Saturday, December 29, 2007

How complex could the contract language be that would require encryption or forbid transporting copies of data? Should take a competent lawyer about 15 minutes, right? (Is that why it isn't done? Too few billable hours?)

http://www.pogowasright.org/article.php?story=20071228162314488

MN Agency Data On Computer Stolen In Philadelphia

Friday, December 28 2007 @ 04:23 PM EST Contributed by: PrivacyNews News Section: Breaches

A laptop computer containing names, Social Security numbers and other personal information for 219 Minnesotans licensed by the state Department of Commerce has been stolen.

Commerce Department officials say the computer belonging to a vendor went missing December sixth in Philadelphia. The vendor, Promissor Corporation, notified police of the apparent theft. But state officials say the company waited until December 21st to tell the Department of Commerce.

Source - WCCO



“Let's implement the technology now, we can worry about security later.”

http://www.eweek.com/article2/0,1759,2242210,00.asp

Passenger Hacks NYC Taxi Computer System

December 28, 2007 By Renee Boucher Ferguson

The New York City Taxi and Limousine Commission's technology enhancement plan that puts GPS systems, credit card scanners and monitors in the city's 13,000-plus taxis has come under fire again—this time from a passenger who hacked the computer monitor and gained access to its operating system.

On Dec. 1 software engineer Billy Chasen posted a walk-through on his personal blog '[An Error Occurred While Processing This Directive].com' of how he hacked into a computer screen mounted on the back seat of a cab he hailed on New York's Upper West Side. The story was initially reported Dec. 26 on WNBC.com, a local news station.

... Using his cell phone camera Chasen documented how he was able to open Internet Explorer using the touch-sensitive screen. He was then able to use a Sprint card listed on the monitor to get a dial-up connection giving him full administrative access to the monitor's operating system.

"It was not only a security flaw, but people also pay with the screen if they use a credit card," wrote Chasen. "That information could potentially be stored locally."

... "There are extensive contract-required security protocols in place, which have exceeded government and credit card industry standards and have been stringently tested by internal and external security experts, which fully prevent access to anything other than media content residing in the taxicab itself," said Fromberg in an e-mail to eWEEK. "There is no potential for any malicious activity." [“Nothing can go wrong... go wrong... go wrong...” Bob'



I was pretty sure this would be traced to a tiny little third-party firm that would probably go out of business because they irritated Wal-Mart. Guess I was wrong.

http://www.eweek.com/article2/0,1759,2242154,00.asp?kc=EWRSS03119TX1K0000594

Gift Card Verification Glitch Hits Wal-Mart, Others

By Evan Schuman December 28, 2007

Wal-Mart apologizes to customers and blames its third-party vendor.

Shoppers at Wal-Mart and other chains were unable to use their gift cards much of Dec. 26. While Wal-Mart apologized to customers, it laid the blame squarely on the shoulders of its technology partner.

... Wal-Mart did not identify the supplier in its statement, but a South Carolina television journalist reported that Wal-Mart told her it was First Data.



Well, this should solve everything.

http://www.nytimes.com/2007/12/28/nyregion/28offender.html?_r=1&ex=1356584400&en=e6521e33ced080d0&ei=5088&partner=rssnyt&emc=rss&oref=slogin

Sex Offenders Are Barred From Internet by New Jersey

By THE ASSOCIATED PRESS December 28, 2007

EWING, N.J. (AP) — New Jersey enacted legislation on Thursday banning some convicted sex offenders from using the Internet.

... No federal law restricts sex offenders’ use of the Internet, and Florida and Nevada are the only other states to impose such restrictions.

The bill applies to anyone who used a computer to help commit the original sex crime. It also may be applied to paroled sex offenders under lifetime supervision, but it exempts work done as part of a job or search for employment.

... Under the new law, convicted sex offenders will have to let the State Parole Board know about their access to computers; submit to periodic, unannounced examinations of their computer equipment; and install equipment on their computer so its use can be monitored. [“After all, if we can't trust sex offenders to let us know what they're doiing, who could we trust?” Bob]



How to be Green? Might be a model for my web site or small business classes...

http://hosted.ap.org/dynamic/stories/A/AUSTRIA_ONLINE_FLEA_MARKET?SITE=VALYD&SECTION=HOME&TEMPLATE=DEFAULT

Vienna Launches Online Flea Market

Dec 28, 9:30 AM EST

VIENNA, Austria (AP) -- Regift - online.

Viennese city officials have launched a free Web forum for people to trade, sell and give away things they do not need - including unwanted Christmas gifts.

The idea is simple: People post their offerings online and are contacted by those in their area who are interested. Requests can also be submitted.

Ulli Sima, city councilor for environmental issues, said she hopes the online flea market will mean less waste.

"Whoever uses the flea market does something good for the environment and, at best, will save money," Sima said.

Posted items cover a broad spectrum, including clothing, toys, furniture, sports equipment and electronics.

Vienna Flea Market, http://www.webflohmarkt.wien.at



Another potential “small business” Oh, wait, I do this already! Note that the subject has to be narrow but useful. Perhaps I could start a class “Blogging for Dollars?”

http://www.technewsworld.com/rsstory/60969.html

Blogging for Dollars

By Candice Choi AP 12/28/07 8:32 AM PT

It doesn't take much technical skill to publish a blog -- just have something to say that a select group of people might find interesting. Even though most blogs don't get giant amounts of traffic, those that manage to attract a regular stream of readers who share the blogger's interest are a prized audience for advertisers looking to target their ads with pinpoint accuracy.

Zach Brooks pocketed US$1,000 this month blogging about the cheap lunches he discovers around midtown Manhattan ($10 or less, preferably greasy, and if he's lucky, served from a truck).

The site, MidtownLunch.com, is just a year and a half old and gets only about 2,000 readers daily, but it's already earning him enough each month for a weekend trip to the Caribbean -- or in his case, more fat-filled culinary escapades in the city.

... Some advertisers have even found better response from smaller sites with more passionate, engaged audiences.

Friday, December 28, 2007

Interesting, not for the volume but for the possibility there is a leak in a banks IT systems that allows this. If I was the WaMu CIO, I'd be sweating.

http://www.pogowasright.org/article.php?story=20071228042637100

HI: Thief Snags Identity of 900 People

Friday, December 28 2007 @ 06:26 AM EST Contributed by: PrivacyNews News Section: Breaches

Police need your help catching a sophisticated identity thief.

He has racked up 900 victims nationwide and stolen $88,000 from ATM's all over Oahu. All the victims have accounts with Washington Mutual Banks.

Police think he gets victim’s personal information, changes their pin numbers and requests duplicate ATM cards. [Not a fast way to the cash, but safe? Where do they send the cards? Bob]

"He somehow got information from victims, whatever information needed, and on his cell phone was able to call Washington Mutual Bank and change pin numbers for over 900 victims," said Kim Buffett, CrimeStoppers.

Source - KGMB9



A shame this requires a law, rather than a “standard medical procedure.” Does the information stay with the Doctor or go to the State?

http://www.pogowasright.org/article.php?story=20071228055011260

N.J. Orders HIV Testing For Pregnant Women

Friday, December 28 2007 @ 06:31 AM EST Contributed by: PrivacyNews News Section: State/Local Govt.

New Jersey this week launched one of the most ambitious efforts in the country to control mother-to-child transmission of HIV, making screening tests mandatory for all pregnant women in the state beginning next year.

A bill signed into law Wednesday by the Senate president, Richard J. Codey, in his capacity as acting governor, requires two tests for pregnant women, at the beginning of the pregnancy and again in the third trimester, unless the mother objects. [So much for mandatory... Bob] If the mother objects, the objection will be noted and the newborn will then be tested for HIV, with the only exception being on religious grounds. Newborns will also be tested if the woman tests positive.

Source - Washington Post



Convergence. Who should pay and with what rules?

http://www.technewsworld.com/rsstory/60931.html

iPhone and the Business-to-Personal Gadget Migration

By David Pendered Atlanta Journal-Constitution 12/28/07 4:00 AM PT

There's no doubt that wireless devices are everywhere. They chirp in theaters and tablecloth restaurants. People with laptops access the Internet in restaurants and other public places. What's new is the growing migration of the full contingency of wireless devices from the business world into the personal realm. Devices like the iPhone come in handy for both business and pleasure.



Perhaps better packaging next time?

http://www.pogowasright.org/article.php?story=20071227173115584

(update) Missing NY state employee data tapes found

Thursday, December 27 2007 @ 05:31 PM EST Contributed by: PrivacyNews News Section: Breaches

Five computer tapes containing the Social Security numbers, birth dates and other personal information for about 900 employees and retirees are back in the hands of the state Dormitory Authority after going missing for more than a week.

Authority spokesman Marc Violette says UPS found the tapes at its Missouri warehouse for lost items, where they were sent after getting separated from their packaging at a sorting facility in Manhattan. They were returned Thursday.

He says the tapes were checked and found undamaged and free of tampering. [Copying leaves no evidence... Bob]

Source - Newsday



An important research tool?

http://www.news.com/8301-10784_3-9837983-7.html?part=rss&subj=news&tag=2547-1_3-0-5

Ig Nobel Prize publisher to go free online

Posted by Candace Lombardi December 27, 2007 9:00 AM PST

The Annals of Improbable Research, best known as the host of the Ig Nobel Awards, will now offer a free online version of its journal.

The Ig Nobel Prizes ceremony, an annual event held at Harvard University and parody of the Nobel Prizes, honors discoveries in science and technology that "first make people laugh, and then make them think."

Past winners include: Mayu Yamamoto of the International Medical Center of Japan who invented a way to extract vanilla fragrance and flavoring from cow dung; an Air Force Research Laboratory in Dayton, Ohio, who invented a chemical weapon that when dropped causes heterosexual men to become attracted to each other; and Howard Stapleton for his so-called electromechanical teenager repellent device that produces a sound audible only to those 30 or younger.

The Annals of Improbable Research journal, while now available free online will still continue to be offered in a print version "for subscribers who like their electrons blended with protons and neutrons," the publisher said in a statement.



No doubt the first of many....

http://blog.wired.com/27bstroke6/2007/12/the-year-in-thr.html

THREAT LEVEL's Year in Review -- 2007

By Kevin Poulsen EmailDecember 27, 2007 | 5:34:32 PM



Hard to kill, but they keep trying.

http://biz.yahoo.com/prnews/071227/lath028.html?.v=101

SCO Receives Nasdaq Notice Letter

Thursday December 27, 1:24 am ET

LINDON, Utah, Dec. 27 /PRNewswire-FirstCall/ -- The SCO Group, Inc. ("SCO") (Nasdaq: SCOX - News), a leading provider of UNIX® software technology and mobile services, today announced that it received a Nasdaq Staff Determination letter on December 21, 2007 indicating that as a result of having filed for protection under Chapter 11 of the U.S. Bankruptcy Code, the Nasdaq Listing Qualifications Panel has determined to delist the company's securities from the Nasdaq Stock Market and will suspend trading of the securities effective at the open of business on Thursday, December 27, 2007.

Thursday, December 27, 2007

Was this report the basis for TJX's level of security spending?

http://www.bespacific.com/mt/archives/016939.html

December 26, 2007

2007 Annual Study: U.S. Cost of a Data Breach

Ponemon 2007 Annual Study: U.S. Cost of a Data Breach - Understanding Financial Impact, Customer Turnover, and Preventitive Solutions: This study "was derived from a detailed analysis of 35 data breach incidents. According to the study, the cost per compromised customer record increased in 2007, compared to 2006. Lost business opportunity, including losses associated with customer churn and acquisition, represented the most significant component of the cost increase. Companies analyzed were from 16 different industries, including communications, consumer goods, education, entertainment, financial services, gaming, health care, hospitality, internet, manufacturing, marketing, media, retail, services, technology, and transportation."



One positive outcome of the TJX data spill?

http://www.pogowasright.org/article.php?story=20071227063830294

OR: Law requires businesses to protect personal data

Thursday, December 27 2007 @ 06:38 AM EST Contributed by: PrivacyNews News Section: State/Local Govt.

... Identity theft is rampant in the U.S. The Federal Trade Commission ranks Oregon as the 13th-worst state per capita for this crime. Therefore, it's good business to protect personal information. And in a few days -- Jan. 1 -- it will be law.

The Oregon Identity Theft Protection Act (SB 583) will require businesses, organizations and government agencies to have a plan in place to protect the personal data they collect, keep and share. Personal data is defined as a person's name in combination with either a Social Security number, Oregon driver's license or identification card number, passport number or other U.S.-issued identification number or financial account number, credit or debit card number along with any required access code or password that provide access to a financial account.

All plans are not made equal --they will vary depending on the nature and size of the business. The key is taking reasonable measures to ensure the confidentiality of your customer and employee information. For example, encrypt, or make unreadable, computerized files -- especially files on laptops; designate one or more employees to coordinate a security program; and know what sensitive information you have.

Source - StatesmanJournal.com


...and a negative outcome? This is simpler than it sounds. Just give the government all the data you want kept secret, and they will match it against online data (and send the take-down notices) for you! Aren't they nice guys?

http://techdirt.com/articles/20071226/145810.shtml

Can Legislation Let People Opt-Out Of Having Their Info Show Up Online?

from the seems-like-a-long-shot dept

The "Do Not Call" list has been something of a success over the past five years, but the various attempts at similar "do not X" lists always seem a bit ridiculous. The latest, coming from the state of Connecticut, would institute an impossible to enforce and most likely unconstitutional universal opt-out list for your info online. The idea is that there are so many directory sites/people search engines/list sites online, many of which have your name, address and potentially other information such as where you work. The law proposed by Connecticut's governor would allow you to "opt-out" and require all of these sites to take your info offline. Of course, as the article notes, much of that info is already public info and there's nothing illegal about compiling a list of public information. Where would the line be drawn? If your info shows up in a Google search, is Google suddenly liable? It's also unclear how you could possibly enforce a requirement that someone's name and address never get posted online. If anything, it sounds like more grandstanding legislation designed to make a politician look good rather than deal with the very real issues at hand concerning privacy.



In order to manage this (or any) risk, first you must formulate a strategy. “Don't worry about it.” isn't the one I would recommend.

http://www.pogowasright.org/article.php?story=20071226145640425

UK: Primary school data 'at risk'

Wednesday, December 26 2007 @ 02:56 PM EST Contributed by: PrivacyNews News Section: Non-U.S. News

Personal details of some two million primary schoolchildren in England is being put at risk by staff taking home unprotected data, it has been claimed.

A survey of almost 1,000 primary schools found that almost half, 49%, were backing up pupil data onto discs, memory sticks or tapes which were taken off the school premises, exposing the material to loss or theft.

IT experts, RM School Management Solutions (RM SMS), which carried out the survey, said that just 1% or respondents encrypted the data.

Source - ThisIsGrimsby.co.uk



Not uncommon for data to exist in one system, but be unavailable to another. You have to PLAN to use your data to advantage...

http://valleywag.com/337804/

SF meter maids ticket stolen car 29 times

A San Francisco woman reported her Honda Civic stolen to the San Francisco police. A few weeks later, she got a parking citation in the mail for her stolen car. Then she got another. And another. In total, her car got ticketed 29 times while being listed as stolen. She called the police and the city's Department of Parking and Traffic, but didn't get any solid answers about the whereabouts of her car, nor why it was being ticketed after being reported stolen. Eventually, she and a friend decided to drive around locations where the car had been ticketed to try to find it.

After driving for three hours, they located the car and waited for an hour before the police showed up. San Francisco's finest were not interested in catching the thieves and didn't search the car before releasing it.



Hey, we don't lecture so you can quote us!

http://techdirt.com/articles/20071226/014929.shtml

Professor Uses Copyright Threats After Joke Commercial Uses Some Of His Lecture

from the copyright-insanity dept

So many stories of copyright being abused, so little time... The latest, as sent in by Jon and a few others involves an MIT professor who got upset when he found out that a commercial for a Ricoh copier happened to use a tiny bit of text (2 sentences) from one of his published lectures to set up a joke. You can see the commercial here:

You can see the full lecture, but the quotes in the commercial come from the sixth paragraph. The professor then sent a legalistic letter to the folks who made the commercial, who have agreed to "settle" by donating $5,000 to two science related charities. Once again, though, we're seeing a misuse of copyright law in action -- even if the end result is positive (some extra cash for some science charities). It would seem like a clear case of fair use here, where the use of these lines in the commercial were unlikely to damage the commercial potential of the professor's work. It's yet another case where someone is using copyright to try to control all aspects of his work, when that's not its purpose at all.



Interesting. I wonder what other areas are hot?

http://techdirt.com/articles/20071226/020326.shtml

The Journalism Business Is Dying? Someone Forgot To Tell Sports Reporters...

from the time-to-go-into-sports-reporting dept

For all the whining from professional journalists about how the internet is killing newspapers and putting journalists out of work, apparently someone forgot to explain that some of the companies hiring journalists these days. The NY Times has an article noting how ESPN, Yahoo and Sports Illustrated have been slugging it out trying to hire sports reporters from various newspapers, sometimes at three times their existing salaries. Newspapers are complaining that they just can't keep their sports reporters -- which is a fairly amazing statement, because being a sports reporter is a dream job for many people. So, perhaps rather than freaking out about how the internet is "destroying" their business, journalists might want to start looking around at the new opportunities the internet is creating for journalists where they can keep doing what they do best, and actually earn a lot more money.



Your tax dollars at work? Another high-priority target for hackers? (The comments are interesting...)

http://slashdot.org/article.pl?sid=07/12/27/0437230&from=rss

FBI to Put Criminals Up in Lights

Posted by samzenpus on Thursday December 27, @07:52AM from the billboard-busted dept. United States Technology

coondoggie writes "The FBI today said it wants to install 150 digital billboards in 20 major U.S. cities in the next few weeks to show fugitive mug shots, missing people and high-priority security messages from the big bureau. The billboards will let the FBI highlight those people it is looking for the most: violent criminals, kidnap victims, missing kids, bank robbers, even terrorists, the FBI said in a release. And the billboards will be able to be updated largely in real-time — right after a crime is committed, a child is taken, or an attack is launched. Chicago, Las Vegas, Los Angeles and Miami will be among those cities provided with the new billboards."

Wednesday, December 26, 2007

...and a Merry Christmas to all Class Action lawyers!

http://www.pogowasright.org/article.php?story=20071225091744873

Facebook alarms privacy advocates again

Tuesday, December 25 2007 @ 09:17 AM EST Contributed by: PrivacyNews News Section: Internet & Computers

Six weeks after Facebook launched a controversial advertising program that tracked its members around the Internet, the Palo Alto company is quietly testing a new system that slips links to its mobile software onto smart-phones on the T-Mobile USA network without the permission of the devices' owners.

BlackBerry owners can hide the blue-and-white Facebook icon, but they can not delete it.

Brandee Barker, director of corporate communications for Facebook, said users still must choose to use the mobile application and that no personal information will be at risk. She said Facebook will not share its members' data with T-Mobile or Research in Motion, which makes BlackBerry devices. In addition, she said, neither T-Mobile nor Research in Motion is sharing the information they gather about a person's location or the contacts stored on his or her BlackBerry with Facebook.

Source - SiliconValley.com



Unfortunately, a logical (perhaps not ethical) conclusion.

http://www.eweek.com/article2/0,1895,2240150,00.asp

Where Does TJX Lie on the Naughty-Nice Line?

December 24, 2007 By Evan Schuman

As the TJX case all but winds itself to a close, it's not a bad time to look at everything we've learned and try and answer the holiday-themed IT security question: Does TJX deserve a lump of coal for the worst data breach in credit card history, affecting some 100 million credit cards?

Regular readers of this column know that I have had a wide range of less-than-flattering things to say about the security setup of The TJX Companies, but there's a broader question here. TJX is a business. A $16-billion-a-year massive retail chain kind of business. As a publicly held company, it has a fiduciary obligation to do things in a certain way. [Not so. HOW they achieve goals is completely open. Bob]

If we move away from the question, "Did TJX do everything possible to try and protect consumer data?" (which merits a "What planet are you on? Of course it didn't,") and focus on, "Did TJX do what was reasonable and appropriate at the time it did it?" things look a lot different.

The latest news was utterly predictable. TJX's deal with Visa, in which TJX would give money to certain banks in exchange for promises to not sue, was approved overwhelmingly on Dec. 20. Two days earlier, TJX also worked out similar settlements with most of the banks suing it. In short, only one bank is left suing TJX and that litigation will happen in Alabama state court. The consumer class action lawsuit is essentially settled as well. (The final approval will come from a federal judge who has already said he will approve it.)

The core problem with the TJX cases is that the lawsuits wanted to accuse TJX of something that is not illegal in any state. They wanted to hold the retailer liable for not properly protecting consumer credit card data. But there isn't anything on the books in any state or the federal government that requires that. Some industry efforts—most notably the PCI DSS (Payment Card Industry's Data Security Standard)—seek to require it, but those efforts have no muscle, other than the ability to deny a chain the right to accept the cards for payment.

But the persuasive power of any threat is in direct proportion to the likelihood that said threat would ever be carried out. The card brands might exclude some tiny store to make a point, but the amount of lost revenue from excluding a Wal-Mart, a Target or a TJX would make that threat rather non-frightening.

One of TJX's defenses has been that its security wasn't materially worse than any other retailer of similar size. Sadly, it's a true point and one which we made in this column many months before TJX made it.

But that's not TJX making excuses. When the chief financial officer and CIO of any retailer evaluate technology investments, they look at the issues of return on investment (a big-time Achilles heel for security), risk avoidance (the savior for security) and keeping up with the Joneses. Expenditures will seem prudent as long as the company's security measures are not dramatically different from those of other similarly sized retailers.

Let's take a quick look at the lawsuits, because they become relevant here.

Myth #1: TJX was sued because it was breached. Reality: Tons of retailers are breached every week. TJX was sued because word of this breach was announced and—much more importantly—because TJX has deep pockets. Without sounding like a corporate titan apologist, the suggestion that TJX was sued because it has money is really not that far off.

Myth #2: TJX was sued because its security was pathetic. Reality: this myth is a lot closer to the truth, but again, tons of retailers have pathetic security. To honestly evaluate TJX's decisions requires a lot of context. Had TJX invested a lot more money in beefing up its security, would this breach have necessarily been prevented? How about future breaches? Had the TJX CFO asked that question a few years ago, I think the question would have been, "There's no way to make any system completely secure, sir, no. We could spend all this money and theoretically still get breached."

TJX was spending millions on security and its security systems—although weak—do not appear to be that much worse than others in that space.

The lawsuit issue is an interesting one. What if TJX had approved all of those security upgrades and still gotten breached? Even better, what if it had spent an extra $100 million and made its systems quite secure—much more so than similarly sized rivals—and avoided a breach? Now what if its profits plunged? Could not stockholders have sued the company for having spent money recklessly and needlessly? How many advertising campaigns and CRM (customer relationship management) programs and Web site upgrades would have been delayed because that money had been put into security? [Most unlikely. However, it would have been useful to have someone look at activity logs – they could have detected the hackers setting up new passwords. Bob]

I'm not saying that TJX was blameless. (I'm still waiting for an explanation of how intrusions continued to happen for multiple years before they were detected.) But I am pointing out that security investments are among the most difficult decisions and we need to be careful before criticizing those decisions.

A small window into the thinking of TJX came out in court filings that quoted TJX CIO Paul Butka's e-mails. They revealed a thoughtful internal debate about wireless security upgrades, in which cost was indeed a consideration, as it needed to be, and there was an intent to eventually make the upgrades.

That said, 'tis time to make that Santa Coal recommendation.

I'd say yes to coal for most of the major retailers for dropping the ball on security. Bigger chunks of coal need to go to state legislators and the U.S. House and Senate for failing to pass any laws protecting consumer data (although Minnesota got quite close). But to TJX? I'd give it a pass.

TJX theorized—correctly—that any breach wouldn't cause any impact on sales, as consumers (protected by the card brands' zero-liability deals) would stand by it. With that regrettable fact out there, it would have been extremely difficult for TJX to have justified spending much more than it did.


Well, this should solve everything!

http://www.pogowasright.org/article.php?story=20071225091459514

TJX creates executive jobs to deal with privacy issues

Tuesday, December 25 2007 @ 09:14 AM EST Contributed by: PrivacyNews News Section: Breaches

TJX Cos. is getting on the privacy bandwagon.

The Framingham parent of stores including TJ Maxx and Marshalls - and the target of a record-setting data breach discovered at the end of last year - has given the title of "chief privacy officer" to one of its senior executives and is looking to fill the position of "privacy director," according to a memo circulated by its search firm, Heidrick & Struggles.

.... TJX spokeswoman Sherry Lang declined to provide more details yesterday except to note that senior executive vice president for administration and business development Jeffrey Naylor also gained the title of chief privacy officer within the past year. "In today's world, privacy issues are increasingly challenging and are an area of ongoing focus for many large companies, including TJX," Lang wrote in an e-mail.

Source - Boston Globe



Interesting analysis. Makes me wonder if we (managers) made any real effort to understand computers until a few years ago. (see: The Dynamo and the Computer, Paul A. David)

http://www.news.com/Eight-business-technology-trends-to-watch/2030-1069_3-6223397.html?part=rss&tag=2547-1_3-0-5&subj=news

Eight business technology trends to watch

From the McKinsey Quarterly Special to CNET News.com December 26, 2007 4:00 AM PST

Technology alone is rarely the key to unlocking economic value: companies create real wealth when they combine technology with new ways of doing business.



See what happens when you elect Sonny Bono pharaoh?

http://www.int.iol.co.za/index.php?set_id=1&click_id=68&art_id=nw20071225181150885C328825

Egypt to copyright pyramids

December 25 2007 at 06:17PM

Cairo - In a potential blow to themed resorts from Vegas to Tokyo, Egypt is to pass a law requiring payment of royalties whenever its ancient monuments, from the pyramids to the sphinx, are reproduced.

Zahi Hawass, the charismatic and controversial head of Egypt's Supreme Council of Antiquities, told AFP on Tuesday that the move was necessary to pay for the upkeep of the country's thousands of pharaonic sites.

"The new law will completely prohibit the duplication of historic Egyptian monuments which the Supreme Council of Antiquities considers 100-percent copies," he said.

"If the law is passed then it will be applied in all countries of the world so that we can protect our interests," Hawass said.



For some of us, this is amusing.

http://www.bespacific.com/mt/archives/016930.html

December 25, 2007

1950-1955, The Intelligence Community

Press release: "The Office of the Historian, Bureau of Public Affairs, U.S. Department of State, released...a retrospective intelligence volume in the Foreign Relations of the United States series, documenting the development and consolidation of the intelligence community. This volume, The Intelligence Community, 1950–1955 (867 pages, PDF), is the sequel to The Emergence of the Intelligence Establishment, 1945–1950, published in 1996. This new volume, which is organized chronologically from January 1950 to December 1955, documents the institutional growth of the intelligence community during its heyday under Directors Walter Bedell Smith and Allen W. Dulles, and demonstrates how Smith, through his prestige, ability to obtain national security directives from a supportive President Truman, and bureaucratic acumen, truly transformed the Central Intelligence Agency (CIA). It closes with a collection of relevant National Security Council Intelligence Directives (NSCIDs) issued during the years 1950–1955 as approved by the National Security Council and the President, as well as revisions to earlier NSCIDs published in the Emergence of the Intelligence Establishment, 1945–1950."

Tuesday, December 25, 2007

Mele Kalikimaka!

http://en.wiktionary.org/wiki/Merry_Christmas_and_a_Happy_New_Year%21



Oh, the horror! Perhaps a match against the Congressional Directory (http://www.gpoaccess.gov/cdirectory/index.html) is in order?

http://it.slashdot.org/article.pl?sid=07/12/25/0050204&from=rss

Thousands of Adult Website Accounts Compromised

Posted by kdawson on Tuesday December 25, @04:01AM from the how-not-to-handle-a-data-breach dept. Security

Keith writes "Tens of thousands — or maybe more — accounts to adult websites were recently declared compromised and apparently have been that way since some time in October 2007. The break occurred when the NATS software used to track and manage sales and affiliate revenues was accessed by an intruder. The miscreant apparently discovered a list of admin passwords residing on an unsecured office server at Too Much Media, which makes and maintains NATS installations for adult companies. It would appear that Too Much Media knew of the breach back in October, and rather than fixing the issue tried to bury it by threatening to sue anyone in the adult industry who talked about it."

The article gives suggestions for anyone who opened an account at any adult website in the last several months.


Related?

http://digg.com/security/The_Big_Brother_Watching_Your_Screen_2

The Big Brother Watching Your Screen !! watch!

5min.com — Van Eck phreaking is the process of eavesdropping on the contents of a CRT display by detecting its electromagnetic emissions.Information that drives the video display takes the form of high frequency electrical signals.

http://www.5min.com/Video/Spy-Using-Van-Eck-Phreaking-2455034



Clear indication that management knows nothing about technology (or that their PR department assumes the public knows nothing)

http://www.pogowasright.org/article.php?story=20071224073512205

(update) UK: PCT's memory stick is recovered uncorrupted

Monday, December 24 2007 @ 07:35 AM EST Contributed by: PrivacyNews News Section: Breaches

A MEMORY stick containing data from doctors' practices across the county was lost. The data mislaid by the East and North Herts Primary Care Trust that included reports from GP practices is yet another case of wholesale information loss by government services.

National newspapers revealed on Sunday the body was one of nine bodies around the country to lose important medical and personal information.

A PCT spokeswoman told the WHT the loss was reported as a "precaution" and that the stick was found uncorrupted. [Why is that a good thing? Bob]

.... * A spokesman for the East and North Herts NHS Trust confirmed it was not involved in any misplaced data.

He said: "Contrary to the impression provided in national media reports since Sunday, the trust is not one of the nine NHS organisations that the Department of Health has confirmed mislaid patient data recently.

Source - Herts24



We're thinking of retiring our pigeons.”

http://www.bespacific.com/mt/archives/016915.html

December 23, 2007

Postal Service Strategic Transformation Plan 2006-2010

"The Strategic Transformation Plan 2006-2010 details how the Postal Service will improve the value of mail while continuing to address the nation's mailing needs with affordable and reliable universal service. Like the 2002 Transformation Plan, it will drive the Postal Service to become even more streamlined and efficient, and continue to achieve record levels of service and customer satisfaction."



What a business model! That God bidness is pretty profitable!

http://hosted.ap.org/dynamic/stories/O/ONLINE_TITHING?SITE=VALYD&SECTION=HOME&TEMPLATE=DEFAULT

Church Collections Go Online in Ohio

Dec 24, 11:19 AM EST

CINCINNATI (AP) -- No cash for the collection basket at church? No problem. The Roman Catholic Archdiocese of Cincinnati has made online giving an option for its 230 parishes and 110 parochial and diocesan schools in its 19-county region.


They even have good Loss-Prevention technology. (Merry Christmas, thieves...)

http://news.bbc.co.uk/2/hi/americas/7158698.stm

Last Updated: Sunday, 23 December 2007, 22:47 GMT

US infant Jesus statue to get GPS

A statue of the infant Jesus on display near Miami in Florida is being fitted with a Global Positioning System device after the original figurine was stolen.

The near-life-size figure forms part of a nativity scene in Bal Harbour.

The original vanished three weeks ago, despite being bolted to the ground.

Dina Cellini, who oversees the display, says the statues of Mary and Joseph will also be fitted with a satellite tracking device to deter thieves.

She said: "I don't anticipate this will ever happen again, but we may need to rely on technology to save our saviour."

A Jewish lawyer, Jeffrey Harris, from Cincinnati, who read about the theft on the internet, has donated the new Jesus figurine in the Founders Circle area of the city.

Mr Harris, who celebrates Hanukkah, not Christmas, told the Miami Herald: ''I felt bad. How could someone steal a baby Jesus? Even though I am Jewish, I like the Christmas spirit.''



Useful now?

http://www.killerstartups.com/Search/Wsooglecom---The-Web-Service-Directory-Solution/

Wsoogle.com - The Web Service Directory Solution

Wsoogle, though hard to say, is not to be overlooked. It’s an online directory for web services and resources that span the globe. It’s useful for finding software, programs, and services that cater to your needs. Wsoogle covers 15 wide-ranging areas including e-commerce, business, internet and government. By using Wsoogle to find the software solution for your business or company, you save both time and money. Companies may also create revenue by selling their web service solutions through Service Oriented Architecture.Wsoogle uses web service search engine technology that searches keywords and UDDI registries for web services rather than simply searching the web itself. It crawls the web 24 hours a day, ensuring up-to-date information. Search results are clustered based on keywords so you can shop around and compare services until you find one that suits you.

http://www.wsoogle.com/directory.do



This might become useful....

http://www.killerstartups.com/Web20/Spipracom---Leave-a-Comment-on-any-Website/

Spipra.com - Leave a Comment on any Website

Have you even been enraged by an article online but unable to vocalize your two cents? Many websites frustratingly have no comment sections, but Spipra changes that- the website is a centralized outlet for commenting on web pages. Users simply enter the web link into Spipra and all comments are stored on the site. Web pages that do not have commenting capabilities can also have permanent links back to Spipra so users can instantly click through to the site and type in their point of view. It also allows users to comment on a variety of web pages with just one unique login. Spipra is a completely free service.

http://www.spipra.com/

Monday, December 24, 2007

Sounds like an education issue. NO ONE should ignore a potential security breach. (You have to make some changes to the system to get an ATM to screw up like this...)

http://www.pogowasright.org/article.php?story=20071224065017673

Ca: ATM spits out private info

Monday, December 24 2007 @ 06:50 AM EST Contributed by: PrivacyNews News Section: Older News Stories

An Edmonton man was shocked when an ATM [at the Manning Crossing branch of the Royal Bank ] he was using started spitting out personal financial information on 25 other customers, including account numbers and corresponding account balances.

... The couple alerted the branch manager but were told the information couldn't be used for anything since each account number was missing five digits.

The girlfriend didn't buy it.

"That's not true. I used to work for Royal Bank. I know that these numbers are account numbers," she said, adding that she and Kostiuk felt the bank didn't take their concerns seriously.

Source - Edmonton Sun




...because

http://www.pogowasright.org/article.php?story=20071224065320633

Data “Dysprotection:” breaches reported last week

Monday, December 24 2007 @ 06:53 AM EST Contributed by: PrivacyNews News Section: Breaches

A recap of incidents or privacy breaches reported last week for those who enjoy shaking their head and muttering to themselves with their morning coffee. Source - Chronicles of Dissent



Observing is not seeing Yogi Berra? Just because you deal in information, does not mean you can connect the dots...

http://www.veryshortlist.com/vsl/daily.cfm/review/346/Website/newseum-again-lewiston-tribune/

DECEMBER 20, 2007

Professor Moriarty probably didn’t get his start this way

Here at Very Short List, we pride ourselves on being ahead of the curve. But sometimes we’re downright prescient.

On December 14, we pointed you to the website for the Newseum, a real-time collection of the front pages from nearly 600 daily newspapers from across the country and around the world. Had you gone on the site that very day to look at the front page of the Lewiston Tribune (of Lewiston, Idaho, population 31,293), you too could have played the role of an armchair Sherlock Holmes.

That morning, page 1A ran two substantial photos: In one, a husky man in a black-and-blue checkered coat is seen hanging Christmas decorations in a shop window. In the other, a surveillance camera shows a convenience-store customer’s unattended wallet being swiped by

. . . a husky man in a black-and-blue checkered coat. Local police noticed the similarities, and quickly arrested the hapless criminal mastermind for felony second-degree theft. If the charges stick, we’ll gladly take the credit for the collar.



What's next?

http://www.wbay.com/Global/story.asp?s=2776926

Police Begin Fingerprinting on Traffic Stops

By Sarah Thomsen

If you're ticketed by Green Bay police, you'll get more than a fine. You'll get fingerprinted, too. It's a new way police are cracking down on crime.

If you're caught speeding or playing your music too loud, or other crimes for which you might receive a citation, Green Bay police officers will ask for your drivers license and your finger. You'll be fingerprinted right there on the spot. The fingerprint appears right next to the amount of the fine.

... Police say they want to prevent the identity theft problem that Milwaukee has, where 13 percent of all violators give a false name.

... Citizens do have the right to say no. "They could say no and not have to worry about getting arrested," defense attorney Jackson Main said. "On the other hand, I'm like everybody else. When a police officer tells me to do something, I'm going to do it whether I have the right to say no or not."



The cost of repair would shoot up due to the increase in liability. If a $15 per hour techie can't figure out what's wrong, he just starts replacing parts until something works. If you got the parts back and someone else could prove there was nothing wrong with them...

http://yro.slashdot.org/article.pl?sid=07/12/24/0131228&from=rss

Should Apple Give Back Replaced Disks?

Posted by kdawson on Sunday December 23, @11:53PM from the consider-it-a-trade-in dept. Privacy

theodp writes "As if having to pay $160 to replace a failed 80-GB drive wasn't bad enough, Dave Winer learned to his dismay that Apple had no intention of giving him back the disk he paid them to replace. Since it contained sensitive data like source code and account info, Dave rightly worries about what happens if the drive falls into the wrong hands. Which raises an important question: In an age of identity theft and other confidentiality concerns, is it time for Apple — and other computer manufacturers — to start following the practice of auto mechanics and give you the option of getting back disks that are replaced?"



Learn like Pres. Bush! Seriously, there seems to be a recognition that the Internet has changed the way people educate themselves. Perhaps Universities will be reduced to proctoring the final exams...

http://insidehighered.com/news/2007/12/12/openyale

Dec. 12

Open Courses Open Wider

For those inclined to dig through university Web sites, it’s long been possible to browse scattered lecture notes and PowerPoint slides intended for enrolled students. A handful of colleges intentionally make course materials available to anyone with an Internet connection, and now a major name may redefine expectations for online learning. Following its announcement last year, Yale University on Tuesday launched its free, online archive of popular undergraduate courses — including not only syllabi, problem sets and course materials, but videos and audio files of the lectures themselves.

Dubbed Open Yale Courses, the Web site’s creators hope the archive will serve as a resource for students abroad or even as support for lecturers at other institutions who need to supplement their own material. In the spirit of keeping information freely available, the lectures are protected under a Creative Commons legal license that allows users to download, share and remix the material in any way they see fit, as long as their purposes aren’t commercial and they credit Yale.


...because it is so easy to share information.

http://www.killerstartups.com/User-Gen-Content/SlideStarde---Learn-Something/

SlideStar.de - Learn Something

SlideStar is an open educational platform akin to your local college or library but in cyberspace. The SlideStar community is made up of mainly students and academics who can exchange any educational content and material they find useful. Publishers of content are free to define their own terms of use. If agreed upon, materials can be used and furthered for your own studies or research. Your Slideware (content) can come in any number of formats such as the almighty PowerPoint slide, an audio file, video, PDFs, Word, of course, and plenty of other mediums to suit your learning pleasure. Profs can share their e-lectures with just their students, or the whole world if they so choose. This is a community and like any online community these days, members can pick and choose their favorite Slideware by ratings and votes. Organizations, aptly called Slidespots in SlideStar lingo, can register and let others view what they have to offer. A world map shows each registered SlideSpot for easy comparison. Anyone can become a SlideStar. Even you.

http://www.slidestar.de/main.html



Every try searching for something on Craig's List? You have to do a separate search in each city, right? Well not any more... (Tested by one of my research associates who was looking for a 1972 Volvo for his collection.)

http://www.crazedlist.org/

crazedlist.org

search craigslist like a madman

Sunday, December 23, 2007

Y2K! Y2K! The next great Class Action?

http://news.yahoo.com/s/ap/20071221/ap_on_hi_te/cellular_sunset

Users left in lurch by network shutdown

By PETER SVENSSON, AP Technology Writer Fri Dec 21, 5:18 PM ET

When Adele Rothman bought her 16-year-old son a car in 2003, she made sure to pick one that had OnStar, the onboard communications and safety system.

What the Scarsdale, N.Y., resident didn't know was that the OnStar system in the car was already doomed to die. The federal government decided in 2002 to let cellular carriers shut down analog cell phone networks, used by Rothman's Saab and about 500,000 other OnStar-equipped cars, after Feb. 18, 2008.

... Perhaps a million cell phones will lose service, but those are cheap and easy to replace. [Watch the quick dismissal. Not everyone thinks replacing cell phones is cheap. Bob] The effects will be felt the most by people who have things that aren't phones but have built-in wireless capabilities, like OnStar cars and home alarm systems.

The shutdown date has been known years in advance, but some industries appear to have a had a problem updating their technologies and informing their customers in advance, which raises the question of whether the effects will be even more widespread the next time a network is turned off, given the proliferation of wireless technology.

General Motors Corp., which owns OnStar, started modifying its cars after the 2002 decision by the Federal Communications Commission to let the network die, but some cars made as late as 2005 can't use digital networks for OnStar, nor can they be upgraded. For some cars made in the intervening years, GM provides digital upgrades for $15.

In 2006, OnStar said it had let customers know of the shutdown with a posting on its Web site. [I wonder what percentage of users they reached? Bob]

... Rapid development in the wireless field now means a faster, better technology always lurks just around the corner, tempting carriers to upgrade. Digital networks will almost certainly have shorter life spans than the 24-year run for AMPS, causing problems for manufacturers who want to include wireless technology in things that have long life spans.

"If you've got a product that's going into the market for five years, for 10 years, for 15 years, how do you pick a technology that's going to be around that long?" [It's called “planning for change” Bob asked Chris Purpura, senior vice president of marketing at Aeris Communications.



Law students need a hobby...

http://yro.slashdot.org/article.pl?sid=07/12/22/1928246&from=rss

U.Maine Law Clinic Is First To Fight RIAA

Posted by kdawson on Saturday December 22, @03:33PM from the lawyers-guns-and-money dept. The Courts Music

NewYorkCountryLawyer writes "'A student law clinic is about to cause a revolution' says p2pnet. For the first time in the history of the RIAA's ex parte litigation campaign against college students, a university law school's legal aid clinic has taken up the fight against the RIAA in defense of the university's students. Student attorneys at the University of Maine School of Law's Cumberland Legal Aid Clinic, under the supervision of law school prof Deirdre M. Smith, have moved to dismiss the RIAA's complaint in a Portland, Maine, case, Arista v. Does 1-27, on behalf of two University of Maine undergrads. Their recently filed reply brief (PDF) points to the US Supreme Court decision in Bell Atlantic v. Twombly, and the subsequent California decision following Twombly, Interscope v. Rodriguez, which dismissed the RIAA's 'making available' complaint as mere 'conclusory,' 'boilerplate' 'speculation.'"



Next: Ye Royal Blog?

http://hosted.ap.org/dynamic/stories/B/BRITAIN_QUEEN_YOUTUBE?SITE=VALYD&SECTION=HOME&TEMPLATE=DEFAULT

Britain's Queen Takes Up YouTube

By THOMAS WAGNER Associated Press Writer Dec 23, 7:06 AM EST

LONDON (AP) -- Britain's 81-year-old Queen Elizabeth II, considered an icon of traditionalism, launched her own special Royal Channel on YouTube Sunday.

The queen will use the popular video-sharing Web site to send out her 50th annual televised Christmas message, which she first delivered live to the nation and its colonies on Dec. 25, 1957.

... On Tuesday, Queen Elizabeth II's annual Christmas speech can once again be downloaded as a podcast from http://www.royal.gov.uk. It also is being made available on television in high definition for the first time.

---On the Net: The Royal Channel: http://www.youtube.com/theroyalchannel



You can never have too many of these...

http://www.killerstartups.com/Video-Music-Photo/Filshnet---Free-Clip-Converter/

Filsh.net - Free Clip Converter

Filsh.net is simply a video converter, and only a very good and simple to use video converter. All the major video portals are supported, and all you have to do is find in any of them the content you like and copy the URL for that video in the Filsh.net’s video URL box, choose the format and quality you want it downloaded in and violá! You have all those cool videos to keep and to view offline.

http://filsh.net/



For online educators...

http://www.killerstartups.com/Web-App-Tools/Themeguruscom---Open-Source-Design/

Themegurus.com - Open Source Design

Themegurus.com is a site that provides custom themes and layouts for LMS or e-learning communities like Moodle, Joomla and Dokeos. The idea is to provide several design and layout options that allow users to maximize the resources that these portals provide, at making it easier for users to synchronize learning methods with the content, schedule tests, generate sophisticated tracking systems, facilitate interactive features like dictionaries or self-made glossaries, etc. In order to use this site’s design solutions you need to become a member: $100 will buy four months of unrestricted access to the site’s content plus tech support and further customization options. However, if the project you are working in does not require such an investment, you can take advantage of some of the free available options.

http://themegurus.com/



Sue da bastid!

http://www.consumingexperience.com/2007/12/seasonal-santa-funnies-privacy-distance.html

Seasonal Santa funnies - privacy, distance selling, environmental etc.

Santa putting children's information at risk, warn experts -

Santa ignores children's refund rights, warn experts -

Reckless Santa could cause yuletide chaos, warn experts -

Santa's hiring policies may discriminate, warn experts -

Santa: environmental catastrophe?-



I suppose it beats driving through the neighborhoods looking for garage sales...

http://www.killerstartups.com/Search/Freealertorg---Find-Free-Stuff/

Freealert.org - Find Free Stuff

Freealert.org is a search and alert system that allows users to receive information on stuff that is being given away in their area. In order to use this service, users have to create a profile where they indicate what free stuff they want to be alerted about.

http://freealert.org/