Saturday, September 09, 2006

Another Friday announcement

http://digg.com/security/Hackers_gain_private_information_on_all_642_720_Second_Life_users

Hackers gain private information on all 642,720+ Second Life users

indyhouse submitted by indyhouse 13 hours 36 minutes ago (via [Article follows]

Linden Labs has forced a password reset for every one of its 642,720+ residents after it was revealed hackers gained access to the entire user database. Customer service will not begin to address password issues until Monday, September 11. (the news story link is a "blog" because that is the "official" lines of communications from Linden Labs

http://blog.secondlife.com/2006/09/08/urgent-security-announcement/

Urgent Security Announcement

Friday, September 8th, 2006 by Robin Linden

On September 6 we discovered evidence that an intruder was able to access the Second Life database through the web servers. The exploit was shut down on the afternoon of September 6 when we discovered it.

Detailed investigation over the last two days confirmed that some of the unencrypted customer information stored in the database was compromised, potentially including Second Life account names, real life names and contact information, along with encrypted account passwords and encrypted payment information.

No unencrypted credit card information is stored on the database in question. Unencrypted credit card information has not been compromised. [Note that they do not say the encrypted information wasn't compromised. I wonder how good their encryption is? Bob]

As a precaution we have invalidated all Second Life account passwords. In order to log-in to Second Life you will have to create a new password. Please access the log-in page at https://secondlife.com/password, and click on the “Forgot Password” link. An email will be sent to the email address you have registered with us. (Don’t forget to check your spam filter!) Please click through the link in that email, answer the security question, and create a new password.

Passwords cannot be changed over the phone at this time. Phone support for password issues will be available starting Monday, September 11.




It must be difficult for a board of directors to provide useful guidance to a company when they can talk themselves into doing something like this...

http://www.infoworld.com/article/06/09/08/HNhpcromcharges_1.html?source=rss&url=http://www.infoworld.com/article/06/09/08/HNhpcromcharges_1.html

Update: Criminal charges 'likely' in HP case

Charges are "likely" over the alleged spying scandal, but HP Chairwoman Patricia Dunn says she will not resign

By Robert Mullins, IDG News Service September 08, 2006

California Attorney General Bill Lockyer says criminal charges are likely in the scandal surrounding alleged spying involving the board of Hewlett-Packard Co. (HP), but a spokesman for Lockyer said the investigation could take "months."

Meanwhile, the HP board will hold a special meeting via conference call on Sunday to discuss the fallout from the issue, HP spokeswoman Emma Wischhusen told IDG News Service.

Chairman Patricia Dunn says she will not resign over the scandal and that she was "appalled" that contractors hired to investigate news leaks used potentially illegal methods, according to news reports.

Chief Executive Officer Mark Hurd, in a letter to company employees that was released late Friday, urged them to keep focused on their work. "The media coverage and speculation regarding the recent actions of the HP Board … have nothing to do with the strategy or operations of Hewlett-Packard," he said.

Hurd, who emphasized that he was speaking as CEO and not as a board member, added: "There has been a long history of leaking company information with the HP board that clearly needs to be resolved."

HP is on the defensive after the disclosures this week that phone records of HP board members and journalists were hacked to see who on the board discussed with reporters confidential board strategy sessions earlier this year. The company disclosed in a U.S. Securities and Exchange Commission filing Wednesday that investigators, in order to identify the leaker, had used "pretexting," a method in which false pretenses are used to gain online access to others' phone records.

The investigation determined that director George Keyworth was the source for a Cnet.com story in January about HP's strategy.

Keyworth was asked to resign from the board in May but refused. Board member Thomas Perkins, a renowned Silicon Valley venture capitalist, did resign in May in protest over concerns with the HP board's handling of investigations into leaks of confidential information.

The news that the phone records of nine reporters who cover HP were hacked has outraged some in the journalism profession.

"HP. Does that stand for Hewlett-Packard or 'Hackers of Privacy?'" asked Christine Tatum, president of the Society of Professional Journalists, a professional and advocacy organization for journalists, in a statement Friday.

"Journalists are not the only ones who should be concerned with this issue," said Tatum, who is a business writer for the Denver Post. "Pretexting could be used against disgruntled customers, employees or debtors."

HP's response that it was "dismayed" that phone records were hacked strikes Tatum as insufficient: "This [pretexting] practice amounts to identity theft and a national corporation should be held accountable."

Dunn, in an interview in the Wall Street Journal Friday, said that while she ordered the investigation of board news leaks, she did not know the investigators hired to conduct the probe used pretexting.

"I was appalled. And I'm going to apologize," to those journalists, she told the Journal. Because she was also subject to investigation, she said she could not have known what methods the investigators used. [That sentence makes no sense... Bob]

But while she does not plan to resign, Dunn will take into consideration what the board thinks she should do. "I serve entirely at the pleasure of the board,'' Dunn told the Journal. "If they determine it no longer is in the interest of shareholders [for me to remain on the board] I will do so.''

The criminal investigation of the case continues.

"There has been no final decision [on charges] but we are confident that a crime was committed," said Lockyer spokesman Thomas Dressler. "The attorney general does not want to sacrifice thoroughness for expediency. The investigation could take a couple of months."

Charges could be filed under a California law prohibiting gaining unauthorized access to computer data or under another law prohibiting identity theft through unauthorized use of personal information, published reports say.

A bill to specifically outlaw pretexting is on Governor Arnold Schwarzenegger's desk awaiting his signature. The governor has until the end of September to sign or veto the bill, spokesman Darrel Ng told IDG News Service. Schwarzenegger hasn't taken a position on the pretexting bill, but only because it is one of hundreds of bills passed during the recently concluded session of the California Legislature, Ng said.


http://techdirt.com/articles/20060908/145105.shtml

Use Of Pretexting Was Embarrassing... Or Getting Caught Was Embarrassing?

from the looks-like-it-was-the-getting-caught-part dept

As the HP board spying scandal continues to get worse, HP's chairwoman, Patricia Dunn has finally spoken out publicly on the matter, saying that the use of pretexting for board members and reporters has been a "major embarrassment." After being quiet for a few days, that's all she can come up with? She also refused to resign, but says if the board wants her to, she will. However, her statements highlight how problematic the situation really is. She continues to distance herself from the problem. Just as the company originally tried to make it out that the leak of info was worse than illegally obtaining records by pretending to be someone else, Dunn isn't taking any responsibility for the scandal at all. She claims that she wasn't spying on the board, because she had the backing of the board in the investigation -- even though this contradicts the statements of other board members. She says she's not happy, but she called for the investigation, despite a huge number of more pressing priorities. She says she doesn't even know the name of the investigating firm, saying she had people at the company hire it for her. She says she believed that the investigating company had been told that "everything done would be not only legal but fully compliant with HP's high standards for both ethics and business practices," but she knew about the use of pretexting much earlier than this. She knew about it in May when she exposed the board member who leaked, and Tom Perkins specifically called her out on the use of it. If she's embarrassed now, it's not because of the use of pretexting, which Perkins made clear to her was "illegal, unethical, and a misplaced corporate priority." If she were embarrassed back then, she would have apologized then. Instead, it certainly appears that the embarrassment is about being caught and having this info exposed. Yes, she should be embarrassed, but so should HP's shareholders and employees to discover how their board has handled this mess. Update: And just to make this more fun, California's Attorney General is now saying that criminal charges are likely going to be filed concerning the spying. They just want to complete their investigation. Update 2: And, now the FCC is getting involved as well.




Looks like the old records retention policy needs a brush up.

http://www.creditcardsmagazine.com/ManageArticle.asp?C=90&A=11440

Chase Tosses Personal Information On Credit Card Holders

September 7, 2006

Personal information on 2.6 million past and current Circuit City (CC) credit card holders was mistakenly thrown out as trash. Chase Card Services said it mistakenly tossed out computer tapes with the personal information of Circuit City card holders. It said it believes the tapes, inside a locked box, were compacted, destroyed and buried in a landfill.

... Chase said it has begun notifying customers and is monitoring affected accounts and has not identified any misuse of personal information. A free, one-year credit monitoring service is being offered to individuals whose social security number was on the thrown out tapes.



Does this mean AJAX is a capitalist tool?

http://it.slashdot.org/article.pl?sid=06/09/08/1839208&from=rss

Forbes Reviews AJAX Apps for Small Businesses

Posted by Zonk on Friday September 08, @03:25PM from the better-than-the-cleaning-product dept. Software The Internet IT

prostoalex writes "Forbes magazine evaluates the variety of AJAX-powered Internet-based applications and their suitability for small businesses. The office suite replacements Forbes magazine chose are Google-centric: Google Calendar, Spreadsheets, Notebook and Gmail are the winners of their respective categories. Pageflakes and YouOS are tied for the leader's spot in 'Webtops' category."



http://it.slashdot.org/article.pl?sid=06/09/09/0647211&from=rss

Reverse Off-Shoring

Posted by Zonk on Saturday September 09, @06:28AM from the heading-out dept. Businesses IT

punkish writes "India is becoming more attractive to information technology workers from Western countries. Some local IT companies, such as Infosys Technologies in Bangalore, are now able to offer salaries and other perks that are comparable to what Western IT talent would find in their home countries. [Does this indicate the end of the labor cost advantage? I think not! Bob] Infosys, which is currently training 126 Americans at its cutting-edge complex in Mysore, expects to employ 300 Americans by the end of 2006 and add a large contingent from Great Britain next year."



Perhaps someone gets it after all!

http://technology.findlaw.com/articles/00006/010232.html

When "Free" Downloads Are Also Legal

FindLaw By Cecily Mak,

Free music is now becoming more and more acceptable and mainstream - and believe it or not, it is legal.



(I haven't seen an online link yet.) If you publish a guide like this, isn't it likely to come back and bite you when your employees ignore the suggestions?

http://www.cbc.ca/story/business/national/2006/09/08/laptop-privacy.html

Theft of 900 bank customer files prompts e-privacy primer

Last Updated Fri, 08 Sep 2006 16:03:29 EDT CBC News

Thieves got the files of 900 Ottawa area bank customers when they stole a Bank of Montreal laptop in May.

In response to that and similar crimes, the bank and Ontario's information and privacy commissioner jointly released a brochure on Thursday to educate the public on how to keep sensitive information private and safe on portable electronic devices such as laptops, PDAs and cellphones.

The brochure, called Reduce Your Roaming Risks: A Portable Privacy Primer, says such popular devices are "golden eggs" for criminals who steal other people's personal information and use it to commit crimes such as credit card fraud.



http://www.lessig.org/blog/archives/003510.shtml

Entry Archive

this is a fantastically cool idea

Check out webcitation.org — a project run at the University of Toronto. The basic idea is to create a permanent URL for citations, so that when the Supreme Court, e.g., cites a webpage, there’s a reliable way to get back to the webpage it cited. They do this by creating a reference URL, which then will refer back to an archive of the page created when the reference was created. E.g., I entered the URL for my blog (“http://lessig.org/blog”). It then created an archive URL “http://www.webcitation.org/5IlFymF33”. Click on it and it should take you to an archive page for my blog.



Creating a new legal system doesn't happen every day...

http://www.bespacific.com/mt/archives/012392.html

September 07, 2006

Armed Services Cmte. Hearing on White House Military Commissions Legislation

Follow-up on yesterday's posting, Administration's Proposed Legislation to Create Military Commissions, the House Armed Services Committee Release, Hearing on Military Standards and Commissions Utilized in Trying Detainees, September 7, 2006

  • Chairman Hunter Opening Statement (pdf)

  • Witness statements: Mr. Steven Bradbury, Acting Assistant Attorney General, Department of Justice (pdf); Major General Scott C. Black, USA, The Judge Advocate General of the Army (pdf); Rear Admiral Bruce E. MacDonald, USN, The Judge Advocate General of the Navy (pdf); Major General Charles J. Dunlap, Jr., USAF, Deputy Judge Advocate General of the Air Force (pdf); Brigadier General James C. Walker, USMC, Staff Judge Advocate to the Commandant U.S. Marine Corps (pdf)



http://techdirt.com/articles/20060908/102435.shtml

Samsung Lets The World Know Its Phones Are Breakable

from the just-reminding-you dept

Psst... have you seen the video about how to easily the Samsung Ultra Edition mobile phone can break? Neither had we. In fact, there didn't seem to be much talk of it at all. But now a lot of people are going to hear about how breakable the Samsung Ultra Edition is, as the company has foolishly said it may take legal action against the creator of the video. What does Samsung think it could possibly accomplish with this? There's no way to suppress the video, now that it's been released; there's no meaningful monetary reward that it could get. There's simply no possible outcome other than alerting more people to the video and the alleged weakness of its phones. Eventually, companies will come to understand the Streisand effect, and fire the lawyers who keep encouraging them to make stupid legal decisions.



http://techdirt.com/articles/20060908/180942.shtml

EMI Demands IP Addresses From Everyone Who Downloaded Beatles/Beach Boys Mashup

from the DJ-Dangermouse-Part-II dept

EMI, it appears, just doesn't learn. Two years ago, DJ Dangermouse (now gaining a ton of fame for the ridiculously popular Gnarls Barkley tune Crazy) created a mashup of the Beatles' White Album and Jay-Z's Black Album, called the Grey Album. It was a big hit, and probably attracted some fans of one artist to the music of the other. One thing it clearly did not do, is hurt the sales of either artist. It was clearly not a replacement for the music of either one. But, EMI and Capitol Records, who own the rights to the Beatles music, apparently didn't understand that. Their lawyers went nuts sending out cease and desist letters. Jump forward to a few weeks ago, when producer Clayton Counts, mashed up the Beatles' Sgt. Pepper's Lonely Hearts Club album with the Beach Boys Pet Sounds. Considering the history of the two albums, and the constant comparisons between the two, this seems like a natural "mashup" project. So, what happens? As Boing Boing points out, EMI and Capitol Records have pulled the same stunt, sending out a nastygram cease-and-desist letter, which you pretty much had to expect. However, rather than just demanding that Counts take down the music, the letter (which, of course, is meaningless from a legal standpoint), also demands the IP addresses of anyone who might have streamed or downloaded the songs. Counts is ignoring the cease-and-desist, and it's anyone's guess if the label will pursue this issue, but it again raises issues about lawyers making business decisions without thinking through the actual impact on their business.



Is this worth following?

http://news.com.com/Police+blotter+Cops+raid+Usenet+provider+over+porn/2100-1030_3-6113862.html

Police blotter: Cops raid Usenet provider over porn

By Declan McCullagh Story last modified Fri Sep 08 16:55:21 PDT 2006

"Police blotter" is a weekly CNET News.com report on the intersection of technology and the law.

What: An Internet service provider files a civil rights lawsuit after being raided by Pennsylvania police in January 2004.

When: U.S. District Judge Mary McLaughlin in the eastern district of Pennsylvania rules on August 30.

Outcome: A partial victory for both sides, with the lawsuit proceeding but some of the company's claims rejected.

What happened, according to court documents and news reports:

Voicenet Communications and subsidiary Omni Telecom were raided in January 2004 as part of an Bucks County, Pa., investigation into child pornography. During the raid, servers and other computer hardware were, according to the companies, "illegally seized" and business operations were substantially impaired.

The servers included data distributed through Usenet, a sprawling and decentralized collection of discussion groups called newsgroups. Discussion topics include everything from soc.history to rec.aviation, sci.nanotech, and alt.sex.exhibitionism.

Some newsgroups feature sexual discussions and a few include erotic photographs and videos. Because the volume of daily Usenet posts is far too vast for any human to read, ISPs are almost never aware of the contents of individual messages.

Voicenet and Omni Telecom claim that the raid went too far--akin to the police raiding a phone company and hauling away its switches and networks as part of an investigation into prank phone calls. Their civil rights lawsuit claimed violations of federal law, state law, and--because their customers were precluded from continuing in discussions--the First Amendment.

The raid was closely watched by other Internet and Usenet providers at the time, because of the nature of Usenet: A post by any user is automatically distributed to thousands of servers at corporations, ISPs, and universities. That means, in other words, if one Usenet provider is liable for illegal content on its servers that it doesn't even know exists, any provider could be potentially liable as well.

In her order last week, U.S. District Judge Mary McLaughlin permitted the case to go forward but with some caveats. She sided with Voicenet on some points and the Bucks County district attorney on others.

Excerpt from Judge McLaughlin's opinion:

The plaintiffs, Usenet newsreader and Internet service providers, have sued several Commonwealth and local law enforcement officials under (federal civil rights laws) for violations of their constitutional and statutory rights in connection with the execution of a search warrant on the plaintiffs' premises on January 21, 2004.

The defendants have moved to dismiss counts II through VI of the complaint, which allege deprivations of rights under the Communications Decency Act, the Electronic Communications Privacy Act, Pennsylvania's Internet Child Pornography Law, the Commonwealth Attorneys Act, and the Fourth and Fourteenth Amendments...The defendants have not moved to dismiss count I, for deprivation of freedom of speech under the First and Fourteenth Amendments, or count VIII, for violation of the Commerce Clause. These claims go forward...

The Court will grant the defendants' motion in part, and deny it in part. Specifically, the Court will dismiss the plaintiffs' due process claims based on alleged violations of the ICPL and the Commonwealth Attorneys Act. The Court will also dismiss the plaintiffs' ECPA claim. The CDA claim may go forward, but only to the extent that the plaintiffs seek declaratory or injunctive relief; the defendants are entitled to qualified immunity from damages because the plaintiffs' rights under the CDA were not clearly established at the time of the alleged violation. The Fourth Amendment claim may go forward because it is too early for the Court to determine whether all of the defendants reasonably relied on the search warrant in question.

The CDA provides, in relevant part: "No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider." The CDA further provides: "No cause of action may be brought and no liability may be imposed under any State or local law that is inconsistent with this section."

In count II of the complaint, the plaintiffs allege that the defendants violated their rights under the CDA by enforcing against them...a state statute that criminalizes the knowing distribution and possession of child pornography. The defendants have moved to dismiss count II on the grounds that: 1) the CDA does not confer an enforceable right, privilege, or immunity...and 2) to the extent that the CDA does confer an enforceable right, it provides immunity from only civil, not criminal, liability.

Despite the defendants' arguments, the Court is persuaded that the plaintiffs have stated a...claim based on a violation of their rights under the CDA. The Court finds that all of the defendants are entitled to qualified immunity from money damages, however, because the plaintiffs' rights were not clearly established at the time of the actions giving rise to this litigation.



Thank God someone has the foresight to preserve our cultural heritage.

http://digg.com/television/Original_Simpsons_Cartoons_Free_for_Download

Original Simpsons Cartoons Free for Download

TheWalkingDude submitted by TheWalkingDude 22 hours 42 minutes ago (via http://www.simpsoncrazy.com/downloads/shorts.shtml )

The Simpsons began as a series of animated shorts on The Tracey Ullman Show. You can download all 48 episodes here.

Friday, September 08, 2006

See the next article, too

http://blog.facebook.com/blog.php?post=2208562130

An Open Letter from Mark Zuckerberg:

by Mark Zuckerberg 2:48am Today

We really messed this one up. When we launched News Feed and Mini-Feed we were trying to provide you with a stream of information about your social world. Instead, we did a bad job of explaining what the new features were and an even worse job of giving you control of them. I'd like to try to correct those errors now.

... This is the same reason we have built extensive privacy settings — to give you even more control over who you share your information with.

Somehow we missed this point with Feed and we didn’t build in the proper privacy controls right away. This was a big mistake on our part, and I’m sorry for it. But apologizing isn’t enough. I wanted to make sure we did something about it, and quickly. So we have been coding nonstop for two days to get you better privacy controls. This new privacy page will allow you to choose which types of stories go into your Mini-Feed and your friends’ News Feeds, and it also lists the type of actions Facebook will never let any other person know about. If you have more comments, please send them over.


The risk is real, but not huge in a multi-billion dollar market.

http://www.msnbc.msn.com/id/14718350/

FTC fines Xanga for violating kids' privacy

$1 million penalty against social networking site is largest under 1998 law

By Bob Sullivan Technology correspondent MSNBC Updated: 3:15 p.m. MT Sept 7, 2006

Social networking Web site Xanga.com will pay $1 million — the largest penalty ever issued for violations of the Children's Online Privacy Protection Act — for repeatedly allowing children under 13 to sign up for the service without getting their parent's consent, the Federal Trade Commission announced Thursday.

In its complaint, the FTC alleged that Xanga, a rival to the popular MySpace.com, allegedly permitted creation of 1.7 million accounts by users who submitted birthdays indicating they were under 13. Collecting personal information from anyone under 13 without parental consent is a violation of the children's protection act, or COPPA, which was passed by Congress in 1998.



Looks like this will grow into a real cancer...

http://www.infoworld.com/article/06/09/08/HNphonerecords_1.html?source=rss&url=http://www.infoworld.com/article/06/09/08/HNphonerecords_1.html

Reporters' phone records accessed in HP probe

HP admits 'pretexting' was used to obtain journalists' phone records during an internal investigation into board leaks

By Steven Schwankert, IDG News Service September 08, 2006

Hewlett-Packard obtained the telephone records of nine reporters as part of its internal probe of information leaks, the company confirmed Thursday.

The company sent the list of the nine reporters to the Office of the Attorney General of the State of California, in response to the Attorney General's inquiries.

"HP is dismayed that the phone records of journalists were accessed without their knowledge, [but by their agent, right? Bob] and we are fully cooperating with the attorney general's investigation," said company spokesman Ryan Donovan.

In an Aug. 31 filing with the U.S. Securities and Exchange Commission (SEC), HP admitted that an outside investigator had used "pretexting," a technique in which an investigator may obtain information by disguising their identity. HP's internal investigation was sparked by what the company said were "multiple leaks of confidential HP information," including discussions by the board of directors, HP said in the SEC filing.

At a May 18 board meeting, HP board members asked fellow director George A. Keyworth II to resign, as a source of those leaks. He declined, but Thomas J. Perkins did resign over a dispute with HP's Nonexecutive Chairman Patricia Dunn over the investigation's handling, the company said.

The California Attorney General has asked HP for information about techniques used in the leak investigation, while the SEC is making inquiries into a filing HP made when Perkins resigned.

HP's Donovan confirmed reports that among the journalists whose phone records were accessed were a reporter from The Wall Street Journal and a reporter from CNet Networks. He declined to name the other reporters. The Wall Street Journal and CNet published reports including leaked information from board meetings. The leaks to the Wall Street Journal included information about discussions leading up to the firing of Chief Executive Officer Carly Fiorina last year.

The Attorney General's office declined to name the reporters on the list handed over by HP.



Would this apply to Sony as well?

http://www.bespacific.com/mt/archives/012382.html

September 07, 2006

FTC Settles Against Alleged Spyware Operation

FTC press release: "An operation that placed spyware on consumers’ computers in violation of federal laws will give up more than $2 million to settle Federal Trade Commission charges. Under a stipulated final judgment and order, the defendants are permanently prohibited from interfering with a consumer’s computer use, including but not limited to distributing software code that tracks consumers’ Internet activity or collects other personal information, changes their preferred homepage or other browser settings, inserts new advertising toolbars or other frames onto their browsers, installs dialer programs, inserts advertising hyperlinks into third-party Web pages, or installs other advertising software code, file, or content on consumers' computers."


...or is this closer to the mark?

http://techdirt.com/articles/20060907/151259.shtml

Zango Wins Lawsuit, Dismisses Users Who Can't Uninstall Its App As 'Background Noise'

from the such-concern-for-their-users dept

Adware firm Zango, which recently changed its name from 180solutions is doing a bit of gloating today after a court dismissed the class action lawsuit that was filed against the company a year ago. Note that this comes just days after security firm Sunbelt Software declared Zango's search assistant one of the most insidious spyware apps around for the month of August. Not to mention, of course, the recent revelations of how Zango was caught trying to trick people into putting videos on their MySpace pages that installed Zango. After denying that they did so, others revealed emails from the company telling others how to target MySpace users. Meanwhile, the sheer number of folks who constantly complain that their machines are infested with Zango software that they never agreed to install, combined with story after story that shows that the company has not stopped rogue distributors, would suggest that Zango may be a bit premature in brushing aside critics.

It's not clear from Zango's announcement (yes, they announced it) why this case was thrown out -- but it's pretty clear that there's something in their software that pisses off an awful lot of people who have it and have no idea how they got it. It's hard to see how that's something to cheer about. In the press release, the CEO of the company calls such complaints "occasional distractions" and "background noise of a small group of fixated critics" while another company exec claims that this dismissal confirms "that our innovative business model is entirely legitimate." Both claims seem to be stretching the truth. The dismissal of a single lawsuit (and the details are missing as to why it was dismissed) doesn't necessarily justify the business model -- and the fact that the company views some pretty serious, and very detailed, complaints from an awful lot of people as "background noise" should hopefully alert advertisers that this is not a company to work with.



Obvious?

http://blog.wired.com/27BStroke6/index.blog?entry_id=1551869

Encryption Not Equal to More Rights

27B Stroke 6 by Ryan Singel and Kevin Poulsen Tuesday, 5 September 2006

Encrypting your communications -- even using the strongest algorithm possible -- gives you no extra legal privacy rights, according to the good professor Orin Kerr.

Kerr recently blogged his 2001 law review article, which argues persuasively, yet counter-intuitively, that wrapping your communication in code isn't new (the Founders did it too!). He also argues that the expectation that it would be hard for an outsider to decipher a communication or figure something out, doesn't give you legal cover to prevent the government from cracking your code or flying over your house in a plane to see that you are growing marijuana.

... Find the whole paper here (I had no luck downloading in FireFox and then trying to open it with Adobe, but was able to open it in Adobe by clicking on the link with IE).

There's also, as usual, a fine discussion of the piece over at the Volokh Conspiracy, where Professor Kerr first blogged the article.



A little more on this case.

http://blog.wired.com/27BStroke6/index.blog?entry_id=1551352

DMCA 'Terror' Case Dismissed

27B Stroke 6

by Ryan Singel and Kevin Poulsen Tuesday, 5 September 2006

A federal magistrate today dismissed with prejudice a disgraceful DMCA prosecution against three young Texas men who bought a lot of cell phones while looking Arab.

Adham Othman, 21, his brother Louai Othman, 23, and their cousin Maruan Muhareb, 18, were cleared of money laundering and conspiracy charges after a day-long preliminary hearing.

The three were rousted by local law enforcement in Michigan last month after they were spotted driving from Wal-Mart to Wal-Mart buying as many low-cost pre-paid cell phones as they could get their hands on.

Tuscola County authorities arrested them as suspected terrorists and made a lot of noise. Then when the case didn't pan out the feds stepped in with charges that the men conspired to violate the DMCA.

After hearing the evidence today, Michigan U.S. District Court Magistrate Charles Binder threw out the case.

"I think (law enforcement) dug themselves a hole and they tried to dig themselves out," defense attorney Nabih Ayad told me. "The government had no evidence whatsoever that the phones and been modified or tampered with … And they didn't show that there was a third party they were conspiring with."

According to the FBI, the men admitted to buying hundreds of phones with the intention of digitally unlocking them so they could be used with other carriers, then reselling them at a small markup. In the complaint (.pdf), the FBI called this a "fraud scheme" in violation of the DMCA's anti-circumvention provisions, and said it injured consumers, TracFone, and the brand equity of Nokia, "the eighth most valuable brand in the world!" (exclamation mark added).

It's hard to imagine anything creepier than the FBI merging homeland security hysteria with corporate IP extremism.

The case was apparently dismissed for lack of evidence, which ducks the more interesting question of how unlocking a cell phone constitutes circumvention of a copy protection scheme. Similar arguments have been floated in civil court over garage door openers and printer cartridges, and failed miserably.

That's why the feds normally wait for legal uncertainties like this to be decided civilly before taking sides with a criminal prosecution. In this case, their eagerness to fabricate a face-saving prosecution overcame their good sense, and today they got the black eye they deserve.

