Friday, May 29, 2009

Interesting, but the article suggests little real damage.

http://it.slashdot.org/story/09/05/28/1952214/Hackers-Breached-US-Army-Servers?from=rss

Hackers Breached US Army Servers

Posted by timothy on Thursday May 28, @04:08PM from the fine-line-between-clever-and-stupid dept. Security The Military United States

An anonymous reader writes

"A Turkish hacking ring has broken into 2 sensitive US Army servers, according to a new investigation uncovered by InformationWeek. The hackers, who go by the name 'm0sted' and are based in Turkey, penetrated servers at the Army's McAlester Ammunition Plant in Oklahoma in January. Users attempting to access the site were redirected to a page featuring a climate-change protest. In Sept, 2007, the hackers breached Army Corps of Engineers servers. That hack sent users to a page containing anti-American and anti-Israeli rhetoric. The hackers used simple SQL Server injection techniques to gain access. That's troubling because it shows a major Army security lapse, and also the ability to bypass supposedly sophisticated Defense Department tools and procedures designed to prevent such breaches."



Apparently this is the flip side of “you must show damages before you sue” If 100 small thefts are reimbursed by the bank the victim count goes from 100 down to 1. To balance that, the charge should go from trivial to massive. (After all, now I'm paying for that crime.) “You honor, as you can see the victims black eye has faded completely – therefore he is no longer “harmed” and can't be counted as a victim.”

http://www.databreaches.net/?p=4357

ID thief gets sentence reduced after 9th Circuit ruling

May 28, 2009 by admin Filed under: ID Theft, U.S.

The logic here seems to be the same logic applied in the Hannaford class action lawsuit: if the victims are reimbursed for their losses, they don’t count as “victims.”

The Shoreline, Washington man who lead a large I.D. theft ring, was back before a federal judge this morning asking for a sentence reduction following a 9th Circuit Court ruling on how victims are counted in I.D. theft cases. WARREN ARMSTEAD, 53, was sentenced almost three years ago to 17 and a half years in prison for conspiracy to commit bank fraud and nine counts of bank fraud. Today, U.S. District Judge James L. Robart sentenced ARMSTEAD to the high end of the guidelines range now in effect: 170 months, or just over 14 years in prison.

… More than 150 people have been identified as victims of ARMSTEAD’s ring. In all the group racked up more than $400,000 in losses.

Due to the fact that banks reimbursed account holders for the fraud losses and that the victims’ other losses associated with ARMSTEAD’s conduct, including the time and money spent fixing their accounts and credit, had not been quantified at the original sentencing, the court found that the individuals could no longer be counted as “victims” for purposes of sentencing. Thus ARMSTEAD’s guidelines range was lower than it was at his first sentencing.

Source: U.S. Attorney’s Office, Western District of Washington, press release



A town of 11752 people (according to Wolfram/Alpha)

http://www.bakersfieldnow.com/news/investigations/46418267.html

Hundreds of ID thefts hit Tehachapi area

Story Created: May 28, 2009 at 6:07 PM PDT Story Updated: May 28, 2009 at 6:08 PM PDT

By Carol Ferguson, Eyewitness News

Hundreds of cases of identity theft have hit the Tehachapi area, and police say they are working on some good leads. But local residents are frustrated by the number of accounts that have been compromised, and they want to know how and where their debit card information is being stolen.

… Watts said between his department and Tehachapi Police, they're working on about 200 cases. The officer said some of the fraudulent purchases are being made in the Los Angeles area, Midwest, and some even in Europe.

… Peregrina said her banks refunded the money from the fraudulent charges, but the biggest inconvenience was going door-to-door to local merchants explaining she had been a victim of ID theft, to get the check overdraft charges waived.



Watch!

http://news.cnet.com/8301-13578_3-10251898-38.html?part=rss&subj=news&tag=2547-1_3-0-5

Obama expected to announce cybersecurity revamp, new 'czar'

by Declan McCullagh

President Obama on Friday is expected to unveil his administration's plans to deal with cybersecurity threats to federal agencies and the private sector, including the creation of a White House "cyber czar."

It's not yet clear who that person will be, or even whether Obama will name someone during his announcement. As part of a political compromise, the new position is expected to be folded into both the National Security Council and National Economic Council.

The announcement, which is scheduled to take place at 10:55 a.m. ET in the White House's East Room, caps years of criticism of the Department of Homeland Security's efforts and months of speculation about what form the replacement cybersecurity bureaucracy will take.



I think it's a very bad idea to base your privacy policy on technology. For example, if your policy is “We do not sell any information we gather from you” What possible technology would change that? If your policy says “Don't use Facebook” you are 1) not writing a Privacy Policy and 2) admitting you have no idea how to control the use of Facebook.

http://www.bespacific.com/mt/archives/021459.html

May 28, 2009

Toward A 21st Century Framework for Federal Government Privacy Policy

Information Security and Privacy Advisory Board (ISPAB), Toward A 21st Century Framework for Federal Government Privacy Policy, May 2009

  • "[this]...report analyzes issues and makes recommendations around updating privacy law and policy in light of technological change. The Privacy Act of 1974 is the basis for much of the legal and policy framework by which the U.S. Government handles personal information. At the same time, vast changes in technology [are not changes in policy Bob] since 1974 have transformed how Federal agencies collect, use, and distribute information in major ways. While the fundamentals of the Act—the principles of fair information practices remain relevant and current, the letter of the Act and related law and policy may not reflect the realities of current technologies and information systems and do not protect against many important threats to privacy. [Are there new outcomes? Bob] Moreover, new technologies, not covered by the Act, are generating new questions and concerns; and government use of private-sector databases now allows the collection and use of detailed personal information with little privacy protections. The attached report examines these issues, and is based on a record that has been developed through the Board’ having heard from numerous panels of experts for several years. The Board provides analysis and makes recommendations for the Administration and Congress to consider."



I'm mostly okay with this. It progressed from the tribe (where everybody knows your name) as a means to identify strangers. “What evidence was left at the crime scene?” has been extended from “We have a witness who saw his face.” to “He left fingerprints!” to “He left a half eaten Twinkie and we were able to extract his DNA...” So far so good.

http://www.pogowasright.org/article.php?story=20090528182416123

Federal court upholds constitutionality of DNA Fingerprint Act

Thursday, May 28 2009 @ 06:24 PM EDT Contributed by: PrivacyNews

A federal court in the Eastern District of California has upheld the constitutionality of DNA sample collection from all those arrested upon probable cause for the commission of a federal felony. The court’s order, filed in United States v. Pool, 09-015-EJG-GGH, rejected a challenge to the constitutionality of DNA sampling and cataloguing of arrestees in federal cases as it has been recently modified by the DNA Fingerprint Act.

[...]

In its decision, the court held that after a judicial or grand jury determination of probable cause has been made for felony criminal charges against a defendant, no Fourth Amendment or other Constitutional violation is caused by a requirement that the defendant undergo a mouth swab or blood test for the purposes of DNA analysis to be used for criminal law enforcement identification purposes. In so determining, the court recognized that an individual arrested upon probable cause has a “diminished expectation of privacy in his own identity,” and that DNA fingerprinting as a law enforcement tool is merely a “technological progression” from photographs and traditional fingerprints, which are a “part of the routine booking process upon arrest.”

Source - Dept. of Justice, Eastern District of California, Press Release (pdf)


Related? I'm missing the logic here. What are they fishing for?

http://it.slashdot.org/story/09/05/28/2313230/Homeland-Security-To-Scan-Citizens-Exiting-US?from=rss

Homeland Security To Scan Citizens Exiting US

Posted by timothy on Thursday May 28, @07:27PM from the subtle-messages dept. Security Government United States

An anonymous reader writes

"The US Department of Homeland Security is set to kickstart a controversial new pilot to scan the fingerprints of travellers departing the United States. From June, US Customs and Border Patrol will take a fingerprint scan of travellers exiting the United States from Detroit, while the US Transport Security Administration will take fingerprint scans of international travellers exiting the United States from Atlanta. T he controversial plan to scan outgoing passengers — including US citizens — was allegedly hatched under the Bush Administration. An official has said it will be used in part to crack down on the US population of illegal immigrants."



We knew this, but now we have something to point to...

http://yro.slashdot.org/story/09/05/29/0530245/Empirical-Study-Shows-DRM-Encourages-Infringement?from=rss

Your Rights Online: Empirical Study Shows DRM Encourages Infringement

Posted by timothy on Friday May 29, @08:06AM

Hucko writes

"Ars Technica has a story about a study by Cambridge law professor Patricia Akester that suggests (declares?) that DRM and its ilk does persuade citizens to infringe copyright and circumvent authors' protections. The name of the study is 'Technological accommodation of conflicts between freedom of expression and DRM: the first empirical assessment.'"

The study itself is available for download (PDF); there's also a distillation here.



Know your new nay-bour.

http://www.bespacific.com/mt/archives/021461.html

May 28, 2009

Library of Congress Resources on Supreme Court Nominee Sonia Sotomayor

Law Library of Congress: Supreme Court Nominations - Sonia Sotomayor



We've been telling you for years that Operating Systems would become irrelevant.

http://www.pcworld.com/businesscenter/blogs/bizfeed/165653/html5_could_be_the_os_killer.html

David Coursey, PC World | Thursday, May 28, 2009 7:35 AM PDT

HTML5 Could Be the OS Killer

For companies that compete with Microsoft, HTML5 is almost the Holy Grail, offering the ability to run applications regardless of the underlying operating system. While the browser isn't more important than operating system today, Google this week firmly suggested it is only a matter of time.


Related

http://toolbar.tv-fox.com/

Firefox TV

TV Add-on for Firefox - Watch TV directly from your Firefox Browser, it’s Easy & Free!

2780 Live TV Channels sorted by country & category, the TV-FOX allow you to watch thousands of TV channels freely available on the internet. powered by the biggest and most up to date database



Poorly presented research. Searching for these words is not dangerous. Downloading files from “evil” websites is! I suggest this survey only demonstrates that people who are constantly looking for new/different screensavers are probably too ignorant to know they are probably downloading malware with their pretty pictures.

http://blogs.zdnet.com/security/?p=3457

The Web's most dangerous keywords to search for

Posted by Dancho Danchev @ 4:50 pm May 27th, 2009

Which is the most dangerous keyword to search for using public search engines these days? It’s “screensavers” with a maximum risk of 59.1 percent, according to McAfee’s recently released report “The Web’s Most Dangerous Search Terms“.



For my fellow teachers...

http://teachingcollegemath.com/?p=929

Choosing a Web 2.0 Tool

… The result of this thinking and researching was a new handout to use for the presentation to help participants either choose between general tools (like wiki, blog, or website) or more specific choices like (Animoto, Prezi, Slideshare).

… “Bloom’s Digital Taxonomy“ maps Web 2.0 tools to the categories in Bloom’s taxonomy of educational objectives.



For the Forensic file... This is actually an old technique. Think of an envelope with a “coded” return address containing an “encrypted” letter that is complete gibberish. If the “other guys” are complete idiots (something you can't count on) they will ignore the envelope and concentrate all their efforts on the “encrypted message.”

http://www.theregister.co.uk/2009/05/28/tcp_steganography/

Hiding secret messages in internet traffic: a new how-to

Covert messages exploit TCP

By Dan Goodin in San Francisco • Get more from this author Posted in Enterprise Security, 28th May 2009 20:13 GMT

Researchers have demonstrated a new way to hide secret messages in internet traffic that can elude even vigilant network operators.



For the hacker files...

http://www.makeuseof.com/tag/3-ways-to-restart-your-computer-over-the-internet/

3 Easy Ways To Restart Your Computer Over The Internet

May. 28th, 2009 By Ryan Dube


Ditto Old doesn't mean ineffective. I wonder if modern security departments even check for tools this old? I might even have one of these in my box of “obsolete computer stuff”

http://tech.slashdot.org/story/09/05/28/1745203/45-Year-Old-Modem-Used-To-Surf-the-Web?from=rss

45-Year-Old Modem Used To Surf the Web

Posted by timothy on Thursday May 28, @02:33PM from the cool-wooden-case dept.

EdIII writes with this awesome snippet from Hack a Day:

"'[phreakmonkey] got his hands on a great piece of old tech. It's a 1964 Livermore Data Systems Model A Acoustic Coupler Modem. He recieved it in 1989 and recently decided to see if it would actually work. It took some digging to find a proper D25 adapter and even then the original serial adapter wasn't working because the oscillator depends on the serial voltage. He dials in and connects at 300baud. Then logs into a remote system and fires up lynx to load Wikipedia. Lucky for [phreakmonkey] they managed to decide on a modulation standard in 1962. It's still amazing to see this machine working 45 years later.' Although impractical for surfing the Internet today, there is something truly cool about getting a 45-year old modem to work with modern technology. The question I have, is what is the oldest working piece of equipment fellow Slashdotters have out there? I'm afraid as far back as I can go is a Number Nine Imagine 128 Series 2 Graphics card on a server still in use at my house which only puts me at about 14 years."


More for my hackers

http://www.makeuseof.com/tag/how-to-trace-your-emails-back-to-the-source/

How To Trace Your Emails Back To The Source

May. 28th, 2009 By Stefan Neagu

Most people won’t notice this, but emails actually arrive in your inbox with a ‘receipt’, which contains a lot of information about the sender. In order to find the sender’s identity, we only need to retrieve an IP address, but inside the email header we can also find the originating domain, reply-to address and sometimes even the email client, for example Thunderbird.

Why would you want to find out the identity of the sender? Well, you may have heard of shady email scams or emails supposedly from Paypal inviting you to re-enter your personal information. Now, you can determine if an email is truly from the authentic source.



Another “What I need is...” tool

http://www.killerstartups.com/Web20/digizal-com-apps-for-every-occasion

Digizal.com - Apps For Every Occasion

http://www.digizal.com/

Portals that let you know about apps that are released are nothing new. There are as many as recycled melodies in The Kinks’s catalogue, and that is only good from the point of view of the users… until so many app review sites become available that is necessary to have a database of sites reviewing apps. Until that day comes, you can learn about these sites here.

… It has the distinction of including not just reviews of PC apps, but also reviews of applications for other systems such as Macs and mobile devices.

… A very nice touch is an application center that will let you specify what it is that you need help with from a provided list, and then be presented with the relevant options.



Amusement – and some images for my “history of computing” lecture.

http://www.pcworld.com/printable/article/id,165612/printable.html

Evolution of the PC

Since the personal computer debuted in 1971, a Darwin-esque evolution process has lifted the PC from modest beginnings to its current role as an indispensable part of life in the 21st century.

Jon Brodkin, Network World Wednesday, May 27, 2009 11:00 PM PDT

No comments: