Saturday, August 25, 2007

Let's hope that the damage doesn't escalate like it does in most data spills.

http://www.pogowasright.org/article.php?story=20070824160540873

OK: Law enforcement system breached

Friday, August 24 2007 @ 04:05 PM CDT Contributed by: PrivacyNews News Section: Breaches

Private information may have been leaked inadvertently from a statewide law enforcement computer system at three Oklahoma law enforcement agencies.

The Department of Public Safety announced Friday it discovered the first-ever security breach in the Oklahoma Law Enforcement Telecommunication System, which could put some Oklahomans at risk for identity theft.

The breach affected only the Elk City and Eufaula Police Departments and Kiowa County Sheriff's Office, Capt. Chris West said. The agency is urging anyone who has had contact with those agencies to check their credit report as soon as possible to see whether their information has been compromised.

West initially would not say in what timeframe the breach occurred or how long security had been compromised at those locations.

Source - NewsOK

[From the article:

Eufaula Police Chief Don Murray said he first learned about the problem about 11 a.m. Friday. [Same day notice? Wow! Bob]

Murray said the state provided the computer his dispatchers use to access the telecommunications system and he didn't know it was capable of doing anything else. [Not unusual. The problem is managers don't specify that they should be limited in what they can do... Bob]



Somehow I don't trust this statement...

http://www.pogowasright.org/article.php?story=20070824083524755

MedicAlert says accessed info didn't hurt clients

Friday, August 24 2007 @ 11:20 AM CDT Contributed by: PrivacyNews News Section: Breaches

Information inappropriately e-mailed to her own account by a former MedicAlert alert employee did not compromise the financial records of the company's 4 million members, its chief executive said Thursday.

Investigators arrested Andrea Terry on Wednesday on suspicion of e-mailing information about 10,000 MedicAlert clients to an outside account she controlled.

MedicAlert CEO Paul Kortschak said those records did not include medical information, Social Security numbers or bank-related data. ... Stanislaus County Sheriff's Detective Lydell Wall said the information Terry accessed consisted of a list of member names and a corresponding client identification number.

Source - Modesto Bee

[From the article:

Aside from identity theft, Wall said, the information could be used to pick out vulnerable seniors, [See? No problem. Bob] or a competitor could take advantage of it.

Terry, 43, was booked at the Stanislaus County Jail on Wednesday on suspicion of using a computer without authorization. [Her own computer? Bob] She was released after posting a $10,000 bond, Wall said.

MedicAlert dismissed Terry on May 8 and hired her back as a consultant May 29, police said. As a consultant, she worked from home, police said. On Aug. 15, she was given notice that her contract would not be renewed.

Kortschak said the company worked closely with the Turlock Police Department to ensure that Terry did not have a chance to use the information she sent herself.[Huh? Bob] "We were able to cut it off very quickly," he said.

Wall said MedicAlert's information technology department tracked the e-mail Terry sent herself, prompting the company to contact law enforcement officers. [More likely, looked into the e-mail she (stupidly) sent via the companies mail server. Bob]



If I read this one right, clicking on SPAM that takes you to a child porn site is sufficient to convict under this reading of the law. (Nothing you can do will reverse that interpretation?) If the SPAM takes you to an Al Qaeda site, you could wind up in Guantanamo.

http://www.law.com/jsp/article.jsp?id=1187859734533

Pa. Court: Viewing Child Porn on Computer Enough for Possession

Gina Passarella The Legal Intelligencer 08-24-2007

The Pennsylvania Superior Court isn't buying the argument that a man who viewed child pornography on his computer, but didn't save the images, couldn't be charged with possession of child pornography.

A 7-2 en banc Superior Court panel in Commonwealth v. Diodoro reversed a prior three-judge panel that found there was not sufficient evidence to show Anthony Diodoro downloaded or saved the images of child pornography he viewed.

In the latest majority opinion, Judge Correale F. Stevens said §6312(d) of the Crimes and Offenses Code, which prohibits the possession of child pornography, clearly states that anyone who "possesses or controls" child pornography is guilty of a third-degree felony.

Diodoro, who freely admits that he viewed at least 30 images of child pornography, argued that he never possessed them.

"[Diodoro's] actions of operating the computer mouse, locating the Web sites, opening the sites, displaying the images on his computer screen, and then closing the sites were affirmative steps and corroborated his interest and intent to exercise influence over, and, thereby, control over the child pornography," Stevens said.

He added that while Diodoro was viewing the pornography, he had the ability [but never did? Bob] to download, print, copy or e-mail the images.

... Klein said the Legislature didn't include the word "viewing" in the statute, and the judges shouldn't write it in.

"If the Legislature fails to keep up with modern technology, it is not our responsibility to correct its oversight," he said.

... "If a person intentionally enters the Philadelphia Art Museum to view Cezanne's bathers, one would not say that that person 'possesses or controls' the painting," Klein wrote. "Why should it be different if a person visits the museum's Web site ... and clicks on the part of the site that shows images of the same Cezanne bathers?"

... The decision was a big win for Delaware County District Attorney G. Michael Green, who heads up the state's Internet Crimes Against Children Task Force out of his office.

He said the ruling has broader applications in an age when computer-based information is being used in cases involving drugs, homicide and domestic relations. Green said there really is no possession of data in the traditional sense in the virtual world, but people can control the data.



Ubiquitous surveillance.

http://digg.com/offbeat_news/13_Freaky_Hidden_Surveillance_Cameras_photos

13 Freaky Hidden Surveillance Cameras - [photos]

You never know who's watching. Or from where.

http://www.rotolactor.com/wireless_surveillance_camera_01.htm



Interesting variations.

http://ralphlosey.wordpress.com/2007/08/22/uniform-law-commission-approves-model-e-discovery-rules/

Uniform Law Commission Approves Model e-Discovery Rules

The Uniform Law Commissioners have now adopted model rules of e-discovery for use by state courts. Uniform Rules Relating To Discovery of Electronically Stored Information. The proposed uniform rules of civil procedure essentially clone the bigger federal rules.

... The Draft Text of the Rules included Prefatory and Reporters Notes, which, as always, were excluded from the final version approved as a model to be adopted by the states. The Notes are not intended to be authoritative, but still are interesting to understand the thinking behind the committee that prepared the rules. You might want to review the Draft Text for that reason.



A big deal?

http://www.bespacific.com/mt/archives/015803.html

August 24, 2007

Free, Full-text Searchable Database of Supreme Court and Federal Appellate Case Reports

AltLaw Beta: "The law is meant to belong to the people, but it can be surprisingly hard to find. Case reports, a major part of the laws of the United States, are hard to get at, and even when on the Internet, rarely searchable. To get full access you generally need either a library of law reports, or an expensive subscription to an online database, which can cost hundreds of dollars per hour. AltLaw is a small effort to change that—to make the common law a bit more common. AltLaw provides the first free, full-text searchable database of Supreme Court and Federal Appellate case reports. It is a resource for attorneys, legal scholars, and the general public."

  • "Coverage, for most Circuits, limited to about the last 10 to 15 years. West Reporter Citations...not yet available (work in progress). As of yet, no state law or district court cases.
    AltLaw is a joint project of Columbia Law School’s Program on Law and Technology, and the Silicon Flatirons Program at the University of Colorado Law School. AltLaw was written by Stuart Sierra and Paul Ohm, with help from Luis Villa, and produced by Tim Wu."


Even less of a big deal?

http://www.pogowasright.org/article.php?story=20070824135200344

Open Access to Law: Swiss Data Privacy Cases Now Online

Friday, August 24 2007 @ 01:52 PM CDT Contributed by: PrivacyNews News Section: Non-U.S. News

I’m delighted to announce that our Research Center for Information Law at the University of St. Gallen - usually focusing more on basic research rather than implementing project work - has just launched an online data privacy case law collection (in German and French) that features the entire collection of cases decided by the Swiss Commission for Data Privacy and Freedom of Information from 1993 - 2006.



Research tool for money launderers...

http://www.bespacific.com/mt/archives/015804.html

August 24, 2007

Agencies Release Revised Bank Secrecy Act/Anti-Money Laundering Examination Manual

Press release: "The Federal Financial Institutions Examination Council (FFIEC) today released the revised Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Examination Manual (405 pages, PDF). The revised manual reflects the ongoing commitment of the federal and state banking agencies and the Financial Crimes Enforcement Network (FinCEN) to provide current and consistent guidance on risk-based policies, procedures, and processes for banking organizations to comply with the BSA and safeguard operations from money laundering and terrorist financing. The 2007 version further clarifies supervisory expectations since the July 28, 2006, update. The revisions again draw upon feedback from the banking industry and examination staff."



For your Security Manager...

http://it.slashdot.org/article.pl?sid=07/08/24/179247&from=rss

Forensics On a Cracked Linux Server

Journal written by Noryungi (70322) and posted by kdawson on Friday August 24, @01:33PM from the hmmm-ls-looks-funny dept.

This blog entry is the step-by-step process that one administrator followed to figure out what was going on with a cracked Linux server. It's quite interesting to me, since I have had the exact same problem (a misbehaving ls -h command) on a development server quite a while back. As it turns out, my server was cracked, maybe with the same tool, and this analysis is much more thorough than the one I was able to do at the time. If you've ever wondered how to diagnose a Linux server that has been hijacked, this short article is a good starting point.



When your day job gets boring...

http://www.cosic.esat.kuleuven.be/keeloq/

How To Steal Cars — A Practical Attack on KeeLoq

KeeLoq is a cipher used in several car anti-theft mechanisms distributed by Microchip Technology Inc. It may protect your car if you own a Chrysler, Daewoo, Fiat, General Motors, Honda, Toyota, Volvo, Volkswagen, or Jaguar. The cipher is included in the remote control device that opens and locks your car and that activates the anti-theft mechanisms.

Each device has a unique key that takes 18 billion billion values. With 100 computers, it would take several decades to find such a key. Therefore KeeLoq was widely believed to be secure. In our research we have found a method to identify the key in less than a day. The attack requires access for about 1 hour to the remote control (for example, while it is stored in your pocket). [I wonder if I could sit outside the Jaguar dealership and read all the keys – it is wireless after all... Bob] Once we have found the key, we can deactivate the alarm and drive away with your car.

Friday, August 24, 2007

Note to lawyers: Make encryption of any/all of your data a contract requirement with consultants.

http://www.pogowasright.org/article.php?story=20070823075821232

Laptop with NYC retirees finance data stolen

Thursday, August 23 2007 @ 08:06 AM CDT Contributed by: PrivacyNews News Section: Breaches

A laptop loaded with financial information on as many as 280,000 city retirees was stolen from a consultant who took the computer to a restaurant, city officials said. The private consultant to the city Financial Information Services Agency had access to personal data about members of various city pension systems, mayoral spokesman Jason Post said Wednesday. The consultant told authorities Monday the portable computer had been stolen.

Source - Associated Press



We're so techie we forget to manage our systems?

http://www.pogowasright.org/article.php?story=20070824053829583

Monster.com took 5 days to disclose data theft

Friday, August 24 2007 @ 05:38 AM CDT Contributed by: PrivacyNews News Section: Breaches

Monster.com waited five days to tell its users about a security breach that resulted in the theft of confidential information from some 1.3 million job seekers, a company executive told Reuters.

... It wasn't until Wednesday, a day after Symantec issued the August 21 report, that Monster put a notice on its Web site, www.monster.com, warning users they might be the target of e-mail scams.

Monster then announced on Thursday that the details of some 1.3 million job seekers had been stolen. Fewer than 5,000 of those affected are based outside the United States, it said in a statement.

Source - Reuters

Related - Monster.com's notice page



Making five days look good... (“We'll get to it when we get to it. Right now were on a coffee break.”) Note that he had no time to take corrective action, but plenty of time to identify, contact, negotiate with(?), contract with, explain the situation, and analyze (read?) their report.

http://www.pogowasright.org/article.php?story=20070823175734992

Website Lockdown: Is Two Years Too Long?

Thursday, August 23 2007 @ 05:57 PM CDT Contributed by: PrivacyNews News Section: State/Local Govt.

More than two years ago, Theresa Sanchez was surfing the McLean County Recorder's website when she came across some startling information. Sanchez says, "The search was real simple, you could do it by name, and I got all these documents that I wasn't expecting."

Information such as friends' tax documents, complete with social security numbers. Sanchez immediately emailed recorder Lee Newcom asking for solutions, like using "masking" software or shutting down the site altogether.

... The website was locked down Wednesday...or 29 months later.

Newcom told us he was too busy for an on-camera interview Thursday, but by phone he told us the more than two year time gap was "...a reasonable time frame in the sense that national experts told me it was not a grave danger and I was attempting to handle the problem in as timely a fashion as I could."

Newcom also says he is not the gatekeeper for the public safety, saying "The law does not say I'm supposed to protect this data, the law only says I am suposed to make this data public."

Source - CentralIllinoisProud.com



Just in case you thought all government workers were competent or rational...

http://www.pogowasright.org/article.php?story=20070823075946370

Oak Forest worker won't face charges for holding others' tax forms

Thursday, August 23 2007 @ 08:02 AM CDT Contributed by: PrivacyNews News Section: Breaches

An Oak Forest public works employee will not face criminal charges after being accused of holding W2 employment records for several hours last week. But the employee could be subject to discipline from the city. Oak Forest city administrator Steve Jones said police concluded their investigation this week and determined the employee didn't commit a crime.

Source - Daily Southtown

[From the article: Last week, public works employees were responsible for disposing a file cabinet in a Dumpster at city hall.

Officials said four employees checked the cabinet before dumping, and none found any sensitive documents.

When the file cabinet was dumped, an employee found several W2 records that fell out of a drawer.



Interesting. Tennessee is a bastion of legal thought?

http://www.pogowasright.org/article.php?story=20070823175448150

U of Tennessee student says RIAA subpoena violates federal privacy law

Thursday, August 23 2007 @ 05:54 PM CDT Contributed by: PrivacyNews News Section: Minors & Students

A University of Tennessee student is attempting to quash an RIAA subpoena issued as part of the music industry's war against on-campus file-sharing. Doe #28 is taking a different tack than other defendants have, arguing that providing the information sought by the RIAA would violate his right to privacy under the Family Educational Rights and Privacy Act.

... Doe #28's argument is that the information sought by the RIAA—name, current and permanent addresses, phone numbers, e-mail addresses, and MAC address—is part of his educational records. Since neither Doe #28 nor his parents have waived that right, the RIAA should not be given the information, argues the defendant's motion to quash the subpoena.

At most, the plaintiffs should be provided with Doe's name and current address, according to Doe #28. Providing more information would put the defendant and his parents in the position of "being subjected to unwarranted telephone calls and unsolicited mail which is unreasonable."

Source - ars technica



Roar Mouse Roar! (Isn't this an example of a trend toward “global law”?)

http://politics.slashdot.org/article.pl?sid=07/08/23/1553232&from=rss

Antigua May Be Allowed To Violate US Copyrights

Posted by kdawson on Thursday August 23, @01:09PM from the wagging-the-dog dept.

Skleed refers us to the NYTimes for an article on the high-stakes case the US is losing before the World Trade Organization. So far the US has lost an initial hearing and two appeals on its policies regarding Antiguan offshore gambling sites. Now the lawyer pressing the case has asked for a rarely invoked, but codified, recourse under WTO rules: letting Antiguans copy and distribute American music, movies, and software. The game may be to get Hollywood and Microsoft, et al., to pressure Washington to cut a deal. But their influence may not be sufficient to move lawmakers on the question of online gambling. From the article: "But not complying with the decision presents big problems of its own for Washington. That's because Mr. Mendel, who is claiming $3.4 billion in damages on behalf of Antigua, has asked the trade organization to grant a rare form of compensation if the American government refuses to accept the ruling: permission for Antiguans to violate intellectual property laws by allowing them to distribute copies of American music, movie and software products, among others."



Apparently it's not just in the high tech areas that people can't see what's in front of them...

http://www.infoworld.com/article/07/08/23/Cogent-cable-attacked-with-saw-and-gun_1.html?source=rss&url=http://www.infoworld.com/article/07/08/23/Cogent-cable-attacked-with-saw-and-gun_1.html

Cogent: Cable was attacked with saw and gun

Network blackout not caused by gunshot, as originally suspected

By Robert McMillan, IDG News Service August 23, 2007

Guns, saws, and some very dim-witted thieves were all apparently involved in a network blackout that affected Internet users, primarily in the northeastern United States, earlier this week.

Cogent Communications said Thursday that a cable cut that occurred near Cleveland on Sunday night was caused by a saw, not by gunshot as first thought, but technicians struggling to replace the cut cable used a replacement cable that had been shot.



A $4.5 Billion Oops?

http://techdirt.com/articles/20070823/120536.shtml

Mary Meeker's YouTube Math Misses The Mark

from the back-in-the-news-together dept

YouTube's new ad overlays continue to engender a lot of discussion about their potential impact on the online video market. One person who is quite optimistic about the program is the infamous (but still employed at Morgan Stanley) Mary Meeker, who estimated that the new system would add a staggering $4.8 billion to Google's top line. But, as none other than Henry Blodget points out, there's a little problem with Meeker's analysis (via Valleywag). She mistakenly took CPM to mean 'cost per impression' rather than 'cost per thousand', meaning that her estimate was off by a factor of 1,000. In other words, by her own logic, the new ad system will contribute lead to a modest $4.8 million revenue bump, which is nothing compared to the $1.65 billion Google paid for the site. Meeker has been covering this space for a long time, so it's hard to imagine that she really didn't know what CPM meant. Perhaps she was just trying to rush out a quick report on the topic and didn't take the time to look it over. But you'd still think that such a huge figure would give her some pause and make her question some assumptions before coming out with such a bold pronouncement.



Maybe we could lay a false patent trail and then ambush the ambushers?

http://techdirt.com/articles/20070823/121611.shtml

EU Tests Out Its New 'Patent Ambush' Antitrust Law On Rambus

from the patent-ambush-indeed dept

Rambus has been involved in a whole series of lawsuits concerning its patents. If you don't recall, the company has been accused of sitting in on meetings for a standards body and then modifying its patent applications to cover technology included in the standard. Of course, once the patents were granted and the standards were set, Rambus basically went after everyone demanding licensing fees. The case has gone back and forth over the years in courts and in the US Federal Trade Commission -- who ruled that these actions were a violation of antitrust law. Over in Europe, it seems that officials feel that this is the perfect test case for a new kind of antitrust violation: "patent ambush." It's nice to see regulators realizing that abuse of patents should be considered an antitrust violation. Hopefully we'll see more of that going forward. Rambus, of course, claims this is nothing new, but it can't be good for them. In the meantime, as always when we post about Rambus, we wonder how long it will take for the company's stock holders to trash us for daring to question the company. Last time we wrote something negative about the company we got an email saying that "the authorities" had been alerted to our post. We wonder if "the authorities" have been alerted about the awful things European Union regulators are saying about Rambus as well.


Meanwhile, in the US... This sounds almost impossible to me (without an inside whistle blower)

http://techdirt.com/articles/20070821/200443.shtml

Another Good Patent Ruling: Standard For Willful Infringement Raised

from the courts-are-coming-to-their-senses dept

Just last week, we were talking about how the fear of being accused of "willful infringement" was once again distorting the purpose of the patent system. If you're found willfully infringing, rather than just accidentally infringing, the damages can be tripled. For that reason, many companies now have policies telling employees that they are not to search through patents, as any indication that they saw a specific patent could potentially be used as evidence of willful infringement. However, there is some good news on this front. The Against Monopoly blog points out that a new appeals court ruling has raised the bar on what is considered willful infringement to the point where the accuser must show "clear and convincing evidence that the infringer acted despite an objectively high likelihood that its actions constituted infringement of a valid patent." It's interesting to see this ruling come out of CAFC, the appeals court that handles patent cases. The Supreme Court has been slapping down CAFC decisions left and right lately, suggesting that it's unhappy with CAFC's previously lenient position on patents. Perhaps the folks at CAFC have gotten the message.



Knee-jerk or plain old jerk? If the information is public, why can't we search it automagically? If the information is not public (or classified) why would it be on the web site?

http://news.com.com/8301-13578_3-9765451-38.html?part=rss&subj=news&tag=2547-1_3-0-5

Feds use robots.txt files to stay invisible online. Lame.

Posted by Declan McCullagh August 24, 2007 5:00 AM PDT

I noticed, when writing a story on Thursday about the bizarre claims by National Intelligence Director Mike McConnell, that the DNI is trying to hide from search engines. Its robots.txt file says, simply:

User-agent: *

Disallow: /

That blocks all search engines, including Google, MSN, Yahoo, and so on, from indexing any files at the Office of the Director of National Intelligence's Web site. (Here's some background on the Robots Exclusion Protocol if you're rusty.)

So I figured it would be interesting to see what other fedgov sites did the same. I wrote a quick Perl program to connect to federal government Web sites, check for the presence of a broad robots.txt exclusion, and report the results. By way of disclaimer, it's the same database I used in an article from early 2006, so it's probably a bit out-of-date.

The government sites that mark themselves as entirely off-limits via robots.txt:

http://www.dni.gov/robots.txt
https://gits-sec.treas.gov/robots.txt
http://thomas.loc.gov/robots.txt
http://www.erl.noaa.gov/robots.txt
http://www.nwd.usace.army.mil/robots.txt
http://www.tricare.mil/robots.txt

Some government sites favor one search engine over another (Customs and Border Protection bans all non-governmental search engines except Google; one Army Corps of Engineers site bans Alexa's spider; the Ginnie Mae agency bans Google's image search bot but not, say, Altavista's; the Minority Business Development Agency completely bans all crawlers but Google's; and one Bureau of Reclamation site bans Googlebot v2.1 but allows MSN's bot):

http://cbp.gov/robots.txt
http://www.nad.usace.army.mil/robots.txt
http://www.ginniemae.gov/robots.txt
http://www.mbda.gov/robots.txt
http://www.mp.usbr.gov/

And here are some sites that seem to have had trouble with misbehaving Web crawlers in the past:

http://www.cdc.gov/robots.txt
http://www.glerl.noaa.gov/robots.txt
http://www.usbr.gov/robots.txt
http://www.onr.navy.mil/robots.txt
http://www.senate.gov/robots.txt
http://www.usdoj.gov/robots.txt

Now, I'm the last person to suggest that using robots.txt to cordon off subsets of your Web site is somehow evil. At News.com, we use it to tell search engines not to index our "email story" pages, for instance, and on my own Web site I use it as well. Blocking misbehaving Web crawlers is important and necessary. And robots.txt may be appropriate when a Web site's address changes, which seems to have happened in the case of the National Oceanic and Atmospheric Administration's site in the first chunk of examples above, or when it becomes defunct, which seems to have happened with the Treasury Department's "gits-sec" Web site above.

But why should entire federal offices like the Director of National Intelligence want to remain invisible online? I can think of two reasons: (a) avoiding the situation of posting a report that turned out to be embarrassing and was discovered by Google and (b) letting the Feds modify a file such as a transcript without anyone noticing. (There have been allegations of the Bush administration altering, or at least creatively interpreting, transcripts before. And I've documented how a transcript of a public meeting was surreptitiously deleted -- and then restored.)

Neither situation benefits the public. In fact, I'd say it calls for a friendly amendment to the Robots Exclusion Protocol: Search engines should ignore robots.txt when a government agency is trying to use it to keep its entire Web site hidden from the public.



Niches gets nicher? I suppose you could slice out a narrower area of law, but this illustrates how simple it is to appear as an “expert” on the Internet.

http://www.financevisor.com/market/news_detail.aspx?rid=58552

Texas Explosion Law Web Site Launch

August 24,2007 12:00 AM EST

Texas Explosion lawyers, Williams Kherkher, launch an explosion resource website to discuss the legal issues involved in explosion accidents.

Houston, TX (FV Newswire) - In reaction to a long-standing legal issue within the realm of personal injury law, the law firm of Williams Kherkher, based in Houston, Texas, has launched Web site specifically meant to provide information and insight into the issues that surround explosions.

The Web site's URL is Texas Explosion Lawyer, and it provides the following information to those who choose to visit:

1. Information regarding Texas explosion legal issues;

2. Information regarding the law firm of Williams Kherkher;

3. Suggestions on how to proceed if a person has suffered as a result of an explosion;

4. Ways to contact the Texas explosion lawyers at Williams Kherkher.



Scorecard!

http://www.bespacific.com/mt/archives/015800.html

August 23, 2007

U.S. Government Manual 2007-2008

U.S. Government Manual 2007-2008: "The official handbook of the Federal Government, provides comprehensive information on the agencies of the legislative, judicial, and executive branches."



Try this next time you are faced with a “unique” project.

http://www.technewsworld.com/rsstory/58946.html

Mind Mapping Goes 3-D With Personal Brain

By John P. Mello Jr. TechNewsWorld 08/22/07 6:05 AM PT

Called "Personal Brain," recently released in its fourth edition, TheBrain Technologies' latest mind mapping software is amazingly easy to use, especially considering the complexity of the tasks that it's handling.

... Personal Brain is offered in three flavors: free, core (US$149.95) and pro ($249.95) and will operate on computers running Windows, OS X and Linux.

Thursday, August 23, 2007

..makes you wonder how they define intelligence.

http://www.bespacific.com/mt/archives/015790.html

August 22, 2007

Transcript of Q&A With National Intelligence Director Mike McConnell

Transcript: Debate on the foreign intelligence surveillance act, by Chris Roberts, El Paso Times: The following is the transcript of a question and answer session with National Intelligence Director Mike McConnell, published August 22, 2007.

  • On participation by telecommunications companies in the domestic surveillance program: "...Now the second part of the issue was under the president's program, the terrorist surveillance program, the private sector had assisted us. Because if you're going to get access you've got to have a partner and they were being sued."

  • AP: "National Intelligence Director Mike McConnell pulled the curtain back on previously classified details of government surveillance and of a secretive court whose recent rulings created new hurdles for the Bush administration as it tries to prevent terrorism."



Lots of sad statistics...

http://www.pogowasright.org/article.php?story=20070822111732176

Study Examines Security Risks of Off-Network Equipment

Wednesday, August 22 2007 @ 11:17 AM CDT Contributed by: PrivacyNews News Section: Breaches

... According to a new study by the Ponemon Institute, 73 percent of corporations experienced the loss or theft of a data-bearing asset in the last 24 months, yet those same organizations report limited efforts to manage this vulnerability. The new Ponemon report, National Survey: The Insecurity of Off- Network Security, will be discussed in detail today by study author Dr. Larry Ponemon, founder and chairman, Ponemon Institute, and study sponsor, Robert Houghton, president, Redemtech, during the Privacy Symposium at Harvard University.

Source - Redemtech



Worth checking periodically.

http://www.privacydigest.com/2007/08/22/chronology+data+breaches+privacy+rights+clearinghouse

A Chronology of Data Breaches - Privacy Rights Clearinghouse

August 22, 2007 - 1:53pm — MacRonin

A Chronology of Data Breaches: The data breaches noted below have been reported because the personal information compromised includes data elements useful to identity thieves, such as Social Security numbers, account numbers, and driver's license numbers. Some breaches that do NOT expose such sensitive information have been included in order to underscore the variety and frequency of data breaches. However, we have not included the number of records involved in such breaches in the total because we want this compilation to reflect breaches that expose individuals to identity theft as well as breaches that qualify for disclosure under state laws.



Toward ubiquitous surveillance

http://digg.com/gadgets/Build_your_own_long_distance_listening_device

Build your own long-distance listening device

... with a laser!

http://www.diylife.com/2007/08/22/diy-laser-long-distance-listening-device/



Wee! (Oh, they can probably test that too...) One word business model: “Outhouse”

http://science.slashdot.org/article.pl?sid=07/08/22/2225225&from=rss

Drug Testing Entire Cities at Once

Posted by samzenpus on Wednesday August 22, @08:59PM from the be-careful-where-you-go dept. Biotech Science

Ellis D. Tripp writes "Researchers have developed a technique for determining what illicit drugs people might be consuming in a given area, by testing a sample from the local sewage treatment plant. As little as a teaspoonful of untreated wastewater can reveal drug use patterns in a given community. Obviously, any drugs found can't be tied to any specific user, but how much longer until the drug warriors want to deploy automatic sampling units farther upstream of the sewage treatment plant?" From the article: "one fairly affluent community scored low for illicit drugs except for cocaine. Cocaine and ecstasy tended to peak on weekends and drop on weekdays, she said, while methamphetamine and prescription drugs were steady throughout the week."



Everybody's doing it!

http://www.pogowasright.org/article.php?story=2007082208523470

Jealous wife's GPS data leads to murder charge

Wednesday, August 22 2007 @ 08:52 AM CDT Contributed by: PrivacyNews News Section: In the Courts

A man pleaded not guilty Monday to running over and killing his 12-year-old baby sitter in a crime that police say was tracked by a global positioning system his suspicious wife had installed.

George Ford Jr., 42, was charged last week with second-degree murder. He was originally charged with reckless endangerment, but police used the GPS data to file the more serious charges.

Source - CNN



Opt out?

http://news.com.com/8301-10784_3-9764512-7.html

Google now zaps faces, license plates on Map Street View

Posted by Elinor Mills August 22, 2007 2:02 PM PDT

Google has gotten a lot of flack from privacy advocates for photographing faces and license plate numbers and displaying them on the Street View in Google Maps. Originally, the company said only people who identified themselves could ask the company to remove their image.

But Google has quietly changed that policy, partly in response to criticism, and now anyone can alert the company and have an image of a license plate or a recognizable face removed, not just the owner of the face or car, says Marissa Mayer, vice president of search products and user experience at Google.



Remember your statistics: Half the world is below average.

http://www.bespacific.com/mt/archives/015793.html

August 22, 2007

AP/Ipsos Poll: One In Four Adults Read No Books Last Year

The Associated Press Poll conducted by Ipsos Public Affaird Project, Interview dates August 6-8, 2007:



There are such things?

http://www.killerstartups.com/eCommerce/hiretrade--Find-A-Lawyer-Whos-Worth-Your-Money/

HireTrade.com - Find A Lawyer Who's Worth Your Money

posted 7 Hours 18 Minutes ago by Siri | Visit http://www.hiretrade.com

... currently the site deals with solely legal professionals in Philly, the DC area, and New York. Attorneys and those in the legal biz who work in the aforementioned areas can post their profiles and find projects while clients in turn can post projects and find the right legal professionals for the job



This article is worth reading.

http://knowledge.wharton.upenn.edu/article.cfm?articleid=1792

Talking with the Receptionist, Pausing When You Speak and Other Secrets of Leadership Success

Published: August 22, 2007 in Knowledge@Wharton



When you fall, you fall all the way – and people will kick you on the way down.

http://digg.com/offbeat_news/Michael_Vick_s_old_jerseys_put_to_good_use_PIC

Michael Vick's old jerseys put to good use (PIC)

The Atlanta Humane Society is now accepting Michael Vick t-shirts and jerseys. They'll be used as bedding, chew toys and rags for cleaning up dog doo. Which is only appropriate, right, Rocky?

Wednesday, August 22, 2007

That was fast! I suspect this guy screwed up big time. How else would they catch him?

http://www.washingtonpost.com/wp-dyn/content/article/2007/08/21/AR2007082101205.html

Ukrainian May Have Ties to TJX Theft

By MARK JEWELL The Associated Press Tuesday, August 21, 2007; 3:17 PM

BOSTON -- A Ukrainian man recently arrested in Turkey is suspected of selling some of the credit and debit card numbers stolen in a data hack of at least 45 million cards of TJX Cos. retail customers, a U.S. investigator said Tuesday.

... Authorities hope the arrest of Maksym Yastremskiy, suspected of being a major international trafficker in stolen data, will eventually lead to information uncovering the TJX intruders' identities.

"He was involved in the distribution of information," Greg Crabb, an agent with the U.S. Postal Inspection Service's global investigations unit, [Strange group to be investigating a hack? Bob] told The Associated Press. "We do have information that suggests other individuals were the masterminds of the hack."

[Boston Globe article: http://www.boston.com/business/personalfinance/articles/2007/08/21/suspect_named_in_tjx_credit_card_probe/

... Last week TJX said it expects to spend $256 million -- 10 times more than it had previously disclosed -- to cover costs related to the breach, such as improving security and dealing with the growing number of lawsuits filed by banks and other issuers of credit and debit cards. Some analysts predict the breach will cost more than $1 billion eventually, including the cost of canceling and reissuing millions of compromised cards.



Some companies are more vulnerable than others? Who took over their business and how many executives are now with the new company? Are there any assets left for the Class Action lawyers to pursue?

http://www.pogowasright.org/article.php?story=20070821190835585

What can we learn from the Verus, Inc. fiasco? (commentary)

Tuesday, August 21 2007 @ 07:08 PM CDT Contributed by: PrivacyNews News Section: Breaches

When a Verus, Inc. employee made the very human but colossal blunder of not restoring a firewall after transferring data between servers, an untold number of patients had their patient account information exposed on the web. Reports on the incident began to appear in the media at the beginning of June, and two months later, long after the company quietly went out of business, we are still learning of other hospitals that were affected.

... From my perspective, this fiasco reinforces the need for a national mandatory disclosure law with a central federal agency compiling disclosure notices. Right now, we do not know how many hospitals were affected, how many patients had their details exposed, and what the cost of the incident was, all told, and because there is no mandatory disclosure law, we may never know the full extent of this incident and its costs and consequences. Then, too, suppose Verus, Inc. had not done the right thing and had not notified its customers before closing up shop. We might have a series of seemingly random reports of breaches when a centralized reporting system might enable us to determine that there was a common vendor involved.

Source - Chronicles of Dissent (blog)



Interesting. Will the chain of evidence hold in court?

http://www.pogowasright.org/article.php?story=200708211106282

UK: Police recover stolen database

Tuesday, August 21 2007 @ 11:06 AM CDT Contributed by: PrivacyNews News Section: Breaches

Police have recovered a computer server that was stolen from a company that specialises in gathering mobile phone evidence to help track suspected terrorists. Computer equipment, including the server, was snatched by thieves from the premises of Forensic Telecommunications Services (FTS) in Kent on 12 August.

... The [encrypted] server, which contained data relating to forensic telephone evidence linked to police investigations, was undamaged and an examination revealed the information had not been accessed. [Somehow I doubt that... Bob]

Source - SC Magazine



How to lose that warm fuzzy feeling...

http://www.technewsworld.com/rsstory/58951.html

Wells Fargo Recoups Following Massive Online, ATM Glitch

By Keith Regan CRM Buyer Part of the ECT News Network 08/21/07 1:09 PM PT

A computer problem at Wells Fargo kept customers from accessing their accounts online and at ATMs during parts of the weekend. The glitch also impacted the bank's back-end services, including credit card transactions and processing of home equity, student and mortgage loans. The company has about 23 million customers and operates more than 6,000 bank branches.

... The problems were first discovered Sunday afternoon, and the San Francisco-based bank said all services had been restored as of early Tuesday, though some information, such as account balances, was expected to take longer to be fully brought up to date.

The bank emphasized the speed of the recovery Manage remotely with one interface -- the HP ProLiant DL360 G5 server. of its online banking services, saying that by using backup facilities, Internet banking was restored in about an hour and forty minutes after problems were spotted Sunday.

... Wells Fargo was among the top three most reliable Internet banking sites -- along with Citibank and National City -- in a report by Web measurement firm Keynote last year. The bank also ranked high in the online customer support Get Automated Customer Contact Solutions Powered by West Interactive category.


...and this is inevitable.

http://www.infoworld.com/article/07/08/21/Phishers-looking-to-cash-in-on-Wells-Fargo-computer-crash_1.html?source=rss&url=http://www.infoworld.com/article/07/08/21/Phishers-looking-to-cash-in-on-Wells-Fargo-computer-crash_1.html

Phishers looking to cash in on Wells Fargo crash

In the wake of Wells Fargo's computer problems, security experts are bracing for a new wave of phishing attacks related to the crash

By Robert McMillan, IDG News Service August 21, 2007



Would you expect a modicum of integrity in an e-voting vendor? Silly you!

http://www.infoworld.com/article/07/08/21/State-says-evoting-machines-were-not-certified_1.html?source=rss&url=http://www.infoworld.com/article/07/08/21/State-says-evoting-machines-were-not-certified_1.html

Update: State says e-voting machines weren't certified

Election Systems & Software sold almost 1,000 uncertified voting machines to five California counties in 2006, says Secretary of State Debra Bowen

By Grant Gross, IDG News Service August 21, 2007

Election Systems & Software (ES&S) sold nearly 1,000 electronic-voting machines that were not certified to five California counties in 2006, Secretary of State Debra Bowen said Tuesday.

"Given that each machine costs about $5,000, it appears ES&S has taken $5 million out of the pockets of several California counties," Bowen said in a statement.

ES&S sold 972 of its AutoMark Phase 2 Model A200, even though the company never submitted that version of the AutoMark machine to Bowen's office for certification in California, she said. ES&S delivered hundreds of the Model A200 to the California counties before it was certified by federal election officials in August 2006, she said.

Bowen will seek the maximum penalty, $9.7 million plus the original $5 million cost of the machines, if ES&S is found to have broken the law, she said in the statement. Under California law, Bowen can seek damages up to $10,000 per violation, counting each voting machine as a separate violation.



No doubt RIAA will sue them all!

http://techdirt.com/articles/20070821/175447.shtml

Piecemeal DRM-Free Efforts Aren't Going To Unseat Apple's Online Music Dominance

from the keep-trying dept

Universal Music announced a couple weeks back that it would begin selling DRM-free music -- but not through the iTunes Music Store, in a bid to undermine Apple's dominance in online music sales. As we pointed out, this wasn't likely to happen, since few people shop for music according to what label it's on, particularly when it's a huge one like Universal. The label now says that its unprotected tracks will be available from a few different sources: a new service called Gbox, and through Wal-Mart's online music store. Both will undercut Apple's price for DRM-free tracks by selling them for 99 and 94 cents respectively, but that's hardly likely to make a difference, particularly in attracting iPod users, nor will it help their businesses since the margins on digital music are already pretty thin. The problem remains that most people don't pay attention to what label their favorite performers are on. Saying "we sell DRM-free songs from Universal/EMI artists" isn't going to have much of an impact in getting people to switch from iTunes, but it does seem to illustrate that labels and other retailers are looking to compete with iTunes on this front, which should be good news for consumers. Still, the iTunes Music Store's dominance will remain until another retailer can somehow convince all the major labels and a wide array of indies to let it sell DRM-free music. As long as Apple's rivals can only use a piecemeal approach to get music they sell onto iPods, it's going to be a long, fruitless, uphill battle. Competing with iTunes on price is only part of the equation. Rivals have to also match its selection; then they have to worry about matching its ease of use as well.



Getcha scorecards here!

http://digg.com/tech_news/Who_owns_the_Internet_Google_Yahoo_AOL

Who owns the Internet? Google, Yahoo, AOL...

Picture and analysis of companies that Google, Yahoo, AOL, IAC, Microsoft and News Corp have acquired. It's interesting to see how many of the most popular sites are owned by these six companies.

http://www.micropersuasion.com/2007/08/web-20-maybe--1.html



...and they should get interest on that for the last three years...

http://www.aclu.org/freespeech/protest/31331prs20070816.html?s_src=RSS

ACLU Calls Government Settlement in Anti-Bush T-Shirt Case a Victory for Free Speech

(8/16/2007) FOR IMMEDIATE RELEASE CONTACT: media@aclu.org

CHARLESTON, WV - The American Civil Liberties Union today announced a successful resolution of the case of Jeffery and Nicole Rank, the young Texas couple arrested on the West Virginia capitol grounds on July 4, 2004 for peacefully expressing their opposition to President Bush. According to the settlement agreement, the United States government will pay the Ranks $80,000.

The Ranks, who wanted to attend the President's Fourth of July address without being mistaken for supporters of his policies, wore homemade t-shirts bearing the international "no" symbol (a circle with a diagonal line across it) superimposed over the word "Bush." One t-shirt said "Love America, Hate Bush" on the back and the other said "Regime Change Starts At Home." Event staff and law enforcement ordered them either to leave the event or remove or cover their shirts. The couple responded by insisting they had a First Amendment right to remain and express their views. The two were arrested for trespassing, handcuffed, and hauled away in a police van. The charges against them were later dismissed and the City of Charleston, not a defendant in the case, apologized for the incident.



I've got this business process for investing (Buy low, sell high) that does work. I've been testing computer models for identifying “Low” and “High” -- can I patent those?

http://science.slashdot.org/article.pl?sid=07/08/22/0512235&from=rss

DARPA Files Patent On Predictive Simulation

Posted by Zonk on Wednesday August 22, @03:37AM from the looking-to-the-past-for-the-future dept. Patents Privacy Science Technology

An anonymous reader writes "New Scientist has a post on a patent filed by the Defense Advanced Research Projects Agency (DARPA), seeking to control a new potent predictive simulation. The patent outlines the process, which may someday allow researchers to accurately predict the behavior of observed subjects. They're not there yet, but not for lack of trying. It already works in some military war game scenarios, says the patent. 'Parunak says his model can successfully detect players' emotions, and then predict future actions accordingly. He believes the technique could one day be applied to predict the behavior of adversaries in military combat situations, competitive business tactics, and even multiplayer computer games. The patent application gives an interesting insight into DARPA's goals. The agency has pumped a lot of money into AI in recent years without reaping major rewards. One day computers may find a way to accurately second-guess humans, but I suspect we may have to wait a little longer yet.'"



I wonder which department would get this entry?

http://www.pocket-lint.co.uk/news/news.phtml/9543/10567/Government-COI-monitoring-blogs-UK.phtml

The government is to start "monitoring" blogs

Blogosphere gets Whitehall's attention

by Amy-Mae Elliott

21 August 2007 14:05 GMT - Conspiracy-theorists, privacy campaigners and anti-establishment loons have got a new, legitimate, grumble about online privacy.

It's been revealed that the government's Central Office of Information (COI) is going to be monitoring blogs.

The COI is apparently creating a "blog monitoring utility" that will track new blog entires and forward them to relevant departments with the government.

The utility is said to be used for "hot" issues regarding government policy and is hoped that it will give the government an early warning service on issues important to the public.

The tool is being developed by the COI's Media Monitoring Unit and will use software created by internet intelligence company 23 Ltd.

The tool will automatically monitor the internet for blogs attracting a large amount of debate and flags those with enough posts. The flagged items will be looked at by analysts who will turn them into briefings.

Reports suggest that around 100 blogs will be monitored initially.



Look up? What a concept!

http://www.nytimes.com/2007/08/22/technology/22sky.html?ex=1345435200&en=54c20b9d89f2e2df&ei=5090&partner=rssuserland&emc=rss

In Google Earth, a Service for Scanning the Heavens

By MIGUEL HELFT August 22, 2007

After turning millions of Internet users into virtual explorers of the world with Google Earth, the Internet search giant is now hoping to turn many of them into virtual stargazers.

Google is unveiling within Google Earth today a new service called Sky that will allow users to view the skies as seen from Earth. Like Google Earth, Sky will let users fly around and zoom in, exposing increasingly detailed imagery of some 100 million stars and 200 million galaxies.



Global Warming! Global Warming! (More anti-Gore propaganda?)

http://wcbstv.com/topstories/local_story_233143509.html

Arctic August: NYC Sets Record For Coldest Day

High Of 59 Degrees Ties Chilliest August High Set In 1911

(CBS) NEW YORK Don't forget to bundle up if you're headed out in New York City today. After all, it is August 21.

The city along with the rest of the tri-state region is feeling the chilly effect of a cold front sweeping through the region, accompanied by cool rain showers.

Tuesday's high temperature in Central Park was just 59 degrees. The normal high for today is 82 degrees. The normal low is 67.



Ideas for the Baby Shower?

http://hosted.ap.org/dynamic/stories/B/BUSINESS_OF_LIFE?SITE=VALYD&SECTION=HOME&TEMPLATE=DEFAULT

Tots Getting Internet Identity at Birth

By ANICK JESDANUN Aug 21, 8:32 PM EDT

NEW YORK (AP) -- Besides leaving the hospital with a birth certificate and a clean bill of health, baby Mila Belle Howells got something she won't likely use herself for several years: her very own Internet domain name.



Do you suppose we are headed for a “Home College” era? Instead of sending the kids off to college, you can lock them in the basement until they graduate!

http://www.researchbuzz.org/wp/2007/08/21/directory-of-distance-education-programs/

Directory of Distance Education Programs

Filed under: Reference-Education

If you’re looking for distance learning opportunities, be sure to check out http://www.distance-education.org/, a directory of distance education opportunities.

You can browse through categories or you can use pulldown menus from the front page to specify a category (and concentration), the type of certification you want (certificate, online degree, etc.) and whether you want to sort the results by most or least expensive (or don’t sort them at all.)



I'm old?

http://www.beloit.edu/~pubaff/mindset/2011.php

Mindset List 2011

BELOIT COLLEGE'S MINDSET LIST® FOR THE CLASS OF 2011

Most of the students entering College this fall, members of the Class of 2011, were born in 1989. For them, Alvin Ailey, Andrei Sakharov, Huey Newton, Emperor Hirohito, Ted Bundy, Abbie Hoffman, and Don the Beachcomber have always been dead.