(BTW, props to Carlo at Techdirt who called foul on this case when it was filed.)



Is paper still relevant? Will this just complicate discovery? (All target documents now contain correspondence with attorneys?

http://hardware.slashdot.org/article.pl?sid=06/09/07/2243222&from=rss

Xerox Reveals Transient Documents

Posted by CowboyNeal on Thursday September 07, @07:21PM from the bum-papers dept. Printers Hardware

Heartless Gamer writes "Xerox has lifted the veil from some of its research and development work in the field of printing. They demoed the very intriguing 'transient documents.' These offer the prospect of reusable paper in the sense that the content is automatically erased after a period of time, ready for fresh printing. Inspired by the fact that many print outs have a life-span of a few hours (think of the emails you may print out just to read, or the content you proof read on the train journey back home), the specially prepared paper will preserve its content for up to 16 hours."



e-fencing? Converting your data into cash.

http://yro.slashdot.org/article.pl?sid=06/09/08/0049259&from=rss

Selling Other People's Identities

Posted by CowboyNeal on Friday September 08, @01:16AM from the information-trade dept. The Internet Security Privacy

joeflies writes "The San Francisco Chronicle has an extensive article on the controversial site Jigsaw, which makes it easy to sell other people's identity information. Jigsaw encourages people to collect business cards and email signature blocks, which is compiled together into a searchable database. Participants earn points towards their own searches or earn money. Is this exactly what Scott McNealy meant when he said electronic privacy is dead?"



First precedent?

http://www.chron.com/disp/story.mpl/tech/news/4171144.html

Target can be sued if Web site inaccessible to blind, judge says

Associated Press Sept. 7, 2006, 6:15PM

NEW YORK — A federal judge ruled Wednesday that Target Corp. may be sued if its Web site is inaccessible to the blind, allowing a disabilities class action suit against the retailer to go forward.

The Minneapolis-based company unsuccessfully sought a dismissal of the action in U.S. District Court for the Northern District of California, arguing that that only its stores are covered by disabilities laws.

The court ruled instead that all services provided by Target, including its Web site, must be accessible to the disabled.

The suit brought by the National Federation of the Blind charges that Target's Web site is inaccessible to the blind, and therefore violates the Americans with Disabilities Act as well as California state laws.

A Target representative wasn't immediately available for comment.



For those of us collecting security policies and standards...

http://news.com.com/2100-1029_3-6113512.html?part=rss&tag=6113512&subj=news

Credit card companies form security council

By Erica Ogg Story last modified Fri Sep 08 06:22:48 PDT 2006

Five major credit card companies have teamed up in the interest of creating better security.

American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International announced Thursday the creation of an organization to develop and maintain security standards for credit and debit card payments. It's the first time the five brands have agreed on a single, common framework.

The newly formed Payment Card International (PCI) Security Standards Council will manage the PCI Data Security Standard, first established in January 2005 with the intention of making its implementation more efficient for all parties involved in a payment card transaction. That includes merchants, payment processors, point-of-sale vendors, financial institutions and more than a billion card holders worldwide.

The companies have come together despite being in competition with each other because they say ensuring better security will benefit everyone.

"First of all, it's to protect the information of our mutual customers and to make the process of data security compliance easier," said Rob Tourt, vice president of network services for Discover.

Having a single data-security standard is a critical issue for the entire industry and will simplify the process, said Brian Buckley, Visa's senior vice president of international risk management.

"Our view is that this is first and foremost an important initiative to get data security in place for payment cards," he said.

Having the common accepted set of rules should foster broader compliance, said Bruce Rutherford, MasterCard's vice president of payments. Those rules include instructions on proper data encryption, common technical standards and security audit procedures.

The first action of the new council was to update the PCI security standard, which was promised in May. The revision gives instructions for how to implement the new standards and clarifies language that was previously considered vague. For example, terms such as "periodically" and "regularly" were swapped for definite deadlines like "annually" or "quarterly" where appropriate. A statement released by the newly formed council said the revisions were the result of feedback from vendors, merchants and payment processors.



http://www.bespacific.com/mt/archives/012384.html

September 07, 2006

DHS OIG Survey of DHS Data Mining Activities

Survey of DHS Data Mining Activities, OIG-06-56 (PDF, 22 pages), September 6, 2006.



The good news is that most government projects are handled equally well, the bad news is that most government projects are handled equally well...

http://www.bespacific.com/mt/archives/012385.html

September 07, 2006

GAO Report Highlights Need for Better IT Management and Spending

Information Technology: Improvements Needed to More Accurately Identify and Better Oversee Risky Projects Totaling Billions of Dollars, Full-text GAO-06-1099T, and Highlights, September 7, 2006.

  • "As a result of the Management Watch List and high risk projects processes, about 300 projects totaling about $12 billion in estimated IT expenditures for fiscal year 2007 have been identified as being either poorly planned or poorly performing. Specifically, of the 857 major IT projects in the President's budget for fiscal year 2007, OMB placed 263 projects, representing about $10 billion on its Management Watch List."

  • Related: "The Clinger-Cohen Act (CCA) of 1996 provides that the government information technology shop be operated exactly as an efficient and profitable business would be operated." [So can the stakeholders sue? Bob]



Interesting business model – allow those addicted to both toys to interconnect them...

http://www.epicempire.com/software/youtube-to-ipod.html

YouTube to iPod

Wednesday, 06 September 2006

Free and Easy

There have been several programs promise to grab Youtube videos,convert and import them into iTunes but then pull a fast one and ask you to pay for a license. iTube and PodTube do all the work for free.

iTube, a program by Benjamin Strahs, requires .Net framework and works exclusively on Windows. You simply paste the YouTube videos URL into the application and it does the rest. PodTube, a Mac OS X program, downloads, encodes, and adds YouTube videos to your iTunes library but requires Safari to fetch the videos. These programs are free and do not contain spyware or adware.

Download PodTube Download iTube



Can't help myself, I love this kind of article...

http://www.pcmag.com/article2/0,1895,2006860,00.asp

PC Magazine's Top 99 Undiscovered Web Sites

08.22.06

Think of us as the friends who are always forwarding you links to cool sites you'd never find on your own. That's who we aim to be with this list of 99 Undiscovered Web Sites, and that's who you'll be after reading it.

The following list is made up of sites that are still flying under the radar, but are useful, funny, or interesting enough to merit entrée into the Web's public consciousness.

Thursday, September 07, 2006

http://www.law.com/jsp/article.jsp?id=1157462050900

Calif. High Court Cold to Liability in Online Speech

Mike McKee The Recorder 09-06-2006

Oakland, Calif., attorney Christopher Grell's belief that certain Internet speech shouldn't be immune from liability was bombing Tuesday during oral arguments in the state Supreme Court.

But the coup de grace came when Justice Ming Chin followed up Grell's presentation by immediately telling one of the opposing lawyers how surprised he was by Grell's "startling lack of legal authority." [Not a good sign Bob]

That statement apparently summed all seven justices' thoughts about Grell's argument, and effectively signaled that the court doesn’t intend to make untold numbers of Internet users liable for every allegedly defamatory posting on the Web.

Chin even pointed out that Grell's opponents -- Oakland attorney Mark Goldowitz and Ann Brick, of the American Civil Liberties Union of Northern California -- had "plenty" of legal authority on their side.

Goldowitz represents Ilena Rosenthal, a women's health advocate accused of posting an allegedly defamatory opinion piece with two online newsgroups in August 2000. The editorial by co-defendant Tim Bolen attacked retired Pennsylvania psychiatrist Stephen Barrett and Canadian doctor Terry Polevoy for their stance against alternative medicines.

The article accused the two men of using false information and intimidating tactics, and said Barrett had stalked a woman who hosted a Canadian television show about untraditional therapies.

Alameda County Superior Court Judge James Richman threw the two men's libel suit out in 2001, but San Francisco's 1st District Court of Appeal reinstated Polevoy's claims in 2004. The appeal court held that §230 of the federal Communications Decency Act didn't immunize Rosenthal.

An e-mail from Barrett threatening to sue Rosenthal, the 1st District ruled, put her on notice that she could be held liable for republishing Bolen's letter.

Dozens of amici curiae -- most of them online companies such as Amazon.com and Earthlink Inc. -- joined Rosenthal in arguing that the appeal court's ruling could chill free speech.

"If, simply by receiving 'notice,' service providers were potentially liable for the unimaginable volume of third-party content that constantly flows through their services," the companies' lawyer, Samir Jain, wrote, "they would have little choice but to automatically and immediately take down and block third-party content in response to virtually all complaints."

Jain, a partner in Washington, D.C.'s Wilmer Cutler Pickering Hale & Dorr, argued that notice-based liability would "unleash a 'heckler's veto' that would suppress swaths of entirely legitimate content."

On Tuesday, the California Supreme Court seemed to agree and also stressed the fact that the 1st District ruling differed from all others around the country.

The justices noted that most courts -- even two other appellate courts in California -- had agreed with Zeran v. America Online Inc., 129 F.3d 327. That 1997 seminal ruling by the Virginia-based 4th U.S. Circuit Court of Appeals said Internet users -- unlike publishers -- aren't liable for posting online content.

"The court of appeal ruling here," Justice Joyce Kennard said, "seems to stand completely on its own. Zeran has been followed widely."

A few justices also seemed concerned that a California Supreme Court ruling contrary to Zeran and its progeny could result in forum-shopping, with Internet users trying to remove suits to the federal courts.

No one, Justice Carol Corrigan said, would want to be found liable in California. "I think there is that danger, yes," Goldowitz replied.

Corrigan also stepped in when Grell tried to argue that the Internet should be held to the same liability standards that apply to newspapers and magazines. "Isn't the whole point here that the Internet is different?" Corrigan asked.

Grell was asked several times to point to legal authority that would support his case, but more often responded by arguing public policy reasons that immunity shouldn't apply to postings by third-party users.

Congress had intended to contain allegedly defamatory actions, he said. "To grant absolute immunity would basically allow Pandora's box to remain open,” he added. Soon thereafter, Chin slammed Grell with his comment about a "startling lack of legal authority."

A ruling in Barrett v. Rosenthal, S122953, is due within 90 days.



Attention RIAA! MPAA! And the rest of you old tech holdouts!

http://www.internetnews.com/bus-news/article.php/3630361

FTC Closes Door on Web Listings Case

By Roy Mark September 6, 2006

The Federal Trade Commission (FTC) approved a final consent order today forcing the Austin Board of Realtors (ABOR) to change a rule barring discount brokers from listing properties on ABOR's public Web sites.

The order prohibits ABOR from adopting or enforcing any rules that treat one type of listing more advantageously than another listing type.

The order also prohibits ABOR from interfering with the ability of any of its members to enter into any type of lawful agreement with home sellers.

In July, the FTC ruled the ABOR policy violated antitrust laws by preventing consumers with potentially lower-cost real estate listing agreements access to the group's public Internet listings.

"ABOR's Web site rules create significant roadblocks for real estate brokers to offer consumers alternatives to full-service brokerage agreements," Jeffrey Schmidt, director of the FTC's Bureau of Competition said at the time.

The commission is not saying that one form of brokerage agreement is better than another. We are saying that the consumer should be able to decide." [What a concept! Bob]

The case began early last year when ABOR said it would not post home listings from discount brokers on sites operated by the National Association of Realtors (NAR) or the public site of ABOR.

The ABOR rule allowed only full commission listings on the NAR sites and the ABOR public site.

After the ruling, the FTC said some home sellers switched from a discount broker to a full commission broker, also noting discount brokerage listings on ABOR's public sites fell from 18 percent to 2.5 percent.

The decline in discount listings, the FTC maintained, had an adverse effect on consumers by limiting home sellers' choices of brokerage services.

In addition, the FTC alleged the ABOR rule denied homebuyers the opportunity to use the Internet to see all the listings available in the Austin metropolitan area. [I would have created a “Lower Commission” website Bob]

Last year, the Department of Justice sued the NAR, charging it with engaging in anti-competitive behavior against online home brokers.

Concerned online sites competing with traditional Multiple Listings Services might lead to lower commissions for real estate brokers, NAR three years ago passed rules allowing traditional brick-and-mortar brokers to selectively block their home listings to competing brokers using Virtual Office Websites (VOWs).

The DoJ objected to the policy, contending it denies consumers the full benefits of competition, discourages commission discounting and threatens to lock in outmoded business models.

The NAR changed its policy, barring brokers from selectively blocking their listings. Instead, brokers are allowed to block listings, but they must either block all Internet listings or none at all.



Yet another legal ruling...

http://www.washingtonpost.com/wp-dyn/content/article/2006/09/05/AR2006090501166.html

Anti-Spam Conviction Is Upheld

N.C. Man Flooded AOL Customers With Unsolicited E-Mail

By Candace Rondeaux Washington Post Staff Writer Wednesday, September 6, 2006; B03

The Court of Appeals of Virginia upheld yesterday what is believed to be the first conviction in the nation under a state anti-spamming law that makes it a felony to send unsolicited mass e-mails.

... Jaynes's attorneys argued in their appeal that the Loudoun court had no jurisdiction over the case because the e-mails were sent from Jaynes's home in North Carolina. The appeal also contended that the anti-spam law restrains the constitutional right of free speech protected under the First Amendment.

But the three-judge panel disagreed, ruling in an opinion written by Judge James W. Haley Jr. that circuit courts have exclusive jurisdiction over felonies committed in their areas. The anti-spam law, Haley said, "prohibits trespassing on private computer networks through intentional misrepresentation, an activity that merits no First Amendment protection."



The difference between “serving our customers” and “Impacting the bottom line”

http://www.wired.com/news/columns/0,71738-0.html?tw=rss.index

Quickest Patch Ever

By Bruce Schneier 02:00 AM Sep, 07, 2006

If you really want to see Microsoft scramble to patch a hole in its software, don't look to vulnerabilities that impact countless Internet Explorer users or give intruders control of thousands of Windows machines. Just crack Redmond's DRM.

Security patches used to be rare. Software vendors were happy to pretend that vulnerabilities in their products were illusory -- and then quietly fix the problem in the next software release.

That changed with the full disclosure movement. Independent security researchers started going public with the holes they found, making vulnerabilities impossible for vendors to ignore. Then worms became more common; patching -- and patching quickly -- became the norm.

But even now, no software vendor likes to issue patches. Every patch is a public admission that the company made a mistake. Moreover, the process diverts engineering resources from new development. Patches annoy users by making them update their software, and piss them off even more if the update doesn't work properly.

For the vendor, there's an economic balancing act: how much more will your users be annoyed by unpatched software than they will be by the patch, and is that reduction in annoyance worth the cost of patching?

Since 2003, Microsoft's strategy to balance these costs and benefits has been to batch patches: instead of issuing them one at a time, it's been issuing them all together on the second Tuesday of each month. This decreases Microsoft's development costs and increases the reliability of its patches.

The user pays for this strategy by remaining open to known vulnerabilities for up to a month. On the other hand, users benefit from a predictable schedule: Microsoft can test all the patches that are going out at the same time, which means that patches are more reliable and users are able to install them faster with more confidence.

In the absence of regulation, software liability, or some other mechanism to make unpatched software costly for the vendor, "Patch Tuesday" is the best users are likely to get.

Why? Because it makes near-term financial sense to Microsoft. The company is not a public charity, and if the internet suffers, or if computers are compromised en masse, the economic impact on Microsoft is still minimal.

Microsoft is in the business of making money, and keeping users secure by patching its software is only incidental to that goal.

There's no better example of this of this principle in action than Microsoft's behavior around the vulnerability in its digital rights management software PlaysForSure.

Last week, a hacker developed an application called FairUse4WM that strips the copy protection from Windows Media DRM 10 and 11 files.

Now, this isn't a "vulnerability" in the normal sense of the word: digital rights management is not a feature that users want. Being able to remove copy protection is a good thing for some users, and completely irrelevant for everyone else. No user is ever going to say: "Oh no. I can now play the music I bought for my PC on my Mac. I must install a patch so I can't do that anymore."

But to Microsoft, this vulnerability is a big deal. It affects the company's relationship with major record labels. It affects the company's product offerings. It affects the company's bottom line. Fixing this "vulnerability" is in the company's best interest; never mind the customer.

So Microsoft wasted no time; it issued a patch three days after learning about the hack. There's no month-long wait for copyright holders who rely on Microsoft's DRM.

This clearly demonstrates that economics is a much more powerful motivator than security.

It should surprise no one that the system didn't stay patched for long. FairUse4WM 1.2 gets around Microsoft's patch, and also circumvents the copy protection in Windows Media DRM 9 and 11beta2 files.

That was Saturday. Any guess on how long it will take Microsoft to patch Media Player once again? And then how long before the FairUse4WM people update their own software?

Certainly much less time than it will take Microsoft and the recording industry to realize they're playing a losing game, and that trying to make digital files uncopyable is like trying to make water not wet.

If Microsoft abandoned this Sisyphean effort and put the same development effort into building a fast and reliable patching system, the entire internet would benefit. But simple economics says it probably never will.



Just think of it as a way to explain Open Source software...

http://www.wired.com/wired/archive/14.09/posts.html?pg=6

Free, as in Beer

Ever since the birth of the free software movement, its defenders have struggled to explain just what "free software" is. If it is free, how do coders eat? And how do businesses that support the software – IBM, Hewlett-Packard – make any money from it?

The standard answer has been a slogan: "Think free," the movement's founder, Richard Stallman puts it, "as in free speech, not free beer." You can charge whatever you want for free software. But what you can't do is lock up the knowledge that makes it run. Others must be allowed to learn from and tinker with it. No one is permitted a monopoly on the teaching that stands behind it.

A bunch of Danes, however, apparently didn't get the memo. In June, a Copenhagen artists' collective called Superflex released version 3.0 of a new beer called – you guessed it – Free Beer. "Free beer?" you ask. "Think free," Superflex members helpfully explained at the launch, "as in free software." Under the supervision of Birthe Skands, former chief of development at Carlsberg Beer, the brewery is now scaling up quickly to meet unexpectedly high demand. The first batch of 2,850 70-cl bottles (generous at about 24 ounces, so the natural tendency is to share) sold out practically overnight. Distribution deals are being negotiated with other breweries, especially overseas. And Superflex has now established a Free Beer Foundation to spread the profits to other like-minded projects.

What makes Free Beer free is the same thing that makes free software free: Its recipe is open and licensed freely. Anyone can make improvements. But anyone who distributes an improved version must release the changes as well. Superflex keeps a log of the updates at www.freebeer.org, and it will release a new version every six months. Skands is inviting the world to help her make better beer, and in exchange the brewery is keeping the knowledge free for everyone.

Copyright mavens will wonder if such a license could really work in the US (where recipes are not copyrightable). But that quibble has slowed neither this particular "open business" nor the movement of which it is a part. Indeed, we're seeing an explosion of open source businesses. Some are about developing software, like the Firefox browser. Others simply leverage the model of free software to forge a different kind of business, from the wildly popular Web-tagging tool del.icio.us and the blog-tracking search engine Technorati to the extraordinarily successful video site Revver, which embeds an ad bug into freely licensed user-generated videos, then pays the users as the clips spread. All of these businesses build upon the value created by their users, while keeping that value free for others to build upon as well.

When we begin to look at the range of examples – OpenBusiness.cc has a prominent collection – we might learn something from the pattern. Some have already seen enough to publish their insights. The short list of these books is led by MIT professor Eric von Hippel's Democratizing Innovation. Open source businesses, von Hippel explains, know that their customers are not idiots. [What a concept! Bob] These companies encourage customers to tinker with their products; they then learn from this tinkering how to make the products better. Yochai Benkler's The Wealth of Networks places this commercial practice in a larger and perhaps more significant social context: Although peer production is profitable for business, writes Benkler, "we are in the midst of a quite basic transformation in how we perceive the world around us and how we act, alone and in concert with others." What he calls nonmarket peer production is a critical part of this transformation. The trick is not making it happen, but making it flourish. And if my Wired boss, Chris Anderson, is right (and obviously, he must be) that we've entered the land of the long tail – where digital technology supports a massively more diverse range of products and models for production – then, as he puts it, making the consumer a producer is an excellent way to move a business up the long tail. In this model, free knowledge can drive a particular kind of free market – at least a kind that seems to flourish in a digital world.

Stallman is annoyed that Superflex calls its project "open source beer": "You should have called it 'free software beer,'" he said prior to the Free Beer launch. But he no doubt recognizes the potential of this hack. As thousands are surprised by the quality of this fantastic beer yet puzzled by its name, at least some will read the explanation prominently printed on its large and striking label. And a few of those may then think a bit more about what helps innovation flourish. It's not any magic word, like free or open. It is instead a practice that encourages the widest range of innovators. Superflex has inspired this practice with beer. And perhaps with much more as well.



How will American brewers respond?

http://money.cnn.com/2006/09/06/news/funny/bud_tv/index.htm

Anheuser-Busch to launch Bud.TV

In an effort to find young male viewers, brewer is set to debut its own Web-based television network in February.

September 6 2006: 9:37 AM EDT

NEW YORK (CNNMoney.com) -- Web surfers, this Bud.TV is for you.

Brewer Anheuser-Busch announced Wednesday that it will launch a Web-based video network, named Bud.TV, in February. The company says it will feature new humorous webisodes, sporting events, consumer-generated content, field news reports, celebrity interviews, music downloads and comedian vignettes.



Lawyers beware? Of course not. What happens when the client reaches a point where their eyes cross and their brains begin to melt? They call a lawyer!

http://www.bespacific.com/mt/archives/012370.html

September 06, 2006

Survey Says American Adults Increasingly Seek Legal Info on Web

Press Release: U.S. Adults More Likely to Turn to the Web for Legal Information, New Survey from Lawyers.com Reveals



Trust us!

http://techdirt.com/articles/20060906/090948.shtml

What's The S In TSA Stand For?

from the dropping-the-ball dept

About 1200 former employees of the Transportation Security Administration have been notified they're the latest victims of a government data leak, after a contractor sent them documents featuring other ex-employees' personal information. This isn't the first time a federal contractor has lost personal data: the VA's second data loss of the summer happened when a desktop computer was stolen from another contractor, while vendors and consultants have a healthy track record of losing private-sector data too. While awareness of the importance of internal security procedures to protect data may be on the rise, the spate of data leaks by third parties doesn't seem to be slowing down. A company can exert a decent amount of control over the security of its own systems, and dictate employee behavior, to ensure that data is properly secured, but when that data is given to third-party vendors and service providers, security is out of its hands. Perhaps because companies can pass the blame onto these third parties, they don't put the same emphasis on their security procedures as they do their own internal systems. [Nothing new, Rome learned this when they started hiring mercenaries... Bob] But the fact of the matter is that consumers don't really care who's to blame, and are likely to hold the company they deal with at fault. If more people ditch companies who leak their data, even if a third-party vendor is to blame, businesses will start taking the security of those vendors more seriously. Of course, the federal government doesn't really have to worry about people ditching it for a competitor, so perhaps some other form of motivation is in order.



Eventually, everyone will have to fly nude.

http://techdirt.com/articles/20060906/164721.shtml

Another Airline Grounds Dell, Apple Laptops

from the bet-they-just-lost-two-corporate-accounts dept

Following the lead of Australia's Qantas, Korean Air has forbidden the use of Dell and Apple laptops on its planes (via Engadget). The company says users can bring the computers aboard, as long as they put their batteries in their checked luggage. This seems doubly pointless, because if the airlines are going to overreact and forbid the use of the machines on board, why let the batteries on at all, since there are questions about the safety of batteries travelling as cargo, too? Spokesmen from Apple and Dell have a point that there are plenty of their laptops that didn't ship with the exploding battery figure, so they shouldn't be any more of a threat to an airplane than any other laptop, and to single their users out really isn't all that helpful. All this ban will do is drive some customers to other airlines, where they'll carry their machines on unmolested. However, the original article does say the FAA is reviewing the safety of lithium batteries -- so maybe it won't just be Apple and Dell owners getting the special treatment.



Virtual Law (opportunity to create a truly trans-national virtual court?)

http://techdirt.com/articles/20060907/013138.shtml

If You Duplicate A Weapon In An Online World, Is It Copyright Infringement?

from the sort-this-sucker-out dept

It seems like we've had a bunch of stories recently about how the wild west of online virtual worlds is bleeding over into the real world courts. As we've said since these issues first came to light, it's a bad idea to take these disputes into a real court. Games need to figure out ways to deal with in-game issues in the game. Otherwise it raises all sorts of problematic legal situations (for example, if defrauding, robbing, killing others is a part of the game, then why is it a legal matter?). However, as each new case comes up, different legal issues are raised. The latest one is in China, where a couple years ago there was a lawsuit over a duplicate magic sword. When the game company realized the sword was an "illegal" duplicate, it deleted it. However, the scammer had already sold the duplicate sword, so the person who paid for it felt cheated and sued the gaming company. Again, it seemed like there were reasonable solutions to this within the game, and without resorting to court.

However, questions of duplicate magic swords in China are back on the discussion board today, as someone (anonymously) has pointed us to a case (which may actually be related to that original case) where three men have been tried for selling duplicate weapons in the game. Here's where it gets tricky, though. The men are being charged with copyright infringement. They made a bunch of copies of highly valuable in-game weapons, and were able to sell them for a profit of about $250,000. Apparently, this helped destabilize the world, as there were so many of these weapons which only the top players were supposed to possess. Still, this raises a number of interesting legal issues. Those involved aren't being charged with fraud, but copyright infringement -- which actually makes a little bit more sense, since they did make copies of digital goods they were unauthorized to copy and distribute. Still, again, it seems like an issue that should be solved within the game. The game can take away the weapons, and while that represents a loss to the players who paid for them, those players broke the rules in obtaining the weapons anyway. Also, we'd assume that since the game involves weapons, it's likely that players could lose weapons in a fight anyway -- so obtaining any such virtual good came with associated risks. Of course, after getting sued the last time the company deleted duplicate magic swords, perhaps they figured deleting these weapons would represent a huge legal headache.



Managing your email

http://digg.com/software/Use_Gmail_Generate_Unlimited_E_mail_Addresses

Use Gmail Generate Unlimited E-mail Addresses

feedmonster submitted by feedmonster 14 hours 45 minutes ago (via http://21st.blogspot.com/2006/09/use-gmail-generate-unlimited-e-mail.html )

Gmail has an interesting quirk where you can add a plus sign (+) after your Gmail address, and it'll still get to your inbox. It's called plus-addressing, and it essentially gives you an unlimited number of e-mail addresses to play with. Here's how it works:



Nicely geeky, but why?

http://digg.com/programming/RSS_2_PDF_Generator

RSS 2 PDF Generator

webtech submitted by webtech 18 hours 17 minutes ago (via http://rss2pdf.com/ )

RSS 2 PDF Is an online generator that will convert your RSS feeds, Atom or OPML into PDF files fast and easy. (with or without pictures).



http://www.linuxworld.com.au/index.php/id;1413724423;fp;4;fpid;3

Open source companies to watch

Jennifer Mears, Network World 04/09/2006 09:34:02

Open source software is a given in most enterprise data centers, so it's not surprising to see the ranks of open source companies and projects swell. It's not just Linux anymore - community-developed software is offering alternatives for everything from databases to application servers to network management to disaster preparedness. How do you know which open source approach is right for you? We've pulled out a few start-ups that you might not be familiar with, but we think should be on your radar.

Here are ten open source start-ups to watch:



Very nice!

http://digg.com/tech_news/See_your_website_in_30_different_ways_screenshots

See your website in 30+ different ways (screenshots)

pdesigns submitted by pdesigns 1 day 7 hours ago (via http://browsershots.org )

See how your site looks in various versions of Firefox, Internet Explorer, Safari, Netscape, Mozilla, Firebird, Dillo, Opera, Seamonkey, K-Meleon, Konquerer and more. Counted a total of 30 setups between Linux, Mac, and Windows. Also configurable to see your site in different resolutions. Too cool =)