Saturday, February 04, 2012

Looks like 16 inches of “Al Gore won't shovel it because it is too warm to” snow.

No doubt it will be useful to show my Ethical Hackers exactly how the “Pros” do it...
Anonymous Eavesdrops on FBI Anti-Anonymous Strategy Meeting
As FBI and Scotland Yard investigators recently plotted out a strategy for tracking suspects linked to Anonymous, little did they know that members of the group were eavesdropping on their conference call and recording their plans.
The online vigilante group has released a 17-minute clip of a Jan. 17 conference call between investigators discussing evidence gathered against members of the group as well as upcoming plans for arrests. The group also released an e-mail sent out by an FBI agent to law enforcement agents around the world with a phone number and password for accessing the conference call.
The FBI has confirmed to the Associated Press that the recording is authentic.

Help Google “Do no evil.”
Hide From Google
Google started off the new year by announcing that they will be changing their privacy policies so that they can create more detailed profiles of their users. Starting March 1st, 2012, Google will combine information from user’s Gmail, Google Search history, YouTube, and other services.
… Because we have come to rely on web services so much in our day-to-day activities, it simply isn't an option to stop using search, webmail, and social networking. But there are ways for heavy users to keep a low profile so that, should Google turn decidedly evil, you won't be completely at their mercy. If you are concerned about the amount of information that Google knows about you for whatever reason, here are some techniques you can use to guard your privacy online.

Did they really try to “own” your content and are now backing down?
Apple to Authors: Content You Make in iBook App is Yours, Not Ours
Apple has amended a controversial clause in the end-user license agreement of its recently introduced iBooks Author e-book creation app. The first version could be read as saying that any e-book created or edited in iBooks Author could only be sold exclusively in Apple’s store.
The new EULA of iBooks Author 1.0.1, released Friday, makes it clear that content created inside iBooks Author belongs to authors, and can be sold on any other e-book platform; only files encoded in Apple’s proprietary .ibooks format are limited to Apple’s iBooks store. iBooks made in iBooks Author can still be distributed for free anywhere.

No doubt all my students will want the “dogs barking the Darth Vader theme” as a ringtone...
Have you found a YouTube video that you want to set as your phone’s ringtone? Normally to do this, you will first need to download the video, then pass it through a video-to-audio conversion app. You might also need a separate application to extract the part of the audio that you need. But all of this can be done using a single web app called YouTube to Ringtone Converter.

Perhaps a similar Infographic for Educators would be useful?

...because governments know more that school boards (just ask them.) No doubt this is based on hundreds of independent, scientifically valid studies... What? It's not? Not even a few studies? None at all? How entirely government like... (Strange how Apple made their big e-textbook announcement just a few days earlier.)
On February 1, the FCC and the Department of Education unveiled a "Digital Textbook Playbook" (PDF), a guide to help K-12 schools makes the transition from printed textbooks to digital ones. According to FCC Chairman Julius Genachowski, the goal is to get all students in the U.S. using digital textbooks in the next five years.

Friday, February 03, 2012

If you can't reach all the infected computers (by pushing your own virus?) you can't kill off this bot...
"A botnet that was crippled by Microsoft and Kaspersky Lab last September is spamming once again and experts have no recourse to stop it. The Kelihos botnet only infected 45,000 or so computers but managed to send out nearly 4 billion spam messages a day, promoting, among other things, pornography, illegal pharmaceuticals and stock scams. But it was temporarily corralled last September after researchers used various technical means to get the 45,000 or so infected computers to communicate with a "sinkhole," or a computer they controlled."
[From the article:
Researchers knew that it would only be a matter of time before its controller used the botnet's complex infrastructure of proxy servers and communication nodes to regain control.

Your body manufactures all sorts of chemicals. Will OSHA want to inspect your adrenal gland?
"A non-surgical procedure that treats joint pain involves removing stem cells from a patient's blood and reinserting them into the joint. The facility conducting these procedures resides in Colorado, but because it orders equipment to perform the procedure from outside of Colorado, the FDA claims it must regulate this process and that it can classify stem cells as a drug. This issue opens the debate of what the FDA, or other regulatory bodies, may regulate within each of our own bodies."
Quick: Name five activities with no possible plausible effect on interstate commerce.

A carefully timed announcement: The Copyright Corps rides again! I'm sure their thrilling theme music would be playing in the background if there wasn't a question about who owned the Copyright...
Feds Seize 307 Sports-Related Domains Ahead of Super Sunday
Federal authorities said Thursday they had seized and shuttered 307 domains, 16 allegedly engaged in unauthorized live sports streaming and the remainder accused of selling fake professional sports merchandise, including National Football League paraphernalia.
The seizure, the biggest to date under the Immigration and Customs Enforcement crackdown known as Operation in Our Sites (.pdf), brings to more than 650 domains shuttered since the program began in June 2010. The latest seizures, which quietly began in October, were announced days ahead of Super Sunday

(Related) Because you never purchased that music, you only rented it. But you can't sub-lease it either. In fact, you have no rights what-so-ever. (Next year we're going to introduce “Per Ear Pricing!” because you have no right to listen with two ears when one will do the job)
Online Market for Pre-Owned Digital Music Hangs in the Balance
The future of a one-of-a-kind website enabling the online sale of pre-owned digital-music files is in the hands of a federal judge.
ReDigi, which opened in October, provides account holders with a platform to buy and sell used MP3s that were purchased lawfully through iTunes. The platform’s technology does not support other music.
Among other points, the case weighs the so-called first-sale doctrine, the legal theory that people in lawful possession of copyright material have the right to sell it.
A federal judge sided with that principle in 2008, when it debunked UMG Recordings’ claim that it retained perpetual ownership of promotional CDs it releases before an album’s debut. Last year, however, a different court ruled against now-defunct online service Zediva, which streamed movies to customers via DVDs that Zediva had purchased.

Except if you cross the border? TSA is expanding into bus & train travel. It could be important to know what they can and can't do... Also, would this argument cover smartphones and computers? (The answer here is yes!)
Federal court – warrantless search of protestor’s video cam violated Fourth Amendment
February 3, 2012 by Dissent points to a recent news story out of Oregon that searching a videocam without a warrant, even incident to an arrest, is a Fourth Amendment violation. Bryan Denson reports:
The rules of engagement became clearer in Eugene’s U.S. District Court last week, when a civil jury determined that a city police sergeant violated an environmental activist’s constitutional protections against illegal search and seizure during a 2009 leafletting campaign outside a bank.
The eight-person panel determined that Sgt. Bill Solesbee arrested environmentalist Josh Schlossberg without probable cause and used excessive force. But it was Solesbee’s next act that sent legal minds across Oregon into hyperdrive: He seized the environmentalist’s video camera without a warrant.
That’s the electronic equivalent of police walking off with several file cabinets of private papers without benefit of a judge’s signature, said Lauren Regan, Schlossberg’s lawyer.
U.S. Magistrate Judge Thomas Coffin ruled in a pretrial hearing in the Eugene case that Solesbee violated Schlossberg’s Fourth Amendment rights by searching the contents of his camera without a warrant. That ruling marked the first time that a federal court in Oregon weighed in on warrantless seizures of digital devices. [Where have they been all these years? Bob]
Read more in The Oregonian.
While this is a great decision for privacy advocates, I note the court reached a different conclusion than other federal courts confronted with similar issues about whether devices are “containers” that can be searched without a warrant if incident to an arrest. In his opinion, Magistrate Judge Coffin explains:
I find that warrantless searches of such devices are not reasonable incident to a valid arrest absent a showing that the search was necessary to prevent the destruction of evidence, to ensure officer safety, or that other exigent circumstances exist.3 I further find that it is impractical to distinguish between electronic devices–between a laptop and a traditional cell phone or a smart phone and a camera, [YES! Bob] before an officer decides whether to proceed with a search of the electronic device incident to arrest. A rule requiring officers to distinguish between electronic devices is impractical. It would require officers to learn and memorize the capabilities of constantly changing electronic devices. A primary goal in search and seizure law has been to provide law enforcement with clear standards to follow. In sum because an electronic device like a camera has a high expectation of privacy in its contents, an officer may not review the contents as a search incident to arrest. Instead, the officer must obtain a warrant unless exigent circumstances exist. Donald, 335 at 455-56 (“Absent some grave emergency, the Fourth Amendment has interposed a magistrate between the citizen and the police. This was done not to shield criminals nor to make the home a safe haven for illegal activities. It was done so that an objective mind might weigh the need to invade that privacy in order to enforce the law.” )
Accordingly, I find that Solesbee violated the Fourth Amendment when he viewed the contents of plaintiff’s camera without first obtaining a warrant.

Mention software like this to anyone in the US and you get that blank stare that tells me they have never heard of such a thing. “It can't work here, [insert vendor name here] told me so.”
Open Source Tackles Healthcare In Places Microsoft Can’t
… Under the aegis of their nonprofit, eHealth Nigeria, Castle and Thompson have built a digital records system meant to eventually serve healthcare facilities across the region, but it doesn’t use the sort of specialized health care software in U.S. or even everyday database software. There’s no Kaiser software. And no Microsoft. The system is based on OpenMRS, an open source health records system designed specifically for use in underdeveloped regions.
First created in 2004, OpenMRS is now used in countries across the globe, including Rwanda, Mozambique, Haiti, India, China, and the Phillipines.

Thursday, February 02, 2012

“Surprise, surprise, surprise!” Gomer Pyle
By Dissent, February 1, 2012
Dan Bowman reports on a new report by Redspin that analyzed breaches reported to HHS:
According to the report, nearly 40 percent of all major PHI breaches occurred on a laptop or other portable media device, a problem the authors say isn’t likely to go away anytime soon.
In the last year alone, data breaches stemming from employees losing unencrypted devices spiked a whopping 525 percent, according to the report. Total records breached in that same span nearly doubled (97 percent), increasing the average number of patient records per breach from nearly 27,000 to more than 49,000.
Read more on FierceHealthIT.

(Related) There's encryption and then there's good encryption...
FileVault 2 easily decrypted, warns Passware
… In a statement (PDF) issued this morning, password recovery company Passware has claimed that it can fully decrypt a FileVault-encrypted Mac disk within an hour. Using a live-memory analysis approach via the system's FireWire connection, Passware says its utilities can sample system memory and extract the encryption key for FileVault disks. The process apparently takes no more than 40 minutes, regardless of the length or complexity of the password used.

By Dissent, February 2, 2012
Mark Meredith reports:
A Denver area non-profit medical group is asking customers to beware of hackers after the group discovered patient data had been compromised.
“On Monday, December 5th, 2011, Metro Community Provider Network became aware that a hacker potentially accessed the personal health information of some of our patients’ personal health information,” said the Metro Community Provider Network in a statement on its website.
The group believes hackers may have accessed patient names, phone numbers, and medical conditions. It’s not believed that hackers were able to access billing information like credit cards.
Read more on KWGN.
The group’s notice to patients is prominently linked from their home page. The statement indicates that the compromise occurred because employees fell for a phishing attempt:
On Monday, December 5th, 2011, Metro Community Provider Network became aware that a hacker potentially accessed the personal health information of some of our patients’ personal health information. We identified the date of the information breach to be Monday, December 5th, 2011; the same day we became aware of the breach. We are notifying affected individuals in as timely a manner as possible so they may take swift personal action along with our organization’s efforts to reduce or eliminate potential harm. The incident involving protected health information was a result of an email phishing scam. In this incident; a hacker sent an email to several of Metro Community Provider Network’s employees that claimed to be from a trusted source. The email asked for the employee to click on a link and provide login information. This was then used to gain access to the employee’s confidential emails. It is important to note that none of our employees had any intention to cause patients any harm, nor did they have any intention of allowing a hacker to access personal information; they were victims of a scam. [Interesting phrase to include... Bob]
The information that has potentially been accessed includes patients’ names, phone numbers, dates of birth, diagnoses (limited to diabetes, hypertension, hyperlipidemias and weight loss) and MCPN internal account numbers. No credit card or bank account information of any kind was accessed by the hacker. Approximately 2000 patients may have been affected.

Apparently, the downside isn't significant...
Exclusive: Hacked companies still not telling investors
… Top U.S. cybersecurity officials believe corporate hacking is widespread, and the Securities and Exchange Commission issued a lengthy "guidance" document on October 13 outlining how and when publicly traded companies should report hacking incidents and cybersecurity risk.
But with one full quarter having elapsed since the SEC request, some major companies that are known to have had significant digital security breaches have said nothing about the incidents in their regulatory filings.

“Only you can prevent forest fires.” S. Bear Question: Given that someone has the ability to shutdown the US, what would be the most advantageous time to strike? (strategic v. tactical?)
Can Homeland Security prevent a cybersecurity critical infrastructure disaster?
The U.S. is headed toward a "cybersecurity disaster," according to a Bloomberg Government study. The Ponemon Institute said that to stop 95% of the cybersecurity attacks, companies would need to spend nine times as much, which would "boost spending to a group total of $46.6 billion from the current $5.3 billion." Bloomberg reported, "Hardening those systems would require a significant investment given the increasing stealth and sophistication of hackers." According to Lawrence Ponemon, chairman of the Ponemon Institute, "The consequences of a successful attack against critical infrastructure makes these cost increases look like chump change. It would put people into the Dark Ages."
… A recent counterintelligence report [PDF] basically said, "China and Russia cyberspies are hell-bent on espionage and trying to steal U.S. secrets in cyberspace."
… While the senate cybersecurity bill is shrouded in secrecy, some of the new authorities it would grant DHS are "very scary," said Bob Dix, vice president of government affairs and critical infrastructure protection at Juniper Networks. Dix told The Hill, "The provision that establishes covered critical infrastructure presumes to give DHS new authority, that in my mind is overly broad, subject to interpretation and frankly goes beyond the boundaries of the role of government." He added, "The bill's language suggests DHS could seize control of systems owned by private firms and cloud providers." This sentiment about the implementation of a comprehensive and constitutional cybersecurity policy was echoed by privacy gurus at The Constitution Project [PDF]. "The government should not be permitted to conduct an end-run around Fourth Amendment safeguards by relying upon private companies to monitor networks."

Interesting how quickly and substantially they respond to any threat to profitability...
"Google has sought leave to submit an amicus curiae brief against Capitol Records' preliminary injunction motion in Capitol Records v. ReDigi. In their letter seeking pre-motion conference or permission to file (PDF) Google argued that '[t]he continued vitality of the cloud computing industry—which constituted an estimated $41 billion dollar global market in 2010—depends in large part on a few key legal principles that the preliminary injunction motion implicates.' Among them, Google argued, is the fact that mp3 files either are not 'material objects' and therefore not subject to the distribution right articulated in 17 USC 106(3) for 'copies and phonorecords,' or they are material objects and therefore subject to the 'first sale' exception to the distribution right articulated in 17 USC 109, but they can't be — as Capitol Records contends — material objects under one and not the other."

(Related) We are headed toward the Balkinization of the Internet. ...and a whole bunch of Little Big Brothers will control each segment.
"Google will begin redirecting blogs to country-specific URLs. Blog visitors will be redirected to a URL specific to their location, with content subject to their country's censorship laws. A support post on Blogger explains the change: 'Over the coming weeks you might notice that the URL of a blog you're reading has been redirected to a country-code top level domain, or "ccTLD." For example, if you're in Australia and viewing [blogname], you might be redirected to [blogname] A ccTLD, when it appears, corresponds with the country of the reader's current location.'"

(Related) “Would 'Privacy' by any other name smell as bad?” Juliet
What Actually Changed in Google’s Privacy Policy

“French legal reasoning” – How do you say Oxymoron in French?
Google must pay $660,000 for offering Google Maps for free
… According to Scemmama, Bottin has been arguing its case against Google for two years, claiming the search giant was engaging in anticompetitive practices by using its free service to take control over the online-mapping industry.

(Related) and sometimes it's what they don't say... 3000 are immune. That leaves 76000 second class citizens to charge with tax evasion...
Court says France cannot use stolen bank data for searches
February 1, 2012 by admin
AFP reports:
France’s highest appeals court has ruled that authorities may not use a list of 3,000 people suspected of tax evasion as a basis to conduct searches due to its illicit origin.
French authorities in January 2009 acted on a Swiss warrant and seized data about global banking giant HSBC’s customers from former computer specialist Herve Falciani’s home in France.
The decryption of the stolen files held by the former HSBC employee had allowed for the identification of 127,000 accounts belonging to 79,000 people, officials said at the time.
French authorities then used the information to launch tax evasion probes into individuals, including searches of homes to find evidence.

Well, they did it. Big surprise. Let's see how much hype gets stirred up.
Facebook's IPO by the numbers: You like?
The social-networking giant's initial public offering document reveals a wealth of detail about its business operations previously known only to the likes of co-founder Mark Zuckerberg, COO Sheryl Sandberg and the company's legion of private investors.
… One thing is immediately clear: Facebook makes a ton of money. And it's making it fast.
In 2011, the company reported net income of a clean billion dollars on revenue of $3.7 billion. Just three years earlier, Facebook was an unprofitable and scrawny runt, with a net loss of $56 million and revenue less than a tenth of what it now pulls in ($272 million).
… We all expected some big user numbers, and Facebook certainly delivered on that front. It claims 845 million "monthly active users," and an astonishing 483 million "daily active users"--that is, the number of people who either log in or share something with other Facebook users in a given day.

Can’t Get Facebook’s SEC Filing To Load? Good News, We Have It Here
Since we were getting a little frustrated with the slow-loading, totally crashing website, we decided to do everyone around here a favor. We made a PDF of the filing and posted it publicly on Scribd instead.
Below is the embed of the Scribd document.
Update: And Scribd is down.
Update #2 (3:58 PM PT): And Scribd is back. C’mon, Scribd, you can do it!

If you like it enough to share, stick a pin in it...
Pinterest nearly equals Twitter and Google in referral traffic
Pinterest is now the fastest growing site for referral traffic, according to a new study by content-sharing company Shareaholic. If Google+, YouTube, and LinkedIn's referral traffic were added up, they still wouldn't drive as many users as Pinterest.
Currently, Pinterest is invite-only.

Wednesday, February 01, 2012

Mitigating the downside of using a service targeted by the RIAA's DoJ team... Lessons for future Cloud users?
Retrieve Your Legal Data From
After the Justice Department indicted the top officials of the Hong Kong-based file-sharing site on Jan. 19 and ordered a server purge, [First I heard that. No need for Due (or any) Process? Bob] legal users of the site have been scrambling to retrieve their data.
… The hosting companies possessing Megaupload customer's data could begin purging data as soon as Feb. 2, as the Justice Department has frozen the Megaupload administrators' assets so they can't pay their hosting bills. However, it remains unclear how much time users actually have to safely remove their data from the service before the cloud evaporates.
… The Electronic Frontier Foundation has teamed up with Megaupload's hosting company, Carpathia Hosting, to assist users in safely evacuating their data. While Carpathia doesn't have access to any customer data, [other than having it in their physical possession? Bob] the company has created the website MegaRetrieval, which points users to an EFF e-mail address where users can submit their contact information to request legal help from the EFF to retrieve their data.

(Related) RIAA's amendment to that pesky Constitution thing?

(Related) This kind of thinking give the **AA's heartburn...
Angry Birds CEO sees opportunity in piracy

Just preparing our justification for nuking Terhan?
Iran Now a ‘Top Threat’ to U.S. Networks, Spy Chief Claims
American officials have complained for years that U.S. networks were crawling with Russian and Chinese hackers. On Tuesday, the nation’s top intelligence official told Congress that there’s a new danger to America’s information security: Iran. Too bad he didn’t provide much evidence to back up the claim.
“Russia and China are aggressive and successful purveyors of economic espionage against the United States,” Director of National Intelligence James Clapper noted in his prepared testimony (.pdf) to the Senate Select Committee on Intelligence. “Iran’s intelligence operations against the United States, including cyber capabilities, have dramatically increased in recent years in depth and complexity. We assess that FIS [Foreign Intelligence Services] from these three countries will remain the top threats to the United States in the coming years.”

Failure to control your employees? What happened to the two dispatchers?
California family settles lawsuit over leaked crash images
February 1, 2012 by Dissent
Dan Whitcomb of Reuters reports a settlement in a precedent-setting case I’ve been covering for the past several years:
The family of a teen whose mangled corpse was shown in horrific car-crash photos that went viral online has settled a lawsuit against the California Highway Patrol for $2.37 million, ending a 5-year legal battle that changed state law.
The extremely graphic pictures, taken by investigators and leaked by two dispatchers, were posted across the Internet and used to taunt family members of 18-year-old Nicole “Nikki” Catsouras following her 2006 crash on an Orange County highway.
The settlement was made public by the highway patrol and an attorney for Catsouras’s parents and three sisters on Tuesday as a March trial date loomed in the long-running case.
Read more on WXXI.
The settlement, however, is not the end of the family’s struggle, as copies of the photos still appear on web sites, despite the family’s efforts to get them removed. The Highway Patrol will now assist in those efforts, which might actually help. If those photos were taken by the Highway Patrol, couldn’t they send web hosts DMCA takedown notices? [Can a government agency claim copyright? Bob]
Links to previous coverage of the Catsouras case on this blog can be found here.

Perhaps they are trying to prove a conspiracy to obstruct traffic?
Another subpoena to Twitter for Occupy related account
January 31, 2012 by Dissent
sosadmin writes:
Twitter today informed user @destructuremal that the State of New York had issued a subpoena for his account information. The account holder, Malcolm Harris of New York City, is an Occupy Wall Street activist who has been involved in movement organizing since at least September 2011.
Read more on PrivacySOS.
The subpoena says:
TWITTER IS DIRECTED not to disclose the existence of this subpoena to any party. Such disclosure would impede the investigation being conducted and interfere with the enforcement of law.
So exactly who/what authority is directing Twitter not to disclose? Does such “direction” have the force of a court order gagging Twitter? It would seem that it doesn’t but I would love to hear from some lawyers about this “direction” and its legal authority to compel nondisclosure.
According to information in the docket for this case, the incident and arrest by NYPD (Arrest #:M11685086) occurred on October 1, 2011 at 16:20.
Under “charges,” the docket shows:
PL 240.20 05
Violation, 1 count, Not an arrest charge, Arraignment charge
Description Dis/con: obstructing Traff
The next court appearance for Mr. Harris is scheduled for February 29, 2012. He was assigned legal representation by Legal Aid.
So for obstructing vehicular or pedestrian traffic a D.A. can demand Twitter produce a user’s tweets and user account information such as e-mail addresses? Seriously? How is this not an abuse of power?

When employees were asked for their email addresses, were they told they would be made public or was it just assumed they would understand that?
OR: State workers upset about getting emails at home
February 1, 2012 by Dissent
Dennis Thompson Jr. reports:
Some Oregon state workers are shocked and angry that a key legislator gained access to their home email addresses through public records requests with state agencies.
A number of state employees received an email at home last week from Rep. Dennis Richardson, R-Central Point, who asked them to participate in a survey to help identify cost-saving measures.
“It concerned me when I got a personal email from an elected official,” said Barbara Neliton, an employee at Oregon Private Health Partnerships. “My first reaction was, ‘How did they get my address?’”
I don’t blame folks for being upset. If personal e-mail addresses are subject to open records law, then no state or public employee should ever provide their real home e-mail address to an employer. Throwaway account time…?

Support for yesterday's article stating that Target was concerned about “showrooming”
January 31, 2012
Pew - The rise of in-store mobile commerce
The rise of in-store mobile commerce - "During the holiday season, 25% of cell owners used their phone inside stores to gather price comparisons; 24% used them to look up online reviews. And 19% of those who searched for a better price on an in-store product eventually bought the product online." Aaron Smith Senior Research Specialist, Pew Internet Project, Pew Research Center’s Internet & American Life Project, January 30, 2012.

I thought this (rejection of high priced journals) would eventually catch on. So, what is the new business model?
January 31, 2012
Boycott Against Scientific Journal Publisher Gathering Supporters
Wired Campus by Josh Fischman: "Elsevier, the global publishing company, is responsible for The Lancet, Cell, and about 2,000 other important journals; the iconic reference work Gray’s Anatomy, along with 20,000 other books—and one fed-up, award-winning mathematician. Timothy Gowers of the University of Cambridge, who won the Fields Medal for his research, has organized a boycott of Elsevier because, he says, its pricing and policies restrict access to work that should be much more easily available. He asked for a boycott in a blog post on January 21, and as of Monday evening, on the boycott’s Web site The Cost of Knowledge, nearly 1,900 scientists have signed up, pledging not to publish, referee, or do editorial work for any Elsevier journal. The company has sinned in three areas, according to the boycotters: It charges too much for its journals; it bundles subscriptions to lesser journals together with valuable ones, forcing libraries to spend money to buy things they don’t want in order to get a few things they do want; and, most recently, it has supported a proposed federal law (called the Research Works Act) that would prevent agencies like the National Institutes of Health from making all articles written by its grant recipients freely available."

(Related) The flip side of publishing? Will scientists even be allowed to work on an antidote?
"The National Science Advisory Board for Biosecurity (NSABB) has recommended that details of two research papers involving Avian Flu not be published because of security concerns. At least one of the research groups says that their work should be logically reproducible. The NSABB's censorship recommendations do not (currently) have the force of law, but Science and Nature voluntarily delayed publication."

Some of this is “Me too!,” just jumping on the bandwagon. Some like Open Office have had ebook creation tool for years.
NBC Publishing Wants to Prove a TV Company Can Make Better E-Books
With Apple’s big iBooks announcement dominating the last two weeks of e-publishing news, you may have missed this lower-profile story announced a week ago at Digital Book World: NBC News, a Comcast-owned media empire NBC Universal, is launching a new venture, NBC Publishing, to produce electronic and print books under the NBC brand. But make no mistake: NBC Publishing’s approach to books will be digital-first.

Another “Me too!” industry – online education. Access to the “best teacher in the world” could cost less than access to the closest teacher...
… Last week, news broke that Professor Sebastian Thrun would be stepping down from teaching at Stanford to launch an online learning company called Udacity. Udacity is an outgrowth of his incredibly popular Artificial Intelligence class offered through Stanford last fall.
Now it appears that two other Stanford professors Daphne Koller and Andrew Ng (Ng taught last term's massive Machine Learning class) have started their own company, Coursera, one that offers a very similar service as Thrun's.
… Much of the vision of Coursera echoes what Thrun said on stage at the DML conference when he unveiled his plans for Udacity: for too long, access to a world-class education has been available to only a select few. "We see a future where world-leading educators are at the center of the education conversation," says Coursera, "and their reach is limitless, bounded only by the curiosity of those who seek their knowledge; where universities such as Stanford, Harvard, and Yale serve millions instead of thousands. In this future, ours will be the platform where the online conversation between educators and students will take place, and where students go to for most of their academic needs."

Tuesday, January 31, 2012

Your phone is becoming less secure as it becomes more functional...
Counterclank’ Trojan Found in 13 Android Apps
January 31, 2012 by Dissent
Matt Liebowitz reports:
A batch of corrupt Android apps once again has been found lurking in the official App Market, and up to 5 million customers have already had their data stolen right under their noses by the Trojan-hosting apps.
Security software maker Symantec identified 13 apps containing “Android.Counterclank,” a Trojan that can silently steal device and user data, monitor phone calls, open up a backdoor on devices and act as part of a botnet, receiving malicious commands from a remote source.
The infected apps include spoofed versions of “Counter Elite Force,” “CounterStrike Hit Enemy,” “Hit Counter Terrorist,” “Stripper Touch Girl,” “Sexy Girls Puzzle,” “Sexy Girls Photo Game” and “Deal & Be Millionaire,” the last of which has been downloaded between 1 million and 5 million times in the past 30 days. The apps are from three developers: iApps7 Inc., Ogre Games and redmicapps.
Read more on Tech News Daily.

Now here is a clear case of “These guys should know better!” Strangely, the article never says the flash drive was encrypted...
Regions says employee 401k data lost when auditor Ernst & Young mailed flash drive and code key together
January 31, 2012 by admin
Russell Hubbard reports:
Personal information about Regions Financial Corp. current and former employees was lost in November when a flash drive with the data came up missing after being mailed by outside auditor Ernst & Young in the same envelope as the decryption code.
[From the article:
When the package arrived, the flash drive was gone, but the page with the decryption code was still there, the companies said in their letters.

Does “Do no evil” include “Don't be disingenuous?”
Google responds to privacy policy concerns
January 31, 2012 by Dissent
Tony Fromm reports:
Google is pushing back against complaints about its new privacy policy, saying users can still prevent the company from linking all the data it collects about them by turning off their search history, by skipping some of Google’s offerings or by using different Google accounts at different times. [See? Simple! Bob]
In a letter to lawmakers who have raised questions about the new policy, the company says users will have plenty of ways to control how their personal data is collected and used — even though they can’t opt out of the privacy changes altogether.
Read more on Politico.

Which is wimpy, which is wise?
"Two Dutch ISPs have complied with a demand to block the Pirate Bay, but KPN and T-Mobile are refusing to block the site."
Torrent Freak has a bit more info. T-Mobile at least seems to imply they would respond to a court order, and are merely refusing to take down sites at the request of a private entity.

It's not your father's 4th...
United States v. Jones and the Future of Privacy Law: The Potential Far-Reaching Implications of the GPS Surveillance Case
January 30, 2012 by Dissent
Law prof Daniel Solove writes:
The U.S. Supreme Court’s recent decision in United States v. Jones, No. 10-1259 (U.S. Jan. 23, 2012) is a profound decision in Fourth Amendment juris- prudence as well as in privacy law more generally. In this case, FBI agents installed a global positioning system (GPS) tracking device on Jones’s car and monitored where he drove for a month without a warrant. Antoine Jones challenged the warrantless GPS surveil- lance as a violation of the Fourth Amendment, and the U.S. Court of Appeals for the D.C. Circuit agreed (United States v. Maynard, 615 F.3d 544 (D.C. Cir. 2010). Other federal circuit courts have reached conflicting conclusions on GPS, and the Supreme Court stepped in to resolve the conflict.
In an astonishing set of opinions, the Court concluded 9-0 that the installation of a GPS tracking device on a car is a Fourth Amendment search. The opinions are quite surprising, not just because they take the law in new directions from the court’s existing precedent, but also because they advance some new theories of Fourth Amendment jurisprudence that might reshape the way it is interpreted and have reverberations throughout a much broader swath of privacy law.
Read more from the Privacy & Security Law Report.

(Related) Schools continue to move toward “students are cattle, they have no rights” Apparently, the school's policy plus the Sheriff's policy equals law.
MO: SPS didn’t violate students’ rights with drug dog search, court rules
January 30, 2012 by Dissent
Claudette Riley reports:
The Springfield school district didn’t violate students’ Fourth Amendment rights by using a trained dog to sniff for drugs at Central High School, according to a U.S. District court decision.
Alleging an April 22, 2010 search at Central High was an “unreasonable search and seizure,” Councilman Doug Burlison and his wife Mellony brought a lawsuit against Springfield Public Schools and the Greene County Sheriff’s Department. It also named Superintendent Norm Ridder, Central High Principal Ron Snodgrass and Sheriff Jim Arnott.
U.S. District Judge Richard E. Dorr found in favor of the school district and sheriff’s office.
[From the article:
“The long and short of all of this is that the written policies and procedures of the Greene County Sheriff and the Springfield Public Schools involved in this case appear to be reasonable and not in any way a deprivation of a federal right,” Dorr wrote in the judgment.
… Arnott said deputies followed the established procedures for such searches.
“All of our searches are open air searches,” he said. “We don’t search people, we search objects. Our policy is students have to be removed from the room so there’s no contact.”

So what do you offer me that deserves a higher price? Training? Hassle free returns? Immediate access (beets even overnight shipping)
"Marissa Taylor says the retail chains' worst nightmare are consumers who come in to take a look at merchandise in-store, but use smartphone apps to shop for cheaper prices online. But now stores like low-end retail chain Target plan to fight 'showrooming' by scaling up their business models and asking vendors to create Target-exclusive products that can't be found online. 'The bottom line is that the more commoditized the product is, the more people are going to look for the cheapest price,' says Morningstar analyst Michael Keara. 'If there's a significant price difference [among retailers] and you're using it on a regular basis, you're going to go to Amazon.' Target recently sent an 'urgent' letter to vendors, asking them to 'create special products that would set it apart from competitors.' Target's letter insisted that it would not 'let online-only retailers use our brick-and-mortar stores as a showroom for their products and undercut our prices without making investments, as we do, to proudly display your brands.' Target also announced that it had teamed up with a handful of unique specialty shops that will offer limited edition merchandise on a rotating basis within Target stores in hopes of creating an evolving shopping experience for customers. Target is 'exercising leverage over its vendors to achieve the same pricing that smaller, online-only retailers receive,' says Weinswig. 'This strategy would help Target compete with retailers like Amazon on like-for-like products.'" [Think that's a competition you can win? Bob]

Monday, January 30, 2012

Not so sophisticated... Our Scouts didn't think enough to send our Recruiters out to offer Ethical Hacking scholarships (Which are NEVER based on grades..)
CA: Students busted for hacking computers, changing grades
January 29, 2012 by admin
Iain Thomson reports:
Three high school juniors have been arrested after they devised a sophisticated hacking scheme to up their grades and make money selling quiz answers to their classmates.
The students are accused of breaking into the janitor’s office of California’s Palos Verdes High School and making a copy of the master key, giving them access to all the classrooms. They then attached keylogging hardware to the computers of four teachers, and harvested the passwords needed to access the central files of the school network.
They then used that access to change their grades slightly, nudging them up by increments so that all three got As. At the time they were caught, keyloggers were found on three other teachers’ systems, indicating the group was expanding its efforts.
Read more in The Register.

Did I miss this as it happened? Why would any firm help a hacker?
"The SEC has filed charges against a trader in Latvia for conducting a widespread online account intrusion scheme in which he manipulated the prices of more than 100 NYSE and Nasdaq securities by making unauthorized purchases or sales from hijacked brokerage accounts. The SEC also went after four online trading firms and eight executives who are said to have helped the hacker make more than $850,000 in ill-gotten funds. The SEC's actions occurred on the same day that the Financial Industry Regulatory Authority (FINRA) issued an investor alert and a regulatory notice about an increase in financially motivated attacks targeting email."
[From the article:
The SEC alleges that Igors Nagaicevs, who has not been served with the charges due to the fact he is overseas, broke into online brokerage accounts more than 150 times over the last 14 months, [Must be easy to do. Did the SEC send out alerts? Bob]
… To make matters worse, four firms were charged with allowing the transactions, because they did not register Nagaicevs as a legitimate broker. Each of the trading firms provided him online access to trade directly in the U.S. markets through an account held in the firm’s name.
“These firms provided unfettered access to trade in the U.S. securities markets on an essentially anonymous basis,” said Daniel M. Hawke, Chief of the SEC’s Market Abuse Unit.

“Security, it's not just for desktops anymore...”
"Kate Murphy writes that as cellphones have gotten smarter, they have become less like phones and more like computers, and that with more than a million phones worldwide already hacked, technology experts expect breached, infiltrated or otherwise compromised cellphones to be the scourge of 2012. Cellphones are often loaded with even more personal information than PCs, so an undefended or carelessly operated phone can result in a breathtaking invasion of individual privacy as well as the potential for data corruption and outright theft. But there are a few common sense ways to protect yourself: Avoid free, unofficial versions of popular apps that often have malware hidden in the code, avoid using Wi-Fi in a Starbucks or airport which leaves you open to hackers, and be wary of apps that want permission to make phone calls, connect to the Internet or reveal your identity and location."
Pickens continues: "One common ruse is a man-in-the middle attack when a target receives a text message that claims to be from his or her cell service provider asking for permission to 'reprovision' or otherwise reconfigure the phone's settings due to a network outage or other problem. Don't click 'O.K.' Call your carrier to see if the message is bogus. For the more paranoid, there are supersecure smartphones like the Sectéra Edge by General Dynamics, commissioned by the Defense Department for use by soldiers and spies which may soon be available to the public in the near future. 'It's like any arms race,' says mobile security consultant Michael Pearce. 'No one wins, but you have to go ahead and fight anyway.'"

“In order to save the data we had to destroy the data.” Didn't we find this strategy a bit lacking back in the late 60's? Anyone think this might help define the rights of honest customers who happen to get caught up in the netting of other fish?
MegaUpload data could be erased Thursday, says report
The Associated Press reports that in a letter filed last Friday in the MegaUpload piracy case, the U.S. Attorney's Office for the Eastern District of Virginia said Carpathia Hosting and Cogent Communications Group--companies MegaUpload hired to store data--may begin deleting that data come Thursday.
MegaUpload's assets have been seized by the government, and its bank accounts have been frozen, Hence, MegaUpload can no longer pay companies like Carpathia and Cogent for their services, the AP reports.
… Many millions of people worldwide have allegedly used MegaUpload's cyberlocker service to store and access unauthorized copies of TV shows, feature films, songs, porn, and software. But some customers used MegaUpload for above-board practices like sharing large (and legal) files and backing up legitimate files.

The TSA is going global (Teachers Strip-search Anyone?)
NZ: Principals want power to search students
January 30, 2012 by Dissent
Sam Thompson reports:
Principals want the power to search students for weapons and drugs this year.
Thousands of students are heading back to school this week.
President of the Secondary Schools Principals Association Patrick Walsh says guidelines were developed last year, but he wants the Education Act changed.
“Two give schools specifically the power of search and seizure, issues around weapons in schools and students bringing in drugs in schools are not going away and we believe that would act as an important deterrent.”
Mr Walsh says believes they can maintain the rights of students against blanket searches.
Read more on NewsTalkZB

“What do you expect when your mere scientific facts contradict my brilliant political opinion?” Remember, if they fire you before you blow the whistle, it's not retaliation... Is it?
FDA workers sue agency over monitoring personal e-mails
January 30, 2012 by Dissent
Ellen Nakashima and Lisa Rein report:
The Food and Drug Administration secretly monitored the personal e-mail of a group of its own scientists and doctors after they warned Congress that the agency was approving medical devices that posed unacceptable risks to patients, government documents show.
The surveillance — detailed in e-mails and memos unearthed by the scientists and doctors, who filed a lawsuit against the FDA in U.S. District Court in Washington this week — took place over two years as the plaintiffs accessed their personal Gmail accounts from government computers.
Read more in The Washington Post.

What your strategy is should match what your strategy seems to be... Perhaps a dialog with your customers BEFORE you spring draconian measures on them would be a friendlier approach? If you are selling an ongoing service, why do all your customers think they purchased a product?
"Studios and publishers are fighting back hard against the used game market, with the upcoming title Kingdoms of Amular, the latest to declare it will use a content lock. In this case, KoA ups the ante by locking out part of the game that's normally available in single-player mode. Gamers exploded, with many angry that game content that had shipped on the physical disc was locked away and missing, as well as being angry at the fact that content was withheld from used game players. One forum thread asking if the studio fought back against allowing EA to lock the content, went on for 49 pages before Curt Shilling, the head of 38 Studios, took to the forums himself. His commentary on the situation is blunt and to the point. 'This is not 38 trying to take more of your money, or EA in this case, this is us rewarding people for helping us! If you disagree due to methodology, ok, but that is our intent... companies are still trying to figure out how to receive dollars spent on games they make, when they are bought. Is that wrong? if so please tell me how.'"

'cause laws is laws even (especially?) when no two people can agree on their meaning...
January 29, 2012
Code of Best Practices in Fair Use for Academic and Research Libraries
"The Association of Research Libraries (ARL) announces the release of the Code of Best Practices in Fair Use for Academic and Research Libraries 2012, a clear and easy-to-use statement of fair and reasonable approaches to fair use developed by and for librarians who support academic inquiry and higher education. The Code was developed in partnership with the Center for Social Media and the Washington College of Law at American University. Winston Tabb, Johns Hopkins University Dean of University Libraries and Museums and President of ARL, said, “This document is a testament to the collective wisdom of academic and research librarians, who have asserted careful and considered approaches to some very difficult situations that we all face every day.”

(Related) See what I mean?
"Mitt Romney's campaign is airing an ad that is basically 30 seconds lifted from an NBC News broadcast and NBC is trying to stop them from using the ad. I found it interesting that the Romney campaign is invoking fair use to defend the ad. Romney adviser Eric Fehrnstrom said 'we believe it falls within fair use. We didn't take the entire broadcast; we just took the first 30 seconds.'"

A subtle change that points to the Cloud?
Meet Bill Gates, the Man Who Changed Open Source Software
… As more and more applications move from local data centers to “cloud” services such as Amazon Web Services and, yes, Microsoft Azure, the economics of software are shifting. In the past, businesses paid companies like Microsoft for software and loaded it on their own servers. Now, businesses pay to use online services instead. In offering open source software atop Azure, there’s a clear way for Microsoft to actually make money.
“With Azure, we make money from compute and storage and bandwidth,” says Hilf, who now oversees Azure. “We want to offer as many types of applications and as many types of systems as we can, so they can help that flywheel spin…. We don’t see [Node.js] on Azure as altruistic. We see it as a way to drive business.
… Yes, Microsoft is demanding — and in many cases, receiving royalties — from companies selling devices that run Android, an operating system based on Linux. This shows that its place in the world remains complicated. Though it’s moving to the web, it is still very much a company that makes money selling software — and it still has an interest in protecting this business. But these battles aren’t always what they seem. Android isn’t as much an open source project as a Google project.
The world is not black and white. And neither is the world of software. Not everyone realizes this. But Bill Gates did. And Microsoft is the better for it.

(Related) So, does he really get it? (And why do we need a national database of student and teacher information?)
"Discussing U.S. education in his 2012 Annual Letter, Bill Gates notes the importance of 'tools and services [that] have the added benefit of providing amazing visibility into how each individual student is progressing, and generating lots of useful data that teachers can use to improve their own effectiveness.' Well, Bill is certainly putting his millions where his mouth is. The Gates Foundation has ponied up $76.5 million for a controversial student data tracking initiative that's engaged Rupert Murdoch's Wireless Generation to 'build the open software that will allow states to access a shared, performance-driven marketplace of free and premium tools and content.' If you live in CO, IL, NC, NY, MA, LA, GA, or DE, it's coming soon to a public school near you."