, but thousands of laptops have the software installed, and the software does not get updated automatically."

For my Computer Security students

How To Check If Someone Is Stealing Your WiFi – And What You Can Do About It

… In my article on Cool WiFi Devices You’ve Probably Never Heard Of, I showed you a $100 commercially available router that would automatically hack your WEP-protected WiFi network in less than half an hour. Apart from the obvious fact that your internet will be slower, the hacker might be using your internet to do nefarious evil things – all of which could easily be traced back to you. So how you can find out if someone is using your WiFi, and perhaps more importantly – what exactly can you do about it?

For my students

Online Employment Rising Dramatically

… Elance, the online clearinghouse that puts employers and freelancers together, is reporting dramatic growth in the number of online jobs for the fourth quarter of 2010. We're talking about a 38% increase over the fourth quarter from the previous year. Overall the amount of money getting paid out on jobs has increased an average of 11% each quarter over the past year, as well.

Wordpress is the bomb when it comes to content management systems. In fact, skills in Wordpress are worth their weight in gold. It's the number two most desired expertise coveted by online employers, trailing only behind PHP.