Saturday, July 09, 2011

Local What if one passphrase decrypted many files/computers? What if the decryption pointed to more encrypted files “in the Cloud?” Where does this end?

http://www.pogowasright.org/?p=23656

Prosecutors Demand Laptop Password in Violation of Fifth Amendment

July 8, 2011 by Dissent

From EFF:

The Electronic Frontier Foundation (EFF) urged a federal court in Colorado today to block the government’s attempt to force a woman to enter a password into an encrypted laptop, arguing in an amicus brief that it would violate her Fifth Amendment privilege against self-incrimination.

A defendant in this case, Ramona Fricosu, is accused of fraudulent real estate transactions. During the investigation, the government seized an encrypted laptop from the home she shares with her family, and then asked the court to compel Fricosu to type the password into the computer or turn over a decrypted version of her data. But EFF told the court today that the demand is contrary to the Constitution, forcing Fricosu to become a witness against herself.

Decrypting the data on the laptop can be, in and of itself, a testimonial act — revealing control over a computer and the files on it,” said EFF Senior Staff Attorney Marcia Hofmann. “Ordering the defendant to enter an encryption password puts her in the situation the Fifth Amendment was designed to prevent: having to choose between incriminating herself, lying under oath, or risking contempt of court.”

The government has offered Fricosu some limited immunity in this case, but has not given adequate guarantees that it won’t use the information on the computer against her.

“Our computers now hold years of email with family and friends, Internet browsing histories, financial and medical information, and the ability to access our online services like Facebook. People are right to use passwords and encryption to safeguard this data, and they deserve the law’s full protection against the use of it against them’” said EFF Staff Attorney Hanni Fakhoury. “This could be a very important case in applying Americans’ Fifth Amendment rights in the digital age.”

For the full amicus brief: https://www.eff.org/files/filenode/us_v_fricosu/fricosuamicus7811.pdf

[From the brief:

Neither the Encryption Password Nor the Decrypted Contents of the Laptop Is a Foregone Conclusion



The good news: Credit card numbers were encrypted. The bad news: Passwords apparently were not.

http://www.databreaches.net/?p=19522

Kiplinger Warns Customers Hackers Got Account, Credit Card Information

July 8, 2011 by admin

Michael Riley reports:

Kiplinger Washington Editors Inc., the publisher of Kiplinger’s Personal Finance, is warning customers that account data, including credit card numbers, was stolen on June 25 by hackers who breached its computer network.

Doug Harbrecht, the company’s director of new media, said the attackers stole user names, passwords and encrypted credit card numbers from as many as 142,000 subscribers to the magazine or the company’s various newsletters, including the Kiplinger Letter.

Read more on Bloomberg.

Note: It took me a while, but I found their FAQ on the breach. Bloomberg’s coverage isn’t wholly accurate, perhaps, as the FAQ indicates that Kiplinger’s discovered the hack on June 25. They don’t actually say when it occurred.



It is possible that a foreign power could compel their manufacturers to install spyware. It is also possible that a US company would limit their testing to confirmation of their requirements (i.e. not waste time looking for “extra” functions in the software or hardware.)

http://www.fastcompany.com/1765855/dhs-someones-spiking-our-imported-tech-with-attack-tools

DHS: Imported Consumer Tech Contains Hidden Hacker Attack Tools

BY Neal UngerleiderFri Jul 8, 2011

A top Department of Homeland Security official has admitted to Congress that imported software and hardware components are being purposely spiked with security-compromising attack tools by unknown foreign parties.

… Supply chain security is a growing worry for both the federal government and business. According to White House documents, the executive branch is actively studying the risk of nation-states purposely installing sleeper, one-use attack tools in software and hardware components marketed in the U.S.



Some light summer reading...

Book Review: Surveillance Or Security?

"Surveillance or Security?: The Risks Posed by New Wiretapping Technologies is a hard book to categorize. It is not about security, but it deals extensively with it. It is not a law book, but legal topics are pervasive throughout. It is not a telecommunications book, but extensively details telco issues. Ultimately, the book is a most important overview of security and privacy and the nature of surveillance in current times."

Read below for the rest of Ben's review.



This could be useful

http://techcrunch.com/2011/07/08/from-your-clipboard-to-just-about-anywhere-sharing-files-in-one-click-to/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

From Your Clipboard To Just About Anywhere: Sharing Files In One Click.to

… If you’re anything like me, you use the CTRL-C command a lot. What Click.to does is display an ‘action bar’ whenever you copy something to your clipboard – whether it’s a photo, text or an Excel spreadsheet – that enables you to share the file in question to a variety of social networking and other online services, or other Web-based and even desktop applications.

Head on over to clicktoapp.com and give it a whirl.


Friday, July 08, 2011

There is likely more to this than has yet been released. Who actually did the hacking, reporters or contacts in the police or one of the current hacktivist groups? Are UK phones less secure than US phones? Will my Ethical Hackers be able to automate the tap on Rupert Murdoch's phone?

http://www.pogowasright.org/?p=23638

UK: Phone hacking victims could number 4,000

July 7, 2011 by Dissent

The number of victims of the News of the World phone hacking scandal could exceed 4,000, detectives leading the investigation have warned.

Martin Evans reports:

Officers were last night continuing to trawl through 11,000 pages of material handed over by News International and have said they will contact everyone involved as “soon as possible”.

Yesterday the Daily Telegraph revealed that the families of Armed Forces servicemen and women killed in Iraq and Afghanistan were among those whose private messages may have been intercepted by reporters working for the Sunday tabloid.

Read more on The Telegraph.

Yesterday, Rupert Murdoch was quoted as saying:

“Recent allegations of phone hacking and making payments to police with respect to the News of the World are deplorable and unacceptable.

Well, wait… is he saying that the allegations are deplorable and unacceptable or that the phone hacking his employees allegedly engaged in was deplorable and unacceptable?


(Related)

http://www.bbc.co.uk/news/uk-14077405

Phone hacking probe: Ex-News of the World editor Coulson arrested


(Related) It's so easy, even a script kiddie can do it.

http://news.cnet.com/8301-27080_3-20077732-245/kevin-mitnick-shows-how-easy-it-is-to-hack-a-phone/

Kevin Mitnick shows how easy it is to hack a phone

… Phone hacking, also known as "phreaking," is easy to do, Mitnick said, adding that he could demonstrate it on my phone if I wanted proof. So I gave him permission to access my voice mail and told him my mobile phone number.

He called me right back on a conference call so I could hear what was going on. First he dialed a number to a system he uses for such demonstration purposes and entered a PIN. Then he was prompted to enter the area code and phone number that he wanted to call (mine) and the number he wanted to be identified as calling from (again mine). Next thing I know I'm listening to a voice message a friend of mine left me last night that I hadn't erased.

"See how easy it is?!" Mitnick says as my jaw drops.

He was able to get into my voice mail by tricking my mobile operator's equipment into registering the call as coming from the handset--basically pretending to be me. To do this, he wrote a script using open-source telecom software and used a voice-over-IP provider that allows him to set caller ID, but there also are online services that provide similar capability that non-hackers could subscribe to.



Being able to identify devices (not just IP addresses) would allow banks to know when someone NOT located at your small business tries to access your bank accounts.

Mark Cuban-Backed Device Identification Startup BlueCava Raises $1.5 Million

BlueCava, a startup that has developed technology that enables its customers to identify unique connected devices such as smartphones, TV set-top boxes, gaming consoles, computers and more, has raised $1.5 million in debt funding according to an SEC filing.



Got cookies?

Visualizing Behavior-Tracking Cookies With Firefox

"Using Firefox, and a new (open source) add-on called Collusion, you can see for yourself just how extensive the third-party behavior-tracking system is. Simply leave the Collusion website open, browse the web for a bit, and then return to see that your favorite websites are letting at least four or five behavior tracking companies follow you around the web."



Privacy is a game to these people! And that's a good thing.

http://www.pogowasright.org/?p=23641

Zynga Combines Privacy Education, Gaming And Rewards With PrivacyVille

July 7, 2011 by Dissent

Leena Rao reports:

Getting ahead of any privacy issues surround your product is an important part of product development for any company. Facebook, unfortunately, learned this the hard way. Social gaming giant Zynga is adding a layer of transparency today with the launch of a new privacy initiative called PrivacyVille.

In typical Zynga fashion, PrivacyVille isn’t your average dull privacy education course but is instead a game-like tutorial that rewards players with the company’s virtual currency zPoints in RewardVille for learning more about Zynga’s privacy practices.

Read more on TechCrunch.

[From the article:

In all, Zynga has 14 areas in the town for various privacy notifications.

After reading all the notifications, you are then given a short quiz of five questions and will be taken to Rewardville to redeem your points.



Interesting promise from the home of Big Brother. Perhaps it is intended as a “I'll show you mine if you show me yours” kind of deal? “If they have nothing to hide...”

http://www.bespacific.com/mt/archives/027709.html

July 07, 2011

UK Prime Minister sets ambitious open data agenda

"The Prime Minister has today committed to publishing key data on the National Health Service, schools, criminal courts and transport. This represents the most ambitious open data agenda of any government anywhere in the world. The new data [see data.go.uk] will reveal clinical achievements and prescribing data by individual GP practices, the performance of hospital teams in treating lung cancer and other key healthcare conditions, the effectiveness of schools at teaching pupils across a range of subjects, criminal sentencing by each court, and data on rail timetables, rail service performance, roadworks, current road conditions, car parks and cycle routes in an open format for use by all. The new commitments, set out in a letter from the Prime Minister to Cabinet colleagues, aim to provide the public with more information about the performance of services they use every day, and to help to drive modern, personalised and sustainable public services. The new data are also expected to drive economic growth as they promote the creation of new services and applications."



Sony, already famous for their ignorance of security matters, demonstrates how to make their games less valuable..This suggests to me that Sony will not aggressively update its technology. If they did, customers would willingly pay (again and again) for updated copies of their games.

Sony Introduces 'PSN Pass' To Fight Used Game Sales

Gamasutra reports that Sony has introduced "PSN Pass" — one-time codes that will unlock complete online access for certain games. "The company didn't offer details on how used and rental players would access online features in these titles, but did clarify that first-party use of the passes will be decided on a game-by-game basis." The initiative is similar to the "Online Pass" that EA rolled out last year, and to Sony's own experiment with SOCOM 4. Sony's explanation for the Pass will probably leave you wishing Google Translate supported marketing-speak: "This is an important initiative as it allows us to accelerate our commitment to enhancing premium online services across our first party game portfolio."



“We don't need no stinking “due process” – just take our word for it!”

http://www.wired.com/threatlevel/2011/07/disrupting-internet-access/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

ISPs to Disrupt Internet Access of Copyright Scofflaws

The nation’s major internet service providers, at the urging of Hollywood and the major record labels, have agreed to disrupt internet access for online copyright scofflaws.

The deal, almost three years in the making, was announced early Thursday, and includes participation by AT&T, Cablevision Systems, Comcast, Time Warner and Verizon. After four copyright offenses, the historic plan calls for these companies to initiate so-called “mitigation measures” (.pdf) that might include reducing internet speeds and redirecting a subscriber’s service to an “educational” landing page about infringement.

The internet companies may eliminate service altogether for repeat file sharing offenders, although the plan does not directly call for such drastic action.



Attention Ethical Hackers and Digital Design students... Pop Quiz: Is it a crime to install software on a demo computer?

http://news.cnet.com/8301-17852_3-20077697-71/secret-service-nabs-apple-store-spy-camera-artist/

Secret Service nabs Apple Store spy camera artist

Steve Jobs believes in art.

But there seem to have been some at Apple who are slightly less inclined toward it after discovering that an artist had installed software on around 100 Apple Store computers.

The software was set up simply to capture shots of people's faces every minute as they stared into the laptops of their dreams. As 25-year-old Brooklyn artist Kyle McDonald explained to Mashable, we all have very particular expressions when we are in the throes of Mac hypnosis.

… Who could have no sympathy with his quest? Well, the Secret Service, for one. Or, indeed, for four. For McDonald was woken this morning by the friendly but insistent faces of four members of the service and one search warrant.

While they didn't immediately remove him, they did take with them two computers, an iPod, and two flash drives. They also reportedly told him that he would be receiving communication from Apple.

… McDonald reportedly has many feelings about this whole escapade. He first believed that Apple, having traced the software back to him (oh, yes, the company monitors Apple Store computers), wasn't too concerned. He claims that an Apple technician had spotted the software, installed it himself, and taken a picture of himself, and sent the photo to McDonald.

Then he wondered whether he was breaking the law at all.



For my Geeky friends...

http://www.makeuseof.com/tag/boot-multiple-live-cds-usb-disk-yumi-windows/

Boot Multiple Live CDs From One USB Disk With YUMI [Windows]

Put multiple bootable tools onto one USB drive, then pick which one you want to boot when your computer starts up. Whether you want to try out various Linux environments at once or put together the ultimate Windows repair kit, YUMI (Your Universal Multiboot Installer) can help you build a bootable disk with a menu. It even supports Windows Vista and 7 installation disks.



Question: If you could study anything for free, what would you study?

Thursday, July 7, 2011

Why Not Take a Course from Yale This Summer? It's Free

Whether it's for professional development or personal enrichment, the summer is when many of us take a course or two. Fortunately, for those of us looking to take a course just for personal growth, Yale (and many other universities) publishes the entire contents of many of their courses online.

Even though you can't get university credits for working through the Open Yale Courses, it's a great way to brush-up on topics that you might be teaching in the fall or learn more about a topic that you have a natural interest in.

… Check out the list of 35 courses available through Open Yale Courses and see if there's something new that you want learn about before school starts again in the fall.


Thursday, July 07, 2011

Looks like we have another bunch of show offs.

http://www.databreaches.net/?p=19456

Connexion Hack Team dumps military and government email addresses and passwords as well as a California government site’s table of donors

July 6, 2011 by admin

16,959 e-mail accounts have been dumped to MediaFire recently, ZeroPaid has learned. The 1.18MB text file was uploaded by Connexion Hack Team. The file contains government and military e-mail accounts and passwords. ZeroPaid has also learned that many popular e-mail providers are also seen in the list of accounts compromised.

Read more on ZeroPaid, who provide a sampling of the email addresses included in the data dump.

In a previous post, Zeropaid reported that the same group had claimed responsibility for hacking http://www.fppc.ca.gov, the web site of the California Fair Political Practices Commission. In that data dump, the hackers also included usernames and passwords. In their announcement of that hack, they write, in part:

To prove that we hacked your website, we provided a table below of all the candidates, administration info, and the list of donators and who they donated to. We have done all this attempt to show the people the corrupt governments of the world. You may not be a government but you have connections. So therefore, we shall disrupt the internet ocean, revolutionise the world, all in the name of #AntiSec.



I must redundantly reiterate my repetition. Any scheme that SciFi writers would ignore as impossible is welcomed by TSA as justification for more manpower and higher budgets. It would now be cheaper to arm airline passengers with handguns that to “provide security”

http://www.mercurynews.com/travel/ci_18421234?nclick_check=1

TSA warns of implant bombers, prepares fliers for swab tests

… The Transportation Security Administration advised airlines that terror groups are believed to be experimenting with explosives that could be implanted in buttocks and breasts, allowing suicide bombers to pass through airport body scanners undetected. This raised the specter of a surgically altered world in which it must be asked: If Pamela Anderson has to undergo an MRI to get on an airplane, have the terrorists won? [Or maybe they need to justify a boob-patdown? Bob]



When does sharp merchandizing become a scam?

http://www.chicagotribune.com/business/breaking/chi-banks-billiondollar-idea-sell-your-shopping-data-20110706,0,504057.story

Banks' billion-dollar idea: Sell your shopping data

Many of the nation's leading banks and card issuers, including Wells Fargo, Citi, USAA, Sovereign Bank and Discover, are selling information about consumers' shopping habits -- how much they spend, where they shop and what they buy -- to retailers.

Retailers are using the data to offer targeted discounts via text, email and online bank statements. Each time a consumer cashes in on one of those deals, the retailer pays the bank a nice commission.

… Cardlytics, which provides similar services for 125 banks and a network of retailers, says merchants pay banks an average fee of 10 percent to 15 percent of the purchase price of a product each time a customer uses a discount that's generated from the bank's data.

Typically, the bank takes a 25 percent cut of that fee and pays an intermediary, like Cardlytics, the rest. So if a customer buys a $1,000 couch, the merchant pays a fee of up to $150 to the bank and the bank walks away with $37.50.

… like any new program, there are still plenty of kinks to get worked out.

Take, for example, the retroactively applied credit these programs issue. Merchants could decide to add fine print to their offers that exclude certain brands or add purchase conditions so that consumers think they'll be getting a discount but discover the credit was never applied, explained Odysseas Papadimitriou, CEO of CardHub.com.

“There's a risk that you might not get what you're hoping to get -- you're leaving the store and you don't know how much you were actually charged for something,“ he said. “Then if you don't see it on your credit card statement, what do you do? Call your bank? Call the intermediary company? Or call the merchant? If they start using fine print, the whole thing's just going to be a big mess.“

… (In most of cases, consumers are automatically enrolled in the merchant incentive programs, but they do have the right to opt out -- as required by bank regulations.)


(Related)

http://www.databreaches.net/?p=19494

UK: Banks face more privacy complaints from customers than any other group

July 7, 2011 by admin

Gerri Peev:

Banks have attracted more customer complaints than any other group over allegations of mishandling sensitive information, the privacy watchdog reveals today.

Lenders routinely lost, released or wrongly recorded personal data, the Information Commissioner warned in his annual report which detailed 603 complaints.

But the true scale of privacy and data breaches could be much higher, because the private sector is not obliged to report complaints to the Information Commissioner.

Read more on Daily Mail



...and you thought texting while driving was bad.

http://www.wired.com/gadgetlab/2011/07/facebook-announces-in-browser-video-chat-with-skype/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Facebook Announces New Design, In-Browser Video Chat With Skype

… In a major partnership with Skype, Facebook now offers free video calling between connected users of the site.

… Facebook’s partnership with Skype is, in essence, a partnership with Microsoft, who acquired the chatting platform for $8.5 billion. The move should benefit Microsoft, too, by expanding Skype’s presence into the social networking realm.



A picture is worth “up to $24 Billion”

http://www.makeuseof.com/tag/sony-playstation-network-breach-infographic/

The Sony Playstation Network Hack [Infographic]



Where Oh Where: Current State Of World’s Data Storage (Infographic)

http://mozy.com/assets/816/where-is-the-worlds-data-stored.gif



For my Intro to IT students...

An Introduction to Advanced Google Search



Wednesday, July 06, 2011

Not only did they lose data, they apparently lost a backup drive right in the middle of doing backups! (The drive would be in a safe when not in use, right?) Well, at least they “noticed.”

http://www.databreaches.net/?p=19444

Missing Plymouth State University backup drive contained Social Security Numbers of 1,509 students

July 5, 2011 by admin

On May 18, Plymouth State University noticed that an external hard drive that they used for backup purposes was missing.

One of the files on the drive was a spreadsheet that contained the names and Social Security numbers of 1,509 students enrolled in the teacher education and certification program between 2005 and 2010.

As the university explained in their June 28 letter to the New Hampshire Attorney General’s Office, they needed to collect Social Security Numbers so they could forward teacher candidates to the state licensing board for approval.

Unfortunately, New Hampshire is not the only state that still requires Social Security Numbers for licensing or certifying professionals, and I’m somewhat surprised that there haven’t been more hacks of state licensing board databases. Or maybe there have been and we’re just not hearing about them….



“Hey, we're a bank! What do we know about security?” Maybe the State of NY stole it!

http://www.databreaches.net/?p=19429

Morgan Stanley investors notified that lost CDs contained their personal and financial data

July 5, 2011 by admin

Christopher Maag reports:

Personal information belonging to 34,000 investment clients of Morgan Stanley Smith Barney has been lost, and possibly stolen, in a data breach. According to two letters sent to clients, and obtained by Credit.com, the information includes clients’ names, addresses, account and tax identification numbers, the income earned on the investments in 2010, and—for some clients—Social Security numbers.

The data was saved on two CD-ROMs that were protected by passwords, according to the letters, but the CDs were not encrypted. ['cause it's much more expensive to spend a dollar to encrypt a CD than to provide credit reports for 34,000 customers... Bob]

[...]

The company mailed the CDs containing information about investors in tax-exempt funds and bonds to the New York State Department of Taxation and Finance. It appears the package was intact when it reached the department, but by the time it arrived on the desk of its intended recipient the CDs were missing, Wiggins said.

The state notified Morgan Stanley Smith Barney about the lost data on June 8. The company took two weeks to conduct an “exhaustive search” of all the facilities the package passed through, Wiggins said, and then mailed the letters to clients on June 24.

Read more on Credit.com.

Earlier coverage on BusinessInsider.com



The breach may have compromised 645,000, but the lawsuit was because of “failure to report promptly”

Indiana Attorney General reaches settlement with WellPoint in consumer data breach

By Dissent, July 5, 2011

Health insurer WellPoint Inc. will pay the State a $100,000 settlement [Suit asked for 300,000 Bob] over a data breach where the personal information of thousands of WellPoint customers was potentially accessible via the Internet. The settlement resolves a lawsuit that Indiana Attorney General Greg Zoeller’s office filed under a new data-breach notification law passed in 2009.

“This case should be a teaching moment for all companies that handle consumers’ personal data: If you suffer a data breach and private information is inadvertently posted online, then you must notify the Attorney General’s Office and consumers promptly. Early warning helps minimize the risk that consumers will fall victim to identity theft,” Zoeller said.

The data breach occurred when applications for individual insurance policies submitted to WellPoint – containing social security numbers, financial information and health records — were potentially accessible through an unsecured web site from October 23, 2009, to March 8, 2010. The records of 32,051 people in Indiana were potentially accessible through the online application tracker website operated by companies owned by or affiliated with WellPoint for potentially anyone to see.

A notification to WellPoint was made by a consumer February 22, 2010, and again on March 8, 2010, that records containing personal information were potentially accessible. Upon notification, WellPoint immediately secured the site. [Upon the second notification? Bob]

Consumers were notified of the data breach beginning June 18, 2010. Although required by law to also simultaneously notify the Attorney General’s Office of a data breach, WellPoint did not immediately do so. News reports of the data breach prompted the Attorney General’s Office to initiate the contact to WellPoint on July 30, 2010, and launch an inquiry.

Under a recent state law, House Enrolled Act 1121-2009, companies that experience data breaches must notify both their consumers and the Attorney General “without unreasonable delay.” Prompt notice allows consumers to take precautions to mitigate the risk of identity theft.

“The requirement to notify the Attorney General ‘without unreasonable delay’ is not fulfilled by having me read about the breach in the newspaper,” Zoeller noted.

… During the breach, consumers’ private data was accessible online for approximately 137 days, and one consumer lodged a complaint about possible identity theft as a result of it. Approximately 645,000 consumers nationwide eventually were notified about the breach.

… The Attorney General’s Office has issued warning letters to 47 companies that delayed in issuing notice of security breaches. Those included warning letters issued to 39 companies for delays in notifying both consumers and the Attorney General’s Office. Warning letters also were sent to five companies for delays in notifying the AG’s Office only and to three companies for delays in notifying consumers only, records show.

NOTE: A copy of the settlement agreement and dismissal order is attached. An audio sound bite of the Attorney General’s comment on the case is attached.

Source: Attorney General Greg Zoeller

Previous coverage of this case on this blog can be found here.



This could be amusing. Watch to see if law enforcement follows this lead. If true, how fast can they move?

http://www.thetechherald.com/article.php/201127/7364/LulzSec-members-revealed-by-rival-hacking-group-A-Team

LulzSec members revealed by rival hacking group A-Team

… the New York Times reports that a hacking group known as the A-Team has this week launched an open attack on LulzSec by publishing the names, aliases, email addresses, phone numbers and other personal details of its members.

According to the A-Team, its overt slapping of a fellow hacking group has come about because LulzSec apparently “lack the skill to do anything more than go after the low-hanging fruit.”



Ubiquitous surveillance – it's the law! (Or will be shortly)

http://www.pogowasright.org/?p=23609

E-Verify and the Emerging Surveillance State

July 5, 2011 by Dissent

Tom Deweese writes:

The rush is on to force into law mandatory use of the E-Verify system that will mandate that all businesses use this hand-me-down from the Social Security Administration in order to hire anyone. Republican Representative Lamar Smith has introduced HR 2164 and House action is expected at any time. Say proponents, E-Verify is necessary to stop illegals [and anyone else we don't like Bob] from getting jobs. Many freedom-loving Conservatives are supporting the idea in a desperate attempt to control illegal immigration. Is this the right way to protect America?

To answer that, it’s necessary to ask another question. If government won’t do its job, is that a reason for Americans to surrender their liberty? Do you think that is a funny question? Well, it is actually what a number of Conservative activist groups are now advocating in the name of stopping illegal immigration through enforcement of E-Verify.

Read more on Canada Free Press.

EFF has also denounced the proposal:

Congress is considering a bill that would federalize E-Verify, creating a single, government-controlled database of highly sensitive, detailed information about every legal worker in the United States. EFF joined the ACLU, the National Center for Transgender Equality, the Liberty Coalition, and dozens of other civil liberties and labor groups in urging Congress to uphold worker privacy and reject the Legal Workforce Act.

The Legal Workforce Act (H.R. 2164) would require all employers to use an Internet-based program called E-Verify to check every worker against an error-prone database. In letters sent to both houses of Congress, the coalition of advocacy groups decried the implementation of a nationwide system that could lead to downstream abuses by intelligence and law enforcement groups. The proposed bill could create a bureaucratic nightmare for American businesses while trampling on the privacy rights of workers.

Read more on EFF.



As usual, Gary Alexander finds the most interesting articles. Let's hope this means that we won't have a major security breach involving all that top secret lawyer-client communication.

http://www.law.com/jsp/lawtechnologynews/PubArticleLTN.jsp?id=1202499174206

Top Encryption Techniques for Lawyers

For Kubs Lalchandani, managing partner of Miami-based Lalchandi Law, document encryption has become like the lock on his office door: a routine and essential security tool. "The importance of encryption software for law firms cannot be quantified," he says. "Clients are demanding encryption, especially for classified documents that reside on laptops."

… Many PC and Macintosh users aren't aware that their desktop and laptop operating systems come with built-in encryption capabilities. Tools included on both systems provide high-quality AES protection and are relatively easy to activate. On both platforms, internal encryption tools can be used to safeguard an array of documents, including notes, correspondence, and contracts.


(Related) Lawyers are recognizing that technology beyond the quill pen exists and clients are using it! There may be hope for them yet!

http://www.bespacific.com/mt/archives/027692.html

July 05, 2011

American Bar Association - Initial Draft Proposals on Lawyers' Use of Technology and Client Development

Jamie S. Gorelick and Michael Traynor, Co-Chairs - ABA Commission on Ethics 20/20 - Re: For Comment: Initial Draft Proposals on Lawyers' Use of Technology and Client Development. Date: June 29, 2011

  • "The Commission is pleased to release its initial proposals relating to lawyers’ use of technology-based client development tools. As the accompanying report explains, the Commission concluded that no new restrictions are necessary in this area, but that lawyers would benefit from more guidance on how to use new client development tools in a manner that is consistent with the profession’s core values. To that end, the Commission is proposing amendments to Rules 1.18 (Duties to Prospective Clients), 7.2 (Advertising), and 7.3 (Direct Contact with Prospective Clients) that would clarify how lawyers can use new technology to disseminate important information about legal services and develop clients."


(Related) On the other hand, they may soon be a dime a dozen. (Can they should sue the Law Schools for false advertising?)

http://www.bespacific.com/mt/archives/027688.html

July 05, 2011

Economic Modeling Specialists - New Lawyers Glutting the Market

EMSI: "Just how bad is the job outlook for lawyers? According to our quick analysis, every state but Wisconsin, Washington, D.C., and Nebraska produced more — in some cases, far more — bar exam passers in 2009 than the estimated yearly openings for lawyers in those states. The same glut holds true when comparing law school grads, via IPEDS from the National Center for Education Statistics, to the same opening estimates. And when you take into account nuances with the D.C. bar and how Wisconsin operates, there might not be any states with a shortage."



Enough to make a Geek giggle! Microsoft's head tech weenie cooks as a hobby and here he talks about food tech and how he illustrated his cookbook and the “30 hour hamburger recipe”

http://www.ted.com/talks/nathan_myhrvold_cut_your_food_in_half.html#024994938954550183865

Nathan Myhrvold: Cooking as never seen before



Could be handy...

File2PDF.com - Convert Files Into PDFs

As its name implies, File2PDF is an online conversion system that can take different files such as images and Word documents and have them all mixed and combined into a single PDF. The way the site works, you are allowed to use a simple interface to upload what you want to have converted, and a download link will be produced for you to retrieve the finished file after a very short while. The individual files that you upload must be no larger than 10 MB. And you can both upload the documents to be used one by one, or as a part of a single ZIP file.

The service can be used for free to begin with, but if you want some meatier features (such as uploading files larger than 10 MB, having your PDFs stored for longer on the server, and converting large batches of files) then you can sign up for a VIP account. A one time payment of $ 10 will give you access to one.

Supported Formats

Our system support the conversion of rtf, doc, odt, docx, ppt, xml and txt documents to PDF. if you try to upload any other format it will fail.

http://www.file2pdf.com/


Tuesday, July 05, 2011

This could be a real embarrassment to Fox – is that why they are playing the blame game?

http://news.cnet.com/8301-30685_3-20076650-264/fox-news-reports-twitter-hack-to-secret-service/

Fox News reports Twitter hack to Secret Service

Fox News has alerted the U.S. Secret Service that the cable news show's Twitter feed was used today to publish false reports that President Obama had been killed.

… The tweets were still live on the Twitter Web site more than nine hours after being posted. The attack was on a verified Twitter account, one that Twitter has verified to belong to a specific person or organization.

Fox News said it alerted the Secret Service, the organization responsible for the president's physical safety. Fox News also is holding Twitter's feet to the fire.

"We will be requesting a detailed investigation from Twitter about how this occurred and measures to prevent future unauthorized access into FoxNews.com accounts," Jeff Misenti, vice president and general manager of Fox News Digital, said in the story.

It's possible, though, that Twitter wasn't responsible. For example, an attacker could have acquired a password by breaching Fox News itself, then simply logged on.

Twitter declined to comment beyond sharing its generic advice for keeping Twitter accounts secure.

A further statement from Twitter, though, indicated that the blame lay at Fox's own feet.

While Twitter does monitor accounts for brute-force login attempts and similar methods of attack, we're unable to anticipate compromises that take place due to offsite behavior.



Yesterday I posted an article claiming that China wanted to “invest” in Facebook. Today Microsoft will join with Baidu (to learn how to censor?) We are moving to a true global economy...

Microsoft Partners With Baidu, China's Top Search Engine

countertrolling writes with news that Microsoft has struck an agreement with Baidu.com, the most popular search engine in mainland China, to provide results for English-language queries. From the NY Times:

"Baidu, which dominates Chinese-language search services here with about 83 percent of the market, has been trying for years to improve its English-language search services because English searches on its site are as many as 10 million a day, the company said. Now it has a powerful partner. 'More and more people here are searching for English terms,' Kaiser Kuo, the company’s spokesman, said Monday. 'But Baidu hasn’t done a good job. So here’s a way for us to do it.' Baidu and Microsoft did not disclose terms of the agreement. But the new English-language search results will undoubtedly be censored, since Beijing maintains strict controls over Internet companies and requires those operating on the mainland to censor results the government deems dangerous or troublesome, including references to human rights issues and dissidents."


(Related)

http://online.wsj.com/article/SB10001424052702304778304576377141077267316.html?mod=wsj_share_twitter

Cisco Poised to Help China Keep an Eye on Its Citizens

Western companies including Cisco Systems Inc. are poised to help build an ambitious new surveillance project in China—a citywide network of as many as 500,000 cameras [The UK's surveillance lead is in jeopardy! Bob] that officials say will prevent crime but that human-rights advocates warn could target political dissent.


(Related) The downside of a global economy? (Right now there is a lot of content aimed at Libya)

US, UK Targeting Piracy Websites Outside Their Borders

"The U.S. Immigration and Customs Enforcement (ICE) agency is going after piracy websites even if they aren't hosted in the U.S., by targeting those with .net and .com domain names, which are managed by U.S. company Verisign. Meanwhile, a lawyer suggests even that [kind of connection] isn't needed to take a site to court in the UK, saying as long as the content is directed at UK users, that's connection enough to ensure jurisdiction."



Toward more perfect surveillance...

Kinect-Based AI System Watches What You're Up To

"Researchers from Cornell have used AI to create a system based on the Kinect that can recognize what you are doing — cleaning your teeth, cooking, writing on a whiteboard etc. In a smart home it could be used to offer help: 'Would you like some help with that recipe, Dave?' Or it could monitor patients or workers to make sure they are doing what they are told. The study also reveals that there is probably enough information in how activities are performed to recognize an individual — so providing yet more biometrics. There are clearly a lot more things that we can teach the Kinect to do with machine learning than just gesture recognition."



“Double Secret Probation” We know where the Senator went to school...

Law Professors vs the PROTECT IP Act

"Along with 90 (and still counting) other Internet law and IP law professors, David Post of the Volokh Conspiracy law blog has drafted and signed a letter in opposition to Senator Leahy's 'PROTECT IP Act.' Quoting: 'The Act would allow the government to break the Internet addressing system. It requires Internet service providers, and operators of Internet name servers, to refuse to recognize Internet domains that a court considers "dedicated to infringing activities." But rather than wait until a Web site is actually judged infringing before imposing the equivalent of an Internet death penalty, the Act would allow courts to order any Internet service provider to stop recognizing the site even on a temporary restraining order or preliminary injunction issued the same day the complaint is filed. Courts could issue such an order even if the owner of that domain name was never given notice that a case against it had been filed at all.'"


(Related) Complying with “the letter of the law”

In Australia, Censorship vs. DNS, and Porn As Network Driver

"Remember how Australia's planning to censor its Internet? Well, it looks as though the country's second-largest ISP, Optus, has made a stumble right out of the gate. Optus today confirmed you could circumvent its filtering technology simply by setting your PC to use a different DNS server than the default. Yup, it's really that easy. Oops."

And why would anyone want to change their DNS settings? angry tapir writes

"While the Australian Government has extolled the virtues of its currently under construction National Broadband Network (NBN) in delivering e-health and government agency services to every Australian, adult content will be the major driver of consumer adoption."



This is the Cloud as Storage Space... Why would Cloud providers be liable for what you choose to store? (It's where I'll store the Virus and Trojan samples used in my Computer Security classes)

Are Google Music and Amazon Cloud Player Legal?

"Earlier this year both Google and Amazon introduced cloud music storage where users could upload their music and listen to it wherever they had an internet connection. The music industry, however, was up in arms because they believed that Google and Amazon had to pay additional licensing fees for their music storage services. Tim B. Lee at Ars has written an excellent summary of the legal issues surrounding these services. His ultimate conclusion is that Google and Amazon would probably withstand any legal assaults, but it still remains a tough call."



Toward e-Currency? What will the digital 40% (268B) be buying? Games? e-Books?

Mobile Payments To Triple To $670B By 2015; Digital Goods Will Represent 40% Of Transactions

Juniper Research is releasing a new study today that reports that the transaction value of mobile payments for digital and physical goods, money transfers and NFC (Near Field Communications) transactions will reach $670 billion by 2015, up from $240 billion this year.



How anti-social is this! Apparently lots of people want to move to (or at least try) Google+ Unfortunately, Facebook owns all your data.

http://news.cnet.com/8301-30685_3-20076774-264/facebook-blocks-contact-exporting-tool/

Facebook blocks contact-exporting tool

Facebook has been blocking a tool intended to let people extract contact information their friends have shared with them, the tool's developer said today--but he's working on a way to evade Facebook's restrictions.

The tool lets people save their contacts' e-mail addresses, birthdays, phone numbers, and other information into a text file or to directly import them into Gmail. That makes it much easier for Google account holders to rebuild their contact network at Google+, Google's brand-new social network site.


(Related) It's also a bit disingenuous...

http://news.cnet.com/8301-17852_3-20076740-71/mark-zuckerberg-more-google-followers-than-anyone/

Mark Zuckerberg: More Google+ followers than anyone



For my Ethical Hackers: Several are named.

Ask Slashdot: Which Registrars Support DNSSEC?

"With GoDaddy being purchased by private equity firms (i.e. it will be sucked dry with service reduction and price increases until it dies) what other Registrars support DNSSEC? GoDaddy is the only registrar I could find that supports DNSSEC for registrees running their own DNS. It was fairly easy to add the Key Signing Keys' DS records to the parent zone using its DNS config. I did find a couple other registrars that were 'testing' DNSSEC or that would support DNSSEC if they ran your DNS. But I couldn't find any other registrars where you could just register, run your own DNS, and use DNSSEC (i.e. with your DS record in your parent zone). That being said, I was only able to research a small percentage of the registrars out there. Does anyone know of registrars, other than GoDaddy, that allow for DNSSEC? That is, registrars that have a method to pass the DS records to the parent zones for their registeree's domains?"



Another multimedia search aggregator.

Zomobo.com - Find Information From Multiple Sources

Self-defined as a real time encyclopedia, Zomobo enables anybody to search for information on sites like Wikipedia, YouTube, Facebook and Twitter at the very same time.

Zomobo is a free service, and there is no need for you to create an account in order to use it - searches can be executed the minute you have landed on the site, without needing to disclose any kind of information.

http://zomobo.com/



Humor, but I bet we could come up with much better

http://www.nytimes.com/interactive/2011/07/04/opinion/20110704_OPART.htm

Like It or Unfriend It


(Related)

Three Ways to Create Fake Facebook Profiles for Historical Characters


Monday, July 04, 2011

Food for thought: What type of false message(s) sent via what media would cause a panic? (I have been to Grover's Mill, NJ)

http://www.foxnews.com/politics/2011/07/04/foxnewspolitics-twitter-feed-hacked/

Foxnewspolitics Twitter Feed Hacked

FoxNews.com's Twitter feed for political news, FoxNewspolitics, was hacked early Monday morning.

Hackers sent out several malicious and false tweets claiming that President Obama had been assassinated. Those reports are incorrect, of course, and the president is spending the July 4 holiday with his family.

The hacking is being investigated, and FoxNews.com regrets any distress the false tweets may have created.



If I can access the voter database, can I drop a whole bunch of people who won't vote the way I like?

Hacker Exposes Parts of Florida's Voting Database

"Some people feel that elections can be rigged and votes tampered with. One hacker, who goes by the name of Abhaxas, decided to prove that votes aren't secure by exposing parts of the Florida voting database. Said Abhaxas while posting the data, 'Who believes voting isn't tampered with?'"



Because legal battles are now waged in Congress? But Google also has lots of privacy questions to answer.

http://thehill.com/blogs/hillicon-valley/technology/169425-google-hiring-12-lobbying-firms-in-response-to-investigations

Google hiring 12 lobbying firms as FTC readies antitrust probe

News broke last week that the FTC has subpoenaed documents for an upcoming investigation into whether Google has abused its dominance of the search market, the first broad antitrust probe of the firm. In response Google has retained a host of Washington lobbying firms to give lawmakers their view on issues such as privacy, copyright enforcement and competition in the search market.



This is a simple (trivial) investment, but it raises an interesting question. Can we identify strategically important pieces of the digital infrastructure that we should not allow to be controlled or significantly influenced by foreign investors?

http://blogs.forbes.com/gordonchang/2011/07/03/china-wants-to-buy-facebook/

China Wants to Buy Facebook

On Thursday, Business Insider reported that China is trying to buy “a huge chunk” of Facebook.

According to the business news website, Beijing approached a fund that buys stock from former Facebook employees to see if it could assemble a stake large enough “to matter.” Moreover, Citibank is rumored to be trying to acquire as much as $1.2 billion of stock for two sovereign wealth funds, one from the Middle East and the other Chinese. Business Insider reports a third source, from a “very influential” Silicon Valley investment bank, confirms that Citi is representing China.



Why are we debating size rather than content?

South Korean Textbooks to Go Digital by 2015

South Korea plans to spend $2.4 billion buying tablets for students and digitizing materials in an effort to go completely digital in the classroom by 2015. From the article: "This move also re-ignites the age-old debate about whether or not students learn better from screens or printed material. Equally important, there's the issue of whether or not devices with smaller form factors are as effective as current textbooks, which tend to have significantly more area on each page."


(Related) Some other ideas...

http://www.aifestival.org/topic/5

2011 Aspen Ideas Festival



Just because it's a slow day and I think these are cool...

Monday, July 4, 2011

Five Ways to Visually Explore Wikipedia

Wikipedia is one of the first places that students often go to get some background information on a topic they're researching. Besides just going to Wikipedia.org and entering a search, there are some other ways to explore the content of Wikipedia. Here are five ways that students can visually explore Wikipedia's content.

Wiki Mind Map is a resource for visually exploring Wikipedia. Wiki Mind Map is essentially a search engine for Wikipedia articles that uses the Google Wonder Wheel concept. Enter a search term into Wiki Mind Map and it will generate a web of links to Wikipedia articles about your chosen search term. Wiki Mind Map will also include related search terms within your web.

Wikihood is a neat way to explore the world in your web browser. Wikihood is one part Wikipedia and one part Google Maps. There are two ways to explore the world using Wikihood. You can simply browse the map by scrolling and zooming in on locations then clicking on placemarks. Or you can use the search box to enter the name of a place (like Mount Everest) or the name of an event (like the Battle of Fort Sumter). Whichever way you choose to explore Wikihood the display format is the same. The map appears on your right and the Wikipedia entries appear on your left. You can expand and read the full Wikipedia entry within Wikihood.

Wiki Field Trip is a neat website for exploring Wikipedia entries about places around the world. Here's how it works, enter a city name on Wiki Field Trip and a series of placemarks appears on a Google Map of that city. Click on any of the placemarks to read the Wikipedia entry for that location.

The Full Wiki offers an interesting mash-up of Google Maps and Wikipedia entries. The Full Wiki takes Wikipedia entries and places them on a Google Map. Your chosen Wikipedia entry is also presented side by side with a Google Map. The Full Wiki is essentially geolocating Wikipedia entries.

One of the standard layers in Google Earth http://www.google.com/earth/index.html is the Wikipedia layer. Students can turn on the layer to access Wikipedia entries that are related to the places they're viewing in Google Earth. To turn on the Wikipedia layer open the "more layers" drop-down menu then select "Wikipedia."


Sunday, July 03, 2011

First there is news about the breach (and speculation as to its size) Then the numbers come out and the story is front page news again. So is it smarter to hide the numbers or to be up front and open? Note that almost every “Best Practice” security process was ignored.

What they won’t tell us, they have to tell HHS: the SRHS breach

By Dissent, July 3, 2011

It was only a matter of time until we found out how many people Spartanburg Regional Healthcare System had to notify about the laptop stolen from an employee’s car in March.

The incident has now been posted on HHS’s breach tool and it appears they reported that 400,000 patients were affected.

The employee was authorized to have the laptop, but why did 400,000 patients have data on it? Was it really necessary that so much data be on a laptop that was permitted to be removed from the premises?

And with so much sensitive data on the laptop – Social Security numbers, names, addresses, dates of birth and medical billing codes – why weren’t the data encrypted?

And why was the laptop left in a car where it was stolen at night?

What were Spartanburg’s security protocols?

Hopefully, HHS will not only obtain answers but take forceful steps to ensure that this doesn’t happen again.



I wonder how this worked?

Facebook/Twitter Banned In Thailand For Election

"In the run up to the July 3rd election in Thailand, use of Twitter, Facebook, and other social media are banned for campaigning and other election related purposes. Offenders face a maximum six months in prison and a 10,000 baht ($330) fine. The ban includes sending short telephone texts and forwarding emails. 'There will be a unit of more than 100 officers to monitor this,' said police spokesman Prawut Thavornsiri of the social media ban. 'If we can track the origin of (an online message) right away, we will block the site and make an arrest. But if the sites are registered overseas and we can't check the origin, we'll first block it and ask the IP (Internet Protocol) providers for further investigation,' Prawut said." [Sounds like instructions on how to bypass the censor... Bob]


(Related) Oops!

http://news.xinhuanet.com/english2010/world/2011-07/03/c_13963129.htm

Opposition Pheu Thai wins election -- Exit polls


(Related) Or you could design the censorship in from the beginning. (And it is easier when all your elections are unanimous)

China Grows Its Own Twitter

"Twitter is banned in China, and the authorities are trying to foster a censored version of the service, but the speed and nature of such services calls into question China's ability to retain control — especially in combustible, highly emotional situations."



I always wanted to build a global economic model...

http://www.bespacific.com/mt/archives/027670.html

July 02, 2011

NYT: World Bank Is Opening Its Treasure Chest of Data

NYT: "Long regarded as a windowless ivory tower, the World Bank is opening its vast vault of information. True, the bank still lends roughly $170 billion annually. But it is increasingly competing for influence and power with Wall Street, national governments and smaller regional development banks, who have as much or more money to offer. It is no longer the only game in town... For more than a year, the bank has been releasing its prized data sets, currently giving public access to more than 7,000 that were previously available only to some 140,000 subscribers — mostly governments and researchers, who pay to gain access to it. Those data sets contain all sorts of information about the developing world, whether workaday economic statistics — gross domestic product, consumer price inflation and the like — or arcana like how many women are breast-feeding their children in rural Peru. It is a trove unlike anything else in the world, and, it turns out, highly valuable. For whatever its accuracy or biases, this data essentially defines the economic reality of billions of people and is used in making policies and decisions that have an enormous impact on their lives."