Tuesday, February 13, 2007

Boy, did this stir things up! I don't think the rate of loss is particularly outrageous, but it confirms that even when the organization is aware of the possibility of crime, they don't always follow the “best practice.”

http://www.bespacific.com/mt/archives/013926.html

February 12, 2007

DOJ OIG Audit of Reviews Missing FBI Laptops and Weapons

The Federal Bureau of Investigation’s Control Over Weapons and Laptop Computers Follow-Up Audit, Audit Report 07-18, February 2007


Everyone is picking the “juicy bits” out of the audit report. Here are some examples. (Might be the basis of a good checklist for your organization.)

http://arstechnica.com/news.ars/post/20070212-8821.html

FBI lost 160 laptops in last 44 months

2/12/2007 1:44:14 PM, by Nate Anderson

... "Perhaps most troubling," says the report, "the FBI could not determine in many cases whether the lost or stolen laptop computers contained sensitive or classified information. Such information may include case information, personal identifying information, or classified information on FBI operations."


http://techdirt.com/articles/20070212/130314.shtml

FBI Can't Keep Track Of Its Own Laptops; Lose Three Or Four Each Month

from the quality-control? dept

Hardly a month goes by without stories of government employees losing laptops, potentially revealing all sorts of important information. Apparently it's not limited just to folks like the Census Bureau, either. A new report notes that the FBI tends to lose three to four laptops every month. Some of these are just lost, others are stolen. While some of the lost laptops contain info about people, there are also even scarier cases, such as the lost laptop that contains software used by the FBI to create its ID badges. Why that software should ever need to be on a laptop isn't explained. The only good news is that the report from the FBI suggests the rate of lost laptops is dropping (as is the number of lost weapons...), but that's hardly comforting. Yes, it's true that laptops do get lost and stolen -- but you would hope that the FBI would be a bit more careful with its sensitive info. And, if it did need to go on a laptop, why not have a system in place to protect the data on the laptop once it was lost? Just a few weeks ago at DEMO, we saw Alcatel/Lucent demo a pretty simple system that would allow a system administrator to remotely kill access to content on a laptop (even if the laptop was off). You would think that an organization like the FBI would already have a system like that in place... but, we're forgetting this is the same group that spent hundreds of millions of dollars on a computer system that was useless for catching terrorists and had to be scrapped, causing some to suggest the best time to kickoff a crime spree would be when that system was implemented. So, perhaps it's no surprise that the FBI can't do something as simple as secure its own laptops.



Is this the right strategy? Is it even logical?

http://www.podtech.net/home/technology/2095/f5s-kevin-hohenbrink-data-replication-disaster-recover-part-1

State mum on details of computer breach

13 Investigates Feb 12, 2007 05:03 PM Sandra Chapman/13 Investigates

Indianapolis - Indiana's Office of Technology says its failure allowed hackers access to residents critical personal information. But the agency still won't divulge which state service was breached. [Shouldn't take long to figure out... Bob]

Credit card numbers complete with names and addresses: a hacker's dream, courtesy of Indiana's Office of Technology.

"The credit card numbers weren't where they were supposed to be," said Chris Cotterill, the director of http://www.in.gov, the state's website managed by the Indiana Office of Technology.

Some 5,600 residents who conducted business with the state through one on-line provider are now at risk. The Office of Technology is keeping the identity of the breached agency secret.

... 13 Investigates has learned this might be a case where an agency simply failed to follow its own rules. [High probability. Bob]

A memo sent by the Office of Technology dated December 8th of last year reminded state agencies of their responsibility and "role as a protector of personal information."

... The Office of Technology was criticized just last fall when the state's prosecuting attorneys found court information on the state's website unreliable.

Corridan says it wasn't the Office of Technology's fault. "The interfaces weren't connected correctly through the Access Indiana and I think that was just a programming issue," he said. [“We're the Technology bureaucracy, we aren't responsible for Technology.” Bob]



Free is good!

http://www.bespacific.com/mt/archives/013932.html

February 12, 2007

Justia Launches Free Federal District Court Filings Database Search

Another terrific project from the Justia team, this database [still under development] of recently filed Federal District Court civil cases allows users to browse by browse by State, Nature of Suit and Cases, as well as seach by Party Name, jurisdiction, type of lawsuit, and within a given date range. According to Tim Stanley, there are currently "over 300,000 case titles since January 1, 2006, and they are updating [the database] daily."

Additional features include:

  • Users may opt to subscribe to RSS feeds of all of the new cases by topic, or may otherwise conduct a search and then subscribe to an RSS feed of the search results.

  • Data on each case includes a link to the related docket information on Pacer (accessible via subscription, 8 cents per page) as well as to blog, news and finance and web searches on the party names.



My concern is: How will they respond/overreact to this?

http://www.washingtonpost.com/wp-dyn/content/article/2007/02/10/AR2007021001457.html?referrer=email&referrer=email&referrer=email

WiFi Turns Internet Into Hideout for Criminals

Authorities Struggling With Anonymity Provided By Unsecured Networks

By Jamie Stockwell Washington Post Staff Writer Sunday, February 11, 2007; C01

Detectives arrived last summer at a high-rise apartment building in Arlington County, warrant in hand, to nab a suspected pedophile who had traded child pornography online. It was to be a routine, mostly effortless arrest.

But when they pounded on the door, detectives found an elderly woman who, they quickly concluded, had nothing to do with the crime. The real problem was her computer's wireless router, a device sending a signal through her 10-story building and allowing savvy neighbors a free path to the Internet from the privacy of their homes.

[Perhaps the problem was that they had not done their homework? Wouldn't it be logical to determine in advance WHO lived at that address? Bob]

Perhaps one of those neighbors, authorities said, was stealthily uploading photographs of nude children. Doing so essentially rendered him or her untraceable. [Oh, really? Bob]


On the flip side...

http://www.gigalaw.com/news/2007/02/online-crime-leads-to-allegations-of.html

Online Crime Leads to Allegations of "Forum Shopping"

Unlike many crimes with relatively limited geographic scope, Internet abuses cross every border, giving the government enormous leeway these days to pick jurisdictions where it brings cases. To some critics, the process smacks of "forum shopping," a once-common practice by plaintiffs' attorneys seeking the most hospitable venues to bring civil suits.

Read the article: The Wall Street Journal | Posted: 2/12/2007 03:10:00 PM



I wonder if this is the way to go? The database will have to be huge!

http://www.technewsworld.com/rsstory/55714.html

MySpace Attacks Video Piracy With New Tech

By Erika Morphy E-Commerce Times Part of the ECT News Network 02/12/07 1:42 PM PT

... Its new content management and antipiracy system, which it licensed from Audible Magic, can recognize certain uploaded copyrighted content, match the appropriate business rules to that particular video or song and then take action within a matter of minutes, Audible Magic CEO Vance Ikezoye told the E-Commerce Times.

The content provider has to provide a "digital fingerprint" of the video or song, which Audible Magic then stores in its database, he explained.



Will Belgium “disappear” from the Internet?

http://hosted.ap.org/dynamic/stories/B/BELGIUM_GOOGLE_VS_NEWSPAPERS?SITE=VALYD&SECTION=HOME&TEMPLATE=DEFAULT

Feb 13, 6:42 AM EST

Belgian Papers Win Google Copyright Suit

By AOIFE WHITE AP Business Writer

BRUSSELS, Belgium (AP) -- A court on Tuesday ruled in favor of Belgian newspapers that sued Google Inc., claiming that the Web search Internet search leader infringed copyright laws and demanded it remove their stories.

The Mountain View, Calif.-based company that operates the world's most-used search engine immediately said it would appeal, claiming its Google News service was "entirely legal."

A Brussels court ruled in favor of Copiepresse, a copyright protection group representing 18 mostly French-language newspapers that complained the search engine's "cached" links offered free access to archived articles that the papers usually sell on a subscription basis.

It ordered Google to remove any articles, photos or links from its sites - including Google News - that it displays without the newspapers' permission.

But in the future, it said it would be up to copyright owners to get in touch with Google by e-mail to complain if the site was posting content that belonged to them. Google would then have 24 hours to withdraw the content or face a daily fine of 1,000 euros ($1,295).

The court cut a retroactive daily fine of 25,000 euros ($32,390) for each day Google did not comply - far lower than an earlier judgment that threatened 1 million euros ($1.3 million) a day.

However, since Google removed content and links to Copiepresse newspapers such as Le Soir and La Derniere Heure in September, it is unclear how much any total fine would be.

Google would not comment on the fine, saying its lawyers were still examining the judgment, but did say it was disappointed with the ruling and would appeal.

"We believe that Google News is entirely legal," the company said in a statement. "We only ever show the headlines and a few snippets of text and small thumbnail images. If people want to read the entire story they have to click through to the newspaper's Web site."

Google said its service actually does newspaper a favor by driving traffic to their sites.

But the court said Google's innovations don't get exemptions from Belgian data storage law.

"We confirm that the activities of Google News, the reproduction and publication of headlines as well as short extracts, and the use of Google's cache, the publicly available data storage of articles and documents, violate the law on authors' rights," the ruling said.

Most Belgian newspapers offer new articles to readers for free but charge for access to older stories.

Copiepresse first cried foul last February after Google launched a Belgian version of its Google News service in January 2006, displaying content from local newspapers found by its search engine.

Copiepresse insisted that Google should have asked first before it posted a headline and a link to the story. It also claimed that Google hurt the rights of authors because its stored cache of older stories effectively gave away content to archived stories they usually charge for.

A court ruling in September agreed and ordered Google to remove newspaper content from its news index under threat of daily fines of 1 million euros ($1.3 million).

That decision came as a shock to Google, which had failed to appear at an earlier court hearing. The court later agreed to hear the case again to allow Google to put its side forward.

--- On the Net: http://www.google.be http://www.copiepresse.be/



Dover Press copied government publications, added a slick cover, and sold them for reasonable prices. Perhaps a similar business model is suggested here?

http://techdirt.com/articles/20070212/084448.shtml

E-Book Author Complains About Unauthorized Physical Copies

from the backwards-day dept

Last week we linked to the news that once again, J.K. Rowling will not allow e-book versions of the new Harry Potter book over fears of piracy. Now, a lot of people are talking about a story that is almost the reverse of this situation. Popular blogger and marketing guru Seth Godin is angry after seeing a copy of his e-book, Everyone's an Expert, appear on Amazon as a physical book. This is definitely not your typical piracy story, as the e-book is available for free, whereas this unauthorized physical version is being sold at a price. Unfortunately, it doesn't look like Godin's complaint carries much water, since he chose a Creative Commons license for this book that allowed for this kind of reproduction. So, not only is the physical copy legitimate, it appears that this is what's supposed to happen when someone puts this kind of license on a book. If an author is not interested in making money, but in spreading their ideas around, then it makes sense to allow third parties to print up copies of the book, and recoup their costs. It seems that Godin basically made a mistake by licensing the book in a manner contrary to his own wishes, which is unfortunate, but it's a good lesson to other writers that may be interested in Create Commons licensing that they should take the time to really see what it means before slapping it on willy nilly. At the same time, there's nothing stopping Godin from doing what he's doing now: promoting the fact that you can still get the ebook for free from him, rather than paying the fee to whoever is printing up copies and selling them. If anything, it seems likely that this hubbub should only serve to get more attention for his book -- which is just the type of crazy marketing stunts we thought Godin liked.



Another indication that citizens have no right to thwart the government? It does not seem to indicate that the governments strategy is to keep people from speeding or they would simply “spoof” the GPS systems into thinking there were cameras everywhere!

http://techdirt.com/articles/20070212/075138.shtml

Avoiding Speed Cameras Using GPS Now Illegal In Switzerland

from the location-based-service dept

Over the years, drivers have developed various ways of warning each other about speed traps, such as flashing your brights a couple of times, to let drivers in the oncoming lanes know that there's a police car waiting up ahead. As anti-speeding methods have evolved, so too have the counter measures. To deal with the increasing prevalence of speed surveillance cameras, some GPS devices let drivers know when they're in an area that is monitored by these cameras. Now the Swiss government is fighting back, announcing that several GPS devices are now illegal, because they can be used to help drivers avoid these cameras. It's easy to see other governments following suit, just as radar detectors were roundly banned after they got too popular. Still, it's going to be hard to enforce this ban. While they can ban certain makes of GPS devices, it's going to be tougher to prevent someone from downloading the same application to a GPS-enabled handset that sets of an alarm whenever the car nears a danger zone.



Not accidental at all, this is how they chose/designed/programmed to do it!

http://techdirt.com/articles/20070209/152445.shtml

What Happens When You Are Accidentally Given Music MP3s By Music Labels Or Services?

from the questions,-questions dept

For a while it's been something of an open secret that music services like Pandora get around buffering problems by actually downloading MP3s to a temporary folder on your hard drive, and then streaming it locally. There are a few software products that will help you save (and rename) those files. Ed Felten has written that a new Billy Joel single is being promoted by SonyBMG [Known for not thinking technology through... Bob] using a similar system. It looks like it's streaming to your computer, but the reality is that it first downloads a full, high-quality, MP3 to your computer. So, the open question is what's the legality of saving that file? There are a few issues here. First of all, all of the RIAA lawsuits are about uploading, not downloading files. So as long as you're not sharing the file later, chances are, you're not going to get sued at all. But, the RIAA and others still could consider it to be copyright infringement by gaining "unauthorized access" to the file. Unfortunately, it seems that such a claim would be tough to support, since the file was place on your hard drive on purpose -- it's just that the service delivering it hoped you wouldn't notice it and save it. [Security through obscurity. Bob] In the end, though, this helps highlight some of the reasons why traditional copyright law doesn't make much sense in a digital age. In order to get a better quality streaming audio, the best way to do it is to load that MP3 onto your computer -- but doing so may technically be considered copyright infringement in some manner. One more reason why it's about time people started rethinking copyright laws.



Another example of thoughtless software?

http://www.theregister.co.uk/2007/02/11/skype_bios_snoop/

Skype snoop agent reads mobo serial numbers

By Dan Goodin in San Francisco Published Sunday 11th February 2007 22:29 GMT

Skype has been spying on its Windows-based users since the middle of December by secretly accessing their system bios settings and recording the motherboard serial number.

A blog entry (http://share.skype.com/sites/security/2007/02/skype_extras_plugin_manager.html) made on Skype's website assures us it's no big deal. The snooper agent is the handiwork of a third-party program called EasyBits Software, which Skype uses to manage Skype plug-ins.

Among other things, EasyBits offers DRM features that prevent the unauthorized use or distribution of plug-ins, and that's why Skype 3.0 has been nosing around in users' bios. Reading the serial number allows EasyBits to quickly identify the physical computer the software is running on. The practice was discontinued on Thursday, [It could come back at any time... Bob] when Skype was updated to version 3.0.0.216.

"It is quite normal to look at indicators that uniquely identify the platform and there is nothing secret about reading hardware parameters from the BIOS," Skype's blog author, Kurt Sauer, assured us. He also says Skype never retrieved any of this data. We're not sure that's the point.

Skype goes to great lengths (http://www.skype.com/download/adwarefree/) to assure users they will not be fed spyware, which the eBay-owned VOIP provider defines as "software that becomes installed on computer without the informed consent or knowledge of the computer’s owner and covertly transmits or receives data to or from a remote host." What's more, we were unable to find terms of service the spells out what EasyBits does with the information it gathers on Skype users.

It's also hard to take Skype's nothing-to-see-here notification at face value because of the lengths the software goes to conceal its snooping. As documented (http://www.pagetable.com/?p=27) in the Pagetable blog, the Skype snoopware runs a .com file and prevents the more curious users among us from reading it. Were it not for errors it was giving users of 64-bit versions, we'd probably still be in the dark.

Skype's decision to remove the EasyBits DRM feature is a good start. Time now for an apology and an explanation of what has been done with the information already collected.



Did they have a choice?

http://www.internetnews.com/xSP/article.php/3659401

Google Turns Over User IDs

By Nicholas Carlson February 12, 2007

Google's YouTube and a company called Live Digital will offer no refuge to users who uploaded pirated copies of Fox Television's "24" and "The Simpsons" onto their video platforms.

In an e-mail to internetnews.com, a 20th Century Fox Television spokesperson said that Google and Live Digital complied with subpoenas issued by the U.S. District Court in Northern California and disclosed to Fox the identities of two individuals who illegally uploaded entire episodes of "24" prior to its broadcast and DVD release.



Probably wise?

http://science.slashdot.org/article.pl?sid=07/02/12/1932221&from=rss

Biology Goes Open Source

Posted by ScuttleMonkey on Monday February 12, @03:06PM from the models-that-work-from-time-to-time dept. Businesses Science

cford writes "According to Forbes some of the drug company giants are finally realizing that their genetic research is worth more if they give it away. 'Novartis, the Basel, Switzerland, drug giant, has helped uncover which of the 20,000 genes identified by the Human Genome Project are likely to be associated with diabetes. But rather than hoard this information, as drug firms have traditionally done, it is making it available for free on the World Wide Web. "It will take the entire world to interpret these data," says Novartis research head Mark Fishman. "We figure we will benefit more by having a lot of companies look at these data than by holding it secret."'"



For my Business Continuity planners...

http://science.slashdot.org/article.pl?sid=07/02/13/0118233&from=rss

Bird Flu Pandemic Could Choke the Net

Posted by kdawson on Tuesday February 13, @03:15AM from the edge-cannot-hold dept. The Internet Biotech Politics

PetManimal writes "If a pandemic were to occur, many companies and organizations would ask their staffs to work from home. The impact of millions of additional people using the Internet from home might require individuals and companies to voluntarily restrain themselves from surfing to high-bandwidth sites, such as YouTube. If people didn't comply, the government might step in and limit Net usage. The scenario is not far-fetched: last year at the World Economic Forum in Switzerland, a group of telecom and government officials conducted a pandemic exercise based on a hypothetical breakout of bird flu in central Europe. The results weren't pretty."

From the latter article: "'We assumed total absentees of 30% to 60% trying to work from home, which would have overwhelmed the Internet,' said [one] participant. 'We did not assume that the backbone would be gone, but that the edge of the network... would be overwhelmed... The conclusion [of imminent collapse] was not absolute, and the situation was not digitally simulated, but the idea of everyone working from home appears untenable,' [he] said."


Again, for Security and Business Continuity – more and more vendors are entering this field. Their sales pitch highlights some areas you have to plan for...

http://www.snseurope.com/snslink/news/news-full.php?newsid=5700

Enterprise classification suites for Data Privacy, e-Discovery and Compliance

Date: Monday 12 of February 2007 Author: Diana Shepstone

"Scentric, the provider of the world's first universal data classification solution, today announced the availability of Scentric Destiny Enterprise Suites …"

Each suite combines software, services, and maintenance pre-configured to address the specific challenges of these emerging information management issues in large enterprises. Each suite starts at 25 terabytes and includes options for 50, 100 and 150 terabytes.

... Data privacy

... A recent Gartner study suggested that each record exposed cost $90 in lost revenues and remediation costs, making the financial justification for preventing data leaks clear. [Well, DUH! Bob] The Destiny Enterprise Suite for Data Privacy includes a scalable classification engine, support for all major file types, and pre-built rule sets aimed at addressing the most common data privacy risks including automatically identifying social security and credit card numbers in unprotected files.

... Destiny Enterprise Suite for e-Discovery

Changes to the Federal Rules of Civil Procedure (FRCP) introduced at the end of 2006 represent a fundamental shift in how corporations must deal with electronic discovery. Prior to the changes, e-Discovery was event driven, with companies only worrying about it in response to a discovery request and/or judicial order. Now companies must take steps to protect potential evidence if there is a reasonable chance of legal action being taken. This implies a pro-active approach to finding, collecting, and preserving files and emails on a day-to-day basis. The Destiny Enterprise Suite for e-Discovery provides an enterprise wide classification solution for e-mail communications as well as all major file types, enabling organisations to identify, preserve and package potential evidence using automated policies.

Destiny Enterprise Suite for Compliance

In addition to data privacy issues and the new e-discovery rules, many large enterprises are subject to industry and governmental regulations that define retention periods for specific types of files and email communications. Investment banks, for instance, are required to keep all communications between brokers and customers for a period of seven years. In addition to strict retention periods, many of these regulations specify that the data be stored in an "immutable" form, meaning the organisation needs to be able to prove that these files have not been altered from the original record.


Again, for Business Continuity

http://www.podtech.net/home/technology/2095/f5s-kevin-hohenbrink-data-replication-disaster-recover-part-1

F5's Kevin Hohenbrink: Data Replication Disaster Recover: Part 1

MP3 Audio Audio | Posted by Michael Johnson | February 12th, 2007 4:37 pm

Kevin Hohenbrink, product manager at F5 Networks, outlines the key points of data replication, recovery-point-objective (RPO) and recovery-time-objective (RTO), and their importance in a business continuity/disaster recovery plan. Hohenbrink is the optimization manager for the WANJet, F5's appliace-based data compression and accelerator tool. This is the first of a two part interview. This is an F5 podcast.

No comments: