Thursday, October 30, 2008

Gosh, we never thought of that...

http://breachblog.com/2008/10/29/medmutual.aspx?ref=rss

Eleven missing disks containing sensitive pensioner information

Posted by Evan Francen at 10/29/2008 2:41 PM

"Cleveland - Eleven computer disks containing personal information on thousands of Ohio retirees are missing and are believed to be somewhere in the US Postal Service, Medical Mutual of Ohio announced today."

... Medical Mutual said it was notified by the retiree systems when the disks failed to arrive at their Columbus offices.

The disks were contained in packages routinely mailed monthly by Medical Mutual for claims reconciliation purposes to the affected parties’ central offices in Columbus

... "We are confident that we will locate them. We ask Ohio Retirement System (ORS) members not be alarmed. Our investigation, so far, indicates that insufficient postage was placed on the envelopes, [“Other than being able to calculate the proper postage, we're very competent people!” Bob] therefore we believe they are likely to still be safe within the postal system," he added.

... Going forward, SERS is requiring a change in the way this information is delivered by its medical vendors. SERS expects all information to be delivered electronically in a secure, encrypted fashion. [“An exhaustive two minutes of research shows this has been the recommended “Best Practice” for years, so our Lawyers suggest we think about perhaps, kinda, considering it.” Bob]



Security Theater: Sounds to me like DC is jealous that NY got Federal (i.e. taxpayer)l money to conduct random searches and they didn't. Have they EVER detected anything remotely connected to terrorists?

http://www.pogowasright.org/article.php?story=20081030062544260

Metro to Randomly Search Riders' Bags

Thursday, October 30 2008 @ 06:25 AM EDT Contributed by: PrivacyNews

Metro officials yesterday announced plans to immediately begin random searches of backpacks, purses and other bags in a move they say will protect riders and also guard their privacy and minimize delays.

The program is modeled after one begun three years ago in New York that has withstood legal challenges.

Source - Washington Post

[From the araticle:

"We realize that all Americans everywhere are at some risk from terrorism, and that those of us who live and work in the region of the nation's capital face increased risks," ['cause we're more important than everyone else... Bob] Metro Transit Police Chief Michael Taborn said at a news conference yesterday.

U.S. intelligence agencies have long warned that the weeks just before an election and immediately after are considered a "zone of vulnerability" [I'll bet they said “time of increased vulnerability” not “zone” but that would suggest that the serches (and increased budget) should end at some point... Bob] for the country. The teams tasked with helping the winner of next week's presidential election transition into office also have been warned about the heightened chances of attack.

... No advance notice will be given, but just before inspections begin, Metro police will post signs alerting riders. [Oxymoronic? Bob]



I'll use the same argument the anti-gun registration lobby uses. If it is too much hassle to buy phones, crooks will just steal them – it is, after all, what they do for a living...

http://www.pogowasright.org/article.php?story=20081030063631248

NZ: Call to register prepaid cellphones 'an intrusion'

Thursday, October 30 2008 @ 06:36 AM EDT Contributed by: PrivacyNews

A call for prepaid cellphone customers to be registered to stop criminals using them has been labelled an unnecessary intrusion into people's lives.

Police yesterday called for the register because criminals often used prepaid phones, which can be bought without identification, because they believe they cannot be traced and can be disposed of easily.

But Auckland Council for Civil Liberties president Barry Wilson said the plan was over the top and could result in innocent people getting caught up unnecessarily in police inquiries.

Source - New Zealand Herald Thanks to Brian Honan for this link.



With the number of data breaches the UK government has had revently, I suspect they see the cost of a notification law as exceeding their defense budget!

http://www.pogowasright.org/article.php?story=20081030063443362

UK: Watchdog: 'No to US-style data laws'

Thursday, October 30 2008 @ 06:34 AM EDT Contributed by: PrivacyNews

US-style personal data breach notification is not a workable model for the UK, the UK's information watchdog told RSA delegates.

In a keynote address, Information Commissioner Richard Thomas said: “I am not convinced by legislation that requires companies to individually warn the public if their details have been compromised. The severity and circumstances of each breach merit a different response, and mandatory notification doesn't take this into account. It would be a significant additional burden for businesses, and could cause public 'breach fatigue'". [A letter a day would tend to make you cranky... Bob]

Source - SC Magazine Thanks to Brian Honan for this link.



http://www.pogowasright.org/article.php?story=20081030064011822

Schneier sticks it to surveillance

Thursday, October 30 2008 @ 06:40 AM EDT Contributed by: PrivacyNews

Security guru Bruce Schneier has challenged the view that privacy and security are at loggerheads, suggesting the real debate is between liberty and control.

Schneier, security technologist and CTO of BT Counterpane, made the comments during a keynote address at the RSA Conference in London on Tuesday. He sees ubiquitous surveillance and measures such as identity cards tipping the balance towards the state, describing them as stepping stones towards a future where checks become less obtrusive while simultaneously more all-encompassing.

Source - The Register Thanks to Brian Honan for this link.

[From the article:

"Identity checks will fade into the background," Schneier said. "At the moment there are CCTV cameras everywhere and you can see them. There are identity checks everywhere and you know it is happening. Five years ago these technologies weren't everywhere and in five years' time they won't be visible."



Tools & Techniques Hack like a terrorist. (TOR has been available for a while, but this is a good “optimizing” article)

http://digg.com/linux_unix/Ultimate_Security_Proxy_With_Tor

Ultimate Security Proxy With Tor

howtoforge.com — Nowadays,within the growing web 2.0 environment you may want to have some anonymity,and use other IP addresses than your own IP. Or, for some special purposes - a few IPs or more, frequently changed. So no one will be able to track you. A solution exists, and it is called Tor Project, or simply tor. Here's how to pull maximum out of it.

http://howtoforge.com/ultimate-security-proxy-with-tor



Tools & Techniques This could be useful for those “not very aggressive” websites you want to monitor...

http://www.killerstartups.com/Web-App-Tools/feedbeater-com-turn-any-url-into-a-rss-feed

FeedBeater.com - Turn Any URL Into A RSS Feed

http://www.feedbeater.com

The FeedBeater website serves one concise aim, namely enabling its users to turn any given URL into a RSS feed. This service is not only rendered in an entirely hassle-free manner, but it is also available at no cost.

Upon setting your browser to FeedBeater.com, you will be greeted with a box where you can type in or paste the URL of the site in question. Once this has been done, you simply click on the “Beat It!” button and then a RSS feed is generated instantly.

The site claims to produce clean and intelligent RSS feeds by identifying new content and applying a filter that leaves out any unimportant elements of the concerned site.

Further features include a FeedBeater bookmarklet that can be used to syndicate any page that you visit. This can be found under the “Widgets” heading, along with a script that will enable your site visitors to syndicate any page on your website.



Boy, dem Haavard guys is smart! But is dey right?

http://yro.slashdot.org/article.pl?sid=08/10/29/2144235&from=rss

RIAA Litigation May Be Unconstitutional

Posted by timothy on Wednesday October 29, @06:05PM from the what-about-ritchie-chaz-and-margot? Dept. The Courts The Almighty Buck United States

dtjohnson writes

"A Harvard law school professor has submitted arguments on behalf of Joel Tenenbaum in RIAA v. Tenenbaum in which Professor Charles Neeson claims that the underlying law that the RIAA uses is actually a criminal, rather than civil, statute and is therefore unconstitutional. According to this article, 'Neeson charges that the federal law is essentially a criminal statute in that it seeks to punish violators with minimum statutory penalties far in excess of actual damages. The market value of a song is 99 cents on iTunes; of seven songs, $6.93. Y et the statutory damages are a minimum of $750 per song, escalating to as much as $150,000 per song for infringement "committed willfully."' If the law is a criminal statute, Neeson then claims that it violates the 5th and 8th amendments and is therefore unconstitutional. Litigation will take a while but this may be the end for RIAA litigation, at least until they can persuade Congress to pass a new law."



It is always cheaper to do it right in the first place...

http://www.bespacific.com/mt/archives/019672.html

October 29, 2008

New on LLRX - E-Discovery Update: Pushing Back Against Hardcopy ESI Productions

E-Discovery Update: Pushing Back Against Hardcopy ESI Productions - Conrad J. Jacoby addresses how critical technology issues related to document authenticity and document-associated metadata have left fewer lawyers willing to accept e-mail messages and other electronic documents in print format. He argues that litigants choosing to produce electronically stored information in hardcopy format should be prepared to provide more complete electronic copies of their production, even when it isn’t initially requested by opposing counsel.

[From the article:

Sometimes, however, a second production of electronically stored information is both necessary and appropriate. A recent Kansas case, White v. Graceland College Center For Professional Development & Lifelong Learning, 2008 WL 3271924 (D. Kan. Aug. 7, 2008) provides step by step instruction in the steps that a dissatisfied requesting party can take to seek re-production of materials previously produced in a different format. While this opinion is far from the only authority on how a distressed party can seek this relief, the Court distilled guidance from a number of e-discovery opinions into an easily understood, plain-English discussion. Even without its citations, the opinion nicely demonstrates the preparation required to seek this relief.



Attention peasants! The King's proclamations will no longer be nailed to the village bulletin board!

http://www.bespacific.com/mt/archives/019681.html

October 29, 2008

Online News Readership Grows as Print News Shrinks or Disappears

As print media decline, so does the amount of available information, by David Carr, IHT: "It has been an especially rotten few days for people who type on deadline. [Because deadlines always occur after the news hits the Internet. Bob] Just Tuesday, The Christian Science Monitor announced that, after a century, it would cease publishing a weekday paper. Time Inc., the Olympian home of Time magazine, Fortune, People and Sports Illustrated, announced that it was cutting 600 jobs and reorganizing its staff. And Gannett, the largest newspaper publisher in the country, compounded the grimness by announcing it was laying off 10 percent of its work force - as many as 3,000 people...The paradox of all these announcements is that newspapers and magazines do not have an audience problem - newspaper Web sites are a vital source of news and growing - but they do have a consumer problem."


Related. This is very “niche market” journalism. Only a few geeks will be interested, so it is unlikely to every make the New York Times Book Review... Isn't having it availble a good thing?

Tools & Techniques for Reverse Engineering and Hacking

http://books.slashdot.org/article.pl?sid=08/10/29/1335225&from=rss

The IDA Pro Book

Posted by samzenpus on Wednesday October 29, @12:49PM from the read-all-about-it dept.

An anonymous reader writes

"After attending DEFCON in August and seeing the overwhelming interest in this book, I was eager to dive into The IDA Pro Book by Chris Eagle. Chris Eagle's team, School of Root, won the 'Capture the Flag' event at DEFCON this year and Chris gave a presentation on CollabREate, a tool that integrates with IDA Pro to allow collaboration in reverse engineering (RE). All of that — together with the fact that the book sold out — screamed that this book should quickly make it to the top of my list."

Read below for the rest of Ryan's review.



Is that so? (Best I can do with only two cups of coffee...)

http://www.bespacific.com/mt/archives/019673.html

October 29, 2008

New on LLRX - Leadership & The Role Of Information: Making The Creatively Informed Questioner

Leadership & The Role Of Information: Making The Creatively Informed Questioner - Stuart Basefsky supports the concept that the quintessential leader is an informed leader. However, effectively communicating and leveraging the power of information, in leadership roles, is subject to a range of interpretations that he discusses in this forward thinking series.

[From the article:

Common to the best leaders, however, is one distinguishing factor - the ability to use information creatively in raising questions. It is this ability to raise relevant, provocative, insightful, and often path-finding questions that separates true leaders from those who may be occupying a leadership position



Oh boy! Legal PowerPoints!

http://www.bespacific.com/mt/archives/019675.html

October 29, 2008

United Nations Office of Legal Affairs Launches Audiovisual Library of International Law

The United Nations Office of Legal Affairs launched the Audiovisual Library of International Law. [Lorraine Pellicano Waitman]

  • "The Audiovisual Library is a unique, multimedia resource which provides the United Nations with the unprecedented capacity to provide high quality international law training and research materials to an unlimited number of recipients on a global level. The Audiovisual Library consists of three pillars: (1) the Historic Archives containing documents and audiovisual materials relating to the negotiation and adoption of significant legal instruments under the auspices of the United Nations and related agencies since 1945; (2) the Lecture Series featuring a permanent collection of lectures on virtually every subject of international law given by leading international law scholars and practitioners from different countries and legal systems; and (3) the Research Library providing an on-line international law library with links to treaties, jurisprudence, publications and documents, scholarly writings and research guides. The Audiovisual Library is available to all individuals and institutions around the world for free via the Internet."

No comments: