Monday, July 28, 2008

Once stolen, Ids must be converted to cash. ...and there is always a market.

http://www.pogowasright.org/article.php?story=20080727190545775

Kr: Police: 9 Mil. Stolen Files Traded by Loan Ring

Sunday, July 27 2008 @ 07:05 PM EDT Contributed by: PrivacyNews

Some 9 million files of Korean credit information stolen by a Chinese hacker ended up back in Korea and were illegally sold and distributed to Korean loan firms, police say.

The Seoul Metropolitan Police Agency's Cyber Crime Investigation Division on Sunday said it had requested an arrest warrant for a 42-year-old loan go-between, identified by his surname Chun, who has fled to China. Chun is charged with W2.7 billion in illegal gains (US$1=W1,010) earned through buying information stolen by a Chinese hacker from some 2,000 Korean bank, loan firm, Internet shopping mall and university computer networks, and then using the data to mediate deals for Korean loan sharks.

... The 9 million files accessed by the Chinese hacker include 4.8 million from banks, 260,000 from loan firms, 650,000 from online shopping malls, 5,300 from universities and 3.2 million from other websites.

Source - Chosun



...because...

http://www.pogowasright.org/article.php?story=2008072806490523

Data “Dysprotection:” breaches reported last week

Monday, July 28 2008 @ 06:49 AM EDT Contributed by: PrivacyNews

A recap of incidents or privacy breaches reported last week for those who enjoy shaking their head and muttering to themselves with their morning coffee

Source - Chronicles of Dissent



http://www.pogowasright.org/article.php?story=20080728055800708

The Mosley Case and a Law of Privacy

Monday, July 28 2008 @ 05:58 AM EDT Contributed by: PrivacyNews

“Britain now has a law of privacy,” wrote Tim Luckhurst in The Guardian last Thursday. He used that bald statement for emphasis but one worrying aspect of the Max Mosley case was that some journalists appeared not to know it.

For seven years, I have been telling the editors, news editors and reporters who attend my Real Law for Journalists course about this developing law of privacy.

Source - AllMediaScotland.com

[From the article:

Look at what Mr Justice Eady said in his Mosley judgment: “There is nothing 'landmark' about this decision. It is simply the application to rather unusual facts of recently developed but established principles.”

Or what media lawyer, Dan Tench, said The Guardian: the decision “represents the culmination of nearly a decade of steady development of privacy law”. [Have we (or the British at least) reached a tipping point? Bob]

... Although News of the World editor, Colin Myler, at one point thought Mosley’s orgy had a “potential criminal flavour”, his main justification involved the third area: preventing the public from being misled by an action or statement of an individual or organisation.



An interesting (if older) hack for IBM. Sample code included.

http://digg.com/linux_unix/Build_a_Web_spider_on_Linux_3

Build a Web spider on Linux

ibm.com — Web spiders are software agents that traverse the Internet gathering, filtering, and potentially aggregating information for a user. Using common scripting languages and their collection of Web modules, you can easily develop Web spiders. This article shows you how to build spiders and scrapers for Linux® to crawl a Web site and gather information.

http://www.ibm.com/developerworks/linux/library/l-spider/index.html



Bypassing “Thou shalt not view” security

http://www.killerstartups.com/Web-App-Tools/webtomail-co-cc-view-restricted-websites-at-work

WebToMail.co.cc - View Restricted Websites at Work

Many of us work at offices where companies restrict what we are allowed to view on the web. This no longer has to be the case thanks to WebToMail. WebToMail allows users to view everything blocked by their companies simply by sending an email. When you send an email to their address of send@webtomail.co.cc with the URL of the webpage you want to view as the subject header, WebToMail automatically generates the homepage and sends it to you only a few minutes later. You can then open up the website in your mail account easily and for free. You can also highlight tabbed pictures which will open up on your browser unless your company has blocked these as well. The website itself is only a basic homepage that gives users the three simple instructions and explains its purpose.

http://webtomail.co.cc/



“Oh, what a wicked web we weave...” With many geeks looking at every lawsuit involving a hack (just for their intellectual amusement mind) anything either side says that is not absolutely accurate is going to result in a Blog post like this...

http://techdirt.com/articles/20080725/0236381792.shtml

To Make Its Case, Coupons.com Says It Blocks Users When It Doesn't

from the let's-get-this-straight dept

We recently noted the somewhat mixed ruling in the Coupons.com lawsuit over whether or not it's a DMCA violation to merely tell people to delete some files from their hard drive. The ruling noted that Coupons.com was trying to make a rather questionable argument. It's a bit technical, and it required multiple readings to really understand what's going on here, but effectively, Coupons.com is trying to invoke the DMCA's anti-circumvention clause to punish a programmer who figured out how to get around the limits enforced by Coupons.com's software, which lets users use a coupon a limited number of times. The real issue in this case is whether the software is about preventing uses or copies. If it's uses, then it's not covered by the DMCA. If it's copies, then it is. The court noted that it certainly seems like the software is focused on uses rather than copies, as there's no actual part of the software that blocks you from accessing the coupons as much as you want. It just blocks you from using them.

The programmer, John Stottlemire, who is being sued in this case, writes in to let us know that Coupons.com has just described its system in a misleading way in order to convince the court that its software really is copy protection rather than use protection, claiming: "The features block an individual computer's access to a particular coupon offer altogether if that computer does not have the proper registry keys in place." In other words, there is copy protection that blocks access if the registry keys are missing.

That claim may sound a lot like copy protection, but that's not actually how their system works. Coupons.com doesn't block access to its coupons based on a registry key -- because if you don't have a registry key, Coupons.com simply issues you new one. And that's not how copy protection usually works; that's how usage protection works. If the system worked the way it was described to the court, then first-time users, who would not have the proper registry keys, should not be able to use Coupons.com because they would be blocked from accessing coupons. But Coupons.com doesn't do that to new users -- all users without registry keys are simply given new keys (and not blocked whatsoever).

Basically, Coupons.com appears to be pretending that its software doesn't work without a certain registry key in order to convince the judge that its software actually qualifies under the DMCA as copy protection. But, if it were copy protection, then Stottlemire's programs (or written instructions) for how to defeat the software by deleting the registry key wouldn't work. All Stottlemire's method of "circumvention" would do is trigger the copy protection to deny access. So, either Coupons.com is lying to the judge, or Stottlemire's program and instructions couldn't have done what they claim it did (in which case he wouldn't have broken the law). So... basically, it sounds like Coupons.com is either lying or they have no case. And, if they're lying, they don't have much of a case either.



...and the commenters immediately suggest ways to alter the evidence anyway...

http://www.schneier.com/blog/archives/2008/07/writeonce_readm.html

Write-Once Read-Many Memory Cards

SanDisk has introduced Write-Once Read-Many Memory (WORM) cards for forensic applications.

Posted on July 28, 2008 at 5:04 AM



'cause a geek is always learning. (The website was immediately “Slashdoted”)

http://news.slashdot.org/article.pl?sid=08/07/27/1746246&from=rss

Ivy League Computer Science Curricula Exposed

Posted by timothy on Sunday July 27, @02:26PM from the so-you-don't-have-to dept. Education Books Programming

Doug Treadwell writes

"Many people have wondered what the difference is between the Computer Science education given in the average public university versus one given in an Ivy League university (or a top level public university). There have also been discussions here on Slashdot about whether any Computer Science curriculum gives students the knowledge they need for the working world. As a computer science student both questions are very important to me, so I decided to answer them for myself and build a website to share what I found. I was able to find the required reading for hundreds of courses at Stanford, Princeton, Carnegie Mellon, and Berkeley; along with some other institutions. This should also help answer some of those 'What should I read?' questions."



One comment asks, “Isn't this the great flaw of Cloud Computing?” I can think of several solutions – starting with RTFC (Read The Friendly Contract), but I bet this will be a good “argument starter.” (Long post, so I've cut a lot...)

http://ask.slashdot.org/article.pl?sid=08/07/27/1343243&from=rss

Reasonable Expectation of Privacy From Web Hosts?

Posted by Soulskill on Sunday July 27, @11:18AM from the it's-my-internet-i'll-do-as-i-please dept. Privacy

Shafted writes

"I'm in a bit of dilemma, and I'm wondering what fellow Slashdotters think regarding this subject. I've been hosting web sites for some clients for years using my own server. About a year and a half ago, I got a reseller account with a company that will remain nameless.

... it's been pretty good and has saved me from having to deal with problems like hardware and driving down to the colo at 4AM to figure out a routing problem. All-in-all, it was acceptable. Until yesterday, when I was asking for a relatively minor email-related fix, and by the tech support staff's response, they had accessed my MySQL database directly and looked at the contents; presumably, in order to tell me what I was doing wrong.

... When I asked them why they were accessing the database without my permission, they've pretty much ignored me, despite repeated requests asking why they think this is acceptable. So, my question is this: Do I, as a customer who, according to the acceptable use policy, owns my data, have a reasonable expectation of privacy for the data which I own, despite it being hosted on a third-party's server? Or do web hosting companies have the right to poke around at everyone's data as they see fit?"



Hacking for fun and profit!

http://hardware.slashdot.org/article.pl?sid=08/07/27/156237&from=rss

Hardware Hacking Guide - Citizen Engineer

Posted by Soulskill on Sunday July 27, @12:19PM from the so-i-rewired-it dept. Hardware Hacking Hardware

Solderingfool writes

"MAKE Magazine's Phil Torrone and open source hardware hacker Ladyada from Adafruit Industries have a new video series called 'Citizen Engineer.' In the first video they show how a SIM card works, then build a SIM card reader which could be used to clone a SIM card. They also show how to use an old payphone as a regular home phone, later with coins, and for their final hack — how to 'Redbox' it. They released all the projects as open source, and the video is well produced."



Another “I'm not using a phone while driving” excuse?

http://www.cbsnews.com/stories/2008/07/14/scitech/pcanswer/main4256999.shtml?source=search_story

Can The New iPhone Revolutionize Radio?

Technology Guru Larry Magid Explores The Possibilities Of Free Or Cheap Web Radio Software

SILICON VALLEY, Calif., July 14, 2008

... If this does catch on, it could be incredibly disruptive to both the terrestrial and the relatively new satellite radio industries. With the Internet, stations no longer need transmitters, satellites or hard-to-get-FCC licenses to broadcast to mobile listeners.

Startups can now compete with major broadcast companies. Of course, having a delivery vehicle doesn't mean you have a good product or the ability to market it well but, as we've discovered with blogs and podcasts, new media technologies do enable some creative new players to succeed while giving incumbent players - including CBS and other broadcasters - the opportunity to take advantage of new distribution systems.

No comments: