Thursday, September 18, 2008

Let me guess, her password was “HockeyMom?' Is this a planned leak to show that she (unlike her running mate) is computer literate?

http://www.pogowasright.org/article.php?story=20080917112638893

Group Posts E-mail Hacked from Palin Account

Wednesday, September 17 2008 @ 11:26 AM EDT Contributed by: PrivacyNews

The activist group known as Anonymous, which earlier took on Scientology, has published screenshots of e-mail messages and images that it says came from a private e-mail account belonging to Governor Sarah Palin at gov.palin@yahoo.com. The data has been published by WikiLeaks.

Threat Level has confirmed the authenticity of at least one of the e-mails.

Source - Threat Level blog


Related

http://www.pogowasright.org/article.php?story=20080918052543426

Hackers break into Sarah Palin's e-mail account

Thursday, September 18 2008 @ 05:25 AM EDT Contributed by: PrivacyNews

Hackers broke into the Yahoo! e-mail account that Republican vice presidential candidate Sarah Palin used for official business as Alaska's governor, revealing as evidence a few inconsequential personal messages she has received since John McCain selected her as his running mate.

"This is a shocking invasion of the governor's privacy and a violation of law. The matter has been turned over to the appropriate authorities and we hope that anyone in possession of these e-mails will destroy them," the McCain campaign said in a statement.

The Secret Service contacted The Associated Press on Wednesday and asked for copies of the leaked e-mails, which circulated widely on the Internet. The AP did not comply. [The FBI should hire someone who knows how to access the Internet! Bob]

Source - Breitbart.com

[From the article:

Her husband used "fek9wnr" in his address. "Fe" is the representation for iron, and "k9" is an abbreviation for canine. Todd Palin was the winner of the grueling Iron Dog snowmobile race, and "fek9wnr" also is Todd Palin's vehicle license tag in Alaska.



Was TJX just the tip of the iceberg or is this a new contender for “top honors?”

http://www.pogowasright.org/article.php?story=20080917185326833

Has Another Major Retailer Security Breach Occurred?

Wednesday, September 17 2008 @ 06:53 PM EDT Contributed by: PrivacyNews

The Consumerist blog is reporting that they've been receiving inquiries from readers about an unnamed merchant breach that has led to replacement of Citibank cards. One customer service rep reportedly told a customer that this involved a hack and could be as big as the TJX breach.

So what is this breach and is it related to the an earlier report we posted that AmEx was also replacing cards due to a breach at an unnamed merchant?

The timing of all this is interesting and I wonder if the sudden flurry of card replacements is a result of the government notifying even more businesses that they had been hacked by the ring involved in the TJX breach. I guess we'll just have to wait until more is revealed.

It really would be so much easier to report the news if the news contained actual .... um... details.

[From the article:

...when I asked customer service who the merchant was who may have been compromised, she said she did not have that information, but that it came straight from Visa and Mastercard and that it happened in the last 6-8 months.



I often wondered what all those state employees did all day.

http://www.pogowasright.org/article.php?story=20080917111907933

Trojan horse captured data on 2,300 Oregon taxpayers from infected gov't PC

Wednesday, September 17 2008 @ 11:19 AM EDT Contributed by: PrivacyNews

The Oregon Department of Revenue has been contacting some 2,300 taxpayers this week to notify them that their names, addresses or Social Security numbers may have been stolen by a Trojan horse program downloaded accidentally by a former worker who was surfing pornographic sites while at work in January.

Source - Computerworld

[From the article:

Internet usage is monitored on a random basis for all 1,000 of the agency's employees, Hardin said, but workers at that time were allowed to conduct personal Web business, such as checking their banking or personal e-mail accounts, during lunch and other breaks. Since the incident, however, workers are no longer permitted to conduct any personal business on agency computers while at work. "We've changed our policy for now to prohibit personal use because we want to minimize the risk of this ever happening again." [Is this the best solution? Will it employees simply use their handheld devices instead? Bob]



How to forecast the cost of a security breach... (The spreadsheet is getting bigger every day.)

http://www.pogowasright.org/article.php?story=20080918053216935

Surviving an FTC Investigation After a Data Breach

Thursday, September 18 2008 @ 05:32 AM EDT Contributed by: PrivacyNews

Most large companies have likely experienced numerous information security incidents in the recent past. Given the high number of state security breach notification laws, incidents requiring notification have become relatively commonplace. These incidents range from the most innocuous to the most malicious - from a simple theft of an employee's laptop or a vendor's loss of backup tapes to a rogue employee stealing customer credit card data, a phishing attempt or a large-scale system intrusion.

[...]

When a company notifies affected individuals of a security breach, the information quickly becomes public. Security breaches garner not only the attention of the media, but also the attention of the consumer advocacy community. Since 2005, the Privacy Rights Clearinghouse, a nonprofit consumer advocacy organization, has maintained a publicly available Web site containing a chronology of reported security breaches. See http://www.privacyrights.org/ar/ChronDataBreaches.htm (last visited Aug. 19, 2008).

The chronology currently provides details on more than 1,000 breaches impacting more than 236 million records containing sensitive personal information. Given the publicity, it should come as no surprise that a byproduct of the notification requirement is increased awareness by regulators at both the state and federal levels. Most prominently, this has resulted in increased investigatory activity by the FTC.

Source - New York Law Journal

Comment: so sites such as this one are helping. Good! -- Dissent

[From the article:

Between 1999 and 2005, FTC enforcement in the privacy and information security arena focused primarily on the "deceptiveness" prong of §5. A "deceptive" trade practice in the privacy context typically involves inaccurate or untrue representations to the public regarding a company's information practices. In practice, these representations are made in Web site privacy notices, which California law requires many companies to post. [So what should/shouldn't you say? Might make a good Journal article... Bob]

... Starting in 2005, the FTC began to expand its jurisdiction in the privacy and information security context by focusing on information security breaches using the "unfairness" prong of §5.

... From beginning to end, an FTC investigation and enforcement action against a company as a result of a data security incident can take over two years and cost the target company millions of dollars in legal and consulting fees. Once the initial process is complete, the FTC often imposes obligations on target companies that last decades into the future.



Perhaps some rules/guidelines can be gleened from these?

http://www.pogowasright.org/article.php?story=20080918051453508

Ca: Privacy Commissioner's Findings

Thursday, September 18 2008 @ 05:14 AM EDT Contributed by: PrivacyNews

The Privacy Commissioner has published opinions in the following cases:



The Evolution of Surveillance: Why do we need a nation-wide tracking system? Because the UK has one?

http://yro.slashdot.org/article.pl?sid=08/09/17/1622223&from=rss

National Car Tracking System Proposed For US

Posted by timothy on Wednesday September 17, @12:56PM from the arrogance-of-power dept. Privacy Transportation United States

bl968 writes

"The Newspaper is reporting that the leading private traffic enforcement camera vendors are seeking to establish a national vehicle tracking system in the United States using existing red-light and speed enforcement cameras. The system would utilize Automatic Number Plate Recognition (ANPR) to track vehicles passing surveillance cameras operated by these companies. If there are cameras positioned correctly the company will enable images and video to be taken of the driver and passengers. The nice thing in their view is that absolutely no warrants are needed. To gain public acceptance, the surveillance program is being initially sold as an aid for police looking to solve Amber Alert cases and locate stolen cars."


Related One way or another, Big Brother will know where you are... (Whatever you do, don't take a hammer to your license, that could render the RFID tag inoperable.)

http://yro.slashdot.org/article.pl?sid=08/09/17/1753202&from=rss

New York Issues RFID-Encoded Drivers Licenses

Posted by kdawson on Wednesday September 17, @03:22PM from the tinfoil-hats-are-extra dept.

JagsLive passes along the intelligence that New York has become the second state to issue drivers licenses with RFID tags (Washington was the first). The new "enhanced drivers licenses" cost $30 more than the old ones. They can be used instead of a passport for entry into the US by land or sea (not air) from Canada, Mexico, and the Caribbean. Authorities say no personal information will be stored or transmitted by the chip, only an ID number that will be meaningless to anyone but DHS. Citizens of New York who prefer not to carry an identifying RFID chip can still get an old-style license. [I bet this won't be mentioned when you renew your license. Bob]


Related? (I was tipped to this by a student) I forsee a future where this is standard equipment in patrol cars (drive-by brain scanning) and anyone registering “guilty” can be arrested and held until they figure out what they are guilty of...

http://www.newscientist.com/channel/opinion/mg19926742.500-commentary-misuse-of-science-is-a-threat-to-civil-liberties.html

Commentary: Misuse of science is a threat to civil liberties

17 September 2008 A. C. Grayling Magazine issue 2674

IN JULY this year, The Times of India triumphantly announced that two people had been found guilty of murder, based largely on evidence provided by a brain-scanning technique known as brain electrical oscillations signature (BEOS) profiling. According to the report, the state police of Maharashtra "can now bank on a forensic tool to achieve speedy convictions".

I choose the following words carefully: the utter irresponsibility involved here, and its attendant outrage of justice, is staggering. It is yet another example of how technology is increasingly misapplied and abused, and represents a major threat to civil liberties.

BEOS profiling is a hopelessly crude procedure piggy-backing on sophisticated brain scanning techniques which reveal the involvement of regions of the brain in emotion, movement, memory and other functions. It involves an electroencephalogram combined with a word association test.



Another instance of retaliation against someone who points out government mis-deeds?

http://yro.slashdot.org/article.pl?sid=08/09/17/1830230&from=rss

Bavarian Police Seeking Skype Trojan Informant

Posted by kdawson on Wednesday September 17, @04:09PM from the heavy-hand dept. Privacy Government

Andreaskem writes

"Bavarian police searched the home of the spokesman for the German Pirate Party (Piratenpartei Deutschland) looking for an informant who leaked information about a government Trojan used to eavesdrop on Skype conversations. (The link is a Google translation of the German original.) There is a high probability that the Trojan is used illegally. A criminal law specialist said, 'The Bavarian authorities worked on the Trojan without a legitimate basis and now try to silence critics.' The informant need not worry since 'every information that could be used to identify him' is protected against unauthorized access by strong encryption. The Trojan is supposedly capable of eavesdropping on Skype conversations and obtaining technical details of the Skype client being used. It is deployed by e-mail or in place by the police. A Pirate Party spokesman said, 'Some of our officials seem to want to install the Big Brother state without the knowledge of the public.'"



Apple is gonna freak! ($155 for the dongle)

http://digg.com/apple/Review_EFiX_Dongle_Perfectly_Transforms_PC_to_Mac

Review: EFiX Dongle Perfectly Transforms PC to Mac

gizmodo.com — When we first heard about EFiX —a simple USB dongle that'll let you magically install Leopard on your PC—it sounded too fantastic to be true. Well, I used it to turn my gaming PC into a Mac Pro over the weekend, and I'm somewhat amazed to say this, but it works perfectly.

http://gizmodo.com/5049756/review-efix-dongle-perfectly-transforms-pc-to-mac



First the politicians, eventually everything? (and probably downloadable so you can search all those video depositions...)

http://www.killerstartups.com/Video-Music-Photo/labs-google-com-gaudi-find-video-audio

Labs.Google.com/Gaudi - Find Video Audio

http://labs.google.com/gaudi

Searching through what’s said on videos might sound a little too much like science fiction, but the folks from Google once again prove everything is possible. With this new service, you’ll be able to search for specific audio clips from various channels of YouTube videos. For example, say you want to find a specific part of a Martin Luther King Jr. speech. Just type out some of the words and you’ll be directed to that part of the video, where he says what you want to hear.

This technology is amazing, and when it grows it’s going to add great value to Google’s already powerful search service. The internet is quickly growing towards a more video-oriented scheme, and this site will allow you to search through it. While it’s a little limited as of now, it’s sure to grow into something truly amazing. If you were disappointed with Chrome, don’t lose faith in the folks from Google yet, they just seem to come up with new (and better) ideas all the time.



Geeks got value? No, just the hardware... Gives you some idea why companies are looking at Outsourcing or Cloud Computing...

http://news.slashdot.org/article.pl?sid=08/09/17/1724247&from=rss

Data Centers Crucial To Lehman Sale

Posted by kdawson on Wednesday September 17, @01:45PM from the gilt-edged dept. The Almighty Buck Data Storage

miller60 writes

"What assets retain value in the midst of a financial panic? Data centers. When assets of bankrupt Lehman Brothers were sold to Barclays Tuesday for $1.75 billion, Lehman's data centers and headquarters accounted for $1.5 billion of the value in the deal. That echoes the JPMorgan-Bear Stearns fire sale, in which Bear's two data centers and HQ represented much of the sale price. Amidst financial turmoil, Wall Street's high-tech data centers become the crown jewels for buyers of distressed assets."



I want one! (maybe two...)

http://www.infoworld.com/article/08/09/17/HP_applies_Google_model_to_new_storage_system_1.html?source=rss&url=http://www.infoworld.com/article/08/09/17/HP_applies_Google_model_to_new_storage_system_1.html

HP applies Google model to new storage system

Hewlett-Packard's ExDS storage system is an online content repository that will cost less than $2 per gigabyte or $2,000 per terabyte

By Mikael Ricknäs, IDG News Service September 17, 2008

Hewlett-Packard is getting ready to launch the ExDS storage system, which will use up to 820 1TB drives for file-based storage, packaged in two 42U cabinets.



Increasingly more common.

http://news.slashdot.org/article.pl?sid=08/09/17/228227&from=rss

Stanford To Offer Free CS and Robotics Courses

Posted by samzenpus on Wednesday September 17, @10:15PM from the now-everyone-will-know dept. Education Robotics

DeviceGuru writes

"Stanford University will soon begin offering a series of 10 free, online computer science and electrical engineering courses. Initial courses will provide an introduction to computer science and an introduction to field of robotics, among other topics. The courses, offered under the auspices of Stanford Engineering Everywhere (SEE), are nearly identical to standard courses offered to registered Stanford students and will comprise downloadable video lectures, handouts, assignments, exams, and transcripts. And get this: all the courses' materials are being released under the Attribution-Noncommercial-Share Alike 3.0 Unported license."



Now this is interesting.

http://www.killerstartups.com/Social-Networking/academia-edu-where-scholars-meet

Academia.edu - Where Scholars Meet

http://www.academia.edu

If you’re looking for a way to get in touch with your academic peers, then Academia.edu is a site you’ll find most interesting. Through this site, you’ll be able to use the many advantages of social networking to allow academics from universities around the world to create profiles and make connections with their peers. It’s a very useful tool, as it will allow universities to find qualified individuals to dictate some courses or lectures. There was a need for a site like this, were college faculty could gather and find out more about their peers from other campuses.

It’s also a great way for people who are doing research to find someone who might be involved in the same field, allowing for quicker data gathering. If you’re associated with the academic world, then you must try this out, as you are sure to find some of your peers already on it. The linking feature is amazing, with its tree-like feel, that makes it easier to see who’s associated with who.



Our favorite nut cases strike again? Someone should find a way to replace these lame-brains...

http://blog.wired.com/27bstroke6/2008/09/riaa-decries-at.html

RIAA Decries Attorney-Blogger as 'Vexatious' Litigator

By David Kravets September 17, 2008 | 6:47:01 PM

Beckerblog The Recording Industry Association of America is declaring attorney-blogger Ray Beckerman a "vexatious" litigator and is seeking unspecified monetary sanctions to punish him in his defense of a New York woman accused of making copyrighted music available on the Kazaa file sharing system.

... Readers should note the cover sheet (.pdf) of the court filing lists Richard Gabriel as the RIAA's lead counsel. Gabriel was named a Colorado judge in May and no longer works on behalf of the RIAA. [Us is gud lawyers! We just used that page because the Copyright hasn't expired. Bob]


Related Replacing lame-brains with a computer! (“We don't need no stinking lawyers!”) Is this computer practicing law without a license?

http://techdirt.com/articles/20080916/1827252285.shtml

Company Wants To Patent Automated Pay-Up-Or-We-Sue Pre-Settlement Letters For File Sharing

from the by-a-cigarette-company? dept

Well, well, well. The latest story about a "solution" to the "problem" of piracy has an interesting twist to it. A company named Nexicon, claims that it's about to launch an automated piracy tracker/payment collector. It says that it's able to watch various file sharing systems, tracking who's sharing and downloading unauthorized files -- and then sends them an automated letter demanding they pay up, including a "convenient" one-click payment system where you can settle up via your credit card or PayPal. Even better, the company claims that it's trying to patent this method, which is hardly new or unique (and, you have to wonder if Nexicon is paying Amazon a license for using "one-click" payments -- as the company even seems to brag that it copied Amazon's one-click solution).

There are plenty of questions raised by this. First, if it's actually put into use as described, it would be the first time we see the industry attempting to target downloaders as opposed to uploaders. All of the various lawsuits and pre-settlement letters have always targeted those who share the unauthorized content. But the article claims this will go after downloaders (though, it's not entirely clear how they'll know who actually downloads the file). Then, of course, there's the whole extortion question of demanding payment to avoid a lawsuit -- especially when the actual evidence may be rather flimsy.

As for the patent application (which a casual search did not turn up), it's hard to see how copying the same strategy that's been used for years by the recording industry, merged with the already-questionably-patented Amazon 1-click method is somehow patentable.

Oh yeah, there are also some questions about Nexicon itself. Just last week the company announced a deal with YouTube to provide some audio fingerprinting technology -- at which point Wired pointed out the rather bizarre history of Nexicon. It started out as an online cigarette seller, that got sued for taking orders from kids, falsely advertising cigarettes as being tax-free and then (not surprisingly) failing to report taxes. Then there were the problems with the SEC over not filing its tax returns on time as well as questionable activities in some sort of reverse stock swap merger. Oh, and did we mention at one point the company was going to be a portal? These are the folks who are going to be popping up automated messages demanding you pay up for downloading a Frank Zappa tune?



A easy program to write: Did his lips move?

http://tech.slashdot.org/article.pl?sid=08/09/18/0332218&from=rss

Software Spots Spin In Political Speeches

Posted by samzenpus on Thursday September 18, @07:57AM from the liars-and-filthy-liars dept. Software Politics

T.S. Ackerman writes

"According to an article in NewScientst Tech, there is now software that can identify the amount of spin in a politician or candidate's speech. From the article, 'Blink and you would have missed it. The expression of disgust on former US president Bill Clinton's face during his speech to the Democratic National Convention as he says "Obama" lasts for just a fraction of a second. But to Paul Ekman it was glaringly obvious. "Given that he probably feels jilted that his wife Hillary didn't get the nomination, I would have to say that the entire speech was actually given very gracefully," says Ekman, who has studied people's facial expressions and how they relate to what they are thinking for over 40 years.' The article goes on to analyze the amount of spin in each of the candidates running for president, and the results are that Obama spins the most." [“I have not yet begun to spin” John McCain]

No comments: