Sunday, January 21, 2007

Size matters...

http://news.enquirer.com/apps/pbcs.dll/article?AID=/20070120/BIZ01/701200339/-1/all

Fifth Third has role in TJX hole

Hacker got into system

BY JAMES MCNAIR JMCNAIR@ENQUIRER.COM

Fifth Third Bank, the nation's fourth-largest credit-card processor, has been drawn into what's being called possibly the biggest- security breach of customer credit-card information.

The breach was found in mid-December in the form of an "intrusion" into the computer systems of TJX Cos., which owns the T.J. Maxx, Marshalls, HomeGoods and A.J. Wright retail chains.

TJX said this week that "some" customer information has been stolen, but it doesn't know the full extent of the theft, which happened in 2005.

... TJX officials refused to say how many customers had their data stolen or accessed by a computer hacker. The New York Times and the Wall Street Journal reported Friday that more than 40 million cards may be affected.

Spokeswoman Sherry Lang said TJX has identified a "limited number" of credit and debit card holders whose information was stolen from its computer system, adding that the number was "substantially less than millions." A smaller number of customer names with driver's license information was stolen, she said.

... In the TJX case, Visa said the number of accounts potentially accessed by a hacker could exceed the 40 million cards exposed in a 2005 breach of computers at payment processor CardSystems Solutions.

... "If you are a consumer and you're part of the TJX breach, you are hoping it's 10 million people because the chance of your name being misused goes down considerably depending on the size of the data breach," Cook said.



At least someone is paying. I'd like to know why they did...

http://www.pogowasright.org/article.php?story=20070120153425714

Printing company to pay $110,000 for Social Security number snafu

Saturday, January 20 2007 @ 03:34 PM CST - Contributed by: PrivacyNews - Businesses & Privacy

A printing company that inadvertently printed Social Security numbers on 171,000 tax forms will pay $110,000 toward free credit monitoring for those affected, the company president said.... The state will pay the rest of the credit-monitoring cost for those affected who choose to use the service.

Source - Associated Press

[From the article:

Meredith Helgerson, a Revenue Department spokeswoman, said the printer needed the Social Security numbers to make sure the forms went to the correct locations [Absurd! Bob] but she couldn't say exactly how the information was used.

... The state paid the printer $22,000 to print the forms.



Would this apply to any laptop, pda, or cell phone found in the crash?

http://www.morningjournal.com/site/news.cfm?newsid=17733843&BRD=1699&PAG=461&dept_id=46371&rfi=6

Prosecutor: 'Black box' information taken legally

By RICHARD PAYERCHIN , Sandusky Bureau Chief 01/20/2007

SANDUSKY -- Police were allowed to collect information from the internal computer in a car involved in a crash that killed a Vermilion teen in January 2006, according to the Erie County Prosecutor's Office.

The prosecution opposed a request by the defense attorney to suppress data taken from a ''black box'' internal computer inside the car driven by Tiffany Whiting, 19, of Marblehead, who is charged with aggravated vehicular homicide and aggravated vehicular assault in connection with the death of David Anthony Risner Jr., of Vermilion, according to Erie County Common Pleas Court records.

The defense motion argued police needed a search warrant to retrieve the computer information stored by the internal SDM Data Recorder (sensing and diagnosing module) of the 2005 Chevrolet Cobalt Whiting was driving.

The car went airborne at a railroad crossing on Douglas Street in Vermilion and went out of control, hitting a tree, a parked truck and a telephone pole. Risner, 17, a culinary arts student at EHOVE Career Center, was a front-seat passenger. Rear-seat passenger Jessica Tipton, then 17, of Marblehead, was injured, according to a police report.

Police had a right to search for the information without a warrant because a person has ''no reasonable expectation of privacy in the wreckage of a vehicle where another occupant is killed,'' said the response filed by Erie County Chief Assistant Prosecutor Mary Ann Barylski.

The case is due back in court on Feb. 6 for a suppression hearing before Judge Roger E. Binette.

Ohio law on the topic is ''sparse,'' Barylski wrote, but other rulings have upheld warrantless searches of vehicles involved in fatal crashes.

In one case, the U.S. Military Court found Navy police were required to investigate serious motor vehicle crashes and legally could examine a demolished car that was involved in a fatal crash, Barylski wrote.

In Whiting's case, the ''vehicle was utterly demolished which resulted in a fatality,'' Barylski wrote.

Vermilion police worked with the State Highway Patrol to analyze driving data from inside the car's computer, according to court records. One summary said the car was accelerating at 100 percent throttle at four seconds before the crash, showing speeds of 73, mph, 74 mph and 76 mph, according to court records.



Again, the amount of data available goes up exponentially...

http://slashdot.org/article.pl?sid=07/01/21/0044254&from=rss

NYC 911 to Accept Cellphone Pics and Video

Posted by Zonk on Saturday January 20, @10:34PM from the looking-through-the-phone dept. The Internet Media Technology

SpaceAdmiral writes "New York City is developing a plan to allow images to be sent to 911 emergency operators from cellphones. This will likely give emergency operators better information to pass along to responders. They're also planning on implimenting a program of streetcorner video cameras, as seen in the city of London. According to John A. Feinblatt, Mayor Michael Bloomberg's criminal justice coordinator: 'The more information that the police have and the more quickly that they get it, the more likely that they are going to fight a crime.'"

How practical do you think it is to expand this sort of project to cities across the country? Moreover, is it worth the expense?



Why would the school want police powers? Would they handle threats without involving the police?

http://www.technewsworld.com/rsstory/55261.html

School Safety: Technology Outpacing the Law

By Monique Garcia Chicago Tribune 01/20/07 4:00 AM PT

The bill would give school districts the authority to expel or suspend students for making "explicit threats" online toward other students, teachers or school personnel. It would give Illinois one of the toughest laws on the issue of cyberspace threats involving schoolchildren, allowing schools to hold students accountable for computer postings that pose a "reasonable threat."

After threatening to assassinate his assistant principal on MySpace.com last spring, a 15-year-old student at Bednarcik Junior High School in Oswego, Ill., was charged with harassment through electronic communication, a felony.

His threats on the popular social networking Web site were serious enough to draw action by the police, but school officials found there was little they could do.

Under Illinois law, officials may discipline students for misbehavior on school property or at school-sponsored events, but they have little authority over what students do off campus or in cyberspace. [Shouldn't it work that way? Bob]

School Wants More Power

It's a case of technology outpacing the laws on the books, so school officials contacted Illinois House Republican leader Tom Cross, of Oswego, and he has begun a push for legislation to give schools extra power.

"This isn't an issue of schools saying we are going to start monitoring Web sites," [“We'll only look for evidence of crimes committed by students we hate, you know: blacks, jews, and republicans...” Bob] Cross said. "It's about giving them the power to perhaps keep the kid out of the school system. Right now, their hands are tied."

... In May 2005, a 14-year-old Pennsylvania student was expelled from a middle school because of threatening rap lyrics he posted on the Internet. The ACLU of Pennsylvania filed a lawsuit against the Riverside Beaver School District, claiming the punishment violated the First Amendment.

"It was a rap battle, and if you understand hip-hop music at all, you understand there is a lot of metaphorical violence," said Wiltold Walczak, the Pennsylvania ACLU's legal director. "There is a whole body of law under the 1st Amendment that makes it clear you can't punish someone for a threat unless it's a true threat."

The school district settled the case for US$90,000 after a court ruled that the posted lyrics -- about school shootings and getting back at another student who taunted him -- were not true threats, Walczak said. The school now restricts its authority over children to activities at the school or during school events, he said.



Another one bites the dust... (bytes the dust?)

http://it.slashdot.org/article.pl?sid=07/01/20/1936257&from=rss

Chinese Prof Cracks SHA-1 Data Encryption Scheme

Posted by Zonk on Saturday January 20, @03:39PM from the mad-math dept. Security Encryption Education Math

Hades1010 writes to mention an article in the Epoch Times (a Chinese newspaper) about a brilliant Chinese professor who has cracked her fifth encryption scheme in ten years. This one's a doozy, too: she and her team have taken out the SHA-1 scheme, which includes the (highly thought of) MD5 algorithm. As a result, the U.S. government and major corporations will cease using the scheme within the next few years. [Note that even though they know it can be broken, they will continue to use this crypt... Sad, isn't it. Bob]

From the article: " These two main algorithms are currently the crucial technology that electronic signatures and many other password securities use throughout the international community. They are widely used in banking, securities, and e-commerce. SHA-1 has been recognized as the cornerstone for modern Internet security. According to the article, in the early stages of Wang's research, there were other data encryption researchers who tried to crack it. However, none of them succeeded. This is why in 15 years Hash research had become the domain of hopeless research in many scientists' minds. "


Another crack?

http://www.engadget.com/2007/01/20/blu-ray-cracked-too/

Blu-ray cracked too?

Posted Jan 20th 2007 11:59AM by Ryan Block Filed under: HDTV, Home Entertainment

It's still early on to tell whether this is actually true, but HD DVD cracker muslix64 is back, and with the help of another anti-DRM cracker, Janvitos, claims to have also broken the Blu-ray's implementation of AACS. Although their protection does not yet account for BD+ copy-protection, they claim to have been able to implement the same key-grabbing known-plaintext attack as muslix64 used to crack HD DVD in order to successfully to crack Blu-ray without even using a disc or drive (apparently they just used a raw encrypted data file and nothing more). Unfortunately they haven't yet posted code for us to test this out, so we'll have to take their word for it for the time being.


Another crack?

http://ouriel.typepad.com/myblog/2007/01/i_can_finally_g.html

20 January 2007

I can finally get rid of iTunes

I love the iPod but i HATE iTunes. Not convenient for synchronizing in multiple computers, slow, heavy in ressources for movies you have to convert to their stupid format….

Thanks to Christian from ProCab i have (very lately) discovered YamiPod, a freeware, developped by a student that enables you to manage your music AS YOU WANT. You can for example add music by simple drag and drop from your folder, the soft is fast, read all features heres.

The KILLER feature. You can copy music from iPod to your computer, bye bye stupid DRM rules that do not let me copy music i bought from my iPod to another computer (at work for example) [Attention Security Manager Bob] Works on mac/linux/windows

Now i am friend again with my iPod. Christian, you saved my iPod life

update: There is more on the subject here



They did it for the worst possible reason – they put their convenience above the law.

http://politics.slashdot.org/article.pl?sid=07/01/20/1449231&from=rss

Ohio Recount Rigging Case Goes to Court

Journal written by MarkusQ (450076) and posted by CowboyNeal on Saturday January 20, @10:15AM from the counting-down-the-hits dept.

The Akron Beacon Journal is reporting that the trial of the three election workers accused of rigging the 2004 presidential election recount in Cuyahoga County is finally underway. As you may recall, this was the case where poll workers 'randomly' selected the precincts to recount by first eliminating from consideration precincts where the number of ballots handed out on Election Day failed to match the number of ballots cast and, then opening the ballot boxes in private and pre-counting until they found cases which would match up. What is interesting here is that they have already admitted doing this and that it was clearly counter to the letter and the spirit of the law, but still insist it wasn't really 'wrong,' presumably since they only did it to avoid having to go to the bother of a full recount as required by law.



Nothing much now, but expect to see collections of podcasts/videos from law firms, schools, and anyone who wants to be seen as an “expert.”

http://www.researchbuzz.org/wp/2007/01/21/directory-of-business-podcasts/

January 21, 2007

Directory of Business Podcasts

Filed under: Business-Research, Multimedia-Audio

Looking for business podcasts? Check out iBizRadio at http://www.iBizRadio.com , a directory of business-oriented podcasts.

The site is a searchable subject index with categories ranging from accounting to travel and hospitality. Not all categories have listings — actually this directory looks a bit sparsely populated. Category pages have listings with brief descriptions and “last updated” notes so you can see when the podcast has updated. (Unfortunately not all podcasts include date information so not all podcasts have “last updated” flags.)

Each podcast has its own page with a list of recent episode that you can download directly. There’s also an Flash-based player on the page for each episode so you can listen if you’d rather not download.

I’m really surprised there’s not more here, but it’s a nice idea.



Weird enough to be amusing? “Now you can use your doctoral dissertation to crack the top 40!”

http://digg.com/music/let_a_computer_sing_it_for_you

let a computer sing it for you!

Just type in your text and an online application will look up song lyrics that match, and put then together into one song!

http://www.sr.se/P1/src/sing/index.htm?key=2BJAJBJL#



Another technological solution to global warming?

http://ecoiron.blogspot.com/2007/01/black-google-would-save-3000-megawatts.html#links

Saturday, January 20, 2007

Black Google Would Save 3,000 Megawatts a Year

As noted, an all white web page uses about 74 watts to display, while an all black page uses only 59 watts. I thought I would do a little math and see what could be saved by moving a high volume site to the black format.

Take at look at Google, who gets about 200 million queries a day. Let's assume each query is displayed for about 10 seconds; that means Google is running for about 550,000 hours every day on some desktop. Assuming that users run Google in full screen mode, the shift to a black background will save a total of 15 (74-59) watts. That turns into a global savings of 8.3 Megawatt-hours per day, or about 3000 Megawatt-hours a year. And at 10 cents a kilowatt-hour, that's $300,000, a goodly amount of energy and dollars for changing a few color codes.



Ideas?

http://michaelzimmer.org/2007/01/20/nyu-colloquium-on-information-technology-society-spring-2007-schedule/

NYU Colloquium on Information Technology & Society Spring 2007 Schedule

Posted on Saturday, January 20th, 2007 at 7:02 pm

The spring 2007 schedule for the Information Law Institute (NYU Law School) Colloquium on Information Technology & Society has been announced.

No comments: