Saturday, December 16, 2006

Clearly it can happen anywhere at anytime...

http://www.colorado.edu/news/releases/2006/437.html

CU-Boulder Reports Security Breach In College Of Arts And Sciences Advising Computer

Dec. 15, 2006

University of Colorado at Boulder officials today announced that a server in the campus's Academic Advising Center was the subject of a computer attack.

CU-Boulder officials said they had begun the process of notifying 17,500 individuals that their personal information - including names and Social Security numbers - might have been exposed in the attack. CU-Boulder officials are continuing to determine the extent of information exposed.

Employees with CU-Boulder's Information Technology Services office discovered the attack on Dec. 8 and, following CU guidelines, began an investigation to determine how the system compromise occurred.

"The hacker apparently entered the server through a Web page," [The University apparently saw no reason not to connect the web page to this highly sensitive information... Bob] said Todd Gleeson, dean of CU-Boulder's College of Arts and Sciences, which houses the Academic Advising Center. "The information exposed contained the names and Social Security numbers of students who attended CU-Boulder orientation sessions from 2002 to 2004. We do not presently have any evidence that the data were actually accessed or used, and we are notifying the students affected."

In 2005, CU-Boulder ceased using Social Security numbers as administrative identifiers for faculty, staff, students and administrators. [“Screw everyone else!” Bob]

... Students who wish to know more about how to deal with identity theft can visit a special CU Web site at www.colorado.edu/its/security/awareness/privacy/identitytheft.pdf.



Hey! You can't treat us like common citizens!” (I wonder what they are investigating, since they seem to know who sent the “racy e-mail.”) Any implications for “electronic discovery?”

http://www.al.com/newsflash/regional/index.ssf?/base/news-26/1166220599148850.xml&storylist=alabamanews

Morgan County officials balk at e-mail probe of hard drives

12/15/2006, 4:55 p.m. ET The Associated Press

DECATUR, Ala. (AP) — Morgan County's revenue commissioner locked her computer's hard drive in a vault and the sheriff denied access to his as some officials took issue with an e-mail investigation begun after a racy e-mail was forwarded to the mayor.

Revenue Commissioner Amanda Scott said personal information such as credit card numbers are on taxpayer records stored on hard drives.

County Commission Chairman pro tem Stacy George told The Decatur Daily in a story Friday that Sheriff Greg Bartlett had given different reasons for denying access. George said it changed from protecting homeland security information to protecting National Crime Information Center data.

George said the county's Emergency Management Agency director, Eddie Hicks, has homeland security information but did not buck the investigation.

"It looks suspicious when Mr. Hicks, who has all kinds of security information, is not worried about compromising information and the sheriff is," George said. [“If you're innocent, you have nothing to worry about!” Bob]

The commission called for an investigation after a racy e-mail was sent by the county's ex-human resources director, Jack Underwood, to Chairman John Glasscock, who forwarded it to Mayor Don Kyle. An attempt to exclude elected officials, department heads and political appointees from the probe was rejected by the commission.

Letters to George from various other officials and lawyers slowed the progress of a computer specialist hired by the commission to match the information on hard drives to information on the main server, which will show if erasures have occurred.

Probate Judge Bobby Day's attorney delivered a letter to George stating that Day did not mind the expert looking at e-mails on the main server but not on the probate office's hard drives. Day said certain records, such as adoptions, are not public.

Board of Registrars chairman Adonis Bailey sent George a letter stating the expert could look at information from that office on the server but not hard drives because she must protect voters' personal information, such as Social Security numbers.

Scott, who didn't send a letter, said she didn't mind the computer specialist looking at her hard drive in her office but she didn't want it copied and removed from the courthouse.

When Hannah and others went to get Bartlett's hard drive at the new jail complex, deputy Roger Smallwood told him that the sheriff would not release the hard drive.

"I am going to do whatever it takes to get Ms. Scott's hard drive and the sheriff's," George said.


Other articles add lots of spice, but no real understanding to this story...

http://www.decaturdaily.com/decaturdaily/news/061216/scott.shtml

E-mail scandal: Scott changes locks on office

By Sheryl Marsh smarsh@decaturdaily· 340-2437



Stupid programmer tricks... Policy should ensure that terminated employees can't access your computer system – or this could happen to you!

http://techdirt.com/articles/20061215/075239.shtml

Tip: When Leaving Your Job At An ISP, Don't Cancel All Its Customer Accounts

from the just-a-suggestion dept

It's no surprise that people who are leaving their jobs (especially to go work for a competitor) may have a certain dislike for their ex-employer -- but it's still amazing that people don't realize that attacking them isn't a particularly good idea. A former employee of a wireless ISP in Utah apparently logged back into the computers of his former employer (shame on them for leaving access open to the guy) and cutting off customer accounts by reprogramming customer access points. There are plenty of cases detailing similar attacks on former employers -- but it's amazing that these people don't expect to get caught. In this latest case, not only was the guy caught, he's now been sentenced to two years in jail. Still, there are some oddities here. Apparently after the guy turned off service for these customers, it took up to three weeks to reprovision some of them. That seems like an excessively long time -- though, if the company left their computer network open to a former employee who left on bad terms, perhaps they weren't the most technically savvy ISP out there.



Even in the virtual world, it's “Location, location, location!”

http://techdirt.com/articles/20061215/080551.shtml

Distance Does Matter On The Internet, Sometimes

from the speed-of-light-not-fast-enough dept

Along with many other physical constraints, the internet can make distance or location irrelevant. Things like telecommuting mean that companies don't necessarily have to go where their employees are, though change in this regard has been somewhat slow. It's true in the financial industry, as New York is slowly losing its role as the only place for a financial company to locate. The CEO of online broker Ameritrade once colorfully noted that his company could be located in Zimbabwe, and it wouldn't matter (it happens to be located in Omaha). But there are some financial companies, whose businesses are also completely electronic, that are finding a need to be close to the financial centers. Traders and funds, whose strategy it is take advantage of small arbitrage opportunities only available for an instant, have found that the milliseconds difference in trade execution time can make a big difference in terms of the effectiveness of their strategy. In fact, one building in New York that houses the main computer system for electronic trading is home to 40 companies that trade using this strategy. So while the internet can eliminate many physical constraints, the physical constraints on the internet itself can have a big impact for some lines of business.



If your strap breaks, resulting in the Wii destroying your new 60 inch plasma TV, you can get a new $3 strap absolutely free! (Think your homeowners policy covers it?)

http://www.infoworld.com/article/06/12/15/HNwiistraps_1.html?source=rss&url=http://www.infoworld.com/article/06/12/15/HNwiistraps_1.html

Nintendo to replace 3.2 million Wii straps

Nintendo made the move before any regulatory agency could step in

By Ben Ames, IDG News Service December 15, 2006

In an effort to duck criticism that its remote controllers can fly across the room when wrist straps break, Nintendo Co. Ltd. is offering free replacements for that part of its new Wii video gaming console.

Carefully avoiding the term "recall," Nintendo made the move before any regulatory agency could step in. The replacement could affect up to 3.2 million straps, according to the Associated Press. Nintendo did not return calls for comment.



Questions: What happens when they lose the data? Will the data be available to your heirs when you die?

http://www.eweek.com/article2/0,1759,2073628,00.asp?kc=EWRSS03119TX1K0000594

Berkeley Data Systems Unveils Unlimited Online Storage

By Chris Preimesberger December 15, 2006

Online data storage provider Berkeley Data Systems on Dec. 14 introduced Mozy Unlimited Backup, a new service that individuals can use to back up an unlimited amount of digital files—documents, photos, video —to a secure, multi-petabyte outside server.

The company offers the first 2GB of storage for no fee, and the unlimited backup—which includes an unlimited number of restores—costs $4.95 per month. Users may select month-to-month or annual payment plans.

Berkeley DS, based in American Fork, Utah, is making the unlimited storage offer available for individual users only at this time. The company expects to release a business version of the service in January.

"Since announcing our beta in April, we've grown to more than 100,000 users," said Berkeley DS founder and CEO Josh Coates.

... Mozy ("The name doesn't really mean anything, we just liked it," Coates said) now also offers consumers the option to order a copy of their data on DVD, shipped next-day air via FedEx.

Other features include private key encryption, custom backup scheduling, continuous backup options, bandwidth throttling, block level incremental backups, 30-day file version archives, support for files larger than 2GB, single-instance storage and automatic Microsoft Outlook file detection and backup.

Two-year-old Berkeley Data Systems has conducted more than 2.5 million backups in the past month alone. Currently, it has more than 450 million files stored in its high security center.

To sign up for the free 2GB storage, go here.



http://www.bespacific.com/mt/archives/013299.html

December 15, 2006

Nearly Half of our Lives Spent with TV, Radio, Internet, Newspapers

Press release: Nearly Half of our Lives Spent with TV, Radio, Internet, Newspapers, According to Census Bureau Publication, December 15, 2006.

  • "Adults and teens will spend nearly five months (3,518 hours) next year watching television, surfing the Internet, reading daily newspapers and listening to personal music devices. That’s only one of thousands of nuggets of information on Americana and the world in the U.S. Census Bureau's Statistical Abstract of the United States: 2007, released today."

Online and Buy-the-Book

"-- Among adults, 97 million Internet users sought news online in 2005, 92 million purchased a product and 91 million made a travel reservation. About 16 million used a social or professional networking site and 13 million created a blog. (Table 1139)
-- U.S. consumers are projected to spend $55.5 billion to purchase 3.17 billion books in 2007. (Tables 1118, 1119)"



Vive le frogs!

http://yro.slashdot.org/article.pl?sid=06/12/15/2234216&from=rss

HP's Windows Bundle Trouble

Posted by Zonk on Friday December 15, @07:21PM from the i'm-sorry-please-enter-your-option-again dept. HP The Courts Windows

narramissic writes "A French consumer group has filed 3 lawsuits against HP, saying the company's practice of selling consumer PCs with Windows pre-installed violates a French law that 'prohibits linking the functionality of a product to another product' — not to mention that consumers wind up paying for an unwanted OS. For its part, HP contends that it is not in violation of the law because the OS is integral to the PC. 'The PC without an OS is not a product because it doesn't work,' said Alain Spitzmuller, legal affairs director for HP France. 'We believe the market is for products that work.'"



Some people know how to corner a market, others how to corner a competitor...

http://linux.slashdot.org/article.pl?sid=06/12/15/2055259&from=rss

Novell/Microsoft Deal Punishment for SCO?

Posted by Zonk on Friday December 15, @04:56PM from the stranger-things-have-happened dept.

An anonymous reader tipped us off to an article on the Information World site looking at the Novell/Microsoft deal from a new angle. Article author Tom Yager is of the opinion that the deal is Microsoft's punishment for throwing in with SCO. The very public announcement was made, in his opinion, as a stopgap measure against a future lawsuit on Novell's part.

From the article: "Novell has exhibited the patience and cunning of a trap door spider. It waited for SCO to taunt from too short a distance. Then Novell would spring, feed a little (saving plenty for later), inject some stupidity serum, and let SCO stride off still cocksure enough to make another run at the nest. That cycle is bleeding SCO, which was the last to notice its own terminal anemia. When it became clear that SCO wouldn't prevail, Microsoft expected only to face close partner IBM. Microsoft did not brace for Novell, an adversary with a decades-long score to settle with Redmond. Through discovery, Microsoft's correspondence with SCO is, or soon will be in, Novell's hands, and it's a safe bet that it will contain more than demand for a license fee and a copy of a certified check."



It is obvious, but no one would believe it until Harvard studied it.

http://hbswk.hbs.edu/item/5567.html

The Business of Free Software: Enterprise Incentives, Investment, and Motivation in the Open Source Community

Authors: Marco Iansiti and Gregory L. Richards Published: November 2006

Executive Summary:

IBM has contributed more than $1 billion to the development and promotion of the Linux operating system, and other vendors such as Sun are ramping up open source software efforts and investment. Why do information technology vendors that have traditionally sold proprietary software invest millions of dollars in OSS? Where have they chosen to invest, and what are the characteristics of the OSS projects to which they contribute? This study grouped OSS projects into clusters and identified IT vendors' motives in each cluster. Key concepts include:

* Cluster 1, the "money-driven cluster," consisted of projects that have received almost all of vendor investments. The eighteen projects in this cluster have received over $2 billion in investment.

* Cluster 2, the "community-driven cluster," has a large number of projects that have received almost no vendor investment. IT vendors have generally ignored projects in this cluster and appear to have no coordinated strategy for dealing with them.

* Examining the impact of projects in both clusters shows that vendors have not invested uniformly in high-impact OSS projects. Instead, vendors invest in projects that can serve to draw revenues to their own (largely proprietary) core business.



-.. .- -- -. // / .- -. --- - .... . .-. / ... -.- .. .-.. .-.. / --- -... ... --- .-.. . - . -.. //

http://science.slashdot.org/article.pl?sid=06/12/16/0915202&from=rss

FCC Drops Morse Code Requirement

Posted by Zonk on Saturday December 16, @05:18AM from the end-of-an-era dept.

leighklotz writes to mention a story discussing what some might consider a historic event. The FCC has dropped the Morse Testing requirement for amateur radio certifications. The public announcement was made on Friday. Ham radio operators will no longer have to study Morse, in a move patterned after other western nations. Says leighklotz: "The U.S. joins Canada and other countries in eliminating the morse code testing requirement, after being authorized to do so on July 5, 2003, when the World Radio Telecommunications Conference 2003 in Geneva adopted changes to the ITU Radio Regulations."



He said it, I didn't.

http://www.thestar.com/NASApp/cs/ContentServer?pagename=thestar/Layout/Article_Type1&c=Article&cid=1165705809111&call_pageid=968867495754

A generation is all they need

One day we will all happily be implanted with microchips, and our every move will be monitored. The technology exists; the only barrier is society's resistance to the loss of privacy

Dec. 10, 2006. 08:46 AM KEVIN HAGGERTY SPECIAL TO THE STAR



http://www.heise-security.co.uk/articles/82481

Know-how 15.12.2006 14:46 Jürgen Schmidt

The hole trick

How Skype & Co. get round firewalls

Peer-to-peer software applications are a network administrator's nightmare. In order to be able to exchange packets with their counterpart as directly as possible they use subtle tricks to punch holes in firewalls, which shouldn't actually be letting in packets from the outside world.

Friday, December 15, 2006

I'm not certain the data was on the laptop, but might have been in a briefcase with the laptop... Again the question: Why did the nurse have all these records if the data is available only on the server?

http://www.longmontfyi.com/Local-Story.asp?id=12861

SVVSD students' info with stolen laptop

By Victoria A.F. Camron The Daily Times-Call Publish Date: 12/14/2006

LONGMONT — Information identifying as many as 600 St. Vrain Valley School District students whose health care is paid by Medicaid was stolen with a school nurse’s laptop computer last month, a school district spokesman said Wednesday.

The paper records included students’ names and dates of birth; the names of their schools and what grade they are in; the students’ Medicaid numbers; and their parents’ names, said John Poynton, district spokesman.

No medical information was lost, he said. [Does this mean they have backup copies, or that none was stolen? Bob]

... Determining whose names were on the list was “a big part of the delay” [“Oue data is out of control “ Bob] in letting families know of the theft, Poynton said. The nurse’s list included only the names of students at schools where she worked, but Poynton said he did not know what those schools are.

Poynton said he was told no one can access students’ medical records with their Medicaid numbers.

No information was on the computer’s hard drive because the laptop was used only to access the school’s computer network, Poynton said. The district’s information technology staff was able to access the laptop remotely and change its password, [...what else should they have done? Bob] so that information should be protected, he said.



Did you ever notice that the number of people impacted by an organization's loss of data seems to grow over time? Perhaps this indicates that they don't actually know what information was stored on the target computer, or perhaps they think if they downplay the numbers no one will realize how badly they screwed up?

http://www.wfaa.com/sharedcontent/dws/news/localnews/stories/DN-utdhack_14met.ART0.North.Edition1.3eb1c28.html

UTD computer hack worse than feared

Campus officials now say 6,000 at risk of identity theft

12:00 AM CST on Thursday, December 14, 2006 By HOLLY K. HACKER / The Dallas Morning News

The University of Texas at Dallas said Wednesday that more people may be affected by a computer attack than first believed, raising the total to 6,000 current and former students, faculty, staff and others.



Managers can “consider themselves reprimanded” employees get fired. “'Cause managers aren't responsible for controlling the actions of their employees...”

http://blog.seattlepi.nwsource.com/aerospace/archives/109668.asp

Boeing fires employee whose laptop was stolen

The Boeing Co. has fired an employee whose laptop computer was stolen, prompting concerns about the security of private information on about 382,000 workers, mostly retirees.

Read this P-I account about the theft:

Here is a memo sent to Boeing employees Thursday by Boeing Chief Executive and Chairman Jim McNerney:

This message is being sent to all employees from Jim McNerney, Boeing chairman, president and CEO.

I've received many emails over the past 24 hours from employees expressing disappointment, frustration and downright anger about yesterday's announcement of personal information belonging to thousands of employees and retirees being on a stolen computer. I am just as disappointed as you are about it. And while I can't respond to each individual message I've received, I want you to know how serious I am about this matter and what we are doing about it.

First of all, this latest incident resulted from a clear violation of our data-protection policy. We have very strict and clear policies and procedures about how employee information is handled. An employee, despite proper training, failed to comply with those requirements and as a result is being dismissed from the company. I also believe strongly that management must be held accountable when repeated failures like this occur, so the employee's management chain will be reprimanded.

Our investigations and security teams have been working hard with law-enforcement officials to investigate this crime. Based on what we know at this point, we believe this incident was the result of petty theft, not an attempt at identity theft. However, as our communications yesterday described, we have put in place a series of actions that assumes the worst case. We are doing everything humanly possible to recover the laptop and our data, and see that an incident like this doesn't happen again. Rick Stephens and his Human Resources team will keep you informed as the investigation continues.

I know that many of us feel that this data loss amounts to a betrayal of the trust we place in the company to safeguard our personal information. I certainly do. When a similar theft occurred last year, Boeing implemented an aggressive, multi-phased plan to better safeguard employee information. But the best policies, procedures, encryption software and awareness-raising in the world can't force people to use them. It's a matter of leadership and individual responsibility. Cutting corners is never acceptable--especially when the trust of the whole team is at stake.

We know all too well--and see again now--that the actions of just one person can have a tremendous impact on our entire Boeing team. No one chooses to be the victim of a theft. But we can choose to protect ourselves and our co-workers. I firmly believe that Boeing is taking the right steps toward preventing the loss of sensitive data from happening again. But to ensure that all Boeing-sensitive information is safe--even in the event of theft--each and every one of us must actually follow the policies and procedures and use the tools available to protect information.



http://www.heraldsun.com/durham/4-799583.cfm

Students accused of hacking Durham Public Schools database

BY BRIANNE DOPART : The Herald-Sun bdopart@heraldsun.com Dec 14, 2006 : 11:46 pm ET

DURHAM -- Two Riverside High School students are accused of hacking into the Durham Public Schools computer database and downloading the Social Security numbers and personal information of thousands of school employees, the Durham Sheriff's Office said Thursday.

School system officials said two members of a computer class discovered a breach in the security protecting the DPS computer database and gained access through it while performing a class assignment. [I doubt it was a hacking class, so the “security flaw” must have been pretty obvious... Bob] The breach has since been plugged and no longer poses a threat to the system's security, said Nancy Hester, DPS associate superintendent of support services.

She said the information was never at risk of being accessed by anyone outside the school system. [However, it was accessed by unauthorized, non-employees with no legitimate reason to access the data. Bob]

Durham County Sheriff's deputies searched the home of an unidentified minor and the Knollwood Drive home of the Neplioueva family after being told about the breach by Riverside High School officials. Contacted for comment by The Herald-Sun Thursday, the latter boy's mother, Valentina Neplioueva, said she had been advised by her attorney not to speak about the investigation until further notice.

The latter boy's adult sister, Tatyana Neplioueva, said her 15-year-old brother and his classmate reported the breach to their teacher shortly after finding it [“We'll never make that mistake again!” Bob] and downloading the supposedly secure information.

Durham Public School officials said the teacher of the class immediately reported the boys' findings to the schools information technology specialists, who went to Riverside High School to meet with the boys to see how they had gotten through security to access the highly sensitive information.

The next day, the boy's father, Igor Neplioueva, returned home to find his son being interrogated by deputies, according to the boy's sister. Deputies searched the boy's home and seized the family's computers and related data-storage devices belonging to the boy's parents, she said.

When the boy returned to school, he was placed in in-school suspension, she added.

"I think it's ridiculous. He was doing the school a service and now they're punishing him," [“Hey, we gotta make it look like it ain't our fault!” Bob] she said.

School officials acknowledged the boys were forthright in their explanation to their teacher about discovering the breach. School board member Kirsten Kainz said she'd learned of the discovery and felt the students were "smart and honest boys."

DPS official Hester said the school system felt the boys "hadn't done anything wrong" [see previous sarcastic comment Bob] but contacted the Sheriff's Office out of concern for the safety of school employees' identity information.

Charles Douglass, executive director of technical services for the school system, said the hole would have only been accessible to individuals who already had a password to gain access to the school's computers, such as students and employees. [“Anything our employees can access our students can access too. We got no secrets.” Bob] Firewalls, which are barriers that prevent outside individuals from gaining access to a network's protected information, prevent [“slightly reduce” Bob] the possibility of other hackers from accessing the data, he added.

Despite Douglass' claim and the fact that Douglass and Hester said the boys only accessed the data through the school's password-protected computers, Sheriff's deputy Lt. Will Rogers said he believed the boys accessed some of the information via their home computer, which is why, he said, the computers were seized. [Given that the school apparently has no clue how to manage their system, I think the police are smart to take their “claims” with a grain of salt. Bob]

Attempts to reach DPS Superintendent Carl Harris, school board members Minnie Forte, Steve Schewel, Steve Martin, Heidi Carter, Omega Parker and Fredrick Davis, and Riverside principal Jim Key regarding the security breach were unsuccessful Thursday.



A sad, but quite believable story...If you have security responsibilities, you should read the article carefully.

http://it.slashdot.org/article.pl?sid=06/12/14/1917222&from=rss

MySpace Users Have Stronger Passwords Than Corporate Employees

Posted by Zonk on Thursday December 14, @03:36PM

from the hardly-surprising dept. Security The Internet

Ant writes "A Wired News column reports on Bruce Schneier's analysis of data from a successful phishing attack on MySpace, and compares the captured user-passwords to an earlier data-set from a corporation. He concludes that MySpace users are better at coming up with good passwords than corporate drones."

From the article: "We used to quip that 'password' is the most common password. Now it's 'password1.' Who said users haven't learned anything about security? But seriously, passwords are getting better. I'm impressed that less than 4 percent were dictionary words and that the great majority were at least alphanumeric. Writing in 1989, Daniel Klein was able to crack (.gz) 24 percent of his sample passwords with a small dictionary of just 63,000 words, and found that the average password was 6.4 characters long."



Okay, it's government conspiracy time! If this is true...

http://digg.com/business_finance/U_S_Mint_makes_law_against_MELTING_pennies_and_nickels

U.S. Mint makes law against MELTING pennies and nickels

parislemon submitted by parislemon 17 hours 20 minutes ago (via http://money.cnn.com/2006/12/14/news/melting/index.htm?section=money_topstories )

"The U.S. Mint has implemented a law against melting down pennies and nickels which, at current metal prices, could be worth more as metal than as currency. The new regulations authorize a fine of up to $10,000, or imprisonment of up to five years, or both, against violators."


...will the government issue each citizen a “free” electronic device that can be used to replace all that “pocket change?” The fact that it could also become your Social Security card, national ID, Drivers License, portable health record, GPS locater, etc. is purely coincidental...

http://news.com.com/2100-1039_3-6143975.html?part=rss&tag=2547-1_3-0-5&subj=news

Cingular turns cell phones into wallets in N.Y. trial

Company tests new service that will let Nokia phones be used in stores that accept MasterCard's PayPass contactless payment cards.

By Marguerite Reardon Staff Writer, CNET News.com Published: December 14, 2006, 5:01 PM PST

Some Cingular Wireless cardholders in New York City will be testing a new service that allows them to make purchases with their cell phones.



Think you have something to say? You might as well get paid for it! (Starving students take note: You might as well publish those papers you worked so hard on...)

http://mashable.com/2006/12/14/19-ways-to-make-social-sites-pay/

19 Ways To Make Social Sites Pay

December 14, 2006 Pete Cashmore

With the top YouTube users becoming paid shills for Coke, and the top Diggers being accused of taking ‘cash for Diggs‘, it seems that the users of social sites are looking to be rewarded for their efforts. In fact, there are already plenty of services that will pay you for your participation. Here are nineteen of the best, plus a few bonuses.

Thursday, December 14, 2006

Perspective?

http://techdirt.com/articles/20061213/100038.shtml

Once, Twice, Three Times A Loser... Wait, Make That Four

from the when-you're-in-a-hole-stop-digging dept

Last November, we wondered exactly why a Boeing employee was carrying around a laptop containing the names, birth dates, Social Security numbers and bank account info of 161,000 thousand current and former employees. That laptop was, of course, stolen. That breach didn't seem to teach the company anything, as five months later, another laptop was stolen, though it had info on "only" 3,600 workers. Another one was stolen from an employee's home last month, containing info on 762 people. But, in a remarkable show of stupidity hardheadedness, Boeing says a laptop containing the information of a staggering 382,000 current and former employees was stolen from an employee's car earlier this month. It's hard to know where to start here, but obviously Boeing deserves a lot of criticism for allowing this to happen three times, which is just ridiculous. It's still completely unclear why an employee needs to be carrying this sort of information around, but even more mind-boggling is after being bitten the first time, Boeing didn't put a stop to it. More perplexing still is why the company allowed it to go on after the second incident -- or the third. The company says it will make the standard offer of credit monitoring for three years to those whose data was lost, which really means little. Boeing's repeated loss of personal information once again highlights how little motivation companies have to protect this information, given the lack of liability they apparently enjoy and the toothless punishments they receive (if any) for the leaks. Above all, the fundamental question remains: what good reason is there for a company to allow this sort of information to be carried around on a laptop, given the obvious risk such activity invites? Boeing, we're all ears.



Read this!

http://www.bespacific.com/mt/archives/013283.html

December 13, 2006

Gartner Releases 10 IT Predictions for 2007 and Beyond

Press release: Among the predicitions, is the following - "Blogging and community contributors will peak in the first half of 2007. Given the trend in the average life span of a blogger and the current growth rate of blogs, there are already more than 200 million ex-bloggers. Consequently, the peak number of bloggers will be around 100 million at some point in the first half of 2007."



Why do you think this is so?

http://www.bespacific.com/mt/archives/013288.html

December 13, 2006

Internet Users Increasingly Turn to Online House Hunting

Pew Internet & American Life Project: "For Americans on the move, the Internet is becoming an increasingly important resource for researching housing options. The number of online house hunters has increased by two thirds since March 2000. On average, more than three million Internet users are online on any given day searching for a new place to live."



This is not the first time we've seen this. Makes you wonder what he does with those cameras when he is home... Did his wife know they were there?

http://news.yahoo.com/s/nm/20061213/od_nm/brazil_odd_camera_dc

Man in Germany stops Brazil robbery via Internet

Wed Dec 13, 9:38 AM ET

A Brazilian businessman traveling in Germany watched by live video as a burglar robbed his house on the other side of the Atlantic Ocean in Brazil.

He alerted the police, who rushed to the house and arrested the robber as he was trying on his clothes.

The businessman, Joao Pedro Wettlauser, was in Cologne this weekend when he received an alert on his cell phone from the security system in his beach house in Guaruja in Sao Paulo state, police said on Tuesday.

He logged on to his laptop and via the Internet saw live images of the burglar at work. He then phoned his wife, who was not at the house but called the local police.

"She told us the details about the thief and where in the house he was as we surrounded the house," police officer Americo Rodrigues told Reuters.

The burglar used a ladder to break into the house. When the police entered, he had a pile of goods such as the stereo system in the kitchen ready to be taken away, Rodrigues said.

"He was surprised when realized he was being seen by cameras connected to the Internet," Rodrigues said.



http://hosted.ap.org/dynamic/stories/T/TECHBIT_WIRED_COLLEGES?SITE=VALYD&SECTION=HOME&TEMPLATE=DEFAULT

Dec 13, 4:16 PM EST

Villanova Heads Most-Wired College List

By JUSTIN POPE AP Education Writer

BOSTON (AP) -- Villanova University is higher education's high-tech hotspot, claiming the No. 1 ranking in a new list of "Top 20 Wired Colleges."

The school, in suburban Philadelphia, tops the Massachusetts Institute of Technology and Indiana University in the rankings, a joint project of PC Magazine and The Princeton Review, a college advising and test-prep company.

About 240 colleges responded to the survey, which asked about such topics as availability of online learning, faculty computer training, music downloading policies, and hardware and software provided to students.

At Villanova, first-year students are given laptops - and replacements after their sophomore year. Nursing students get personal digital assistants, and engineers get tablet PCs. Over the Internet, students can register for classes, download lectures, take exams and get grades. Tech-support calls are guaranteed a response within 24 hours.

No. 2 MIT boasts its own operating system and open courseware available via the Web to educators and students around the world. No. 3 Indiana boasts the country's fastest university-owned supercomputer and largest disk-based storage facility.

Those schools were followed by Swarthmore College in Pennsylvania and Creighton University in Nebraska, the University of Illinois at Urbana-Champaign, Michigan Technological University, University of Southern California, Quinnipiac University in Connecticut and the University of Oklahoma.

The list and profiles appear in the PC Magazine issue hitting newsstands Dec. 26 and on its Web site on Saturday.



For you Patent Lawyers, a question: If Google is better at this that the patent office, will the government close that office to save taxpayers money?

http://digg.com/tech_news/Google_Patent_Search

Google Patent Search

breezy submitted by breezy 11 hours 27 minutes ago (via http://www.google.com/patents )

As part of Google ’s mission to organize the world’s information and make it universally accessible and useful, we’re constantly working to expand the diversity of content we make available to our users. With Google Patent Search, you can now search the full text of the U.S. patent corpus and find patents that interest you.



http://digg.com/tech_news/If_You_Can_Hum_It_Nayio_Might_Find_It

If You Can Hum It, Nayio Might Find It

charbarred submitted by charbarred 22 hours 21 minutes ago (via http://www.webware.com/8301-1_109-9667815-2.html?part=rss )

This morning, the music software and remixing company Nayio is launching its Humming Search feature in the U.S. This tool is supposed to be able to identify songs by listening to you hum a few bars.

Wednesday, December 13, 2006

Why do employees or vendors have all these sensitive records on their laptops? Does no one even contemplate an alternative?

http://seattlepi.nwsource.com/local/295769_boeing13.html

Boeing laptop stolen -- 382,000 IDs lost

Past and present employees at risk of being targeted

By AMY ROLPH P-I REPORTER Wednesday, December 13, 2006

A laptop with personal information on hundreds of thousands of Boeing Co. employees was stolen earlier this month, and the aerospace company will inform those potentially affected by the theft in a company e-mail today.

"In the first week of December, a laptop was stolen from an employee's car," Boeing spokeswoman Kelly Danaghy said. "That laptop had files that contained Social Security numbers for about 382,000 past and present employees, and in most cases it also included a home address, phone number and date of birth."

There was no reason to believe that any of the stolen information has been used illegally, she said.

It was unclear Tuesday whether the data was encrypted. [“We just don't know what our employees do...” Bob] No banking or credit card information was stored in those files, but the company will provide free three-year credit monitoring for employees whose personal information was compromised.

... This isn't the first time the theft of a laptop has compromised security for Boeing employees.

In April, the personal information of about 3,600 employees was compromised when a laptop was taken from a Boeing human resources employee at an airport. In November 2005, a similar theft put the personal data of about 161,000 employees in jeopardy.

... In reports about previous thefts, the company has said it has more than 75,000 laptops, and that about 250 were stolen last year. [Actually, pretty good. Bob]

... Even before the latest laptop theft, Boeing was planning to implement a policy that all company computers have encryption software installed on them, Danaghy said. The company also is looking at finding a way to identify employees other than by using their Social Security numbers.



http://www.daytondailynews.com/n/content/oh/story/news/local/2006/12/12/ddn121206aetnaweb.html

ID info of 130,000 Aetna customers at risk

By Anthony Gottschlich Staff Writer Tuesday, December 12, 2006

DAYTON — A lockbox holding personal information on approximately 130,000 Aetna health insurance members was stolen Oct. 26 when thieves broke into an office building occupied by an Aetna vendor, Aetna officials said Tuesday.

The lockbox, housed by Naperville, Ill.-based Concentra Preferred Systems, contained computer backup tapes of medical claim data for Aetna and several other Concentra health plan clients, Aetna spokeswoman Cynthia Michener said.



http://charlotte.bizjournals.com/dallas/stories/2006/12/11/daily16.html

Data of UT Dallas students, staff potentially stolen

Dallas Business Journal - 2:51 PM CST Tuesday by Jaime S. Jordan Web Editor

The University of Texas at Dallas discovered over the weekend that social security numbers and other sensitive information relating to 5,000 students, faculty members and staff may have been exposed by a computer network intrusion.

Phone numbers, e-mail addresses and home addresses also may have been exposed.

... Daniel said the university believes the hacker attack came from the outside using the Internet, but because the investigation is ongoing he declined to talk about the particulars.

... Daniel said anyone concerned about the potential release of their information can go to the university's Web site, www.utdallas.edu/datacompromise/form.html, and university officials will check their names against a master list and contact them. [That's a new approach... Bob]

... The UT Dallas breach is not the first breach of university data the University of Texas System has seen this year.



http://www.rfidjournal.com/article/articleview/2885/1/1/

DHS Privacy Committee Finalizes Report on RFID IDs

DHS Secretary Michael Chertoff will soon receive the 15-page advisory report, which the coauthors hope will impact the U.S. government's approach to incorporating RFID technology in identification documents.

By Mary Catherine O'Connor

Dec. 12, 2006—A revised version of a report from the Data Privacy and Integrity Advisory Committee, a subcommittee of the Privacy Office of the U.S. Department of Homeland Security (DHS), was cleared for publication at a Dec. 6 meeting of the committee in Miami Beach, Fla. The report, titled "The Use of RFID for Human Identification," will now be sent to DHS Secretary Michael Chertoff, as well as the DHS's chief privacy officer, Maureen Cooney.

... The original version of the report, written by the committee's Emerging Applications and Technology Subcommittee, was presented to the full Advisory Committee on June 7, 2006, at a public meeting in San Francisco (see DHS Meeting Draws Comments on RFID). At the time, it received a chilly reception by many representatives from companies selling RFID technology used in identification and credential applications, as well as from technology industry groups, because it came down hard on the use of RFID in identity documents. "We recommend that RFID be disfavored for identifying and tracking human beings," the draft report indicated, citing concerns over the skimming of personal data transmitted over a radio frequency signal, the cost of implementing RF technology and the existence of other authenticating technologies that could be used instead.

The final version of the report comes to a similar conclusion, according to coauthor Jim Harper, a director of information-policy studies for the Cato Institute, though its language has been softened. "I think a lot of the language was toned done, and a lot of assumptions that I feel strongly are true...were left out for the sake of congeniality," he says. One example he points to is the removal of most descriptions of RFID in identity documents as being "a tracking technology." Still, he says, there are no "recognizable substantive changes" to the latest version.

But in his reading of the latest report, Douglas Farry, a managing director and chair of the RFID practice at McKenna Long & Aldridge, a nationwide law firm focusing on the intersection of public policy and technology, sees a more pronounced change in the final draft. "It seems to be a better position than the initial draft, in that the initial draft concluded that the potential benefits [of using RFID in identity documents] were more than outweighed by the potential risks to personal privacy [that the technology presents]. But that's toned down. Now it says that if the DHS is going to use an RFID system, it should do so thoughtfully and carefully."



http://www.pogowasright.org/article.php?story=2006121214383030

Four million UK users hit by ID theft

Tuesday, December 12 2006 @ 02:38 PM CST - Contributed by: anonadmin - Non-U.S. News

Figures released by Sainsbury's Bank have shown that 4.1 million Britons have fallen victim to identity theft. The research, carried out by Taylor Nelson Sofres, polled over 1,000 UK residents and found that nine per cent claimed to have had their identity stolen at some point.

Source - vnunet.com, via fergie's tech blog


http://www.lse.co.uk/ShowStory.asp?story=CA1232073U&news_headline=500000_brits_are_victims_of_cyberstalking

500,000 Brits are victims of cyberstalking

Wednesday, 13th December 2006, 07:35 Category: Crime and Punishment

More than half a million Britons have been victims of cyberstalkers and the problem will get worse because of internet dating and sites such as Myspace and Friends Reunited, it was claimed today.

... The survey of 2,353 adults showed that the most common forms of cyberstalking were abusive emails (49 per cent), defamation of character through websites and message boards (37 per cent), and online stalking leading to telephone harassment and even harassment in person (14 per cent).

... He said: "I think it's the same sort of harassment that people will do offline, but it becomes easier to do from behind a computer screen. [Ain't technology wonderful? Bob]

... However, 75 per cent of victims have never reported the crime because of uncertainty over whether it is actually a crime (30 per cent), fear that police would not take them seriously (24 per cent) or because they blame themselves for revealing their personal details online (25 per cent).



Careful! When I try to access this PDF, it crashes the Adobe Reader...

http://www.bespacific.com/mt/archives/013276.html

December 12, 2006

Hurricane Katrina OIG Audit of Defense Information Systems Agency Continuity of Operations

D-2007-031: The Effects of Hurricane Katrina on the Defense Information Systems Agency Continuity of Operations and Test Facility (12/12/2006)( D2005-D000AS-0310.000).



Just another reminder that you can't rely on ignorance – change the default passwords on your applications!

http://digg.com/security/Default_Password_List_3

Default Password List

cspaid submitted by cspaid 17 hours 40 minutes ago (via http://www.phenoelit.de/dpl/dpl.html )

Updated today :) Enjoy



This is interesting. Would this apply if I got all excited about a product or service of employer and raved about it online? How would my employer know?

http://www.washingtonpost.com/wp-dyn/content/article/2006/12/11/AR2006121101389.html

FTC Moves to Unmask Word-of-Mouth Marketing

Endorser Must Disclose Link to Seller

By Annys Shin Washington Post Staff Writer Tuesday, December 12, 2006; D01

The Federal Trade Commission yesterday said that companies engaging in word-of-mouth marketing, in which people are compensated to promote products to their peers, must disclose those relationships.

... Though no accurate figures exist on how much money advertisers spend on such marketing, it is quickly becoming a preferred method for reaching consumers who are skeptical of other forms of advertising.



Justice! (...and I suspect these may be “easy pickings” where the company has hopes of a good reputation.)

http://www.consumerist.com/consumer/complaints/florida-sues-aol-and-wins-221333.php

Florida Sues AOL And Wins

The Florida Attorney General successfully sued America Online for their abusive customer billing practices. The State's Attorney office received over 1,000 consumer complaints about cancellation requests being ignored, erroneous charges and unauthorized account reactivations.

All Floridians who filed a complaint with the AG's office are eligible to take part in the settlement. Visit Myfloridalegal.com for more info.

Tuesday, December 12, 2006

Some organizations can't hold the news until Friday...

http://www.latimes.com/news/local/la-me-ucla12dec12,0,7111141.story?coll=la-home-headlines

Major breach of UCLA's computer files

Personal information on 800,000 students, alumni and others is exposed. Attacks lasted a year, the school says.

By Rebecca Trounson Times Staff Writer December 12, 2006

In what appears to be one of the largest computer security breaches ever at an American university, one or more hackers have gained access to a UCLA database containing personal information on about 800,000 of the university's current and former students, faculty and staff members, among others.

UCLA officials said the attack on a central campus database exposed records containing the names, Social Security numbers and birth dates — the key elements of identity theft — for at least some of those affected. The attempts to break into the database began in October 2005 and ended Nov. 21, when the suspicious activity was detected and blocked, the officials said.

... He said the problem was spotted when computer security technicians noticed an unusually high number of suspicious queries to the database. It took several days for investigators to be sure that it was an attack and to learn that Social Security numbers were the target, he said.



Oh, good.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=privacy&articleId=9005860&taxonomyId=84

Veterans Affairs CIO: We're more secure

Grant Gross December 11, 2006 (IDG News Service) WASHINGTON --

The U.S. Department of Veterans Affairs is "pretty confident" the agency will not have another large data breach like the one in May that could have exposed the personal records of 26.5 million military veterans and family members, the agency's CIO said today.

The VA has taken several steps to improve its security since the breach, said Robert Howard, who was appointed the VA's assistant secretary for information and technology just days before a VA laptop and hard drive were stolen from an employee's home.

... A major cybersecurity concern is employees "not thinking" about risks, and the VA is working to educate workers, Howard said. "What leaps right out at you is employee carelessness," he said. "We've all been there."

... But the VA has made several changes, including encryption on laptops not directly used for medical procedures, Howard said. The breach "was a real eye-opener, for government and probably for industry as well," he said. "We're encrypting everything in sight."



Towards a “Best Practices” world?

http://www.infosecwriters.com/texts.php?op=display&id=524

Information Security as a Business Practice

by John Enamait on 11/12/06

This article addresses the role information security plays in an organization. Historically, organizations have deemed information security to be an information technology issue, one that the business as a whole did not need to address. Organizations have also treated information security as an add-on feature, almost an afterthought. Information security must become ingrained into the culture of the organization to ensure security compliance in all facets of the company. Organizations that are beginning to mature with information security may choose to investigate and implement established systems that support information systems. Systems such as ITIL and ISO/IEC 17799 can be used as a foundation for the development of a sound information security process. Regardless of how organizations approach information security, they must begin to envision information security as an overall business problem. If organizations can embrace the cultural change and embrace information security in all aspects of a business, information security will become a well established practice that is followed by all.

This document is in PDF format. To view it click here.



How could one prove that this didn't happen? Could this be used to make everyone look like a terrorist? (see next article)

http://lauren.vortex.com/archive/000203.html

December 11, 2006

How Pop-Ups Could Brand You a Pervert or Crook

Greetings. A New York Times article today explores the problem of Web-based "pop-up" ads being used to artificially inflate Web traffic.

I'd like to point out a potentially much more serious problem related to pop-ups that can access arbitrary Web sites -- they could be used for purposes that could get innocent Web users into major legal problems.

The issue of sites triggering unsolicited access to other sites is not new. In a message over a year ago ("Google's new feature creates another user privacy problem"), I discussed how Google's triggering of top item "prefetch" in returned search results could result in Firefox browsers visiting the referenced site -- and collecting any associated cookies -- without users' knowledge (I also suggested ways to prevent this behavior).

The essential problem is that Web logs that record users' access to sites would record such visits as if they had been voluntarily initiated by those users. If those destinations happen to be sites with various forms of "illicit" materials that could be the subject of government or other investigations that would go digging through associated access logs... well, you can imagine the possible complications.

Google's prefetch behavior is an example of a well-intended feature with unfortunate negative side effects.

On the other hand, the sorts of nefarious pop-ups described in the NYT piece have much greater potential for intentionally serious sorts of damage, since they can be far more flexible and directed than simple Web prefetches, and so could put innocent consumers at even greater risk. They might not only access pages that could get people arrested (perhaps c-porn?), but also download files that could trigger RIAA and/or MPAA "automatic" lawsuits, or any number of other nightmare scenarios.

It's fair to ask why anyone might want to set loose such technical monsters on innocent victims. The simple answer is that there are quite a few people out there who just want to score a point -- to prove that they can do it -- plus of course the sick minds who enjoy watching other people suffer.

If nothing else, this specter is yet another reason to block all pop-ups routinely and to disable browser prefetch as appropriate. Most of all it is a reminder to authorities that just because particular entries are present in subpoenaed Web logs, does not necessarily mean that they are accurate representations of user intent. In many cases you may actually be looking at victims, not perpetrators.


...but the intelligence agencies are too sophisticated for that kind of red herring to influence their analysis, right?

http://techdirt.com/articles/20061211/192511.shtml

State Department Googles To Create Banned Iranians List

from the the-Google-spies dept

It appears our government intelligence agencies are still a bit confused about this whole internet thing. A few months ago, we noted that the FBI lost a lawsuit after a judge was shocked that FBI agents didn't do a simple Google search in trying to figure out if someone was still alive. Then, last week, we noted that our intelligence agencies were starting to make use of the tools of social applications, but not necessarily the community of people out there. However, when the CIA turned down a State Department request for names of Iranians who deserve to be sanctioned for their work on Iran's nuclear program, the State Department set up a junior employee to go about Googling things like "Iran and nuclear" to come up with a list. After some cutting down the list, the CIA eventually approved a small list of people, but it still seems bizarre to think that the best way to determine dangerous people is to do a simple Google search. That isn't to say that the intelligence community shouldn't be using tools like Google. Obviously, they should be using them quite a lot -- but that doesn't mean it's right for everything: such as figuring out the best list of people to sanction over a clandestine nuclear weapons program.




Okay, we've seen this survey question answered many times, here's a new question: If you give someone this personal information, what do you expect them to do with it?

http://www.econtentmag.com/Articles/ArticleReader.aspx?ArticleID=18781

Consumers Willing to Trade Privacy for Personalization, Survey Says

Posted Dec 12, 2006

More consumers are willing to provide information about themselves to providers they trust in exchange for a personalized online experience, according to The 2006 ChoiceStream Personalization Survey.

According to the survey, the number of consumers willing to provide demographic information in exchange for a personalized online experience has grown over the past year, increasing 24% to a total of 57% of all respondents. The Survey also finds an increase in the number of consumers willing to allow websites to track their clicks and purchases, increasing 34% from the previous year. However, the results show no significant decline in the number of consumers concerned about the security of their personal data online, with 62% expressing concern in 2006 vs. 63% in 2005.

... The Survey results also find that interest in personalization is spreading beyond the desktop to consumers' television and mobile screens. Overall, 45 % of survey respondents are dissatisfied with their current onscreen TV program guide because it takes too long to scroll through to find programming of interest. Forty-seven percent expressed interest in receiving a personalized guide to solve this problem by helping them find shows and movies that match their tastes and interests.

... A Research Brief providing detailed information on the findings is available at the ChoiceStream website. (www.choicestream.com)



It will eventually occur to (even) politicians that it would be cheaper to keep these people in jail (even cheaper to kill them) rather than monitor their movements, medications, phones, internet usage, etc.

http://www.newsday.com/news/nationworld/nation/wire/sns-ap-web-sex-offenders,0,7993629.story

N.Y. Planning Sex Offender Polygraphs

By MICHAEL FELBERBAUM Associated Press Writer December 11, 2006, 8:10 PM EST

RICHMOND, Va. -- Officials in two states proposed unusual plans Monday to tighten oversight of convicted sex offenders: Virginia's attorney general wants them to register their e-mail addresses and online IDs, and New York officials want them to take lie-detector tests.

In New York, the parolees' answers to a computer-based polygraph test about their whereabouts could be used to justify electronic monitoring, prohibit Internet use or restrict travel, said Division of Parole spokesman Scott Steinhardt.



http://hardware.slashdot.org/article.pl?sid=06/12/11/1714232&from=rss

How To Choose Archival CD/DVD Media

Posted by kdawson on Monday December 11, @03:33PM from the 70-years-or-bust dept.

An anonymous reader tips us to an article by Patrick McFarland, the well-known Free Software Magazine author, going into great detail on CD/DVD media. McFarland covers the history of these media from CDs through recordable DVDs, explaining the various formats and their strengths and drawbacks. The heart of the article is an essay on the DVD-R vs. DVD+R recording standards, leading to McFarland's recommendation for which media he buys for archival storage. Spoiler: it's Taiyo Yuden DVD+R all the way.

From the article: "Unlike pressed CDs/DVDs, 'burnt' CDs/DVDs can eventually 'fade,' due to five things that affect the quality of CD media: sealing method, reflective layer, organic dye makeup, where it was manufactured, and your storage practices (please keep all media out of direct sunlight, in a nice cool dry dark place, in acid-free plastic containers; this will triple the lifetime of any media)."



You know, some people just get it... (Remember, this was before most people had even heard of the WWW)

http://digg.com/videos_educational/Hyperland_1990_by_Douglas_Adams

Hyperland 1990 by Douglas Adams

chrisek submitted by chrisek 14 hours 32 minutes ago (via http://video.google.com/videoplay?docid=5579362191486305681&q=hyperland )

Douglas Adams' Prescient Documentary from 1990 [...don't worry, nothing has happened in the last 16 years... Bob] about The Web



When your (boss, client, employee, significant-other) comes to you with a story like this, what do you do?

http://news.com.com/2061-10789_3-6142790.html

Scammers take Web mail hostage

December 11, 2006 5:01 PM PST

After visiting a cybercafe, a Hotmail user returned to find the Web mail account empty except for a note demanding payment for the return of the messages and address book, a security firm said Monday.

The affected person had accessed the Hotmail e-mail account from an unspecified Internet cafe in Mexico, said Dan Hubbard, senior director of Websense Security Labs in San Diego.

"When the user came back and logged into Hotmail, all 'sent' and 'received' e-mails were deleted, along with all the online contacts," Hubbard said. The only message that remained was one from the attacker, requesting payment in order to get the data back, he said.

The ransom note was written poorly in Spanish, but translated into English, it stated: "If you want to know where your contacts and your e-mails are then pay us or if you prefer to lose everything then don't write soon!" according to a Websense alert.

Such hostage taking is a new form of cyberextortion. Previous attacks have used malicious software known as ransomware that encrypts certain files on victims' computers and then demands payment for decryption. The blackmailer threatens to delete the files if no payment is received.

"We have only had one report. This very first one that we have found out about," Hubbard said.

The Hotmail user's credentials could also have been compromised through a phishing scam. However, Hubbard said that the unidentified victim believes that's not what happened.

Microsoft did not immediately respond to requests seeking comment. [Will they restore from backups? They can – will they? Bob]

Lesson for the wise: be cautious when traveling and using cybercafes. They appear to be targeted more and more, Websense said. Also, change your password frequently.



Always looking for “the next big thing...”

http://www.wired.com/news/technology/internet/0,72282-0.html?tw=rss.index

Battle Brewing Over 'Iconistan'

By Michael Calore 02:00 AM Dec, 12, 2006

There's a turf war heating up over a strip of web real estate called "Iconistan."

You won't find this mythical land on a map, as Iconistan exists only at the bottom of blog posts. It's where that little crowd of icons gathers, begging you to post a bit of news to Digg, Reddit, del.icio.us and various other social news and community sites.

"Those submit buttons present independent publishers with an excellent opportunity to leverage the growing audience for social news sites," says Tony Conrad, CEO and co-founder of Sphere, who coined the term "Iconistan" in a recent blog post.

Social news sites like Digg, Reddit and Newsvine encourage their readers to submit news stories they find online, and the developers of those sites have created these tiny widgets to facilitate the submission process. Disclosure: Reddit is owned by CondéNet, the parent company of Wired News.

These tiny icons encourage readers to discuss an article or blog post on the target site -- thereby enriching the user experience -- but they're also crass tools of promotion. Publishers hope that a link on Digg or Newsvine will drive traffic back to the original story on their site -- which is why bloggers add the buttons to their posts in the first place.

Landing a link on the front door of a hot social news site can drive up site traffic and allow bloggers to reach new audiences. The resulting increase in pageviews also means increased advertising revenue for the publisher.

"It's a win for the user, but it's also a win for the publisher," says Conrad.

Conrad's company, Sphere, creates a widget that helps readers track conversations across multiple sites on the web. It's just one of many companies that have set up shop in Iconistan.

Independent publishers were the first to recognize the power of social news sites to expand readership and generate pageviews, but larger, established publishers are quickly setting up their own Iconistans as well.

This week, The New York Times added social news submission tools to news stories on its website. Readers browsing the newspaper's site can choose to submit a story to Digg, Newsvine or the social network Facebook.

The Times chose only three social networks, but some blogs feature dozens of buttons along the bottom of posts. Conrad warns that the slim slice of web real estate could become a cluttered mess if publishers don't keep users' best interests in mind.

"Publishers need to develop some criteria to follow whenever they want to put another link on the page," he says. "Web publishers should ask themselves what (a 'submit' icon) does for the person who clicks on it. How is it going to impact the user experience? Is there an intersection there with user reality?

"The author probably shouldn't put another link there if it detracts from the user experience," he says.



It is never the same as being there, but it is like having a friend who was and took good notes...

http://www.bespacific.com/mt/archives/013252.html

December 11, 2006

KMWorld and Intranets 2006 Presentation Links

KMWorld and Intranets 2006 Presentation Links, October 30 - November 2, 2006.



Is this enough to collapse a government? (Food for thought, Virtual Law experts!)

http://techdirt.com/articles/20061211/064711.shtml

Chinese Yuan No Longer The Only People's Currency

from the more-effective-than-angry-trade-reps dept

One of the chief policy concerns for the Chinese government, in recent years, has been the value of the national currency, the Yuan. The government is convinced that for the time being, it must artificially manipulate its value, so as to preserve the robust economy. But while it can intervene to affect the Yuan, it has little control over alternative currencies, such as those found online. It's apparently concerned that an online currency called QQ, maintained by a large IM system, could induce unwanted, real-world volatility, as people start using the QQ as a substitute for the Yuan to buy certain goods and services. For the most part, it's hard to imagine that this could be too destabilizing. It's mainly for the purposes of international trade that China wants a stable Yuan, and it's unlikely that too many manufacturers will start accepting payments in QQ. Still, the Chinese government tends to feel threatened anytime people are able to express themeselves spontaneously, in some manner outside of endorsed channels, hence the constant internet censorship. It wouldn't be a surprise to see it take a similarly confrontational stance towards alternative currencies. The legal implications of virtual worlds and currencies are just starting to be debated in the US; it should be very interesting to see how things differ when the anarchic freedom found in them collides with stricter societies and economies.



Now will you believe that TV is changing?

http://abcnews.go.com/Entertainment/wireStory?id=2716983&CMP=OTC-RSSFeeds0312

Dutch Pull Plug on Analog Television

Dutch Pull Plug on 'Free-To-Air' Analog Television, Shifting All Signals to Digital

By TOBY STERLING The Associated Press

AMSTERDAM, Netherlands - The Netherlands ended transmission of "free to air" analog television Monday, becoming the first nation to switch completely to digital signals.

Few Dutch consumers noticed, because the overwhelming majority get TV via cable.

... And "when 94 percent of the market is served by cable, more competition is healthy," said Economic Affairs ministry spokeswoman Judith Thompson.

Cable here faces minor but growing competition from satellite and more recently, television via high-speed Internet connections with the service known as IPTV.

... Governments around the world are gradually making the switch to digital, with some Scandinavian countries and Belgium targeting a 2007 switch-off date. The target is 2009 in the United States, and 2011 in Japan.



Free is good!

http://www.digg.com/music/Mozart_s_entire_musical_score_now_free_on_Internet

Mozart's entire musical score now free on Internet

webtickle submitted by webtickle 20 hours 5 minutes ago (via http://today.reuters.com/news/articlenews.aspx?type=entertainmentNews&storyid=2006-12-11T190336Z_01_L11804081_RTRUKOC_0_US-ARTS-MUSIC-MOZART.xml )

Mozart's year-long 250th birthday party is ending on a high note with the musical scores of his complete works available from Monday for the first time free on the Internet.

[http://dme.mozarteum.at Expect delays Bob]



Tools for research...

http://www.degreetutor.com/library/research-tools/librarian-searchguide

Librarian's Ultimate Guide to Search Engines

Published on Friday December 8th , 2006