Saturday, April 07, 2007

This could hurt...

http://www.boston.com/business/personalfinance/articles/2007/04/07/fla_tjx_differ_on_scam_timeline/

Fla., TJX differ on scam timeline

Police file suggests chain knew 9 months earlier of data breach

By Ross Kerber, Globe Staff April 7, 2007

State investigators looking into the theft of more than 45 million credit and debit card numbers from TJX Cos. are trying to determine when the Framingham retailer first learned that its computer systems were compromised.

In recent weeks several legal documents in connection with the incident, the largest reported breach of card data in US history, have been filed in Florida courts and with securities regulators. The firm's timeline of events, however, doesn't match the version of events as outlined by Florida investigators.

TJX, parent of discount chains including TJ Maxx and Marshalls, said in a securities filing last month that it learned of the security breach in its systems on Dec. 18, when it discovered unauthorized software had been placed its computer systems. It also reported that it delayed notifying the public for a month, at the direction of the US Secret Service, which TJX said wanted to make sure a disclosure wouldn't compromise its ongoing investigation. The Secret Service is the federal agency that protects the nation's electronic-payment and financial systems.

However, a document filed by Florida police officials says that TJX reported a breach involving thousands of card numbers to the Secret Service in March of 2006, nine months earlier. Florida officials filed the document in connection with the arrests of six people charged with using information taken from TJX to steal millions of dollars with worth of goods.

Kim Bruce, a spokeswoman for the US Secret Service, disputed the suggestion that the agency learned of the breach in March 2006. "We first got the information from TJX in December and have been investigating since then," she said.

A TJX spokeswoman, Sherry Lang, called the March date in the Florida filing incorrect. "We stand behind our statements we have made in our press releases," she said. "We reported it to law enforcement in December of 2006. Anything else anyone is saying about this is incorrect."

The issue of timing is important because had TJX learned of and reported the problem earlier, security specialists say, customers and merchants could have had more warning to guard against fraud, potentially saving millions of dollars in losses. Several pending lawsuits against TJX question whether the company disclosed the breach early enough.

Randy Roberts, a detective in Gainesville, Fla., who signed the filing known as a probable cause affidavit, said he could not discuss the March date. He said he learned of the TJX connection to his investigation once it began in November. He referred further questions to a department spokesman, who declined to elaborate.

A group of state attorneys general led by Massachusetts Attorney General Martha Coakley is looking into the TJX data breach to determine whether consumer-protection laws were violated. In an interview yesterday, Coakley did not address the discrepancies directly, but said "we're looking at all the factors in this breach, including when and how it was discovered and when it was reported to the authorities."

Another participant in the group, Connecticut Attorney General Richard Blumenthal, confirmed that "the issue of timing relative to the discovery of this problem" is under investigation. Both Blumenthal and Coakley said they couldn't comment further.



Why transport this data? “We've always done it that way...”

http://www.pr-inside.com/hortica-alerting-public-to-loss-of-r87434.htm

Hortica Alerting Public to Loss of Backup Tapes

2007-04-06 19:48:09 -

EDWARDSVILLE, Ill., April 6 /PRNewswire/ -- Florists' Mutual Insurance Company (Hortica), an Illinois-based provider of employee benefits and insurance to companies in the horticultural industry, today announced that a locked shipping case containing magnetic backup tapes cannot be located. Hortica believes that the backup tapes contained personal information including names, Social Security numbers, drivers' license numbers, and/or bank account numbers.

The locked shipping case was being transported by UPS from a secure offsite facility to the company's Illinois headquarters. UPS informed Hortica that the shipping case could not be located, and Hortica has been working with UPS in an attempt to locate the case. On April 5, 2007, UPS notified Hortica that all internal recovery processes had been exhausted and the shipping case could not be located.

... Mr. McClellan said Hortica has since altered its backup tape storage procedures so shipment of backup tapes by common carrier is no longer required. [Prior to this incident, we didn't think thinking was required...” Bob]

... Information regarding the loss of the locked shipping case will also be posted on Hortica's website at http://www.hortica-insurance.com/.



How does one forecast the time required?

http://www.eweek.com/article2/0,1759,2112058,00.asp?kc=EWRSS03119TX1K0000594

Intel Gets More Time to Explain Lost E-Mails in Antitrust Case

April 6, 2007 By Chris Preimesberger

Intel, the world's largest microprocessor maker, has been granted a few more days to explain how it is trying to locate a long list of missing e-mails in the legal discovery phase of a 2-year-old court battle initiated by its major competitor, Advanced Micro Devices.

A U.S. District judge on March 7 originally gave Intel 30 days to try to recover more than 1,000 lost e-mails that it was required to keep for an antitrust lawsuit filed by AMD in 2005.

Federal court rules enacted Dec. 1 require enterprises to be able to quickly find such data when required by the court.

The e-mails that Intel claims are missing reportedly discuss details relevant to the AMD lawsuit, which alleges that Intel engaged in anti-competitive practices to maintain a "monopolistic position" in the PC processor market, according to court documents.

Since then, Judge Joseph Farnan of U.S. District Court in Delaware has opted to give the Santa Clara, Calif., chip maker 10 more days—until April 17—to come up with a report to AMD on how the e-mail search is progressing or whether the corporation will be able to produce the e-mails at all.

... Intel's e-mail system, which runs on Microsoft Exchange servers, serves 99,900 employees worldwide. It is automated to expunge e-mail sent or received by employees every 35 days; senior executive e-mail is purged every 45 to 60 days.

Some of the e-mail messages may be recoverable from backup tapes or by employee-initiated backup; Intel said it is busy tracking these down. However, trying to find individual e-mail messages with specific keywords in unindexed backup tapes is tedious and requires a substantial amount of work time. Individual backup tapes must be mounted one at a time to have their contents restored and examined.

About 1,000 Intel Employees Involved

According to court documents, Intel has identified about 1,000 employees as having potentially relevant information. In the company's best e-mail storage scenario, all these employees would have been contacted and asked to preserve the e-mails for the discovery team. Intel relies solely on employees to back up their own e-mail messages for reference.

In the best possible e-mail backup/archive scenario, Intel's employees wouldn't have had to worry about backing up any e-mails. A full-service corporate e-mail archiving system—a number of which have been available for several years and about which eWEEK has reported often —would likely have been able to solve this legal issue within a few hours.

If Intel cannot produce all the relevant e-mails that AMD and the court are demanding, the judge could levy a stiff fine if he considers this unreasonable behavior.

Judge Has Other Options

There are other ways to handle this loss of key evidence. It is entirely possible that AMD may have to help foot the bill for finding it if legal precedence comes into play.

... So, if Intel reports on April 17 that it will take much more time and money to recover the missing e-mails, Farnan could indeed grant the time and theoretically could even order AMD to pitch in for the e-discovery costs—which could easily run into high-six-figure territory.

Most of the missing e-mails were written after AMD filed suit against Intel on June 27, 2005, according to court documents.

In a statement sent to the court, AMD said: "Through what appears to be a combination of gross communication failures, an ill-conceived plan of document retention and lackluster oversight by outside counsel, Intel has apparently allowed evidence to be destroyed. Intel executives at the highest level failed to receive or to heed instructions essential for the preservation of their records, and Intel counsel failed to institute and police a reliable backup system as a failsafe against human error."

Intel Admits Its Foibles

To its credit, Intel has been candid about its e-mail problem.

eWEEK obtained a copy of a letter Intel sent to AMD and to Farnan last month. In it, Intel said that despite a companywide effort to comply with AMD's requests for evidentiary documents—including tape backups of more than 1,000 of its employees' correspondence—the company admitted there were "inadvertent mistakes in the implementation" of its preservation process.

For example, some employees obeyed the request to save their e-mails to a backup hard drive but did not save their "sent" e-mail folders—only the "incoming" mail folder. As a result, those sent e-mails were purged as part of Intel's regular maintenance program. In the letter, Intel also said a few employees didn't follow the directive at all because they believed the IT department was automatically saving their e-mail on its own.



Is this the opposite of identity theft? Interesting question. How far must the court go to protect people who used an illegal service? What assumptions are made here – that the users were ignorant?

http://www.timesunion.com/AspStories/story.asp?storyID=578537&category=REGION&newsdate=4/6/2007

Judge offers steroid buyers a shot at privacy

Customers of Florida pharmacy can oppose use of records in court

By BRENDAN J. LYONS, Senior writer First published: Friday, April 6, 2007

Tens of thousands of people across the United States who purchased drugs from an Orlando pharmacy at the center of an Albany steroids case must be notified that their prescription records were seized by police, a Florida judge ruled this week.

Those drug buyers, many of whom bought steroids through companies that have Web sites, will then have 30 days to object to their records being used in court, [on what basis? Bob] the judge said. The judge also ordered police to stop sifting through the documents until medical privacy issues have been resolved.

The sealing order by Circuit Judge John Marshall Kest of Osceola County, Fla., will indefinitely stall the sprawling steroids investigation. It could also allow professional athletes and others suspected of illicitly buying drugs a chance to keep their names from becoming public in court.

... Tingley argued in court that Orlando police and investigators in Albany County should not be given access to the seized records until the patients have had a right to invoke their rights to medical privacy. She said the seized items included all patient records, including, for instance, the records of dialysis patients.

... Florida prosecutors argued against the sealing order handed down Tuesday. They said more than half of Signature's customers were people who purchased drugs "for non-legitimate purposes." [Sounds logical, but is there any factual way to be certain? Bob]



Will this “improve service?” Does ISP liability increase as traffic is flagged for slowdown?

http://techdirt.com/articles/20070405/201336.shtml

Rogers Traffic Shaping Making It Difficult For Users To Use Secure Email

from the nice-work dept

Canadian ISPs haven't been shy about using traffic shaping tools to try to slow down the use of things like BitTorrent. This is a lot of what the network neutrality debate is about -- as ISPs would like to shift all that traffic onto the slow lane. Of course, as has been pointed out, this can backfire badly. Trying to slow down BitTorrent traffic will just lead to more people encrypting all of their internet use -- increasing the overhead involved, increasing the traffic and making the attempts at traffic shaping pointless. This is exactly what's happened in plenty of cases. However, Canadian ISP Rogers has taken things to the next level, and apparently decided that all encrypted traffic must be bad and should be slowed down. That means that for folks who happen to do ordinary things like use encrypted email connections (as you should), Rogers can make email nearly impossible to use. It's not clear how this helps anyone. It pisses off users who (hopefully) will jump to other ISPs at the first opportunity (if there is one), and doesn't help Rogers keep bandwidth down on its network. It just makes the system more expensive and more overloaded, while making it nearly impossible for people to do basic things like email. Nice job, Rogers.



Did Google cave in?

http://techdirt.com/articles/20070406/094002.shtml

Why Should AFP Need To License The Right For Google To Link To Its News Stories?

from the but-now-what dept

Two years ago, the news agency Agence France-Presse (AFP) bizarrely sued Google for linking to its news stories via its news search engine, Google News. This made very little sense, as it basically made it much harder for people to find or read AFP news. I n a highly competitive news market, making it harder to find your news isn't a particularly intelligent strategy. This actually made a number of news sites that licensed AFP news quite angry because they lost a ton of traffic that Google News drove to their sites. A similar story played itself out recently in Belgian courts with Google being barred from linking to certain Belgian newspaper sites as well. However, the AFP lawsuit was still out there, until today, when Google and AFP announced a settlement, including a license from AFP to put its stories back into Google News.

Unfortunately, there aren't that many details. It's unclear if Google paid any money for this "right" or if AFP finally came to its senses and realized that cutting yourself off from Google isn't particularly useful. Either way, though, it still sets a bad precedent that Google had to secure a special license to link to content. There's simply no need for a license to index and link to content -- and Google agreeing to a license from AFP just means that now other publishers will start lining up claiming that Google should pay them as well. It's the same thing that has happened since content companies discovered Google was willing to pay off record labels for having their content on YouTube. That eventually resulted in just about every media company lining up for its own cut -- and, eventually to Viacom's decision to sue for $1 billion, when Google wouldn't pony up as much as Viacom wanted. Google is setting a bad precedent here, agreeing to license content it doesn't need to license, and it's only going to create more problems down the road as other content firms line up demanding payment for similar licenses.



Get 'em while they're young!

http://blogs.pcworld.com/staffblog/archives/004035.html

Friday, April 06, 2007 5:26 PM PT Posted by Ramon G. McLeod

Taxpayer-paid iPods for Every Kid?

What the??? Yes, in the state of Michigan, which faces a $1 billion deficit, the Detroit News and Detroit Free Press are both reporting that House Democrats have offered a spending plan that would "buy an MP3 player or iPod" for every school-age kid.

The cost? How about $38 million, according to the Free Press. No or other details are available, which makes me think this is one of those off-the-wall ideas, so beloved in state houses and Congress, that won't go anywhere.

Or at least I HOPE it won't go anywhere...



Worth a listen...

http://www.schneier.com/blog/archives/2007/04/ru_sirius_inter.html

April 05, 2007

RU Sirius Interview

RU Sirius interviewed me for his podcast show.

Posted on April 05, 2007 at 03:35 PM

Show #98: Everything The US Government is Doing About Security is Wrong



You can test it yourself, or you can let someone else (the bad guys) take the first shot...

http://www.computerworld.com/action/webcast.do?command=viewWebCastDetail&contentId=9007043&source=rss_topic17

The IT Security Must Have for 2007: Penetration Testing Tools

April 6, 2007

Download this on demand webcast, FREE, compliments of Core Technologies!

Abstract: (Source: Core Technologies) Today's enormously complex enterprise IT infrastructures consist of hundreds and in some cases thousands of systems and subsystems. The task of correctly assessing the real security risks associated with a seemingly endless stream of vulnerability and patching reports for this infrastructure is a daunting task for the IT staff. Download this on demand webcast to learn the compelling reasons why automated penetration testing must be an integral part of an enterprise's security and vulnerability management processes and programs



Have we reached a tipping point?

http://www.infoworld.com/article/07/04/06/HNmsreversesondrmfree_1.html?source=rss&url=http://www.infoworld.com/article/07/04/06/HNmsreversesondrmfree_1.html

Microsoft changes tune on selling DRM-free songs

After claiming that DRM is 'necessary' for digital media, the company will soon follow Apple's lead in offering DRM-free music

By Elizabeth Montalbano, IDG News Service April 06, 2007

Following digital music pioneer Apple's lead yet again, Microsoft said this week it will soon sell digital music online without DRM (digital rights management) protection.

Microsoft's apparent change of heart on selling DRM-free music came in response to Apple's deal earlier in the week to sell unprotected content from recording company EMI. The company previously claimed that DRM was necessary for current and emerging digital media business models.



Three articles documenting “politics over reason” If there is software capable of censoring the Internet (text, web sites, audio and videos), then that software can be used to identify copyright violators, terrorists, political dissidents, etc. Is it really possible or the wishful thinking of a few who don't understand technology?

http://yro.slashdot.org/article.pl?sid=07/04/06/2125206&from=rss

Turkish Assembly Votes For Censoring of Web Sites

Posted by Zonk on Friday April 06, @08:49PM from the we're-actually-really-nice-out-here-guys dept. Censorship The Internet Politics

unity100 writes "CNN has some news about a recent development in Turkey where the Turkish assembly, totally out of line with Turkey's commitment to EU membership, has voted to have sites that 'insult to the founder of modern Turkey' censored from entire Turkish population. This, just about a month after the decision to censor YouTube was reached by the Turkish courts. 'On Thursday, lawmakers in the commission also debated whether the proposal should be widened to allow the Turkish Telecommunications Board to block access to any sites that question the principles of the Turkish secular system or the unity of the Turkish state -- a reference to Web sites with information on Kurdish rebels in Turkey.'"


http://www.technewsworld.com/rsstory/56737.html

Two More 'Offensive' Videos Fuel Thailand-YouTube Standoff

By Rungrawee C. Pinyorat AP 04/06/07 8:01 AM PT

Thailand has left its countrywide block of YouTube in place after users posted new videos that some in the country deem offensive. The ban began earlier this week when a user posted a slideshow that insulted the nation's king. The person who posted that video voluntarily removed it a day later, however two more insulting videos have since been posted. YouTube has declined to remove the content itself.


http://techdirt.com/articles/20070406/113054.shtml

Tokyo Election Commission Worried People Might Actually Watch Candidate Speeches On YouTube

from the it-might-make-them-more-educated! dept

There's just something about politicians and their inability to understand the internet. Slashdot points us to an article about the Tokyo Election Commission demanding that YouTube take down videos of various local political candidates after a "fringe" candidate started getting plenty of attention. Apparently, Japan only allows candidate speeches to be aired on the local public broadcasting network, and somehow having them up on YouTube isn't fair. We're not exactly sure how making candidate videos available to more people in a more convenient way could ever be considered less fair, but I guess that's why we're not on the Tokyo Election Commission. Still, you would think that with the big challenges involved in making the electorate more informed, people would be enthusiastically supporting the idea of making the videos more, not less, available. Oh well. Maybe this means that Japan will ban YouTube as well.



I wonder if they will allow outsourcing to the US?

http://hosted.ap.org/dynamic/stories/I/INDIA_SCARCE_WORKERS?SITE=VALYD&SECTION=HOME&TEMPLATE=DEFAULT

India High-Tech Industry Out of Workers

By TIM SULLIVAN Associated Press Writer Apr 7, 12:13 AM EDT



If I'm not listed (under GEEK) can I sue?

http://slashdot.org/article.pl?sid=07/04/07/0339229&from=rss

1-800-Google Launches

Posted by Zonk on Friday April 06, @11:37PM from the crying-with-information dept.

The Webguy wrote to mention a C|Net article talking about Google's newest toy - Local Voice Search. The service is dirt simple: you call a 1-800 number and, via voice recognition software, say the category of business you're trying to reach. You can also try for a specific name, though the C|Net blogger had some problems with that. The Google Blog has been updated with details as well: "Google Voice Local Search lets you search for local businesses from any phone and for free. If you're in the US, call 1-800-GOOG-411 and say what you want to find. Here are some of the features -You can find a business listing by category. Just say "pizza," for example. You can send the listing details to your mobile phone via SMS. The service is fully automated, so it doesn't rely on human operators. It connects you directly to the business, free of charge."



Proof suggests predictability. Should we invest in sunscreen?

http://www.bespacific.com/mt/archives/014489.html

April 06, 2007

Climate Change 2007 - Assessment Report of the Intergovernmental Panel on Climate Change

Climate Change 2007: "The IPCC 4th Assessment Report (AR4) consists of four volumes that will be released in the course of 2007. Compared to the 2001 report, the AR4 pays greater attention to the integration of climate change with sustainable development and the inter-relationships between mitigation and adaptation. Specific attention is given to regional issues, uncertainty & risk, technology, climate change & water.

Here are the release dates:
February 2 (Paris) - The Physical Science Basis
April 6 (Brussels) - Impacts, Adaptation and Vulnerability - Summmary for Policymakers
May 4 (Bangkok) - "Mitigation of Climate Change"
November 16 (Valencia) "The Synthesis Report"

Working Group I Report, "The physical science basis", assesses the current state of knowledge about the natural and human drivers of climate change, reflecting the progress of the climate change science in the observation of the atmosphere, the Earth's surface and oceans. It provides a paleoclimatic perspective and evaluates future projections of climate change. Main topics include changes in atmospheric composition, observation of various climate parameters, coupling between changes in climate and biogeochemistry, evaluation of models and attribution of climate change.

Working Group II Report addresses "Impacts, Adaptation and Vulnerability": It provides a detailed analysis of observed changes in natural and human systems and the relationship between those observed changes and climate change, as well as a detailed assessment of projected future vulnerability, impacts, and response measures to adapt to climatic changes for main sectors and regions.

Working Group III Report on "Mitigation of climate change" analyses mitigation options for the main sectors in the near term, addressing also cross sectorial matters such as synergies, co-benefits, trade-offs, and links with other policy objectives. It also provides information on long term mitigation strategies, for various stabilization levels, paying special attention to implications of different short-term strategies for achieving long-term goals.


http://blog.nam.org/archives/2007/04/mars_is_warming.php

April 5, 2007

Climate Update: Mars is Warming, Crops are Growing

Apparently all the manufacturing activity and the SUV's driving around Mars are starting to have an impact: The Martian climate is warming. What other explanation could there possibly be?

Also, Tim Blair has this post, noting first the dire predictions of warming and its impact on crop yields and then noting that crop yields are at an all-time high. Oh, well...

It's at least impolite (and in some quarters heresy) to speak of benefits from any potential warming, but it doesn't seem logical, does it, that warming would produce only negative results -- or that cooling would produce only negative results? It just doesn't make logical sense. In other words, warming or cooling would presumably bring with it a mix of good and bad, no? Wouldn't one of the upsides of warming be longer growing seasons in some areas, and thus higher crop yields? If you believe the globe has warmed a degree in the last century, then maybe that's what accounts for the high crop yields, which is good news for the world's poor, and the world at large.


http://hbswk.hbs.edu/item/5660.html

Will Market Forces Stop Global Warming?

Published: April 6, 2007 Author: by Jim Heskett

Friday, April 06, 2007

Interesting to compare to identity Theft cases. What is proprietary here? (not my name and address?)

http://www.pogowasright.org/article.php?story=20070405141525685

Former Morgan Stanley Employee Arrested On Data Theft Charges

Thursday, April 05 2007 @ 02:15 PM CDT - Contributed by: PrivacyNews - Breaches

A former Morgan Stanley client service representative was arrested and charged with stealing proprietary information relating to the brokerage firm's hedge fund clients.

Peteka is alleged to have accessed information on Morgan Stanley's hedge fund clients and the rates they pay [Not published? Bob] while he worked for another company, and sending the information to his personal e-mail account several times between December 2005 and February 2006.

Source - Consumer Affairs



Lots of surveys, no new laws.

http://www.govtech.net/magazine/story.php?id=104804

Most Americans Worry About Identity Theft, According to Poll

April 5, 2007 News Release

Identity theft is a topic that weighs heavily on the minds of many Americans -- the vast majority of respondents (91 percent) in a new Zogby Interactive survey said they are concerned that their identity might be stolen and used to make unauthorized purchases.

The online survey, which includes a respondent base that is comfortable with the Internet, also shows that of those, half (50 percent) said they were very concerned about identity theft. Older adults are the most concerned -- 94 percent of those age 65 and older said they worry about the possibility of their identity being compromised. Even though younger adults are slightly less concerned, 86 percent of those age 18 to 29 said they worry about identity theft. Overall, 92 percent said protecting their identity is important.

... In addition to identity theft, the survey also shows respondents worry about what companies might to do with personal information gathered about customers. The vast majority of respondents (91 percent) said they are concerned that retailers, credit card companies, banks and other firms could sell their personal information for marketing purposes. Nearly as many (83 percent) said they are concerned that information provided to retailers could end up in the hands of others, either through theft or sale.

Respondents' confidence in how aggressively their personal information is protected by such companies from theft also varies -- one in three (34 percent) said they are not confident that retailers, credit card companies, banks and other firms that have detailed records of a customer's personal information are taking the appropriate steps to safeguard that information. But more than one in four (28 percent) said they believe companies are doing a good job of keeping their information safe.

Not surprisingly, 85 percent of respondents said privacy of their personal information is important to them as consumers. But that is apparently not enough to drive people to the fine print -- 29 percent said they rarely read the privacy policies from retailers, credit card companies and banks about how they will use a customer's personal information -- and another 8 percent said they never do.

If a company says they will not share or sell customer information, nearly half (48 percent) believe the company will not do so, but 35 percent said they're skeptical that companies follow through with their promises to protect consumer privacy.



The police officer as second class citizen.

http://fourthamendment.com/blog/index.php?blog=1&title=a_police_officer_has_a_lesser_right_to_p&more=1&c=1&tb=1&pb=1

04/05/07 06:21:35 am, by fourth Email

A police officer has a lesser right to privacy as a result of his career choice

In a convoluted RICO conspiracy claim brought by an NYPD officer against the city and others, one claim dealt with invasion of privacy. The court held that the officer had a lower expectation of privacy as a result of his voluntarily becoming a police officer. The case involved detox. Buneo v. City of New York, 2007 U.S. Dist. LEXIS 24766 (E.D. N.Y. March 30, 2007):



Is this data hijacking or a company that just doesn't care?

http://consumerist.com/consumer/apple/apple-no-you-cant-have-your-data-back-were-keeping-it-249967.php

04 05 2007

Apple: No, You Can't Have Your Data Back, We're Keeping It

If you have AppleCare and send your Mac in for a hard drive issue, you'll want to be aware of their policies. If Apple can't fix the hard drive and restore your data they'll replace the disk, but they'll also keep your old drive. Even if you ask for it back. Even if you try to buy it back. Reader Chris says this is standard industry policy, but he still objects to it:

... So, it turns out, Apple will hold your hard drive hostage at an Apple Store, not because of cost or stock management, but simply because they do. I did not mail my laptop to a service center, I took it to a store and am going to pick it up. There is, functionally, no difference for Apple if I get my warranty drive and take my old hard drive *full of my personal data* or not. In fact, I save them the trouble of disposing of it. They simply refuse to allow it. From what I hear this is standard industry practice.



It's always good to have a bad example...

http://techdirt.com/articles/20070404/224047.shtml

Note To Self: Don't Store Top Secret Military Data In Porn Folder

from the just-a-suggestion dept

While the US gov't may have trouble keeping track of important computers with sensitive information, there's just something extra special about the way top secret information leaks in Japan. There were, of course, the nuclear secrets leaked via a file sharing program, after an outside contractor was allowed to use his personal computer to store the documents. The latest seems almost as bizarre. Apparently top secret information on Aegis destroyers were passed among a few petty officers in Japan's Maritime Self-Defense Force, after one such officer copied the porn directory from a colleague's computer. This raises all sorts of questions, but the biggest one has to be: what person thinks that they'll hide top secret military documents in a porn folder and assume that that's the least likely place that people will end up looking?



“Now all we need is a “vote this way” drug.” Every Politician on earth

http://techdirt.com/articles/20070405/074325.shtml

Does Your Cell Phone Plan Come With Unlimited Drug Delivery?

from the dialing-it-in dept

The concept of telemedicine, allowing doctors to offer their services from a distance, has been hyped up for some time, although it has yet to take off in a big way. Now a team of European and Israeli scientists are experimenting with a more direct way of using modern communications technology to deliver medicine: using a cell phone to control a drug-dispensing tooth that can be implanted in a patient's mouth. The invention is aimed at patients who either forget to take their medicine, [but never forget their cell phone... Bob] or just don't like to. Instead, the medicine will already be stored in their mouth, and will be emitted at a regular interval on command from their handsets. Presumably, it could also be used to deliver a drug like morphine, which the patient controls, but is limited in terms of how often it can be taken. Of course, once these start being implanted in patients, you can only imagine the type of conspiracy theories that will arise having to do with pernicious plots between the government, handset makers and dentists to dope us all with mind-altering elixirs.



Is there a “why” here?

http://news.com.com/2010-1025_3-6173903.html?part=rss&tag=2547-1_3-0-5&subj=news

Web 2.0--the folly of amateurs?

By Charles Cooper Story last modified Fri Apr 06 05:21:42 PDT 2007

Andrew Keen doesn't fit the profile of your garden-variety bomb thrower.

But make no mistake about this erudite British-born entrepreneur: He is out to rattle Silicon Valley and the geekerati by detonating many of the comfortable myths attending the Web 2.0 era.

In a deliciously subversive new book, The Cult of the Amateur, which debuts in June, Keen recounts the many ways in which technology is remaking our culture and society. Anyone familiar with Keen's previous work from his blog will recognize the terrain here. Keen is a gloomy elitist--in the best sense of that term--wistful about a politer, more thoughtful era, but one that's destined to get trampled underneath by the amoral onslaught of the Internet.

... The subtitle of his book states his thesis bluntly: "How the democratization of the digital world is assaulting our economy, our culture, and our values."



well, DUH!

http://it.slashdot.org/article.pl?sid=07/04/05/186235&from=rss

Study Finds Cost Major Factor In Outsourcing Positions

Posted by Zonk on Thursday April 05, @03:19PM from the they-get-you-coming-and-going dept. The Almighty Buck Businesses IT

theodp writes "Debunking claims to the contrary, a new study from Duke University asserts that it is purely cost savings, and not the education of Indian and Chinese workers, or a shortage of American engineers that has caused offshore outsourcing. 'The key advantage of hiring Chinese entry-level engineers was cost savings, whereas a few respondents cited strong education or training and a willingness to work long hours. Similarly, cost savings were cited as a major advantage of hiring Indian entry-level engineers, whereas other advantages were technical knowledge, English language skills, strong education or training, ability to learn quickly, and a strong work ethic.' The article goes on to point out that despite this, outsourcing will continue to be a problem for US workers in coming decades; new elements of traditional corporations like R&D may in fact be next on the outsourcing chopping block."



Other uses?

http://yro.slashdot.org/article.pl?sid=07/04/06/0048250&from=rss

Web Scanning Technology for Copyright Violations

Posted by CowboyNeal on Friday April 06, @12:42AM from the finding-a-good-movie dept. Media The Courts The Internet

eldavojohn writes "I've heard a lot of talk about software being used to detect pirated media anywhere on the web, but haven't seen a lot of details. PhysOrg has a good article on one of the tools out there. Automatic Copyright Infringement Detection (ACID) boasts a patented technology coined 'meaning-based computing' that is reportedly capable of finding relationships between 1,000 different types of files. The important thing is that this is not tagging based searching. 'Autonomy's search technology uses automatic hyperlinking and link clustering that the company claims isn't built into keyword search engines. According to the company, this technology allows computers to perform searches with greater context, so it finds a wider range of related documents or research citations than is possible from keyword searches.' For more details on how this magic works, check out Autonomy's patent and the many patents by its subdivision, Virage."



Busy, busy, busy!

http://www.bespacific.com/mt/archives/014485.html

April 05, 2007

State of the Blogoshpere Report, April 2007

David Sifry's annual State of the Blogosphere report: "Technorati is now tracking over 70 million weblogs, and we're seeing about 120,000 new weblogs being created worldwide each day. That's about 1.4 blogs created every second of every day." Archive of reports dating back to October 2004 are linked here.

[From the article: Technorati is now tracking over 70 million weblogs, and we're seeing about 120,000 new weblogs being created worldwide each day. That's about 1.4 blogs created every second of every day.



Is this progress?

http://news.com.com/2100-1039_3-6173839.html?part=rss&tag=2547-1_3-0-5&subj=news

New technology lets you read your voice mail

Several companies are betting on voice-recognition applications that transcribe those rambling messages into e-mail or text messages.

By Marguerite Reardon Staff Writer, CNET News.com Published: April 6, 2007, 4:00 AM PDT

Why listen to your voice mail messages when you can read them? That's what a new crop of companies is asking--they're developing software that turns voice mail messages into transcribed e-mail or text messages.



20th century literature gets it, why can't the music people?

http://techdirt.com/articles/20070403/100546.shtml

No RIAA For The Comic Book Industry

from the and-that's-a-good-thing dept

Lee writes "The digitization and subsequent illegal distribution of copyrighted media isn't just affecting movies and music. The creators of comic books seem to be going through the same business model shift as the recording and motion picture industries. As with all such changes, some people are more willing to accept it than others. Steven Grant at Comicbookresources.com has an interesting article about how the comic book world is dealing with life in the 21st century. He makes some good points and clearly understands that things are not going to change unless there's some innovation in the comic book business model." He basically points out that file sharing isn't going away, and the industry needs to learn to accept it, use it for promotions, but ask people to keep buying the comic books they want. Considering that, for many, comic books are for collecting, this doesn't seem too far fetched. Though, at the same time, the industry may want to look at other changes to their business model as well, such as bundling other things into the mix as well (e.g., if you buy the actual comic you get entered into a sweepstakes to have your name used as a character in a future comic). There are plenty of ways to make buying the actual comic books more valuable than just downloading them -- and then if you use the downloads just as promotions, you can encourage more people to buy by exposing more people to the comic itself.



Another blow to the RIAA?

http://www.marketwatch.com/news/story/apple-probe-shake-up-whole/story.aspx?guid=%7B13C61718-B575-4E03-A92B-37BEF80AF1B5%7D

Apple probe will shake up whole music industry

By Jessica Hodgson Last Update: 1:19 PM ET Apr 4, 2007

LONDON (MarketWatch) -- A European antitrust probe into the pricing of Apple Inc.'s iTunes music downloads service could force the music industry to unravel the complex web of intellectual property agreements which allow music to be sold across the world, experts say.

The investigation, which comes a day after Apple and EMI Group PLC said they have agreed to scrap digital rights management (or DRM) copy protection, opens up a new area of uncertainty for the industry, still fighting to contain piracy and to persuade consumers of the merits of buying music on the Internet.

But some argue that the move could ultimately prove to be the catalyst the beleaguered industry requires to force a shift towards a genuinely open global market for digital music.



Nibbling at the edges of Microsoft...

http://www.technewsworld.com/rsstory/56732.html

The Steady Migration of Smartphones to Linux

By John P. Mello Jr. LinuxInsider Part of the ECT News Network 04/06/07 4:00 AM PT

With Palm attempting to migrate its OS to Linux and Symbian working to begin a degree of interoperability with Unix, Linux-based phones are gaining ground, and a recent ABI report suggests they will make up 14 percent of the market by 2012. They face an uphill battle, however against an array of difficult obstacles.



Just because Google is doing it?

http://www.infoworld.com/article/07/04/05/HNmsfundsmappingresearch_1.html?source=rss&url=http://www.infoworld.com/article/07/04/05/HNmsfundsmappingresearch_1.html

Microsoft funds new mapping research programs

The software company has dedicated $1.1 million to programs that develop new uses for the VIrtual Earth and SensorMap applications

By Nancy Gohring, IDG News Service April 05, 2007

Microsoft announced $1.1 million in funding for academic research programs that will develop new applications using its Virtual Earth and SensorMap technologies.

One of the recipients of the funding is a Harvard University project called CitySense, which is also funded by the National Science Foundation. CitySense is a network that consists of 100 nodes -- PCs equipped with long-range Wi-Fi radios and sensors -- that hang on streetlights in Cambridge, Massachusetts. The sensors monitor pollution, wind speed, humidity, temperature, rainfall, and car traffic.



We don't need a single database if multiple databases are connected...

http://hosted.ap.org/dynamic/stories/R/RETAIL_CRIME_DATA_BASE?SITE=VALYD&SECTION=HOME&TEMPLATE=DEFAULT

Retail Trade, FBI Fight Organized Theft

By ANNE D'INNOCENZIO AP Business Writer Apr 5, 12:42 PM EDT

NEW YORK (AP) -- Two leading retail industry associations have teamed up with the Federal Bureau of Investigation to create a national online database that will allow merchants to share information to fight organized retail theft.

The database, scheduled to debut Monday with 40 retailers, consolidates efforts made by the National Retail Federation and the Retail Industry Leaders Association. Both organizations had launched their own password-protected online national crime data bases last year.

... According to a recent poll conducted by NRF, 81 percent of retailers surveyed said they have been a victim of organized retail crime. Nearly half of those polled also had seen an increase in organized retail crime activity in their stores.



I suspect this will spread quickly...

http://www.king5.com/topstories/stories/NW_040507WABcraigslistadLJ.34e92f1d.html

Family feud may have sparked cruel Craigslist hoax

05:34 PM PDT on Thursday, April 5, 2007 By: RAY LANE / KING 5 News

TACOMA, Wash. - A family feud may be behind a fake ad on Craigslist that invited people to take whatever they wanted for free from a Tacoma home, but it appears police aren't ready to haul anyone to jail for it.

... Raye says she recently evicted the tenant who was living there – her own sister – leading to speculation that Raye's own siblings may be behind the ad.

... The sibling rivalry is one of the reasons Tacoma Police are not looking at this as a criminal case. They say it's a civil matter.

... Officials at Craigslist say they need a subpoena or search warrant to release information about who posted the ad. Tacoma Police say they are not going to request those documents.

Police also say even if they knew who took items from the home, most would likely not face criminal charges.

Thursday, April 05, 2007

Due to a hack into a server?

http://www.pogowasright.org/article.php?story=20070404131654687

UCSF reports possible compromise in computer security

Wednesday, April 04 2007 @ 01:16 PM CDT - Contributed by: Lyger - Breaches

UCSF is notifying students, faculty, and staff that their personal information may have been accessed by an unauthorized party due to a possible compromise in security of a computer server. The server did not contain any patient names or patient information.

As a precautionary measure, the University is contacting about 46,000 individuals to alert them to look for signs of identity theft and advise them of steps to protect personal information. The contact list is comprised of students, faculty, and staff associated with UCSF or UCSF Medical Center over the past two years.

Source - UCSF News Office
Related - UCSF Establishes Identity Theft Website, Hotline



An easy way to look like your “doing something?”

http://www.pogowasright.org/article.php?story=2007040413491438

TX: Attorney general's dumpster-diving snares third big score

Wednesday, April 04 2007 @ 01:49 PM CDT - Contributed by: PrivacyNews - Breaches

Companies in Texas should soon start to get the message that attorney general Greg Abbott is growing a little edgy about identity theft. In some cases, like Fort Worth-based electronics-retailing giant RadioShack, it might come the hard way.

And several weeks ago Abbott landed a one-two punch on identity protection by charging two companies on consecutive days for very similar breaches to those alleged against RadioShack.

Talent agency On Track Modeling in Grand Prairie was charged with abandoning confidential client records March 13. Dallas-based Jones Beauty College improperly discarded documents containing SSNs, Abbott alleged the next day.

Source - Legal Newsline



Not uncommon...

http://www.timesdaily.com/apps/pbcs.dll/article?AID=/20070404/APF/704043724

AP Newsbreak: State Web site contains data for ID thieves

By KEN MAGUIRE Associated Press Writer Last Updated:April 04. 2007 3:16PM Published: April 04. 2007 3:16PM

An array of personal information that can be used by identity thieves is freely available on the Web site of Secretary of State William Galvin, who recently criticized Gov. Deval Patrick for failing to protect information about voters on his campaign's site.

Social Security numbers, bank account numbers, home addresses and phone numbers can be viewed with a few clicks, and Galvin said Wednesday he doesn't plan to immediately remove the information because he's launching a software program to start the process within weeks.

"It's totally unacceptable that they are contemplating leaving it up," said Betty Ostergren, a Virginia-based privacy advocate. "Once they realize it's a veritable treasure trove, identity thieves will flock to it. They need to shut the links down."

Galvin refused to do so.

"This is standard practice in the business world," he said. "It's necessary for commerce. There are people who are reliant upon this system."

... The information is put online to make it easier for lenders to access it. There is no security, though, to prevent anyone else from viewing the information.

... Nonetheless, he said people know they are signing a public document when they agree to such loans.



Who ya gonna call?” Perhaps TJX should have asked the DMVs in these states?

http://www.krnv.com/Global/story.asp?S=6326676&nav=8faO

Nevada DMV Asks Worried TJ Maxx Customers Not to Call

CARSON CITY April 4, 2007 02:52 PM

The Nevada Department of Motor Vehicles says customers concerned about a security breach at TJ Maxx stores nationwide should not contact them if they are worried their driver's license numbers have been compromised.

DMV officials say the security breach included license numbers only for customers who returned merchandise without a receipt to TJ Maxx, Marshalls or HomeGoods in the final four months of 2003 and May or June of 2004. And DMV officials add that a driver's license number alone is not an effective means of identity theft, and does not give an identity thief the opportunity to access or alter someone's driving record.

The DMV says it is getting an influx of calls from customers who were advised to contact several agencies in light of the breach. Officials recommend instead following the advice of the Federal Trade Commission.


http://www.wcsh6.com/news/article.aspx?storyid=56856

2,283 Mainers Affected By Security Breach

Web Editor: Rhonda Erskine, Online Content Producer Last Updated: 4/4/2007 3:08:39 PM

Nearly 2,300 Mainers may have had their drivers' license numbers and other personal ID numbers stolen by computer hackers who got TJX companies records. TJX owns retailers TJ Maxx, Marshalls, HomeGoods and AJ Wright.

Maine Secretary of State Matthew Dunlap says investigations continue into what's called the largest security breach affecting a retailer.

Dunlap says the company's learned that driver's license information, state ID numbers, and military ID numbers may have been stolen. It also tells the state that 2,283 Mainers may be affected.

Dunlap says that no one who has a stolen Maine driver's license number has access to any financial information by way of the state's computer systems. He also says no financial information is stored on the state license database.

TJX has sent letters to all Maine residents who may have been affected by the data theft. They're being advised to contact the Bureau of Motor Vehicles to minimize risks created by that situation.



Wouldn't this be a job for a “virtual lawyer?”

http://techdirt.com/articles/20070404/071904.shtml

If Gambling In Virtual Worlds Is Illegal, Does The Avatar Get Arrested?

from the the-mind-boggles dept

In the past year or so, establishing a presence in Second Life has become a popular way for companies to get some media attention and establish their Web 2.0 cred. The latest to enter the virtual world isn't a company, but the FBI, which, on the invitation of Linden Lab, is looking around to see if anything untoward is going on in there. Of particular interest to the FBI are the in-game casinos, where people gamble Linden Dollars that can be exchanged for real money. At the moment, this is something of a end run around the laws aimed at blocking online gambling. With so many arrests of online gambling executives, Linden Lab seems concerned about the legality of its own operations, and has smartly sought an opinion from the government on whether it's breaking any laws. Of course, this question just opens up a huge can of worms about the relationship between real world law and in-game play. Meanwhile, now that the government has entered the virtual world, it's comforting to know that Reuters has a full-time reporter there, just to keep it in check.



Where is the line?

http://www.pogowasright.org/article.php?story=20070404134647123

Monitoring of employee breached human rights, says European court

Wednesday, April 04 2007 @ 01:46 PM CDT - Contributed by: PrivacyNews - Non-U.S. News

The monitoring by a Welsh college of an employee's email, phone and internet use was a breach of her human rights, the European Court of Human Rights has ruled. The UK Government must pay £3,000 damages and legal costs in the case.

Lynette Copland said that her email traffic, internet activity and telephone usage were all monitored by the deputy prinicipal of Carmarthenshire College or his staff in a manner that breached her rights to a private life as enshrined in the European Convention on Human Rights.

Copland took a case against the Government that the activity breached her rights under Article 8 of the Convention, which says that "everyone has the right to respect for his private and family life, his home and his correspondence". Her case was against the government because Carmarthern College is a publicly funded body.

Source - Out-Law.com

[From the article: "The Court is not convinced by the Government's submission that the College was authorised under its statutory powers to do 'anything necessary or expedient' for the purposes of providing higher and further education, and finds the argument unpersuasive," said the Court's ruling.

... "According to the Court's case-law, telephone calls from business premises are prima facie covered by the notions of 'private life' and 'correspondence' for the purposes of article eight," said the Court's ruling. "It follows logically that emails sent from work should be similarly protected under article eight, as should information derived from the monitoring of personal internet usage."



This has potential...

http://www.technewsworld.com/rsstory/56683.html

Making the Grade in Podcasting Class

By Leah Etling The Tribune 04/04/07 4:00 AM PT

Gary Bissell, a high school computer science teacher in Atascadero, Calif., has proposed a new class to add to his school's curriculum: Podcasting. "Public speaking is involved, audio editing, script writing, organization and presentation," Bissell said. Now that today's students have been with computers all their lives, Bissell said, schools need to teach more than the basics.


...after all, there is money to be made! ($295 per)

http://www.pr.com/press-release/34860

GLBA Compliance Workshop Offered on BankInfoSecurity.com

This webinar will explain how financial institutions can best maintain compliance with the Gramm-Leach-Bliley Act Section 501(b). In light of the recent TJX data breach, this is a webinar worth attending.

Princeton, NJ, April 05, 2007 --(PR.com)-- In many ways, the most significant challenges presented by Section 501(b) are those that are non-technical such as conducting an enterprise-wide Information Security Risk Assessment and the requirements to engage the Board of Directors in the ongoing management of operational risk. This workshop will expand on many of these areas and present practical and proven approaches many institutions have adopted in order to comply with Section 501(B) of GLBA and Section 216 of Fair and Accurate Credit Transaction Act. This webinar will be offered on Thursday, April 12 on BankInfoSecurity.com.

... For additional information about the BankInfoSecurity.com GLBA Compliance webinar, please visit: http://www.bankinfosecurity.com/webinarsDetails.php?webinarID=19

### Contact Information BankInfoSecurity.com Linda McGlasson 609-356-1499

lmcglasson@bankinfosecurity.com www.bankinfosecurity.com