Saturday, July 07, 2007

It's Okay to read the address on the postcard, just don't turn it over?

http://www.pogowasright.org/article.php?story=20070706150634542

SF Appeals Court: E-Mail Surveillance Is Legal

Friday, July 06 2007 @ 03:06 PM CDT Contributed by: PrivacyNews News Section: Surveillance

A federal appeals court in San Francisco Friday upheld the right of government agents to gather information without a search warrant on the e-mail and Internet addresses used by a criminal suspect.

The 9th U.S Circuit Court of Appeals said that "e-mail and Internet users have no expectation of privacy" [NOW will you consider encryption? Bob] in e-mail and Web site addresses.

The court said users should know that these messages are sent and Web sites are visited through third parties such as their Internet service provider and that the information is therefore not private.

The ruling was made in the case of two Southern California men who appealed their conviction and 30-year sentences for operating a large Ecstasy-manufacturing drug laboratory in Escondido.

Source - CBS

[From the article: The court said that surveillance of computer addresses alone - as opposed to eavesdropping on the content of messages - was similar to collecting information on telephone numbers called or on addresses written on the outside of postal envelopes.



As expected...

http://www.pogowasright.org/article.php?story=20070706120518713

ACLU Slams Appeals Court Decision in NSA Surveillance Case (Press Release)

Friday, July 06 2007 @ 12:05 PM CDT Contributed by: PrivacyNews News Section: Surveillance

CINCINNATI - In a 2-1 decision, the Sixth Circuit Court of Appeals today dismissed a legal challenge to the Bush administration's warrantless surveillance program. The challenge was brought by the American Civil Liberties Union on behalf of prominent journalists, scholars, attorneys and national nonprofit organizations who say that the unchecked surveillance program is disrupting their ability to communicate effectively with sources and clients.

Even though the plaintiffs alleged a well-founded fear that their communications were subject to illegal surveillance, the court dismissed the case because plaintiffs could not state with certainty that they had been wiretapped by the National Security Agency.

The following quote can be attributed to ACLU Legal Director Steven R. Shapiro:

... "It is important to emphasize that the court today did not uphold the legality of the government's warrantless surveillance activity. Indeed, the only judge to discuss the merits clearly and unequivocally declared that the warrantless surveillance was unlawful.

... Today's decision is online at: www.ca6.uscourts.gov/opinions.pdf/07a0253p-06.pdf

More information on the case is online at: www.aclu.org/nsaspying

Source - ACLU



What's the old saying? When the only tool you have is a hammer, everything starts looking like a nail?

http://blog.brokep.com/2007/07/06/swedish-police-will-censor-the-pirate-bay/

Swedish Police will CENSOR The Pirate Bay

July 6 Filed under Piracy, Censorship by brokep

Working online gives you a lot of friends. Some of those gives you heads up when something big is going on, and sometimes really big things happen.

A couple of hours ago I got one of those - The Swedish Police is going to put The Pirate Bay in it’s child porn filter!

The filter is a voluntary system that the Swedish ISPs agree to use. They redirect DNS entries they find within this list to a page where it gives you information about why it’s blocked. The meaning of this filter is what? Real child porn is probably hidden somewhere, and we’ve been the victims of this filter wrongfully before!



How not to inspire confidence...

http://www.zdnet.com.au/news/hardware/soa/RIM-unconcerned-by-BlackBerry-bugging-software/0,130061702,339279555,00.htm

RIM unconcerned by BlackBerry bugging software

Brett Winterford, ZDNet Australia 04 July 2007 05:59 PM

Mobile device manufacturer Research in Motion (RIM) is unconcerned about a new release of software that aims to compromise the security of a BlackBerry device.

As reported yesterday, the latest version of legal spying software FlexiSPY enables remote third parties to bug the voice calls, log SMS and mobile e-mail messages and track the location of a BlackBerry user.

Ian Robertson, senior manager of security and research at RIM, said users need not be particularly worried about the capability of FlexiSPY.

"While it's the subject of some debate, I don't consider it a virus nor a Trojan, as it does require conscientious effort from the user to load the program," he said.

... Robertson said that it is not entirely true that the FlexiSPY application works without the user knowing they are being spied upon.

... Concerned users can read white papers on protecting their BlackBerry from malware here.



Perhaps they need a guide to “giving away free stuff?”

http://yro.slashdot.org/article.pl?sid=07/07/07/0330209&from=rss

RIAA Forces YouTube to Remove Free Guitar Lessons

Journal written by Bushido Hacks (788211) and posted by Zonk on Saturday July 07, @01:21AM

from the quit-trying-to-learn-things-you-ungrateful-grubs dept.

Music The Internet Bushido Hacks write

"Is it so wrong to learn how to play the guitar? According to NPR, a record company ordered YouTube to remove videos of a man who offered to show people how to play the guitar for free. One of the songs that he taught was copyrighted, and as a result over 100 of his videos were removed from the internet. 'Since he put his Web site up last year, he has developed a long waiting list for the lessons he teaches in person. And both he and Taub say that's still the best way to learn. If someone tells Sandercoe to take down his song lessons, he says he will. But his most valuable videos are the ones that teach guitar basics -- things like strumming, scales and finger-picking. And even in the digital age, no one holds a copyright on those things.' How could this constitute as infringement if most musicians usually experiement to find something that sounds familiar?"



Another “Customer Service?”

http://slashdot.org/article.pl?sid=07/07/07/063226&from=rss

Sprint Drops Customers Over Excessive Inquiries

Posted by Zonk on Saturday July 07, @03:14AM from the just-a-bit-harsh dept. The Almighty Buck Businesses Communications

theodp writes

"The WSJ confirms earlier reports that Sprint Nextel is terminating the contracts of subscribers who call customer service too much (registration required). The 1,000 or so terminated subscribers called an average of 25 times a month — 40x times higher than average — according to a company spokeswoman, who also noted that a large number of calls from these customers were related to billing issues."



Geeky, but interesting. Some ideas for researchers.

http://www.bespacific.com/mt/archives/015375.html

July 05, 2007

Companion Website to New Book: Introduction to Information Retrieval

Introduction to Information Retrieval - "This is the companion website for the following book: Christopher D. Manning, Prabhakar Raghavan and Hinrich Schütze, Introduction to Information Retrieval, Cambridge University Press, 2008."



Perhaps we could use this to broadcast our Privacy seminars?

http://dondodge.typepad.com/the_next_big_thing/2007/07/livestation-and.html

LiveStation and Silverlight deliver Live TV to your PC

LiveStation built on Silverlight brings Live TV to your PC. LiveStation is a project, currently in controlled beta, that uses technology from Microsoft and Skinkers, a UK based company. LiveStation currently rebroadcasts the BBC live, but could be expanded to other TV stations. LiveStation is delivered on Microsoft's Silverlight with extraordinary quality and crispness. The video is like watching a DVD on your PC...no jerky motion, no buffering...it is just like watching live TV.

... LiveStation uses Peer-to-Peer technology [Golly gee willikers! Perhaps not all uses of P2P are copyright infringement! Bob] to distribute the TV signal...

... Live TV, this isn't recorded TV being re-broadcast...it is live, without delay. Of course the technology could be modified to stream recorded shows or other types of content.



Practice by tasering the neighborhood pets?

http://crave.cnet.com/8301-1_105-9740224-1.html?tag=rsspr.6195219&part=rss&subj=news

Taser goes wireless

Jonathan Skillings Jul 6 2007

... Up to now, Taser stun guns have been short-range gadgets that deliver their jolt of electricity through wires linking the gun and the projectile. (Think Ben Stiller and Dustin Hoffman getting zapped in Meet the Fockers.) On Monday, the company plans to introduce its first-ever wireless device in Chicago at the Taser Tactical Conference for members of law enforcement and military organizations,

Taser's new XREP packs its neuromuscular punch in a self-contained half-ounce projectile, the company says. Another convenient feature is that the XREP can be fired from a standard 12-gauge shotgun.

Taser plans to start a field test of the XREP in the fall. After six to 12 months of testing, it's expected to get a full production release sometime in 2008. The company is being stingy about sharing details of the wireless zapper in the days before Monday's unveiling, but more than a year ago, the word was that a forthcoming Taser shotgun projectile might work at ranges approaching 100 feet.

By comparison, the consumer-oriented Taser C2 has a range of just 15 feet. Plus, those annoying wires.

Friday, July 06, 2007

Ah! Accurate and detailed data at last!

http://www.pogowasright.org/article.php?story=20070705133626686

GAO Report: Personal Information: Data Breaches Are Frequent, but Evidence of Resulting Identity Theft Is Limited

Thursday, July 05 2007 @ 01:45 PM CDT Contributed by: PrivacyNews News Section: Breaches

... GAO was asked to examine (1) the incidence and circumstances of breaches of sensitive personal information; (2) the extent to which such breaches have resulted in identity theft; and (3) the potential benefits, costs, and challenges associated with breach notification requirements.

... While comprehensive data do not exist, [Okay, maybe not so accurate... Bob] available evidence suggests...

Source - GAO-07-737 [Full Report, pdf]


...subject to spin, as always.

http://www.pogowasright.org/article.php?story=20070705173950552

Did the data breach chronologies backfire? (opinion)

Thursday, July 05 2007 @ 05:39 PM CDT Contributed by: PrivacyNews News Section: Breaches

The June GAO report, Data Breaches Are Frequent, but Evidence of Resulting Identity Theft Is Limited; However, the Full Extent Is Unknown [GAO-07-737 (pdf)] was released today.

Looking through it, it is clear that they relied heavily on data and statistics provided by Attrition.org, the Privacy Rights Clearinghouse, the Identity Theft Resource Center, and reports obtained from NY and NC under FOIA by Chris Walsh.

Although it is encouraging that that the government is actually using the data that these organizations and individuals have worked so hard to compile, some of the implications suggested by the GAO report are troubling from the perspective of a privacy advocate.

Source - Chronicles of Dissent



You might not want to call your favorite bureaucrats idiots, even when they clearly are... At least not while they are writing law or reviewing your acquisition of Doubleclick...

http://www.pogowasright.org/article.php?story=20070706050541501

Google: Our data retention is not data protection watchdogs' business

Friday, July 06 2007 @ 05:05 AM CDT Contributed by: PrivacyNews News Section: Businesses & Privacy

The retention of search engine query data is a security matter and not one for Europe's data protection officials, according to Google's global privacy chief.

Peter Fleischer said that its retention of user search data was "just not their field".

Source - The Register


This is how you do it – announce compliance as loudly as you can, then you can forget to tell IT to make any changes.

http://www.ft.com/cms/s/9a54bf38-2b5b-11dc-85f9-000b5df10621,_i_rssPage=9a36c1aa-3016-11da-ba9f-00000e2511c8.html

Microsoft and Yahoo to alter privacy policy

By Maija Palmer in London Published: July 6 2007 03:00 | Last updated: July 6 2007 03:00

Yahoo and Microsoft are preparing to announce concessions in their privacy policies in the next few weeks, as pressure mounts in Europe over the length of time internet search companies should be allowed to hold personal data.

... So far neither Yahoo nor Microsoft has specified any time limits on the data that they hold on users.



The records are public, but the public (second class citizens) can't see them.

http://www.pogowasright.org/article.php?story=20070705071926775

Ohio Newspaper Under Fire for Outing Gun Owners

Thursday, July 05 2007 @ 01:42 PM CDT Contributed by: PrivacyNews News Section: Other Privacy News

An Ohio newspaper's decision to publish the non-public records of concealed carry permit holders drew a strong response, and one gun rights advocacy group published personal but public information about the newspaper's editor.

The Sandusky Register on June 24 published the names, ages and home counties of the almost 2,700 concealed carry permit holders in its circulation area. Ohio gun laws restrict public access to concealed carry records but allow the media to access them.

Source - CNSNews.com



No doubt the response will start: “If you've got nothing to hide...”

http://www.pogowasright.org/article.php?story=20070705121853317

'An offensive invasion of privacy'

Thursday, July 05 2007 @ 01:42 PM CDT Contributed by: PrivacyNews News Section: Other Privacy News

James Herrick of Madison doesn't think it's anybody else's business how much gas and electricity he uses at home and was surprised to find this information online, where "anybody on the planet" can obtain it, anonymously.

And so, on seeing Madison Gas and Electric's searchable database of its residential customers he fired off an e-mail:

"Is there small print in my MGE service agreement that says I authorize you to release my natural gas and electricity purchase information to anyone with Internet access, or is there a law requiring utility companies to make this information publicly available?

Source - TheDailyPage.com

[From the article: MGE, in response, explained that the state Public Service Commission does indeed mandate (PSC 134.05 [5]) that utilities provide on request "either the average consumption for the prior 12-month period or figures reflecting the highest and lowest consumption amounts for the previous 12 months."



Let me see if I understand this. If I can see the code, that is automatically less secure than code I can't see? If I can look for errors/flaws/holes, that is better than not knowing they are there?

http://news.com.com/2100-1041_3-6195102.html?part=rss&tag=2547-1_3-0-5&subj=news

Feds snub open source for 'smart' radios

New FCC rules say open-source code for next-gen mobile tech has "high burden" to show it's secure. Some industry and security experts beg to differ.

By Anne Broache Staff Writer, CNET News.com Published: July 6, 2007, 4:00 AM PDT

Mobile-gadget makers are starting to take advantage of software-defined radio, a new technology allowing a single device to receive signals from multiple sources, including television stations and cell phone networks.

But a new federal rule set to take effect Friday could mean that radios built on "open-source elements" may encounter a more sluggish path to market--or, in the worst case scenario, be shut out altogether. U.S. regulators, it seems, believe the inherently public nature of open-source code makes it more vulnerable to hackers, leaving "a high burden to demonstrate that it is sufficiently secure."

... By effectively siding with what is known in cryptography circles as "security through obscurity," the controversial idea that keeping security methods secret makes them more impenetrable, the FCC has drawn an outcry from the software radio set and raised eyebrows among some security experts.


Perhaps they should read this!

http://www.bespacific.com/mt/archives/015363.html

July 05, 2007

Report - Toward a Safer and More Secure Cyberspace

Toward a Safer and More Secure Cyberspace, Seymour E. Goodman and Herbert S. Lin, Editors, Committee on Improving Cybersecurity Research in the United States, National Research Council, 272 pages, pre-publication copy, 2007.

  • "Toward a Safer and More Secure Cyberspace examines the vulnerabilities of the Internet and offers a strategy for future research aimed at countering cyber attacks. The report also explores the nature of online threats and some of the reasons why past research for improving cybersecurity has had less impact than anticipated."



It may be cheaper to pay the fine...

http://www.pogowasright.org/article.php?story=20070705091950314

Court holds Belgian ISP responsible for file-sharing

Thursday, July 05 2007 @ 10:52 AM CDT Contributed by: PrivacyNews News Section: Non-U.S. News

A court has ruled that the Belgian ISP Scarlet Extended is responsible for blocking illegal file-sharing on its network, setting a precedent that could affect other ISPs in Europe, according to a recording industry group.

Belgium's Court of First Instance has given the Internet service provider six months to install technology to prevent its customers from sharing pirated music and video files, the International Federation of the Phonographic Industry said. If it fails to do so it will be fined €2,500 ($3,400) per day, according to the ruling, published June 29.

Source - InfoWorld



Amusing...

http://www.bespacific.com/mt/archives/015374.html

July 05, 2007

Map and List Provide Links to All Current Google Products

From Zorgloob Logiciels, a very large, visual representation of the extensive range and variety of Google products [via Google Blogoscoped]. If you prefer all this information in a list format, along with associated icons, descriptions of the services (in French) and links directly to them, one can find that information here.



For my fellow Intel buffs

http://www.bespacific.com/mt/archives/015370.html

July 05, 2007

On the Trail of Military Intelligence History: A Guide to the Washington, DC, Area

"A new pamphlet from the U.S. Army Intelligence and Security Command (INSCOM) History Office describes locations in and around Washington, D.C. that have significant associations with the history of U.S. military intelligence." [via Secrecy News]



Is this a good news/bad news kind of thing?

http://www.eweek.com/article2/0,1759,2155210,00.asp?kc=EWRSS03119TX1K0000594

Data Deposit Box Stores Data Safely Off-Site

July 5, 2007 By Daniel P. Dern

When it comes to backing up your data—be it of a business or personal nature—you can't be too thorough. Backup options such as CDs or DVDs, external hard drives, NAS appliances, or USB sticks offer a partial solution, but these local storage solutions leave your backup data vulnerable to any number of local disasters.

Online storage services, such as Data Deposit Box (www.DataDepositBox.com), from Acpana Business Systems, can help patch the gaps in your backup plans by storing your data safely off-site.

... Data Deposit Box accounts may be shared by multiple users running multiple computers, and the account holder may choose whether to extend full or restricted access to those using the account.



Does this sample reflect the population? Or is there a higher proportion of sex offenders online?

http://www.techzonez.com/comments.php?shownews=21607

New Jersey says 141 sex offenders used MySpace

Posted by Reverend on 05 Jul 2007 - 20:08 GMT | 0 comments Previous Post | Main | Next Post

Techzonez More than 140 sex offenders convicted in New Jersey had profiles on the networking Web site MySpace, the state's attorney general said on Tuesday.

New Jersey is among several states leading the way in working with MySpace to curb online sexual predators.

Of the 141 sex offenders identified as having been active on MySpace, 80 were found to be on parole or probation, and officials are working to determine if those individuals violated the terms of their sentences, said David Wald, a spokesman for New Jersey Attorney General Anne Milgram.

The identified individuals may now be subject to tougher prohibitions against using the Internet, Wald said.

Those identified are among a national total of about 7,000 registered sex offenders whose names were deleted and handed over by Fox Interactive Media, the owner of MySpace, to law enforcement authorities in all 50 states in late May.

Full story: Reuters



Speaking of sex offenders...

http://rawstory.com/news/2007/Judge_lifts_injuction_on_DC_madam_0705.html

Judge lifts injunction on 'DC madam' phone records

Josh Catone Published: Thursday July 5, 2007

A judge in the US district court in Washington, D.C. has lifted the temporary restraining order (TRO) preventing the so-called 'DC madam,' Deborah Jeane Palfrey, from selling or distributing the list of phone records from her escort business.

"The List in question is the Defendant's personal property," wrote judge Gladys Kessler, "and contains only a log of telephone numbers. It was neither seized by the Government when it searched the Defendant's residence in California, nor listed in the Indictment putting the Defendant on notice as to which items of her property were subject to forfeiture."

... Earlier this week, in an interview with the Vallejo Times, Palfrey said she would make the 46 pounds of Sprint phone records available to any member of the media, including bloggers.

... You can read the full court decision here (PDF).



Because free is good!

http://www.computerworld.com/action/article.do?command=printArticleBasic&articleId=9026125

15 free security programs that work

Preston Gralla



Free tools is good!

http://www.killerstartups.com/WebApp-Tools/udutu--DIY-Course-Authoring-for-Educators-Near-You/

Udutu.com - DIY Course Authoring for Educators Near You

posted 6 Hours 50 Minutes ago by Siri

Do-it-yourself app platforms have lately become popular, will the same go for self-made online education tools? Udutu now provides a means for educators or small businesses to get in on the elearning trend that has been limited to larger organizations till now. Subject matter experts can create their own courses accessible anywhere, without needing an IT department. Creating and customizing your courses is painless with Udutu’s WYSIWYG software. They provide the tools to make your courses more interactive quickly and easily. Udutu can be used by teachers, corporate trainers, human resource managers and even professors and government administrators. Users are charged not for authoring or using the software but for using Udutu’s servers; they charge $1 per screen per month. Demonstrations are available as well as professional tips and guidance

Thursday, July 05, 2007

Pretexting made simple

http://www.heise-security.co.uk/news/92108

Manage your BT account insecurely on-line

Report of 03.07.2007 13:05

Two independent sources that wish to remain anonymous have reported to heise Security that BT's online account management service has a serious flaw. Apparently, anyone in possession of basic information available from a printed phone bill can create a profile from which they can inspect and manage your telephone account, even if you already make use of this service yourself.



If we remove the nonessential, illogical, frivolous, etc. we could get it down to zero!

http://slashdot.org/article.pl?sid=07/07/04/1657245&from=rss

Minisode Network Condenses TV Shows to Under Six Minutes

Posted by ScuttleMonkey on Wednesday July 04, @03:38PM from the readers-digest-television dept.

CNN is reporting on a (relatively) new website called the Minisode Network that allows users to watch popular television shows that have been strategically condensed down to somewhere between four and six minutes. "Don't think of the Minisode Network as a brand-new Web site. Think of it as a long-overdue public service. That is, who among us hasn't felt the double-edged sword of our media age: So much video from TV, DVDs, the Internet and even cell phones ... but too little time to watch it all? The Minisode Network has a solution. Launched in June as a broadband channel on the MySpace site, it offers, for our streaming pleasure, episodes of vintage Sony Pictures Television series like 'Silver Spoons,' 'Starsky & Hutch,' 'Diff'rent Strokes' and even Ricki Lake's talk show."



Technology secrets revealed: Ever wonder why the cursor moves so smoothly?

http://www.1-click.jp/

Wednesday, July 04, 2007

Unusual for BeSpacific to report incidents like this...

http://www.bespacific.com/mt/archives/015357.html

July 03, 2007

Largest Single Personal Data Breach to Date Involves Info on 2.3 Million Customers

Press release: "Fidelity National Information Services, Inc. announced today that its subsidiary, Certegy Check Services, Inc., a service provider to U.S. retail merchants, based in St. Petersburg, Fla., was victimized by a former employee who misappropriated and sold consumer information to a data broker who, in turn, sold a subset of that data to a limited number of direct marketing organizations... The misappropriated information included names, addresses and telephone numbers as well as, in many cases, dates of birth and bank account or credit card information. Approximately 2.3 million records are believed to be at issue, with approximately 2.2 million containing bank account information and 99,000 containing credit card information. The company is still investigating the time period over which the misappropriations occurred."


More...

http://www.rttnews.com/sp/breakingnews.asp?date=7/3/2007&item=101

Fidelity National Information Services Says Employee Sole Customer Data [FIS]

... As a result, the company's customers receive marketing solicitations, though there is no evidence of fraud.

Though the company did not name the worker, [see next article Bob] Certegy said it has filed a civil lawsuit against him and the marketers in a state court in Pinellas County, Florida. The company does not expect that the costs to implement this action plan will materially impact financial results.

This theft came to light when one of Certegy's retail check processing customers alerted Certegy to a correlation between a small number of check transactions and the receipt by the retailer's customers of direct telephone solicitations and mailed marketing materials. With the help of the U.S. Secret Service, the company figured that the theft was done by a senior level database administrator, who was entrusted with defining and enforcing data access rights.


More...

http://www.themoneytimes.com/news/20070704/2_3m_consumer_records_stolen-id-105819.html

2.3M consumer records stolen

by MT Bureau - July 4, 2007 - 0 comments

... The worker, William G. Sullivan, sold the information to a data broker identified as Jam Marketing, which in turn sold some of the information to direct marketing companies, said Certegy, a subsidiary of Fidelity National Information Services Inc. of Jacksonville, Fla.

... The company is still determining when the misappropriations occurred.

... It also said it believed it would be able to get the data back from the marketing companies and prevent future misuse.



Question for the legal guys: If I download from the MPAA (or its agent) could I not claim that the copyright holder made the movie available for free and since I was not offering it for download or making money on it, they have no beef with me?

http://www.zeropaid.com/news/story.php?id=8877

Gotcha! New MPAA Site Tries to Trick Users into Illegally Downloading Movies

posted by soulxtc in bittorrent // 10 hours 46 minutes ago

Also offers the ability to download video content using a custom client which also scans if the user has downloaded copyrighted files. [Installing software a la Sony... Bob]

MediaDefender Inc, the "leading provider of anti-piracy solutions in the emerging Internet-Piracy-Prevention (IPP) industry" has launched a website called "MiiVi" dedicated to busting those who both like to download copyrighted content as well as those who already have.

The site is apparently the latest ploy in the ongoing battle against illegal file-sharing and literally takes the game to new heights. It offers WHOLE DOWNLOADS of movies as well as the ability to download and install a "miraculous" new program that offers "fast and easy downloading all in one great site." There's just one problem: the site's registered to MediaDefender Inc. and it's army of prying eyes are just nipping at the bud to take down those who are unaware.

The site was apparently registered on March 11, 2007. and unfortunately who knows how many poor souls have fell victim to this latest malfeasance by an MPAA sponsored organization. Luckily however, Brokep over at the Pirate Bay gave me a heads up on the situation and I report back to you with haste to avoid the site and warn others to do so as well.



Notice how quickly we responded to this attack... We got divisions of tanks to the middle east faster!

http://www.infoworld.com/article/07/07/03/US-government-sending-team-to-Estonia_1.html?source=rss&url=http://www.infoworld.com/article/07/07/03/US-government-sending-team-to-Estonia_1.html

After attacks, US government sending team to Estonia

Nearly two months after Estonia was hit with widespread DDOS attacks, the U.S. is dispatching investigators to research the incident

By Robert McMillan, IDG News Service July 03, 2007

Two months after much of Estonia's online infrastructure was targeted by an online attack, the U.S government is sending cyberinvestigators to help the Baltic state better understand what happened.

... Early press reports linked the attacks to Russia, exacerbating tensions between the two countries, but investigators now say that it is unclear who exactly was behind the incident.

"The data that we have does not speak to who's behind it. There's no smoking gun," said Jose Nazario, senior security engineer with Arbor Networks, who has studied the attacks.

... Garcia said that members of US-CERT could learn how the U.S. should respond if faced with a similar attack. "It's a little bit more complicated than conventional warfare," he said. "It's a little difficult to trace back where a particular attack is coming from, which makes it more difficult to respond."

Arbor Networks' Nazario agreed that investigators will get a much clearer picture of how the attacks evolved over time. "They can basically learn what ... technologies and what techniques worked under those attacks," he said.



Update

http://www.bespacific.com/mt/archives/015353.html

July 03, 2007

Cross-Border Privacy Law Enforcement

Cross-Border Privacy Law Enforcement Website: "On 12 June 2007, the OECD Council adopted a new Recommendation setting forth a framework for co-operation in the enforcement of privacy laws. The framework reflects a commitment by governments to improve their domestic frameworks for privacy law enforcement to better enable their authorities to co-operate with foreign authorities, as well as to provide mutual assistance to one another in the enforcement of privacy laws."

See also:

  • BBC: "The world's leading industrialised nations have been forced to update privacy laws made obsolete by the huge volume of data moving around the net."



Attention Virtual Lawyers

http://gigaom.com/2007/07/04/second-life-avatar-sued-for-copyright-infringement/

Second Life Avatar Sued for Copyright Infringement

Written by Wagner James Au Wednesday, July 4, 2007 at 2:10 AM PT

Right in time for the July 4th holiday week (after all, what’s more American than demanding your day in court?), businessman Kevin Alderman and his lawyer have just filed suit against someone who goes by the name Volkov Catteneo, for copyright infringement.

This would be just one IP dispute in thousands handled by US courts every day, except for two unique features: the contention is over a virtual sex bed which doesn’t exist, and the named defendant also doesn’t exist. As such, the suit will establish an enormous precedent in the new realm of virtual world law, however it shakes out.

I should back up and explain those last three sentences.

Linden Lab, the company which provides Second Life’s virtual land (i.e. server grid) and means to explore it (i.e. interface software and currency) has since late 2003 allowed its users to retain the underlying intellectual property rights to all objects and programs created in the world with its internal building and scripting tools.

This policy unleashed enormous user-created innovation, and enabled thousands of users to make a living with their virtual content creation. Alderman, known in Second Life as Stroker Serpentine (pictured) is one of SL’s leading entrepreneurs; his SL-based adult entertainment industry has become so successful, he recently sold his X-rated Amsterdam island in Second Life to a real world Dutch media firm for $50,000 very real dollars.

For the last fours years, this IP rights policy has been working more less as designed, but those who follow the virtual world business have been waiting for the other shoe to drop: what happens when one avatar tries to sue another avatar for copyright infringement in an actual court?

It finally has: Alderman/Serpentine believes Catteno is selling unauthorized copies of his SexGen bed, a piece of furniture with special embedded animations that enable players to more or less recreate an adult film with their avatars. Alderman sells his version for the L$ equivalent of USD$45, and they’ve helped make his fortune. Catteno is selling his alleged knockoff for a third that price, undercutting him.

But who does Kevin Alderman sue? Since SL users have no obligation to reveal their real life identity to other players, all the relevant data exists only on Linden’s servers and files. This is why Alderman is threatening to subpoena Linden Lab for this data, so he can bring the real person behind Catteno to trial.

... Trouble is, Catteno tells Reuters he doesn’t have any real world data on file with Linden Lab. (A plausible claim; since ‘06, it’s no longer necessary to register a credit card or other identifying data with Linden Lab.) I imagine the company could supply Alderman and his lawyer’s with Catteno’s IP address, and let them deal with it from there. Or if it goes forward in court, perhaps the judge will review the case, decide it’s fundamentally nuts, and toss it. Then again, the court might let it go to trial, as it did with another user lawsuit against Linden Lab, and what happens then is anyone’s guess.



Think this will spread?

http://technology.guardian.co.uk/news/story/0,,2115426,00.html

Police aid piracy watchdog over filesharing claims at Honeywell

Katie Allen Saturday June 30, 2007 The Guardian

The UK record industry has widened its anti-piracy net to the corporate world with an investigation into allegations of an illegal music filesharing network at a British office of the US industrial and aerospace company Honeywell.

... The BPI said: "The operation follows a two-month investigation into alleged music filesharing at Honeywell, which began after an employee of the company provided the BPI with evidence of thousands of music files being shared illegally on the company's servers."



The iPhone didn't remain mysterious for long...Even though these are not serious hacks, I suspect the “good ones” are already in play. (Also note that the hackers waited until the iPhone actually went on sale, deflecting suspicion from insiders...)

http://apple.slashdot.org/article.pl?sid=07/07/03/1622212&from=rss

iPhone Root Password Hacked in Three Days

Posted by Zonk on Tuesday July 03, @01:02PM from the not-that-it-will-do-anybody-any-good dept. Security Handhelds Communications Apple

unPlugged-2.0 writes "An Australian developer blog writes that the iPhone root password has already been cracked. The story outlines the procedure but doesn't give the actual password. According to the story: 'The information came from an an official Apple iPhone restore image. The archive contains two .dmg disk images: a password encrypted system image and an unencrypted user image. By delving into the unencrypted image inquisitive hackers were able to discover that all iPhones ship with predefined passwords to the accounts 'mobile' and 'root', the last of which being the name of the privileged administration account on UNIX based systems.' Though interesting, it doesn't seem as though the password is good for anything. The article theorizes it may be left over from development work, or could have been included to create a 'false trail' for hackers."


From DVD Jon – it is interesting the things that interest him

http://nanocr.eu/2007/07/03/iphone-without-att/

iPhone Independence Day

July 3rd, 2007

I’ve found a way to activate a brand new unactivated iPhone without giving any of your money or personal information to AT&T NSA. The iPhone does not have phone capability, but the iPod and WiFi work. Stay tuned!



Got research tools?

http://www.askreamaor.com.nyud.net:8080/search-engines/8-ways-for-searching-the-dark-web-beyond-google/

8 Ways for Searching the Dark Web - Beyond Google!

July 3, 2007 at 13:37 · Filed under Search Engines

Tuesday, July 03, 2007

Interesting article with a fair amount of detail...

http://www.pogowasright.org/article.php?story=20070702070239133

South Floridians victimized by medical identity theft

Monday, July 02 2007 @ 07:31 AM CDT Contributed by: PrivacyNews News Section: Medical Privacy

As front desk coordinator at Cleveland Clinic in Weston, Isis Machado was in a prime position to steal medical records.

... In May, federal officials said they had arrested 38 people in connection with $142 million in Medicare fraud in Miami-Dade County — much of it related to medical ID theft. Suspects allegedly set up phony medical equipment dealerships and stole or bought Medicare numbers to bill the government for power wheelchairs, walkers and other equipment.

... One of the most troubling aspects is that organized crime rings, including the Russian mafia, are buying small health clinics in major cities and turning them into medical ID theft units.

Source - Sun-Sentinel



New and updated reports....

http://www.pogowasright.org/article.php?story=20070702072511862

Data “Dysprotection:” breaches reported last week

Monday, July 02 2007 @ 07:36 AM CDT Contributed by: PrivacyNews News Section: Breaches

A recap of incidents or privacy breaches reported last week for those who enjoy shaking their head and muttering to themselves with their morning coffee.

Data “dysprotection:” breaches reported last week



As more software companies provide “automatic” updates in the background, hacking into these tools becomes more and more attractive. (At what point will use of Windows become more of a security burden than it is worth?)

http://www.pogowasright.org/article.php?story=2007070210065364

Forget about the WGA! 20+ Windows Vista Features and Services Harvest User Data for Microsoft - From your machine!

Monday, July 02 2007 @ 10:06 AM CDT Contributed by: PrivacyNews News Section: Internet & Computers

Are you using Windows Vista? Then you might as well know that the licensed operating system installed on your machine is harvesting a healthy volume of information for Microsoft. In this context, a program such as the Windows Genuine Advantage is the last of your concerns. In fact, in excess of 20 Windows Vista features and services are hard at work collecting and transmitting your personal data to the Redmond company.

Microsoft makes no secret about the fact that Windows Vista is gathering information. End users have little to say, and no real choice in the matter. The company does provide both a Windows Vista Privacy Statement and references within the End User License Agreement for the operating system. Combined, the resources paint the big picture over the extent of Microsoft's end user data harvest via Vista.

Source - Softpedia (h/t, Slashdot)



Will this be enough to keep presidential candidates from making the same statement?

http://www.pogowasright.org/article.php?story=20070702072303512

Lieberman calls for wider use of surveillance cameras (updated)

Monday, July 02 2007 @ 10:29 AM CDT Contributed by: PrivacyNews News Section: Surveillance

Sen. Joe Lieberman (D-Conn.), the chairman of the Senate Committee on Homeland Security and Governmental Affairs, said Sunday he wants to “more widely” use surveillance cameras across the country.

“The Brits have got something smart going in England, and it was part of why I believe they were able to so quickly apprehend suspects in the terrorist acts over the weekend, and that is they have cameras all over London and other of their major cities,” Lieberman said.

“I think it’s just common sense to do that here much more widely,” he added. “And of course, we can do it without compromising anybody’s real privacy.”

Source - The Hill Related - NY Daily News



This is the back side of access limitations. If your employees can't get into trouble by entering unauthorized transactions, what is left to monitor? Lots, as it turns out...

http://www.infoworld.com/article/07/07/02/Transaction-monitoring-specialist-Nice-adds-Actimize_1.html?source=rss&url=http://www.infoworld.com/article/07/07/02/Transaction-monitoring-specialist-Nice-adds-Actimize_1.html

Transaction monitoring specialist adds Actimize

Actimize is being snapped up by Nice Systems as the customer interaction specialist seeks to add insider fraud detection to its array of business analytics tools

By Matt Hines, IDG News Service July 02, 2007

Responding to the need among businesses to monitor employee activity for signs of potential cybercrime and fraud, behavior analysis specialist Actimize is being acquired by Nice Systems for roughly $280 million.

... Nice's existing software offers the ability for companies to track and monitor phone calls, e-mails, and other customer-oriented interactions to gauge their overall quality and look for potential issues as well as to respond to complaints and weed out troublesome employees.

... Actimize claims that its customers can use applications like its Employee Fraud Prevention software to scan through large volumes of database file-access logs and other transaction-related data to determine if workers are trying to steal information from sensitive records or pass it along to others.

In addition to watching out for clear policy violations, such as employees who open sensitive files that they do not have permission to view, [indicates their security software is not working properly. Bob] Actimize's applications also look for more subtle behavior patterns which could indicate inappropriate activity, such as workers who spend inordinate amounts of time viewing particular records or use Webmail sites simultaneous to their use of protected systems.



Will this become the new SPAM?

http://online.wsj.com/article/SB118334106678254898.html

Murder, She Texted: Wireless Messaging Used to Fight Crime

By LI YUAN July 2, 2007; Page B1

Three weeks ago, when police in The Hague in the Netherlands got a report that a boat had been stolen, they sent out a text message about the case to residents who had signed up to receive neighborhood crime alerts on their cellphones.

An hour later, a woman bicycling along a canal who got the message notified police via a phone call that she saw a boat that met the description. The boat was found and the thief arrested. "They're the eyes on the street," says a spokesperson for The Hague's police department.

Text messaging, a form of wireless communication that's gaining traction in the U.S., is turning into an effective crime-fighting tool around the world. Police agencies from Beijing to Boston are encouraging citizens to use it to report crime or inform on criminals.

... Even the U.S., which had lagged in adopting text messaging, is catching up in using it to combat crime. In June, the Boston Police Department launched a new "Text a Tip" program to increase cooperation with police among young people, who are heavy text-message users, says Commissioner Ed Davis. Text messaging provides them a more discreet way to communicate with police than phone calling, he says. [What am I missing here? Bob]

Under the program, witnesses can text the word "TIP" to the number 27463 (CRIME). They will receive automated messages that ask specific questions regarding crime categories, physical description of suspects, weapon types and other useful details. Witnesses can provide the information by replying to the messages. Cellphone numbers are completely blocked to ensure anonymity, says a spokeswoman. [...and yet they can send messages back to those phones? Bob]

... Last year, police in The Hague started using text messaging to send out mass alerts when fighting serious crime. After a 2005 murder case went unsolved for months, police sent out text messages to about 6,000 cellphone numbers that were believed to be in use near the murder scene, [SPAM? Bob] asking for potential witness tips. The case remains unsolved.



I guess not everyone understands technology...

http://www.wired.com/politics/security/magazine/15-07/st_cia

In Italy, CIA Agents Were Undone By Their Cell Phones

Matthew Cole Email 06.26.07 | 2:00 AM

The CIA needs to get a Q. James Bond's gadget guru surely would have warned the agency about how easy it is to track calls made via cell phone. Now 25 of its agents are facing trial in absentia in Milan, Italy, this summer — undone by their pathetic ignorance of technology. It seems that cellular data exposed their operation to carry out the "extraordinary rendition" (read: illegal abduction) of an Egyptian cleric suspected of terrorist involvement from a Milan street in 2003.



Turning your employees against you? This could push unhappy employees into the disgruntled category...

http://www.infoworld.com/article/07/07/02/bsa-raises-reward_1.html?source=rss&url=http://www.infoworld.com/article/07/07/02/bsa-raises-reward_1.html

BSA raises reward to $1M for reports of piracy

Trade group will pay the new reward amount for accurate reports of software copyright infringement between now and Oct. 2

By Grant Gross, IDG News Service July 02, 2007

The Business Software Alliance (BSA) has temporarily raised the reward that's part of controversial program encouraging people to report software piracy from $200,000 to $1 million, the trade group announced Monday.



Challenges are becoming more common. Also more common is a request for technical (and legal) help to defeat what is seen as an evil (Luddite?) RIAA. (Someone should develop a business model to structure and market this resource.)

http://ask.slashdot.org/article.pl?sid=07/07/03/0025236&from=rss

Is RIAA's Linares Affidavit Technically Valid?

Posted by kdawson on Monday July 02, @11:51PM from the helping-out-the-judge dept. The Courts

NewYorkCountryLawyer writes "In support of its ex parte, 'John Doe,' discovery applications against college students, the RIAA has been using a declaration by its 'Anti-Piracy' Vice President Carlos Linares (PDF) to show the judge that it has a good copyright infringement case against the 'John Does.' A Boston University student has challenged the validity of Mr. Linares's declaration, and the RIAA is fighting back. Would appreciate the Slashdot community's take on the validity of Mr. Linares's 'science.'"



Perhaps the RIAA should negotiate the location of the anti-missile shield?

http://techdirt.com/articles/20070702/143923.shtml

Russia Shuts Down Allofmp3, International Trade Can Now Resume

from the they're-working-for-you dept

The music industry has felt threatened by Allofmp3.com for quite some time. After all, a site delivering DRM-free music at a low cost is record labels' worst nightmare. The RIAA's always-intense lobbying efforts paid off when it got the US government to threaten Russia that unless it shut down the site, it wouldn't be admitted to the World Trade Organization. They've now gotten what they paid for their wish, as Allofmp3.com has now been shut down, after pressure from the Russian government. But in a move to highlight the utter pointlessness of all of this, the company behind Allofmp3 -- which has shown little concern for the flap over the WTO -- has already set up another site, Mp3sparks.com, which appears nearly identical to Allofmp3. The company says it's setting aside 15 percent of its revenues to pay royalties to record labels, and is considering paying another 5 percent on top of that, even though it's not legally required to do so. Of course, that's not likely to matter to the labels, which sued Allofmp3, even though it had apparently been trying to pay royalties to them, in accordance with Russian law. The typically misguided approach of the music industry here is obvious, though it's more than a little annoying to see the recording industry (yet again) get the government to do its bidding -- particularly when the US government ignores the WTO on other matters, when it's convenient.



Good lobbying? Or no particular strategy on Massachusetts' part?

http://www.eweek.com/article2/0,1759,2153821,00.asp?kc=EWRSS03119TX1K0000594

Mass. Embraces MS' Open XML Document Format

By Peter Galli July 2, 2007

The commonwealth of Massachusetts has done a 180 degree turn and decided to support Microsoft's Office Open XML format in addition to the OASIS Open Document Format.



No doubt this will prove of significant scientific value...

http://digg.com/music/Ask_Al_Gore_a_Question_Live_Webcast_on_Thursday_July_5

Ask Al Gore a Question: Live Webcast on Thursday, July 5

Before Madonna performs her new song or Spinal Tap inspires some consciousness-raising headbanging at Live Earth, Al Gore wants to talk global warming and going green with you. In an exclusive webcast at 1:30 pm Eastern time on July 5, Gore will answer reader-submitted questions about the climate crisis. What do you want to know from the former VP?

http://www.treehugger.com/files/2007/07/al_gore_on_live.php