Saturday, November 26, 2011

Somehow, journalists fail to notice these minor inconsistencies in their stories. How will you convince a jury to convict when the “victim” claims it never happened?
Philippines say arrested hackers funded by Saudi group
Philippine police and the FBI have arrested four people that Manila said were paid by a militant Saudi Arabian-based group to hack into U.S. telecom AT&T's system, but the company said it was neither targeted nor breached.
… "The hacking activity resulted in almost $2 million in losses incurred by the company," the CIDG said in a statement.
… Police said the suspects had hacked into the trunk-lines of different telecom companies, including AT&T, with revenues diverted to accounts of the unnamed Saudi-based group.
… Last month, Philippine police said weak laws against cyber crime and poor technical capabilities had made the country an attractive base for organised crime syndicates involved in cyber pornography, cyber sex dens, illegal gambling, credit card fraud and identity theft.

Tis the season! (A loaf of bread, a jug of wine, and identity theft in the check out line)
Save Mart warns customers to check accounts after skimmers found in 20 stores
November 25, 2011 by admin
Rick Hurd reports:
Modesto-based Save Mart Supermarkets is warning customers at several of its Bay Area stores that their personal banking information may have been compromised.
The company issued a news release Wednesday saying that upon routine maintenance, [Weekly or annual maintenance? Bob] store employees found credit and debit card readers that had been tampered with in the self-checkout lanes of 19 Lucky stores and one Save Mart store.
Read more on Modesto Bee.
[From the article:
The company said the tampered card readers were replaced [Does this suggest that the 'bad guys' replaced the original card readers? Bob] and that enhanced security was added to all of its 234 stores.

When they say this is the minimum you should do, then really mean minimum!
November 24, 2011
FCC Launches the Small Biz Cyber Planner
News release: "The FCC is launching the Small Biz Cyber Planner, an online resource to help small businesses create customized cybersecurity plans. This is the result of an unprecedented public-private partnership between government experts and private IT and security companies, including DHS, NCSA, NIST, The U.S. Chamber of Commerce, The Chertoff Group, Symantec, Sophos, Visa, Microsoft, HP, McAfee, The Identity Theft Council, ADP and others. The online tool is available at By almost any measure small businesses have an outsized impact on our economy and it is critically important that small businesses, a vibrant engine for job and idea creation, are secure using the many broadband enabled tools they need to efficiently run their businesses. According to a survey released in October, 2011 by Symantec and the National Cyber Security Alliance (NCSA), two-thirds of U.S. small businesses rely on broadband Internet for their day-to-day operations. This effort is part of an ongoing program to raise awareness about the cybersecurity risks to small businesses and to help these businesses become cyber-secure. Earlier this year, the FCC and a coalition of public and private-sector partners developed a cybersecurity tip sheet, which includes tips to educate business owners about basic steps they can take immediately to protect their companies. The tip sheet is available at".

We probably need more than a map marked “Here be dragons!” but it's better than nothing.
November 24, 2011
Mapping the Mal Web - The world’s riskiest domains
Mapping the Mal Web - The world’s riskiest domains, by Barbara Kay, CISSP, Secure by Design Group and Paula Greve, Director of Research, McAfee Labs
  • "McAfee has found overall web risk is up from last year. We saw increasing risk in some already risky portions of the web, such as .INFO; some significant reductions in risk within last year’s riskiest TLDs, especially Singapore (.SG) and Venezuela (.VE); and some new areas of concern, including Vietnam (.VN), Armenia (.AM), and Poland (.PL). Next time you search for a celebrity photo or “how to” hint, pay special attention to the top-level domains (TLDs), the last few characters at the end of the URL in the search results. In this year’s Mapping the Mal Web study, McAfee found that web risk climbed to a record 6.2% of more than 27 million live domains we evaluated for this report. If users don’t click with care, simply viewing a page can return much more than they bargained for. This year, more websites contain malicious code that steals passwords and identity information, takes advantage of security holes in browsers, or secretly installs the ingredients that turn computers into zombies...

It's for the children! All immunizations are perfectly safe – trust us!
An anonymous reader writes with news of a plan from the Australian government to cut down on the number of kids who aren't vaccinated. The new scheme will deny family tax benefits to parents whose children don't pass immunization checks. Quoting:
"The FTB supplement, worth $726 per child each year, will now only be paid once a child is fully immunized at these checks. Families are already required to have their child fully immunized to receive Child Care Benefit and the Child Care Rebate. Children will also be required for the first time to be vaccinated against meningococcal C, pneumococcal and chicken pox. Children will also be immunized against measles, mumps and rubella earlier, at 18 months instead of the current four years of age."

Only 9?
9 Reasons Wired Readers Should Wear Tinfoil Hats

...because sometimes the cab driver doesn't know he needs protection until days, even months after the fact? How many police officers are dedicated to cab image scanning?
Cn: Taxi cab recorders bring up privacy doubts
November 25, 2011 by Dissent
It’s not just Oxford City Council‘s plans to install recorders in cabs that has people concerned. Wu Yiyao reports that similar systems are already in place in China:
Wide debate has arisen over the video cameras and sound recorders that have been installed in as many as 6,000 taxis in Nanjing, capital of Jiangsu province.
Critics say the devices infringe upon privacy.
But Xu Hong, director with the Nanjing passenger transportation management office, said they are in fact meant to protect the safety of drivers and the rights of passengers.
The cabs’ recorders will run 24 hours a day and their cameras will be able to take eight pictures a minute.
The sound recordings will be stored in a data collector inside the taxis while the images will be transferred using a global positioning system to the police and to transportation management authorities. If a taxi driver feels endangered, he can press an emergency button that will make the camera start recording uninterruptedly and then send a report to the police.
Read more on China Daily.

It's the little things that make me suspicious...
Biometrics Institute to launch privacy charter
November 25, 2011 by Dissent
Lisa Banks reports:
The Biometrics Institute has announced the launch of its international privacy charter, with the document set to be released next week in Canberra.
Biometrics Institute general manager, Isabelle Moeller, said the guide will provide hands on information to the public about how to follow best practice privacy principals.
Read more on ComputerWorld (AU)
[From the article:
The Institute, earlier this year, released survey results that showed there has been an increase in the number of people who accept biometrics' growing role in society.

Avoiding US spying is both trivial and good business?
Swedish Cloud DBaaS Avoids Patriot Privacy Snag
November 25, 2011 by Dissent
Eric Doyle reports:
Two Swedish companies are taking advantage of the US Patriot Act to drum up some European business.
Severalnines, which offers automation and management software for cloud database provisioning, and the City Network hosting company have banded together to produce “a fully European Database-as-a-Service (DBaaS) solution”. The Severalnines DataCloud service is still in beta under the name of the City Cloud Database Service but is ready to take customers on board.
Read more on eWeek.

This is clever. A you-define-it sensor!
Twine’ Foreshadows A Future Where All Objects Talk To The Internet
Want to be notified to turn on the AC when a room reaches a certain temperature? Or when your laundry’s done? Well MIT Media Lab alumni Supermechanical have built Twine, a sleek 2.5″ rubber square which connects to Wifi and allows objects to “communicate” under certain conditions.
The Twine, which reminds me of a Square from a design simplicity perspective, comes with a web app, ‘Spool’ which allows you to program its sensors with natural language rules like “When: accelerometer is at rest, Then: Tweet” in the case of the laundry done thing, for example.
You can hook up the battery operated Twine to communicate through SMS, Twitter, Email and even HTTP requests if you’re into that sort of thing.
The basic Twine comes with an internal temperature sensor and an internal accelerometer, and the Twine guys are making optional external sensors including a magnetic switch for doors, a moisture sensor and a breakout board for those of you that want to create your own DIY sensor action.

For my techie/geeky students
Programr: Code, Compile & Run Programs In Your Browser
One of the biggest handicaps when trying to learn a new programming language is the lack of proper tools. These may include having access to a server, installing databases and many other tools before you can even write a single line of code. Programr changes all that by letting you do everything in your browser window.
… Supported languages include Java, C++, PHP, C#, J2EE, FLEX, Javascript, AJAX and more. In addition to these, you can also create apps for iPhones and even games. You can create a program/app from scratch or modify an existing one that other users may have saved. Once created, your program can be compiled right within the same browser window with a single click and also executed without requiring additional resources. Each chunk of code can also be downloaded, saved to your profile or embedded anywhere.
Programr is also a social network for programmers. You can browse programs created by other users, post comments on them, view similar programs, see a programmers profile and contact them if needed. It lets you browse programs by language, or programs that have been recently created along with searching for programs using keyword. Programr also has tons of courses that you can take online to learn for a small fees.

Friday, November 25, 2011

I would assume that NASDAQ had outsourced their security. Looks like they aren't managing that too well.
"NASDAQ's aging software and out of date security patches played a key part in the stock exchange being hacked last year, according to the reported preliminary results of an FBI investigation. Forensic investigators found some PCs and servers with out-of-date software and uninstalled security patches, Reuters reported, including Microsoft Windows Server 2003. The stock exchange had also incorrectly configured some of its firewalls. NASDAQ, which prides itself on running some of the fastest client-facing systems in the financial world, does have a generally sound PC and network architecture, the FBI reportedly found. But sources close to the investigation told Reuters that NASDAQ had been an 'easy target' because of the specific security problems found. Investigators had apparently expressed surprise that the stock exchange had not been more vigilant."

Don't go after Facebook, go after the individual... Got it!
No Reasonable Expectation of Privacy on Facebook, Pa. Judge Says
November 24, 2011 by Dissent
Ben Present writes:
Even without appellate case law in Pennsylvania to provide guidance on the discoverability of information on Facebook, the standard is becoming clear: Post at your own risk.
Three courts in this state have now decided that, if a party in a civil case posts information on his or her Facebook page, and that information appears to contradict statements in discovery or testimony, then the party’s Facebook page falls within the scope of discovery.
In the most recent case, Largent v. Reed, a Franklin County judge ordered plaintiff Jennifer Largent to turn over her Facebook username and password to defendant Jessica Rosko, who allegedly caused an auto accident that left plaintiffs Jennifer and Keith Largent with “serious and permanent physical and mental injuries.”
[From the article:
The SCA did not apply to Largent, Walsh said, because Rosko was seeking information directly from the plaintiff rather than serving subpoenas on Facebook, itself. Walsh said the SCA only covered internet service providers, though he acknowledged the "terms are somewhat confusing because they reflect the state of computing technology as it existed in 1986."
Largent joins Zimmerman v. Weis Markets Inc. and McMillen v. Hummingbird Speedway Inc. as defense victories in a sprouting body of case law dealing with Facebook. The apparently lone plaintiff win on the subject in Pennsylvania -- Piccolo v. Paterson -- came after the plaintiffs attorney successfully argued his case was distinguishable from McMillen because there were no allegations his client posted one thing and said another.
… Walsh said making a Facebook page "private" does not shield it from discovery because even private posts are shared with other people.

Isn't this another “go after the individual” case?
Belgacom Can’t Be Told to Block File Sharing: EU
November 24, 2011 by Dissent
Stephanie Bodoni reports:
Belgacom SA (BELG)’s Internet-service provider Scarlet can’t be forced by a national court to block users from illegally sharing music and video files, the European Union’s highest court said.
“EU law precludes the imposition of an injunction by a national court which requires an internet service provider to install a filtering system with a view to preventing the illegal downloading of files,” the EU Court of Justice in Luxembourg said in a statement after today’s ruling.
Read more on Bloomberg.
The European Digital Rights (EDRI) welcomed the ruling:
Today the Court of justice of the European Union ruled that a proposed measure ordering an Internet service provider to install a system of filtering of all electronic communications and blocking certain content in order to protect intellectual property rights was in breach of European law.
This result is hugely important, as it protects the openness of the Internet. The alternative would have been a decision which would ultimately have put all European networks under permanent surveillance and filtering. This would have had major negative consequences for both fundamental rights and the online economy in Europe.
Read more on EDRI.
[From the article:
SABAM wanted Scarlet to filter all peer-to-peer traffic and block potentially unlawful peer-to-peer communications. [That sounds crazy... Bob]

For my fellow teachers...
Jeff Borden and his colleagues at Pearson eCollege have created a directory of 500 e-learning tools. [Excel spreadsheet]

Half my students don't understand me now. Imagine the fun I could have with this!
Say What? Talking Trash Through the Ages
History is full of silver-tongued scoundrels. So if you find yourself in a 19th-century battle of wits, best not to bring a dagger to a musket fight. The solution for any quantum leaper: Jonathon Green’s new book, Green’s Dictionary of Slang, a 6,200-page lexicon spanning more than half a millennium.

Okay, this doesn't help...

Thursday, November 24, 2011

Do we have enough to interest the Class Action lawyers?
"About 200 customers of the Central Maine Power Company recently noticed something odd after the utility installed smart meters in their homes: household electronics including wireless devices stopped working, or behaved erratically. Many Smart Meters broadcast in the 2.4GHz frequency range. Unfortunately, so do many of the consumer gadgets we take for granted these days including routers, electric garage doors, fire alarms, clocks, electric pet fences, answering machines, and baby monitors--even medial devices. [“To save power in peak usage times, we may turn off your pacemaker...” Bob] The electromagnetic congestion in the home is in some ways similar to the growing electronic congestion in hospitals as they acquire more and more electronic monitors all operating within a few feet of each other. Medical equipment has been known to shut down or give erroneous results when positioned close to another piece of equipment. Such interference is not new, just getting worse--rapidly."

Back in the “old days,” police would “change channels” or tell officers to “phone home” (that should be easier today when everyone has a cell phone) Is encryption more for protecting the police from us 'second class' citizens or a real concern that terrorists/criminals will use that information to elude them?
"Police departments around the country are moving to shield their radio communications from the public as cheap, user-friendly technology has made it easy for anyone to use handheld devices to keep tabs on officers responding to crimes and although law enforcement officials say they want to keep criminals from using officers' internal chatter to evade them, journalists and neighborhood watchdogs say open communications ensures that the public receives information as quickly as possible that can be vital to their safety. 'Whereas listeners used to be tied to stationary scanners, new technology has allowed people — and especially criminals — to listen to police communications on a smartphone from anywhere,' says DC Police Chief Cathy Lanier who says that a group of burglars who police believe were following radio communications on their smartphones pulled off more than a dozen crimes before ultimately being arrested. But encryption also makes it harder for neighboring jurisdictions to communicate in times of emergency. 'The 9/11 commission concluded America's number one vulnerability during the attacks was the lack of interoperability communications,' writes Vernon Herron, 'I spoke to several first responders who were concerned that their efforts to respond and assist at the Pentagon after the attacks were hampered by the lack of interoperability with neighboring jurisdictions.'"

For the Computer Forensics students...
Police procedures leaked for getting into Facebook, other accounts
Confidential guidelines telling police how to access Facebook, Microsoft, Blizzard, and AOL user accounts have appeared online this week.
The files, known colloquially as law enforcement guidelines, typically tell police what types of user data are stored, how long they're retained, and what procedures to use to gain access to them.
Here are some highlights [and links Bob] from each company's policies:
Blizzard: Logs of Internet Protocol addresses are kept "indefinitely," according to the company behind World of Warcraft. Sent mail is not retained. Deleted mail messages are not retained.
Facebook: An earlier version of the company's manual from 2008 said that "IP log data is generally retained for 90 days." That statement is missing from the newly-released 2010 version, indicating that Facebook now may store data longer (a company spokesman did not respond to that question).
Microsoft/MSN: Hotmail IP logs are kept for 60 days. MSN TV's Web site logs are kept for 13 days. No logs are kept for conversations taking place through MSN chat rooms and MSN instant messenger. The leaked document is from April 2005, though, and may be out of date.
AOL: IP logs for the AIM and ICQ messaging services are stored for up to 90 days. Customer logs are kept for 6 months. All AOL e-mail, including from portals such as,, and, is stored in its Northern Virginia data center.

Apparently, “not where he was supposed to be” is insufficient.
NY court upholds GPS tracker on worker’s personal car
November 23, 2011 by Dissent
Associated Press reports:
A midlevel New York court on Wednesday upheld the state use of a tracking device on an employee’s private car to investigate whether he was skipping work and falsifying time sheets.
The Appellate Division panel split over whether that secret Global Positioning System tracking in 2008 violated Michael Cunningham’s constitutional privacy rights.
The three-judge majority said the state Labor Department, where Cunningham was director of staff and organizational development for 20 years, had reasonable grounds to start the GPS tracking because Cunningham was disciplined previously for false time records and officials suspected it was continuing. They also concluded that using the device for a month, in an investigation conducted by the Office of Inspector General, was reasonable.
“A search conducted by a public employer investigating work-related misconduct of one of its employees is judged by the standard of reasonableness under all the circumstances, both as to the inception and scope of the intrusion,” Justice John Lahtinen wrote. The labor department “clearly had a responsibility to curtail the suspected ongoing abuse of work time not only to preserve its integrity, but also to protect taxpayers’ monies.”
Lahtinen noted that traditional methods like tailing Cunningham failed, and he was suspected of using his personal car during working hours for some of the suspected abuse. “He could hardly have been surprised to be under investigation,” he wrote.
Justices Robert Rose and John Egan Jr. agreed.
Two judges dissented, saying the GPS use was warranted at first, but tracking the family car for a month was too broad and intrusive to be reasonable.
Read more on WSJ. It’s interesting that one aspect of the dissent was the length of the surveillance. A similar concern was raised in U.S. v. Jones, a case argued before the U.S. Supreme Court this month. A decision on that case is not expected until later next year.
One of the other key aspects of this case is that placing a GPS device on an employee’s personal car resulted in surveillance of family members, 24 hours per day. What privacy rights do they have to be free from such surveillance? If the U.S. DOJ is to be believed, the government can put a GPS on any car at any time without a warrant, but what about a state agency that is investigating a civil matter?
It will be interesting to see what happens with this case on appeal.

I thought my classes were big when I filled the room...
"Stanford University is offering the online world more of its undergraduate level CS courses. These free courses consist of You Tube videos with computer-marked quizzes and programming assignments. The ball had been started rolling by Sebastian Thrun and Peter Norvig's free online version of their Stanford AI class, for which they hoped to reach an audience in the order of a hundred thousand, a target which they seem to have achieved. As well as the previously announced Machine learning course you can now sign up to any of: Computer Science 101, Software as a Service, Human-Computer Interaction, Natural Language Processing, Game Theory, Probabilistic Graphical Models, Cryptography and Design and Analysis of Algorithms. Almost a complete computer science course and they are adding more. Introductory videos and details are available from each courses website."

(Related) What kind of “book” do you need to teach classes on the Internet?
"Most of today's electronic textbooks are re-purposed versions of print books. Nature has published an e-text that departs from the traditional book format and business model. Their Introduction to Biology e-text was created from the ground up and consists of 196 modules rather than a sequential book and the student gets a lifetime subscription for $49. Nature will continuously update the e-text as the science and pedagogy evolve."

Wednesday, November 23, 2011

Crying wolf means you get less press coverage next time... Right?
Feds: No hacking in Illinois water pump failure
By The Associated Press
SPRINGFIELD, Ill. (AP) — Federal authorities say reports that hacking caused a water pump failure in Illinois' capital city aren't true.
Department of Homeland Security spokesman Chris Ortman says initial reports over the weekend about the failure in Springfield were based on raw and unconfirmed data.
He said in a Tuesday statement that detailed analysis by DHS and the FBI found no evidence of a cyber intrusion or any malicious activity. Homeland security officials have said in the past that they investigate every piece of intelligence that comes into the agency.

With apologies to Steve Allen, This Could Be the Start of Something Big (Brother)
Malls track shoppers’ cell phones on Black Friday
November 22, 2011 by Dissent
Annalyn Censky reports:
Attention holiday shoppers: your cell phone may be tracked this year.
Starting on Black Friday and running through New Year’s Day, two U.S. malls — Promenade Temecula in southern California and Short Pump Town Center in Richmond, Va. — will track guests’ movements by monitoring the signals from their cell phones.
Read more on CNN Money.

Hey, I like it. They don't have a “Privacy” or “Security Breach” section yet, but I'll follow the Technology feed for a while...
November 22, 2011
FindLaw Legal Pulse is launched - aggregates topical news and social media
News release: " is introducing FindLaw Legal Pulse, a new content area that offers continuously updated legal headlines from around the world, along with news, photo feeds and analysis from such sources as Reuters, the Associated Press, New York Times and Washington Post. The content covers a broad range of law-related topics -- everything from Supreme Court decisions to legislative updates, everyday legal issues and even sports and celebrity news. FindLaw Legal Pulse offers tangible user benefits -- the news is up-to-date, comes from a rich variety of sources, and is tailored to audiences with legal interests."

Who says America has lost its sense of humor? How come this stuff gets to market and my brilliant idea for an “anti-social” network (Buttfacebook) didn't make the cut?
Tired Of Facebook? Try Facedrink Energy Shot Before Zuck Sues
“It gives you social energy. It gives you taste of friendship.” It’s Facedrink! And you better go buy some because it will be sued out of existence any minute now. Following in the footsteps of the unofficial Mark Zuckerberg action figure, some dude named Barry Moustapha (ROFLCOPTER) has created a lawyer-magnet energy drink. It’s themed with Facebook colors and proudly displays an “Add as Friend” button on the label. I’d be suspicious this was a hoax, but there’s a photo of a real bottle and reviewers confirm it leave a worse taste in your mouth than getting Poked by your dad.

How to be well read, the military version... (General reading?)
November 22, 2011
DOD Reading Lists Aim to Promote Personal, Professional Growth
Reading Lists Aim to Promote Personal, Professional Growth, By Donna Miles American Forces Press Service:
"Legend has it that Alexander the Great slept with a copy of The Iliad, Homer's epic tale set during the Trojan War, under his pillow. Almost 2,500 years later, professional reading remains an important part of the military culture. Every service, most professional military schools and an increasing number of geographic and combatant commands offer up reading programs and reading lists as part of their professional development efforts. In fact, many have multiple reading lists, aimed at different groups within the military at different ranks and stages of their careers. Navy Adm. James G. Stavridis, commander of U.S. European Command and NATO's supreme allied commander for Europe, recently took this initiative to a new level with an online video encouraging all of his command to check out the Eucom reading list. The list is divided into sections with books about different phases of European history, culture and languages, as well as works of literary fiction that provide insight into European culture."

Quantitative measure of “Bragging Rights!”
November 22, 2011
Google Scholar Citations Open To All
Google Scholar Blog: "A few months ago, we introduced a limited release of Google Scholar Citations, a simple way for authors to compute their citation metrics and track them over time. Today, we’re delighted to make this service available to everyone! Click here and follow the instructions to get started. Here’s how it works. You can quickly identify which articles are yours, by selecting one or more groups of articles that are computed statistically. Then, we collect citations to your articles, graph them over time, and compute your citation metrics - the widely used h-index; the i-10 index, which is simply the number of articles with at least ten citations; and, of course, the total number of citations to your articles. Each metric is computed over all citations and also over citations in articles published in the last five years."

Tuesday, November 22, 2011

Interesting non-disclosure. 1 percent is still almost a million customers.
AT&T Customers Targeted by Hack Attack, Company Says
November 21, 2011 by admin
A handful of AT&T customers were targeted Monday by an organized hacking attack that was ultimately unsuccessful, a company spokesman tells
“We recently detected what could have been an organized attempt to obtain information on a number of customer accounts,” AT&T spokesman Mark Siegel told “The people in question appear to have used ‘auto script’ technology to determine whether AT&T telephone numbers were linked to online AT&T accounts.”
Read more on Fox News.
[From the article:
Fewer than 1 percent of customers were targeted, Siegel said, all unsuccessfully.

Oh the horror! My wino-lawyer friends will be devastated.
Gary Vaynerchuk’s ‘Wine Library’ Hacked
November 22, 2011 by admin
Alexia Tsotsis reports:
Earlier today patrons of Wine Library received an email informing them that the credit card information they had used to sign up to the site may have been compromised in a data breach. The site is the hub of NYT Best Selling Author Gary Vaynerchuk’s family business, made famous by his popular and now retired television show Wine
While the email doesn’t reveal how many accounts were impacted, the site likely has hundreds of thousands of users.
The company reveals that it started investigating a possible breach in October when they received initial customer complaints, complaints which increased towards the beginning of November. The company removed all credit card data from its site on November 11th and last week confirmed that an IP address originating in China was used in the attacks.
Read more on TechCrunch.

Kamber Law strikes again! Way to go Scott! ...and while this is not likely to actually cost them $250 per victim, it is an interesting addition to “damages” – an admission that it could cost real dollars to “repair” the damage they caused...
Metacafe Offers Consumers Up To $250 To Settle ‘Super Cookie’ Lawsuit
November 21, 2011 by Dissent
Jeff Roberts reports:
Popular video site Metacafe has joined Quantcast, Interclick and a host of other firms in settling a lawsuit over its use of Flash “super-cookies” – tracking tools that regenerate even after internet users clear their browser. But despite an offer of $250 to compensate the plaintiffs, no one should hold their breath about getting paid.
In a proposed settlement filed on Friday in Brooklyn federal court, Metacafe said it would pay a maximum of $250 to consumers for reasonable expenses they incurred in trying to remove the cookies.
[From the article:
Metacafe’s decision to pay $250 may not be what it seems, however. Before anyone who had the cookies installed on their browser can collect, they must:
submit a request for reimbursement for any out-of-pocket expenses or costs that they believe they incurred for a reason attributable to Metacafe that could not have been remedied by simply removing any HTTP cookie and/or LSOs associated with Metacafe and using readily available tools to do so.

RockYou Proposed Settlement Would Leave Decision Standing
November 22, 2011 by admin
Remember the RockYou breach that was disclosed in December 2009? It still ranks as one of the 10 biggest breaches of all time in terms of number of records involved – 32 million users’ login credentials were involved. A lawsuit over the breach created a buzz last year when it did not get dismissed out of hand for lack of standing or failure to demonstrate unreimbursed financial harm. Now Craig Hoffman reports that there is a proposed settlement in the case:
The parties in the Claridge v. RockYou case submitted a proposed settlement agreement to the court for approval on November 14, 2011. This case, which was filed shortly after RockYou disclosed a breach that compromised 32 million log-in credentials, received national attention in the spring. In April 2011, the California federal district court declined to dismiss the plaintiff’s breach of contract and negligence claims by finding that: “at the present pleading stage, plaintiff has sufficiently alleged a general basis for harm by alleging that the breach of his PII has caused him to lose some ascertainable but unidentified “value” and/or property right inherent in the PII.” Notwithstanding the court’s skepticism concerning the plaintiff’s ultimate ability to prove any actual damages, the court’s recognition of a property right in personal information sufficient to meet the Article III standing requirement was immediately advanced by plaintiffs in other similar cases. Indeed, the RockYou decision and the recent First Circuit decision in Hannaford stand out from the seemingly constant stream of decisions dismissing putative class actions filed against companies who disclose data breaches.
The terms of the proposed settlement will undoubtedly raise some eyebrows because the plaintiff only gets $2,000 while the attorney gets $290,000. But the settlement would prevent a possible loss if the case goes forward and would allow the earlier ruling to stand, which might be of help to others in future cases. You can read more on Data Privacy Monitor.

TSA insists that their scanners are not a health risk.
Airport X-ray scanners bricking Amazon Kindles
If a spate of worrying damage reports are to be believed, owners of the Amazon Kindle should think twice before taking their electronic reader with them on a domestic or international flight.
That’s according to UK newspaper reports that claim the E Ink display screens aboard Kindle devices are becoming irreversibly “scrambled” after passing through airport X-ray scanning equipment.

Looks more like a sanction for “lying to your employees”
French Court of Cassation Sanctions Company for Misuse of a Geolocation Device
November 22, 2011 by Dissent
On November 3, 2011, the Labor Chamber of the French Court of Cassation (the “Court”) upheld a decision against a company that unlawfully used a geolocation device to track the company car of one of its salesmen. Although the company notified the salesman that a geolocation device would be used to optimize productivity by analyzing the time he spent on business trips, the device was in fact used to monitor his working hours, which ultimately led to a pay cut.
Read more about the case and relevant French law on Hunton & Williams Privacy and Information Security Law Blog. French employers do not seem to get cut as much slack as American employers when it comes to monitoring employees.

No doubt US Copyright trolls will copyright this story and sue anyone who runs it...
Will the European Court of Justice stymie attempts to identify Internet users?
November 22, 2011 by Dissent
TJ McIntyre calls our attention to an important opinion:
This time last year I blogged about Bonnier Audio v. Perfect Communication, the Swedish case which questioned whether data retained under the Data Retention Directive could be used in litigation to identify users accused of infringing copyright. In that case five audiobook companies brought an action against Perfect Communication, an ISP, seeking the details of a user who was said to be sharing many popular audiobooks. The ISP, however, resisted the application and argued (in essence) that data retained under the Data Retention Directive could only be used for the purposes of that Directive and not for unrelated purposes such as civil litigation. In a preliminary reference, the Swedish court asked the ECJ the following questions:
* Whether the Data Retention Directive prevents the application of a national rule based on the EU IP Rights Enforcement Directive (2004/48/EC), which provides that an ISP in a civil case can be ordered to provide a copyright owner or a rights holder with information on which subscriber holds a specific IP address assigned by the ISP, from which address the infringement is alleged to have taken place.
* Whether the answer to the first question is affected by the fact that the state has not yet implemented the Data Retention Directive, although the deadline for implementation has passed.
As I said at the time, this has the potential to be a very important case – one in which a ruling against the copyright plaintiffs might well force a revision of the entire approach which Irish and English law takes to identifying internet users. I am surprised therefore that there hasn’t yet been much reaction to the Advocate General’s opinion, issued last Thursday, which comes down largely on the side of the ISP.
Read more about the opinion on IT Law in Ireland. With the caution that there is not yet an official translation of the opinion, the following statement from para 62 is a blockbuster:
There is no reason to favor the owners of intellectual property rights by allowing them to use personal data that have been lawfully obtained or retained for purposes unrelated to the protection of their rights.
Wow. Could that throw a monkey wrench into a lot of copyright and IP infringement cases where plaintiffs want to compel ISPs to disclose user identity information.
Kudos to Perfect Communication for not just turning over the data and trying to protect the privacy or its customers’ data.

Perhaps the court will adopt the “Soma Doctrine” and give the money to those who have proven they can manage it frugally over time... (Attention Ninth Circuit! That's the Privacy Foundation at the Sturm College of Law at the University of Denver)
Circuit Rejects AOL Privacy Settlement, Citing Random Beneficiaries
November 22, 2011 by Dissent
Ginny LaRoe reports that a proposed settlement of a lawsuit against AOL over inserting promotional messages in subscribers’ e-mail footers has hit a snag:
The Ninth Circuit U.S. Court of Appeals on Monday rejected a class action settlement that called for AOL Inc. to give $110,000 to random charities, sending a message that courts should be more careful in doling out money under the cy pres doctrine.
A unanimous panel said the charities had nothing to do with the plaintiffs’ email privacy claims and that too much money was being funneled to Los Angeles groups, despite a class spread out across the country. And the court expressed skepticism about whether judges or mediators should make recommendations on how large sums of money get paid out when the money doesn’t go to the class members.
Read more

If you reallllly wanted to cut Health Care costs, why not bring in the best 'cost cutters' in the world to do it? You can see how much cheaper things would be if you could get a hip replacement on Isle 9...
Walmart’s Early Christmas Gift To The HealthTech Community
Startups thrive on discontinuities and disruption. NPR and Kaiser Health News broke a major story that Walmart intends to become the largest provider of primary care in the country.

Occasionally, I do think about what I do and how to do it better...
Khan's Biggest Impact: Changing the Economics of Education
… Besides growing the faculty of the Khan Academy, Khan is planning to open the system to teachers around the globe who can then use the Knowledge Map to build their own courses and also have access to the in-depth analytic tools Khan Academy is providing at the back-end.
But here is the deal: the content must be put up to Khan Academy’s noncommercial public domain. Noncommercial.

(Related) ...and I'm not the only one.
"Shareable has an interview with librarian Lauren Britton Smedley from the Fayetteville Free Library, which is adding a Fab Lab to its community offerings. She said, 'I think that libraries are really centers for knowledge exchange, and a Fab Lab fits perfectly into something like that. This idea that libraries are a place where the books live, and you go to find a book, and that’s all it is, I think is really starting to shift. Libraries are a place for social transformation. They’re a place that you can go to get computer access, or access to technology that you can’t get anywhere else, and access to people. ... At the Fab Lab, the impetus behind the whole thing was to create a center for knowledge exchange where we’re not just offering Intro to Word or Intro to Excel — that we can offer Intro to Computer Programming, or Digital Fabrication — these skills that are really important in the STEM fields, and we can push that information out for free. And how do we do that? By getting people in the community who know that stuff to come in and share what they know.'"

Free is good.
Textfree Users Have Sent And Received 20 Billion Text Messages, Free Of Charge
Turns out you don’t have to charge an arm and a leg for SMS messages to make money off of texting.
One startup that’s proven this is Pinger, the company behind the massively popular free texting app Textfree. Today, the company is announcing that it’s reached a major milestone: since launching in March 2009, Textfree users have sent and received a total of 20 billion text messages. For free. And they’re sending and receiving another 1.5 billion messages every month (they were growing at 1 billion per month in March of this year).
… Fire up the app for the first time and you’ll be given a new phone number [Talk about lock-in! Bob] that people can text the same way they would any other mobile number. Textfree is available for both iOS and Android, and it’s particularly popular on devices like the iPod Touch, which wouldn’t otherwise have full texting functionality

Monday, November 21, 2011

Local (One commenter suggest a $100 test for the gullibility gene...)
"Parents are being sold on the idea of buying DNA tests for their kids, to find out which sports they will be better at. The company called Atlas is based in Boulder, Colorado; and is selling DNA tests for $160. They are looking for what's called the ACTN-three gene, the gene behind what is called 'fast-twitch explosive muscles.' Children that don't have ACTN-three will be better suited for endurance sports like long distance running or swimming. Children that have a lot of it will be better suited for sports like football, rugby, wrestling, or hockey. Kids that have some ACTN-three will not be the fastest and not the slowest, they don't burn out the quickest and they don't last the longest. They are categorized as capable of playing just about any type of sport they like."

Is there an expectation of privacy on the street?
"More than 250 cameras in Washington D.C. and its suburbs scan license plates in real time. It's a program that's quietly expanded beyond what anyone had imagined even a few years ago. Some jurisdictions store the information in a large networked database; others retain it only in the memory of each individual reader's computer, then delete it after several weeks as new data overwrite it. [There must be a method for recalling this data. Why just capture and delete? Bob] A George Mason University study last year found that 37 percent of large police agencies in the United States now use license plate reader technology and that a significant number of other agencies planned to have it by the end of 2011. But the survey found that fewer than 30 percent of the agencies using the tool had researched any legal implications. With virtually no public debate, police agencies have begun storing the information from the cameras, building databases that document the travels of millions of vehicles."
[From the article:
Scores of cameras across the city capture 1,800 images a minute [We call that 30 frame per second video Bob] and download the information into a rapidly expanding archive that can pinpoint people’s movements all over town.
… “If you’re not doing anything wrong, you’re not driving a stolen car, you’re not committing a crime,” Alessi said, “then you don’t have anything to worry about.”

A challenge for Law School students?
Invitation to a Dialogue: Nameless on the Web?
November 21, 2011 by Dissent
Can you legitimately call yourself a privacy advocate or privacy lawyer if you advocate reducing others’ privacy? I don’t think so, and I was very disappointed to read a letter to the editor in today’s New York Times by Christopher Wolf (@privacywolf). Chris writes, in part:
It is time to consider Facebook’s real-name policy as an Internet norm because online identification demonstrably leads to accountability and promotes civility.
People who are able to post anonymously (or pseudonymously) are far more likely to say awful things, sometimes with awful consequences, such as the suicides of cyberbullied young people. The abuse extends to hate-filled and inflammatory comments appended to the online versions of newspaper articles — comments that hijack legitimate discussions of current events and discourage people from participating.
Read more on The New York Times. The paper is inviting readers to respond to Chris’s commentary and they will publish responses and his rejoinder in their Sunday Review.

This is interesting. Perhaps this is how news should be covered for the “SmartPhone” generation?
By Lauren Rabaino on November 18, 2011 2:37 PM
… First tweets go out, sometimes with no links to additional coverage. Then a few grafs go up on a blog, followed by additional updates, either to the top of that post or as new posts. Eventually, a print story gets started, which is posted through an entirely different workflow onto a different-looking story page. This version is usually written as an hourglass-style narrative, following typical print conventions. For the rest of the day, new updates start going to this story rather than the original blog post.
A few use cases of places doing it right, or at least something closer to right
BBC Live Coverage
When news about the Norway shooters broke a few months ago, The BBC set up a live coverage center where live updates came in a stream in the form of text, photos and blog posts. The dashboard contained updates in realtime of different types. Although it sounds similar to Twitter, the benefit is that BBC owned the platform. They could include updates longer than 140 characters, control formatting, and optionally include tweets, too.

How hard could it be to reconfigure this for Denver?
"As the next redistricting battle shapes up in New York, members of the public have an opportunity to create viable alternatives. Unlike the previously reported crowdsourced redistricting of Los Angeles, the public mapping of New York is based on open source software — anyone can use this to set up their own public web-based redistricting effort."

Geeky stuff
"The world of software is made slightly crazy because of the huge flexibility within any computer language. Once you have absorbed the idea of a compiler written in the language it compiles, what else is there left to gawp at? But... a Java Virtual Machine JVM written in JavaScript seems like another level of insanity. A lone coder, Artur Ventura, has implemented a large part of the standard JVM using JavaScript and you can check the code out on Github. Notice this isn't a Java to JavaScript translator but a real JVM that runs byte code. This means it could run any language that compiles to byte code."
Bonus: on Ventura's website is a set of visual notes from a talk he gave titled "My Language Is Better Than Yours."

More geeky stuff
Wilocity: the 60Ghz wireless revolution begins at CES
If all goes according to Wilocity's plan, the start-up's dream of high-speed wireless networking will take a crucial step toward reality in January.
That's because the company, which is leading the charge for next-generation technology called 802.11ad designed to reach 7 gigabits per second, plans to show off a variety of devices using its technology at the mammoth CES trade show that month.
"We'll be able to show you what your life would be like on 60GHz," said Mark Grodzinsky, Wilocity's vice president of marketing.
… In Wilocity's dream, they will excite people about the possibilities of wireless networking that's faster than what typical computers today can do with a wired connection. For example, a smartphone carried into the office could connect to a keyboard, mouse, and large display. A tablet carried into the den could become a controller for a game shown on the big-screen TV.

Sunday, November 20, 2011

Nice of them to add this to their apology. How could we turn this into the minimum companies MUST do?
TRICARE data breach
11/18/2011 - WASHINGTON (AFNS) -- Science Applications International Corporation is mailing letters to affected military clinic and hospital patients regarding a data breach involving personally identifiable and protected health information.
On Sept. 14, SAIC reported the loss of backup tapes containing electronic health care records used in the military health system to capture patient data from 1992 through Sept. 7, 2011, in San Antonio-area military treatment facilities.
… As directed by TRICARE Management Activity, SAIC will provide credit monitoring and credit restoration services for one year for patients requesting them. The credit restoration services being provided exceeds current industry standards for responding to a data breach.

Take that, IP lawyers,
"Against the backdrop of governments and courts around the world ordering ISPs to block file-sharing sites, European commissioner Neelie Kroes has said people have started to see copyright as 'a tool to punish and withhold, not a tool to recognise and reward. ... Citizens increasingly hear the word copyright and hate what is behind it,' the EU's digital chief said, adding that the copyright system also wasn't rewarding the vast majority of artists."

Global Warming! Global Warming! (I see this as a guide to blaming every disaster, at least in part on global warming.)
November 19, 2011
Special Report on Managing the Risks of Extreme Events and Disasters to Advance Climate Change Adaptation
First Joint Session of Working Groups I and II IPCC SREX Summary for Policymakers, November 18, 2011
  • "This Summary for Policymakers presents key findings from the Special Report on Managing the Risks of Extreme Events and Disasters to Advance Climate Change Adaptation (SREX). The SREX approaches the topic by assessing the scientific literature on issues that range from the relationship between climate change and extreme weather and climate events (“climate extremes”) to the implications of these events for society and sustainable development. The assessment concerns the interaction of climatic, environmental, and human factors that can lead to impacts and disasters, options for managing the risks posed by impacts and disasters, and the important role that non-climatic factors play in determining impacts. Box SPM.1 defines concepts central to the SREX. The character and severity of impacts from climate extremes depend not only on the extremes themselves but also on exposure and vulnerability. In this report, adverse impacts are considered disasters when they produce widespread damage and cause severe alterations in the normal functioning of communities or societies. Climate extremes, exposure, and vulnerability are influenced by a wide range of factors, including anthropogenic climate change, natural climate variability, and socioeconomic development (Figure SPM.1). Disaster risk management and adaptation to climate change focus on reducing exposure and vulnerability and increasing resilience to the potential adverse impacts of climate extremes, even though risks cannot fully be eliminated (Figure SPM.2). Although mitigation of climate change is not the focus of this report, adaptation and mitigation can complement each other and together can significantly reduce the risks of climate change. "

For the Computer Forensic guys...
November 19, 2011
The growing impact of full disk encryption on digital forensics
The growing impact of full disk encryption on digital forensics - Eoghan Caseya, Geoff Fellowsb, Matthew Geigerc, Gerasimos Stellatosd
  • "The increasing use of full disk encryption (FDE) can significantly hamper digital investigations, potentially preventing access to all digital evidence in a case. The practice of shutting down an evidential computer is not an acceptable technique when dealing with FDE or even volume encryption because it may result in all data on the device being rendered inaccessible for forensic examination. To address this challenge, there is a pressing need for more effective on-scene capabilities to detect and preserve encryption prior to pulling the plug. In addition, to give digital investigators the best chance of obtaining decrypted data in the field, prosecutors need to prepare search warrants with FDE in mind. This paper describes how FDE has hampered past investigations, and how circumventing FDE has benefited certain cases. This paper goes on to provide guidance for gathering items at the crime scene that may be useful for accessing encrypted data, and for performing on-scene forensic acquisitions of live computer systems. These measures increase the chances of acquiring digital evidence in an unencrypted state or capturing an encryption key or passphrase. Some implications for drafting and executing search warrants to dealing with FDE are discussed."

Perhaps we should teach a class in jailbreaking?
The mixed reviews so far available for the new Amazon Fire tablet mostly address the Fire in its intended role as a locked-down portal through which to buy and consume ready-made content from Amazon. New submitter terracode writes with a different kind of review, which "goes into depth on the Kindle Fire's hardware, and provides details on how to root and tweak the tablet." The article also provides a friendly chart comparing the hardware in the Fire to that of the Nook Color and the iPad 2.

For my Geeky friends. Think of it as the geeky equivalent of the Sports Illustrated Swimsuit edition...
November 18th, 2011 : Rich Miller