Wednesday, September 13, 2006

Is this sufficient? You can't be chairwoman, but we like the way you think so stay on the board?

http://www.wired.com/news/politics/privacy/0,71767-0.html?tw=rss.index

HP's Dunn Takes the Fall

Associated Press 08:45 AM Sep, 12, 2006

Hewlett-Packard said Tuesday that Patricia Dunn will step down as chairwoman of the computer and printer maker in January amid a widening scandal involving a possibly illegal probe into media leaks. She will be succeeded by CEO Mark Hurd.

Hurd will retain his existing positions as chief executive and president and Dunn will remain as a director after she relinquishes the chair on Jan. 18.

"I am taking action to ensure that inappropriate investigative techniques will not be employed again. [Only the Chair can authorize “Inappropriate techniques?” Bob] They have no place in HP, " Hurd said in a statement.

... Having already concluded HP's probe broke some California laws, state Attorney General Bill Lockyer indicated for the first time that HP insiders are likely to face some criminal charges.

"We currently have sufficient evidence to indict people both within Hewlett-Packard as well as contractors on the outside," Lockyer said in an interview aired late Tuesday on PBS' The NewsHour With Jim Lehrer.

... "Unfortunately, the investigation, which was conducted with [not “by” -- interesting... Bob] third parties, included certain inappropriate techniques. These went beyond what we understood them to be, and I apologize that they were employed," Dunn said in a statement.

... Richard Hackborn, who has served on the board since 1992, will become lead independent director [New title to me Bob] in January.



Still somewhat unclear what is happening here. If this recording (Nixonesque?) was on the Gov's server, but not specifically linked to on the website, is it “private?”

http://politics.slashdot.org/article.pl?sid=06/09/13/0136238&from=rss

Hacking the Governator

Posted by kdawson on Tuesday September 12, @10:38PM from the call-that-a-hack? Dept. Security Politics

mytrip writes, "The Democratic rival to California Gov. Arnold Schwarzenegger acknowledged that his aides were responsible for obtaining a controversial audio file, in which the Governator was heard disparaging members of other races, in a move that has led to allegations of Web site hacking. A source close to Angelides told CNET News.com that it was possible to 'chop' off the Web links and visit the higher-level 'http://speeches.gov.ca.gov/dir/' directory, which had the controversial audio recording publicly viewable. No password was needed, the source said." And jchernia notes, "As an aside, the California Highway Patrol is running the investigation — maybe the Internet is a truck after all."


http://www.nytimes.com/2006/09/13/us/politics/13hack.html?_r=1&ref=us&oref=slogin

Governor’s Comments Were Leaked by Foe’s Camp

By JENNIFER STEINHAUER September 13, 2006

LOS ANGELES, Sept. 12 — The campaign of the Democratic candidate for governor, Phil Angelides, said Tuesday that it was the source of audio files containing impolitic remarks by Gov. Arnold Schwarzenegger. Those remarks were the subject of a front page article last week in The Los Angeles Times, which led to an apology by the governor.

Mr. Angelides’s campaign manager, Cathy Calfo, said at a news conference in Sacramento that the files had been culled from a Web site accessible by the public and that campaign staff members had not trespassed into a secure area of the governor’s office.

The California Highway Patrol, at the request of Mr. Schwarzenegger’s office, is investigating whether the files were obtained illegally. Mr. Schwarzenegger’s communications director, Adam Mendelsohn, said Tuesday that while the Web site with the audio files was not as secure as it ought to be, it was not publicly accessible.

That area was password protected,” Mr. Mendelsohn said, “but the administration knows that with enough manipulation, it could be accessed.”

... Thad Kousser, a professor of political science at the University of California, San Diego, said that neither side had emerged particularly well from the episode, but that that could change if it was determined whether the Web site was publicly accessible.

“If it turns out that the tape was hacked,” Mr. Kousser said, “it feeds into the feeling about the Angelides campaign that he is too political and too negative.”

Either way, it is not the stuff of a great policy debate, he said.

This is California politics,” Mr. Kousser added, “so it always seems ridiculous.” [Amen! Bob]



Slick & simple!

http://hbswk.hbs.edu/firstlook/index.html#wp-2

Architectural Innovation and Dynamic Competition: The Smaller "Footprint" Strategy

Authors: Carliss Y. Baldwin and Kim B. Clark

Abstract

We describe a dynamic strategy that can be employed by firms capable of architectural innovation. The strategy involves using knowledge of the bottlenecks in an architecture together with the modular operator "splitting" to shrink the "footprint" of the firm's in-house activities. Modules not in the footprint are outsourced—module boundaries are redrawn and interfaces designed for this purpose. The result is an invested capital advantage, which can be used to drive the returns of competitors below their cost of capital. We explain how this strategy works and model its impact on competition through successive stages of industry evolution. We then show how this strategy was used by Sun Microsystems against Apollo Computer in the 1980s and by Dell against Compaq and other personal computer makers in the 1990s.

Download working paper: http://www.hbs.edu/research/pdf/07-014.pdf



Forensics

http://it.slashdot.org/article.pl?sid=06/09/12/2232243&from=rss

Fingerprinting Wireless Drivers

Posted by kdawson on Tuesday September 12, @07:21PM from the tighten-that-standard dept.

jfleck writes with news that researchers at Sandia National Laboratories have released a paper on a technique they have developed for passively fingerprinting wireless device drivers (PDF). The researchers comment, "This technique is valuable to an attacker wishing to conduct reconnaissance against a potential target so that he may launch a driver-specific exploit." They sketch the loose language in the 802.11 standard describing the way client devices should probe for access points. Because probing is not spelled out in any detail, the authors say, "...implementing active scanning within wireless drivers [is] a poorly guided task. This has led to the development of many drivers that perform probing using slightly different techniques. By characterizing these implementation-dependent probing algorithms, we are able to passively identify the wireless driver employed by a device." This technique beats Wi-Fi Fingerprints by a country mile.



We may need a “Grandma Defense Fund!”

http://yro.slashdot.org/article.pl?sid=06/09/12/2352207&from=rss

Grannies and Pirated Software

Posted by kdawson on Tuesday September 12, @09:02PM from the oh-dearie-me dept. The Courts

dthomas731 writes, "After reading Ed Foster's blog about how the Embroidery Software Protection Coalition (ESPC) is suing grandmothers over using pirated digitized designs, I thought you might want to call your own grandmothers and tell them they are going to be needing a lawyer. And the ESPC is very serious. On the ESPC faq page they scare these grandmothers by telling them even if they didn't know the software was pirated, that 'Unfortunately, when it comes to copyright violations, ignorance is no defense.'"



How to win friends and drain their bank accounts.

http://today.reuters.com/news/articlenews.aspx?type=internetNews&storyID=2006-09-11T203333Z_01_N11217986_RTRUKOC_0_US-WEBLOYALTY-LAWSUIT.xml

Webloyalty, Fandango named in coupon lawsuit

Mon Sep 11, 2006 4:34 PM ET

NEW YORK (Reuters) - Online marketing company Webloyalty.com Inc. and online movie ticket seller Fandango Inc. were named in a lawsuit on Monday that accuses them of participating in a scheme where customers' credit cards are billed monthly fees without their knowledge.

The lawsuit in U.S. District Court in Massachusetts, said when customers bought from one of Webloyalty's partners such as Fandango and clicked on a pop-up window offering a $10 coupon on their next purchase, their credit card information was automatically transferred to Webloyalty and they were unwittingly enrolled in its "Reservation Rewards," program.



I'm still betting that voting machines will cause at least one major kerfluffle in November...

http://www.bespacific.com/mt/archives/012441.html

September 11, 2006

NIST Report on Voting Audit Trails Released

Association for Computing Machinery, September 11, 2006, National Institute of Standards and Technology Report on Audit Trails Released

  • Independent Verification: Essential Action to Assure Integrity in the Voting Process, by Roy G. Salton (26 pages, PDF)


...here's one example.

http://techdirt.com/articles/20060912/154025.shtml

Why You Need Backup Systems For Voting: Something Will Go Wrong

from the again-and-again-and-again dept

The e-voting saga continues. One of the problems is that there are so many different ways things can go wrong with e-voting systems, that it's impossible to think of them all beforehand. That's why it's particularly ridiculous when the e-voting firms try to limit the type of testing that can be done on the machines. Yet, it seems like hardly an election goes by where some problems with the machines aren't reported. The latest is in Montgomery County, Maryland, where apparently someone forgot that the various e-voting machines in use require special voting cards. Without them, you can't vote... and many polling places opened up this morning without them. Now, obviously, this is a human error, not a technical one -- but it just highlights how many possible things can go wrong -- and the importance of a ready and available system for backups, no matter what happens when you're dealing with something like an election. The idea that nothing (on either the human or technical side) would go wrong is ridiculous -- but it's a view championed by the e-voting companies who don't like to admit that errors are possible, if not likely. Update: Avi Rubin, who has written about security issues with e-voting machines, and who also has volunteered in the past as an election judge did so again today. He's written up his account, and it lists many, many, many more problems with the e-voting equipment. Not only that, but he notes that the Diebold rep on site in case things went wrong was really just a contractor who had been hired the day before and knew nothing about the machines and was of no help at all. The only positive note in the piece is that many more voters complained about the use of e-voting machines.



http://www.bespacific.com/mt/archives/012443.html

September 12, 2006

Survey of Core Business Reference Sources in Print and Online

From Diane K. Kovacs, an the results of an Essential Reference Tool Survey - Business Reference: includes Print, Free Web-Sites, Govdocs Sites, and Fee-Based Websites.



Let me see if I get this... If Microsoft could make their operating system completely secure, they won't be allowed to because someone with a less secure process might want a piece of the market?

http://techdirt.com/articles/20060912/080756.shtml

EU Warns Microsoft Against Making Vista Too Secure

from the monopoly dept

There's no doubt that the European Union has taken a much harder line in its anti-trust actions against Microsoft than regulators have in the US. The company is still facing fines in Europe, and arguing about what features are legitimate, whereas Stateside the legal action is basically finished. A few months ago, we asked whether Microsoft's decision to beef up the security features in Vista might get them into legal hot water, in the same way as it has with Internet Explorer and the Windows Media Player. It doesn't seem like it's going to be an issue for US regulators, but again, the EU is concerned. A spokesman warned that Microsoft should not build security features into Vista, as it would shut out third party vendors and hurt consumers. Now, people can disagree about whether Microsoft's actions will make Vista more or less secure, but the idea that it shouldn't address security issues, so as to leave a market for other companies is odd. Shouldn't Vista users be allowed an inherently secure (in theory) operating system, without the need to spend extra on security software, and enjoy the same peace of mind held by Linux and Apple users all these years? Since added security is thought to be one of the main reasons to upgrade to Vista, limitations on what the company can offer could hurt Microsoft in the important European market.



Geek alert!

http://digg.com/tech_news/TCP_IP_The_ULTIMATE_Reference_Resource

TCP-IP The ULTIMATE Reference Resource

SearchEngines submitted by SearchEngines 23 hours 46 minutes ago (via http://www.tcpipguide.com/free/t_toc.htm )

BOOKMARK this Extremely Thorough and informative reference site - Contains Everthing you could want to know about TCP IP! Hundreds of pages of information


Geek alert!

http://digg.com/design/Web_Development_Tools_for_the_Power_Developer

Web Development Tools for the Power Developer

Ozon submitted by Ozon 19 hours 56 minutes ago (via http://brennan.offwhite.net/blog/2006/09/10/web-development-tools-for-the-power-developer/ )

Nice list of tools for web developers.

No comments: