Saturday, March 12, 2011

With less than a week until the Privacy Foundation's seminar on “Lawyers int the Cloud” (see for details) I found a great way to explain Cloud Computing so even Lawyers can understand it!

How 10-year-olds explain Cloud Computing

Interesting that their “expression of concern” comes a mere month after the House Privacy Caucus expressed the same concerns. I also note that they have no proposal for an alternative other than “don't do it.” Perhaps they believe that individuals are too stupid/naive to understand what any exalted politician can grasp?

Facebook’s New Privacy Policy Puts Users at Great Risk

March 11, 2011 by Dissent

Senator Al Franken writes:

In January, Facebook made a troubling announcement that it plans to allow third-party developers to request access to the home addresses and phone numbers of users. Despite Facebook’s insistence that it will protect its users, I believe this policy will place users at great risk. That’s why I wrote a letter with Sens. Charles E. Schumer (D-N.Y.), Sheldon Whitehouse (D-R.I.), and Richard Blumenthal (D-Conn.) to CEO Mark Zuckerberg urging him to stop plans for this new third party access to personal data. Armed with nothing more than a Facebook user’s phone number and home address, anyone with an Internet connection and a few dollars can obtain personal information they should never have access to, including a user’s date of birth, e-mail address, or estimated income. In fact, by using this information, an identity thief could get almost all of the data he would need to apply for a loan or a credit card in the name of an unsuspecting Facebook user.

Read more on Huffington Post.

Related: Senate Democrats Push Facebook on Privacy (Politico)

[From the Politico article:

"Anyone with ten minutes, 25 dollars and a Facebook user's phone number and address and no other information can obtain a breathtaking amount of information about that Facebook user — and that Facebook user's family, friends, neighbors and landlord," they wrote. "Combined with a targeted Google search, these two pieces of information can allow someone to obtain almost all of the information necessary to complete a loan or credit card application. It is hard to contemplate all the different ways in which this information could be abused."

(Related) Here is what Data Mining companies know about you without Facebook's help. Note that it isn't always accurate...

What Data Mining Firms Know About You

"Time writer Joel Stein spent three months learning what data mining companies know about him. After learning everything the companies had profiled about him (some of it inaccurate) — social security number, age, marital status, religion, income, debt, interests, browsing and spending habits — he had a surprising reaction: complacency. '... oddly, the more I learned about data mining, the less concerned I was. Sure, I was surprised that all these companies are actually keeping permanent files on me. But I don't think they will do anything with them that does me any harm. [...for some definitions of harm? Bob] There should be protections for vulnerable groups, and a government-enforced opt-out mechanism would be great for accountability. But I'm pretty sure that, like me, most people won't use that option. Of the people who actually find the Ads Preferences page — and these must be people pretty into privacy — only 1 in 8 asks to opt out of being tracked. The rest, apparently, just like to read privacy rules."

This is confusing. What “secret” are they protecting?

EFF and ACLU Respond: Court Rules Against Privacy in Battle Over Twitter Records

March 11, 2011 by Dissent

EFF has issued the following statement in response to today’s developments:

A federal magistrate judge in Virginia ruled today that the government can collect the private records of three Twitter users as part of its investigation related to WikiLeaks, and that those users and the public can be prevented from seeing some of the documents that the government submitted to the court to justify obtaining their records. [What justification should remain 'secret?” Bob] The court denied the government’s request to conduct last month’s hearing about the records in secret, however, and the court made public all of the documents related to the users’ legal challenge. The Electronic Frontier Foundation (EFF) and the American Civil Liberties Union plan to appeal the decision on behalf of their client Birgitta Jonsdottir, an Icelandic parliamentarian.

The secret government demands for information about the subscribers’ communications came to light only because Twitter took steps to ensure their customers were notified and had the opportunity to respond. [Twitter was not always so noble. See below Bob] The ACLU and EFF also asked the court to make public any similar orders to any other companies

This ruling gives the government the ability to secretly amass private information related to individuals’ Internet communications. Except in extraordinary circumstances, the government should not be able to obtain this information in secret. That’s not how our system works,” said Aden Fine, staff attorney with the ACLU Speech, Privacy, and Technology Project. “If this ruling stands, our client may be prevented from challenging the government’s requests to other companies because she might never know if and how many other companies have been ordered to turn over information about her.”

“With so much of our digital private information being held by third parties – whether in the cloud or on social networking sites like Twitter – the government can track your every move and statement without you ever having a chance to protect yourself,” said EFF Legal Director Cindy Cohn. “We’re disappointed that the court did not recognize that people using digital tools deserve basic privacy and that the government should be required to meet a high standard before it demands private information about you from the online services you use, be they Twitter, Facebook, Gmail or Skype.”

EFF and the ACLU plan to appeal the ruling on behalf of their client.

For today’s ruling:

For more on this case:

For this release:

ACLU has also issued a statement, stating, in part:

We are disappointed with the court’s decision. The government should not be able to secretly gather private information related to individuals’ Internet communications. Unless the government obtains a warrant, individual users should have the right to find out about these orders and to go to court to challenge the government’s justification for obtaining them.

Today’s ruling — which rejected users’ ability to even mount a challenge in many circumstances — fails to recognize that in today’s world, these sorts of secret government requests involve personal and private information. Our privacy in our Internet communications should not be so easily sacrificed.

The fight far from over, though. We plan to appeal today’s decision.


Twitter Settles With Feds Over ‘09 Obama Hack

Records management for my Computer Security students. Does your industry require you to keep communications with clients?

March 11, 2011

How Federal Agencies Can Effectively Manage Records Created Using New Social Media Tools

How Federal Agencies Can Effectively Manage Records Created Using New Social Media Tools, Patricia C. Franks, Associate Professor, School of Library & Information Science, San Jose State University

  • "Dr. Franks’ report addresses the challenges of federal recordkeeping in the social media age. She describes the struggle of agency records managers to keep up with the information revolution, as well as the historical evolution of how records management and information technology have become both intertwined and yet separated by “silos” in many agencies. She identifies the governance challenges, the policy challenges, the technology challenges, as well as the capacity challenges to address these issues. She concludes with recommendations for improving social media records management, and offers a series of best practices based on interviews with dozens of records managers, Web masters, and social media managers across the federal government."

[From the report:

Recommendation Four: Information technology offices should:

• Integrate records management solutions and incorporate the costs of records management requirements

Undertake research initiatives for the preservation of digital objects created with new media

I don't think they like it...

'Son of ACTA' Worse Than Original

"TechDirt has the latest on the leaked US proposals for the 'Son of ACTA' treaty and it looks worse than the original. It's practically a checklist for how to kill innovation while making lawyers rich. In particular, they call for expanding what's patentable, blocking people from buying copyrighted goods in other countries and taking them home, expanding liability for ISPs whose users commit acts of infringement, forcing ISPs to identify their users to anyone on demand, and getting rid of third-party patent review while expanding the presumption that they're valid. The only way it could get any worse would be if it were enacted in law."

Search for “right now!”

Friday, March 11, 2011

Topsy - Real-time Search of the Social Web

Topsy is a search engine that scours the Internet for the most recent and most talked about links, images, and Tweets on the web.

To use Topsy just enter a search term like you would with any other search engine. The difference with Topsy is that your results are ranked according to how much a link or image has been discussed or shared on the web. The more something has been shared or discussed, the higher it ranks in results. You can sort your results by links, images, Tweets, or "experts." Experts in Topsy's rankings are people and organizations that are linked to most frequently compared to other sources. You can also narrow your search results according to time of posting on the web. For example, you can narrow your results to just links that have appeared in the last hour.

Toward a Star Trek Tricorder? Perhaps there is a Business model here for these small “clip on” attachments to cellphones – a “let us bring your invention to market” kind of thing?

Turn Your Cellphone Into a High-Powered Scientific Microscope


Smartphone Device Detects Cancer In an Hour

Friday, March 11, 2011

A rare “encrypted laptop” Just thought I'd let you know that it does happen on occasion!

Stolen laptop creates concern for OrthoMontana patients

By Dissent, March 11, 2011

Rob Rogers reports:

OrthoMontana is scrambling to warn current and past patients that their personal information may be on a laptop computer that was recently stolen from the company.

The Billings orthopedic and sports medicine practice has sent letters across the city to those who may have been impacted.


The laptop was heavily encrypted — two sets of user names and passwords plus a “biometric finger scan” was required to access its files, he said.

Read more in the Billings Gazette.

It’s nice to see a stolen laptop that actually had more than just a user/pass to access and this may give the practice safe harbor in terms reporting the incident to HHS. We’ll have to wait to see if it is reported to them. There is no statement on the OrthoMontana site at this time.

The old, “It could be worse” argument? Perhaps this is just an honest look at the future.

DHS: We Have the Authority to Routinely Strip-Search Air Travelers

March 11, 2011 by Dissent

From EPIC:

The Department of Homeland Security told a federal court that the agency believes it has the legal authority to strip search every air traveler. The agency made the claim at oral argument in EPIC’s lawsuit to suspend the airport body scanner program. The agency also stated that it believed a mandatory strip search rule could be instituted without any public comment or rulemaking. EPIC President Marc Rotenberg urged the Washington, DC appeals court to suspend the body scanner program, noting that the devices are “uniquely intrusive” and ineffective. EPIC’s opening brief in the case states that the Department of Homeland Security “has initiated the most sweeping, the most invasive, and the most unaccountable suspicionless search of American travelers in history,” and that such a change in policy demands that the TSA conduct a notice-and-comment rule making process. The case is EPIC v. DHS, No. 10-1157. For more information, see EPIC: EPIC v. DHS and EPIC: Whole Body Imaging Technology.

Another escalation of power by 'grand frère' (Interesting that translates “Big Brother” as “Big Brother”)

France re-writes the rules of data retention

March 11, 2011 by Dissent

Peter Fleischer writes:

When Europe introduced a Data Retention Directive in 2006, it struck a very very careful political and legal balance between the interests of privacy and the interests of Law Enforcement/ Government access to data. The core distinction of the laws was to impose an obligation on service providers to retain and produce traffic data relating to communications, but to exclude contents of communications.


Surprisingly, very few people have noticed what just happened in France. The law (decree, technically) adopted a few days ago in France up-ended the careful political/legal balance of the Directive by inserting one little word: “passwords”.

Read more on Peter Fleischer: Privacy…?

A Cloud Computing assessment?

Data Protection and Privacy: Hitting a Real World Wall

March 11, 2011 by Dissent

Laurence Eastham writes:

With doubts about implementation of the EU’s ‘cookie consent’ requirements and the suggestion that cloud cuckoo land has at last been found (apparently it is in Denmark), it is time to ask if there is a disconnect between commercial reality and privacy requirements. And whose fault is it? You may have missed the story about the Danish data protection regulator and the application from a local education authority to use cloud computing for certain purposes. Summarising wildly, Datatilsynet told Odense Municipality that it could not use Google Apps online office suite with calendar and document processing features because Google Ireland was not to be trusted. Among other objections, the Datatilsynet view was that the local authority had done insufficient risk assessment. There is a short account here and the full rejection is here.

Read more from the Editor’s Blog on SCL.

[From the article:

The reaction has included the suggestion that Denmark is not part of the real world.

… Getting in the way of the cloud is seen as standing in the way of progress and practically Luddite.

