Friday, September 19, 2008

Think this will attract more or less press coverage than the Governor's?

http://www.pogowasright.org/article.php?story=20080920050543372

Wikileaks posts Bill O'Reilly Web site data

Saturday, September 20 2008 @ 05:05 AM EDT Contributed by: PrivacyNews

Just days after publishing U.S. vice presidential candidate Sarah Palin's personal email messages, the Wikileaks Web site has published data about members who signed up for a section of Fox Television host Bill O'Reilly's Web site.

Hackers were able to obtain a list of Billoreilly.com premium members, including email addresses, site passwords and the city and state where they live. Some of the information was published Friday on Wikileaks.com, which has been under fire from conservative commentators, including O'Reilly, for publishing Palin's messages.

... A link to the full membership list has been published on a little-known political discussion Web site, which reported that rather than seizing control of O'Reilly's site, hackers were able to get the information from an unencrypted Web page that did not require a login. The list includes information about 205 people who signed into the O'Reilly site during the previous 72-hour period.

Source - Computerworld



Bad law or bad lawyers?

http://techdirt.com/articles/20080917/0245292290.shtml

Judge Says School Can Suspend Student For Fake MySpace Page Of Principal

from the questionable-reading-of-the-legal-tea-leaves dept

Just about a month ago we wrote about a principal losing a lawsuit against some students for posting a fake MySpace page pretending to be the principal. However, in a different case, a court has ruled that a school has every right to suspend students for creating a fake MySpace page of a principal. The two cases are different in a few ways, as the first one involved the principal suing the student, rather than just suspending the student. That said, the ruling by the court in this case seems problematic, and I'd be surprised if it was upheld on appeal (assuming the student appeals). The Supreme Court's famous Tinker v. Des Moines case established the precedent that schools can't punish students for protected free speech -- especially if that speech takes place off of the school campus. The court said that other Supreme Court rulings applied over Tinker, but both of the cases it cites in support involve disruptive actions at school events. A MySpace page created at home doesn't seem to qualify. Either way, if the principal's intent was to get the pages hidden so people didn't talk about them, this resulting lawsuit seems to have created the opposite situation. [No indication in the articles that the web site was taken down. Bob]



I believe this is the proper (best) way to handle a dysfunctional organization – kill it, before it spreads.

http://news.cnet.com/8301-1023_3-10047014-93.html?part=rss&subj=news&tag=2547-1_3-0-5

Google to close Arizona office

Posted by Elinor Mills September 19, 2008 4:22 PM PDT

Google will be shuttering its Arizona office on November 21, the company announced on Friday.

"We've found that despite everyone's best efforts, the projects our engineers have been working on in Arizona have been, and remain, highly fragmented," Alan Eustace, senior vice president of engineering and research, wrote in a post on the Official Google Blog. "So after a lot of soul searching we have decided to incorporate work on these projects into teams elsewhere at Google."

The office opened in 2006 on the campus of Arizona State University in Tempe, just south of Phoenix.

The closure is the latest of several: the company announced plans in July to close offices in Denver and Dallas.



This is new. We'll have to see if it turns into a useful resource. These seem fairly trivial...

http://www.pogowasright.org/article.php?story=20080919152413803

Cybercrime in the federal courts this week

Friday, September 19 2008 @ 03:24 PM EDT Contributed by: PrivacyNews

Threat Level has started a weekly roundup of computer crime cases in the courts. In addition to the Citibank breach reported in another post, here are some other breaches they reported this week.

Two employees of an unnamed investment company in Indianapolis are accused of grabbing customer information like names, addresses, Social Security numbers and dates-of-birth from their employer's computers, and passing it to a boyfriend who then got others to fill out credit card applications using the information.. There were 129 victims in that scam, with 581 people having their info stolen.

Two Chicago temp workers at the investment management firm Computershare supposedly used their inside access to dump over $700,000 from 67 trading accounts, routing at least some of the cash-out checks to themselves.

A Miami man was indicted last week for allegedly setting up online bank accounts for Washington Mutual customers and transferring a few thousand dollars from their home equity credit accounts.

A Tennessee man was charged with reprogramming blank credit cards with stolen Discover card data. He didn't work at a bank, though the Secret Service did find an ATM in his house.

For more details, see Threat Level



Some detailed crime statistics, including the spreadsheets.

http://www.bespacific.com/mt/archives/019364.html

September 19, 2008

Bureau of Justice Statistics: Cybercrime Against Businesses, 2005

Cybercrime against Businesses, 2005: "Presents the nature and prevalence of computer security incidents among 7,818 businesses in 2005. This is the first report to provide data on monetary loss and system downtime resulting from cyber incidents. It examines details on types of offenders, reporting of incidents to law enforcement, reasons for not reporting incidents, types of systems affected, and the most common security vulnerabilities. The report also compares in-house security to outsourced security in terms of prevalence of cyber attacks. Appendix tables include industry-level findings."



Better research through technology?

http://www.killerstartups.com/Search/cognition-com-semantic-searches

Cognition.com - Semantic Searches

http://www.cognition.com

There are many companies looking to tap into the many possibilities of semantic searches. If you’re looking to see what it can do for your web searches, then take a look at this site, Cognition.com. On it, you’ll be able to learn about the many advantages of semantic searches and even try it out by yourself. It’s amazing to see how accurate it is when searching through legal records.

... If they manage to get the whole web indexed, this search system will make Google’s look like a toddler programmed it. In short, if you want to see what the future of searching could look like, then you have to give this site a try.



About 25 years ago I heard Grace Hopper explain why COBOL (which she helped create) should be abandoned for more modern languages. Why do we never listen?

http://developers.slashdot.org/article.pl?sid=08/09/19/2035223&from=rss

Don't Count Cobol Out

Posted by ScuttleMonkey on Friday September 19, @06:25PM from the great-disturbance-in-the-force dept. Programming IT

Hugh Pickens writes

"Although Turing Award-winning computer scientist Edsger Dijkstra once said, 'the use of Cobol cripples the mind; its teaching should, therefore, be regarded as a criminal offense,' Michael Swaine has an interesting entry to Dr. Dobb's Journal asserting that Cobol is the most widely used language in the 21st century, critical to some of the hottest areas of software development today, and may be the next language you'll be learning. In 1997, the Gartner Group estimated that there were 240 billion lines of Cobol code in active apps, and billions of lines of new Cobol code are being written every year. Cobol is a key element in the realization of modern distributed business software architecture concepts — XML/metadata, Web Services, Service Oriented Architecture — and e-business."

Is the Czech Republic the first line of defense in Texas?

http://www.pogowasright.org/article.php?story=20080918133143382

Hacked Texas National Guard site serves up malware

Thursday, September 18 2008 @ 01:31 PM EDT Contributed by: PrivacyNews

Attackers have hacked the Web site of the Texas National Guard and are using it to serve up offers of fake security software and plant rootkits on unpatched PCs, a security researcher said today.

The National Guard's site was hacked sometime before yesterday, [Translation: We don't know when it was hacked. Bob] said Roger Thompson, the chief research officer of Czech Republic-based security vendor AVG Technologies Cz SRO. Thompson confirmed Thursday that the site was still pushing phony antispyware software and infecting users with a rootkit.

Source - Computerworld



First “entire country” breach?

http://www.pogowasright.org/article.php?story=20080918163037449

Norway sends entire citizenry's ID info to media

Thursday, September 18 2008 @ 04:30 PM EDT
Contributed by: PrivacyNews

Norway's national tax office erroneously sent CD-ROMs crammed with the 2006 tax returns of nearly four million people living in Norway to national newspapers, radios and tv stations, news agency AFP reports.

Although tax statements have been open to public scrutiny in Norway since 1863, the social security number of each citizen remains highly confidential.

According to the tax authorities, the documents can only be opened by using a secret code [Sounds like a password to me. Bob] and so damage may be limited. Norwegian Finance Minister Kristin Halvorsen described the glitch nonetheless as "extremely serious".

Source - The Register Thanks to Brian Honan for this link.


Related? Looks like the number of breach reports will grow!

http://www.pogowasright.org/article.php?story=20080918091525202

European companies forced to own up to data losses

Thursday, September 18 2008 @ 09:15 AM EDT Contributed by: PrivacyNews

European companies will be forced to tell customers if their personal data has been lost or stolen, as part of a new EC directive.

The data breach notification provision is part of the ePrivacy Directive that is currently being debated by the EU.

However, speaking to journalists in London, MEP Malcolm Harbour said he was confident that the data breach legislation will be approved.

"It will be mandatory for service providers to disclose to customers if their personal data has been breached," he claimed.

Source - PC Pro

[From the article:

It wouldn't include incidents such as the Government's infamous HMRC disc fiasco, however, which saw the personal details of 25 million child benefit claimants go astray.



A hack in the Cloud. Was the Alaska email server too hard to crack? (or was Yahoo too easy?)

http://www.pogowasright.org/article.php?story=2008091819420677

DOJ View on Email Privacy May Hamper Prosecution of Palin Hackers

Thursday, September 18 2008 @ 07:42 PM EDT Contributed by: PrivacyNews

On Wednesday, some hackers apparently obtained unauthorized access to Gov. Sarah Palin's Yahoo! email account by posing as Gov. Palin [Social Engineering? Bob] and getting a new password (Michelle Malkin and Wired News have details). Yesterday we noted that, based on the facts in newspaper reporting, a court would likely consider this a violation of the Stored Communications Act (SCA).

However, the Department of Justice may be hamstrung in any prosecution of this invasion of privacy by its restrictive view of "electronic storage." The SCA prohibits unauthorized "access to a wire or electronic communication while it is in electronic storage." The act defines "electronic storage" as "any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission thereof," or in the alternative as "any storage of such communication by an electronic communication service for purposes of backup protection of such communication."

Source - EFF

[From the article:

The DOJ, however, strongly disagrees with Theofel. According to its Prosecuting Computer Crimes Manual, the DOJ "continues to question whether Theofel was correctly decided, since little reason exists for treating old email differently than other material a user may choose to store on a network." [Somehow I think they'll reconsider. Bob]

[Related:

http://www.mercurynews.com/breakingnews/ci_10501205?nclick_check=1

http://washingtontimes.com/news/2008/sep/19/hacker-wanted-to-derail-palin/



Measuring the greatest shift in phone useage since the Princess phone... For those of you too young to remember that, see http://en.wikipedia.org/wiki/Princess_telephone

http://www.bespacific.com/mt/archives/019354.html

September 18, 2008

"Use of wireless services is increasingly a necessary and integral part of our everyday lives"

Teenagers: A Generation Unplugged - A National Survey by CTIA–The Wireless Association® and Harris Interactive: "As the wireless industry celebrates the upcoming 25th anniversary of the first commercial cell phone call (October 13, 1983), this in-depth online study of more than 2,000 teenagers around the nation sheds new light on how today’s teens feel about wireless products and services, how they are using them today and most importantly, how they would like to use them in the future. A growing wireless segment, teens view their cell phones as more than just an accessory."

  • See also Remarks of Jonathan S. Adelstein, Commissioner, Federal Communications Commission, A View on Today’s Most Pressing Wireless Issues, The Fifth Annual Conference on Spectrum Management Law Seminars International, Arlington, VA, September 18, 2008



Interesting that restrictions apply only in the Journalism class. Vive la free press!

http://techdirt.com/articles/20080918/0244482305.shtml

Should You Live Blog/Twitter A College Class?

from the questions-of-a-new-age dept

It's quite common these days for people to "live blog" or "live Twitter" different conferences or events they're attending, filling in others what's happening in near real time. However, what happens when someone does that in a college class? Already, there are some professors struggling with the fact that students use the internet during class, but they're not at all happy about the idea that they might not just be using the internet to surf around -- but to report to others what's happening inside the classroom. The issue is discussed in detail by Mark Glaser in his latest MediaShift column after an NYU professor told her students to stop blogging or Twittering things about her class.

The controversy apparently began when a student in the class actually wrote a guest "embedded" column for MediaShift a few weeks ago, complaining that NYU's journalism school wasn't up-to-date on teaching students about social media and the new tools of journalism. The professor in the class she talked about wasn't particularly happy about the article, which was then discussed in the class itself (very meta). According to students in the class (and the author of the original piece), the professor made it clear that they were no longer to blog, text or Twitter about the class, or to quote the professor without permission. Considering the class itself is called “Reporting Gen Y," that seemed like an odd restriction.

The professor differs on what she told the students, saying that she only meant they couldn't blog or Twitter during the class, but were free to afterwards. However, she stood by the comment that she shouldn't be quoted without permission. Glaser investigates the legality of this, and how it fits with NYU's journalism standards. That said, it is a little odd that it's perfectly fine to quote or blog about conferences or other events, but once you're in the classroom, a cloak of silence is expected. To some extent, this sounds like it may just be a generational issue. Perhaps it's the actual Gen Y'ers who should be teaching the class on Reporting Gen Y.



Proof that only Bob Barr (who?) is ready to lead the country!

http://news.slashdot.org/article.pl?sid=08/09/19/0116219&from=rss

Barr Sues Over McCain's, Obama's Presence on Texas Ballot

Posted by timothy on Thursday September 18, @10:03PM from the try-getting-the-signatures-for-a-3d-party-in-pennsylvania dept. The Courts Politics

corbettw writes

"Bob Barr, the Libertarian Party's nominee for president, has filed a lawsuit in Texas demanding Senators John McCain and Barack Obama be removed from the ballot after they missed the official filing deadline."



We gotta do something immediately!” v. “What's the best way to solve this problem?”

http://techdirt.com/articles/20080918/0218462303.shtml

People Finally Realizing That SMS Isn't Good For Emergency Alerts

from the about-time dept

Only two years or so after we questioned why anyone would seriously consider the notoriously unreliable SMS text messaging system for emergency alerts, the mobile trade group 3G Americas has released a research report stating the same thing. Basically, the system isn't reliable or efficient, and in an emergency is likely to get overloaded quickly. It's not clear why it took anyone until now to notice this, but hopefully no one was seriously considering using SMS for emergency alerts.



This probably is good for emergency alerts either, but it could be amusing.

http://www.killerstartups.com/Web-App-Tools/hazelmail-com-let-hazel-mail-it

HazelMail.com - Let Hazel Mail It

http://www.hazelmail.com

With the site, you’ll be able to upload your pictures, turn them into postcards, and have them mailed to anyone around the world.

... For the slower people in the class, you’re sending actual postcards.

... The site can be viewed in many different languages, making for this a most interesting postcard experience and service.



Geeky stuff. Who cares about the article, but the timeline tool is very slick!

http://blog.wired.com/underwire/2008/09/track-the-life.html

Internet Memes Time Line Goes Viral

By Jenna Wortham September 18, 2008 | 5:24:00 PM

An interactive time line tracking the internet's most-popular memes has itself become a viral hit.

The Internet Memes time line, created using web service Dipity, charts hundreds of web phenomena that have captured surfers' imaginations over the years.



Another reason to beat your underperforming child...

http://hardware.slashdot.org/article.pl?sid=08/09/18/177238&from=rss

7th-Grader Designs Three Dimensional Solar Cell

Posted by timothy on Thursday September 18, @01:54PM from the lucky-guess dept. Power Education Science Technology

Hugh Pickens writes

"12-year-old William Yuan's invention of a highly-efficient, three-dimensional nanotube solar cell for visible and ultraviolet light has won him an award and a $25,000 scholarship from the Davidson Institute for Talent Development. 'Current solar cells are flat and can only absorb visible light'" Yuan said. 'I came up with an innovative solar cell that absorbs both visible and UV light. My project focused on finding the optimum solar cell to further increase the light absorption and efficiency and design a nanotube for light-electricity conversion efficiency.' Solar panels with his 3D cells would provide 500 times more light absorption than commercially-available solar cells and nine times more than cutting-edge 3D solar cells. 'My next step is to talk to manufacturers to see if they will build a working prototype,' Yuan said. "If the design works in a real test stage, I want to find a company to manufacture and market it.""

Thursday, September 18, 2008

Let me guess, her password was “HockeyMom?' Is this a planned leak to show that she (unlike her running mate) is computer literate?

http://www.pogowasright.org/article.php?story=20080917112638893

Group Posts E-mail Hacked from Palin Account

Wednesday, September 17 2008 @ 11:26 AM EDT Contributed by: PrivacyNews

The activist group known as Anonymous, which earlier took on Scientology, has published screenshots of e-mail messages and images that it says came from a private e-mail account belonging to Governor Sarah Palin at gov.palin@yahoo.com. The data has been published by WikiLeaks.

Threat Level has confirmed the authenticity of at least one of the e-mails.

Source - Threat Level blog


Related

http://www.pogowasright.org/article.php?story=20080918052543426

Hackers break into Sarah Palin's e-mail account

Thursday, September 18 2008 @ 05:25 AM EDT Contributed by: PrivacyNews

Hackers broke into the Yahoo! e-mail account that Republican vice presidential candidate Sarah Palin used for official business as Alaska's governor, revealing as evidence a few inconsequential personal messages she has received since John McCain selected her as his running mate.

"This is a shocking invasion of the governor's privacy and a violation of law. The matter has been turned over to the appropriate authorities and we hope that anyone in possession of these e-mails will destroy them," the McCain campaign said in a statement.

The Secret Service contacted The Associated Press on Wednesday and asked for copies of the leaked e-mails, which circulated widely on the Internet. The AP did not comply. [The FBI should hire someone who knows how to access the Internet! Bob]

Source - Breitbart.com

[From the article:

Her husband used "fek9wnr" in his address. "Fe" is the representation for iron, and "k9" is an abbreviation for canine. Todd Palin was the winner of the grueling Iron Dog snowmobile race, and "fek9wnr" also is Todd Palin's vehicle license tag in Alaska.



Was TJX just the tip of the iceberg or is this a new contender for “top honors?”

http://www.pogowasright.org/article.php?story=20080917185326833

Has Another Major Retailer Security Breach Occurred?

Wednesday, September 17 2008 @ 06:53 PM EDT Contributed by: PrivacyNews

The Consumerist blog is reporting that they've been receiving inquiries from readers about an unnamed merchant breach that has led to replacement of Citibank cards. One customer service rep reportedly told a customer that this involved a hack and could be as big as the TJX breach.

So what is this breach and is it related to the an earlier report we posted that AmEx was also replacing cards due to a breach at an unnamed merchant?

The timing of all this is interesting and I wonder if the sudden flurry of card replacements is a result of the government notifying even more businesses that they had been hacked by the ring involved in the TJX breach. I guess we'll just have to wait until more is revealed.

It really would be so much easier to report the news if the news contained actual .... um... details.

[From the article:

...when I asked customer service who the merchant was who may have been compromised, she said she did not have that information, but that it came straight from Visa and Mastercard and that it happened in the last 6-8 months.



I often wondered what all those state employees did all day.

http://www.pogowasright.org/article.php?story=20080917111907933

Trojan horse captured data on 2,300 Oregon taxpayers from infected gov't PC

Wednesday, September 17 2008 @ 11:19 AM EDT Contributed by: PrivacyNews

The Oregon Department of Revenue has been contacting some 2,300 taxpayers this week to notify them that their names, addresses or Social Security numbers may have been stolen by a Trojan horse program downloaded accidentally by a former worker who was surfing pornographic sites while at work in January.

Source - Computerworld

[From the article:

Internet usage is monitored on a random basis for all 1,000 of the agency's employees, Hardin said, but workers at that time were allowed to conduct personal Web business, such as checking their banking or personal e-mail accounts, during lunch and other breaks. Since the incident, however, workers are no longer permitted to conduct any personal business on agency computers while at work. "We've changed our policy for now to prohibit personal use because we want to minimize the risk of this ever happening again." [Is this the best solution? Will it employees simply use their handheld devices instead? Bob]



How to forecast the cost of a security breach... (The spreadsheet is getting bigger every day.)

http://www.pogowasright.org/article.php?story=20080918053216935

Surviving an FTC Investigation After a Data Breach

Thursday, September 18 2008 @ 05:32 AM EDT Contributed by: PrivacyNews

Most large companies have likely experienced numerous information security incidents in the recent past. Given the high number of state security breach notification laws, incidents requiring notification have become relatively commonplace. These incidents range from the most innocuous to the most malicious - from a simple theft of an employee's laptop or a vendor's loss of backup tapes to a rogue employee stealing customer credit card data, a phishing attempt or a large-scale system intrusion.

[...]

When a company notifies affected individuals of a security breach, the information quickly becomes public. Security breaches garner not only the attention of the media, but also the attention of the consumer advocacy community. Since 2005, the Privacy Rights Clearinghouse, a nonprofit consumer advocacy organization, has maintained a publicly available Web site containing a chronology of reported security breaches. See http://www.privacyrights.org/ar/ChronDataBreaches.htm (last visited Aug. 19, 2008).

The chronology currently provides details on more than 1,000 breaches impacting more than 236 million records containing sensitive personal information. Given the publicity, it should come as no surprise that a byproduct of the notification requirement is increased awareness by regulators at both the state and federal levels. Most prominently, this has resulted in increased investigatory activity by the FTC.

Source - New York Law Journal

Comment: so sites such as this one are helping. Good! -- Dissent

[From the article:

Between 1999 and 2005, FTC enforcement in the privacy and information security arena focused primarily on the "deceptiveness" prong of §5. A "deceptive" trade practice in the privacy context typically involves inaccurate or untrue representations to the public regarding a company's information practices. In practice, these representations are made in Web site privacy notices, which California law requires many companies to post. [So what should/shouldn't you say? Might make a good Journal article... Bob]

... Starting in 2005, the FTC began to expand its jurisdiction in the privacy and information security context by focusing on information security breaches using the "unfairness" prong of §5.

... From beginning to end, an FTC investigation and enforcement action against a company as a result of a data security incident can take over two years and cost the target company millions of dollars in legal and consulting fees. Once the initial process is complete, the FTC often imposes obligations on target companies that last decades into the future.



Perhaps some rules/guidelines can be gleened from these?

http://www.pogowasright.org/article.php?story=20080918051453508

Ca: Privacy Commissioner's Findings

Thursday, September 18 2008 @ 05:14 AM EDT Contributed by: PrivacyNews

The Privacy Commissioner has published opinions in the following cases:



The Evolution of Surveillance: Why do we need a nation-wide tracking system? Because the UK has one?

http://yro.slashdot.org/article.pl?sid=08/09/17/1622223&from=rss

National Car Tracking System Proposed For US

Posted by timothy on Wednesday September 17, @12:56PM from the arrogance-of-power dept. Privacy Transportation United States

bl968 writes

"The Newspaper is reporting that the leading private traffic enforcement camera vendors are seeking to establish a national vehicle tracking system in the United States using existing red-light and speed enforcement cameras. The system would utilize Automatic Number Plate Recognition (ANPR) to track vehicles passing surveillance cameras operated by these companies. If there are cameras positioned correctly the company will enable images and video to be taken of the driver and passengers. The nice thing in their view is that absolutely no warrants are needed. To gain public acceptance, the surveillance program is being initially sold as an aid for police looking to solve Amber Alert cases and locate stolen cars."


Related One way or another, Big Brother will know where you are... (Whatever you do, don't take a hammer to your license, that could render the RFID tag inoperable.)

http://yro.slashdot.org/article.pl?sid=08/09/17/1753202&from=rss

New York Issues RFID-Encoded Drivers Licenses

Posted by kdawson on Wednesday September 17, @03:22PM from the tinfoil-hats-are-extra dept.

JagsLive passes along the intelligence that New York has become the second state to issue drivers licenses with RFID tags (Washington was the first). The new "enhanced drivers licenses" cost $30 more than the old ones. They can be used instead of a passport for entry into the US by land or sea (not air) from Canada, Mexico, and the Caribbean. Authorities say no personal information will be stored or transmitted by the chip, only an ID number that will be meaningless to anyone but DHS. Citizens of New York who prefer not to carry an identifying RFID chip can still get an old-style license. [I bet this won't be mentioned when you renew your license. Bob]


Related? (I was tipped to this by a student) I forsee a future where this is standard equipment in patrol cars (drive-by brain scanning) and anyone registering “guilty” can be arrested and held until they figure out what they are guilty of...

http://www.newscientist.com/channel/opinion/mg19926742.500-commentary-misuse-of-science-is-a-threat-to-civil-liberties.html

Commentary: Misuse of science is a threat to civil liberties

17 September 2008 A. C. Grayling Magazine issue 2674

IN JULY this year, The Times of India triumphantly announced that two people had been found guilty of murder, based largely on evidence provided by a brain-scanning technique known as brain electrical oscillations signature (BEOS) profiling. According to the report, the state police of Maharashtra "can now bank on a forensic tool to achieve speedy convictions".

I choose the following words carefully: the utter irresponsibility involved here, and its attendant outrage of justice, is staggering. It is yet another example of how technology is increasingly misapplied and abused, and represents a major threat to civil liberties.

BEOS profiling is a hopelessly crude procedure piggy-backing on sophisticated brain scanning techniques which reveal the involvement of regions of the brain in emotion, movement, memory and other functions. It involves an electroencephalogram combined with a word association test.



Another instance of retaliation against someone who points out government mis-deeds?

http://yro.slashdot.org/article.pl?sid=08/09/17/1830230&from=rss

Bavarian Police Seeking Skype Trojan Informant

Posted by kdawson on Wednesday September 17, @04:09PM from the heavy-hand dept. Privacy Government

Andreaskem writes

"Bavarian police searched the home of the spokesman for the German Pirate Party (Piratenpartei Deutschland) looking for an informant who leaked information about a government Trojan used to eavesdrop on Skype conversations. (The link is a Google translation of the German original.) There is a high probability that the Trojan is used illegally. A criminal law specialist said, 'The Bavarian authorities worked on the Trojan without a legitimate basis and now try to silence critics.' The informant need not worry since 'every information that could be used to identify him' is protected against unauthorized access by strong encryption. The Trojan is supposedly capable of eavesdropping on Skype conversations and obtaining technical details of the Skype client being used. It is deployed by e-mail or in place by the police. A Pirate Party spokesman said, 'Some of our officials seem to want to install the Big Brother state without the knowledge of the public.'"



Apple is gonna freak! ($155 for the dongle)

http://digg.com/apple/Review_EFiX_Dongle_Perfectly_Transforms_PC_to_Mac

Review: EFiX Dongle Perfectly Transforms PC to Mac

gizmodo.com — When we first heard about EFiX —a simple USB dongle that'll let you magically install Leopard on your PC—it sounded too fantastic to be true. Well, I used it to turn my gaming PC into a Mac Pro over the weekend, and I'm somewhat amazed to say this, but it works perfectly.

http://gizmodo.com/5049756/review-efix-dongle-perfectly-transforms-pc-to-mac



First the politicians, eventually everything? (and probably downloadable so you can search all those video depositions...)

http://www.killerstartups.com/Video-Music-Photo/labs-google-com-gaudi-find-video-audio

Labs.Google.com/Gaudi - Find Video Audio

http://labs.google.com/gaudi

Searching through what’s said on videos might sound a little too much like science fiction, but the folks from Google once again prove everything is possible. With this new service, you’ll be able to search for specific audio clips from various channels of YouTube videos. For example, say you want to find a specific part of a Martin Luther King Jr. speech. Just type out some of the words and you’ll be directed to that part of the video, where he says what you want to hear.

This technology is amazing, and when it grows it’s going to add great value to Google’s already powerful search service. The internet is quickly growing towards a more video-oriented scheme, and this site will allow you to search through it. While it’s a little limited as of now, it’s sure to grow into something truly amazing. If you were disappointed with Chrome, don’t lose faith in the folks from Google yet, they just seem to come up with new (and better) ideas all the time.



Geeks got value? No, just the hardware... Gives you some idea why companies are looking at Outsourcing or Cloud Computing...

http://news.slashdot.org/article.pl?sid=08/09/17/1724247&from=rss

Data Centers Crucial To Lehman Sale

Posted by kdawson on Wednesday September 17, @01:45PM from the gilt-edged dept. The Almighty Buck Data Storage

miller60 writes

"What assets retain value in the midst of a financial panic? Data centers. When assets of bankrupt Lehman Brothers were sold to Barclays Tuesday for $1.75 billion, Lehman's data centers and headquarters accounted for $1.5 billion of the value in the deal. That echoes the JPMorgan-Bear Stearns fire sale, in which Bear's two data centers and HQ represented much of the sale price. Amidst financial turmoil, Wall Street's high-tech data centers become the crown jewels for buyers of distressed assets."



I want one! (maybe two...)

http://www.infoworld.com/article/08/09/17/HP_applies_Google_model_to_new_storage_system_1.html?source=rss&url=http://www.infoworld.com/article/08/09/17/HP_applies_Google_model_to_new_storage_system_1.html

HP applies Google model to new storage system

Hewlett-Packard's ExDS storage system is an online content repository that will cost less than $2 per gigabyte or $2,000 per terabyte

By Mikael Ricknäs, IDG News Service September 17, 2008

Hewlett-Packard is getting ready to launch the ExDS storage system, which will use up to 820 1TB drives for file-based storage, packaged in two 42U cabinets.



Increasingly more common.

http://news.slashdot.org/article.pl?sid=08/09/17/228227&from=rss

Stanford To Offer Free CS and Robotics Courses

Posted by samzenpus on Wednesday September 17, @10:15PM from the now-everyone-will-know dept. Education Robotics

DeviceGuru writes

"Stanford University will soon begin offering a series of 10 free, online computer science and electrical engineering courses. Initial courses will provide an introduction to computer science and an introduction to field of robotics, among other topics. The courses, offered under the auspices of Stanford Engineering Everywhere (SEE), are nearly identical to standard courses offered to registered Stanford students and will comprise downloadable video lectures, handouts, assignments, exams, and transcripts. And get this: all the courses' materials are being released under the Attribution-Noncommercial-Share Alike 3.0 Unported license."



Now this is interesting.

http://www.killerstartups.com/Social-Networking/academia-edu-where-scholars-meet

Academia.edu - Where Scholars Meet

http://www.academia.edu

If you’re looking for a way to get in touch with your academic peers, then Academia.edu is a site you’ll find most interesting. Through this site, you’ll be able to use the many advantages of social networking to allow academics from universities around the world to create profiles and make connections with their peers. It’s a very useful tool, as it will allow universities to find qualified individuals to dictate some courses or lectures. There was a need for a site like this, were college faculty could gather and find out more about their peers from other campuses.

It’s also a great way for people who are doing research to find someone who might be involved in the same field, allowing for quicker data gathering. If you’re associated with the academic world, then you must try this out, as you are sure to find some of your peers already on it. The linking feature is amazing, with its tree-like feel, that makes it easier to see who’s associated with who.



Our favorite nut cases strike again? Someone should find a way to replace these lame-brains...

http://blog.wired.com/27bstroke6/2008/09/riaa-decries-at.html

RIAA Decries Attorney-Blogger as 'Vexatious' Litigator

By David Kravets September 17, 2008 | 6:47:01 PM

Beckerblog The Recording Industry Association of America is declaring attorney-blogger Ray Beckerman a "vexatious" litigator and is seeking unspecified monetary sanctions to punish him in his defense of a New York woman accused of making copyrighted music available on the Kazaa file sharing system.

... Readers should note the cover sheet (.pdf) of the court filing lists Richard Gabriel as the RIAA's lead counsel. Gabriel was named a Colorado judge in May and no longer works on behalf of the RIAA. [Us is gud lawyers! We just used that page because the Copyright hasn't expired. Bob]


Related Replacing lame-brains with a computer! (“We don't need no stinking lawyers!”) Is this computer practicing law without a license?

http://techdirt.com/articles/20080916/1827252285.shtml

Company Wants To Patent Automated Pay-Up-Or-We-Sue Pre-Settlement Letters For File Sharing

from the by-a-cigarette-company? dept

Well, well, well. The latest story about a "solution" to the "problem" of piracy has an interesting twist to it. A company named Nexicon, claims that it's about to launch an automated piracy tracker/payment collector. It says that it's able to watch various file sharing systems, tracking who's sharing and downloading unauthorized files -- and then sends them an automated letter demanding they pay up, including a "convenient" one-click payment system where you can settle up via your credit card or PayPal. Even better, the company claims that it's trying to patent this method, which is hardly new or unique (and, you have to wonder if Nexicon is paying Amazon a license for using "one-click" payments -- as the company even seems to brag that it copied Amazon's one-click solution).

There are plenty of questions raised by this. First, if it's actually put into use as described, it would be the first time we see the industry attempting to target downloaders as opposed to uploaders. All of the various lawsuits and pre-settlement letters have always targeted those who share the unauthorized content. But the article claims this will go after downloaders (though, it's not entirely clear how they'll know who actually downloads the file). Then, of course, there's the whole extortion question of demanding payment to avoid a lawsuit -- especially when the actual evidence may be rather flimsy.

As for the patent application (which a casual search did not turn up), it's hard to see how copying the same strategy that's been used for years by the recording industry, merged with the already-questionably-patented Amazon 1-click method is somehow patentable.

Oh yeah, there are also some questions about Nexicon itself. Just last week the company announced a deal with YouTube to provide some audio fingerprinting technology -- at which point Wired pointed out the rather bizarre history of Nexicon. It started out as an online cigarette seller, that got sued for taking orders from kids, falsely advertising cigarettes as being tax-free and then (not surprisingly) failing to report taxes. Then there were the problems with the SEC over not filing its tax returns on time as well as questionable activities in some sort of reverse stock swap merger. Oh, and did we mention at one point the company was going to be a portal? These are the folks who are going to be popping up automated messages demanding you pay up for downloading a Frank Zappa tune?



A easy program to write: Did his lips move?

http://tech.slashdot.org/article.pl?sid=08/09/18/0332218&from=rss

Software Spots Spin In Political Speeches

Posted by samzenpus on Thursday September 18, @07:57AM from the liars-and-filthy-liars dept. Software Politics

T.S. Ackerman writes

"According to an article in NewScientst Tech, there is now software that can identify the amount of spin in a politician or candidate's speech. From the article, 'Blink and you would have missed it. The expression of disgust on former US president Bill Clinton's face during his speech to the Democratic National Convention as he says "Obama" lasts for just a fraction of a second. But to Paul Ekman it was glaringly obvious. "Given that he probably feels jilted that his wife Hillary didn't get the nomination, I would have to say that the entire speech was actually given very gracefully," says Ekman, who has studied people's facial expressions and how they relate to what they are thinking for over 40 years.' The article goes on to analyze the amount of spin in each of the candidates running for president, and the results are that Obama spins the most." [“I have not yet begun to spin” John McCain]

Wednesday, September 17, 2008

The article doesn't answer the questions, “Why was the data on a flash drive?” and “Why was the flash drive abandoned where a student could 'borrow' it?”

http://www.newschannel5.com/Global/story.asp?S=9013147

TSU Recovers Missing Student Data

Posted: Sep 15, 2008 03:21 PM

NASHVILLE, Tenn. - Private financial information that was missing last week has been recovered, said Tennessee State University President Melvin Johnson.

... The information, which included Social Security numbers, was downloaded by a financial aid counselor onto the flash drive.

He said the drive had been taken from the school forum last week by a student who used it to save a paper.



On the face of it, this seems a good way to avoid paying for most of the victims. (The data lost is test records for high school students.)

http://www.pogowasright.org/article.php?story=2008091611401778

Princeton Review offers credit monitoring for adult students (follow-up)

Tuesday, September 16 2008 @ 11:40 AM EDT Contributed by: PrivacyNews

The Princeton Review is offering students over the age of 18 a free credit monitoring service because of its accidental release of student records on the Internet.

Last month, the company revealed that it accidentally posted the names of about 34,000 students and their school identification numbers – in some cases the same as their Social Security numbers.

The data also included their birthday, gender, ethnicity, whether or not they have a disability and their level on the Florida Comprehensive Assessment Test. There are about 38,500 students in the Sarasota school district.

Source - Herald Tribune



Are we getting serious or is this simply another “we did something” for the campaign trail?

http://www.pogowasright.org/article.php?story=20080917061845609

Identity Theft Legislation Passes Congress

Wednesday, September 17 2008 @ 06:18 AM EDT Contributed by: PrivacyNews

via EPIC.org:

The House of Representatives has approved the Identity Theft Enforcement and Restitution Act, legislation introduced by Senator Patrick Leahy that passed the Senate in 2007. The bill contains new provisions to provide restitution to victims of identity theft and expands the computer crime law to address the problem of spyware. The President is expected to sign the measure. Senator Leahy and Senator Specter are also pressing for passage of the Personal Data Privacy and Security Act, which addresses consumer concerns such as security breaches and the misuse of the Social Security Number. The bill is currently pending in the Senate. Related: S.2168: Identity Theft Enforcement and Restitution Act of 2007 S. 495: Personal Data Privacy And Security Act Of 2007

[From Senator Leahy's website:

The legislation passed today includes critical cyber crime provisions that will help to better protect our Nation’s leaders... [Sounds like another Congressional perk in the making. (It isd also reffered to as the “Former Vice President Protection Act” -- did Al Gore invent this too?) Bob]



Please ignore the man behind the curtain...

http://it.slashdot.org/article.pl?sid=08/09/17/1320239&from=rss

Asus Ships Cracking Software On Recovery DVD

Posted by timothy on Wednesday September 17, @09:47AM from the cold-sweat-in-taiwan dept. Security Bug

Barence writes

"Asus is accidentally shipping software crackers and confidential documents on the recovery DVDs that come with its laptops. The startling discovery was made by a PC Pro reader whose antivirus software was triggered by a key cracker for the WinRAR compression software, which was located on the recovery DVD for his Asus laptop. Along with the key cracker the disc also contained confidential Asus documents including a PowerPoint presentation that details 'major problems' identified by the company, including application compatibility issues. The UK reader is not alone, either — several users in the US and Australia have also found suspicious files on Asus discs."



Your Security Manager should already have concerns with “Cloud Computing” sites. This is not the only bug, my students tell me.

http://www.pogowasright.org/article.php?story=20080916141413983

Google Docs flaw could allow others to see personal files

Tuesday, September 16 2008 @ 02:14 PM EDT Contributed by: PrivacyNews

A security researcher said he has discovered a vulnerability in Google Docs that mysteriously allows private documents to appear in other users' accounts.

Tim Bass, a researcher posting Monday on the ISC(2) blog, wrote that when he recently was using his Google Docs account he found that it was listing documents as "owned" by him but that did not belong to him.

Source - SC Magazine



Oh gee, that's okay then...

http://www.pogowasright.org/article.php?story=20080916141654105

Phorm: the UK government's verdict

Tuesday, September 16 2008 @ 02:16 PM EDT Contributed by:PrivacyNews

Phorm, the controversial ad-targeting system, does conform to European data laws, the UK government has said, but it must be more explicit in informing customers about the programme and make pt [sic] out more straightforward.

Source - Guardian

[From the article:

The bruhaha - as documented by the Guardian Technology blog - started when some of Phorm's partners, including BT, were revealed to have tested Phorm's targeting technology without informing their customers. The EU then got involved, demanding clarification about how the system is being implemented and about how consumers are being informed.



I intended to follow this one, but Slashdot readers are doing it for me.

http://yro.slashdot.org/article.pl?sid=08/09/17/0238226&from=rss

City Sues To Prevent Linking To Its Website

Posted by kdawson on Wednesday September 17, @12:23AM from the nolo-mi-tangere dept. Censorship The Courts

Mike writes

"In what appears to be a first-of-its-kind case, the Sheboygan city attorney ordered Jennifer Reisinger to remove a link to the city's police department from her Web site. The city went further, she claims, launching a criminal investigation of her for linking to the department on one of her sites, and in response she's suing the mayor and the city. 'The mayor decided to use his office to get back at Jennifer for her efforts in the recall and picked this to do it,' said her attorney, Paul Bucher. It appears this will go to court, and the question will be can a city (or any business or Web property) stop people from posting a link to its site?"

[From the Article:

Boyden said not all speech is protected, including links. For instance, someone might use a link to communicate a threat or violate a copyright, and that wouldn’t be protected. [??? Bob]

... “Linking to the Web site is no different than listing the street address of the Sheboygan police department,” he said.

Bucher also said the case was a first as far as he knows.



So can one bored teenager put you out of business? (A security company in name only)

http://torrentfreak.com/mediadefender-one-year-after-the-email-leak-080915/

MediaDefender, One Year After the Email Leak

Written by Ernesto on September 15, 2008

Exactly a year ago, the anti-piracy company MediaDefender was put to shame after a hacker gained access to their systems. Many of the deepest secrets of the company were published online, and now, twelve months on, the company is walking the plank to bankruptcy as its shares are worth less than one cent each.



Background for my Computer Security class

http://www.pogowasright.org/article.php?story=20080917065806562

Federal Laws, Regulations, and Mandatory Standards to Securing Private Sector IT Systems and Data in Critical Infrastructure Sec

Wednesday, September 17 2008 @ 06:58 AM EDT Contributed by: PrivacyNews

Summary of GAO report:

Federal policy identifies 18 infrastructure sectors--such as banking and finance, energy, public health and healthcare, and telecommunications--that are critical to the nation's security, economy, public health, and safety. Because these sectors rely extensively on computerized information systems and electronic data, it is crucial that the security of these systems and data is maintained. Further, because most of these infrastructures are owned by the private sector, it is imperative that public and private entities work together to protect these assets. The federal government uses both voluntary partnerships with private industry and requirements in federal laws, regulations, and mandatory standards to assist in the security of privately owned information technology (IT) systems and data within critical infrastructure sectors. As agreed, our objectives were to (1) identify, for each critical infrastructure sector, the federal laws, regulations, and mandatory standards that pertain to securing that sector's privately owned IT systems and data and (2) identify enforcement mechanisms for each of the above laws, regulations, and mandatory standards.

There are at least 34 federal laws, regulations, and mandatory standards that pertain to securing privately owned IT systems and data in our nation's critical infrastructure sectors. Of the 34, 1 is a law, 25 are regulations, and 8 are mandatory standards. These requirements pertain to 10 of the 18 critical infrastructure sectors, including the agriculture and food; energy; nuclear reactors, materials, and waste; and transportation systems sectors. Each of the 34 federal legal requirements has at least one enforcement mechanism. These mechanisms include court injunctions, civil monetary penalties, criminal penalties, and administrative actions, such as license revocation and suspension. Typically, these mechanisms are what agencies use to enforce requirements in general, and are not necessarily specific to the requirements for securing privately owned IT systems and data.

Source - GAO-08-1075R, September 16, 2008



See! Hollywood isn't the only 'special interest; that owns influences congressmen.

http://news.slashdot.org/article.pl?sid=08/09/16/208247&from=rss

Congress May Kill NIH Open Access Research Rules

Posted by kdawson on Tuesday September 16, @04:49PM from the you-paid-for-it-now-we-own-it dept. Government Science

Savuka writes

"A policy that mandates public, open access to all National Institutes of Health research is in danger. The House of Representatives is considering legislation that would change the open access policy to make it more publisher-friendly, under the false pretense of protecting copyrights. The Ars author paints the new legislation as somewhat reflective of a turf battle in Congress: 'The Intellectual Property Subcommittee clearly felt that it had been ignored during the original passage of the bill that compelled the NIH's open access policy...' The article concludes: 'Currently, the disruptions wrought by the Internet and expectations of open access are too new for a viable alternative to traditional publishing to have emerged. But it doesn't appear that the NIH policy is making a significant contribution to that disruption, and the benefits of the policy appear likely to be significant. If Congress rolls back that policy in response to disagreements with other countries over film piracy, then it could really be throwing the baby out with the bathwater.'"



Something to look at/something to hack. This software claims to be able to control files I send to you for review, so you can't print or copy them. Somehow I doubt it.

http://www.killerstartups.com/Web-App-Tools/fortressw-com-futuristic-data-storage

FortressW.com - Futuristic Data Storage

http://www.fortressw.com

Keeping your files safe is easier said than done. You might back them up in your company’s network, but if something happens to that, you’re done. Maybe you like to keep them on a USB memory, but if you lose it, then wave bye-bye to your data. Backing up online might sound like a great solution, but with most services, your files will be exposed to thousands of users. If you’re looking for a new way to keep your files safe, then you should check out Fortressw.com. On the site, you’ll be able to find a new and secure method of backing up your files online, making it possible for you to worry about other things besides your files’ safety. You’ll have total control over your files, keeping them private and being able to access them wherever you are. On the whole, if you still haven’t found a secure way to store your files online, you have to check this out.



I told you Dilbert had the answers to everything.

http://news.slashdot.org/article.pl?sid=08/09/16/1654217&from=rss

Scott Adams's Political Survey of Economists

Posted by kdawson on Tuesday September 16, @01:36PM from the who's-the-fairest-of-them-all dept. Politics

Buffaloaf writes

"Scott Adams, the creator of Dilbert, wanted to have unbiased information about which presidential candidate would be better for the economy, so he financed his own survey of 500 economists. He gives a bit more detail about the results in a CNN editorial, along with disclosure of his own biases and guesses as to the biases of the economists who responded."



This could be (geeky) fun!

http://www.webmonkey.com/tutorial/Build_an_SMS_Notification_App

Build an SMS Notification App

... In this tutorial, I'll show you how I built this SMS app and how you can build your own.



More geeky fun! It is possible to override the satellite signal and send all those GPS dependant drivers down dead-end streets,or into the nearest traffic jam, or any other traffic nightmare you could imagine.

http://www.schneier.com/blog/archives/2008/09/gps_spoofing.html

September 17, 2008

GPS Spoofing

Tuesday, September 16, 2008

Someone should suggest that they stop sending unencrypted CDs in the mail...

http://www.pogowasright.org/article.php?story=20080915133512918

UK: Details of 18,000 NHS staff missing

Monday, September 15 2008 @ 01:35 PM EDT Contributed by: PrivacyNews

The personal details of nearly 18,000 NHS staff in London have gone missing in the post.

Four computer discs containing the details of 17,990 current and former staff were lost in July when they were sent between Whittington Hospital NHS Trust and McKesson, a firm providing payroll IT services.

The discs contained the name, date of birth, national insurance number, start date and pay details of all staff and the addresses of some staff. They did not contain personal bank account details, according to the trust.

Source - The Press Association

[From the article:

Whittington Hospital NHS Trust said the discs had a "separate alpha-numeric password on them which unless found by expert hackers are very difficult to break." [Delusion Bob]

The trust said the discs went missing when an envelope they were in was placed in a post tray marked recorded delivery on July 22. [I need more “English as a foreign language” classes to decypher that sentence Bob] But there was no record of the discs being sent.

... It was the first time information had been sent through the post, he added.



Double Secret Probation ends? It looks like the FBI is sharing some information with victims. I don't see why it took so long to tell the companies and why is it taking so long to notify individuals? Perhaps the disclosure laws need a tweek?

http://www.pogowasright.org/article.php?story=20080915162807693

Forever 21 Provides Notice to Customers Regarding Security Breach Incident (follow-up)

Monday, September 15 2008 @ 04:28 PM EDT Contributed by: PrivacyNews

Law enforcement recently informed us that our systems may have been illegally accessed to obtain customer payment card information. We have determined that this incident may have affected a subset of our customers who shopped at our stores on the following nine dates: March 25, 2004; March 26, 2004; June 23, 2004; July 2, 2004; July 3, 2004; August 4, 2007; August 5, 2007; August 13, 2007; and August 14, 2007. In addition, the incident may have affected customers who shopped at our Fresno, California store located at 567 E. Shaw Ave. between November 26, 2003 and October 24, 2005.

On August 5, 2008, the U.S. Department of Justice in Boston filed indictments against 3 individuals alleged to have committed crimes involving credit card fraud against 12 retailers. That morning, Forever 21 was contacted by the U.S. Secret Service and was advised that our company was identified in the indictment as one of the retail victims. We subsequently received from the Secret Service a disk of potentially compromised file data. We promptly retained forensic consultants to help us examine the file data and our systems. Based on that investigation, we believe that the unauthorized persons accessed older credit and debit card transaction data for approximately 98,930 credit and debit card numbers. Approximately 20,500 of these numbers were obtained from the Fresno store transaction data. The data included credit and debit card numbers and in some instances expiration dates and other card data, but did not include customer name and address. More than half of the affected payment card numbers are no longer active or have expired expiration dates.

We have been working with our acquiring bank and payment card networks to resolve the situation. Your card issuing institution may send you a written notice mailed to the address related to the account number about this incident. We have also contacted the three principal credit reporting bureaus, Equifax, Experian and TransUnion, to advise them of the situation. Since 2007 when the Payment Card Industry Data Security Standards (the "PCI Standards") were imposed, our systems have been certified to be in compliance with the PCI Standards, including the data encryption standards. After we were informed of this incident, we adopted additional proactive security measures and continue to regularly monitor our systems for intrusions.

Source - Forever21

Props, The Consumerist blog

Comment: so it appears that our government left Forever21 in the dark until they were ready to announce the indictment. Why Forever21 never detected the breach itself on its own is a discussion for another time, but that our government delayed in notifying the company so that consumers could be notified is just... well, outrageous. -- Dissent

[From the blog:

Forever 21 also announced the problem to its customers via a small link on its site labeled "Important Customer Info Notice" that no one will ever click on. [See if you can find it... Bob]



Another “slow release” breach disclosure. Keeps them in the news (in a negative way) and must make other clients wonder...

http://www.pogowasright.org/article.php?story=20080915080929430

EXCLUSIVE: Intuit notifies 22,000 of stolen computer

Monday, September 15 2008 @ 08:09 AM EDT Contributed by: PrivacyNews

The burglary at Colt Express Outsourcing over the Memorial Day weekend affected employees of over 20 firms that were using or had used Colt to administer benefits programs for employees.

Now software company Intuit has confirmed that some employees and their dependents also had data on the stolen computer.

In a statement to PogoWasRight.org, a spokesperson for Intuit reports that they notified 22,000 people, including employees, former employees and their dependents who were enrolled in the company's health benefits plans between August 1997 and January 2002. The unencrypted personal data involved names, addresses, Social Security numbers and birthdates.

In response to a query from this site as to why the delay in notifying its employees, who just received letters this past week, Intuit reports that when they were notified of the breach, they began their own investigation. According to their spokesperson, when they recognized the scope of the problem, they hired a firm to help them with the notification process to ensure that everyone got notified.

Intuit also retained Kroll to assist those affected and to provide them with free credit monitoring and identity theft restoration services, if required.

Intuit's report brings the total known number of affected to approximately 75,000 for the 10 firms that provided information on the number of employees and dependents affected. At least one other company has also been affected, but this site is awaiting confirmation before listing them as being affected. How many other clients or former clients of Colt's may have been affected is unknown, as Colt has not revealed that information.

hat-tip, a reader of the Breach Blog who mentioned receiving a notification letter.



For your Security Manager

http://www.infoworld.com/article/08/09/15/Microsoft_issues_wrong_update_for_Exchange_2007_1.html?source=rss&url=http://www.infoworld.com/article/08/09/15/Microsoft_issues_wrong_update_for_Exchange_2007_1.html

Microsoft issues wrong update for Exchange 2007

After discovering its error, company pulled Update Rollup 4 on September 9, but warned those who had downloaded it to beware of problems

By Gregg Keizer, Computerworld September 15, 2008

Microsoft last week confirmed that it inadvertently released a pre-release version of an Exchange Server 2007 update that could push servers into an endless series of crashes.



Gee Mom, all the kids are doing it!

http://www.pogowasright.org/article.php?story=20080915203811990

CO: AG: Social Security Numbers On Public Web Sites

Monday, September 15 2008 @ 08:38 PM EDT Contributed by: PrivacyNews

Colorado's attorney general said Monday that several counties are potentially opening citizens up to identity theft by hosting documents with Social Security numbers on public Web sites.

These documents include federal tax liens, financing statements and other sensitive information.

Source - The Denver Channel

[From the article:

Colorado law prohibits the posting of Social Security numbers online, but it does not apply that same ban to government entities.



Logic.gov: Let's write a document to alert business travelers to the risks of using electronic devices, and then classify it so they never see it!

http://www.pogowasright.org/article.php?story=20080915133748420

Leaked Homeland Security doc warns of data threats

Monday, September 15 2008 @ 01:37 PM EDT Contributed by: PrivacyNews

A document emphasising mobile-data security threats has appeared online after being leaked from the US Department of Homeland Security.

The document, entitled Foreign Travel Threat Assessment: Electronic Communications Vulnerabilities was posted to the whistleblower website WikiLeaks on Friday. It gives advice to corporate and government travellers on how to stop data falling into criminal or foreign-government hands.

Source - ZDnet



“Full Time Confusion” strikes again?

http://www.pogowasright.org/article.php?story=20080915085848665

FTC requires towns to add identity theft programs

Monday, September 15 2008 @ 08:58 AM EDT
Contributed by: PrivacyNews

The Federal Trade Commission (FTC) has issued new requirements for municipalities on the adoption of identity theft programs.

A release was distributed to all municipalities by the North Carolina League of Municipalities (NCLM) on Sept. 4, asking all managers, administrators, clerks, attorneys and finance officers to have written procedures in place to help protect consumer identity and fight theft of customer account information.

Source - The Stanley News and Press

[From the article:

The release stated that all municipalities with utility accounts must participate. According to the Tennessee Valley Public Power Association (TVPPA), utilities rank No. 3 as a place for identity thieves to gain information.

... The TVPPA News said there may be significant consequences for noncompliance which could include civil penalties, damages and attorneys’ fees.

They also reported that the FTC is likely to randomly demand copies of programs from utilities immediately after the Nov. 1 deadline.



Something for my DU Law friends...

http://ralphlosey.wordpress.com/2008/09/14/trial-lawyers-turn-a-blind-eye-to-the-true-cause-of-the-e-discovery-morass/

Trial Lawyers Turn a Blind Eye to the True Cause of the e-Discovery Morass

A distinguished group of trial lawyers recently completed a study on litigation which concluded that the main problem with the U.S. legal system today is e-discovery. Interim Report & 2008 Litigation Survey.

... This interim report, aside from its competency shadow-blindness, is excellent and well written. It is a joint project of the American College of Trial Lawyers task force on discovery and the Institute for the Advancement of the American Legal System, a group based out of the University of Denver. I applaud these groups for recognizing the problem and trying to do something about it. There insights go well beyond e-discovery and I recommend a full reading.



Seems like a good idea to me – whay so slow? Oh, Wait... Lawyers.

http://yro.slashdot.org/article.pl?sid=08/09/16/0157220&from=rss

Tapping the Web's Collective Wisdom For Patents

Posted by kdawson on Tuesday September 16, @04:46AM from the crowdsourcing-prior-art dept.

BountyX sends in a CNN story offering an update on the US patent office's experiment in crowdsourcing, called Peer-to-Patent. (We've discussed this initiative a few times in the last couple of years.) In its first year the program has dealt with a minuscule fraction of patent applications, which numbered over 467,000 in 2007, up over 97% from a decade earlier. "

The Patent Office reports that it has issued preliminary decisions on 40 of the 74 applications that have come through the program so far. Of those, six cited prior art submitted only through Peer-to-Patent, while another eight cited art found by both the examiner and peer reviewers... [I]n its second year, Peer-to-Patent is being expanded to include claims covering electronic commerce and so-called 'business methods'..."



One to sic my library on...

http://books.slashdot.org/article.pl?sid=08/09/15/1459219&from=rss

Intellectual Property and Open Source

Posted by samzenpus on Monday September 15, @02:49PM from the read-all-about-it dept. stoolpigeon writes

"There isn't a person writing code in this country who is not impacted by US intellectual property laws. I think that it is safe to say, that not all coders have a strong understanding of just what those laws are, let alone what they mean. Stepping into this gap is programmer become lawyer Van Lindberg with his new book Intellectual Property and Open Source. Lindberg has really done something special with this volume. I don't think I've ever read a tech oriented work where I've felt so convinced that I was reading something that would become a standard by which others would come to be judged."

Read below for the rest of JR's review.

... Let me quickly state what this book is not. It is not comprehensive.

... So what is this book? To me it felt very much like sitting down with a lawyer who can speak my language, understands my concerns, uses open source software, cares about freedom and has a gift for building metaphors and illustrations that make sense.



Do you need another excuse to use your cellphone?

http://www.killerstartups.com/Mobile/rocketron-com-the-news-on-your-phone

Rocketron.com - The News On Your Phone

With Rocketron.com, you’ll be able to choose the news you want to know, and then hear them through your cellular phone. Just call the number and choose what you want to know about. It will then let you listen to the news you want, skip those that you don’t find interesting, and other things that make this a very useful service.

http://www.rocketron.com/



I don't think this is a joke. Cities everywhere will be adding a Department of Poop Analysis.

http://www.reuters.com/article/technologyNews/idUSLG37942520080916?feedType=RSS&feedName=technologyNews

Israeli city uses DNA to fight dog poop

Tue Sep 16, 2008 8:25am EDT By Avida Landau

PETAH TIKVA, Israel (Reuters) - An Israeli city is using DNA analysis of dog droppings to reward and punish pet owners.



How could we allow this to happen!

http://www.reuters.com/article/technologyNews/idUSSP31943720080916?feedType=RSS&feedName=technologyNews

Porn passed over as Web users become social: author

Tue Sep 16, 2008 8:39am EDT By Belinda Goldsmith