Saturday, May 30, 2009

How does the government's approach to security differ from non-government? We don't start by building a new bureaucracy...

http://www.bespacific.com/mt/archives/021469.html

May 29, 2009

Cyberspace Policy Review - Assuring a Trusted and Resilient Information and Communications Infrastructure

White House: Securing Our Digital Future, Melissa Hathaway, Cybersecurity Chief at the National Security Council, discusses securing our nation's digital future.

  • Cyberspace Policy Review - Assuring a Trusted and Resilient Information and Communications Infrastructure, May 29, 2009: "The President directed a 60-day, comprehensive, “clean-slate” review to assess U.S. policies and structures for cybersecurity. Cybersecurity policy includes strategy, policy, and standards regarding the security of and operations in cyberspace, and encompasses the full range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and recovery policies and activities, including computer network operations, information assurance, law enforcement, diplomacy, military, and intelligence missions as they relate to the security and stability of the global information and communications infrastructure. The scope does not include other information and communications policy unrelated to national security or securing the infrastructure. The review team of government cybersecurity experts engaged and received input from a broad cross-section of industry, academia, the civil liberties and privacy communities, State governments, international partners, and the Legislative and Executive Branches. This paper summarizes the review team’s conclusions and outlines the beginning of the way forward towards a reliable, resilient, trustworthy digital infrastructure for the future."


Related / Reaction

http://news.slashdot.org/story/09/05/29/2240257/Who-Would-Want-To-Be-Obamas-Cybersecurity-Czar?from=rss

Who Would Want To Be Obama's Cybersecurity Czar?

Posted by Soulskill on Friday May 29, @07:24PM from the fine-i'll-do-it dept. Security Government United States IT

dasButcher writes

"President Obama is expected to name a new cybersecurity czar sometime soon. This person will be charged with defending the digital boards from attack by hostile nation-states and terrorist organizations. But the question Larry Walsh asks is: Who really wants the job? The previous three people who held the post barely made a dent in solving the security problems. Government bureaucracy and private sector resistance make it nearly impossible to find any measure of meaningful success in this job, he writes."

Reader eatcajun contributes a related link to the long-awaited US cyberspace policy review.


Related If the issue hasn't been “Claimed” by one party or another, you really can't tell them (politicians) appart.

http://news.cnet.com/8301-13578_3-10252263-38.html?part=rss&subj=news&tag=2547-1_3-0-5

A cybersecurity quiz: Can you tell Obama from Bush?

by Declan McCullagh May 29, 2009 12:19 PM PDT

The U.S. president has announced a comprehensive cybersecurity strategy for the federal government, saying Internet-based threats have risen "dramatically" and the country "must act to reduce our vulnerabilities."

A 76-page White House document calls for a new way of looking at Internet and computer security, saying that private-public partnerships are necessary, collaboration with international organizations will be vital, and privacy and civil liberties must be respected in the process.

Sound familiar? The year was 2003, and the president was George W. Bush, who wrote the introduction to what he called a "National Strategy to Secure Cyberspace."

On Friday, President Obama announced his 76-page "Cyberspace Policy Review"--with precisely the same number of pages [Significant? Ask a numerologist! Bob] as his predecessor's--at an event at the White House.

While the Bush document discusses centralizing cybersecurity responsibilities in the Department of Homeland Security and the Obama document shifts them to the White House, the two reports are remarkably similar. Perhaps this should be no surprise: Obama selected Melissa Hathaway, who worked for the director of national intelligence in the Bush administration and was director of an Bush-era "Cyber Task Force," to conduct the review.

To test your political acumen, we've taken excerpts from both and placed them side by side in the following chart. Can you tell which quotations come from which administration? (An answer key is at the end.)



Who in the organization says, “Let's lie!” Lots of questions here. Was this a laptop used at a fixed location? Why were Social Security numbers logged here?

http://www.databreaches.net/?p=4380

Recovered UAMS computer held worker data

May 30, 2009 by admin Filed under: Education Sector, Insider, U.S.

The Arkansas Democrat-Gazette reports that Lawrence Nichols, a former University of Arkansas for Medical Sciences housekeeping employee, has been charged in the theft of a computer that contained personal information of thousands of current and former employees. The theft occurred May 18th.

The computer was used to make identification badges [typically this function is performed by the security department. If they couldn't protect the computer, who could? Bob] for UAMS employees, students and contractors, and contained names and Social Security numbers. …. It’s estimated the computer was used to make about 50,000 badges, but some of those were to the same individuals because of lost badges or name changes, Taylor said. It didn’t contain contractors’ Social Security numbers because they aren’t UAMS employees.

[...]

UAMS information technology staff members examined the computer and determined no one accessed the numbers. [There is no way to confirm that data was not accessed. Bob] However, as a precaution, UAMS officials have sent the computer for an additional examination by Kroll Ontrack, a company that specializes in computer forensic testing “just to confirm that there was no breach,” Taylor said.



What is to come.

http://yro.slashdot.org/story/09/05/29/1822251/Supreme-Court-Nominee-Sotomayors-Cyberlaw-Record?from=rss

Supreme Court Nominee Sotomayor's Cyberlaw Record

Posted by ScuttleMonkey on Friday May 29, @04:27PM from the yes-but-does-she-know-what-she-is-talking-about dept. The Courts Politics

Hugh Pickens writes

"Thomas O'Toole writes that President Obama's choice for Associate Supreme Court Justice, Sonia Sotomayor, authored several cyberlaw opinions regarding online contracting law, domain names, and computer privacy while on the Second Circuit. Judge Sotomayor wrote the court's 2002 opinion in Specht v. Netscape Communications Corp., an important online contracting case. In Specht, the Second Circuit declined to enforce contract terms (PDF) that were available behind a hyperlink that could only be seen by scrolling down on a Web page. 'We are not persuaded that a reasonably prudent offeree in these circumstances would have known of the existence of license terms,' wrote Sotomayor. Judge Sotomayor wrote an opinion in a domain name case, Storey v. Cello Holdings LLC in 2003 that held that an adverse outcome in an administrative proceeding under the Uniform Domain Name Dispute Resolution Policy did not preclude a later-initiated federal suit (PDF) brought under the Anticybersquatting Consumer Protection Act (ACPA). In Leventhal v. Knapek, a privacy case, Judge Sotomayor wrote for the Second Circuit that New York state agency officials and investigators did not violate a state employee's Fourth Amendment rights when they searched the contents of his office computer (PDF) for evidence of unauthorized use of state equipment. While none of these cases may mean much as far as what Judge Sotomayor will do as an Associate Supreme Court Justice 'if confirmed, she will be the first justice who has written cyberlaw-related opinions before joining the court,' writes O'Toole."



“Stupid is as stupid does.” F Gump

http://news.cnet.com/8301-1009_3-10252534-83.html?part=rss&subj=news&tag=2547-1_3-0-5

Data backup service leads to recovery of stolen laptop

by Elinor Mills May 29, 2009 4:44 PM PDT

… A Berkeley, Calif., man recently recovered his stolen laptop after seeing photos the thief took of himself with the built-in camera via his Internet-based data backup program.

That's according to a police officer's article in an e-mail newsletter from Berkeley City Councilmember Susan Wengraf that was posted to the Web by open-source advocate Bruce Perens.

… Detectives working the case were shown the photos and recognized the man, who had been released from jail earlier in the year. They noticed that in the photos he appeared to be in a motel room and began trying to track down the IP address used by the laptop hoping that it would lead to the motel.

Before that could be accomplished, however, the detectives spotted the man [No doubt using the new photograph Bob] getting into a car in a motel parking lot in Oakland and arrested him.



Perhaps this is something that only non-journalists can do today.

http://arstechnica.com/tech-policy/news/2009/05/canada-ip-battlelines-plagiarized-report-piracy-guesses.ars

Canada IP battlelines: "plagiarized" report, piracy "guesses"

What sort of research group "plagiarizes" a report advocating for stronger intellectual property laws? And why does the Business Software Alliance give specific percentages for software piracy even in countries where it has done no surveys? A Canadian law professor raised those questions this week—and got results.

By Nate Anderson | Last updated May 29, 2009 11:13 AM CT

… Geist revealed that numerous sections of the Conference Board report were lifted nearly verbatim from an earlier report by the International Intellectual Property Alliance.

… Geist then took aim at the Business Software Alliance, which each year releases numbers estimating the rate of software piracy in countries around the world.



You can see how technology evolves to fill all available bandwidth.

http://www.killerstartups.com/Video-Music-Photo/recordr-tv-video-communication

Recordr.tv - Video Communication

recordr logo

Do you want to record yourself live so you can share your videos with friends or colleagues? Do you need an application that is very easy to use and that will give you a high quality service? In that case you should stop by Recordr.tv and start learning more about it.

The only thing you need to do in order to take advantage of this online resource is to use a microphone and a web camera. One of the best things about this site is the fact that it is not complicated at all, and allows you to learn how to use the system right away.



For my geek friends. Think of this as the geek version of making your own sword.

http://hardware.slashdot.org/story/09/05/30/0219208/Developer-Creates-DIY-8-Bit-CPU?from=rss

Developer Creates DIY 8-Bit CPU

Posted by Soulskill on Saturday May 30, @08:13AM from the now-that's-impressive dept. Hardware Hacking Technology

MaizeMan writes

"Not for the easily distracted: a Belmont software developer's hand-built CPU was featured in Wired recently. Starting with a $50 wire wrap board, Steve Chamberlin built his CPU with 1253 pieces of wire, each wire wrapped by hand at both ends. Chamberlin salvaged parts from '70s and '80s era computers, and the final result is an 8-bit processor with keyboard input, a USB connection, and VGA graphical output. More details are available on the developer's blog."



This could answer a lot of questions...

http://www.makeuseof.com/tag/regfromapp-monitors-reports-on-registry-changes-instantly/

RegFromApp Monitors & Reports On Registry Changes Instantly

May. 29th, 2009 By Karl L. Gechlik

… this little NirSoft portable application can watch and report what changes your new applications or even Windows is making to your registry.



Another tool for staying current

http://www.makeuseof.com/tag/download-junkies-update-your-system-with-radarsync/

Download Junkies, Update Your System With RadarSync

May. 29th, 2009 By Tim Watson

… RadarSync scans your Windows system for programs which may need updating.

… I was pleasantly surprised by the number of programs the scanner recognized, including system drivers.

Friday, May 29, 2009

Interesting, but the article suggests little real damage.

http://it.slashdot.org/story/09/05/28/1952214/Hackers-Breached-US-Army-Servers?from=rss

Hackers Breached US Army Servers

Posted by timothy on Thursday May 28, @04:08PM from the fine-line-between-clever-and-stupid dept. Security The Military United States

An anonymous reader writes

"A Turkish hacking ring has broken into 2 sensitive US Army servers, according to a new investigation uncovered by InformationWeek. The hackers, who go by the name 'm0sted' and are based in Turkey, penetrated servers at the Army's McAlester Ammunition Plant in Oklahoma in January. Users attempting to access the site were redirected to a page featuring a climate-change protest. In Sept, 2007, the hackers breached Army Corps of Engineers servers. That hack sent users to a page containing anti-American and anti-Israeli rhetoric. The hackers used simple SQL Server injection techniques to gain access. That's troubling because it shows a major Army security lapse, and also the ability to bypass supposedly sophisticated Defense Department tools and procedures designed to prevent such breaches."



Apparently this is the flip side of “you must show damages before you sue” If 100 small thefts are reimbursed by the bank the victim count goes from 100 down to 1. To balance that, the charge should go from trivial to massive. (After all, now I'm paying for that crime.) “You honor, as you can see the victims black eye has faded completely – therefore he is no longer “harmed” and can't be counted as a victim.”

http://www.databreaches.net/?p=4357

ID thief gets sentence reduced after 9th Circuit ruling

May 28, 2009 by admin Filed under: ID Theft, U.S.

The logic here seems to be the same logic applied in the Hannaford class action lawsuit: if the victims are reimbursed for their losses, they don’t count as “victims.”

The Shoreline, Washington man who lead a large I.D. theft ring, was back before a federal judge this morning asking for a sentence reduction following a 9th Circuit Court ruling on how victims are counted in I.D. theft cases. WARREN ARMSTEAD, 53, was sentenced almost three years ago to 17 and a half years in prison for conspiracy to commit bank fraud and nine counts of bank fraud. Today, U.S. District Judge James L. Robart sentenced ARMSTEAD to the high end of the guidelines range now in effect: 170 months, or just over 14 years in prison.

… More than 150 people have been identified as victims of ARMSTEAD’s ring. In all the group racked up more than $400,000 in losses.

Due to the fact that banks reimbursed account holders for the fraud losses and that the victims’ other losses associated with ARMSTEAD’s conduct, including the time and money spent fixing their accounts and credit, had not been quantified at the original sentencing, the court found that the individuals could no longer be counted as “victims” for purposes of sentencing. Thus ARMSTEAD’s guidelines range was lower than it was at his first sentencing.

Source: U.S. Attorney’s Office, Western District of Washington, press release



A town of 11752 people (according to Wolfram/Alpha)

http://www.bakersfieldnow.com/news/investigations/46418267.html

Hundreds of ID thefts hit Tehachapi area

Story Created: May 28, 2009 at 6:07 PM PDT Story Updated: May 28, 2009 at 6:08 PM PDT

By Carol Ferguson, Eyewitness News

Hundreds of cases of identity theft have hit the Tehachapi area, and police say they are working on some good leads. But local residents are frustrated by the number of accounts that have been compromised, and they want to know how and where their debit card information is being stolen.

… Watts said between his department and Tehachapi Police, they're working on about 200 cases. The officer said some of the fraudulent purchases are being made in the Los Angeles area, Midwest, and some even in Europe.

… Peregrina said her banks refunded the money from the fraudulent charges, but the biggest inconvenience was going door-to-door to local merchants explaining she had been a victim of ID theft, to get the check overdraft charges waived.



Watch!

http://news.cnet.com/8301-13578_3-10251898-38.html?part=rss&subj=news&tag=2547-1_3-0-5

Obama expected to announce cybersecurity revamp, new 'czar'

by Declan McCullagh

President Obama on Friday is expected to unveil his administration's plans to deal with cybersecurity threats to federal agencies and the private sector, including the creation of a White House "cyber czar."

It's not yet clear who that person will be, or even whether Obama will name someone during his announcement. As part of a political compromise, the new position is expected to be folded into both the National Security Council and National Economic Council.

The announcement, which is scheduled to take place at 10:55 a.m. ET in the White House's East Room, caps years of criticism of the Department of Homeland Security's efforts and months of speculation about what form the replacement cybersecurity bureaucracy will take.



I think it's a very bad idea to base your privacy policy on technology. For example, if your policy is “We do not sell any information we gather from you” What possible technology would change that? If your policy says “Don't use Facebook” you are 1) not writing a Privacy Policy and 2) admitting you have no idea how to control the use of Facebook.

http://www.bespacific.com/mt/archives/021459.html

May 28, 2009

Toward A 21st Century Framework for Federal Government Privacy Policy

Information Security and Privacy Advisory Board (ISPAB), Toward A 21st Century Framework for Federal Government Privacy Policy, May 2009

  • "[this]...report analyzes issues and makes recommendations around updating privacy law and policy in light of technological change. The Privacy Act of 1974 is the basis for much of the legal and policy framework by which the U.S. Government handles personal information. At the same time, vast changes in technology [are not changes in policy Bob] since 1974 have transformed how Federal agencies collect, use, and distribute information in major ways. While the fundamentals of the Act—the principles of fair information practices remain relevant and current, the letter of the Act and related law and policy may not reflect the realities of current technologies and information systems and do not protect against many important threats to privacy. [Are there new outcomes? Bob] Moreover, new technologies, not covered by the Act, are generating new questions and concerns; and government use of private-sector databases now allows the collection and use of detailed personal information with little privacy protections. The attached report examines these issues, and is based on a record that has been developed through the Board’ having heard from numerous panels of experts for several years. The Board provides analysis and makes recommendations for the Administration and Congress to consider."



I'm mostly okay with this. It progressed from the tribe (where everybody knows your name) as a means to identify strangers. “What evidence was left at the crime scene?” has been extended from “We have a witness who saw his face.” to “He left fingerprints!” to “He left a half eaten Twinkie and we were able to extract his DNA...” So far so good.

http://www.pogowasright.org/article.php?story=20090528182416123

Federal court upholds constitutionality of DNA Fingerprint Act

Thursday, May 28 2009 @ 06:24 PM EDT Contributed by: PrivacyNews

A federal court in the Eastern District of California has upheld the constitutionality of DNA sample collection from all those arrested upon probable cause for the commission of a federal felony. The court’s order, filed in United States v. Pool, 09-015-EJG-GGH, rejected a challenge to the constitutionality of DNA sampling and cataloguing of arrestees in federal cases as it has been recently modified by the DNA Fingerprint Act.

[...]

In its decision, the court held that after a judicial or grand jury determination of probable cause has been made for felony criminal charges against a defendant, no Fourth Amendment or other Constitutional violation is caused by a requirement that the defendant undergo a mouth swab or blood test for the purposes of DNA analysis to be used for criminal law enforcement identification purposes. In so determining, the court recognized that an individual arrested upon probable cause has a “diminished expectation of privacy in his own identity,” and that DNA fingerprinting as a law enforcement tool is merely a “technological progression” from photographs and traditional fingerprints, which are a “part of the routine booking process upon arrest.”

Source - Dept. of Justice, Eastern District of California, Press Release (pdf)


Related? I'm missing the logic here. What are they fishing for?

http://it.slashdot.org/story/09/05/28/2313230/Homeland-Security-To-Scan-Citizens-Exiting-US?from=rss

Homeland Security To Scan Citizens Exiting US

Posted by timothy on Thursday May 28, @07:27PM from the subtle-messages dept. Security Government United States

An anonymous reader writes

"The US Department of Homeland Security is set to kickstart a controversial new pilot to scan the fingerprints of travellers departing the United States. From June, US Customs and Border Patrol will take a fingerprint scan of travellers exiting the United States from Detroit, while the US Transport Security Administration will take fingerprint scans of international travellers exiting the United States from Atlanta. T he controversial plan to scan outgoing passengers — including US citizens — was allegedly hatched under the Bush Administration. An official has said it will be used in part to crack down on the US population of illegal immigrants."



We knew this, but now we have something to point to...

http://yro.slashdot.org/story/09/05/29/0530245/Empirical-Study-Shows-DRM-Encourages-Infringement?from=rss

Your Rights Online: Empirical Study Shows DRM Encourages Infringement

Posted by timothy on Friday May 29, @08:06AM

Hucko writes

"Ars Technica has a story about a study by Cambridge law professor Patricia Akester that suggests (declares?) that DRM and its ilk does persuade citizens to infringe copyright and circumvent authors' protections. The name of the study is 'Technological accommodation of conflicts between freedom of expression and DRM: the first empirical assessment.'"

The study itself is available for download (PDF); there's also a distillation here.



Know your new nay-bour.

http://www.bespacific.com/mt/archives/021461.html

May 28, 2009

Library of Congress Resources on Supreme Court Nominee Sonia Sotomayor

Law Library of Congress: Supreme Court Nominations - Sonia Sotomayor



We've been telling you for years that Operating Systems would become irrelevant.

http://www.pcworld.com/businesscenter/blogs/bizfeed/165653/html5_could_be_the_os_killer.html

David Coursey, PC World | Thursday, May 28, 2009 7:35 AM PDT

HTML5 Could Be the OS Killer

For companies that compete with Microsoft, HTML5 is almost the Holy Grail, offering the ability to run applications regardless of the underlying operating system. While the browser isn't more important than operating system today, Google this week firmly suggested it is only a matter of time.


Related

http://toolbar.tv-fox.com/

Firefox TV

TV Add-on for Firefox - Watch TV directly from your Firefox Browser, it’s Easy & Free!

2780 Live TV Channels sorted by country & category, the TV-FOX allow you to watch thousands of TV channels freely available on the internet. powered by the biggest and most up to date database



Poorly presented research. Searching for these words is not dangerous. Downloading files from “evil” websites is! I suggest this survey only demonstrates that people who are constantly looking for new/different screensavers are probably too ignorant to know they are probably downloading malware with their pretty pictures.

http://blogs.zdnet.com/security/?p=3457

The Web's most dangerous keywords to search for

Posted by Dancho Danchev @ 4:50 pm May 27th, 2009

Which is the most dangerous keyword to search for using public search engines these days? It’s “screensavers” with a maximum risk of 59.1 percent, according to McAfee’s recently released report “The Web’s Most Dangerous Search Terms“.



For my fellow teachers...

http://teachingcollegemath.com/?p=929

Choosing a Web 2.0 Tool

… The result of this thinking and researching was a new handout to use for the presentation to help participants either choose between general tools (like wiki, blog, or website) or more specific choices like (Animoto, Prezi, Slideshare).

… “Bloom’s Digital Taxonomy“ maps Web 2.0 tools to the categories in Bloom’s taxonomy of educational objectives.



For the Forensic file... This is actually an old technique. Think of an envelope with a “coded” return address containing an “encrypted” letter that is complete gibberish. If the “other guys” are complete idiots (something you can't count on) they will ignore the envelope and concentrate all their efforts on the “encrypted message.”

http://www.theregister.co.uk/2009/05/28/tcp_steganography/

Hiding secret messages in internet traffic: a new how-to

Covert messages exploit TCP

By Dan Goodin in San Francisco • Get more from this author Posted in Enterprise Security, 28th May 2009 20:13 GMT

Researchers have demonstrated a new way to hide secret messages in internet traffic that can elude even vigilant network operators.



For the hacker files...

http://www.makeuseof.com/tag/3-ways-to-restart-your-computer-over-the-internet/

3 Easy Ways To Restart Your Computer Over The Internet

May. 28th, 2009 By Ryan Dube


Ditto Old doesn't mean ineffective. I wonder if modern security departments even check for tools this old? I might even have one of these in my box of “obsolete computer stuff”

http://tech.slashdot.org/story/09/05/28/1745203/45-Year-Old-Modem-Used-To-Surf-the-Web?from=rss

45-Year-Old Modem Used To Surf the Web

Posted by timothy on Thursday May 28, @02:33PM from the cool-wooden-case dept.

EdIII writes with this awesome snippet from Hack a Day:

"'[phreakmonkey] got his hands on a great piece of old tech. It's a 1964 Livermore Data Systems Model A Acoustic Coupler Modem. He recieved it in 1989 and recently decided to see if it would actually work. It took some digging to find a proper D25 adapter and even then the original serial adapter wasn't working because the oscillator depends on the serial voltage. He dials in and connects at 300baud. Then logs into a remote system and fires up lynx to load Wikipedia. Lucky for [phreakmonkey] they managed to decide on a modulation standard in 1962. It's still amazing to see this machine working 45 years later.' Although impractical for surfing the Internet today, there is something truly cool about getting a 45-year old modem to work with modern technology. The question I have, is what is the oldest working piece of equipment fellow Slashdotters have out there? I'm afraid as far back as I can go is a Number Nine Imagine 128 Series 2 Graphics card on a server still in use at my house which only puts me at about 14 years."


More for my hackers

http://www.makeuseof.com/tag/how-to-trace-your-emails-back-to-the-source/

How To Trace Your Emails Back To The Source

May. 28th, 2009 By Stefan Neagu

Most people won’t notice this, but emails actually arrive in your inbox with a ‘receipt’, which contains a lot of information about the sender. In order to find the sender’s identity, we only need to retrieve an IP address, but inside the email header we can also find the originating domain, reply-to address and sometimes even the email client, for example Thunderbird.

Why would you want to find out the identity of the sender? Well, you may have heard of shady email scams or emails supposedly from Paypal inviting you to re-enter your personal information. Now, you can determine if an email is truly from the authentic source.



Another “What I need is...” tool

http://www.killerstartups.com/Web20/digizal-com-apps-for-every-occasion

Digizal.com - Apps For Every Occasion

http://www.digizal.com/

Portals that let you know about apps that are released are nothing new. There are as many as recycled melodies in The Kinks’s catalogue, and that is only good from the point of view of the users… until so many app review sites become available that is necessary to have a database of sites reviewing apps. Until that day comes, you can learn about these sites here.

… It has the distinction of including not just reviews of PC apps, but also reviews of applications for other systems such as Macs and mobile devices.

… A very nice touch is an application center that will let you specify what it is that you need help with from a provided list, and then be presented with the relevant options.



Amusement – and some images for my “history of computing” lecture.

http://www.pcworld.com/printable/article/id,165612/printable.html

Evolution of the PC

Since the personal computer debuted in 1971, a Darwin-esque evolution process has lifted the PC from modest beginnings to its current role as an indispensable part of life in the 21st century.

Jon Brodkin, Network World Wednesday, May 27, 2009 11:00 PM PDT

Thursday, May 28, 2009

This one might have some potential. You judge...

http://www.pogowasright.org/article.php?story=20090527115503875

Nominee Sotomayor on Privacy and Civil Liberties

Wednesday, May 27 2009 @ 11:55 AM EDT Contributed by: PrivacyNews

There have been a few references to Supreme Court nominee Sonia Sotomayor’s judicial records on privacy-related issues in the blogosphere and mainstream media today, and I thought I might take a more detailed look at her record. Here are some cases she ruled on, with summaries from lexisONE, where you can read the cases in more detail by signing up for a free account.

Source - Chronicles of Dissent



What were they thinking?

http://it.slashdot.org/article.pl?sid=09/05/27/2317213&from=rss

Data Breach Exposes RAF Staff To Blackmail

Posted by samzenpus on Thursday May 28, @01:02AM from the skeletons-in-the-closet dept. Security Privacy

Yehuda writes

"Wired reports, 'Yet another breach of sensitive, unencrypted data is making news in the United Kingdom. This time the breach puts Royal Air Force staff at serious risk of being targeted for blackmail by foreign intelligence services or others. The breach involves audio recordings with high-ranking air force officers who were being interviewed in-depth for a security clearance. In the interviews, the officers disclosed information about extra-marital affairs, drug abuse, visits to prostitutes, medical conditions, criminal convictions and debt histories — information the military needed to determine their security risk. The recordings were stored on three unencrypted hard drives that disappeared last year.'"



Before you write your security plan...

http://www.pogowasright.org/article.php?story=20090527042421992

Identity Theft from the Victim’s Perspective: Identity Theft: The Aftermath 2008 Released

Wednesday, May 27 2009 @ 10:30 AM EDT Contributed by: PrivacyNews

As it has done every year since 2004, the Identity Theft Resource Center (ITRC) has released a report on the impact of identity theft as reported by those who contacted ITRC for help during the past year.

The report, based on responses to 43 questions, covers 15 major aspects of victimization. Some of the key findings from the 2008 data:

  • Financial-only identity theft crimes were reported by 73% of the respondents, slightly less than in 2007.

  • More than 2/3 of those responding to questions about medical identity theft reported that medical providers billed for services received by an imposter. Another 56% were contacted by a collection agency or billing department for those services. One-third of the respondents said there is now another person’s information on their medical records and 11% were denied health or life insurance due to unexplained reasons. This was the first year that ITRC included questions specifically about medical identity theft. The report does not indicate what percent of all respondents responded to these questions, so their statistics are likely to be an overestimate for a general population of ID theft victims. Even so, the numbers may surprise those who have viewed medical identity theft as more of a rarity.

  • One of the most striking differences in this year's responses was that only 34% of respondents discovered identity theft due to an adverse situation. Last year, 82% of respondents had found out due to an adverse event such as being contacted by a creditor or collection agency demanding payment on a late bill or returned check, being notified about a warrant for an arrest; etc.. Proactive measures in discovering the crime, by both businesses and victims, increased from 2007 to 2008. More victims reported finding out about the identify theft from the business (21% in 2008 vs. 10% in 2007) or from self-protective measures such as checking credit reports (45% in 2008 vs. 8% in 2007).

In addition to other findings, the report also includes some data on the difficulty victims experienced in clearing their records. Some of the explanations given included faulty credit reports being reposted by credit agencies after being cleared or accounts being sold to new collection agencies even though they had been cleared.

The full report can be found on ITRC's web site.



You would think the President would be able to find a lawyer somewhere in Washington...

http://www.nytimes.com/2009/05/27/health/policy/27health.html?hp

Antitrust Laws a Hurdle to Health Care Overhaul

By ROBERT PEAR May 27, 2009

WASHINGTON — President Obama’s campaign to cut health costs by $2 trillion over the next decade, announced with fanfare two weeks ago, may have hit another snag: the nation’s antitrust laws.

Antitrust lawyers say doctors, hospitals, insurance companies and drug makers will be running huge legal risks if they get together and agree on a strategy to hold down prices and reduce the growth of health spending.

Robert F. Leibenluft, a former official at the Federal Trade Commission, said, “Any agreement among competitors with regard to prices or price increases — even if they set a maximum — would raise legal concerns.”



I don't think he likes them

http://www.zeropaid.com/news/86315/harvard-prof-calls-riaa-lawsuits-unconstitutional-abuse-of-law/

Harvard Prof Calls RIAA Lawsuits “Unconstitutional Abuse of Law”


Related

http://www.pogowasright.org/article.php?story=20090528054604264

Group calls for overhaul of privacy regulations

Thursday, May 28 2009 @ 05:46 AM EDT Contributed by: PrivacyNews

The United States' 35-year-old federal privacy law and related policies should be updated to reflect the realities of modern technologies and information systems, and account for more advanced threats to privacy and security, according to a report sent on Wednesday to Office of Management and Budget Director Peter Orszag.

In its 40-page paper, the National Institute of Standards and Technology's Information Security and Privacy Advisory Board calls for Congress to amend the 1974 Privacy Act and provisions of the 2002 E-Government Act to improve federal privacy notices; clearly cover commercial data sources; and update the definition of "system of records" to encompass relational and distributed systems based on government use of records, not just its possession of them. The panel included technology experts from industry and academia.

Source - GovExec.com Related - Letter (pdf)



Implementing a law firm wiki

http://www.bespacific.com/mt/archives/021454.html

May 27, 2009

New on LLRX.com: Navigating the Enterprise 2.0 Highway

Navigating the Enterprise 2.0 Highway: Heather Colman provides an overview of Hicks Morley's implementation of ThoughtFarmer, an Enterprise 2.0/wiki style intranet platform, one year ago. Despite a few growing pains, she describes how the application was successful at meeting the primary objectives to decentralize content updates and increase knowledge sharing and collaboration within the firm.



It's bad enough when they rig the Presidential elections, but this could cause riots!

http://tvdecoder.blogs.nytimes.com/2009/05/27/att-may-have-swayed-idol-results/

AT&T May Have Swayed ‘Idol’ Results

By The New York Times May 27, 2009, 2:08 pm

Edward Wyatt reports: AT&T, one of the biggest corporate sponsors of “American Idol,” may have influenced the outcome of this year’s competition by providing phones for free text-messaging services and lessons in casting blocks of votes at parties organized by fans of Kris Allen, the Arkansas singer who was the winner of the show last week . Read more in Wednesday’s New York Times …



For the Swiss Army folder (You never know when you might need to talk to your kids.)

http://www.makeuseof.com/dir/lgdtxtr-text-messaging-lingo-translator/

Lgdtxtr: Text Messaging Lingo Translator

Lgdtxtr is an online translator for translating teen text messaging lingo to regular English. The application is useful for parents to keep in the know of what kids are texting about or simply for those who wants to learn it.

Visit Lgdtxtr @ www.lgdtxtr.com Similar sites: Twonvert and 140it.



For my hacker/students

http://www.wired.com/threatlevel/2009/05/viral-video-hoax-or-proof-of-impending-cyber-apocalypse/

Viral Video Hoax, or Proof of Impending Cyber Apocalypse?

By Kevin Poulsen May 26, 2009 7:08 pm

Wednesday, May 27, 2009

Pretty fast response. Keystroke loggers are not the best way to steal data, but they work.

http://www.databreaches.net/?p=4305

Virus compromises Health Dialog Services employee data

May 26, 2009 by admin Filed under: Healthcare Sector, Malware, U.S

On May 12, Boston-based Health Dialog Services Corporation notified (pdf) the New Hampshire Attorney General’s Office that they had detected a virus on their network that compromised company data, including data stored in the Internet Explorer browser cache on employee computers. The virus was detected on May 5.

The company subsequently determined that the compromised data included personally identifying information that the employees typed while using IE on their computers such as social security numbers, names, addresses, credit card numbers and expiration dates, user names and passwords.

HDSC provided initial email notification to the employees with an offer of free services on May 6; with formal letters sent out on May 14. They report that 390 New Hampshire residents were being notified, but do not indicate how many employees from other states were also affected.



Update Did they wait until after the Visa deadline? Perhaps they own stock in Visa... Next time banks, replace the cards – it's cheap insurance.

http://www.databreaches.net/?p=4313

Rash of debit fraud due to Heartland Payment Systems breach

May 26, 2009 by admin Filed under: Financial Sector, Hack, ID Theft, Malware, U.S.

When Heartland Payment Systems announced a major breach on January 20, some banks and credit unions decided to replace cards proactively. Others decided to just monitor the cards flagged. Now, one week after the deadline for submitting claims to Visa, some banks may be regretting their decision not to replace cards. For example, consider this news report from Eyewitness News in Putnam, CT:

Hundreds of Putnam Bank customers had their debit cards canceled over the weekend after reports of widespread fraud.

[...]

Bank CEO Thomas Borner said Putnam Bank had been tracking reports of fraudulent charges all week and had to shut down hundreds of debit cards.

“At that point on Friday afternoon, as inconvenient as it was going to be, we really had no choice because some accounts were being overdrawn,” he said.

Earlier in the year, credit card processor Heartland announced that some Visa card numbers had been compromised.

“We absolutely know it was a third-party breach,” Borner said. “It has nothing to do with Putnam Bank.”

Customers were notified by mail, he said, but last week money started disappearing. All the affected cards were from Heartland, he said.

[...]

The charges were showing up around the country at places like Wal-Mart and at gas stations, they said, but none were in Connecticut.



Is this reasonable or just Texas? I wonder if this cuts the number of identity theft incidents in the state – I'd bet not.

http://www.databreaches.net/?p=4321

TX: Man sentenced to 25 years for identity-theft scheme

May 27, 2009 by admin Filed under: ID Theft, State/Local, Theft, U.S.

Here’s another case of a stiff sentence for ID theft. Billy Coats was sentenced to 25 years in prison after pleading guilty to fraudulently using or possessing identifying information. At the time of his arrest, Coats was found in possession of more than 200 personal-identification items as well as computer equipment to make fake IDs and checks.

He could have received a life sentence under a law passed in Texas that elevated his crime to a first-degree felony because he possessed more than 50 stolen documents.



I don't think they get it. They seem to forget that we live in a computer age and all of these “evil tasks” can be automated.

http://consumerist.com/5260257/credit-card-processors-launch-a-new-strategy-to-defeat-theft

Credit Card Processors Launch A New Strategy To Defeat Theft

By Chris Walters, 12:41 PM on Tue May 26 2009

This fall, credit card processors will being rolling out a new approach to preventing data theft, based on the assumption that it's impossible to thwart every attack. Instead of keeping 100% of criminals out, they'll segment and encrypt the data into such small chunks that it will no longer be a cost-effective crime.

… It involves new point-of-sale hardware that can encrypt each day's batch of credit card numbers separately, then shuttle each daily pack off to Heartland's data centers for archiving. [A day's take at a WalMart wouldn't be “tiny” (except when compared to what Heartland or TJX lost) Bob]

It's a better approach than what we currently have. For one thing, retailers will no longer have any reason to store credit card numbers. [Aren't they forbidden to do so under the PCI agreement? Bob] But it's not an ideal solution and there are some definite costs, as Schuman points out below. In fact, there's a much better end-to-end encryption solution that we could already be using but aren't simply because it's not as profitable for card companies like Visa and Mastercard. [“Damn the customers! Look at the bottom line!” Bob]

… First of all we really can't keep the bad guys out. Trying to do that is futile. Might as well let 'em in, and let them steal a certain amount of data, and let them go. A, they're going to anyway, and B., if you do it that way, you make sure they don't get enough data that they can profitably sell. If you do that, they're not going to steal it, or at least not very often, because they're not going to make money that way. [Reasonable if you are talking about physical theft, but this is electronic theft – you don't have to be at each WalMart store in the country to steal all the credit card data. Bob]

… They're not going to make any money off of that, and it's not cost-effective to break in at 50 different locations. [How expensive is a mouse click? Bob]



Are we starting to see some pushback?

http://www.pogowasright.org/article.php?story=20090527042206201

The Hidden Cost of Privacy

Wednesday, May 27 2009 @ 04:22 AM EDT Contributed by: PrivacyNews

Special interest groups and lawyers claim they are defenders of individual privacy. But all that red tape is causing more harm to consumers than good.

Source - Forbes.com

[From the article:

In a world of tight budgets and sacrificed programs, one sector has continued to grow with the speed and choking effectiveness of kudzu: regulations around privacy.



We don't want anything to interfere with our surveillance of you.”

http://news.cnet.com/8301-17852_3-10249834-71.html?part=rss&subj=news&tag=2547-1_3-0-5

Four states' DMVs frown on smiling

by Chris Matyszczyk May 26, 2009 10:22 PM PDT

… Well, perhaps you might rejoice that you don't live in Arkansas, Indiana, Virginia, or Nevada.

Those states--and perhaps more to come--have decided to enact a no-smiling policy on driver's license photos.

Their intentions are noble. You see, these states have invested in very fine software that compares photos on licenses to other photos already taken. No one wants to have their identity assumed by shifty people. So the software is a valuable method of prevention.



Hey kids! Want to be more popular?

http://www.techcrunch.com/2009/05/26/warning-twittercut-worm-plays-on-peoples-desire-for-more-followers/

Warning: Twittercut Worm Plays On Your Desire For More Followers

by MG Siegler on May 26, 2009

Everyone wants more Twitter followers. It’s kind of the name of the game. But if you see some tweets in your stream that proclaim: “OMG I just got over 1000 followers today from http://twittercut.com” — don’t be fooled, it’s a scam. The link takes you to a site that requests your Twitter login and pass. It then sends out this tweet to all your followers — a typical worm.



I wonder if I can get a 'desk copy' to evaluate?

http://news.softpedia.com/news/U-S-Military-Developing-Hacking-for-Dummies-Cyber-Warfare-Device-112483.shtml

U.S. Military Developing Hacking-for-Dummies Cyber-Warfare Device

Move some sliders, push a button and you're in

By Lucian Constantin, Web News Editor 25th of May 2009, 13:19 GMT

U.S. Defense Department officials were so impressed with the level of coordination between ground military ops and cyberattacks against strategical targets during the recent conflicts, that they are now looking for ways to weaponize hacking. Aviation Week glanced at such a device and reports that it is being designed to be easily used even by non-techy soldiers.



I can't work today! It's Mother's Day in Bolivia!

http://www.makeuseof.com/dir/earthcalendar-calendar-of-holidays-and-celebrations-worldwide/

EarthCalendar: Calendar of Holidays And Celebrations Worldwide

EarthCalendar is an online calendar of holidays and celebrations across the globe. You can either click ‘Today’ button and view holidays on this date or alternatively browse holidays by date, country, religion, view international holidays, lunar phases and eclipses for current and past year.

http://www.earthcalendar.net/index.php



Of course, I would never do this to those of you who read this via email.

http://www.makeuseof.com/dir/whoreadme-track-sent-email/

WhoReadMe: Track Sent Email & Get Alerts When They Read

WhoReadMe is an online email tracking service that lets you track sent emails and get real-time alerts when they viewed. The idea is simple WhoReadMe embeds a transparent tracking image with unique ID into your email. Once recipient opens your email, tracking image will be loaded and you will be alerted.

Tuesday, May 26, 2009

Update It's interesting to see what they didn't know in time for the original notification. For example, if all the data was encrypted, they might not have needed to notify anyone!

http://www.databreaches.net/?p=4298

Update: Laptop stolen from UFCW also contained Canadians’ data

May 26, 2009 by admin Filed under: Miscellaneous, Non-U.S., Theft, U.S.

Remember that laptop stolen from United Food and Commercial Workers International in March? Some new details are emerging.

First, it turns out that Canadians’ details were also on the laptop. Bill Kaufmann of the Calgary Sun reports that a local union president said the laptop contained information on 28,000 Alberta members, [Why were they on a New York City laptop? Bob] including their social insurance numbers.

A recipient of a notification letter also revealed that his letter indicated that the theft occurred from a New York City UFCW office.

At the time of the union’s notification to the New Hampshire Attorney General, the total number of people affected was not indicated. Nor was the location of the theft or any statement as to whether the data were encrypted.

While total numbers have as yet to be revealed, Kaufmann’s story cites a union official as saying that the data were encrypted.

Alberta’s Privacy Commissioner has reportedly launched a probe of the incident. Although encryption might provide safe harbor here in the U.S., it will be interesting to see if Canada imposes any sanctions or requires new security procedures.



Some stats and some jargon.

http://www.newscientist.com/article/mg20227091.400-how-much-is-your-identity-worth.html?full=true

How much is your identity worth?

25 May 2009 by Jim Giles

… It was not always like this. In the early days, criminal hacking required advanced technical skills. But organised crime has moved in and the black market has become a service economy where anybody can buy a career in cybercrime.



Not sure it is as interesting or insightful as other “new economy” articles, but worth browsing...

http://www.wired.com/culture/culturereviews/magazine/17-06/nep_essay

The New New Economy: More Startups, Fewer Giants, Infinite Opportunity

By Chris Anderson Email 05.22.09



Not the most effective system...

http://it.slashdot.org/article.pl?sid=09/05/25/2221230&from=rss

DoD Sharing Threat Data With Critical Industries

Posted by kdawson on Tuesday May 26, @03:29AM from the scratch-your-back dept. Security Businesses The Military

Hugh Pickens writes

"The Washington Post reports that for the past two years, the Defense Department has been collaborating with critical industries to stem the loss of important defense industry data — by some estimates at least $100 billion worth over that time. The Pentagon is considering ways to share its threat data with other industries including telecommunications and Internet service providers, led by the DoD's Cyber Crime Center, the clearinghouse for threat data from the NSA, military agencies, the DHS, and industry. The Pentagon's trial program with industry illuminates the promise and the pitfalls of such partnerships: a reluctance of intelligence and law enforcement agencies to release threat data they consider classified, and the companies' fear of losing control over personal or proprietary information. 'This isn't just about national security,' says Barbara Fast, vice president of Boeing Cyber Solutions. 'It's about the economic well-being of the United States.'"

[From the article:

This information exchange took place, government and industry officials said, because the companies and the Pentagon have begun to trust one another. [Should we call this a miracle, or an “Uh Oh?” Bob]

… The threat scenarios, experts say, are chilling: a months-long blackout of much of the United States, wide-scale corruption of electronic banking data, a disabling of the air traffic control system. [With probabilities somewhere south of twenty decimal places. Bob]



Risks are not always rational, so how do you predict them?

http://www.pcworld.com/article/165440/youtube_yanks_thousands_of_porn_videos.html

YouTube Yanks Thousands of Porn Videos

Oliver Garnham, PC Advisor May 24, 2009 11:28 am

YouTube has removed thousands of pornographic videos from its servers following a coordinated attack which succeeded in uploading a catalogue of inappropriate clips to the video-sharing site.

4Chan, a bulletin board for Japanese manga content, has been blamed for the attack, which used the names of celebrities such as Hannah Montana to lure unsuspecting YouTube users to the porn videos.

YouTube's owner, Google, said thousands of videos have been deleted, but some may remain accessible for some time while the company removes the content and associated thumbnail images.

… However, tracking the content being uploading is a mammoth task. YouTube said in a blog on Wednesday that 20 hours of video is now being uploaded every minute. This has grown from 15 hours per minute in January 2009, and six hours per minute two years ago.



Clearly, someone believes that the American public is online. Or maybe someone pointed out that using their own website is far cheaper than purchasing space in the local newspaper. Or maybe the local paper just closed its doors...

http://news.slashdot.org/article.pl?sid=09/05/25/212203&from=rss

Public Notices Going Online, Not In Newspapers

Posted by kdawson on Monday May 25, @07:00PM from the let's-see-if-you-can-find-it-now dept.

An anonymous reader tips a story up on Bnet.com about the growing trend for governments and others to eschew newspapers and post notices of public record on their own Web sites. It's under discussion at local, state, and national government levels, including in the SEC and the states of Pennsylvania and Wisconsin, so far.

"If classified ads were a backbone of the newspaper business, then the very center of the spine was the public notice. Mandated by laws and courts, these often long recitations of detail were to give official notification, to any who were interested, of the legal intents and actions of both government entities and companies that found themselves under some appropriate regulation. But a growing number of state and local governments want to move public notices online to their own sites as a cost-cutting measure. Beyond newspaper economics, critics are concerned that the shift would allow government officials to effectively hide their activities from scrutiny."



As is often the case, the comments are more interesting than the question – even the funny comments reveal a lot about understanding risks and controlling networks. Remember the old B-School maxim: First find all the indispensable people – and fire them!

http://tech.slashdot.org/article.pl?sid=09/05/25/2154237&from=rss

Documenting a Network?

Posted by kdawson on Tuesday May 26, @01:15AM from the what-matters dept. Networking

Philip writes

"Three years ago I was appointed as a network manager to a barely functioning MS-based network. Since then I've managed to get it up and running — even thriving — but have been guilty of being too busy with the doing of it to document the changes and systems that were put in place. Now as I look back, I'm worried that I am the only one who will ever know how this network works. If I get hit by a bus or throw in the towel for any reason, I'd be leaving behind a network that requires some significant expertise to run. Ultimately, this won't be a good reference for me if they are trying to work out technical details for years to come. It looks like I'm going to have to document the network with all sorts of details that outside consultants could understand too (no, I don't want to be the outside consultant), especially since it's likely that my replacement will have less technical expertise (read 'cheaper'). Are there any good templates out there for documenting networks? Is anyone who has done it before willing to share some experiences? What did you wish your predecessor had written down about a network that you inherited?"



Collect the complete wit and wisdom of Centennial-Man! Also useful for evidence gathering?

http://www.makeuseof.com/tag/browse-blogs-offline-with-backstreet-windows/

Download Blogs For Offline Reading with BackStreet [Windows]

May. 25th, 2009 By Guy McDowell



Interesting. I wonder if the White Hat club would like to build a few of these? (Some interesting links in the comments...)

http://ask.slashdot.org/article.pl?sid=09/05/25/1847208&from=rss

Best Way To Build A DIY UAV?

Posted by ScuttleMonkey on Monday May 25, @05:18PM from the please-include-armarment-instructions dept. Robotics

Shojun writes

"I am very interested in building my own UAV, not just one that can fly around happily, but one that I can program to say, take photos every second as it does a barrel roll under a bus (ok that part may be a pipe dream). I have enough embedded programming experience — it's the hardware which I'm uncertain about. I can go the kit way, and then build the remaining stuff, or get some Dollar Tree Foam boards and build it all. I'm in favor of ease, however. Once the plane is built, buying a dev board seems like a possibility, but I wonder whether it's overkill. Alternatively if there was a How-to-build example on the net for such an activity that I could adapt, to the degree that I could then program in even completely hardcoded flight instrutions, I can certainly take it from there. Thoughts? Has anyone here tried something like this before?"



Global Warming! Global Warming! What happens when “We gotta do something!” supersedes “What is the smart thing to do?” Should we call the Class Action lawyers?

http://hardware.slashdot.org/article.pl?sid=09/05/25/2121248&from=rss

The Great Ethanol Scam

Posted by kdawson on Monday May 25, @07:50PM from the don't-even-think-about-switch-grass dept. Power Earth

theodp writes

"Over at BusinessWeek, Ed Wallace is creating quite a stir, reporting that not only is ethanol proving to be a dud as a fuel substitute, but there is increasing evidence that it is destroying engines in large numbers. Before lobbyists convince the government to increase the allowable amount of ethanol in fuel to 15%, Wallace suggests it's time to look at ethanol's effect on smog, fuel efficiency, global warming emissions, and food prices. Wallace concedes there will be some winners if the government moves the ethanol mandate to 15% — auto mechanics, for whom he says it will be the dawn of a new golden age."



I watched the video, and I still don't understand, but apparently people find these useful. Perhaps some day I will too?

http://teachingcollegemath.com/?p=969

Social Networking for Academics

Lately I’ve been getting some emails expressing bafflement at understanding the plethora of social networks and why on earth they are being used (many of these questions come from academics). So, here’s a short introduction to social networking for academics (specifically geared towards the mathematics variety). Watch the 8-minute video here or below.



Do you suppose they have one for Law?

http://www.makeuseof.com/dir/againbutslower-wikipedia-in-plain-english/

AgainButSlower: Read Wikipedia In Plain English

Wikipedia is a grate [I often think it grates too Bob] resource to find information on many topics, however some articles can be really hard to grasp especially for non experts and people who are still learning English. AgainButSlower is a mashup website that displays a Simplified version* of the Wikipedia along the original one and helps users to understand those hard to read Wikipedia pages.

Monday, May 25, 2009

Is this how Osama got his Canadian passport?

http://www.pogowasright.org/article.php?story=20090525051036966

Ca: Breach led to demise of passport web service

Monday, May 25 2009 @ 05:10 AM EDT Contributed by: PrivacyNews

Passport Canada's online application service was shut down last month because of security concerns, says an internal document.

That rationale for killing Passport On-Line on April 30 is at odds with the public explanation that service was simply not "convenient."

Instead, a report into a 2007 website security breach shows that Passport Canada's "action plan" to correct the problem included an end to the online service. The agency now offers a downloadable form applicants can fill out, print and bring to a Passport Canada office.