[From the brief account:

The Data Protection Agency gives five reasons for its rejection.

1. The municipality has not documented that the data to be processed with Google Apps will not be transferred to data centres outside of the EU covered by the EU Commission’s safe harbour regime. [Location, location, location Bob]

2. The risk assessment done by the municipality with respect to the security of the data is not deemed satisfactory, e g with respect to encryption of data. [Security Bob]

3. The data processing agreement between the municipality and Google does not comply with the requirements under the Danish Act that the terms of the agreement can only be altered on the instruction by the municipality. [Google can change the rules at whim... Bob]

4. The Data Protection Agency considers that the municipality is not able to comply with the rule under the Danish Act that requires the municipality to be in efficient control with respect to whether the security measures to be observed by Google as data processor are in fact complied with. [Google is not under control Bob]

5. The Data Protection Agency considers that the municipality has not shown that the requirements under the Danish Act will be complied with, among other things with respect to that data after use shall be deleted and no recreation possible. [Does Google own the data? Will they permanently archive it? Bob]

More Cloudiness revealed?

March 10, 2011

Wikileaks and Freedom, Autonomy and Sovereignty in the Cloud

You Have No Sovereignty Where We Gather – Wikileaks and Freedom, Autonomy and Sovereignty in the Cloud, Balázs Bodó - Budapest University of Technology and Economics; Stanford Law School Center for Internet and Society, March 7, 2011

  • "Wikileaks represents a new type of (h)activism, which shifts the source of potential threat from a few, dangerous hackers and a larger group of mostly harmless activists – both outsiders to an organization – to those who are on the inside. For insiders trying to smuggle information out, anonymity is a necessary condition for participation. Wikileaks has demonstrated that the access to anonymity can be democratized, made simple and user friendly. Being Anonymous in the context of Wikileaks has a double promise: it promises to liberate the subject from the existing power structures, and in the same time it allows the exposure of these structures by opening up a space to confront them. The Wikileaks coerced transparency, however, is nothing more than the extension of the Foucauldian disciplinary power to the very body of state and government. While anonymity removes the individual from existing power relations, the act of surveillance puts her right back to the middle. The ability to place the state under surveillance limits and ultimately renders present day sovereignty obsolete. It can also be argued that it fosters the emergence of a new sovereign in itself. I believe that Wikileaks (or rather, the logic of it) is a new sovereign in the global political/economic sphere. But as it stands now, Wikileakistan [I like it! Bob] shares too much with the powers it wishes to counter. The hidden power structures and the inner workings of these states within the state are exposed by another imperium in imperio, a secretive organization, whose agenda is far from transparent, whose members, resources are unknown, holding back an indefinite amount of information both on itself and on its opponents. I argue that it is not more secretive, one sided transparency which will subvert and negate the control and discipline of secretive, one sided transparency, it is anonymity."

A minor ethical breach? Will “I didn't mean to...” be an adequate defense?

OH: Trouble not over for official fired over e-mail snooping

March 11, 2011 by Dissent

Randy Ludlow reports:

The former top lawyer at the Ohio Department of Public Safety faces professional misconduct charges because he intercepted confidential e-mails involving the state inspector general and others.

Joshua Engel has been charged by the state’s legal-ethics watchdog with misconduct that interfered with the administration of justice and that calls into question his fitness to practice law.

Engel was fired last year after officials discovered that he had ordered the installation of a computer “filter” that automatically copied him on e-mails between Public Safety employees, the inspector general’s office and Dispatch reporters.

Read more in the Columbus Dispatch.

Previous coverage on can be found here.

[From the Columbus Dispatch article:

Columbus lawyer Larry James, who represents Engel, said he hopes to reach an agreement specifying Engel's punishment and that a public reprimand or stayed six-month suspension of his law license appears to be appropriate.

"We think the lack of intent (to obtain confidential information) carries the day," James said . "No one has an expectation of privacy when an employer has the right to monitor the e-mails of any employee."

If the search comes to you, is it a search?

Law Enforcement Use of Global Positioning (GPS) Devices to Monitor Motor Vehicles: Fourth Amendment Considerations

March 11, 2011 by Dissent

From the Congressional Research Service:

Alison M. Smith, Legislative Attorney, February 28, 2011

This report discusses the basics of GPS technology, society’s reliance on it, and some of the related legal and privacy implications. In addition, the report examines legislative and judicial responses on both federal and state levels.

Read the report on CRS. h/t

For my Data Analysis students

How Big Data Justifies Mining Your Social Data

"Paul Krill reports that one of the big uses of the new "Big Data" analytics technology is to mine the information people post through social networking. Which led him to ask 'What gives Twitter, Facebook, et al. the right to mine that data?' It turns out, users do when they sign up for social networking services, even if they don't realize that — but less clear is the ownership of other information on the Web that these tools also mine."

It couldn't happen to a nicer bunch of guys... I think they should pay. Otherwise companies like this could use frivolous lawsuits to chip away at competitors or anyone else they don't like.

Copyright Troll Complains of Defendant's Legal Fees

"Copyright enforcement company Righthaven, accused of coercing defendants into settling with threats of damages of $150,000 and forfeiture of the defendants' website domain names, is complaining that one of its litigation foes is needlessly running up legal costs that Righthaven may end up having to pay. In one of its more extensively-litigated cases, Righthaven sued the Democratic Underground last year after a message-board poster re-posted the first four paragraphs of a 34-paragraph Review-Journal story. After suffering a fair-use setback in another case involving a partial story post, Righthaven tried to drop its suit against the Democratic Underground, which would have resulted in a finding of 'no infringement.' But the Democratic Underground is pressing for Righthaven to pay its attorney's fees and says new evidence had surfaced that would bolster their case. 'Defendants agree that this case should be over — indeed, it should never have started. But it should not end until Righthaven is called to account for the cost of the defense it provoked,' say attorneys for the EFF. 'To allow Righthaven to avoid compensating those who have no choice but to defend would be unjust and unsupportable.' In related news, Righthaven has filed five more lawsuits, bringing their total since March 2010 to 246 lawsuits."

(Related) Another “We have no sense of humor (or any other sense)” lawsuit

US Lawyers Target Swedish Pirate, and His Unicorn

"When a Swedish citizen identified as Ryan heard about US movie studio Liberty Media's plan to get copyright infringers to confess and voluntarily pay up, he couldn't stop himself from sending them a satirical email promising that he will pay 'from the pot of gold I got at the leprechaun at the end of the rainbow', regardless of scathing criticism of the studio from his unicorn. However, despite his location, the jesting nature of the email, and his insistence that he has never downloaded anything for which the studio is suing, Liberty Media's lawyers have taken the 'confession' seriously, and have issued a subpoena to Google for personal information related to Ryan's Gmail account. In a phone call, the legal team affirmed their determination to 'hunt him down, all the way to Sweden if need be.'"

Unless most of the big players follow suit, this will result in increased tax revenue and therefore be adapted by other states.

Amazon ends affiliate program in Illinois is ending another affiliates program over states' efforts to collect sales tax.

The Internet retailer notified its affiliates in Illinois yesterday that it would sever their business relationships after Illinois Gov. Pat Quinn signed into law a bill that would require in-state affiliates to collect state sales tax on purchases made by Illinois residents. Affiliates place ads for retailers on their Web sites and get paid when customers make purchases via the ads.

For my Computer Security students. Perhaps I could integrate this into my “no cellphones in the classroom” policy.

New Attack Can Disable Phones Via SMS

"A pair of security researchers from Germany demonstrated several techniques at the CanSecWest conference here Wednesday that enable them to remotely reboot, shut down or even completely disable many popular mobile phones with SMS messages. The technique that Nico Golde and Collin Mulliner discussed relies on setting up a GSM network and sending specially crafted SMS messages to handsets. The pair showed a video demonstration of phones from a wide range of manufacturers, including LG, Sony Ericsson, Nokia and others rebooting, freezing and generally acting flaky after receiving the crafted SMS messages they sent."

Thursday, March 10, 2011

Nice of them...

Verizon Offers Refunds For Fraudulent SMS Messages

"Verizon has filed a lawsuit against a group of people and related companies that it alleges duped people into signing up and getting charged for premium short message services. Because some of the short message programs the defendants set up complied with Verizon's rules, Verizon says it is unable to identify which customers didn't know about the charges for the services. As a result it has set up a Web page where customers can file a claim form and get reimbursed if they were wrongly charged for the services."

Why not? Everyone else does...

Judge uses Facebook to research litigant

March 10, 2011 by Dissent

Evan Brown notes:

We’ve all heard the stories about lawyers using social media to research jurors and to gather evidence about opponents. But here’s a new twist: even judges look to Facebook to find information about the parties appearing before them.

In Purvis v. Commissioner of Social Sec., 2011 WL 741234 (D.N.J., Feb. 23, 2011), the question before federal judge Susan Davis Wigenton was whether the plaintiff had been wrongfully denied Social Security benefits.

Read more on Internet Cases.

(Related) ...and that's not always good.

The Problems with Requesting Access to Online Communities

March 10, 2011 by Dissent

Woodrow Hartzog writes about an increasing concern: entities requesting – or worse, demanding – access to a person’s online communications as part of a hiring process or other process:

The practice of asking for access to other’s online communities is not new. City governments and high school cheerleading coaches have requested access to social media profiles. Even the Florida Bar Association has indicated that certain applicants, such as those with a history of substance abuse, might be required to provide access to their social media profiles.

The commentary on these activities has been critical. From a security angle, asking for usernames and passwords is always tricky because individuals notoriously use the same username and password for everything. Someone’s Facebook login credentials could also provide access to their online banking and e-mail account. Some critics have also noted that once someone else is in possession of an individual’s username and password,they have the ability to lock out the individual by changing the password.

Read more on CIS.

Ah, them Frenchies is strange...

Foggy thinking about the Right to Oblivion

March 9, 2011 by Dissent

Peter Fleischer, Google’s Global Privacy Counsel, has a personal blog where he shares his own (not his boss’s) thoughts. He writes:

In privacy circles, everybody’s talking about the Right to be Forgotten. The European Commission has even proposed that the “right to be forgotten” should be written into the up-coming revision of the Privacy Directive. Originally, a rather curious French “universal right” that doesn’t even have a proper English-translation (right to be forgotten? right to oblivion? right to delete?), le Doit a l’Oubli, is going mainstream. But, what on earth is it? For most people, I think it’s an attempt to give people the right to wash away digital muck, or delete the embarrassing stuff, or just start fresh. But unfortunately, it’s more complicated than that.

Peter then goes on to frame the issue as a series of specific scenarios or questions.

It’s a really thoughtfully written post, and I encourage readers to read it all.

Via Kashmir Hill, who provides her own commentary on Peter’s comments.

All you have to do is risks your Fed Funds...

Ferpa Does Not Prohibit U. of Illinois From Releasing Student Records, Judge Rules

March 9, 2011 by Dissent

Elyse Ashburn reports on a federal court order that because FERPA does not prohibit the University of Illinois from disclosing educational records of students, the university must disclose them in response to a FOIA request by the Chicago Tribune. I had blogged about the case earlier today. The judge’s analysis seemed to be that because no university is required to accept federal funding, no university is required to comply with FERPA. Therefore, because no federal law explicitly prohibited the U. of Illinois from disclosing the records, they were not exempt from Illinois’s laws regulating freedom of information requests.

In her coverage of the ruling, Ashburn writes, in part:

Steven J. McDonald, an expert on Ferpa and the general counsel at the Rhode Island School of Design, says a handful of other cases have looked narrowly at the question of whether Ferpa “prohibits” public colleges from releasing records. Some courts have arrived at conclusions similar to Judge Gottschall’s, he said. But others have held that as a practical matter a college could not reject federal funds and that, therefore, Ferpa is tantamount to a prohibition on releasing educational records.

He did not know of any cases where a public college had ultimately handed over student records that forced it to forgo federal funds. “It would shut a college down.”

Read more in the Chronicle of Higher Education.

Technology marches on!

Text Messages To Replace Stamps In Sweden

"Sweden and Denmark are running tests on replacing stamps with text messages. The writer sends a text message to a central server, which bills for the stamp and returns a code to be written on the letter. It's an interesting system but it better have very good security. Could this be the end of stamp collections and philately?"

For my Computer Security and Ethical Hacking students. How to be a detect a Con Man.

Book Review: Social Engineering: The Art of Human Hacking

"One can sum up all of Social Engineering: The Art of Human Hacking in two sentences from page 297, where author Christopher Hadnagy writes 'tools are an important aspect of social engineering, but they do not make the social engineer. A tool alone is useless; but the knowledge of how to leverage and utilize that tool is invaluable.' Far too many people think that information security and data protection is simply about running tools, without understanding how to use them. In this tremendous book, Hadnagy shows how crucial the human element is within information security."

Another interesting Business Model I wish I had thought of...

YC-Funded Earbits Brings A Twist To Music Startups: Online Radio That Lets Bands Pay For Playtime

Geeky stuff for my website students.

In-Depth Look At HTML5

"InfoWorld's Peter Wayner offers a four-part series devoted to the new features of HTML5. Each article examines the evolving spec in-depth, focusing on canvas, video, audio, and graphics for display options, including the and

More Geeky stuff.

RockMelt tiptoes into public beta

RockMelt boomed onto the alterna-browser landscape last November, grabbing some notable attention from social browsing competitor Flock but then fading from the limelight. After four months, RockMelt announced today that it's ready for the next step: entering into a public beta. That's right, this entire time the Marc Andreessen-backed, Chromium-based RockMelt beta (download for Windows | Mac) has been restricted to invitation-only.

A Geek can have a hobby too. But we tend to over-analyze them.

Ex-Microsoft CTO Writes $625 Cookbook

"Nathan Myhrvold, Microsoft's first CTO, made his mark in the tech world. Now he's cemented his place in the world of cooking and food science with the publication of a groundbreaking six-volume, 2,438-page cookbook. Some of the techniques in Myhrvold's Modernist Cuisine are intimidating, to put it mildly, calling for such daunting ingredients as liquid nitrogen and equipment such as centrifuges and rotor-stator homogenizers. But Myhrvold and his co-authors insist that the majority of recipes can be made in a conventional home kitchen — with a few recommended, inexpensive extras such as a digital gram scale and water bath for sous vide cooking."

For the Toolkit

Wednesday, March 9, 2011 - Drag & Drop Diagram Creation

JGraph is a UK company that develops and supports graph visualization software and web services. One of the free services they offer is a diagram creation tool called offers a drag and drop interface for creating diagrams using clip art and pre-drawn shapes. Using the service does not require registration and all of your diagrams can be saved to your local computer in your choice of four formats (xml, png, jpg, or svg).

More for the toolkit. My picks...

Ten Brilliant Web Tools To Make Your Life Easier


PDF files can have restrictions that prevent you from for example copying text from them or editing, printing or merging them. PDFUnlock can remove these restrictions (a.k.a “owner password”)


ShiftEdit is an online IDE for developing PHP, Ruby, HTML, CSS and JavaScript with built-in (S)FTP.


Tired of printing web pages only to find your printout is full of ads, empty space and other junk you don’t want? PrintWhatYouLike is a free online editor that lets you format any web page for printing in seconds.

Wednesday, March 09, 2011

Another take on the Ponemon study. (I like the headline.)

Study: Negligence cause of most data breaches

Negligence is the biggest cause of data breaches at corporations, but criminal attacks are growing fastest, a study released today concludes.

The average cost of a data breach for a victimized organization increased to $7.2 million, and the average cost per record came to $214, up $10 from the previous year, according to the 2010 Annual Study: U.S. Cost of a Data Breach, which was conducted by the Ponemon Institute and based on data supplied by 51 U.S. companies across 15 different industry sectors.

The costs associated with a breach involve detecting the incident, investigation, forensics, customer notification, paying for identity-protection services for victims, business disruption, and productivity losses, said Larry Ponemon, chairman and founder of the Ponemon Institute.

… The most expensive breach reported in the study was $35.3 million, and the least expensive was $780,000.

The companies have devised an online Data Breach Calculator for helping estimate how likely a breach is and how much a breach would cost based on an organization's size, industry, location, and security practices.

(Related) Another paper worth a read?

March 08, 2011

Civil Liberties and Industry Groups Release Cybersecurity White Paper

News release: "For the first time, industry groups and civil liberties interests have come together to advocate a comprehensive, common approach to cybersecurity. That approach is reflected in today's release of a cybersecurity white paper that rejects government mandates [No surprise. Bob] and advocates for a stronger partnership between industry and government. The 20-page white paper is a joint release from CDT, U.S. Chamber of Commerce, Business Software Alliance, TechAmerica, and the Internet Security Alliance."


Report: Number Of Malware-Infected Web Sites Has Doubled In Past Year

A new Dasient report says that the number of Web sites infected with malware has doubled in the past year. That means we’re now just short of 1.2 million Web sites out there infected with malware. Wonderful.

Big deal, you say. Some 1.2 million Web sites out of the entirety of the Web can’t be so bad, right? Well, that means that in about three months of Web surfing the average person now has a 95 percent chance of running into malware.

For my Computer Security and Forensics students.

Unmasking Anonymous Email Senders

"Just because you send an email anonymously doesn't mean people can't figure out who you are anymore. A new technique developed by researchers at Concordia University in Quebec could be used to unmask would-be anonymous emailers by sniffing out patterns in their writing style from use of all lowercase letters to common typos. Their research, published in the journal Digital Investigation, describes techniques that could be used to serve up evidence in court, giving law enforcement more detailed information than a simple IP address can produce."

[From the article:

Of course some might be concerned that the technique could be used to reveal identities of whistleblowers or others who have legitimate reasons for sending emails via publicly available tools for sending anonymous messages.

[The article:

For my Global Terrorism class.

Tuesday, March 8, 2011

Middle East Protests - Country by Country

Middle East Protests Country by Country is a clickable map of the middle east produced by the BBC. Click on any of countries on the map to get a quick overview of some basic information about that country. Below the map you will find a longer overview of the current state of affairs in each country and the "unrest index" as calculated by The Economist for each country.

The future or wishful thinking?

$39.5 Million Hi-Tech Library Opens In Illinois

The new $39.5 million Fountaindale Public Library features: flat-screen TVs, video games, self-checkout stations, a variety of e-readers, and a cafe. Library officials say the new facility is a blueprint for libraries of the future, and will focus on using new technologies. From the article:

"The Fountaindale Public Library, with its state-of-the-art, Wi-Fi equipped space, is starkly different from the previous antiquated library, a nearby one-story brick structure built in 1975 that awaits the wrecking ball. Officials are hopeful the new facility attracts a demographic libraries haven't seen in a number of years — young professionals."

(Related) Free is good (in the “Give them the razor, sell them the razor blades” sense.)

Amazon considering free Kindles for Prime members?

There are more rumors fluttering around Seattle that at some point, likely the holiday season of 2011, Amazon will start giving away its Kindle e-book reader for free, likely to select (as in Prime) members.

… Amazon doesn't make much money on the Kindle e-book reading device. And it's not supposed to; the hardware is a loss-leader that allows mobile access to--and binds customers to--Amazon's e-books store.

… If Amazon was betting on its hardware, it wouldn't have Kindle apps for the iPad, iPhone, and other devices. The money, as far as Amazon is concerned, is in selling books. The Kindle hardware is simply a conduit for this. It's the metaphorical chip to the e-book dip.

… But to really make the e-book expand past these readers, Amazon needs to reach out to those who won't pay $140 for a new (to them) technology.

Tools & Techniques

I2ocr: Image Document Text Extractor

Thanks to OCR technology, you can convert images of text into text documents. This saves a lot of time retyping the same document. If you have a text-including image saved on your computer or have its URL, you can use i2OCR to extract the text from the image.

Similar tools: FreeOnlineOCR, Free-ORC and NewOCR.

Also read related articles:

How To Extract Text From Images (OCR) – Windows Only

Top 5 Free OCR Software Tools To Convert Images Into Text

3 Online OCR Services To Convert Scanned Docs To Text

Tools & Techniques Computer Security

JottiQ – Scan Suspicious Files Using Multiple Anti-Virus Apps At The Same Time

Whether you’re downloading movies (we know you do!), new music, software, or participating in some other activity that may or may not violate the Digital Media Copyright Act, you are potentially exposing your computer to corrupt files, malware, and viruses.

… There are a lot of different ways to scan the files you download to see if they are clean, but none quite like JottiQ. JottiQ takes advantage of Jotti’s online malware scanner, which uses multiple popular antivirus programs to scan your files, without having to download or install any of them.

Tuesday, March 08, 2011

So... What are my Computer Security students worth now?

Corporate data breach average cost hits $7.2 million

March 8, 2011 by admin

The cost of a data breach went up to $7.2 million last year up from $6.8 million in 2009 with the average cost per compromised record in 2010 reaching $214, up 5% from 2009.

The Ponemon Institute’s annual study of data loss costs this year looked at 51 organizations who agreed to discuss the impact of losing anywhere between 4,000 to 105,000 customer records. The private-sector firms participating in the Ponemon Institute’s “2010 Annual Study: U.S. Cost of a Data Breach” hail from across various industries, including financial services, retail, pharmaceutical technology and transportation.

Read more on NetworkWorld. Of note, those who respond quicker to getting notifications out to consumers, seem to be paying more: [Not the statistic I was hoping for... Bob]

About 41% of the respondents in the study said their organization had notified victims within one month of discovering the data breach, up from 36% in 2009. But these so-called quick responders paid $268 per record, up 22% from 2009 — and substantially more than companies that took longer, which paid $174 per record, down 9% from 2009.

Okay, that’s not good. We don’t want entities having to pay more promptly disclosing. What is increasing the cost of the breach clean-up to entities who respond quickly? According to Ponemon’s press release:

Costs pile up in a rush to make a one-month or less reporting time deadline and don’t necessarily mean companies are doing a better job in the forensics of understanding exactly what happened to them in the data breach, says Ponemon. Instead, it seems to lead to an “over-reporting phenomenon” where more records than were actually in the data breach are reported and publicly disclosed. This may be happening because companies are afraid they will have problems with state or federal regulators or class-action lawsuits if they delay past the one-month timeline, he said.

These data will undoubtedly be used by some to argue for a “take a bit more time and get it right and save money” approach. There’s much to discuss here.

“It's for the children!”

