Tuesday, August 29, 2006

If your defense is “Hey, I'm just a kid!” then a punishment like “Go to your room!” seems appropriate. If you can read “sensitive” Secret Service information, your room should be at Guantanamo.

http://hosted.ap.org/dynamic/stories/C/CELLULAR_HACKER?SITE=VALYD&SECTION=HOME&TEMPLATE=DEFAULT

Aug 28, 11:14 PM EDT

T-Mobile Hacker Gets Home Detention

LOS ANGELES (AP) -- A hacker who infiltrated the network of T-Mobile USA Inc. and accessed personal information of hundreds of customers, including a Secret Service agent, was sentenced Monday to one year of home detention.

Nicholas Lee Jacobsen, 23, must also pay $10,000 in restitution to T-Mobile to cover losses caused by his acts, which took place in 2004.

The former Santa Ana resident who now lives in Oregon said he lacked "comprehension and maturity" when he targeted the network of Bellevue, Wash.-based T-Mobile USA, uncovering the names and Social Security numbers of 400 customers.

"I did some very stupid things," Jacobsen told U.S. District Judge George King at his sentencing Monday in Los Angeles.

Jacobsen was able to read some sensitive information that Special Agent Peter Cavicchia could access through his wireless T-Mobile Sidekick device. No investigations were compromised, the Secret Service said.

"What you've done is very dangerous to others. Maybe you didn't fully appreciate that, perhaps because of your youth," King told Jacobsen Monday.

Jacobsen could have faced a maximum sentence of five years in prison and a fine of up to $250,000 for the crime, accessing a protected computer.


On the other hand...

http://seattlepi.nwsource.com/local/282674_botnet26.html

Hacker sentenced to 37 months in prison

Victims in global attack included U.S. military

By PAUL SHUKOVSKY P-I REPORTER Saturday, August 26, 2006

Sending a message to malicious computer hackers "squirreled away in their basements," U.S. District Judge Marsha Pechman on Friday sentenced a 21-year-old man to 37 months in federal prison for a global robot virus attack in 2004 and 2005.

Christopher Maxwell launched the attack from the comfort of his Vacaville, Calif., home in order to collect commissions by installing adware onto the computers of unwitting victims.

To achieve his aim, he essentially took remote control of huge numbers of computers around the world, causing them to spread the infection and increase his profits. The Seattle FBI's cybersquad believes the scheme netted Maxwell and two unnamed teenage accomplices more than $100,000.

Among the countless victims, the virus wreaked havoc with the Defense Department, [Oh? Bob] Seattle's Northwest Hospital and a school district in California. Disaster preparations by the military and the hospital prevented significant damage, but the Colton Unified School District was not so fortunate.

"It took the district to its knees," said Gary Stine, the district's former director of information technology.

"We don't plan for calamities like this. The real impact was to our teachers and our students" who lost crucial instructional time on PCs used to teach such topics as English as a second language. The repairs cost the district more than $50,000.

At Northwest Hospital, digital systems used for transmitting results from medical labs and the radiology department directly to physicians crashed, said Vice President Robert Steigmeyer.

The hospital switched to its well-drilled disaster plan, which involves the use of runners to move medical records and lab test results. Elective medical procedures, however, had to be rescheduled.

No patients were harmed as a result of the attack, and Maxwell made no attempt to steal confidential patient information.

Army Maj. Keithon Corpening, who runs the Defense Department's computer incident response team, told Pechman that a full-scale investigation was launched after the military saw 407 of its computers taken over by an unknown assailant they dubbed "Don't Trip." Eight investigators were assigned to the case.

"Planes still flew, tanks were still operating, soldiers were getting their supplies," Corpening said. But "the potential for damage to our systems" was significant.

No military information was stolen, he said.

Assistant U.S. Attorney Kathryn Warma, in arguing for a six-year sentence, told Pechman: "The importance of deterrence in this case is profound. There is a hacker community. They will know immediately what sentence you impose."

Maxwell, holding back tears, pleaded for probation in lieu of prison time.

"I am a 21-year-old boy with a good heart and I made a mistake," he told the judge. "I never realized how dangerous a computer could be. I thank God no one was hurt."

Pechman rejected attempts by Maxwell and his attorney to portray him as being shocked by the consequences of his actions. "It is obvious that anyone who would launch this kind of computer attack would know" that there would be a multitude of victims, she said. [Well reasoned! Or is it obvious? Bob]

And while Pechman took Maxwell's age and lack of criminal record into account, she said the prison term was necessary to provide a deterrent to other hackers.

The robot virus program, or "botnet" software, used by Maxwell was sent over the Web, where it sought out computers with exploitable security flaws. [...which it found 407 times on Defense Department computers? Bob] He pleaded guilty in May to a felony charge of conspiracy to intentionally cause damage to a protected computer.



Why are so many media firms rushing to use technology that is a favorite target for hackers?

http://www.engadget.com/2006/08/25/fairuse4wm-strips-windows-media-drm/

FairUse4WM strips Windows Media DRM!

Posted Aug 25th 2006 11:48AM by Ryan Block Filed under: Portable Audio



Towards ubiquitous surveillance: “You have nothing to worry about if you're not guilty.” (Is this proof that the 'no fly list' isn't working?)

http://www.washingtonpost.com/wp-dyn/content/article/2006/08/28/AR2006082800849.html?nav=rss_opinions/columnsandblogs

A Tool We Need to Stop the Next Airliner Plot

By Michael Chertoff Tuesday, August 29, 2006; Page A15

Imagine that our troops in Afghanistan raided an al-Qaeda safe house and captured a computer containing the cellphone numbers of operatives in Europe. Wouldn't it be important to know whether one of those cellphone numbers was used to book a transatlantic flight? Unfortunately, today our ability to make that connection remains limited: Information that terrorists readily share with travel agents cannot easily be shared throughout the United States government. That needs to change.



Global warming update

http://www.technewsworld.com/rsstory/52663.html

Almanac Forecasts Frigid Winter

By David Sharp AP 08/28/06 8:00 PM PT

According to the Farmers' Almanac, the coming winter should be colder than normal from coast to coast. It'll be especially snowy across the nation's midsection, much of the Pacific Northwest, the mountains of the Southwest and parts of eastern New England, the almanac predicts.



I'll bet there would be a market for a “Legal guide to municipal WiFi”

http://www.technewsworld.com/rsstory/52561.html

Municipal WiFi Networks Popping Up All Over

By Paul Korzeniowski TechNewsWorld 08/29/06 4:00 AM PT

A large number of uncertainties are associated with municipal WiFi at this stage, so municipalities are starting slowly. "Most of the cities are starting small and seeing what the true implementation hurdles are before rolling out the services completely," said Christopher Baum, research vice president at Gartner.



At last!

http://www.eweek.com/article2/0,1759,2009403,00.asp?kc=EWRSS03119TX1K0000594

Unpatched Flaws to Be Published

By Ryan Naraine August 28, 2006

A security company that pays hackers for information on software exploits and flaws plans to release a list of 29 unpatched flaws in products sold by a host of big-name vendors, including Microsoft, IBM, Apple Computer and Novell.

The Aug. 28 disclosure from TippingPoint's ZDI (Zero Day Initiative) flaw bounty program is a significant change to the way the 3Com-owned company has handled the disclosure of vulnerability data it buys from external researchers.

Instead of waiting for software makers to issue patches, TippingPoint will announce the flaw purchase in bare-bones advisories at the time the issue is reported to the vendor.

... "We're not identifying the software or product versions. [Isn't that wimping out? Bob] We're simply naming the vendor, the date the issue was reported and the severity of the vulnerability," Endler said.



Does this indicate they now grasp the obvious? Is this an indication that their next operating system release will not be a “must have” for their largest customers? Is this just one more sign Microsoft is becoming just another software company? Or D: all of the above.

http://www.eweek.com/article2/0,1759,2009479,00.asp?kc=EWRSS03119TX1K0000594

Microsoft Offers Broader Support for Legacy Products

By Peter Galli August 28, 2006

Microsoft seems to have finally cottoned onto the fact that it can drive revenue from the use of legacy software by some of its largest customers, announcing on Aug. 28 a new Custom Support Agreement program.



http://news.com.com/2100-1041_3-6110277.html?part=rss&tag=6110277&subj=news

Digital cameras focus on revised reality

Consumers are embracing camera features that make them look thinner and more youthful. But what about society's trust in photography?

Photos: Camera makeovers By Candace Lombardi Staff Writer, CNET News.com Published: August 29, 2006, 4:00 AM PDT

Want to look thinner? Taller? Tanner? Don't worry, there's a camera for all that.

Today's cameras will let you do more than adjust the flash; they'll let you adjust reality. Photo-adjusting features that once required a PC and special know-how are now allowing consumers to alter a photo as soon as it's snapped.

Some new Hewlett-Packard cameras include a feature that makes subjects look thinner, while another mode makes facial lines and pores virtually disappear. A "skin tone" feature on some Olympus models can give consumers a leisure-class tan. Other manufacturers offer modes to make the colors of the world richer as you capture them. Using these new in-camera tools, consumers can even crop out ex-boyfriends, or put a virtual frame around a new one. [Let's hope they don't mean that in the evidentiary sense... Bob]



You mean Amazon is not alone?

http://www.bespacific.com/mt/archives/012282.html

August 28, 2006

Comparison and Evaluation of 10 Major Internet Bookshops

Hirwade, Mangala and Hirwade, Anil and Bherwani, Mohini (2006) Evaluative study of major Internet bookshops. ILA Bulletin XLII(1):pp. 32-43.

  • "Internet Bookshops are the online bookshops that allow the user to search the items of his interest, navigate, make a query, communicate, place an order, bargain and negotiate. At its simplest the Internet Bookshop or online bookshop list the products for sale or the services offered and invite the customer to phone, fax or e-mail their order. The present paper evaluates major ten Internet bookshops by using the evaluation criteria like Authority, variety of collection, help menu, shopping procedures, payment acceptance, special facilities for online purchase, user search support, product details, navigation facilities and discounts on the products. A 100 marks scoring system has been adopted to assign the scores to each Internet bookshop under study. Based on the marks obtained these bookshops are graded into five categories viz. Excellent, Very Good, Good, Average and Poor. Amazon.com, USA and Amazom, UK fall uder excellent category while the Internet bookshops from India viz D.K.Agencies and Khemraj fall under good and average category respectively."



God will get you for this!” Book of Bob, Chapter one Verse one

http://www.bespacific.com/mt/archives/012278.html

August 28, 2006

Pew Research Center for the People and the Press Report on Religion and Politics

Many Americans Uneasy with Mix of Religion and Politics - 69% Say Liberals Too Secular, 49% Say Conservatives Too Assertive, Released August 24, 2006.



Think of it as using the legal department as just another strategic tool. Any barrier to entry keeps the competition at bay. Should you NOT use every resource available? (What is needed is a “regulated ticket exchange” modeled on the Options market. Why shouldn't tickets be priced at “market?”)

http://techdirt.com/articles/20060828/152541.shtml

Apparently Ticketmaster Doesn't Like Having Competition

from the and-so-it-goes dept

Remember back in the day when Ticketmaster was the absolute monopoly in ticket sales for various venues and events? You simply couldn't avoid Ticketmaster and their ridiculous fees upon fees. A dozen years ago, Pearl Jam took on Ticketmaster, claiming that the company had a monopoly on ticket sales and were able to keep ticket price artificially high. Well, it appears that Ticketmaster doesn't like the idea that the internet has brought in new competition. Three years ago, we noted that, due to competition from online resale sites, Ticketmaster was launching a new service to auction off tickets itself. However, sites like Stubhub, eBay and Craigslist appear to have much better traffic for such things -- perhaps due to the public's general dislike of Ticketmaster for years and years of ridiculous fees. Of course, when you have a monopoly that is being attacked by competitors, what do you do? You go to the government to get new legislation passed to help you hold onto your monopoly. Ticketmaster is trying to get laws passed that would make it illegal to sell tickets above face value... unless you have an arrangement with the venue and they share in some of the profits. Ticketmaster, of course, already has many such deals in place. They spin this as "protecting" ticket buyers from fake scalped tickets, but the other sites in the space note that bogus tickets aren't a very big problem, and there are often other ways to deal with it. Instead, this looks like Ticketmaster is running to the government to help it keep its supposed monopoly in the face of competition.



One law to rule them... Oh, wait, that was a fantasy.

http://techdirt.com/articles/20060828/165835.shtml

Why Should EchoStar Wait For Patent Review When TiVo Doesn't Have To?

from the fairness? dept

In the ongoing battle over patents concerning DVR technology, both EchoStar and TiVo are suing each other, claiming the other company infringes on its patents. As was all over the news recently, TiVo won the first round, convincing a judge to tell EchoStar it needed to turn off its DVRs (a decision since stayed by the appeals court). However, a judge looking at the patent suit in the other direction has now told EchoStar it needs to wait until the Patent Office has reviewed the patent in question. This actually makes a lot of sense, and we all know at least one company that would still have over $600 million it was forced to give away if other judges followed similar rules. However, it seems a bit unfair that TiVo's case continued to move forward without USPTO review, while EchoStar needs to wait. It only seems fair to treat both cases the same. As it stands now, TiVo is in a much better bargaining position -- it's won its first case, and EchoStar has to wait before its own case will be reviewed. While it makes sense to allow USPTO review, shouldn't the courts follow the same rules in dealing with these types of cases?



Brilliant! This should drive up readership like nothing they've tried in years!

http://techdirt.com/articles/20060829/020547.shtml

New York Times Tells Brits They Can't Read Article On UK Terror Case

from the jurisdictional-silliness dept

Questions of legal jurisdiction over online content are nothing new at all. Over the years, we've pointed to plenty of legal cases that raised issues about online publications, and whether the content was liable under local laws in countries outside of where the publisher (or its servers) were based. Unfortunately, there still isn't a general agreement on what laws apply, and that makes things risky. Apparently, the NY Times didn't want to risk any such lawsuit in the UK, so when it published an article yesterday about the British terror case, it used some of its geographic ad targeting technology to also block out visitors from the UK from reading the content. This is to stay on the right side of British laws that "prohibits publication of prejudicial information about the defendants prior to trial." Of course, the Times then went on to publish an article proudly stating how they blocked the content from UK readers, which makes you wonder how effective the ban really is. By calling attention to it, it seems pretty likely that plenty of folks in the UK will be able to read the same (or similar) content from plenty of other sources. This isn't to call out the Times for the practice, but to question whether such laws are actually still possible in a world with a global internet.



What makes you think you're immune?

http://www.techzonez.com/comments.php?shownews=19104

Nine in 10 PCs infected with spyware

Posted by Reverend on 28 Aug 2006 - 19:27 GMT

Techzonez Nine out of ten PCs are infected with spyware, new research has found.

Full story: vnunet



http://www.infoworld.com/article/06/08/29/HNgoglelibraryscan_1.html?source=rss&url=http://www.infoworld.com/article/06/08/29/HNgoglelibraryscan_1.html

Google, UC disclose library scan agreement

Google contracts to digitize millions of books from the university's libraries

By Juan Carlos Perez, IDG News Service August 29, 2006

The University of California has released a copy of its contract with Google to have the search engine giant digitize millions of books from the university's libraries.

The document shines a light on the type of agreement Google is reaching with some of the world's largest academic libraries as part of its controversial project to scan portions of their collections.

The University of California decided to post the contract publicly to satisfy a "general interest" in the document, a university official said via e-mail. The disclosure follows a formal request to obtain a copy of the document filed by IDG News Service in mid-August with the university. The contract can be viewed here.



The more the merrier!

http://www.researchbuzz.org/wp/2006/08/28/worldcat-launches-with-10000-libraries-worldwide-searchable/

August 28, 2006

WorldCat Launches With 10,000 Libraries Worldwide Searchable

Filed under: Reference

Why yes, I am still catching up. I’m ALWAYS catching up. Anything else? Anyway, WorldCat.org has officially launched: http://www.worldcat.org . It’s in beta. Over 10,000 libraries in the OCLC cooperative are searchable from this one little box. How groovy is that? (And if you’re having a hard time wrapping your head around this, or the fact that there are over 70 million entries for items in this database, check out http://www.oclc.org/worldcat/grow.htm, which’ll give you a window to watch stuff being added into the database in real-time. I found this fascinating. I am a nerd.)



http://www.dottocomu.com/b/archives/003177.html

August 28, 2006

Japanese government prepares online lie-detector

Japan's Ministry of Internal Affairs and Communications is, for reasons best known to it, earmarking Y300 mn in its 2007 budget to produce what the Asahi Shimbun terms a lie-detector for online information.

The reality appears to be not so much that as an automated fact-checker that draws on related information to spot how likely something is to be a load of old balls. [Is that a l;iteral translation of the Japanese or a British-ism? Bob] The Ministry envisages it being able to give you search results in order of their reliability, or tell you that a piece of info is 95% crap and ask if you'd still like to display it. Example questions they see it being able to answer include "is this company analysis on the mark?", "is this a natural-sounding description of the political situation within Lebanon?", or "are the functions of this overseas electrical appliance described accurately in this auction listing?".

They note that key hurdles will be whether they can find reliable internet-based sources of information related to a search, and develop technologies that can accurately assess meaning and provide high-level machine translation, amongst other things.

It's unclear how they plan to establish the reliability of information, beyond taking the route of building an engine that tells you how in- or out-of-consensus a particular document is based on word frequencies or some other measure. And we somehow doubt that the AI Holy Grail of software that understands the meaning of natural language and can translate it accurately is about to be reached by some government researchers with $3 mn in funding. But still, nice of them to try.



Think you might have a skill? Here is one way to find out.

http://www.nytimes.com/2006/08/27/arts/television/27heff.html?ei=5090&en=b993c2e50a7b705d&ex=1314331200&partner=rssuserland&emc=rss&pagewanted=all

Web Guitar Wizard Revealed at Last

EIGHT months ago a mysterious image showed up on YouTube, the video-sharing site that now shows more than 100 million videos a day. A sinewy figure in a swimming-pool-blue T-shirt, his eyes obscured by a beige baseball cap, was playing electric guitar. Sun poured through the window behind him; he played in a yellow haze. The video was called simply “guitar.” A black-and-white title card gave the performer’s name as funtwo.

[Jump right to the video: http://www.youtube.com/watch?v=QjA5faZF1A8 ]



http://www.informationweek.com/news/showArticle.jhtml?articleID=192300841

Most Damaging Attacks Rely On Stolen Log-ins

Security safeguards need to identify, not just the user, but also the machine logging into the network.

By Gregg Keizer TechWeb Aug 28, 2006 03:15 PM

More than 8 out of every 10 computer attacks against businesses could be stopped if enterprises checked the identity of not only the user, but also the machine logging onto its network, a report released Monday claimed.

The study, conducted by a California research firm and paid for by BIOS maker Phoenix Technologies, used data from cases prosecuted by federal authorities between 1999 and 2006 to reach its conclusions.

"We wanted to get an honest viewpoint that wasn't opinion- or survey-based," said Dirck Schou, the senior director of security solutions at Phoenix. The problem with acquiring data on computer attacks, including the amount of damage done, is that companies are often hesitant to admit to a breach. "That's the beauty of this [data]," said Schou. "It's only looking at those who have actually suffered an attack."

According to the report, attacks based on logging in with stolen or hijacked credentials cost businesses far more, on average, than the typical worm or virus assault. When a privileged account is penetrated by an unauthorized user, the average damage runs to $1.5 million, the report said. The average cost from a single virus attack was much smaller: under $2,400.

"Cyber criminals who accessed privileged accounts obtained IDs and passwords through many means," the report said. "Network sniffing, use of password cracking programs, and collusion with insiders. It was also common for employees to share their IDs and passwords with coworkers who later left the organization and used that knowledge to gain access."

To bolster that outsider-as-attacker claim, the study also said that nearly 6 in 10 attackers had no relationship with the victim. (Just over a third (36 percent) were current and former employees.) Although the report's data contradicts other surveys that have pegged company insiders as the root of most attacks, the idea that credentials are good for ill-gotten gains isn't new. Earlier this year, for example, IBM predicted that attackers would increase their attacks against employees rather than networks.

"Viruses equal vandalism, but unauthorized log-ons lead to theft," said Schou. However, he acknowledged that the latter can come from the former, with worms and Trojan horses increasingly after information such as usernames and passwords rather than hoping to injure or bring down a network.

Overall, unsanctioned computers -- not among the systems actually expected to access the network -- were used in 84 percent of the attacks. The bulk of the attacks -- 78 percent -- came from at-home personal computers.

Naturally, Phoenix made much of that conclusion. It claimed that 84 percent of the attacks in the survey could have been prevented had the victim been protected by device authentication schemes. Such security identifies not only the user by checking ID and password, but can tell if the hardware has been authorized to connect to the network. Phoenix, for instance, sells a solution dubbed TrustConnector 2, that creates a unique identity for every authorized PC.

"What surprised us was the intensity and preponderance in unauthorized access attacks," said Schou. "We think device authentication is in the right time, right place.

"There are a lot of companies that aren't securing the device."



..but it's still organic, right?

http://www.latimes.com/features/health/la-he-closer28aug28,0,3552892.story?coll=la-home-health

Latest food additive: Viruses

The FDA-approved bacteria eaters work on deli meats and other ready-to-eat foods.

By Hilary E. MacGregor, Times Staff Writer August 28, 2006

If you want to get rid of a pest, why not use a littler pest to plague it? That's the tack OKd last week by the Food and Drug Administration, which has for the first time approved the use of bacteria-eating viruses as an additive to foods.

From now on, these viruses — known as bacteriophage or phage — can be sprayed on ready-to-eat cold cuts and luncheon meats by manufacturers to prevent listeriosis, the most deadly of all food-borne illnesses in this country.

... The viruses are grown in a broth of the listeria they are bred to kill — which was, Zajac said, a concern.

No comments: