Wednesday, September 05, 2007

There are several stories today that fall into that evil category of “We can, therefore we must!” There can be undue reliance on technology – what (other than ethics) can keep organizations out of this trap?



We can rely on technology to presume guilt.”

http://yro.slashdot.org/article.pl?sid=07/09/04/2032218&from=rss

Breathalyzer Source Code Revealed

Posted by kdawson on Tuesday September 04, @05:49PM from the and-it-ain't-pretty dept. The Courts Software

Nonillion writes "New Jersey attorney Evan M. Levow was finally able to get an order from the Supreme Court of New Jersey forcing the manufacturer of the popular Draeger AlcoTest 7110 to reveal the source code. Levow turned the code over to experts, Base One Technologies, to analyze. Initially, Base One found that, contrary to Draeger's protestations that the code was proprietary, the code consisted mostly of general algorithms: 'That is, the code is not really unique or proprietary.' In other words, the 'trade secrets' claim which manufacturers were hiding behind was completely without merit." Following up an earlier discussion here, the state of Minnesota has (without explanation) missed a deadline to turn over the code for a different breathalyzer.

[From the article:

  1. Catastrophic Error Detection Is Disabled: An interrupt that detects that the microprocessor is trying to execute an illegal instruction is disabled, meaning that the Alcotest software could appear to run correctly while executing wild branches or invalid code for a period of time. Other interrupts ignored are the Computer Operating Property (a watchdog timer), and the Software Interrupt.



Yet another “we can, therefore we must”

http://it.slashdot.org/article.pl?sid=07/09/04/2014236&from=rss

Comcast Forging Packets To Filter Torrents

Posted by kdawson on Tuesday September 04, @04:56PM from the could-be-actionable dept. Security Censorship

An anonymous reader writes "It's been widely reported by now that Comcast is throttling BitTorrent traffic. What has escaped attention is the fact that Comcast, like the Great Firewall of China uses forged TCP Reset (RST) packets to do the job. While the Chinese government can do what they want, it turns out that Comcast may actually be violating criminal impersonation statutes in states around the country. Simply put, while it's legal to block traffic on your network, forging data to and from customers is a big no-no."



One to watch? If policy isn't enough, the union contract may be...

http://www.nypost.com/seven/08312007/news/regionalnews/track_man_is_sacked.htm

'TRACK' MAN IS SACKED

By DAVID SEIFMAN City Hall Bureau Chief

August 31, 2007 -- Schools Chancellor Joel Klein yesterday fired a veteran worker whose movements were tracked for five months through the GPS device in his cellphone, leading to charges that he was repeatedly cutting out early.

"This individual was getting paid for not working," said schools spokeswoman Margie Feinberg, explaining Klein's decision to accept an administrative law judge's recommendation to ax John Halpin, a longtime supervisor of carpenters.

Halpin had worked in the school system for 21 years and was conscientious enough to show up as much as two hours early for his 8 a.m.-to-3:30 p.m. shift.

He said he was never told that the cellphone he was given in 2005 could be used to monitor his every move and questioned the accuracy of the data it produced.

But neither argument swayed administrative law Judge Tynia Richard, who found Halpin guilty of submitting false time records when he left early on numerous occasions between March and August 2006.

She issued a decision saying the Department of Education was under no obligation "to notify its employees of all the methods it may possibly use to uncover their misconduct."

Jeremy Gruber, legal director for the National Work Rights Institute in Princeton, N.J., said only two states in the nation - Connecticut and Delaware - require that employees be given advance word that their movements might be tracked if they accept a GPS device.

A spokeswoman for the city's Department of Citywide Administrative Services said there was no citywide policy on providing that warning.

The 11-page booklet does contain one cautionary note: Even when the GPS feature is restricted, "location information may still be available to the phone's owner, fleet manager or account administrator."

Halpin's lawyer, Alan Wolin, couldn't be reached for comment.

At least one union has negotiated a deal limiting how GPS data can be used. Drivers for United Parcel Service can't be disciplined based on GPS tracking under the company's contract with the Teamsters.

But city officials said the issue had never been raised in negotiations with municipal unions.




Learn from your mistakes. (Looking for similar security failures often finds more than you thought possible...)

http://www.pogowasright.org/article.php?story=20070904065323511

Pfizer workers' identities at risk

Tuesday, September 04 2007 @ 07:00 AM CDT Contributed by: PrivacyNews News Section: Breaches

Some 34,000 Pfizer Inc. workers, including some current and former employees in Michigan, are at risk for identity theft, according to a letter to employees obtained by The Detroit News.

According to the Aug. 24 letter, a security breach may have caused employees' names, Social Security numbers, addresses, dates of birth, phone numbers, bank account numbers, credit card information, signatures and other personal information to be publicly exposed.

The breach occurred late last year when a Pfizer employee removed copies of confidential information from a Pfizer computer system without the company's knowledge or approval. Pfizer didn't become aware of the breach until July 10.

It's the third time since late May that Pfizer has made public a security breach that exposed current and former employees' personal information.

Source - Detroit News


http://www.pogowasright.org/article.php?story=20070904102531928

More on Pfizer's third breach this year

Tuesday, September 04 2007 @ 10:25 AM CDT Contributed by: PrivacyNews News Section: Breaches

As additional information to a story posted earlier today, see Pfizer's notification letter to New Hampshire and their notification letter to those affected (pdf).




Probably not enough to force a change...

http://yro.slashdot.org/article.pl?sid=07/09/04/1341248&from=rss

Scientist Must Pay to Read His Own Paper

Posted by samzenpus on Tuesday September 04, @12:00PM from the who-own-paper-town dept. Education The Almighty Buck

Glyn Moody writes "Peter Murray Rust, a chemist at Cambridge University, was lost for words when he found Oxford University Press's website demanded $48 from him to access his own scientific paper, in which he holds copyright and which he released under a Creative Commons license. As he writes, the journal in question was "selling my intellectual property, without my permission, against the terms of the license (no commercial use)." In the light of this kind of copyright abuse and of the PRISM Coalition, a new FUD group set up by scientific publishers to discredit open access, isn't it time to say enough is enough, and demand free access to the research we pay for through our taxes?"




First song I've ever downloaded -- honest!

http://www.youtube.com/watch?v=Yz-grdpKVqg&mode=related&search=


...and an anthem for my lawyer friends

http://video.google.com/videoplay?docid=7152467335525877681&q=Weird+Al+Yankovic&total=6413&start=0&num=10&so=0&type=search&plindex=8

No comments: