http://www.pogowasright.org/article.php?story=2008112205011075
AR: Private Photos Posted Online, Lawsuit Claims
Saturday, November 22 2008 @ 05:01 AM EST Contributed by: PrivacyNews
A Bella Vista couple has sued McDonald's for at least $3 million after nude photographs of the woman were allegedly taken off her husband's misplaced cell phone and posted on the Internet.
Phillip and Tina Sherman say Phillip left his cell phone at McDonald's on Sixth Street in Fayetteville on July 5. Tina Sherman then began receiving offensive calls and text messages about the pictures, then learned her pictures, which she had sent her husband, had been posted on-line along with her name, address and phone number.
The Web site allegedly described how McDonald's employees retrieved the pictures from a phone left at the restaurant.
Source - NWAonline.com
Helping to define a “reasonable expectation of Privacy” and what it is worth?
http://www.pogowasright.org/article.php?story=2008112205091987
Sienna Miller gets £53k for press intrusion
Saturday, November 22 2008 @ 05:09 AM EST Contributed by: PrivacyNews
Sienna Miller has reached a settlement with an agency of paparazzi photographers over claims of harassment and invasion of privacy.
The actor had sued Big Pictures and its founder Darryn Lyons over what she described as intolerable intrusions by pursuing photographers.
Yesterday the agency agreed to pay £53,000 in damages and costs as part of a settlement. It includes an undertaking that the agency will not pursue Miller - by car, motorcycle or on foot - or "doorstep" her at her home or that of her family. The agency will be allowed to take pictures when she goes to bars, nightclubs or restaurants, is out in public, or at a "red carpet" event.
Source - Guardian
It's not war! It's ABC “Aggressive Browsing from China” Think of the old fable of an infinite number of monkeys typing on an infinite number of typewrites eventually producing “War & Peace” Now think of a billion Chinese teenagers trying random URLs (www.random.random.MIL) and random passwords and reporting all successes to a central database.
http://news.slashdot.org/article.pl?sid=08/11/21/2319241&from=rss
Chinese Hacking of American Military Networks On the Rise
Posted by Soulskill on Friday November 21, @06:23PM from the secure-the-international-tubes dept. Government Security The Military United States
Anti-Globalism writes with this excerpt from the Guardian:
"China is stealing sensitive information from American computer networks and stepping up its online espionage, according to a US congressional panel. Beijing's investment in rocket technology is also accelerating the militarization of outer space and lifting it into the 'commanding heights' of modern warfare, the advisory group claims. ... A summary of the study, released in advance, alleges that networks and databases used by the US government and American defense contractors are regularly targeted by Chinese hackers. 'China is stealing vast amounts of sensitive information from US computer networks,' says Larry Wortzel, chairman of the commission set up by Congress in 2000 to investigate US-China issues."
The full study addresses these issues and others relating to the US-China relationship (PDF).
Might be worth a listen if you can't read...
http://news.cnet.com/8301-12640_3-10105508-91.html?part=rss&subj=news&tag=2547-1_3-0-5
Security Bites 122: IBM sees security challenges ahead
Posted by Robert Vamosi November 21, 2008 1:20 PM PST
Last month, IBM released a report (PDF) identifying the security challenges facing enterprises in the next two to five years.
... Kris Lovejoy, director of Governance and Risk Management and Corporate Security Strategy at IBM, spoke with CNET's Robert Vamosi about the report. She cites nine trends companies should be watching:
1. Securing virtualized environments
2. Alternative ways to delivery security
3. Securing mobile devices
4. Managing risk and compliance
5. Identity governance
6. Information security
7. Predictable security of applications
8. Protecting the evolving network
9. Sense and respond physical security
Listen now: Download today's podcast
So... Does this suggest that the Bush administration was 50 times more verbose than Clinton or that Clinton was 50 times more efficient? (or that politicians only learned how to use e-mail in the last 8 years? or...)
http://news.slashdot.org/article.pl?sid=08/11/22/1312245&from=rss
Bush Administration's E-Mail Deluge May Overload Archive System
Posted by Soulskill on Saturday November 22, @09:16AM from the hello-sir-madam dept. Government Communications United States Technology
Lucas123 writes
"The Clinton administration generated 32 million e-mails. Bush's administration has generated 50 times as much data — 140TB, 20TB of which is email — which soon will have to be archived through a new government-built records management system. The new system may not be up to the task because the technology behind it may not be able to handle the sheer volume of data along with the fact that the Bush administration has been slow in providing the National Archives and Records Administration (NARA) with needed information about the records, according to a Computerworld story. Questions have also been raised about millions of missing e-mails from between March 2003 and October 2006. 'It wasn't until this summer that an intensive effort began to share information,' said Ken Thibodeau, director of NARA's Electronic Records Archives."
I was discussing (debating) this with Professor Soma just the other day. This sounds more like his idea than my idea... Damn, but I hate losing arguements!
http://news.cnet.com/8301-13578_3-10105776-38.html?part=rss&subj=news&tag=2547-1_3-0-5
The key to innovation: Privately owned fiber?
Posted by Stephanie Condon November 21, 2008 4:20 PM PST
... While Congress has taken steps to promote universal broadband, a new working paper from the New America Foundation suggests a peculiar route to fostering the nation's next great innovators: allowing consumers to purchase and own their own fiber-optic connection.
In their paper Homes with Tails (PDF), Columbia Law School professor and NAF Fellow Tim Wu and Google Policy Analyst Derek Slater lay out a proposal in which a community would establish a collectively-owned fiber trunk cable that would lead to individually-owned lines into people's homes.
Such an architecture would be "akin to a condominium complex--also a radical form of property not too long ago," Slater said.
No doubt the IRS will want to follow suit. “This is common practice in other countries, we should have the right to do it too!”
http://www.pogowasright.org/article.php?story=20081122045258536
UK: Revenue in storm over disclosure of taxpayer data to researchers
Saturday, November 22 2008 @ 04:52 AM EST Contributed by: PrivacyNews
A year after HM Revenue & Customs lost 25m people's personal data it is writing to some taxpayers telling them it will pass on their names and details to a market research company – unless told not to do so before next Tuesday.
Source - Telegraph
[From the article:
"This may well be a criminal offence as it does not seem to fall within any of the disclosure gateways allowed by the Commissioners For Revenue & Customs Act 2005."
But a spokesman for HMRC said: "The research company receives the data on the same strictly confidential basis that we do. They are subject to rigorous security checks before their appointment. [Doesn't that make you feel all warm and fuzzy? Bob]
“We do this to kill off the ones with weak hearts. It makes our job easier...”
http://www.pogowasright.org/article.php?story=20081121091205714
UK: Department of Health tops lost laptop rankings
Friday, November 21 2008 @ 09:12 AM EST Contributed by: PrivacyNews
The Government loses a computer a week, according to figures unearthed by the Conservative Party.
Shadow housing minister Grant Shapps wrote to ministers in six departments asking them "What (a) equipment and (b) data was lost by [their] Department in the last 12 months?"
Cumulatively, he discovered the Government has lost 53 computers and laptops over the course of 2008. He also found that 36 BlackBerries had gone missing, together with 30 mobile phones and four memory sticks. However the losses could be greater, as the Ministry of Defence and the Home Office declined to provide figures.
The Department for Health was the biggest culprit losing 14 laptops, though quite what happened to these machines we may never know as the "Department does not differentiate between stolen, missing or lost equipment." [Translation: Management doesn't give a damn. Bob]
Source - IT PRO
“Sure we were wrong, but you have to admit we were right before we drop the charges.” A cautionary tale for my Computer Forensics students. (Law Students: Who would you sue to right this wrong?)
http://www.pogowasright.org/article.php?story=20081121175501481
Connecticut drops felony charges against Julie Amero, four years after her arrest
Friday, November 21 2008 @ 05:55 PM EST Contributed by: PrivacyNews
The unbelievable story of Julie Amero concluded quietly Friday afternoon at Superior Court in Norwich, with the state of Connecticut dropping four felony pornography charges.
Amero agreed to plead guilty to a single charge of disorderly conduct, a misdemeanor. Amero, who has been hospitalized and suffers from declining health, also surrendered her teaching license.
Source - Hartford Courant
[From the article:
In June of 2007, Judge Hillary B. Strackbein tossed out Amero's conviction on charges that she intentionally caused a stream of "pop-up" pornography on the computer in her classroom and allowed students to view it. Confronted with evidence compiled by forensic computer experts, Strackbein ordered a new trial, saying the conviction was based on "erroneous" and "false information."
But since that dramatic reversal, local officials, police and state prosecutors were unwilling to admit that a mistake may have been made -- even after computer experts from around the country demonstrated that Amero's computer had been infected by "spyware."
... The case also caught the attention of computer security experts [enough to have a wikipedia entry! Bob] from California to Florida, who read about Amero's conviction on Internet news sites. Recognizing the classic signs of a computer infected by malicious adware, volunteers examined computer records and the hard drive and determined that Amero was not responsible for the pornographic stream on her computer.
The state never conducted a forensic examination of the hard drive and instead relied on the expertise of a Norwich detective, with limited computer experience. Experts working for Amero ridiculed the state's evidence, saying it was a classic case of spyware seizing control of the computer.
... Among other things, the security experts found that the Norwich school system had failed to properly update software that would have blocked the pornography in the first place.
Oceania is not at war with Eastasia. We have never been at war with Eastasia. Eastasia is our old and trusted ally. (Does BT stands for “Brother Too” or “Brother Two”? I forget.)
http://yro.slashdot.org/article.pl?sid=08/11/22/0221226&from=rss
BT Silences Customers Over Phorm
Posted by Soulskill on Saturday November 22, @12:06AM from the lalala-i-can't-hear-you dept. Privacy Communications Networking
An anonymous reader writes
"The Register reports that BT, the UK's dominant telecom and internet service provider, has 'banned all future discussion of Phorm and its "WebWise" targeted advertising product on its customer forums, and deleted all past threads about the controversy dating back to February.' Phorm is a controversial opt-out system for delivering targeted advertising that intercepts traffic passing through an ISP in order to profile subscribers via an assigned unique ID based on their online activities. Subscribers can opt-out at the Webwise website but are opted-in again if the Phorm cookie is cleared. Firefox users can install Melvin Sage's Firephorm add-on to manage their interaction with Phorm and Webwise."
Almost a PowerPoint article...
http://www.forbes.com/2008/11/21/data-breaches-cybertheft-identity08-tech-cx_ag_1121breaches.html
Banking's Data Security Crisis
Andy Greenberg, 11.21.08, 10:00 AM EST
During the past year, banks have lost more of their customers' personal data than ever before.
Countrywide Financial may have become a poster child for U.S. financial institutions ruined by poisonous subprime loans--but junk assets, it turns out, weren't the only element of Countrywide's inner workings that were rotten.
So, allegedly, was one senior financial analyst in the company's subprime mortgage division. According to the reports of FBI officials who arrested him in August, 36-year-old Rene Rebollo spent his Sunday nights last summer copying a total of more than 2 million of Countrywide's customer records to a flash drive and selling the data to identity thieves. [Beware of employees who work voluntary overtime! Bob]
... According to numbers released Nov. 18 by the data breach tracking organization Identity Theft Resource Center, financial institutions were responsible for more than half the 33 million personal records known to be lost in all reported data breaches so far this year, compared with just 7% of known lost records in 2007.
DHS uses WinZip to encrypt their files. Simple step by step guide in Appendix A. Remember this next time a laptop computer goes missing...
http://www.pogowasright.org/article.php?story=20081121092336690
Handbook for Safeguarding Sensitive Personally Identifiable Information at DHS
Friday, November 21 2008 @ 09:23 AM EST Contributed by: PrivacyNews
The DHS Privacy Office "Handbook for Safeguarding Sensitive PII at DHS" applies to every DHS employee, contractor, detailee and consultant. The document sets minimum standards for how personnel should handle Sensitive PII in paper and electronic form during their everyday work activities at DHS.
Source - Handbook for Safeguarding Sensitive Personally Identifiable Information At The Department of Homeland Security [pdf, 19 pages]
Related
http://www.pogowasright.org/article.php?story=20081121143755272
New guidelines push agencies to build in IT security controls upfront
Friday, November 21 2008 @ 02:37 PM EST Contributed by: PrivacyNews
Guidelines on evaluating information security at agencies soon will be revised to better address concerns about protecting personal information and to incorporate risk assessments into processes for building computer systems, said a panel of government officials on Thursday.
In December, the National Institute of Standards and Technology will release for comment an updated version of Special Publication 800-53, "Recommended Security Controls for Federal Information Systems," which will include a new appendix of controls agencies can put in place to ensure privacy. The appendix lays out guidelines for considering identifiable personal information when developing security plans for IT systems. Applications that contain Social Security numbers, for example, would incorporate stricter access controls to prevent unauthorized individuals from accessing or downloading the data.
Source - NextGov
Special Publication 800-53 "Recommended Security Controls for Federal Information Systems"
SP 800-39, "Managing Risk From Information Systems"
Completely unrelated, but it seems to be a day for handbooks and guides
http://www.bespacific.com/mt/archives/019875.html
November 21, 2008
Rule of Law Handbook 2008
Library of Congress, Federal Research Division: Rule of Law Handbook 2008, The Judge Advocate General's Legal Center and School, U.S. Army Center for Law and Military Operations
Oh gee, it couldn't happen to a nicer bunch of guys!
http://news.slashdot.org/article.pl?sid=08/11/21/1644213&from=rss
RICO Class Action Against RIAA In Missouri
Posted by kdawson on Friday November 21, @12:49PM from the take-'em-down-dano dept. The Courts Music
NewYorkCountryLawyer writes
"In Atlantic Recording v. Raleigh, an RIAA case pending in St. Louis, Missouri, the defendant has asserted detailed counterclaims against the RIAA for federal RICO violations, fraud, violation of the Computer Fraud and Abuse Act, prima facie tort, trespass, and conspiracy. The claims focus on the RIAA's 'driftnet' tactic of suing innocent people, and of demanding extortionate settlements. The RICO 'predicate acts' alleged in the 42-page pleading (PDF) are extortion, mail fraud, and wire fraud. The proposed class includes all people residing in the US 'who were falsely accused ... of downloading copyrighted sound recordings owned by the counterclaim Defendants and making them available for distribution or mass distribution over a P2P network and who incurred costs and damages including legal fees in defense of such false claims' or 'whose computers used in interstate commerce and/or communication were accessed ... without permission or authority.' [I particularly like that one! Bob] This is the second class action of which we are aware against the RIAA and the Big 4 recording companies, the first being the Oregon class action brought by Tanya Andersen, which is presently in the discovery phase."
It has been a long time coming, but come it did.
http://news.slashdot.org/article.pl?sid=08/11/21/1849215&from=rss
Final Judgment — SCO Loses, Owes $3,506,526
Posted by timothy on Friday November 21, @02:15PM from the seems-charitable-to-sco dept. The Courts Caldera Unix Linux
Xenographic writes
"SCO has finally lost to Novell, now that Judge Kimball has entered final judgment against SCO. Of course, this is SCO we're talking about. There's still the litigation in bankruptcy court, which allowed this case to resume so that they could figure out just how much SCO owes, which is $3,506,526, if I calculated the interest properly, $625,486.90 of which will go into a constructive trust. And then there's the possibility that SCO could seek to have the judgment overturned in the appeals courts, or even the Supreme Court when that fails. Of course, they need money to do that and they don't really have much of that any more. Remember how Enderle, O'Gara and company told us that SCO was sure to win? I wonder how many people have emailed them to say, 'I told you so.'"
MineInternet data yourself! (There is a free version.)
http://www.pogowasright.org/article.php?story=20081121172237797
When Everyone Can Mine Your Data
Friday, November 21 2008 @ 05:22 PM EST Contributed by:PrivacyNews
Roelof Temmingh has a knack for stirring up trouble. The 35-year-old South African electronic engineer has fought legal battles with financial institutions, developed theoretical models for cyberterrorism and served as a technical adviser for a book about how hackers could take over the continent of Africa.
But Temmingh's latest exploit could make the most last impact. He has created a tool he calls Maltego that lets just about anybody do the kind of data mining that in the past only fraud investors, government specialists and hackers typically could do.
Source - Forbes
[From the article:
The commercial product isn't cheap--$430 a year--but the Pretoria-based Paterva, the company that Temmingh founded as he developed Maltego, offers a watered-down version free. Law enforcement, government and intelligence agencies can apply for a 10% discount.
... Worried about information leaks your company? Input lists of employees from your rival companies, and Maltego can graphically depict how they might be related to your employees. It can also provide likely e-mail address, phone numbers and personal Web sites--and then use this information to add a new layers to the investigation.
http://www.paterva.com/maltego/
Is this news?
http://news.slashdot.org/article.pl?sid=08/11/21/1458214&from=rss
US Officials Flunk Test On Civic Knowledge
Posted by samzenpus on Friday November 21, @03:06PM from the you-are-what-you-elect dept.
A test on civic knowledge given to elected officials proved that they are slightly less knowledgeable than the uninformed people who voted them into office. Elected officials scored a 44 percent while ordinary citizens managed an amazing 49 percent on the 33 questions compiled by the Intercollegiate Studies Institute. "It is disturbing enough that the general public failed ISI's civic literacy test, but when you consider the even more dismal scores of elected officials, you have to be concerned," said Josiah Bunting, chairman of the National Civic Literacy Board at ISI. The three branches of government aren't the Nina, the Pinta, and the Santa Maria?
[Take the test: http://www.americancivicliteracy.org/resources/quiz.aspx
[I did: You answered 32 out of 33 correctly — 96.97 % [It was a typo, honest! Bob]