Wednesday, July 30, 2008

The saga of (and headlines about) the Colt security breach continue. Dragging out the revelations does not seem to be a great strategy.

http://www.pogowasright.org/article.php?story=20080730080803552

California law firm also victims of Colt Express Outsourcing Services burglary

Wednesday, July 30 2008 @ 08:08 AM EDT Contributed by: PrivacyNews

By letter to the New Hampshire Attorney General's office, the law firm Pillsbury Winthrop Shaw Pittman LLP, reports that some of their employee data from 1998 - 2002 were on computers stolen from Colt Express Outsourcing Services, Inc. over the Memorial Day weekend. Details on the employees and their dependents included name, address, birth date and Social Security Number. The total number of employees affected was not indicated in the letter.

Pillsbury Winthrop Shaw Pittman LLP is the 10th firm to be identified by this site as having been affected by the burglary. Many of the businesses were no longer doing business with Colt and have reported that old data were still on computers in the office, unencrypted.

Given the nature and scope of this incident, it would be interesting to see if future contracts with vendors include more provisions about the protection and security of data -- not only at rest, but also upon termination of any contract.



The best information we have. Long list of dubious claims by the city, clear evidence of bad security management...

http://www.infoworld.com/article/08/07/30/31NF-terry-childs-fact-fiction_1.html?source=rss&url=http://www.infoworld.com/article/08/07/30/31NF-terry-childs-fact-fiction_1.html

Sorting out fact from fiction in the Terry Childs case

San Francisco's network-abuse claims raise more questions than answers

By Paul Venezia July 30, 2008

... Here's what seems to be true, what is clearly open for question, and what lessons business IT should draw from this saga.

First, despite the many news reports claiming that Childs had shut down all or part of the city and county of San Francisco's network, what actually happened was that Childs refused to provide his superiors the passwords to the city's core FiberWAN network, effectively preventing them from administering the network. The network continued to function, and no city applications, data, or resources were lost or inaccessible.

... Following the completion of the FiberWAN, Childs looked upon his creation as art -- so much so that he applied and was granted a copyright for the network design as technical artistry. Skeptical of his colleagues' abilities, Childs became the sole administrator of the FiberWAN, and the only person with the passwords to the routers and switches that comprised the network. This state of affairs was widely known throughout DTIS, and Childs was the only point of contact for changes, troubleshooting, and overall management of this network.


Read the actual court documents.



There is a big difference between, “Let's do it!” and “Let's do it right!” You can't activate a tool without considering the implications.

http://www.pogowasright.org/article.php?story=20080730071850151

Study: Customer, Corporate Data at Risk in Telecommuting Environment

Wednesday, July 30 2008 @ 07:18 AM EDT Contributed by: PrivacyNews

From CDT: Telecommuting and the virtual office put sensitive corporate data, including the personal information of customers, at risk of compromise, according to a report released today by the Center for Democracy & Technology and Ernst & Young. The report is based on a survey of 73 organizations and recommends that companies with a telecommuting workforce need to pay more attention to the unique privacy and security risks posed by remote access. The report offers practical advice to companies on securing data accessed by employees working from home or other remote locations.

Study Press Release

Report - Risk at Home: Privacy and Security Risks in Telecommuting [pdf]



Wee! Another 'guest' at Guantanamo? (X-File Alert. This is obviously a UFO cover-up!) Arrested in 2002 following the 9/11 hysteria? I want to learn what hacking was actually done.

http://www.reuters.com/article/technologyNews/idUSL062303620080730?feedType=RSS&feedName=technologyNews

British NASA hacker to face U.S. trial

Wed Jul 30, 2008 9:06am EDT

LONDON (Reuters) - A British computer expert lost his appeal on Wednesday against extradition to the United States where he is accused of "the biggest military hack of all time" and could face up to 70 years in prison.

... Using a limited 56K dial-up modem and the hacking name "Solo" he found many U.S. security systems used an insecure Microsoft Windows program with no password protection. [Is simple access a hack?

He then bought off-the-shelf software and scanned military networks, saying he found expert testimonies from senior figures reporting that technology obtained from extra-terrestrials did exist.

At the time of his indictment, Paul McNulty, U.S. Attorney for the Eastern District of Virginia, said: "Mr. McKinnon is charged with the biggest military computer hack of all time."



An all too familiar problem

http://www.pogowasright.org/article.php?story=20080729135727871

Most Sensitive Data on Government Laptops Unencrypted

Tuesday, July 29 2008 @ 01:57 PM EDT Contributed by: PrivacyNews

Only 30 percent of sensitive information stored on U.S. government laptops and mobile devices, including the personal information of U.S. residents, was encrypted a year ago, despite a series of data breaches at government agencies in recent years, according to an auditor's report.

The report, by the U.S. Government Accountability Office, found that 70 percent of sensitive information held on laptops and mobile devices at 24 major U.S. agencies was unencrypted as of last September.

Source - PC World

Related - Information Security: Federal Agency Efforts to Encrypt Sensitive Information Are Under Way, but Work Remains, GAO-08-525, June 27, 2008



Preying on victims, an American tradition!

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyId=17&articleId=9111019&intsrc=hm_topic

Privacy group says identity-theft monitoring services may be a waste of money

Many are overpriced and offer protections that can be had for free, PRC claims

By Jaikumar Vijayan

July 29, 2008 (Computerworld) Consumers who sign up for identity-theft monitoring services may be getting a lot less protection against some common types of fraud than they assume they are, according to an online guide released yesterday by the Privacy Rights Clearinghouse (PRC).

What's more, many of the services offered by identity-theft monitoring vendors can often be obtained for free, the San Diego-based privacy advocacy group claimed. [Sounds like a business opportunity to me! Bob]



Microsoft (at last) recognizes their flagship product has reached the end of its useful life?

http://www.infoworld.com/article/08/07/29/Microsoft_prepares_for_end_of_Windows_with_Midori_1.html?source=rss&url=http://www.infoworld.com/article/08/07/29/Microsoft_prepares_for_end_of_Windows_with_Midori_1.html

Microsoft prepares for end of Windows with Midori

Midori is a componentized, non-Windows OS that will take advantage of technologies developed since the advent of Windows and likely will be Internet-based

By Elizabeth Montalbano, IDG News Service July 29, 2008

With the Internet increasingly taking on the role of the PC operating system and the growing prevalence of virtualization technologies, there will be a day when the Microsoft Windows client OS as it's been developed for the past 20-odd years becomes obsolete.



Moot if there is a clear succession plan.

http://www.pogowasright.org/article.php?story=20080729185218691

Do investors have a right to know about a CEO’s illness?

Tuesday, July 29 2008 @ 06:52 PM EDT Contributed by: PrivacyNews

Steve Jobs’ health came under scrutiny recently after the Apple chief executive’s gaunt appearance at the company’s developer conference revived memories among observers of his battle with pancreatic cancer in 2004. An analyst subsequently inquired after the CEO’s well-being on a conference call. The company has said that its founder is merely suffering from a common bug. To what extent should any chief executive feel obliged to divulge health details to investors? Is it simply a private matter? And what is the best response when such questions are raised?

Source - FT.com



Just a thought, but is this the software you would need to start your own “Internet based” TV network?

http://www.killerstartups.com/Video-Music-Photo/ftwtv-com-free-shows-movies

FTWTV.com - Free Shows, Movies

Everyone loves to watch TV, movies, and cable shows. And now, thanks to the internet, we can watch almost anything for free. Almost. We all know how angry the big media companies can get when their precious tv shows are posted on the interwebs without their permission. Lawsuit, anyone? But that hasn't stopped the posting. Take the new site, FreetoWatchTV, which is what it's name indicates-- tv and movies links provided by users to watch for free. There's no telling how long the site will last, but the concept is good. You can upload whatever TV show or movie you want for others to watch. Or, check out what's on offer now. To view, simply sign up. There are also TV channels to be watched, but you have to get an invite to have access.

http://www.ftwtv.com/



Just because they are so easy to pick on...

http://news.slashdot.org/article.pl?sid=08/07/29/2211235&from=rss

ABA Judges Get an Earful About RIAA Litigations

Posted by kdawson on Tuesday July 29, @07:20PM from the preaching-to-someone-other-than-the-choir dept. The Courts

NewYorkCountryLawyer writes

"I was afforded the opportunity to write for a slightly different audience — the judges who belong to the Judicial Division of the American Bar Association. I was invited by the The Judges Journal, their quarterly publication, to do a piece on the RIAA litigations for the ABA's Summer 2008 'Equal Access to Justice' issue. What I came up with was 'Large Recording Companies vs. The Defenseless: Some Common Sense Solutions to the Challenges of the RIAA Litigations,' in which I describe the unfairness of these cases and make 15 suggestions as to how the courts could level the playing field. I'm hoping the judges mod my article '+5 Insightful,' but I'd settle for '+3 Informative.' Here is the actual article (PDF). (If anyone out there can send me a decent HTML version of it, I'll run that one up the flagpole as well.)"

Wired is helping to spread the word on Ray's article.



I believe people read Jules Verne and thought, “How silly. Man will never make a Submarine.”

http://entertainment.slashdot.org/article.pl?sid=08/07/29/1833242&from=rss

Are We Searching Google, Or Is Google Searching Us?

Posted by kdawson on Wednesday July 30, @05:43AM from the eye-to-eye dept. Sci-Fi Google

An anonymous reader writes

"The folks at the Edge have published a short story by George Dyson, Engineer's Dreams. It's a piece that fiction magazines wouldn't publish because it's too technical and technical publications wouldn't print because it's too fictional. It's the story of Google's attempt to map the web turning into something else, something that should interest us. The story contains some interesting observations such as, 'This was the paradox of artificial intelligence: any system simple enough to be understandable will not be complicated enough to behave intelligently; and any system complicated enough to behave intelligently will not be simple enough to understand.' After you read it, you'll be asking the same question the author does — 'Are we searching Google, or is Google searching us?'"



Legal research

http://www.bespacific.com/mt/archives/018912.html

July 29, 2008

New on LLRX.com - Legal Research Training for Summer Associates

Reference from Coast to Coast: Summer Musings - Jan Bissett and Margi Heinen provide a timely and valuable refresher on a range of well-sourced, reliable, topical websites, guides, print and program materials useful for summer associate legal research training.



Tech-onomics 101: When a technology reaches the “commodity” stage, prices fall like a stone.

http://www.infoworld.com/news/feeds/08/07/29/India-developing-US10-laptop.html

India developing US$10 laptop

India is developing a laptop to be sold at US$10, that will target higher education applications, a minister of the federal government said Tuesday in Delhi.

By John Ribeiro, IDGNS July 29, 2008

... As part of this new "National Mission in Education through ICT", the government is also working on developing a very low-cost and low-power-consuming access device, according to Purandeswari. The government also plans to make available free bandwidth for education purposes to every Indian. [Attention US Presidential candidates! Bob] It plans to use this bandwidth to build a "knowledge network" between and within institutions of higher learning in the country.



We are considering this text for a Security Class – might make a good reference.

http://www.wiley.com/WileyCDA/WileyTitle/productCd-0470068523.html

Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd Edition

Ross J. Anderson

ISBN: 978-0-470-06852-6

Hardcover 1080 pages April 2008

[As is happening with increasing frequency, the previous edition is available free online. (a mere 600 pages) Bob]

http://www.cl.cam.ac.uk/~rja14/musicfiles/manuscripts/SEv1.pdf



Convergence: Extend your home network to your appliances?

http://arstechnica.com/journals/linux.ars/2008/07/29/openremote-grows-in-popularity

OpenRemote grows in popularity

By Dave Moyer Published: July 29, 2008 - 11:55AM CT

Not too long ago, Marc Fleury went public with his newest venture, an open source home automation "project" (not yet officially a company) called OpenRemote.

... Fleury continues to stress that what makes OpenRemote different from other home automation systems you may have seen is that it focuses solely on the software aspect of things. To help users who want to use the OpenRemote system in their own home, he and the community at OpenRemote have published a Bill of Materials and many other references to assist in the design, construction and implementation process.

You can sign up and join the conversations in the forums to get involved, or just learn a bit more about the system at the official website.


Related. Extend you iPhone to your car... (Any of you Venture Capitalists looking for a start-up?)

http://www.engadgetmobile.com/2008/07/28/teenager-hacks-together-hardware-for-controlling-your-car-via-ph/

Teenager hacks together hardware for controlling your car via phone

by Chris Ziegler, posted Jul 28th 2008 at 11:43PM

Using little more than book knowledge, experience from previous projects, and a healthy shot of elbow grease, a Kenyan kid has constructed a nifty (and perhaps just a little scary) box that attaches to your car to provide a number of unique remote-control features that you're not going to find on your average OnStar setup. The flagship function seems to be the real-time lockout, which can call you as the car is being started; only if you confirm that it's not some baddie trying to jack your ride will the ignition request be granted. That's not all, though -- it'll also let you dial into the car and listen in on any conversations going on within. The young man says he's seeking additional funding to take his project to the next level, but in the meantime, don't even think about making off with a white Mitsubishi the next time you're in Mombasa. Follow the break for a video of the system in action.



Another iPhone hack – sort of a reverse Ringtone for voice mail – and recorded conversations? (Also instructions for the non-iPhone user)

http://lifehacker.com/399404/how-to-transfer-iphone-voicemail-to-your-computer

How to Transfer iPhone Voicemail to Your Computer



For my website students

http://www.noupe.com/css/css-layouts-40-tutorials-tips-demos-and-best-practices.html

CSS Layouts: 40+ Tutorials, Tips, Demos and Best Practices


Ditto (An attention getter...)

http://www.killerstartups.com/Web-App-Tools/wigflip-com-signbot-create-scrolling-text-signs

Wigflip.com/signbot - Create Scrolling Text Signs

Signbot is a tool that allows users to create their own animated scrolling text LED sign. To use this tool, users enter in the text which will scroll across the page. Some typed characters will allow for picture text.

... Users then choose the width of the sign, either small, medium, or large. Next they simply select “generate sign” and wait a second for the sign to be produced.

http://wigflip.com/signbot/



Want to start you own University?

http://www.killerstartups.com/Web-App-Tools/os4ed-com-opensis-manage-school-and-student-data

Os4ed.com/opensis - Manage School and Student Data

OpenSIS is a centralized management software system that manages students, classes, facilities, and much more. This downloadable tool offers numerous features to centralize and organize information on students and the school system. The Student Demographics function keeps track of the characteristics of enrolled students. The Contact Information function keeps a complete database of student, parent, and emergency contact info. The Scheduling feature maintains a massive list of all students’ schedules and courses. Grading is kept in line with the Gradebook and Report Cards functions. Other key data, such as health records, attendance, and discipline records, can all be managed with OpenSIS as well. Furthermore, this student information system is free of charge. Users may try out and switch over to OpenSIS at no cost at all.

http://www.os4ed.com/opensis/

No comments: