Friday, September 22, 2006

What, again?

http://www.infoworld.com/article/06/09/22/HNsecbroadenshpprobe_1.html?source=rss&url=http://www.infoworld.com/article/06/09/22/HNsecbroadenshpprobe_1.html

SEC broadens its probe of HP

HP agrees not to file lawsuits against two former directors caught up in the boardroom scandal

By Robert Mullins, IDG News Service September 22, 2006

Hewlett-Packard has entered into mutual agreements with two former directors caught up in the board spying scandal not to file lawsuits over the dispute.

The company disclosed the agreement in a filing to the U.S. Securities and Exchange Commission on Thursday. In the same filing, HP said it has agreed to pay some of the directors' legal expenses in connection with the investigations.

The SEC has asked for more information on the circumstances surrounding Thomas Perkins' resignation from HP's board of directors over the spying scandal, HP said in the filing.

HP also revealed the terms under which Perkins and director George Keyworth left the board. They resigned after it was revealed that private investigators hired by HP may have used illegal methods to identify Keyworth as the source of leaks of board deliberations to the news media.

Separately on Thursday, HP said chief executive officer Mark Hurd "has offered to appear" before a House subcommittee probing the scandal. Other HP executives, Chairman Patricia Dunn and others implicated in the scandal have accepted invitations to appear at a Sept. 28 hearing.

HP said in the SEC filing that it has entered into a "Mutual Release and Indemnification Agreement" with Perkins and Keyworth in which the two former directors agreed not to file claims against other directors, officers or employees of HP. In turn, the company agreed not file claims against them. HP will also pay legal fees Perkins and Keyworth may incur in cooperating with government investigations of the scandal. Besides the House inquiry, the California Attorney General and the U.S. Attorney for Northern California are conducting probes.

The SEC filing also said Perkins and Keyworth reserve the right to take legal action against private investigation companies that HP allegedly hired to probe the source of board leaks. HP told the SEC on Sept. 6 that it had discovered those outside firms engaged in a possibly illegal practice called "pretexting" while digging into the personal phone records of directors, HP employees and journalists. The investigators' probe identified Keyworth as the confidential source. He initially refused to resign when confronted by the board in May, but he quit on Sept. 12.

HP also said in the filing that it is cooperating with an SEC request for additional information about the circumstances of Perkins' resignation in May. HP's SEC filing at that time noted Perkins' resignation without elaborating. Perkins, who said he resigned in protest of the way HP was conducting its investigation, later lobbied the company to amend its notice with more detail.

Hurd is set to lead a news conference Friday at HP headquarters in Palo Alto, California, to reveal the results of a separate investigation of HP's leak probe. After the scandal broke and reports surfaced about how involved HP executives may have been in overseeing the private investigators' activities, HP brought in the law firm of Morgan, Lewis & Bockius to investigate. A representative of the firm will present its findings at the news conference.

News reports in recent days have revealed Hurd, Dunn and other HP executives were more involved in the leak probe than they had earlier indicated.



“In the category “Best Bad Example” the winner is....

http://www.siliconvalley.com/mld/siliconvalley/business/technology/15575248.htm?source=rss&channel=siliconvalley_technology

Amid spying scandal, HP sponsors award for 'privacy innovation'

Posted on Thu, Sep. 21, 2006

BOSTON (AP) - Insert your own punch line: Hewlett-Packard Co., the technology company facing federal and state investigations for spying on board members and journalists, is co-sponsor of an award for ``privacy innovation.''

... According to the award's Web site, the prize was created to honor ``strong and unique contributions to the privacy industry.''

“At present, there is not sufficient recognition for organizations that have embraced privacy as a competitive advantage, and as a business/governmental imperative,'' the site states.

... ------ On the Net: http://www.privacyinnovation.org/about.html



A NEW RECORD!

http://www.latimes.com/news/nationworld/nation/la-na-briefs22.2sep22,1,5114336.story?coll=la-headlines-nation

1,100 Missing Laptops Held Personal Data

From Times Wire Reports September 22, 2006

More than 1,100 laptop computers have vanished from the Department of Commerce since 2001, including nearly 250 from the Census Bureau containing such personal information as names, incomes and Social Security numbers, federal officials said.

The disclosure by the department came in response to a request by the House Committee on Government Reform, which asked 17 federal departments to detail any loss of computers holding sensitive personal information.

Of the 10 departments that have responded, the losses at Commerce are "by far the most egregious," said David Marin, staff director for the committee.



Luddites. “We don't know how to control them, so let's ban them!”

http://news.com.com/2061-11199_3-6117840.html

September 20, 2006 3:19 PM PDT

Silencing cell phones on campus

Aside from intelligent design and other political bombshells, one of the most hotly debated topics in public schools is how to handle mobile phones. In addition to the obvious problem of distraction, the proliferation of student phones has been linked to everything from cyberbullying to teen depression.

Most recently, New York City has taken the issue to new heights because of the size of its public school system and the nature of its tactics. Police units have set up metal detectors throughout the city's 1,400 schools, according to the Associated Press, and more than 5,000 phones were confiscated from April through the end of summer school.

Such crackdowns across the country have even prompted legal action among parents groups, many of whom claim that their children need phones for safety reasons. And with some estimates that as many as 3 out of every 4 middle-school students carry mobile phones, this debate has only just begun.



http://blog.wired.com/27BStroke6/index.blog?entry_id=1560272

27B Stroke 6

by Ryan Singel and Kevin Poulsen Wednesday, 20 September 2006

Privacy Expert on Feds' Identity Theft Recs

Posted by ryansingel at 4:41 PM PDT

As noted earlier today, a federal task force recommended some changes to how the federal government, states and the law deal with the growing problem of identity theft and identity fraud.

What does Beth Givens, the head of the Privacy Rights Clearinghouse which works to help identity theft victims, think of the suggestions?

The recommendations are as fine as far as they go. Some are quite good, for example the uniform police report, I think that's quite excellent.

But there are some things missing. I was surprised they didn't touch specifically on the whole matter of the Medicare card having the SSN printed on it and the military id number being your SSN, We see a great deal of identity theft that is caused because millions and millions of Americans are forced to carry these cards in their pockets.

And when those wallets are stolen, they don't have their SSN card in there but they certainly have their Social Security number in there.

The other thing they missed the biggest issue of all which is prevention.

Identity theft is at epidemic proportions because credit issuers are giving credit to crooks. Now why aren't credit issuers doing a better job of identifying illegitimate applications?

Givens points to some complicated rulemaking that was left to the Federal Trade Commission and the Federal Reserve Board when Congress passed the Fair and Accurate Credit Transactions Act in 2003. That bill contained a number of consumer protections, such as free annual credit reports (get yours here).

One of the rules still being developed is known as the "Red Flag" rulemaking, which details the kinds of data discrepancies that credit issuers would be required to look for.

The Red Flag rules say, "Hey, credit issuers, if there is an address discrepancy (between what is on an application and what is in your credit file) maybe that's a red flag. So it's the rulemaking that requires credit issuers to pay attention to the anomalies and discrepancies that could be an indicator of fraud. And it has taken so long for even the agencies to issue the rules.

What they need to do is issue the regulations and not let it drag on anymore because that's where the rubber meets the road in terms of identity theft prevention.

Givens says if a credit issuer were to ignore the most prominent red flags on an ongoing basis, then the FTC could have reason to investigate or punish the company.

Given that credit issuers currently are liable and pay for most credit fraud, why haven't they stopped identity theft by tightening the loose standards of an instant credit society, say by requiring a phone call or email to your contact information on record?

Apparently, they are still making more money by extending credit to lots and lots people with minimal evaluation of the applications, than they are losing from the small percentage of those that are fraudulent.

I suppose the algebra is still on the plus side



Follow-up from yesterday... I wonder if there is a time when spy satellites are not overhead?

http://www.theregister.co.uk/2006/09/21/google_sunbather/

Dutch TV hounds Google Earth topless sunbather

By Lester Haines Published Thursday 21st September 2006 11:26 GMT

Here's a cautionary tale for those of you who like to indulge in a bit of light sunbathing in the privacy of your own patio: make sure you ring Google to see if they're planning a satellite pass-over before whipping off your top (http://regmedia.co.uk/2006/09/21/topless_sunbather.kmz):

No sooner had the poor Dutch woman pictured here popped up on Google Sightseeing (http://googlesightseeing.com/2006/09/19/topless-sunbathing/), than Digg got hold of her assets (http://digg.com/tech_news/Topless_Sunbather_Caught_in_Google_Earth). This immediately prompted a heated debate - sadly not on the technological threat to privacy - but rather as to whether or not she really was enjoying her leisure time as nature intended.

Sadly, we may never know. Dutch TV quickly identified the address and moved in for the kill, dispatching a team armed with grabs from Google Earth to the sun-worshipping resident's domicile. Luckily for her, she wasn't in.



So this makes them the world's leading authority?

http://www.webwire.com/ViewPressRel.asp?SESSIONID=&aId=20812

New Online Computer and Internet Law Library Now Available from Wolters Kluwer Law & Business

Wolters Kluwer 9/21/2006 1:22:07 PM

(RIVERWOODS, ILL., September 21, 2006) – Now there’s a one-stop research solution for specialists in computer and Internet law that brings together the resources of CCH, Aspen Publishers and Kluwer Law International in the integrated electronic environment of the CCH Internet Research NetWork. The Computer and Internet Law Integrated Library covers the full range of computer and Internet law issues with analytical, primary source and current awareness information. CCH, Aspen Publishers, Kluwer Law International and Loislaw are part of Wolters Kluwer Law & Business.

... Wolters Kluwer www.wolterskluwer.com



Think this might impact those RIAA subpoenas?

http://www.technewsworld.com/rsstory/53162.html

Free Torpark App Enables Anonymous Browsing

By Jay Lyman www.LinuxInsider.com Part of the ECT News Network 09/21/06 1:12 PM PT

Developers have created a variant of the open source Firefox browser dubbed "Torpark" that enables users to browse the Web anonymously. The free program works by frequently changing the Internet protocol address of users via The Onion Router network in order to mask users' machines and to thwart eavesdropping and tracking efforts.

[Home[age: http://torpark.nfshost.com/



China is learning... Learning to be more litigious!

http://www.infoworld.com/article/06/09/22/HNjailedchinesejournalist_1.html?source=rss&url=http://www.infoworld.com/article/06/09/22/HNjailedchinesejournalist_1.html

Jailed Chinese journalist to file US suit against Yahoo

Other dissidents that Yahoo helped identify to Chinese authorities could get on board for a class-action suit

By Dan Nystedt, IDG News Service September 22, 2006

A Chinese journalist jailed in part due to e-mail evidence provided by a Yahoo subsidiary plans to file a lawsuit in the U.S. against the Internet company within the next few months.

"We're also trying to line up other victims for a class-action. We've been in touch with a few others, but we haven't signed anyone up yet. It's a very sensitive issue because there could be reprisals against their families," said Albert Ho, a legislator in Hong Kong and lawyer in the case, in a telephone interview.

A Yahoo spokeswoman in Hong Kong could not be reached for comment.

A U.S. civil suit against Yahoo on behalf of Shi Tao, a Chinese journalist convicted of "divulging state secrets" by Beijing in part due to an e-mail Yahoo provided to Chinese authorities, will likely be filed in either New York or California, Ho said. Tao's e-mail, sent from a Yahoo account in April, 2004 to a pro-China democracy Web site in New York, contained a Beijing order for officials to be on guard for unrest and dissident activity ahead of the 15th anniversary of the Tiananmen Square massacre.

Tao was sentenced to 10 years in prison.

The new lawsuit would come just months after Ho filed a complaint to Hong Kong authorities against Yahoo Holdings (Hong Kong) on behalf of Tao. It also comes at a time when international pressure is increasing on Internet companies to handle the private data of their users more carefully, particularly with respect to human rights.

Amnesty International and Reporters Without Borders have both criticized Yahoo over the Tao incident, and a group of U.S. lawmakers blasted a group of Internet companies earlier this year, including Yahoo, Google, Microsoft, and Cisco Systems, for failing to uphold free expression in China.

"Internet companies should not disclose personal information that could violate the basic human rights of their users," Ho said.

He said Tao, who is not a U.S. citizen, could file a lawsuit in the country under the Alien Tort Claims Act of 1789. The group has not yet decided on a U.S. law firm to retain for the case, nor would Ho divulge the specific strategy or damages the group intends to seek.

The Hong Kong case remains pending because an investigation by authorities has not been finished yet, Ho said. Yahoo could face a fine, a civil lawsuit, or both if Hong Kong's Office of the Privacy Commissioner for Personal Data rules that it illegally divulged personal data used to put Tao in jail. The plaintiffs argue that Yahoo Hong Kong had no right to comply with a request from China for Tao's personal data, and requested that the office investigate the matter.

Yahoo has denied any involvement in the case by its Hong Kong arm. The company has said any information provided to Chinese authorities in this case would have come from Yahoo's operations in China, rather than Hong Kong. However, Yahoo's Chinese and Hong Kong operations were both part of the same corporate entity, Yahoo Hong Kong, at that time

In 2005, Alibaba.com acquired Yahoo's Chinese operations as part of a deal that saw Yahoo take a stake in the Chinese Internet company.



There is a simple way to avoid this type of problem.

http://news.com.com/2100-1025_3-6118314.html?part=rss&tag=6118314&subj=news

Taking passwords to the grave

Family members are increasingly unable to access important data because their loved ones have not left passwords behind.

By Elinor Mills Staff Writer, CNET News.com Published: September 22, 2006, 4:00 AM PDT

William Talcott, a prominent San Francisco poet with dual Irish citizenship, had fans all over the world. But when he died in June of bone marrow cancer, his daughter couldn't notify most of his contacts because his e-mail account--and the online address book he used--was locked up.

Talcott, 69, a friend of beatnik Neil Cassidy, apparently took his password to the grave.



One would think that manufacturers would constantly strive to make their products more secure. I guess not...

http://www.wired.com/news/technology/0,71832-0.html?tw=rss.index

ATM Maker Readies Anti-Hack Patch

By Kevin Poulsen 14:00 PM Sep, 21, 2006

The maker of a popular line of automated teller machines is planning a software upgrade that forces operators to change a default administrative pass code, [...for people who don't bother reading the user's manual OR thinking. Bob] after a surveillance tape showed a high-tech thief successfully hacking one of its ATMs in a Virginia gas station.

"If we can make them change this default password, the security will be infinitely greater," [Crap! Why can you enter a password from the customer console? Move that function INSIDE the ATM. Bob] said Hansup Kwon, CEO of California-based Tranax Technologies.

Last week, news and video reports circulated of a swindler who strolled into a Virginia Beach, Virginia, gas station and, with no special equipment, reprogrammed a mini ATM to act as if it had $5 bills in its dispensing tray instead of $20 bills.

Using a pre-paid debit card, the crook then made a withdrawal and casually strolled off with a 300 percent profit. The ATM stayed misprogrammed for nine days [perhaps all changes should be reported? Bob]-- presumably to the delight of other customers -- before a good Samaritan reported the issue and exposed the caper. The thief was not caught.

Details on how the swindle worked were scant until Wednesday, when Dave Goldsmith, a computer security researcher at Matasano Security in New York, analyzed CNN's report on the crime and identified the ATM as a Tranax Mini-Bank 1500 series.

He then set out to see if he could obtain a copy of the manual for the apparently vulnerable ATM and find out how the crime was pulled off. Fifteen minutes later, he reported success on both counts.

Wired News located a copy of the manual on a Tranax distributor's website. The manual reveals a special key sequence that puts the Mini-Bank ATM into "Operator Mode," from which the machine can be reconfigured. One of the options lets the user change the denominations of the bills the machine dispenses -- exactly as the Virginia thief did.

A numeric password is required to perform the operation, but the default factory-set password is listed in the manual. Kwon acknowledged Thursday that ATM owners don't always change the password from that default.

"Raising this type of awareness is very important," said Kwon. "We've been trying, and are continuously trying, to talk to our customers and operators. A very high percentage change their passwords."

The manual includes a note that: "Tranax Technologies, Inc. highly recommends changing your passwords from default as soon as possible."

Kwon said the company first heard of the denomination-change hack a few years ago, [No one thought this was important? Bob] when its ATMs had only a single passcode to access all the management functions. That meant the person who performs routine servicing of the machine had more privileges than he needed, and could leak the passcode to accomplices or hack the machine himself.

Tranax responded by changing its software to incorporate a hierarchy of three levels of access, so "the average guy who puts the money into it and services the ATM can work without accessing the denomination changes and other things," Kwon said. The company thought that ended the push-button heists, until news of the Virginia Beach caper broke last week.

When CNN's video showed a Tranax Mini-Bank at the heart of the crime, the company began exploring its options, said Kwon, and decided to make the password change mandatory in a new firmware release.

The patch will be ready "in weeks, not months," he said, and will be installed in all new ATMs the company sells. Tranax has no way to force the upgrade onto existing machine operators, however. They'll have to choose to install it.

The company has 75,000 Mini-Bank ATMs in service. They are sold through distributors, either to independent operators like gas stations and convenience stores, or to companies that run a number of machines in a geographic area.

Kwon said the service manual should not have been published on the web, but he defended the company's practice of including the default passcodes in its pages. "It's almost the industry standard practice," he said.

Indeed, a manual for a line of retail ATMs made by Tranax-competitor Triton reveals that company's cash machines also contain a special key sequence to gain control of the ATM. A default passcode is listed in the manual. Triton didn't immediately return a phone call for comment.

The Tranax machines will dispense at most 40 bills at a time, which puts an $800 dollar cap on a fraudulent withdrawal from a machine loaded with twenties.

It's unclear whether the Virginia incident was an isolated case, or part of a broad scheme, exposed only because the crook neglected to change the ATM back to its proper configuration before leaving with his cash. Kwon said he hasn't heard of a similar crime in years, and believes they are exceedingly rare.

"However the chances are there ... (and) going up."



Some years back, the Denver Post sold for $1000 per subscriber.

http://business.timesonline.co.uk/article/0,,13129-2369527.html

Yahoo! poised to put a price on Facebook's following

By Joe Bolger and Rhys Blakely September 22, 2006

THE attraction of online hangouts was underlined yesterday with news that Yahoo! is contemplating an offer for Facebook that would value the social networking website’s registered users at more than $100 each.

The US search giant is thought to have held “serious discussions” with Facebook over a deal rumoured to value the California-based company at about $1 billion (£523 million). A deal would give Yahoo! access to Facebook’s base of more than nine million users, who use the the website to set up an online profile and share information with friends.

... Big media groups are drawn to social networking sites because of their “sticky” nature. The average Bebo user spends an hour on the site’s pages in each session.



Look! Up in the sky! It's flying pigs!

http://in.today.reuters.com/news/newsArticle.aspx?type=technologyNews&storyID=2006-09-22T050056Z_01_NOOTR_RTRJONC_0_India-268760-1.xml

Microsoft mulls free Web-based business software

Fri Sep 22, 2006 5:10 AM IST137 By Daisuke Wakabayashi

SEATTLE (Reuters) - Microsoft Corp. said on Thursday it may offer a free, advertising-supported version of its basic word processing and spreadsheet software, in an apparent bid to fend off a nascent challenge from Google Inc. in the business software market.

... The challenge for Microsoft will be to make sure a free or, possibly, a subscription-supported version of Works won't hurt sales of its dominant Office software, which accounted for a quarter of the company's $44 billion in sales last year.



Coming soon: The Oprah Blog Club! (You know you've arrived when your one of Oprah's “Favorite Things.”)

http://cravingideas.blogs.com/backinskinnyjeans/2006/09/how_to_explain_.html

How to explain RSS the Oprah way

Today, I’m going to explain how RSS can help you live your best life online.

We all have busy lives with very little time. Web surfing is fun but can take hours going to visit every single website and blog you enjoy. Wouldn’t it be fabulous if you could just get all the headlines of the most current stories from all your favorite websites and blogs in one place?

Well now you can, and it is called RSS feed.

The Oprah definition

The technical acronym for RSS is “Really Simple Syndication”, an XML format that was created to syndicate news, and be a means to share content on the web. Now, to geeks and techies that means something special, but to everyday folks like you and me, what comes to mind is, “Uh, I don’t get it?”

So, to make RSS much easier to understand, in Oprah speak, RSS stands for: I’m “Ready for Some Stories”. It is a way online for you to get a quick list of the latest story headlines from all your favorite websites and blogs all in one place. How cool is that?



Attention Intellectual Property Lawyers!

http://www.theinquirer.net/default.aspx?article=34523

Microsoft Media Player shreds your rights

Comment No more backups, or Tivo

By Charlie Demerjian: Thursday 21 September 2006, 10:08

No comments: