Saturday, June 30, 2007

Another case where the organization states that (between the time they detected the problem and this announcement) they have instituted changes to prevent this from happening. (I hope they mean they will call the cops quicker, too.) Makes you wonder what they were thinking in the years before this happened...

http://www.pogowasright.org/article.php?story=20070629063355699

Hard Drive With Shands Patients' Info Stolen

Friday, June 29 2007 @ 06:33 AM CDT Contributed by: PrivacyNews News Section: Breaches

JACKSONVILLE, Fla.

... The computer was used by medical residents and contained the medical and personal history of 956 patients. Channel 4 obtained a police report, which states the computer was stolen May 30. However, police were not told about the incident until June 6 -- seven days after the alleged theft.

According to the police report, a hard drive was missing and later determined to be stolen. No report was made initially, however, the report goes on to say, it was learned there was patient information and then police response was requested. Police said there was no way to investigate because there was such a delay in reporting the incident.

Source - News4Jax



If you thought delaying a week was bad...

http://www.statejournal.com/story.cfm?func=viewstory&storyid=25748

Stolen Computers Leave Harrison County School Workers at Risk for ID Theft.

Posted Thursday, June 28, 2007 ; 05:20 PM Updated Thursday, June 28, 2007 ; 05:21 PM

The computers were stolen from a risk management firm in Charleston last February.

CHARLESTON -- Someone has stolen several computers that contained the personal information, including social security numbers, of several Harrison County school employees.

The Attorney General's Office said the thefts happened last February at MSI Risk Management in Charleston, which handles workers comp claims for the school board.

MSI recently notified the Harrison County School Board that the computers had been stolen.



But to really screw up...

http://www.pogowasright.org/article.php?story=20070629163333420

(follow-up) Report criticizes VA data security

Friday, June 29 2007 @ 04:33 PM CDT Contributed by: PrivacyNews News Section: Breaches

An Alabama VA hospital that lost sensitive data on more than 1.5 million people in January repeatedly failed to follow privacy regulations leading up to the incident, according to an internal report.

The employee directly responsible for the data initially lied to investigators and deleted files from his computer in an effort to hide the magnitude of the problem, the VA's inspector general wrote. [Question for my “Intro to Management” students: How do you prevent this? Bob]

Source - Business Week

Related - Birmingham News: VA releases inspector's report on missing hard drive
Related - Dept. of Veterans Affairs OIG Report (pdf)



How does your organization measure up? (Can you do better than the government?) Might be the basis for a “Guidelines” paper – which I think is sorely needed.

http://www.bespacific.com/mt/archives/015320.html

June 29, 2007

DHS Privacy Policy Guidance- Safeguarding Policies and Procedures for Personnel-Related Data

DHS Action Memorandum Review of Safeguarding Policies and Procedures for Personnel-Related Data, June 13, 2007 with attachments. (PDF, 10 pages)

  • Attachment 1: Review of Personnel-Related Data Policies and Procedures and Self-Assessment (PDF, 13 pages)

  • Attachment 2: Protecting & Handling Personnel-Related Data – Quick Reference Guide (PDF, 2 pages)
    Attachment 3: Verification and Confirmation Memorandum Templates (Self-Assessment and Training Certifications), (PDF, 2 pages)

  • Attachment 4: DHS Employee Communication from Scott Charbo and Maureen Cooney regarding Data Security and Privacy, June 8, 2006 (PDF, 2 pages)

  • Attachment 5: DHS Deputy Secretary Memo, April 26, 2007 regarding Advance Notice to Leadership on Unintentional Release of Privacy Act Protected Information

  • Attachment 6: OMB Memorandum 07-16, Safeguarding Against and Responding to the Breach of Personally Identifiable Information, May 22, 2007 (PDF, 22 pages)



From the Terrorist Training Manual: After a while, they get bored and revert to acting like a bureaucracy...

http://www.bespacific.com/mt/archives/015321.html

June 29, 2007

DOD IG Memo on Threat and Local Observation Notice (TALON) Report Program

Report Number 07-INTEL-09 The Threat and Local Observation Notice (TALON) Report Program (U) (56 pages, PDF)



Good news, bad news Bad News: CEOs are notorious for not understanding technology risks and a high proportion could fall for this. Good news: Most CEOs never see their e-mail. They “have people for that.”

http://www.eweek.com/article2/0,1759,2152780,00.asp

MessageLabs Reports Rise in Targeted E-Mail Attacks

June 29, 2007 By Brian Prince

Cyber-thieves have set their sights on C-level executives with sophisticated social-engineering techniques designed to steal data, according to security researchers at MessageLabs.

In its monthly report, MessageLabs recorded a sudden spike in the number of targeted attacks June 26, intercepting some 500 attacks that used e-mails with Microsoft Word document attachments containing malicious code.

... In the case of the blast of 500 e-mails June 26, the attacks were so precise that the name and job title of the recipient were included in the subject line. Roughly 30 percent of the e-mails targeted CIOs, while CEOs and presidents were targeted about 11 percent and 9 percent of the time, respectively.

In the report, MessageLabs officials stated researchers also uncovered e-mails where the recipients were relatives of the actual target. For example, an e-mail would be sent to the spouse of the CEO.

"The intent is to compromise the family computer and indirectly gain access to confidential correspondence and intellectual property relating to the target," according to the report.



Wow! The propaganda channel! Why haven't we done this?

http://www.infoworld.com/article/07/06/29/YouTube-to-create-EUtube_1.html?source=rss&url=http://www.infoworld.com/article/07/06/29/YouTube-to-create-EUtube_1.html

EU turns to YouTube to create EUtube

EC plans to disseminate information and explain policy to its citizens through a new video-sharing channel

By Peter Sayer, IDG News Service June 29, 2007

The European Commission is turning to video-sharing Web site YouTube.com to disseminate information about the workings of the European Union to its citizens, through a new channel on the site called EUtube, it announced Friday.

The EUtube channel bears the tagline "Sharing the sights and sounds of Europe." At launch, the showcased video was a 40-second animated cartoon entitled "Everyone Can Save The Planet." Other featured videos include a series entitled "And if Europe didn't exist..." and a documentary on the troubled Galileo project to build a European satellite navigation system.

... It will help YouTube users learn more about the workings of the E.U.'s institutions, by leading them to information they weren't necessarily looking for. [and distracting them from the information they need... Bob]

... Setting up the channel has not cost the E.U. anything, Dowgielewicz said.



Oh look! Free advertising for (whatever he is calling himself this week)

http://techdirt.com/articles/20070629/163147.shtml

Music Retailers Flip Out That Prince Wants To Give Away His Music

from the it's-madness! dept

For years, some have been saying that the real problem holding back the music industry from embracing digital distribution hasn't been the record labels so much as the record stores. In fact, in the Rolling Stone article about the suicide of the recording industry, one of the key stumbling blocks was that the music retailers threatened the record labels if they embraced digital distribution such as Napster. So, it shouldn't come as much of a surprise that music retailers are spitting mad over Prince's plans to give away his latest album. Prince has actually been on the cutting edge of new music business and distribution models for many years, so this doesn't come as much of a surprise. What's interesting, is that he's actually linking two troubled industries: recording and newspapers in a way that helps both. His latest CD will be available for free with a newspaper in the UK -- and the newspaper is thrilled because it's going to seriously increase circulation for that week. This is a perfectly reasonable idea: it adds value to the newspaper and makes it a more worthwhile purchase, while at the same time getting Prince a lot of attention and many more people hearing his latest works (which opens up many more opportunities for him to make more money through concerts, back catalog, merchandise, appearances, sponsorships, etc.).

However, the music retailers are freaking out that someone else might distribute music instead of them. Apparently they haven't been paying much attention to all that online distribution of music that goes on these days and the fact that the business model of the traditional record shop is pretty much dead and buried. Instead, they blame Prince for actually getting more fans to hear his music. "It would be an insult to all those record stores who have supported Prince throughout his career," claimed one. Another said: "The Artist Formerly Known as Prince should know that with behaviour like this he will soon be the Artist Formerly Available in Record Stores." Of course, that's the funniest one, since it's pretty clear that Prince has already realized he's better off without the record stores. Then there's the head of HMV: "I think it would be absolutely nuts. I can't believe the music industry would do it to itself. I simply can't believe it would happen; it would be absolute madness." Basically, what you're reading here is an industry in complete and total denial over the fact that their service (delivering plastic discs to willing buyers) is a business model that's increasingly obsolete.



I (heart) NY! But I don't have any pictures to show you... (Comments are worth browsing...)

http://yro.slashdot.org/article.pl?sid=07/06/30/0644201&from=rss

Permit May Be Required For Public Photography in NYC

Posted by Zonk on Saturday June 30, @07:04AM from the land-of-the-free dept.

G4Cube passed us a link to a New York Times article about a troubling development in public photography rights. New York City is considering requiring a permit for photographers, film-makers, and even possibly tourists who want to shoot imagery in the Big Apple. "New rules being considered by the Mayor's Office of Film, Theater and Broadcasting would require any group of two or more people who want to use a camera in a single public location for more than a half hour to get a city permit and insurance. The same requirements would apply to any group of five or more people who plan to use a tripod in a public location for more than 10 minutes, including the time it takes to set up the equipment. Julianne Cho, assistant commissioner of the film office, said the rules were not intended to apply to families on vacation or amateur filmmakers or photographers. Nevertheless, the New York Civil Liberties Union says the proposed rules, as strictly interpreted, could have that effect. The group also warns that the rules set the stage for selective and perhaps discriminatory enforcement by police."



No more “Take my car... Please” Note that the government is paying for this...

http://it.slashdot.org/article.pl?sid=07/06/30/0617245&from=rss

Winnipeg Demands Immobilizers on High-Risk Cars

Posted by Zonk on Saturday June 30, @02:23AM from the tough-claims-agent dept.

mytrip writes with a Reuters article about a new, unusual insurance requirement for drivers in Winnipeg, Manitoba. Apparently Winnipeg is one of the worst cities in Canada for auto thefts. New and 'high-risk' cars will now be required to install an electronic immobilizers in order to qualify for car insurance. "Chomiak said cars are stolen twice as often in Winnipeg as in other Manitoba cities, while a 2005 report from Statistics Canada said the city had a higher per-capita car theft rate than larger cities like Vancouver, Montreal and Toronto. The province, where cars are insured through Manitoba Public Insurance, will fork over C$15 million ($14 million) so that owners without immobilizers can have them installed."



Just an interesting quote. Perhaps this is the future of my “ubiquitous surveillance” rant?

http://www.pbs.org/cringely/pulpit/2007/pulpit_20070629_002360.html

June 29, 2007

An AIR of Invisibility: Adobe has Microsoft in its sights

Al Mandel, who helped market the original LaserWriter at Apple and later had several high-level positions at AOL, used to say, "The step after ubiquity is invisibility," by which he meant that once a technology had reached the point where everyone had it, then people simply forgot about it and from then on assumed it would be there. Invisibility is a good thing because it means there will always be a market for your product. Invisibility is a high-tech annuity.



Wasn't this obvious?

http://hbswk.hbs.edu/item/5722.html

First Look

June 29, 2007

How does a commercial firm compete with a free open-source product? A study by Harvard Business School's Deishin Lee and Stanford professor Haim Mendelson examines several angles: the motivations of developers, benefits to consumers, and effects on first-mover advantage. As they found, "if the open-source product is available first, all participants are better off when the commercial and open-source products are compatible." The resulting article, "Divide and Conquer: Competing with Free Technology under Network Effects," is described in a forthcoming issue of Production and Operations Management Journal.



Free is good! Note GIMP works under Windows too

http://www.maximumpc.com/article/bring_out_the_gimp_part_1_gimp_basics

Bring Out the GIMP Part 1: GIMP Basics

Posted 06/29/07 at 11:26:13AM | by Robert Strohmeyer

No matter which Linux distro you run, chances are it came with a magnificent little image editor called GIMP (GNU Image Manipulation Program). Unlike Paint and other free-with-your-OS image editors, GIMP is a full featured graphics app with a broad range of capabilities that rival those os Adobe Photoshop. (Note: GIMP does lack many features of its $749 rival, but it has the distinct advantage of costing absolutely nothing.) In this, our first of several posts about this powerful Linux app, we'll give you a quick-and-dirty intro to GIMP's most basic features. Note that there are multiple ways to accomplish these basic tasks in GIMP, but these methods require the fewest steps. In later tutorials, we'll show you more advanced (and more efficient) image editing techniques.

Friday, June 29, 2007

Much ado about nothing – or – why senior managers never worry about prosecution?

http://www.pogowasright.org/article.php?story=20070628125923787

HP Pretexting Charges Dismissed

Thursday, June 28 2007 @ 12:59 PM CDT Contributed by: PrivacyNews News Section: Businesses & Privacy

Charges against defendants in the Hewlett-Packard pretexting case have been dismissed.

Santa Clara County Superior Court Judge Ray Cunningham dismissed all remaining charges during a hearing Thursday morning, at which defendants presented proof that they had completed community service they agreed to in March, a court clerk confirmed.

Former HP ethics officer Kevin Hunsaker and private investigators Ronald DeLia and Matthew DePante were charged last year with identity theft, wrongful use of computer data, fraudulent wire communications, and conspiracy to commit those crimes. The felony charges, brought by former California Attorney General Bill Lockyer, stemmed from HP's internal investigation into media leaks.

Source - InformationWeek



e-conomics? Milton Friedman used the example of a #2 pencil...

http://techdirt.com/articles/20070628/093207.shtml

The iPod Is Built Globally, But The Money Is Made In The US

from the world-music dept

Over at The New York Times, economist Hal Varian discusses a recent study that looked at the various countries involved in making an iPod. Not surprisingly, a large chunk of each iPod goes abroad, as companies in different countries are involved with its production, either as parts suppliers or manufacturers. The study is useful in showing the difficulty in measuring trade statistics, although the authors conclude that each iPod sold contributes $150 to the US trade deficit with China. Andy Kessler actually took up this exact issue a few years ago, examining the link between the iPod and the trade deficit. The key thing to realize is that while Apple receives a fairly modest cut of each iPod sold, it's by far the most profitable chunk. The money made by the various chip makers and assemblers commands the low margins that are typical for their industries. Thus, while you could blame Apple for causing so many dollars to leave the US, you have to figure in the company's exploding stock price post-iPod. When the iPod was launched in October, 2001, the company's market cap was less than a tenth of what it is now ($105 billion). So any contribution to the trade deficit that the company might be responsible for is more than compensated by the $90+ billion that it's added back to the US economy.



e-conomics? Does a well informed consumer need as much protection? (Are potential competitors ready to pounce?)

http://yro.slashdot.org/article.pl?sid=07/06/28/1542200&from=rss

Ban On Price Floors Abandoned, Internet Prices May Rise

Posted by kdawson on Thursday June 28, @04:44PM from the 96-year-old-precedent dept.

paro12 and i_like_spam informed us of a 5-4 decision by the US Supreme Court which abandons a 96-year-old ban on manufacturers and retailers setting price floors for products. The Slashdot community discussed the issue when the case was argued back in March. The ruling means that anti-competitive complaints based on price-fixing will have to be argued case-by-case and will be harder to prove. Discounts and discounters in all venues may be under pressure, with internet sales possibly the hardest hit.

"Importantly, this case points a dagger at the heart of the most consumer-friendly aspects of the Internet. The Internet has shifted power to the consumer in two ways. First, it allows consumers to search for and gather information in a cost-effective, efficient manner. Second, it provides a low-cost means of retailing, making it easy for discounters to offer products to the public. This combination squeezes excess profits and inefficiencies out of product prices. Retail price maintenance seeks to short circuit this extremely consumer friendly process. By setting minimum prices, manufacturers can build in excess margins for themselves and for their favored retailers -- prices that consumers have no choice but to pay."


An example?

http://hardware.slashdot.org/article.pl?sid=07/06/29/0117223&from=rss

Bank on Your Cell Phone

Posted by CowboyNeal on Friday June 29, @12:33AM from the little-big-business dept. The Almighty Buck Businesses Handhelds The Internet

AnonGirl writes "Big banks are launching mobile banks to 'keep customers and generate more payment revenue down the line.' Citibank is working on two pilots: one with Obopay, and the other for contact-less payments. AT&T phones will have Wachovia already installed in their phones by fourth quarter 2007. The downside: 'Even though banks are not charging for their service, carriers do charge for accessing data through their phone.'"



e-conomics. Just because it's interesting...

http://economist.com/daily/chartgallery/displaystory.cfm?story_id=9414607

Pricing powder

Jun 28th 2007 From Economist.com

THE street price of cocaine varies hugely across the world. No surprise that it is cheapest in Colombia, the world's biggest producer of coca: at $2, a gram costs less than a Big Mac. Geography is an obvious price factor. The farther away a country from the main producers in South and Central America, and the more isolated it is, the higher the cost to traffick there. In far-flung New Zealand, a gram costs a wallet-busting $714.30. But there are some pricing anomalies. Although the street price in Japan is several times higher than in Israel, Germany and Britain, the wholesale price in the countries is similar, around $46.40. In Canada the wholesale price is 50% more than in America, but Canadians pay 40% less on the street. [Outrageous! Call your congressmen and demand they “DO SOMETHING!” Bob] It could be that policing is more zealous in some countries, or that there is less competition among suppliers.



Is this a good thing? I guess it depends on the restrictions they try to impose... (What will the Belgian newspapers demand?)

http://www.nzpa-online.co.nz/storyviewer.php?sid=1129

GLOBAL DIGITAL COPYRIGHT PROJECT ON SCHEDULE

Jun 27th 2007 9:01am

The World Association of Newspapers and a global coalition of publishing and media groups held a conference in London Tuesday to unveil the progress of the Automated Content Access Protocol (ACAP), a new standard to allow on-line content providers to automatically communicate information to search engine operators and others on how their content can be used.

Launched in October last year and on schedule to be completed by the end of 2007, ACAP is designed to encourage owners of high quality content to make their work easily available online and also help avoid complex and costly legal disputes between content providers and search engines.



The future? The “next big thing?” Rich kid's toys?

http://www.pcmag.com/article2/0%2C1895%2C2147447%2C00.asp

Five Ideas That Will Reinvent Modern Computing

ARTICLE DATE: 06.20.07 By Cade Metz and Jamie Bsales

What's in the works at the leading high-tech research labs? Some awfully cool stuff—to say the least. This spring, we checked in on five of our favorites—Bell Labs, HP Labs, IBM Research, Microsoft Research, and the granddaddy of them all: the Palo Alto Research Center (PARC), the former Xerox facility that spawned Ethernet, laser printing , the GUI operating system, and so much more.



The future of publishing?

http://www.technewsworld.com/rsstory/58083.html

The Next Chapter for eBooks

By Pam Baker TechNewsWorld 06/29/07 4:00 AM PT

It appears publishers have no favorites among the current spread of eBook formats. "It's true -- publishers do not have a favorite or a preference at this point," Steve Potash, CEO of Overdrive and president of the International Digital Publishing Forum, told TechNewsWorld. "The field is wide open, and Adobe is well-positioned to seize the market."

... Adobe's Approach

This week, Adobe Systems announced the release of Adobe Digital Editions 1.0, a new software application for acquiring, managing and reading eBooks, digital newspapers and other digital publications. It is available as a free download for Microsoft Windows and Macintosh Latest News about Macintosh systems.

... With native support for Adobe Portable Document Format (PDF) and XML-based publications, Adobe Digital Editions already works seamlessly with more than 150,000 commercially published titles. Using Adobe Digital Editions 1.0 readers will find that content automatically re-flows, adapting to different screen sizes, and support for Adobe Flash software promises to enhance digital publications through the integration of rich audio and video. [So, is that still a book? Bob]



So maybe it was “news” and Brazil loves free speech?

http://techdirt.com/articles/20070627/191424.shtml

After Banning Entire Site, Brazilian Court Sides With YouTube; Tells Model To Pay Up

from the talk-about-an-about-face dept

Remember when a judge in Brazil banned the entire YouTube over a video of a famous Brazilian model having sex on the beach? Eventually, following quite an uproar, the judge rescinded the ban, but the case went on. Boing Boing is now reporting that the judge hasn't just sided with YouTube, but is ordering the model to pay Google and other video hosting companies as compensation for the lawsuit. Of course, when the ban first was making the news, the model had said that she wasn't so concerned about the video, but that it was her boyfriend in the video who didn't like it. Wonder which one of them will pay the fine?



Have I mentioned that I love lists like this? Always something new to discover – and occasionally something useful!

http://www.pcworld.com/article/id,133119-page,10-c,sites/article.html

100 Blogs We Love

Here are our favorite stops in the blogosphere, covering everything from high tech to low comedy and all manner of pursuits in between.

By the Editors of PC World Monday, June 25, 2007 1:00 AM PDT

Thursday, June 28, 2007

In theory, these are computer professionals... (They are having a sale on an Internet Security Suite today. Somehow, I don't have much confidence in their ability.)

http://www.todaystmj4.com/news/local/8202232.html

65,000 Milwaukee PC Customers May Be at Risk

Heather Shannon Story Updated: Jun 27, 2007

MILWAUKEE - The credit card information of 65,000 customers who've used Milwaukee PC may have been compromised.

The staff at the computer retailer and service center noticed a file in their server and was concerned that file could contain customers' credit card numbers and personal information. [They can't tell? Bob]

No one has reported their information stolen yet, [How would they know it was your fault before you announced? Bob] but Milwaukee PC isn't taking any chances.

"We think that it is possible that we stopped it before it got out, but to stay on the safe side for our customers, we thought it best to send them a letter,” Troy Salchow, general manager of Milwaukee PC said.



At lest they won't say “We have no indication that the information was used...”

http://www.pogowasright.org/article.php?story=20070627165756145

Criminal Probe Launched Into Computer Hacking of Vet School Admissions Info

Wednesday, June 27 2007 @ 04:57 PM CDT Contributed by: PrivacyNews News Section: Breaches

A criminal investigation into the apparent hacking and misuse of computerized veterinary medical school admissions records has been launched by the University of California, Davis, Police Department, in cooperation with the Sacramento Valley High Tech Crimes Task Force.

On June 15, the university determined that its computer-security safeguards had been breached and someone had gained access to the personal information of an estimated 1,120 applicants to the School of Veterinary Medicine for the 2007-2008 school year, including 131 accepted students. The hacker had accessed information including the applicants' names, birth dates and, in most cases, Social Security numbers.

The security breach became apparent when applicants who had recently been admitted to the School of Veterinary Medicine attempted to set up campus computer accounts and were notified that accounts had already been established in their names. [Strong indication that the hacker was an amateur. No pro would tip his hand this way... Bob] Further investigation revealed that the records of 375 veterinary medical school applicants for the 2004-2005 school year -- seven of them admitted students -- also might have been illegally accessed.

Source - UC Davis



Again someone lost a thumb drive. These won't be secure until they are subcutaneous. (At the rate they are shrinking, it should be possible in time for Christmas.)

http://www.wtol.com/Global/story.asp?S=6718096

BGSU: Flash Drive With Students' Personal Info Has Been Lost

June 27, 2007 01:06 PM

The following came from Bowling Green State University.

BOWLING GREEN -- Bowling Green State University is notifying current and former students of accounting professor Dr. W. David Albrecht that a computer flash drive with information about them has been lost.

Files on the portable storage device contained Social Security numbers for 199 students from his classes in 1992, and the names, grades and University identification numbers -- but not the Social Security numbers -- for approximately 1,600 other students.

There is no indication that any information on the missing flash drive has been accessed in any way, [The is no possible indication of access until evil things start happening, is there? Bob] and there was no system breach or hacking of the University's computer systems.

Albrecht informed University officials May 30 that after an extensive search, he was unable to locate his computer flash drive.



You tell these kids their information is not private, but do they listen?

http://techdirt.com/articles/20070627/012707.shtml

Who Needs A Yearbook When You Already Have Facebook.com?

from the welcome-to-the-new-world dept

There's an interesting in the Washington Post about students at a high school in Maryland who got a bit of a shock when they opened up their latest yearbooks... only to find photos from their Facebook.com profiles included in the book. Apparently, the yearbook staff procrastinated on finding photos for the yearbook and took the shortcut route of simply copying them from various student Facebook.com profiles, without bothering to ask permission. [Would they need permission? Bob] This has freaked out some of the students. There are a few things that come across as interesting about this story. First, it shows yet another example of students thinking of everything on the web as being open content for use. Second, the reaction of the students freaked out by this reminds us that the social networking sometimes forgets that the content on these sites is publicly available for people to find outside their closeknit group of friends. All in all, it seems pretty lazy for the yearbook staff to not at least ask the individuals for permission to use their photos, but at the same time it's fairly creative for the staff to also realize that they were more likely to get interesting candid photos of students via the website. Then, of course, why isn't anyone asking whether the whole concept of "the yearbook" is starting to get outdated thanks to social networks like Facebook?


Speaking of Facebook...

http://blog.wired.com/27bstroke6/2007/06/facebook-privat.html

Facebook Private Profiles Not As Private As You Think They Are

-- UPDATED With Facebook Changes

By Ryan Singel EmailJune 27, 2007 | 12:30:15 PMCategories: Privacy, Privacy

Facebook users who set their profiles to private aren't quite as hidden as they might think they are, according to security researcher Christopher Soghoian, who discovered that Facebook's advanced search features reveals people's names, pictures, religion and sexual orientation to people who don't have permission to see their profile.



On the flip side... (Does anyone under 25 remember where that phrase came from?)

http://www.securityfocus.com/brief/536?ref=rss

Cybercrime busts net data-theft suspects

Robert Lemos 2007-06-27

Two operations run by the the U.S. Secret Service led to the arrests of French and Canadian citizens on charges stemming from the theft of user names and passwords and illegal carding activity, the federal agency said this week.

In Operation Lord Kaisersose, the Secret Service's Miami field office identified an individual, known online as "Lord Kaisersose," that had allegedly stolen more than 28,000 compromised accounts and used the information to commit more than $14 million in fraud. The investigation led the French National Police to arrest a French citizen and three associates, the Secret Service said in a statement. A second operation led the Calgary Police Service to arrest an Alberta resident on charges of possessing and trading credit-card skimming devices and a French resident on charges of illegal carding activities.

The Secret Service stressed that the operations, as with most other Internet investigations, would not have been successful without international cooperation.

"Technology has forever changed the way commerce is conducted, virtually erasing geographic boundaries," Michael Stenger, assistant director of the U.S. Secret Service Office of Investigations, said in a statement (PDF).

... Most cybercrime investigations have had international components. An investigation into online funds transfer service E-Gold has been complicated by the fact that the company is registered in Nevis, West Indies, even though the company's assets appear to be entirely based in Florida. Operation Cardkeeper -- an FBI investigation into the illegal trading of credit-card numbers, so-called "carding" -- led to the arrest last year of three people in the U.S. and another 13 in Poland.

The U.S. Secret Service is developing the curriculum for the National Computer Forensics Institute in Hoover, Alabama, which will train both U.S. and international law enforcement personnel.



How do you prove “infringing” objectively enough to program it into your search engine?

http://techdirt.com/articles/20070627/121427.shtml

MPAA Sues Sites For Linking To Infringing Content

from the just-a-link dept

It's amazing how badly the entertainment industry wants people to believe that anything they don't like [..or understand.. Bob] must be illegal. There's already a long history of them suing the easiest party for them to find rather than the party actually breaking the law, so it shouldn't be much of a surprise to see them doing so again. Apparently the MPAA has sued some sites that create a directory of online videos, mainly TV shows and movies. These sites do not host the files. They simply point people to where they are online. Effectively, it's the same thing that a search engine like Google does. There are plenty of Google searches that will lead you to unauthorized content, but for some reason, the entertainment industry believes that if you make a specialized search engine or directory you're somehow liable. These sites have come under attack before, and the MPAA may be hoping that by creating a specialized search engine they'll be able to show "inducement" under the Supreme Court's Grokster standard. It will definitely be worth watching how these court cases go, because if the MPAA succeeds, it effectively means that they'll have the right to sue anyone who links to infringing content by claiming inducement. That would be a horrible precedent to set.



Documenting a dying industry (from a reputable source?)

http://www.rollingstone.com/news/story/15137581/the_record_industrys_decline/print

The Record Industry's Decline

Record sales are tanking, and there's no hope in sight: How it all went wrong

Brian Hiatt and Evan Serpick Posted Jun 19, 2007 2:29 PM

This is the first part of a two-part series on the decline of the record industry. Today we're including Brian Hiatt and Evan Serpick's report on where the music business went wrong, from the current issue of Rolling Stone, as well as an interactive graphic illustrating the industry's slide. Tomorrow, check back with RollingStone.com for interviews with industry leaders on the future of the music business.



Someone else who does not understand technology?

http://arstechnica.com/news.ars/post/20070627-ftc-shoots-down-net-neutrality-says-it-is-not-needed.html

FTC shoots down Net Neutrality, says it is not needed

By Ken Fisher | Published: June 27, 2007 - 06:07PM CT

The Federal Trade Commission today dealt a serious blow to "Net Neutrality" proponents as it issued a report dismissive of claims that the government needs to get involved in preserving the fairness of networks in the United States.

FTC Report (PDF)



Isn't this just a good interpretation of a badly worded law?

http://www.law.com/jsp/article.jsp?id=1182848790153

Appeals Panel 'Reluctantly' Tosses Child Porn Case

Alyson M. Palmer Fulton County Daily Report 06-27-2007

Judges of the Georgia Court of Appeals last week said they must "reluctantly" issue an opinion that may make it more difficult for the state to prosecute people who look at child pornography.

A three-judge panel on June 21 reversed the conviction of a North Georgia man on 106 counts of sexual exploitation of children because, the judges found, prosecutors didn't prove that the man knew he had pornographic images stored in his computer hard drive. [Shouldn't that be a minimum requirement? Bob]

In what it said was an issue of first impression in Georgia, the panel of Judge M. Yvette Miller, Chief Judge Anne Elizabeth Barnes and Presiding Judge J.D. Smith narrowly construed what it means to "knowingly" possess child pornography under the state's sexual exploitation law. It's not enough, wrote Miller for the panel, to prove a defendant has pornographic images in the inaccessible cache files of his computer.

... But the lawyer who won the appeal, Daniel J. Ripper, of Luther-Anderson in Chattanooga, Tenn., said the opinion just gives prosecutors a roadmap for handling child pornography cases. "This is a case that says, 'Here are the facts that you need,'" said Ripper, a member of the State Bar of Georgia who said about half of his work is in Georgia.

... At the jury trial before Walker Superior Court Judge Kristina C. Connelly, a U.S. Secret Service forensic computer analyst testified that each of the pornographic images on Barton's computer was stored on the hard drive of his computer in temporary Internet file folders, according to the opinion. The agent said the files' existence meant that Barton had viewed the images on the Internet but hadn't taken any additional steps to save them on his computer -- and couldn't retrieve the images again without special software he didn't have.

According to the court's opinion, the agent said that Barton had looked at each of the 106 images once over the course of two separate time periods totaling less than four hours on Dec. 2 and 3, 2003. He testified that even those unwanted images that "pop-up" on a computer screen are stored on a computer's hard drive but didn't say whether any of the images stored on Barton's computer represented "pop-ups."

A jury acquitted Barton of child molestation and sodomy charges, which Ripper said arose in the context of a bitter divorce. But he was convicted on the sexual exploitation charges based on the photos and sentenced to serve 20 years in prison.

Barton appealed, arguing that the state hadn't shown he knowingly possessed the images because he hadn't taken any affirmative action to store the photos on his computer, was unaware the computer had automatically saved the images and had no ability to access the saved images.

... However, he said, a forensics expert could determine the manner in which the images came to appear on the computer by examining Internet search histories stored on the computer. If such a search reveals that the defendant sought out the child pornography, said Ripper, "you take that and add it to number of images and the amount of time, then bingo."



How to Blog?

http://www.bespacific.com/mt/archives/015285.html

June 27, 2007

The Blogging Revolution: Government in the Age of Web 2.0

The Blogging Revolution: Government in the Age of Web 2.0 David C. Wyld Associate Professor Southeastern Louisiana University (99 pages, PDF)

  • Description: "Dr. Wyld examines the phenomenon of blogging in the context of the larger revolutionary forces at play in the development of the second-generation Internet, where interactivity among users is key. This is also referred to as "Web 2.0." Wyld observes that blogging is growing as a tool for promoting not only online engagement of citizens and public servants, but also offline engagement. He describes blogging activities by members of Congress, governors, city mayors, and police and fire departments in which they engage directly with the public. He also describes how blogging is used within agencies to improve internal communications and speed the flow of information. Based on the experiences of the blogoneers, [Please. Bloggers is more logical. Bob] Wyld develops a set of lessons learned and a checklist of best practices for public managers interested in following in their footsteps. He also examines the broader social phenomenon of online social networks and how they affect not only government but also corporate interactions with citizens and customers."



Where to video? Monopoly concerns? (see next)

http://weblogs.hitwise.com/leeann-prescott/2007/06/youtube_50_more_traffic_than_o_1.html

June 27, 2007

YouTube: 50% More Traffic than Other Video Sites Combined

YouTube's growth has not begun to slow yet this year. Hitwise traffic data shows that the market share of US visits to YouTube has increased by 70% when comparing January 2007 to May 2007 (this only includes site visits, not streams or streams from views on embedded videos). In comparison, the market share of visits to a custom category of 64 other video sites increased by only 8% in that period. As of May 2007, YouTube's market share was 50% greater than those 64 sites combined. Here is a ranking of the top 10 sites in that custom category for May 2007.


Some people have concerns...

http://bits.blogs.nytimes.com/2007/06/27/myspace-tv-and-the-salary-story/

MySpace TV, and the Salary Story

By Brad Stone June 27, 2007, 2:33 pm

In today’s paper I wrote about MySpace TV, the social network’s challenge to YouTube, a company it inadvertently helped emerge from the nursery when MySpace members began posting YouTube videos to their profile pages. After the jump is a first look at the new MySpace TV home page, which should go live later this week.



Tools & Techniques for ubiquitous surveillance... So simple a caveman can do it!

http://infectedproject.wordpress.com/2007/06/26/set-up-a-webcam-security-system/

Set-up a Ubuntu webcam security system

26Jun07

Have you ever wanted to spy see on what is going on in your home while you are away? Motion is a piece of open source software that acts as a motion detector. It enables you to set-up a webcam server that you can have all your cameras connected too, so you can view them remotely and also upload them to a remote server. Motion should run on most linux distributions but for this exercise I’m using the desktop version of Ubuntu linux.



Read this or I'll take your lunch money!

http://www.bespacific.com/mt/archives/015291.html

June 27, 2007

New Pew Internet Data Memo on Cyberbullying

Press release: "The Pew Internet & American Life Project has just released a short new report that looks at online harassment and cyberbullying among online teens ages 12-17. The report finds that about one third (32%) of all teenagers who use the internet say they have been targets of a range of annoying and potentially menacing online activities - such as receiving threatening messages; having their private emails or text messages forwarded without consent; having an embarrassing picture posted without permission; or having rumors about them spread online...the full report is available here."



A world without cash has been coming for at least thirty years now...

http://www.infoworld.com/article/07/06/28/cash20security_1.html?source=rss&url=http://www.infoworld.com/article/07/06/28/cash20security_1.html

Fed weighs future of contactless payments

Payments industry defends security of technology at recent meeting and claims that waiters, not wireless, are the biggest security threat

By Paul F. Roberts June 28, 2007

You can call it 'cash 2.0': a new age of wireless payment technology that may replace even the smallest cash transactions in the coming years with the wave of a credit card or mobile phone.

But as major corporations like CVS, McDonald's, and Walgreens begin deploying new RF, or "contactless," payment technology, the Federal Reserve is taking a closer look at the technology and is asking the payment industry and card companies, among other questions, whether the new payment systems are secure.



As baby boomers get older, certain technologies gain in appeal...

http://www.techcrunch.com/2007/06/27/when-youve-got-to-go-go-to-mizpeecom/

When You’ve Got To Go, Go To Mizpee.com

Duncan Riley June 27 2007

MizPee is a new service focused on delivering pertinent information regarding the location of nearby restrooms.

Wednesday, June 27, 2007

There is no reason for a Governor (or CEO) to know off the top of their head how many computers were stolen or how many potential security breaches there were last year. But someone in the organization should know. How else can you develop or refine policies and procedures? I still think an article (web site?) suggesting some basic guidelines is sorely needed. (see next articles)

http://www.pogowasright.org/article.php?story=20070626082335896

OH: State Patrol Investigating Dozens Of Computer Thefts

Tuesday, June 26 2007 @ 08:23 AM CDT Contributed by: PrivacyNews News Section: Breaches

The highway patrol said Monday the two most recent cases of data theft from state government agencies are among eleven reports so far this year.

An Ohio State Highway Patrol spokesman said the reports of lost or stolen computer equipment or devices were either owned by the state or went missing by private people on state property.

Lieutenant Tony Bradshaw said an estimated 27 incidents from 2006 and roughly 30 from 2005 are also being reviewed.

Source - 10TV.com


Let's hope he rules say more than: “Don't embarrass the administration.”

http://www.pogowasright.org/article.php?story=20070626195749765

A&M-CC adopts new rules regulating student data

Tuesday, June 26 2007 @ 07:57 PM CDT Contributed by: PrivacyNews News Section: Minors & Students

Texas A&M University-Corpus Christi officials have adopted new rules regulating the access to and use of personal student data. The rules were being drafted several weeks ago when a faculty member reported losing a flash drive that possibly contained about 8,000 students’ personal information, including their Social Security numbers. Officials are investigating whether Blair Sterba-Boatwright violated any university policies in taking the data overseas.

... Officials sent a June 20 memorandum requiring faculty and staff secure or remove information such as social security numbers and dates of birth from computer hard drives, lap tops, external drives, storage devices and hard copy records.

Source - Caller.com


Will this mitigate future “issues?”

http://www.pogowasright.org/article.php?story=20070626152338436

Police to form privacy council

Tuesday, June 26 2007 @ 03:23 PM CDT Contributed by: PrivacyNews News Section: Surveillance

The Redlands Police Department is accepting applications for a Citizens' Privacy Council to provide input and advice on department policy in its use of surveillance cameras.

The Privacy Council will help the Redlands Police Department in its efforts to balance the use of surveillance cameras in public areas to enhance community safety with the citizens' right to privacy.

Source - Redlands Daily Facts



Another talk at the ALA conference...

http://www.bespacific.com/mt/archives/015269.html

June 25, 2007

Reverberations in Case Involving FBI NSLs and Connecticut Librarians

Follow up to previous postings on Connecticut librarians and FBI NSL gag order, via Wired Blog, Librarians Describe Life Under An FBI Gag Order: "Two Connecticut librarians on Sunday [at the 2007 ALA Annual Conference in Washington, DC] described what it was like to be slapped with an FBI national security letter and accompanying gag order."

  • From the conference program: Lifting the Gag: Patron Privacy and the Patriot Act: "When a federal lifetime gag order prevented our speakers from revealing that the FBI had demanded library records, they refused to comply. Represented by the ACLU, they successfully sued the government. Of the thousands who have received National Security Letters, Mr. Chase, Ms. Bailey and two colleagues are the only ones free to discuss the experience. They will discuss their personal and professional roles in defending patron privacy. Speakers: Peter Chase, Library Director, Plainville Public Library; Barbara Bailey, Director, Wells Turner Public Library"



Another “fun” case? Note: It was inevitable that someone would fight back. That's one of the risks their strategy accepted.

http://techdirt.com/articles/20070626/010102.shtml

Are The RIAA's Investigation Techniques Illegal?

from the put-to-the-test dept

Having victims of the RIAA's shotgun legal approach fight back is certainly nothing new. In fact, having people charge the RIAA with racketeering for its actions has happened quite a few times at this point. However, this latest case against the RIAA is a little different. Filed by the same woman who charged the RIAA with racketeering two years ago, Tanya Andersen, the latest case doesn't just focus on the legal strategy, but also on the technology strategy of spying on what users are uploading -- again claiming it violates both racketeering laws and computer fraud and abuse laws. It notes that the process by which the company MediaSentry tries to figure out who is offering files isn't just flimsy, it's illegal.

Ray Beckerman has a link to the full complaint (warning: pdf file). It talks about how flimsy the evidence is, how it's easily falsified, how MediaSentry knew that -- and how it still claims that it offers positive identification on uploaders. The suit also points out that in Oregon (where the suit is filed), MediaSentry is not properly licensed as a private investigator, which breaks the law. Then, the suit goes in for the kill -- focusing on how the RIAA proceeds to use this weak and flimsy evidence to bully and scare people into paying up, abusing their private information and not giving them nearly enough time (or information) to counter the claims. The filing also contains a rather detailed description of the specific actions the RIAA took to intimidate Andersen and her daughter -- despite Andersen providing an awful lot of evidence that she was completely innocent of the charges. It's quite a filing, and should make for an interesting case should it get anywhere. The RIAA will likely do as much as it can to get the case dismissed or buried (as they did with Andersen's previous case), but so far Andersen has shown a very strong willingness to fight for what's right.



Can they say that?

http://www.pbs.org/newshour/bb/law/jan-june07/freespeech_06-25.html

Experts Analyze Supreme Court Free Speech Rulings

Originally Aired: June 25, 2007

The Supreme Court ruled to loosen restrictions on campaign ads and tighten limits on student speech Monday. Two law professors, Walter Dellinger and Richard Garnett, weigh in on what the rulings mean for the nation, and what they indicate about the justices' take on First Amendment rights.



Does Romania's law offer more protection?

http://www.managinginformation.com/news/content_show_full.php?id=5735

26 June 2007

Worldwide Comparison Of Wiretap Laws Published

The Ready Guide, (available from SS8’s website - http://www.ss8.com/ready-guide.php) is the result of extensive research, conducted on behalf of SS8 into LI legislation around the world. The pocket-sized guide covers twenty-four countries, each with a specific overview and history of the particular national laws. Designed to serve as a valuable reference point for anybody connected with the surveillance industry, the guide includes legislation from countries as diverse as the U.S., U.K., Romania and the Philippines.



Other than pointing out a major opportunity for someone to steal the market, what good is this?

http://www.bespacific.com/mt/archives/015271.html

June 25, 2007

Speed Matters: A Report on Internet Speeds in All 50 States

First-Ever State-By-State Report on Internet Connection Speed Shows U.S. Far Behind Other Industrialized Nations: "Results released today of the first-ever state-by-state report on Internet connection speed reveal that the United States is falling far behind other industrialized nations. The report, based on aggregated data from nearly 70,000 users, shows that the median real-time download speed in the U.S. is a mere 1.9 megabits per second (mbps). The best available estimates show average download speeds in Japan of 61 mbps, in South Korea of 45 mbps, in France of 17 mbps and in Canada of 7 mbps."



I predict this will be ignored...

http://techdirt.com/articles/20070625/003804.shtml

Violent Crimes Keep Dropping As Violent Video Games Get More Popular

from the correlations dept

A few years back, we posted some research someone had done noting that youth violence had decreased drastically over the years as violent video games became more popular. Now Digg is highlighting a similar, and rather dramatic, drop in overall violent crime during the period since 1993 (when the video game Doom was released). Obviously, this is a correlation, not proving any kind of causal linkage. However, if it were true that these video games were convincing people to go out and commit actual crimes, it would be hard to bring that into line with this data. Combined with recent studies that have shown that violent crime decreases when violent movies are released, it certainly suggests that the "threat" of such movies and video games aren't as big as some would have you believe.



Oh goodie. Do you suppose this has something to do with poor security in organizations?

http://it.slashdot.org/article.pl?sid=07/06/27/0018252&from=rss

Microsoft Security Makes "Worst Jobs" List

Posted by kdawson on Wednesday June 27, @02:06AM from the whale-meat-and-blubber dept.

Stony Stevenson asks, rhetorically, "What do whale-feces researchers, hazmat divers, and employees of Microsoft's Security Response Center have in common? They all made Popular Science magazine's 2007 list of the absolute worst jobs in science." Quoting:

"The MSRC ranked near the middle as the sixth-worst job in this year's list.. 'We did rate the Microsoft security researcher as less-bad than the people who prepare the carcasses for dissection in biology laboratories,' Moyer said. Moyer didn't have to think long when asked whether he'd rather have the number 10-ranked whale research job. 'Whale feces or working at Microsoft? I would probably be the whale feces researcher,' he said. 'Salt air and whale flatulence; what could go wrong?'"

Here's the Popular Mechanics list all on one page.



I don't get this one, but they have some others that might be more interesting...

http://www.bespacific.com/mt/archives/015274.html

June 25, 2007

askSam Releases Free Searchable e-Book, 15,000 Useful Phrases

askSam releases free searchable ebook: Fifteen Thousand Useful Phrases, by Greenville Kleiser: "A Practical Handbook Of Pertinent Expressions, Striking Similes, Literary, Commercial, Conversational, And Oratorical Terms, For The Embellishment Of Speech And Literature, And The Improvement Of The Vocabulary Of Those Persons Who Read, Write, And Speak English."

[From the web site...

Also Available in Searchable Databases:



Very interesting. Take a look at their web site...

http://digg.com/software/PicLens_Firefox_plugin_for_viewing_pictures_online

PicLens: Firefox plugin for viewing pictures online.

a firefox plug-in that provides an immersive full-screen experience for viewing photos on the Web. A must see! This software interacts with a number of different sites and has many different features such as the ability to view pictures in a slideshow.

http://piclens.com/firefox/