Friday, June 01, 2012
For my Ethical Hackers. An “excerpt” timed to help promote his book? Something to consider in light of “A Just CyberWar”
Obama Order Sped Up Wave of Cyberattacks Against Iran
… Mr. Obama decided to accelerate the attacks — begun in the Bush administration and code-named Olympic Games — even after an element of the program accidentally became public in the summer of 2010 because of a programming error that allowed it to escape Iran’s Natanz plant and sent it around the world on the Internet. Computer security experts who began studying the worm, which had been developed by the United States and Israel, gave it a name: Stuxnet.
Did the breach occur at all four locations simultaneously, or at some third-party processor? Will the state even bother to follow up and find out?
A Six-Figure Credit Breach at Five Guys
June 1, 2012 by admin
I hate it when we only find out about data breaches from lawsuits, but at least we find out. Marlene Kennedy of Courthouse News reports:
Five Guys burger joints failed to safeguard their data, giving hackers access to the accounts of debit-card-paying customers, a bank claims in court.
Trustco Bank says the hackers racked up more than $89,800 in charges on the accounts of clients who visited Five Guys restaurants in Albany, Schenectady, Warren and Saratoga counties.
The defendants in the complaint, filed in Schenectady County Supreme Court, are RSVT Glenmont LLC, RSVT Niskayuna LLC, RSVT Queensbury LLC and RSVT Saratoga Springs LLC. Each operates a Five Guys restaurant in the communities listed in their names.
The unauthorized transactions – Trustco counted 376 – occurred in November and December 2011, according to the complaint.
Read more on Courthouse News. Kennedy reports that according to the complaint, the affected restaurants “never provided notification to … customers of the security breach,” as required by New York law.
So what will NYS do, if it even knows about this lawsuit?
“It's not that we dislike “public debate,” we just don't see any reason to help it along.”
"The House Appropriations Committee is considering a draft report that would forbid the Library of Congress to allow bulk downloads of bills pending before Congress. The Library of Congress currently has an online database called THOMAS (for Thomas Jefferson) that allows people to look up bills pending before Congress. The problem is that THOMAS is somewhat clunky and it is difficult to extract data from it. This draft report would forbid the Library of Congress from modernizing THOMAS until a task force reports back. I am pretty sure that the majority of people on slashdot agree that being able to better understand how the various bills being considered by Congress interact would be good for this country."
“We don't want them screwing up the Internet, that's our job!”
"In a rare show of bipartisan agreement, lawmakers from both sides of the aisle warned this morning that a United Nations summit in December will lead to a virtual takeover of the Internet if proposals from China, Russia, Iran, and Saudi Arabia are adopted. Called the World Conference on International Telecommunications, the summit would consider proposals including '[using] international mandates to charge certain Web destinations on a "per-click" basis to fund the build-out of broadband infrastructure across the globe' and allowing 'governments to monitor and restrict content or impose economic costs upon international data flows.' Concerns regarding the possible proposals were both aired at a congressional hearing this morning and drafted in a congressional resolution (PDF)."
What does it take to convince Congress? (Nothing. Their mind are already made up.)
May 31, 2012
EFF - Review House Hearing on Warrantless Wiretapping and the FISA Amendments Act
News release: "This morning, the House Judiciary Committee held an important hearing on the FISA Amendments Act (FAA) and the scope of the NSA’s warrantless wiretapping program. The FAA, which gutted privacy protections governing the interception international phone calls and e-mail to and from the United States, is set to expire at the end of the year, and Attorney General Eric Holder says it is his “top priority” to see it renewed."
This does not extend to inconsequential Blogs... Also, Just because they are in the minority makes no difference?
Judge says authors can sue Google
A judge filed a ruling today that gives authors, photographers, and illustrators the green light to sue Google.
The ruling allows the drawn-out court case -- over Google Books' practice of scanning book out of print and copyrighted content for Web searches -- to move forward. The suit will now determine if Google's argument that it has a fair-use defense has any merit.
… Google had tried to argue that the Authors Guild and an illustrators and photographers' group should be taken off the suit. According to the suit, Google said a class action suit is not justified because many authors wanted their books scanned. The company points to a survey in which over 500 authors, or 58 percent of those surveyed, "approve" of Google scanning their work for search purposes.
"Google's argument is without merit," Chin wrote. "The lead plaintiffs are adequate representatives of the class."
Read the entire ruling, posted by the Public Index, here.
The problem with “We don't like you” lawsuits...
Judge Frees Google’s Android From Oracle Copyrights
The federal judge refereeing the billion-dollar fight between Oracle and Google over the Android operating system has dismissed Oracle’s claim that the Java APIs used by Android are subject to copyright.
The APIs are application program interfaces, code that lets one piece of software talk to another. The general assumption has long been that APIs aren’t subject to copyright. But in suing Google over Android, Oracle insisted that they were, and after a six-week trial, the company’s efforts to win serious damages from Google came down to this single point.
But on Thursday, Judge William Alsup ruled that Oracle does not have the exclusive rights to the structure, sequence, and organization the 37 Java APIS in question.
“To accept Oracle’s claim would be to allow anyone to copyright one version of code to carry out a system of commands and thereby bar all others from writing their own different versions to carry out all or part of the same commands,” read the ruling from Alsup. “No holding has ever endorsed such a sweeping proposition.”
(Related) Watch out when a judge does his homework! (I just love these little 'smack downs.')
Judge William Alsup: Master of the court and Java
… Alsup acknowledged during the trial that he had learned about Java coding to better prepare for the case, and it showed. On a daily basis, he would deftly query the lawyers and expert witnesses on the structure, sequence, and organizations of APIs to assist the jury in understanding the key facets of the copyright phase of the trial.
In one episode, Oracle's star lawyer, David Boies, who bested Bill Gates in U.S. v. Microsoft case and represented Vice President Al Gore in Bush v. Gore in front of the Supreme Court, was arguing that Google copied the nine lines of rangeCheck code to accelerate development to gain faster entry into the mobile phone market.
Alsup told Boies, "I have done, and still do, a significant amount of programming in other languages. I've written blocks of code like rangeCheck a hundred times before. I could do it, you could do it. The idea that someone would copy that when they could do it themselves just as fast, it was an accident. There's no way you could say that was speeding them along to the marketplace. You're one of the best lawyers in America --how could you even make that kind of argument?"
Oracle plans to appeal Alsup's ruling. The company faces an uphill battle given the judge's ruling is rich in context, with detailed deconstructions of the Java language and APIs, as well as the expected legal citations and examples. It will likely serve as a textbook for future cases involving intellectual property rights and computer programming languages.
Something like the Nature Conservancy for music?
"Following Tuesday's story about MuseScore releasing its open source recording of the Goldberg Variations, the Musopen project has released ProTools files from its open source recording project. The final edited recordings are still being worked on but it seems we're living in very interesting times regarding open source classical music."
Musopen is a non-profit dedicated to providing copyright free music content: music recordings, sheet music and a music textbook. This project will use your donations to purchase and release music to the public domain. Right now, if you were to buy a CD of Beethoven's 9th symphony, you would not be legally allowed to do anything but listen to it. You wouldn't be able to share it, upload it, or use it as a soundtrack to your indie film- yet Beethoven has been dead for 183 years and his music is no longer copyrighted. There is a lifetime of music out there, legally in the public domain, but it has yet to be recorded and released to the public.
For my Ethical Hackers...
"Apple has released a detailed security guide for its iOS operating system, an unprecedented move for a company known for not discussing the technical details of its products, let alone the security architecture. The document lays out the system architecture, data protection capabilities and network security features in iOS, most of which had been known before but hadn't been publicly discussed by Apple. The iOS Security guide (PDF), released within the last week, represents Apple's first real public documentation of the security architecture and feature set in iOS, the operating system that runs on iPhones, iPads and iPod Touch devices. Security researchers have been doing their best to reverse engineer the operating system for several years and much of what's in the new Apple guide has been discussed in presentations and talks by researchers. 'Apple doesn't really talk about their security mechanisms in detail. When they introduced ASLR, they didn't tell anybody. They didn't ever explain how codesigning worked,' security researcher Charlie Miller said."
Might be just what I need to have my computer up and running each morning when I start my Blogging... (How's your German?)
Sleep Timer … allows you to have your computer turn off, restart or go to sleep whenever you need it to.
The program is super easy to use, and it takes up almost no memory. The application requires no installation, so you can run it from a flash drive and take it with you. You can set it to make your computer restart, go into hibernation mode or shut down completely, and they are all easy to set up.