Wednesday, May 16, 2007

Suspicions confirmed

http://techdirt.com/articles/20070515/094858.shtml

Indian Visa Application Data Easily Accessible Using Old 'Change Number In URL' Trick

from the very-very-secure dept

The folks over at Daniweb have submitted their story about the online visa application system in India. Approximately a year ago, someone who was using the system ran into a problem, where all the work he had done in filling out the application seemed to disappear, and the back button wasn't work. So he tried making small changes to the URL... which gave him access to someone else's visa application. There are plenty of online systems that do this, but you would expect something a little more secure when it comes to government documents that include all sorts of personal info. The guy notified those responsible, and his alert was promptly ignored. It was only after they were contacted a second time, by the person writing the article about it, that they took it seriously enough to finally plug the hole. With governments leaking data all the time, is it any wonder that people don't feel particularly safe when the government wants even more data from us, while promising that there's no way it would ever be leaked?



TJX Financials for the quarter ended April 28, 2007

http://ir.10kwizard.com/filing.php?repo=tenk&ipage=4932689&attach=ON&doc=1&total=&source=487

FORM 8-K

Notes to Consolidated Condensed Statements

... TJX recorded an after-tax charge of approximately $12 million, or $0.03 per share, for costs incurred during the first quarter in connection with the Computer Intrusion in addition to an after-tax charge of approximately $3 million for such costs recorded in the fourth quarter of fiscal 2007.



Is this the way to do it? Seems to me it encourages taking data home...

http://www.pogowasright.org/article.php?story=20070515064026383

VA buys 25K secure thumb drives

Tuesday, May 15 2007 @ 06:51 AM CDT - Contributed by: PrivacyNews - Fed. Govt.

The Veterans Affairs Department awarded a contract to Kanguru Solutions of Millis, Mass., for 25,000 encrypted USB flash drives to help ensure the security of VA’s sensitive data. Kanguru will deliver the drives by the end of this month.

Source - FCW



Please push this! It could be very entertaining...

http://techdirt.com/articles/20070515/200103.shtml

MySpace Explains The Law To States' Attorneys General

from the so,-the-first-thing-you-need-to-do-is... dept

Following the ridiculous grandstanding by a group of 8 state attorneys general, MySpace has responded to the demand that they hand over the names of sex offenders who are registered on the site by noting that to do so would be against the law. Specifically, it would violate the Electronic Communications Privacy Act (ECPA). You would think that someone in the position of Attorney General would know the law -- but why let the law come between you and a little grandstanding publicity "for the children?" MySpace also notes that it's been pretty successful in finding and blocking sex offenders, so the whole thing is quite overblown. You have to hand it to MySpace. It's nice to see them resist just handing over info to the government, rather than, say, pulling a Verizon and claiming a first amendment right to hand your info over to the government.



Rethinking without thinking?

http://techdirt.com/articles/20070515/130834.shtml

Court Ruling May Narrow Section 230 Protection

from the exempt-exemptions dept

The government's attempts to regulate the internet are almost always misguided, but section 230 of the Communications Decency Act stands out as a rare instance of foresight, as it specifies that website proprietors aren't, in general, legally liable for content posted by users. As more and more sites are built on user-generated content, this protection has only grown in importance. However, a decision handed down today by the Ninth Circuit may narrow section 230 protection (via Above The Law) to some extent. At issue is whether the site Roommates.com is on the hook for ads posted by its users that violate the Fair Housing Act by specifying the race and gender of the desired roommate. If you'll recall, Craigslist faced the exact same issue, but was cleared, so you might think that the same would apply in here. However, in this case, the court ruled that the site is not necessarily protected because it provides a form that specifically invites users to fill out a potentially illegal roommate preference. The court reasoned, by analogy, that a hypothetical site called harrassthem.com would not warrant protection if it specifically asked that its users furnish defamatory information on individuals. However, the court did say that Roommates.com could not be held liable for comments on the site that were separate from the forms it offered to users. It's still not clear what's going to happen here, or what this means for other sites that depend on section 230 immunity, though it would seem to have little effect on most sites that simply have an open comments section. As for Roommates.com, it's likely it will try to avoid the problem by letting its users post free-form roommate ads, so that it's not suggesting anything illegal.



I'll look for the transcript – should be amusing.

http://torrentfreak.com/riaas-ip-gathering-techniques-about-to-be-busted/

RIAA’s IP Gathering Techniques About to be Busted

Written by Ernesto on May 15, 2007

RIAA’s shoddy data gathering techniques are unlawful and shouldn’t be used as legal evidence. This is what a Dutch court concluded based on the expert witness statement from Dr Johan Pouwelse, who is about to testify in the UMG v. Lindor case in the US.

Dr. Pouwelse is hired by Ray Beckerman, Mrs Lindor’s lawyer, to give his expert opinion on the RIAA’s IP-harvesting techniques.

Among others, the RIAA hires the US based company MediaSentry to monitor file-sharing networks for infringements of their client’s media. MediaSentry’s job is to identify and trace IP addresses they claim are engaged in such activity.

MediaSentry’s effectiveness has been called into question by Dr. Pouwelse in Foundation v. UPC Nederland. It was concluded that the “shoddy” way MediaSentry collects and processes IP addresses has no lawful basis. When the US court reaches the same conclusions, this will have great implications for many other RIAA lawsuits.

As Jon from P2Pnet puts it; “Pouwelse’s evidence will be a landmark and it’ll be re-employed by attorneys the length and breadth of America who are working to prove the innocence of their clients who, like Mrs Lindor, are falsely held up to be unprincipled, hard-core criminals and thieves.”

Pouwelse is founding father of the Tribler BitTorrent client and currently employed as an Assistant Professor at Delft University of Technology in the Netherlands.

Stay “tuned”.

No comments: