Saturday, December 24, 2011

Does this mean we have a working definition of “An Act of CyberWar?” Where do we draw the line? If some kids tries to access the Pentagon's servers, mistakenly searching for “World of Warcraft” tips, will the NSA fry his computer? (Or send a drone over with a missile?)
"Congress has recently authorized the use of offensive military action in cyberspace. From the December 12th conference on the National Defense Authorization Act, it states,
'Congress affirms that the Department of Defense has the capability, and upon direction by the President may conduct offensive operations in cyberspace to defend our Nation, Allies and interests, subject to: (1) the policy principles and legal regimes that the Department follows for kinetic capabilities, including the law of armed conflict; and (2) the War Powers Resolution.'
According to the FAS, 'Debate continues on whether using the War Powers Resolution is effective as a means of assuring congressional participation in decisions that might get the United States involved in a significant military conflict.'"

Everyone has an opinion. (and a list)
The six worst data breaches of 2011
December 24, 2011 by admin
If you’re looking for the biggest breaches of the year in terms of numbers affected, you can find them over on or in others’ reviews. Certainly there were some really big breaches this year, but those were not necessarily the worst, in my opinion. So here’s my short list of the year’s worst breaches involving personally identifiable information. In chronological order:
1. The HBGary Federal hack.
I don’t claim to be a security expert, but if you’re making the claim, then having your server successfully attacked and all your professional correspondence exposed on the web should be seriously embarrassing. Not only should HBGary Federal have been embarrassed, but the February attack also exposed – and brought into negative public light – a well-known law firm. From a public relations standpoint, this breach was an in-your-face and up-your-left nostril attack that should have put everyone on notice that both data security and the collective known as Anonymous needed to be taken more seriously. In terms of immediate impact, after the firm’s emails became public, the Chamber of Commerce and Bank of America cut all ties with HBGary. Two other firms that had collaborated with them – Berico Technologies and Palantir – also cut ties with them. By the end of the year, however, HBGary CEO Gary Hoglund said that the breach had actually helped their business. Good for them, but not so good for others, perhaps?
2. Texas Comptroller’s Office web exposure incident.
In April, Texas Comptroller Susan Combs reported that the personal information of 3.5 million people had been accidentally disclosed on the web for quite a while – including Social Security numbers, dates of birth and other personal information. No hack necessary to get a goldmine of information for identity theft. Talk about shooting yourself in the foot…
3. The Arizona Department of Public Safety hack.
A hack by LulzSec in June also makes my list of worst breaches of the year. In a politically motivated attack that presaged other “AntiSec” or political attacks, the hackers released personal information on members of Arizona law enforcement and their families. For the rest of the year, releasing personal information on employees and their families became almost routine, despite the fact that the hackers occasionally recognized that calling the exposure of innocent uninvolved people “collateral damage” was not particularly acceptable to many members of the public.
4. The stolen SAIC/TRICARE backup tapes.
There were some massive health care sector breaches this year, but the SAIC breach was particularly bad for a few reasons. Unencrypted backup tapes with medical data on 5.1 million members of the military and their dependents were left in an employee’s car for 8 hours and were stolen. This was not the first time SAIC had unencrypted backup tapes stolen. In fact, it was the second time since 2010. Despite that and other breaches they have had in recent years, they continue to get huge government contracts. Members of Congress have now asked why.
5. Insurance Corporation of British Columbia insider breach.
There’s a lot we don’t know about this breach as yet, but it seems that an employee of the insurance company accessed and then disclosed information on 13 people who were later either shot at or were the victims of arson. Scarily, the employee also accessed information on 52 other people. Will they become victims, too? The RCMP are investigating, but this appears to be one of those breaches where there can be real and serious harm that has nothing to do with ID theft.
6. hack.
Hackers downloaded the entire database of over 26,000 users of, a Norwegian site that includes the sex trade. The downloaded material, which includes images and very personal messages, was dumped on the web. It seems only a matter of time before we start seeing embarrassing revelations about public figures as well as private citizens.
So that’s my short list. Did I leave out your candidate for worst of the year? If so, what was it?

This is going to be really popular! “Would you like some candy, little girl?”
"What do you do when you spend over a billion dollars on products targeted specifically for adults? Simple, just put a device on your pudding dispensing vending machines that scans faces, and denies the delicious food to the kiddies. The Minority Report-like device will apparently judge the age of the individual based on the space between their eyes and ears. If the criteria is not met, the vending machine will shut down and ask the individual to step away from the machine. There are some vending machine combos that this makes sense for, but seriously — pudding?"
[From the Comments: The Japanese Cigarette vending machines with facial recognition were pulled, when they discovered that holding up a scale photo or magazine picture would pass the age check.

Clearly, DA's need guidance and not just about clinging to antediluvian technologies. Perhaps a paper explaining things like the Streisand Effect, Social Networks that don't toss their customers under the bus, etc. We already have plenty of truly bad examples...
Twitter gets subpoena for account info related to OccupyBoston, notifies users
December 23, 2011 by Dissent
This is getting ridiculous. Really.
Twitter received an administrative subpoena via fax [Patented 1843 Bob] on December 14 from the District Attorney of Suffolk County, Massachusetts. The subpoena indicates that pursuant to a criminal investigation by the Suffolk County D.A.’s office and the Boston Police Department, Twitter is to provide, within 14 days,
All available subscriber information, for the account or accounts associated with the following information, including IP address logs for account creation and for the period December 8, 2011 – December 13, 2011:
Guido Fawkes
Yes, you read that correctly. The D.A.’s office is seemingly seeking account information associated with hashtags.
And yes, the account for Occupy Boston is @Occupy_Boston and not @OccupyBoston.
And yes, there are over 30 “Guido Fawkes” accounts on Twitter. Is the D.A. demanding non-content account information on all of them?
If ADA Benjamin Goldberger and Sgt. Detective Joseph Dahlbeck get a lot of ridicule, they may want to consider whether they did their homework before issuing the subpoena.
Unlike the DOJ/Twitter Order, which barred Twitter from notifying users of the order for their non-content data, the D.A.’s subpoena asks Twitter not to disclose the subpoena to users to protect the “confidentiality and integrity of the ongoing criminal investigation.” Twitter notified the users, however, and the Twitterverse is lighting up with protests over what appears to be an attempt to invade the privacy of users who engaged in protected political speech.
As to the stern caution on the cover page of the fax that dissemination, distribution, or copying of the contents of the fax is “strictly prohibited,” well, suffice to say that copies of the subpoena are already posted on a few sites.
When will law enforcement learn that if tries to go after Twitter users’ information, Twitter will do what it can to notify users, and once it has done so, the situation will be broadly disseminated and discussed?
You can keep up with some of the developments on and on Twitter, of course. And of course, I’ll be watching this matter, too, and wondering again why Twitter doesn’t make itself less useful to law enforcement by rolling over IP logs after 24 hours.

(Related) Obviously, you can find experts to help you use technology...
"Brandon Rittiman reports that White House officials launched a Twitter campaign Tuesday to put pressure on Congress to reach a deal extending the payroll-tax cut. Using the Twitter hashtag #40dollars, the White House successfully got thousands of people to respond and explain what a $40 cut to each paycheck would mean to them personally. By Wednesday morning, the #40dollars hashtag started 'trending,' which is what happens when Twitter's algorithms see a topic suddenly surge. It's not easy to create that kind of surge, but the White House has 2.5 million Twitter followers to call upon. Macon Phillips, the President's Director of Digital Strategy, says his team has managed to get a few Twitter topics to rise to the level of 'trending' before — most notably when they began tweeting about the death of Osama bin Laden. 'What's very important about a social-media campaign like this is that regular people are making the point about how this would affect them. It's not us here in Washington trying to argue on their behalf.' says Phillips. 'The #40dollars campaign puts a face on that amount to demonstrate the payroll tax cut's real-world impact on middle-class families.'"

(Related) Can Facebook predict the nominees/winners?
Ron Paul Is The Second Most Popular Republican Candidate On Facebook (And He’s Gaining)
Paul currently has 655,000 fans, half of Romney’s 1.23 million, and a fraction of Obama’s 24.3 million, but he’s well ahead of third-place primary candidate Michele Bachmann. Meanwhile, Newt Gingrich, who has appeared at many points in recent weeks to be Romney’s main Republican challenger, has had pretty minimal growth.

Very interesting idea. Will this catch on?
Volkswagen Blocks BlackBerry Use When Most People Use BlackBerries
The company has worked out a deal with unionized workers at its German sites to throttle their post-work BlackBerry use. VW is going to turn off messaging for these workers a half-hour after the workday ends, and flip the switch back on a half-hour before the next workday starts.
… The idea is to keep employees from feeling chained to their smartphones, and to send a message to bosses that it’s not reasonable to expect employees to be reachable at night, according to the Allgemeine Zeitung.

The article seems to suggest that technology was not the only or even the main driver of the choice – imagine that!
Berkeley Explains Why Google Trumps Microsoft
… Berkeley plumped for Gmail and Google Calendar in part because they’re cheap — Google offers its Apps to schools and colleges for free — but the university looked at far more than just price. This week, it laid out a detailed comparison of Google and Microsoft on its public website.

Useful when collaborating on documents?
Mergely is a useful online tool which can helps users merge text documents and highlight changes made to existing documents. To use the service, all you have to do is paste the original document into the left column and enter the edited version in the right hand corner. The changes which are not present in the revised document will be highlighted and shown in the original document.
Once done, you can save the document and the service will generate a share URL which can be used to send the document to any friend or colleague. If you want, you can even upload documents from your PC and compare them in seconds.

Friday, December 23, 2011

I have alarming visions of a hacker somewhere saying, “So, you steal all our nuclear, military, scientific and business secrets do you? I'm going to retaliate! All your games are belong to us!”
Hacks of Chinese gaming sites may have affected 38,000,000
December 22, 2011 by admin
C. Custer writes:
Yesterday, the Chinese internet was shaken by the news that IT portal and community CDSN has been hacked and data for its more than six million users had been stolen, including usernames and passwords. Today, reports have it that CDSN wasn’t the only site affected.
Duowan, a games site, was hacked and hackers stole the data of its over eight million users. 7K7K, also a gaming site, reportedly lost data for 20 million users, and hackers also got info from 10 million accounts by hacking, another game site.
Actually, aside from the CDSN hack, none of the other hacks have been officially confirmed yet; however, much of the stolen account information has been published online (see, for example, the image of Duowan usernames and passwords above), so the reports appear to be fairly accurate. This certainly appears to be very bad news for Chinese net users — and gamers in particular — but we’ll keep an eye on this and update once more has come to light.
38,000,000? This has been an incredibly bad year for gamers’ information security.
None of the sites appear to have any breach notifications on their home pages at this time.

A beautiful infographic, showing the relative size of 2011 breaches...
Data loss incidents in 2011

Not every hack makes sense. Perhaps this one was done by some evil/geeky ornithologist?
Hacking a turducken? Seriously, folks?
December 22, 2011 by admin posted a curious message to members last week that they should change their passwords. It begins:
If you have an account on this site, you should change your password. Why?
Something strange happened on the site this morning. Our Turducken is Tasty, Tuesday Tech Talk, and How to Do It videos were removed from the site, along with a forum post about Battlemaster.
Nothing else appears to have been changed, but logs were truncated due to SQL server performance issues. So, we can’t exactly pinpoint what happened via Drupal.
We can’t pinpoint what happened via server logs either. There doesn’t appear to be any red flags in our server logs. SQL doesn’t appear to have been compromised, and there’s no evidence of the database being downloaded.
The database contains your: username, hashed and salted password, e-mail address, and any other additional information you provided in your profile.
Read more on LordKaT

French law is different, but technology should be the same. What kind of technical expert failed to prove that you could target specific emails?
FR: Appeal court authorizes seizure of entire electronic mailbox contents
December 22, 2011 by Dissent
Joseph Vogel writes:
Two undertakings that were subject to investigatory searches by the Competition Authority have complained of the mass undifferentiated seizure of their electronic mailboxes. The mailboxes contained items unrelated to the investigation, including personal and private emails and correspondence with the undertakings’ lawyers.
According to the Competition Authority, the current state of IT techniques and the constraints inherent in the search and seizure procedure allow for only the entire contents of company electronic mailboxes to be seized. The authority held that attempting to extract only certain elements would paralyse the investigation for weeks and would affect the integrity of the data extracted.(1) The mere fact that the mailboxes contained certain elements that might be used as evidence of the alleged actions was justification for their integral seizure. The first president of the Paris Court of Appeal confirmed this view, finding in the first case(2) that the administrative authorities had convincingly dispelled the arguments put forward by the expert engaged by the undertakings, who had attempted to demonstrate that it was possible to extract only certain items from mailboxes. The Court of Cassation recently upheld the principle of the seizure of the entire contents of a mailbox on the basis that its items allegedly cannot be seized separately, and considered that the court which reviewed the operations had not been required to appoint experts to find alternative techniques for the seizure of such documents.(3)

Looks like I concentrated on the right stuff after all. HTML5, CSS and image/sound/video content.
"According to new research from HTTP Archive, which regularly scans the internet's most popular destinations, the average size of a single web page is now 965 kilobytes, up more than 30% from last year's average of 702KB. This rapid growth is fairly normal for the internet — the average web page was 14KB in 1995, 93KB by 2003, and 300KB in 2008 — but by burrowing a little deeper into HTTP Archive's recent data, we can discern some interesting trends. Between 2010 and 2011, the average amount of Flash content downloaded stayed exactly the same — 90KB — but JavaScript experienced massive growth from 113KB to 172KB. The amount of HTML, CSS, and images on websites also showed a significant increase year over year. There is absolutely no doubt that these trends are attributable to the death throes of Flash and emergence of HTML5 and its open web cohorts."
If you have a personal home page, how big is it?

Thursday, December 22, 2011

Come on, guys! Really? Unencrypted text?
China Software Developer Network (CSDN) 6 Million user data Leaked
December 21, 2011 by admin
Chinese Software Developer Network (CSDN), operated by Bailian Midami Digital Technology Co., Ltd., is one of the biggest networks of software developers in China. A text file with 6 Million CSDN user info including user name, password, emails, all in clear text leaked on internet.
Read more on The Hacker News.

Bad security is expensive, even in Canadian dollars...
By Dissent, December 21, 2011
Alex Cameron and Sébastien Kwidzinski write:
The Durham Region Health Decision
In Rowlands v. Durham Region Health, the plaintiffs allege that a nurse employed by the Durham Region Health Department lost a USB thumb drive containing personal and confidential health information of over 83,500 patients. The nurse involved had allegedly accessed private patient information relating to H1N1 flu vaccinations received between October 1 and December 16, 2009, including in respect of patients for whom she had not provided care. [A search for “Flu vaccinations” rather than “Nurse Betty's flu vaccinations” would return the extra data. Bob]
The class action was brought following an investigation and Order by the Ontario Information and Privacy Commissioner, which cited a number of breaches of the Personal Health Information Protection Act (PHIPA) by Durham Region Health in relation to this incident. Section 65(1) of PHIPA permits a party to commence a proceeding for damages for actual harm suffered as a result of a contravention of PHIPA.
The plaintiffs in the class proceeding seek $40 million in damages. One of the main bases for damages in the lawsuit is the risk that the confidential information contained in the USB drive might be used to facilitate identity theft. The action is based in, among other things, negligence and breach of the statutory duty to protect patient information.
The court granted certification of the class proceeding pursuant to section 5 of the Class Proceedings Act, largely with the consent of the defendants.
Read more in the newsletter of Fasken Martineau.

Bad Security: We don't need no stinking food/oil!
"The European maritime sector has next to no idea about cyber security, according to a report released by the European Network and Information Security Agency (ENISA). The shipping industry, which carried 52 per cent of goods traffic in Europe in 2010, has 'currently low to non-existent' awareness of cyber security needs and challenges, the report said. ENISA claimed the lack of understanding was evident at every layer of the industry, from government bodies to port authorities and maritime companies."

Interesting perspective.
A Cyberworm that Knows No Boundaries
December 21, 2011 18:18 Source: RAND Corporation
From the abstract:
Iran's announcement that a computer worm called Stuxnet had infected computers that controlled one of its nuclear processing facilities marked a signal event in cyber attacks. Although such attacks were known to be theoretically possible, the incident proved that a cyberworm could successfully infiltrate a system and produce physical damage. Furthermore, the sophisticated nature of the worm and the resources that would have been required to design, produce, and implant it strongly suggest a state-sponsored effort. It has become clear that Stuxnet-like worms pose a serious threat even to infrastructure and computer systems that are not connected to the Internet. However, defending against such attacks is an increasingly complex prospect.

Speaking of boundaries...
Defending Privacy at the U.S. Border: A Guide for Travelers Carrying Digital Devices
December 22, 2011 by Dissent
From EFF:
Our lives are on our laptops – family photos, medical documents, banking information, details about what websites we visit, and so much more. Thanks to protections enshrined in the U.S. Constitution, the government generally can’t snoop through your laptop for no reason. But those privacy protections don’t safeguard travelers at the U.S. border, where the U.S. government can take an electronic device, search through all the files, and keep it for a while for further scrutiny – without any suspicion of wrongdoing whatsoever.
For doctors, lawyers, and many business professionals, these border searches can compromise the privacy of sensitive professional information, including trade secrets, attorney-client and doctor-patient communications, research and business strategies, some of which a traveler has legal and contractual obligations to protect. For the rest of us, searches that can reach our personal correspondence, health information, and financial records are reasonably viewed as an affront to privacy and dignity and inconsistent with the values of a free society.
Read more on EFF and download their free guide by Seth Schoen, Marcia Hofmann, and Rowen Reynolds.
You can also take a self-quiz on border searches and sign a letter to DHS to clarify policies and procedures. I signed the petition after editing it to reflect that as a health care professional who may have to take patient data with me when I travel, I am very concerned that people could just demand access to those data without any protections or probable cause. If you’re concerned, too, why not take a moment and do something for yourself – sign the petition.

According to the original article: “the laptop was password protected and files were deleted.” Looks to me like kids stole it and thought the password was real security...
By Dissent, December 21, 2011
A laptop stolen from a St. Charles employee’s car in late October has been recovered.
The laptop contained personal information from about 140 patients who had been in the emergency room at St. Charles Bend or Redmond. A forensic analysis indicated that someone had attempted to access the laptop but was unable to do so, making it unlikely that personal information was accessed inappropriately.
The laptop was found in brush by an 8-year-old girl riding horseback near Horse Butte at the end of November. It was returned to the hospital by the family Dec. 16.
Source: Bend Bulletin
It’s not enough we hear news of a recovery like this.

Here's a real opportunity for a Health Study! How many frequent fliers have symptoms of radiation poisoning?
Questions Linger on Safety of Airport Body Scanners
Much of the debate surrounding the increasingly common security scanners revolves around their effectiveness and privacy. But the health implications are coming to the fore as the European Union bans x-ray scanners because of health concerns. Many EU nations will instead use millimeter-wave, lower frequency scanners.
Both types use a beam of electromagnetic energy to create an image of a passenger — sans clothing — in an effort to detect weapons and other contraband. Millimeter wave scanners use a portion of the spectrum close to microwaves, while x-ray scanners, of course, use the higher frequency x-ray portion of the electromagnetic spectrum. Both devices collect the scattered waves that reflect off the body to create an image.
The dose of radiation from the x-ray scanners is very low. But whether it is low enough to be harmless remains a lingering question.
A recent report by ProPublica and PBS uncovered concerns over the level of radiation passengers are exposed to. Although the dose is very low, the scanners still violate “a longstanding fundamental principle of radiation safety — that humans shouldn’t be x-rayed unless there is a medical benefit,” the report states. There also is the concern that repeated exposure to even low doses of radiation could be a problem.

Note that it is still okay for them to track you online without telling you they are doing it. They just can't tell you you have a choice when you really don't.
FTC Accepts Final Settlement with Online Advertiser Scan Scout, Which Allegedly Used Flash Cookies to Track Consumers
December 21, 2011 by Dissent
Following a public comment period, the Federal Trade Commission has finalized a settlement order with online advertiser ScanScout, which the FTC alleged deceptively claimed that consumers could opt out of receiving targeted ads by changing their browser settings. The settlement, which was first announced on November 8, 2011, bars misrepresentations about the company’s data-collection practices and consumers’ ability to control collection of their data. It also requires that ScanScout take steps to improve disclosure of its data collection practices, and to provide a user-friendly mechanism that allows consumers to opt out of being tracked.
Source: FTC. More info on the case can be found here.

(Related) Oh look, the FTC knows something about cookies!
December 21, 2011
FTC Guidance - Cookies: Leaving a Trail on the Web
"Have you ever wondered why some online ads you see are targeted to your tastes and interests, or how websites remember your preferences from visit to visit? The answer may be in the “cookies." A cookie is information saved by your web browser, the software program you use to visit the web. Cookies can be used by companies that collect, store and share bits of information about your online activities to track your behavior across sites. Cookies also can be used to customize your browsing experience, or to deliver ads targeted to you. wants you to know how cookies are used and how you can control information about your browsing activities. Here are answers to some commonly asked questions about cookies – what they are, what they do, and how you can control them."

On the other hand... This looks to be a fairly comprehensive audit. Lots of good detail, but it sounds a bit like Facebook PR helped with the wording. Merits a close read...
Ireland’s Facebook audit gives it privacy green light, but with conditions
December 21, 2011 by Dissent
John Kennedy reports:
Ireland’s Data Protection Commissioner has concluded its massive audit of Facebook – the biggest investigation in the agency’s history – and has cleared it of most charges. However, Facebook has agreed to a wide range of ‘best practice’ improvements.
Arising from the audit, Facebook has agreed to ‘best practice’ improvements to be implemented over the next six months, with a formal review happening in July 2012.
Read more on Silicon Republic. Right now, the links from the audit page to the report and its appendices do not appear to be working, but hopefully we’ll have the full report available soon.
Related: Press release on the report from the DPC and Facebook’s response.
And as always, it’s interesting to see the different media spins on this. Fox News trumpets, “Facebook Vindicated in Irish Privacy Audit,” while Kashmir Hill of Forbes reports, “Some Scolding, No Fines For Facebook After Irish Privacy Investigation.”
One wonders what the German DPA’s would have done with this complaint.
Update: The audit is now available online, here (h/t, @steph3n)

A study of “How Revolutions Happen” or “How to be Revolting” depending on your point of view?
December 21, 2011
The Revolutions Were Tweeted: Information Flows During the 2011 Tunisian and Egyptian Revolutions
The Revolutions Were Tweeted: Information Flows During the 2011 Tunisian and Egyptian Revolutions, International Journal of Communication 5 (2011), Feature 1375–1405 1932–8036/2011FEA1375 [via gigaom]
  • "This article details the networked production and dissemination of news on Twitter during snapshots of the 2011 Tunisian and Egyptian Revolutions as seen through information flows—sets of near-duplicate tweets—across activists, bloggers, journalists, mainstream media outlets, and other engaged participants. We differentiate between these user types and analyze patterns of sourcing and routing information among them. We describe the symbiotic relationship between media outlets and individuals and the distinct roles particular user types appear to play. Using this analysis, we discuss how Twitter plays a key role in amplifying and spreading timely information across the globe."

Something for those cold winter nights, and you don't even need to leave the house to get them!
… Where possible, we have included links to free versions of the books, all taken from our Free Audio Books and Free eBooks collections.
If you’re looking for a more extensive list of essential works, don’t miss The Harvard Classics, a 51 volume series that you can now download online.
1.) The Bible (eBook) - “to learn that it’s easier to be told by others what to think and believe than it is to think for yourself.”
2.) The System of the World by Isaac Newton (eBook) – “to learn that the universe is a knowable place.”
3.) On the Origin of Species by Charles Darwin (eBookAudio Book) - “to learn of our kinship with all other life on Earth.”
4.) Gulliver’s Travels by Jonathan Swift (eBookAudio Book) – “to learn, among other satirical lessons, that most of the time humans are Yahoos.”
5.) The Age of Reason by Thomas Paine (eBookAudio Book) – “to learn how the power of rational thought is the primary source of freedom in the world.”
6.) The Wealth of Nations by Adam Smith (eBookAudio Book) - “to learn that capitalism is an economy of greed, a force of nature unto itself.”
7.) The Art of War by Sun Tsu (eBookAudio Book) - “to learn that the act of killing fellow humans can be raised to an art.”
8.) The Prince by Machiavelli (eBookAudio Book) - “to learn that people not in power will do all they can to acquire it, and people in power will do all they can to keep it.”

Sometimes ya gots to like speak their lag-age, ya know?
Tuesday, December 20, 2011
Strunk and White's The Elements of Style comes alive in this fun rap video that I found on Brain Pickings through a Tweet by Open Culture. The three minute hits the fundamentals of good writing as outlined by Strunk and White.
[Lyrics are here:

No one ever calls me to consult for them. More likely they ask me to stop bugging them...
Meet the future of consulting

Some of my readers love Infographics. I must admit that I do too...
Wednesday, December 21, 2011
Infographics are all over the web these days. Some infographics are excellent and some are not, but even the bad ones seem to get passed around. is a website that catalogs infographics from across the web. has more than 5,000 infographics arranged in twenty-one categories. Some of the infographics are useful displays of information and others, like the one below are just for fun.

Every now and then I see an article and say to myself, “Putting that in my blog would just be stooping to silly childish humor.” And then I say to myself, “so how long can you keep a straight face?” It is, after all, just another example of biometric security...
Your Butt Is Your Password in the Anti-Theft Car Seat
Keys can be stolen, remote alarms can be hacked. But your butt-print is yours alone. [Now available as a wall sized poster! Bob]

Wednesday, December 21, 2011

Even relatively small data breaches can have a serious impact...
By Dissent, December 20, 2011
Amanda Bronstad reports that UCLA Health System was sued over a September breach revealed last month. The potential class action lawsuit, filed December 14, alleges violations of California’s Confidentiality of Medical Information Act, which provides for statutory damages of $1,000/per person. At over 16,000 patients, that could cost them $16.3 million plus legal fees and other breach-related costs.
The breach occurred September 6, when an encrypted hard drive was stolen during a home invasion. [Normally, encryption is a “get out of jail free” card. Bob] UCLA reported that although this information was encrypted, the password was written on a piece of paper near the hard drive and could not be located. The files on the drive did not include Social Security numbers or any financial information, but did include first and last names and may have included birth dates, medical record numbers, addresses and medical record information.
Bronstad’s report includes an interesting piece of information, previously unknown to me:
The physician whose home was burglarized had not worked at UCLA since July.
Of course, that doesn’t mean that the physician had no need to still access those records, but it may raise other questions, such as what UCLA Health does to secure patient records when employees terminate. In this case, the drive was encrypted, and it may well be that the piece of paper with the encryption key was merely lost at some other time but went unnoticed until the burglary. The bigger concern I see is that four years’ worth of patient data were on an external drive off premises by someone no longer employed by the health system. Did UCLA know where all those data were? Someone must have known since individual notification letters were sent, but the incident certainly should give us all pause to reflect on how many patients in this country have their data on external devices or portable devices that are outside the covered entities’ premises and that could be stolen or lost – without the covered entity ever finding out (or the patients, for that matter!). This doctor did the right thing by reporting the breach, but how would a hospital know if a former employee still retained data that were subsequently stolen? They might not know.
And that is today’s scary thought of the day.

They have a thermostat connected to the Internet? Cool! Completely unsecured? Stupid! How much sensitive temperature data do you suppose they lost?
"The Wall Street Journal is now reporting that a group of hackers in China breached the computer defenses of the United States Chamber of Commerce. The intrusion was quietly shut down in May 2010, while FBI investigations continue. 'A spokesman for the Chinese Embassy in Washington, Geng Shuang, said cyberattacks are prohibited by Chinese law and China itself is a victim of attacks. ... Still, the Chamber continues to see suspicious activity, they say. A thermostat at a town house the Chamber owns on Capitol Hill at one point was communicating with an Internet address in China, they say, and, in March, a printer used by Chamber executives spontaneously started printing pages with Chinese characters.'"
According the article, the group "gained access to everything stored on its systems" and may have "had access to the network for more than a year before the breach was uncovered."

There are some “services” you really really hope have secured your data...
Norwegian sex scandal brewing?
December 21, 2011 by admin
A new scandal is brewing. According to Harald S. Klungtveit and Anders Johansen Holth of Dagbladet in Norway, hackers have downloaded the entire database of 26,000 users of a sex-exchange (prostitution) site,
The hackers, who refer to themselves as Team Appunity, are reportedly threatening to release the entire database. [Go for it, Dudes! Bob]

There are many problems with censorship. For example: Who gets to know what has been censored? Will all the intelligence agencies and ICE and DHS and local cops know that anyone asking for more than 6 ounces of rock salt is a potential bio-weapons manufacturer? Will the FBI show up to ensure that you are using it (and you better prove you used all of it!) to clear snow from your driveway?
Following up on a disturbing story we discussed in November, Meshach writes
"The United States is asking scientific journals publishing details about biomedical research to censor articles out of fear that terrorists could acquire the information. 'In the experiments, conducted in the United States and the Netherlands, scientists created a highly transmissible form of a deadly flu virus that does not normally spread from person to person. It was an ominous step, because easy transmission can lead the virus to spread all over the world. The work was done in ferrets, which are considered a good model for predicting what flu viruses will do in people.' The panel cannot force the journals to censor their articles, but the editor of Science, Bruce Alberts, said the journal was taking the recommendations seriously and would most likely withhold some information. Are we heading for another Rorschach-style cheat sheet being developed?"

Apparently I'm not the only one noticing this trend...
You say regulate, we say delegate, let’s call the whole thing off? EU and US privacy law
December 20, 2011 by Dissent
Kirsten Sjovoll writes:
It is common ground that there is relatively little common ground between the US and the EU in their approach to data protection and privacy legislation. While the EU operates perhaps the most stringent and comprehensive system of data protection in the world, the US has opted for a more piecemeal approach with a focus on industry self-regulation over a centralised system of legislation. This divergent approach has resulted in some transatlantic turbulence over the years, with the Safe Harbour Agreement which requires US corporations seeking to trade with EU member states to guarantee that they will comply with the stricter EU rules on data protection. In January, the EU will announce even tougher internet privacy restrictions which will have global reach. Amidst growing concerns particularly amongst US-based internet companies that the EU is monopolizing too much of the data discussion, is the US finally taking a more comprehensive approach to privacy?
Read more on Inforrm.
Kirsten was being quite diplomatic or tactful in calling the U.S. approach “more piecemeal.” I would have just called it “half-assed” or dyfunctional.

(Related) Meanwhile, in the US...
EPIC Sues DHS Over Covert Surveillance of Facebook and Twitter
December 21, 2011 by Dissent
EPIC has filed a Freedom of information Act lawsuit against the Department of Homeland Security to force disclosure of the details of the agency’s social network monitoring program. In news reports and a Federal Register notice, the DHS has stated that it will routinely monitor the public postings of users on Twitter and Facebook. The agency plans to create fictitious user accounts and scan posts of users for key terms. User data will be stored for five years and shared with other government agencies. The legal authority for the DHS program remains unclear. EPIC filed the lawsuit after the DHS failed to reply to an April 2011 FOIA request.

(Related) ...and just to prove that geeks tend to be more forward thinking and pro-active that Congress (they put debate off yet again) here is a technical solution to a problem we don't even have yet.
"The Atlantic reports that one developer who doesn't have much faith in Congress making the right decision on anti-piracy legislation has already built a workaround for the impending censorship measures being considered, and called it DeSOPA. Since SOPA would block specific domain names (e.g. of allegedly infringing sites, T Rizk's Firefox add-on allows you to revert to the bare internet protocol (IP) address (e.g. which takes you to the same place. 'It could be that a few members of Congress are just not tech savvy and don't understand that it is technically not going to work, at all,' says T Rizk. 'So here's some proof that I hope will help them err on the side of reason and vote SOPA down.' Another group called 'MAFIAAFire' decided to respond when Homeland Security's ICE unit started seizing domain names, by coding a browser add-on to redirect the affected websites to their new domains. More than 200,000 people have already installed the add-on. ICE wasn't happy, and asked Mozilla to pull the add-on from their site. Mozilla denied the request, arguing that this type of censorship may threaten the open Internet."

Perhaps not so innovative (going after people rather than the Internet services they use) but still I think it is a first.
UK: New Approach to Privacy: AMP v Persons Unknown
December 20, 2011 by Dissent
Andrew Murray writes:
I mentioned on Twitter last week that I was involved in a potentially ground breaking court case but that I couldn’t say any more. Well the judgement came out this morning. The case is AMP v Person’s Unknown [2011] EWHC 3454 (TCC) and the impact it may have is far reaching in terms of an alternative to orders being sought against essentially unregulatable (for the UK courts) offline platforms such as Twitter or Facebook (see entries passim on CTB v Twitter such as this one or my evidence to the Select Committee on Privacy and Injunctions.
Read about the case and some creative lawyering on The IT Lawyer. If you’re wondering how you can stop the flow of files on a torrent site, you’ll want to read the approach as it was successful in getting court approval. Whether it will actually work to stem the flow and dissemination of problematic information is remains to be seen.

Proving I'm no Harvard Scholar, I must admit I don't get it. He seems to be saying that law is like a pendulum, swinging from left to right to left to right... We knew that. The question is, should it come to rest at some point (where, exactly) and should we allow anyone to increase the period of oscillation?
Orin Kerr: An Equilibrium-Adjustment Theory of the Fourth Amendment
December 20, 2011 by Dissent
Orin Kerr has an article in the current issue of Harvard Law Review, “An Equilibrium-Adjustment Theory of the Fourth Amendment.” Here’s the abstract:
Fourth Amendment law is often considered a theoretical embarrassment. The law consists of dozens of rules for very specific situations that seem to lack a coherent explanation. Constitutional protection varies dramatically based on seemingly arcane distinctions.
This Article introduces a new theory that explains and justifies both the structure and content of Fourth Amendment rules: the theory of equilibrium-adjustment. The theory of equilibrium-adjustment posits that the Supreme Court adjusts the scope of Fourth Amendment protection in response to new facts in order to restore the status quo level of protection. When changing technology or social practice expands government power, the Supreme Court tightens Fourth Amendment protection; when it threatens government power, the Supreme Court loosens constitutional protection. Existing Fourth Amendment law therefore reflects many decades of equilibrium-adjustment as facts have changed over time. This simple argument explains a wide range of puzzling Fourth Amendment doctrines, including the automobile exception; rules on using sense-enhancing devices; the decline of the mere evidence rule; how the Fourth Amendment applies to the telephone network; undercover investigations; the law of aerial surveillance; rules for subpoenas; and the special Fourth Amendment protection for the home.
The Article then offers a normative defense of equilibrium-adjustment. Equilibrium- adjustment maintains interpretive fidelity while permitting Fourth Amendment law to respond to changing facts. Its wide appeal and focus on deviations from the status quo facilitates coherent decisionmaking amidst empirical uncertainty and yet also gives Fourth Amendment law significant stability. The Article concludes by arguing that judicial delay is an important precondition to successful equilibrium-adjustment.
You can download the full article from Harvard Law Review, here.

“Beware of geeks bearing gifts.”
After reading this list of “10 Things our Kids will Never Worry About Thanks to the Information Revolution” from Forbes, I was inspired to remind people that technology usually creates just as many problems as it solves. So here’s my list of the new worries created by the Information Revolution.

Something for my geeks is a very specialized search service focused on programming codes and snippets. When you enter a keyword, SearchCode looks through thousands of programming websites, documents and manuals to see if its part of a programming language. If found, not only lists the full command, but also provides the complete syntax of using the command along with examples.
Similar tools:, Chop, MyCodeStock, Snippshot, WP-Snippets, Snipplr, CodeFetch, CodePaste and TextSnip.

Tuesday, December 20, 2011

Fair summary, good editorial.
Looking Back: Top U.S. Privacy Stories of 2011
December 19, 2011 by Dissent
It’s that time of the year: time to look back and reflect on the top privacy stories of the year for Americans. Foregoing any pretext of democratic process, I simply looked back through the headlines I had featured during the year to remind myself of what seemed important to me. Here’s a recap and synthesis of some the biggest privacy news this year:
Consumers increasingly assert right to be free from online tracking or unwelcome sharing of their data.
In 2011, we got into a rhythm that went something like this: researcher or media announce discovery of “feature” or “flaw” in a browser, social media platform, or app that enables collection or transmission of data that consumers had no idea was being collected or shared. Lawsuits ensue. Lawsuits get dismissed.
Congress, aware of growing consumer discontent, proposed some Do Not Track legislation and other bills that would give consumers “baseline” privacy protections. None of the bills were passed, leaving consumers pretty much where we were at the beginning of 2011 as far as federal protections go.
One ray of hope came from the FTC, who reached settlements with Google over their rollout of Buzz and with Facebook over a host of deceptive practices that left users with their private details hanging out for the world to see. The FTC settlements hopefully send a message to businesses that not only is transparency about data collection and use essential, but sometimes, you need to also get explicit consent. That notion of transparency has yet to be embraced by most businesses, however, and most consumers still have no idea as to how long their telecoms retain their data.
Our shrinking online privacy was also reflected in more mainstream web sites and platforms prohibiting users from posting anonymously or pseudoanonymously. In the process of protecting us from anonymous comments or profiles, Salman Rushdie was not allowed to use his own name on Facebook, who insisted he call himself “Ahmed Rushdie.” Once word spread on Twitter, Facebook promptly backed off. As for those of us who post anonymously or pseudoanonymously, apparently businesses respect our privacy but we are reminded that we have no right to keep our identity to ourselves if we wish to participate in public debate on their sites.
Despite the increased risk of breaches, businesses want more, more, MORE data, but damned if they’ll protect it adequately.
By mid-year, some were already calling 2011, “The Year of the Hack.” I will cover the year in data breaches in a separate post over on, but suffice to say that most businesses haven’t learned anything from some of the massive data breaches that occurred this year. They continue to try to amass data instead of purging data that is way past its freshness date or meaningful use date. The more they collect, the more inaccurate information about us is likely to show up in the over 200 databases where businesses sell our data and records. Then, too, the more they collect, the harder it should be for businesses or government to look us in the eye with a straight face and claim that our data can be “anonymized” and safely shared. Despite repeated warnings, many sites continue to store passwords in plain text or easily decrypted MD5 hashes. And despite repeated warnings, users continue to re-use ridiculously simple passwords like “123456″ across sites and accounts.
In light of the DOJ’s urging businesses and telecoms to retain data for longer (allegedly to help them fight child pornography and other crimes), Congress has predictably done absolutely nothing to reverse the dangerous trend of amassing more data. Even when businesses or entities experienced breaches affecting millions of people, Congress did nothing in 2011 to impose reasonable limits on data retention or to mandate better security protection.
Domestic surveillance increases and the DOJ gets by with a little help from its friends.
If anyone still harbored any hopes that President Obama might have a shred of left-leaning tendencies, 2011 should have disabused them of that notion. In a chilling oral argument before the Supreme Court in United States v. Jones, the DOJ claimed that yes, law enforcement can track you 24/7/365 using GPS or other technology-enabled surveillance, and by golly, they don’t need no stinkin’ warrant because we have no “reasonable expectation of privacy in public.”
The Supreme Court will rule on that case next year, but GPS surveillance and access of cell site location data by law enforcement were not the only big DOJ surveillance issues in 2011. At the beginning of the year, we learned that DOJ had used 2703(d) orders to compel Twitter (and other sites) to turn over information on people who had been linked to the WikiLeaks “cablegate” case. Presumably building a case against Julian Assange and WikiLeaks, the DOJ convinced a judge to order companies to turn over non-content data on Assange, PFC Bradley Manning, and three individuals who had been involved with WikiLeaks. The three individuals fought the order, lost, and appealed. They lost again and as the year draws to a close, are appealing again. The “Twitter Order” case, as it came to be called, has significant implications for privacy online, and highlights the need for Congress to update the Electronic Communications Privacy Act (ECPA) and its Stored Communications Act provisions. Those laws are badly in need of updating, but after an initial flurry in Congress with bills being proposed, nothing happened.
Domestic surveillance and intrusions on privacy by government certainly got a helping hand this year. Businesses continue to turn over our data upon request, states continue to enact or propose legislation that permits police to take DNA samples at time of arrest, states tried to get welfare applicants to undergo mandatory drug-testing as a precondition of getting assistance, and the courts held that cell phone searches “incident to arrest” do not require a warrant.
And we don’t know the half of it. Senators Wyden and Udall courageously publicized the fact that the DOJ has a “secret” interpretation of the PATRIOT Act that we, the public, know nothing about. How is their secret interpretation being used against citizens? We have no idea, but never have so few had so much power to trample our privacy and civil liberties.
Not all domestic surveillance increased, however. Following major flaps over intrusive TSA screening last year, TSA introduced less intrusive screeners. Complaints persist, however, as some passengers report finding personal notes in their searched luggage and little old ladies complain of being strip-searched. To date, the TSA has yet to demonstrate how its enhanced screening has actually prevented a single act of terrorism.
The year drew to a close with disturbing stories about the use of unmanned drones for domestic surveillance.
Protecting children’s privacy online is a Good Thing. Protecting it at school? Not so much.
In 2011, Congress considered changes to the Children’s Online Privacy Protection Act (COPPA). Despite Congress’s reported desire to protect children from online hazards and to protect their privacy and an FTC enforcement action, research revealed at the end of the year showed that many parents were actively assisting their children in signing up for over-13-only platforms.
While Congress and the FTC push for regulations that they claim will protect children’s privacy, down the block at the U.S. Department of Education, they’ve decided to go the opposite way and share more of children’s data. Districts that have continued to have breaches that have never been disclosed to government or parents will now be sharing more data, increasing the risk of identity theft.
While the U.S. Department of Education puts more students at risk of privacy breaches and/or identity theft, the powers that be continue to strip students of their privacy rights. It has long been established that students have less protection against search and seizure on school property. But now they also have fewer rights over their online conduct and speech in the privacy of their own homes as school districts decide they can discipline or expel students over online conduct outside of school. Since my editorial on this subject in August 2010, and despite admirable advocacy by the ACLU and other civil liberties organizations, children’s privacy remains at serious risk – from their schools, their government, and to a lesser extent, from businesses.
Of course, those weren’t the only privacy developments of note in 2011, but I think they top my list.
And if you were to ask me which I think is the biggest privacy story of 2011, I’d have to say it’s domestic surveillance – by our government, businesses, and schools.

I wonder if they use any of the tools our State Department is pushing to “Arab Spring” protestors? How is this different, other than we don't like it? Are factual responses not enough?
U.S. Considers Combating Somali Militants’ Twitter Use
The United States government is increasingly concerned about the Twitter account of the Shabab militant group of Somalia, with American officials saying Monday that they were “looking closely” at the militants’ use of Twitter and the possible measures to take in response.

Coming soon to a country near me!
Ca: Privacy Commissioner issues report on BC Hydro smart meters
December 19, 2011 by Dissent
Information and Privacy Commissioner Elizabeth Denham has released a report assessing the privacy and security of BC Hydro’s smart meters.
“It is clear from my investigation that BC Hydro is taking privacy and security seriously as it develops a framework for the implementation of smart meters and a smart grid,” said Commissioner Denham. “But there are areas for improvement.”
BC Hydro is replacing electro-mechanical and digital meters for its more than 1.8 million customers with smart meters. Once fully operational, smart meters will provide hourly information about customers’ electricity consumption. As a result, analysis of household consumption may reveal more information about our daily lives.
The Commissioner found that BC Hydro is complying with the Freedom of Information and Protection and Privacy Act with regard to the collection, use, disclosure, protection and retention of the personal information of its customers. However, the Crown corporation is not in compliance with regard to the notification it provides to its customers about smart meters.
“BC Hydro is required by law to tell their customers the purpose for collecting personal information for the smart meters project, what legal authority they have to do so and to provide contact information for a BC Hydro employee who can answer any questions that arise regarding collection. Hydro is not currently meeting this requirement, and we’ve made some recommendations to help them improve their customer notification,” said Denham.
The report makes 14 recommendations that will improve BC Hydro’s existing privacy and security practices. BC Hydro has committed to put action plans in place to address these recommendations.
“There is still much work to be done by BC Hydro with respect to smart meters and the smart grid. While I am satisfied with the work that has been done to date, my office will continue to take an active role in monitoring this project to ensure BC Hydro is properly considering privacy and security,” said Denham.
The Commissioner’s Office received complaints and correspondence from more than 600 British Columbians about the smart meter program, which prompted the investigation.
Source: Information and Privacy Commissioner’s Office, British Columbia

Them fur-in-ers have a different perspective.
German Data Protection authorities broaden application of German Data Protection Law to foreign social networks and attack the use of social plugins and fanpages
December 19, 2011 by Dissent
Dr Fabian Niemann, Lennart Schüßler, and Ruth Boardman write:
The Düsseldorfer Kreis (“Düsseldorf Circle”), an informal body of all German Data Protection Authorities (“DPAs”), has published a decision concerning the application of German data protection rules to social networks. The decision reflects the common view of all German DPAs and comments (i) on the (very broad) applicability of German Data Protection Law and on (ii) strict conditions for companies using fanpages and/or which include “like-buttons” on their websites. According to the German Data Protection Authorities, such companies are themselves responsible if the operator of a social network collects user data in a non-compliant way.
Read more on Bird & Bird.

Google copyright surveillance would violate EU law, Italian court rules
December 20, 2011 by Dissent
Information society service providers are not obliged to monitor users’ activity in order to identify and prevent copyright infringement because such a requirement would lead to the invasion of users’ privacy, an Italian court has ruled.
Read more on about the ruling.

Meanwhile, in even stranger lands...
Stanford Law Review: SOPA Unconstitutional, Would Break The Internet
The Stanford Law Review has posted a concise and informed takedown of SOPA and PROTECT-IP, the bills currently creeping their way towards votes in their respective legislative bodies.

“Oh well, no big deal, this won't reduce our bonus will it?”
AT&T Drops Its T-Mobile Merger Bid in $4B Fail
… As recently as 11 days ago AT&T said it would not back down (though Chief Financial Officer John Stephens did seem to betray a bit of uncertainty). Instead, AT&T is out $4 billion with nothing to show for a proposed merger that drew instant fire from consumer groups and spectrum geeks.
… Not that AT&T is conceding the merger was a bad idea.

Another example of software that would significantly reduce the risk of Data Theft...
"CryptDB, a piece of database software that MIT researchers presented at the Symposium on Operating System Principles in October, allows users to send queries to an encrypted SQL database and get results without decrypting the stored information. CryptDB works by nesting data in several layers of cryptography (PDF), each of which has a different key and allows a different kind of simple operation on encrypted data. It doesn't work with every kind of calculation, and it's not the first system to offer this sort of computation on encrypted data. But it may be the only practical one. A previous crypto scheme that allowed operations on encrypted data multiplied computing time by a factor of a trillion. This one adds only 15-26%."

For my Ethical Hackers/Broncos fans. “Strangely, the defense looked confused all day.” Just saying...
"The National Football League has been brainstorming with tech and communications companies on how to bring the NFL into the 21st century. Major-league sports are famously technophobic — the NFL outlaws computers and PDAs on the sidelines, in the locker room and in press-box coaching booths within 90 minutes of kickoff. But that may be about to change, which the WSJ's Matthew Futterman speculates could mean:
'Coaches selecting plays from tablet computers.
Quarterbacks and defensive captains wired to every player on the field and calling plays without a huddle.
Digital video on the sidelines so coaches can review plays instantly.
Officials carrying hand-held screens for replays.
Computer chips embedded in the ball and in the shoulder pads (or mouth guards) that track every move players make and measure their speed, the impact of their hits, even their rate of fatigue.'
Part of the impetus for the changes is the chance for a windfall — the NFL's sponsorship deals with Motorola and IBM will expire after this season, and the NFL will be seeking more technology (and presumably cash) from its next technology partner(s)."

Local. I was driving in last night's snow storm (along with a bunch of folks who apparently have never seen snow). I thought the intersection with a Red Light Camera was under a rocket attack – the “flash” must have gone off fifty times in two minutes... Merry Christmas, citizens!
"An audit of accidents at Denver intersections where red light cameras were installed versus increasing the length of the yellow light shows little difference in the results. In a case of putting the public ahead of the corporation, the Denver auditor is recommending canceling the red light camera program unless the city can prove a public-safety benefit."
I hope that private citizens offering analysis or recommendations are treated fairly.

Dude! Don't forget classes start this week!
… We’ve shed light before on how you can replace your texting plan with a few free apps, but Textfree from Pinger really goes a step beyond that.
Textfree is available for both the iOS and Android platform. Both applications are completely free.
… Textfree has a web version of this application. With Textfree Web, you can sign up for a brand new Textfree texting number or login to your existing Textfree account and go from car to desk like nothing ever even changed!
Once logged in, sending texts from your desktop is just as easy as it was from your mobile app. It’s a whole different approach when compared to the 10 other sites to send texts from that we’ve reviewed because of the synchronization between desktop and mobile. You have your own dedicated number, also. It’s more like Google Voice than anything else.

Are you paranoid enough?
… What I was looking for was a way to securely encrypt and password protect my bookmarks. I found two:
Link Password encrypts a URL and stores it as a bookmark in your bookmarks folder. It functions without a hassle and is a single click operation if you discount the password you have to enter twice for verification.
… I haven’t found a solution like Link Password that will protect only the bookmarks in Chrome. But the Chrome extension called Secure Profile enables you to protect the entire Chrome profile you are using. The simple Chrome extension stops unauthorized use of your browser, thus protecting your bookmarks from unneeded access. After installation, you have to set the password for the profile you are using (or the default one).
… Industry grade security solutions like TrueCrypt can also be used to make your bookmarks hack proof. Here are a few bulletproof security tips you can consider:

Help yourself to all you can afford!
Monday, December 19, 2011
The Internet is full of ebooks. Much to the chagrin of textbook publishers, some teachers are now using ebooks instead of issuing textbooks to students. Others are building their own etextbooks. [Being truly lazy, I plan to have my students create the textbook (Which I will then offer for sale) Bob] If you would like to find some free ebooks that you and your students can use take a look at the following resources.
Planet eBook is a free service where teachers and students can find classic literature titles available as free downloads.
Flat World Knowledge provides free textbooks created by experts in various academic fields.
E-Books Directory contains more than 6000 titles. The E-Books Directory provides freely downloadable textbooks, documents, and lecture notes.
Free Book-s is a search engine that scans many collections of ebooks to find free content that matches your search.
Google Books hosts thousands of books that are in the public domain. Many of the public domain books can be viewed and downloaded in their entirety for free.
Sciyo is a free service that allows scientists to publish their works and connect with other authors. Works published on Sciyo are made available for free to visitors.
Neotake is a search engine for ebooks that offers a nice community option.
Many Books is a service that has indexed more than 29,000 free ebooks that are available in a variety of formats for a variety of devices.
The Open Library is a part of the Internet Archive. The Open Library is a collection of more than one million free ebook titles.

Free is good! (Even if you do have watch a few ads.)
It's available for free, and it lets you invite up to 200 people to be part of the same web conference. You can chat, broadcast videos, display images and also have your whole screen shared with all the people you've invited. And something that's really interesting is that you can sell tickets for your online event.