Schools rush to fingerprint children before UK Freedom Bill change

March 8, 2011 by Dissent

Andrea Petrou reports:

Fingerprinting of children has got worse, with “more and more schools falling over themselves” to get pupil biometrics, a rights group has told TechEye.

Action on Rights for Children (ARCH) is wondering if the rush is because of proposed changes in the Freedom bill.

Currently, schools don’t have to ask for parental consent to take fingerprints from children – which can be used to access classrooms, take books out of the library or as a way to provide cashless school dinners.

However, if the bill goes ahead, it will mean schools will require consent from both the parent and child to gain fingerprints.

Terri Dowty, director at ARCH, told TechEye: “Schools are falling over themselves to get fingerprinting before the new rules come into place. We’re pleased about the new proposals, which will mean that children’s parents get a say.


(Related) If the trend continues, this will be allowed.

UK Schools Consider Searching Pupils' Smartphones

"What right to privacy do school pupils have on their mobile phones? UK education officials are considering ways to clamp down on cyber-bullying and classroom disruption by allowing teachers to search and delete content from student handsets if it is deemed unsuitable. However, questions remain whether such a move would give teachers too much power and infringe on student rights."

Is it possible to have an “off the record” conversation when everyone has a camera? See the video and decide for yourself.

If Wikileaks did “spark” regime change” in Libya, should they get the Nobel Peace Prize?

Former MI6 Chief Credits WikiLeaks With Helping Spark Revolutions

"Sir Richard Dearlove, former Intelligence Chief of MI6, credits WikiLeaks with helping spark revolutions in the Middle East, in (what was supposed to be) an off-the-record speech. 'I would definitely draw parallels at the moment between the wave of political unrest which is sweeping through the Middle East in a very exciting and rather extraordinary fashion and also the WikiLeaks phenomenon. Really, what ties these two events together, and of course a number of other events, is the diffusion of power, away from the states and the empowerment of individuals, and small groups of individuals, by technology,' he said."

Was this China or was North Korea using them as a conduit for an attack?

S. Korea says China targeted Global Hawk purchase plans

Shin Hak-Yong, a Democratic member of South Korea’s parliament's defense committee, told local reporters that the Chinese hackers accessed systems used by the defense ministry, in order to access plans to purchase an unmanned Global Hawk aircraft.

“…the government has not raised the issue with China yet and is still debating how to handle it," Shin's spokeswoman said, quoting Shin.

… On Saturday, South Korean National Cyber Security Center said they had seen signs of a Denial-of-Service attack targeting the presidential office, the Foreign Ministry, the National Intelligence Service, U.S. Forces Korea, and financial institutions. Logs of the DoS attacks point to Chinese origin points.

AhnLab spokesman Park Kun-woo said the attacks seen on Saturday are similar to ones that have targeted South Korean websites in the past.

In response to the South Korean claims, China issued a flat dismissal.

"South Korea's news is groundless. China has been blamed for a number of Internet hacker attacks by the US, Japan, Australia and some other countries in the past," Wang Mingzhi, a military strategist at the People's Liberation Army Air Force Command College, told China’s Global Times on Monday.


China Pledges To Step Up Internet Administration

"China says it will step up administration of the Internet this year while continuing to build out the country's fiber-optic backbone and expand broadband access for consumers. Internet administration was mentioned in a keynote report on the work of the government to China's parliamentary session. It underlined the importance of culture and noted the need to 'strengthen the development of civic morality' and 'speed up the establishment of moral and behavioral norms that carry forward traditional Chinese virtues.' The pledge comes amid revelations that DDoS attacks against WordPress last week allegedly originated from China."

As revolutionary as Miranda?

Condemned Inmate Wins Right to Seek DNA

The Supreme Court on Monday said inmates have a right to sue under a federal civil rights law to seek post-conviction DNA testing.

… The courts held that, under Texas law, a convict must prove, by a preponderance of the evidence, that he or she would not have been prosecuted or convicted had DNA testing been performed. [Kind of a Catch 22? Bob] To get DNA testing, a Texas inmate must also demonstrate that his failure to seek such testing at trial was not a strategic decision.

… At least 22 states had told the justices that granting Skinner DNA testing through a civil rights suit would undermine their individual statutes, which spell out when an inmate is entitled to it.

“To allow this type of procedural legerdemain would both diminish the sovereign interests of the states and at the same time impose a significant burden on the states’ limited law enforcement resources,” attorneys general from the 22 states wrote.

The decision, (.pdf) with Justices Clarence Thomas, Anthony Kennedy and Samuel Alito in dissent, does not necessarily mean Skinner would actually win the right to testing — something his trial lawyer chose not to seek.

Justice Ruth Bader Ginsburg, writing for the majority, ruled only that inmates could sue under the civil rights statute to press a claim that they were unconstitutionally denied DNA testing in state court.

Would this impact some providers enough to drive them into bankruptcy? I bet they make that argument... Note: The comments point to other ways to avoid texting charges.

Facebook May Bust Up the SMS Profit Cartel

"Fortune had an interesting article recently about wireless providers and their exorbitant profit margins for SMS handling, especially when looking at modern data plans. 'Under the cell phone industry's peculiar pricing system, downloading data to your smartphone is amazingly cheap — unless the data in question happens to be a text message. In that case the price of a download jumps roughly 50,000-fold, from just a few pennies per megabyte of data to a whopping $1000 or so per megabyte.' A young little application called Beluga caught the attention of Facebook, which purchased the company a Thursday. The app aims to bring messaging under the umbrella of data plans, and features group messaging, picture and video messaging, and integration with other apps. The author argues that, if successful, Beluga (or whatever Facebook ends up calling it) could potentially be the Skype/Vonage or Netflix-type competitor to the old-school cellular carriers and their steep pricing plans."

Monday, March 07, 2011

The Court of Public Opinion is now in session!

Jeweler sells surveillance tape over Lohan’s theft case to TV show

March 6, 2011 by Dissent

A Venice, California jewelry store has sold the surveillance tape central to the felony theft case against troubled actress Lindsay Lohan to a company that licensed it to a popular entertainment news show, which could complicate the case, local news outlets reported on Saturday.

Entertainment Tonight, a daily tabloid-style television show that is syndicated by CBS Television Distribution throughout the United States, Canada and in many countries around the world, will air the footage Monday, RadarOnline reported.


Wait a minute, though. If you have a private business that uses video surveillance of customers, you can sell video surveillance of a customer without their consent? What if there’s no sign on your door warning customers that they will be videotaped? I don’t know what the situation was in this case. I’m just asking a general question. You may not have a reasonable expectation of privacy in public spaces, nor in a store, but does that mean that they can sell film of you without your consent? I have no idea what the privacy tort would be – appropriation of likeness? – but something doesn’t seem right about this.

And that’s apart from the issue of the criminal matter, of course.

Update: I’ve been told that selling video taken in this type of situation is generally legal, proving, once again, that just because something doesn’t seem right to me, it doesn’t make it illegal.

Several interesting arguments, but the best is that the Internet was designed to maintain communications in the event of nuclear war. Shutting it off would seem to be exactly what an enemy would want.

In Search Of The Internet Kill Switch

The complete internet shutdown this week in Libya involved a new way to turn off web access for an entire country. Earlier this year, the total internet blockade in Egypt backfired and emboldened the protesters. China is well known for blocking internet services, but it’s not just China. Of course, having the government turn off the internet could never happen in the United States. We couldn’t condemn the action in other countries while at the same time plan it here. No one would even suggest such a thing, right?

Even politicians can do embarrassing things?

BC NDP demanding social media login credentials

March 6, 2011 by Dissent

David Fraser writes:

In the last week, there have been reports that the British Columbia New Democratic Party has been demanding the social media login credentials from candidates for the leadership of the party (see: B.C. NDP candidate in social-media standoff with party bosses – The Globe and Mail). All of the candidates have provided this info, except for one who — quite rightly — challenges this an an invasion of privacy.

We’ve heard in the past about employers asking for this sort of information and then backing off when facing a fire-storm of criticism. I can appreciate that the party is hoping to avoid any surprises, but this, in my view, seriously crosses the line.

Read more on Canadian Privacy Law Blog.

Luddites! If my students can make more money creating e-Discovery programs than reading emails, why should I train them for a boring obsolete job? Perhaps “Brains” that can't see how the world is changing should be “retired.”

Is Software Driving a Falling Demand For Brains?

"Paul Krugman writes in the NY Times that information technology seems to be reducing, not increasing, the demand for highly educated workers (reg. may be required), because a lot of what highly educated workers do could actually be replaced by sophisticated information processing. One good recent example is how software is replacing the teams of lawyers who used to do document research. 'From a legal staffing viewpoint, it means that a lot of people who used to be allocated to conduct document review are no longer able to be billed out,' says Bill Herr, a lawyer at a major chemical company who used to muster auditoriums of lawyers to read documents for weeks on end. 'People get bored, people get headaches. Computers don't.' If true this raises a number of interesting questions. 'One is whether emphasizing education — even aside from the fact that the big rise in inequality has taken place among the highly educated — is, in effect, fighting the last war,' writes Krugman. 'Another is how we [can] have a decent society if and when even highly educated workers can't command a middle-class income.' Remember the Luddites weren't the poorest of the poor, they were skilled artisans whose skills had suddenly been devalued by new technology." [Is he suggesting e-Discovery is an art rather than a science? Bob]

A good use of Push Updates? Assumes that Google properly identified an App as malware and assumes you approve of their deletion.

Google Finally Uses Remote Kill Switch On Malware

"The Google Mobile Team has announced that in addition to removing the 21 malicious applications from Android Market that were downloaded 50,000 times, suspending the associated developer accounts, and contacting law enforcement about the attacks, they are remotely removing the malicious applications from affected devices. 'We are pushing an Android Market security update to all affected devices that undoes the exploits to prevent the attacker(s) from accessing any more information from affected devices,' wrote the team on their blog. 'For affected devices, we believe that the only information the attacker(s) were able to gather was device-specific (IMEI/IMSI, unique codes which are used to identify mobile devices, and the version of Android running on your device).' Google's actions come after numerous complaints in tech publications. "Does Google really want its Android Market to gain the reputation of being a cesspool of malware? 'Certainly not,' wrote Nicholas Deleon in TechCrunch. 'But then part of the allure of the Android Market is that it's open; you don't have to play by Google's rules, per se, to get on there like you do with Apple's App Store.'"

Now you can Text, Talk and Video your friends while driving! Also, bandwidth requirements just jumped up big time.

Facebook Said To Resume Talks With Skype

"You may soon be able to start a Skype video call with your friends on Facebook. The latest rumor suggests that Facebook and Skype have resumed talks about integrating the video conferencing technology on the social network. The two companies first talked about a potential partnership in September 2010, but they could not reach an agreement. When Skype 5.0 was released in October 2010, the new version offered voice calling between Facebook friends, but it did not include a video chatting feature."

Is this the new paradigm for content?

AOL Closes $315 Million Huffington Post Acquisition; Expands Editorial Team

The deal was originally announced on February 6, so it’s taken a month for the acquisition to close.

… With the acquisition, AOL is buying into the new publishing model that the Huffington Post represents. Armstrong has said that the the driving factors behind the deal is how well the Huffington Post fits into the content platform he is trying to build, particularly around women, influencers, and local (his 80-80-80 strategy).

Tim and Arianna have been on a roadshow of sorts, explaining the new content strategy to the public.