Source - Toronto Star



How to avoid jury duty in Canada. ...and now every DA in the US will want to do this...

http://www.pogowasright.org/article.php?story=20090525071527893

Ca: Police Vetted Jury Pool For Crown

Monday, May 25 2009 @ 07:15 AM EDT Contributed by: PrivacyNews

Police forces in Barrie, Ont., and the surrounding region have been conducting background checks of potential jurors without their knowledge for several years at the request of the Ministry of the Attorney-General, according to documents obtained by the National Post.

Confidential police databases were searched to see if people had a criminal record, were ever charged with an offence or had dealings with the mental health system. [or voted the wrong way, or had the wrong religion, or were the wrong color... Bob] The searches were part of a Crown practice to weed out what they considered "disreputable persons" for the jury pool.

Source - National Post

[From the article:

There is no provision, however, in the provincial Juries Act that permits the Crown to use police databases to conduct background checks on potential jurors. There are instead strict rules that restrict the Crown and defence to knowing only the name, address and occupation of a potential juror from court records.



Can't wait for electronic health records, so they can “spill” some of that data onto the Internet.

http://www.pogowasright.org/article.php?story=20090525050312976

UK: NHS ‘loses’ thousands of files

Monday, May 25 2009 @ 05:03 AM EDT Contributed by: PrivacyNews

The personal medical records of tens of thousands of people have been lost by the NHS in a series of grave data security leaks.

Between January and April this year 140 security breaches were reported within the NHS – more than the total number from inside central Government and all local authorities combined.

Source - Belfast Telegraph



The future of surveillance?

http://yro.slashdot.org/article.pl?sid=09/05/24/208221&from=rss

In Istanbul, Cameras To Recognize 15,000 Faces/sec.

Posted by kdawson on Sunday May 24, @08:31PM from the for-your-own-good dept. Privacy Government

An anonymous reader writes

"Istanbul's popular (and crowded) Istiklal shopping, cafe, and restaurant street is being outfitted with 64 wirelessly controlled, tamper-proof [want to bet? Bob] face-recognition cameras attached to a computer system capable of scanning 15,000 faces per second in a moving crowd for a positive match. The link from Samanyolu, badly translated by Google, states that 3 cameras are in place so far and that if trials are successful, this will mark the first time such a system, previously used by Scotland Yard and normally reserved for indoor security use, will be put to use in a public outdoor setting. It also notes that each camera controlled by the system is capable of 'locking onto' the faces of known criminals and pickpockets detected in the crowd and 'tracking' their movements for up to 300 meters before the next, closer placed camera takes over."

Hit the link for more of this reader's background on the growing electronic encroachment on privacy in this city, which will be the European Capital of Culture in 2010, causing him to ask, "Is the historic city of Istanbul turning into the new London?"

[More Bob]



Looking for a hobby? Reminds me of a guy I knew in the Army who was the world's leading (only) authority on (what was then) Fernando Poo. I bet there are people looking hard at Cuba – for investing when Fidel finally dies and restrictions are removed.

http://tech.slashdot.org/article.pl?sid=09/05/24/1229228&from=rss

Internet Giving Rise To "Citizen Spies"

Posted by Soulskill on Sunday May 24, @10:22AM from the bond-dot-jamesbond-dot-com dept. The Internet News Politics

reporter writes

"According to a startling report by the Wall Street Journal, the Internet has empowered ordinary people to be part-time intelligence officers, uncovering secrets like military facilities and prison camps across the landscape of North Korea. The report states, '[Curtis] Melvin is at the center of a dozen or so citizen snoops who have spent the past two years filling in the blanks on the map of one of the world's most secretive countries. Seeking clues in photos, news reports and eyewitness accounts, they affix labels to North Korean structures and landscapes captured by Google Earth, an online service that stitches satellite pictures into a virtual globe. The result is an annotated North Korea of rocket-launch sites, prison camps and elite palaces on white-sand beaches. "It's democratized intelligence," says Mr. Melvin. More than 35,000 people have downloaded Mr. Melvin's file, North Korea Uncovered. It has grown to include thousands of tags in categories such as "nuclear issues" (alleged reactors, missile storage), dams (more than 1,200 countrywide) and restaurants (47). Its Wikipedia approach to spying shows how Soviet-style secrecy is facing a new challenge from the Internet's power to unite a disparate community of busybodies.'"


Related – but I bet it doesn't make the evening news.

http://tech.slashdot.org/article.pl?sid=09/05/25/1233234&from=rss

North Korea Conducts Nuclear Test

Posted by CmdrTaco on Monday May 25, @08:52AM from the happy-holidays dept. The Military

viyh writes

"North Korea conducted a nuclear test on Monday, South Korea's Yonhap news agency quoted a ruling party official as saying. A magnitude 4.7 earthquake was recorded by the USGS in North Korea. South Korean President Lee Myung-bak has called an emergency meeting of cabinet ministers over the test, Yonhap said."



Sound too good to be true? I suspect other sophisticated financial toys will be “simplified/dumbed down?” for the individual consumer. (Anyone want $2 worth of IBM stock?)

http://www.makeuseof.com/dir/petrofix-control-gas-price-increases/

PetroFix: Control Gas Price Increases

For people who drive their cars regularly, change in the price of gas can be very costly for their budget. Considering the volatility of gas prices, imagine if you could hedge against future gas price increases. Petrofix lets you do just that. It lets you lock in a fixed price for a gas, so when the price goes up in the future, you won’t incur any additional costs.



There goes the bandwidth... I didn't understand the need to tweet, now everyone under 18 needs to show me their cat/skateboard/purple hair?

http://venturebeat.com/2009/05/23/twitvidio-strikes-back-lets-you-tweet-from-directly-from-webcam/

TwitVid.io strikes back — lets you tweet directly from webcam

Matt Marshall | May 23rd, 2009

The combination of Twitter and real-time video is nirvana for the socialite.

What more would you want than to be able to sit there and tweet videos of yourself in rapid fire, all day long?

Now TwitVid.io is letting you do just that: tweet videos directly from your webcam on your computer. It will be ready by the end of the weekend, says TwitVid.io co-founder Chrys Bader. You’ll just hit a button directly on the site that says “Direct from webcam,” and it’ll take your video and upload it to your tweet as soon as you hit stop.

It’s the latest counterpunch in a fast-moving race between TwitVid.io and its San Francisco cross-town rival Twitvid.com to out-(t)wit each other.

TwitVid.io struck first on Monday, offering an easy way to upload video into a link that you can then tweet. On Friday, TwitVid.com launched almost identical functionality, but with the added features such as real-time streaming and an API that lets other sites integrate it into their own offerings, thus helping TwitVid.com with distribution.



Don't try this at home! What is Apple planning?

http://www.appleinsider.com/articles/09/05/23/apple_said_building_1_billion_server_farm.html

Apple said building $1 billion server farm

By Aidan Malley Published: 07:45 PM EST

North Carolina's government is reportedly promising tax breaks to Apple in return for building a large server farm, eventually worth $1 billion, within the East coast state.



For the Hacker folder

http://www.makeuseof.com/tag/hide-your-country-of-origin-for-any-application/

Hide Your Country Of Origin For Any Application

May. 24th, 2009 By Simon Slangen

Tor has been discussed on MakeUseOf before. It’s a multi-platform application that allows you to completely hide (or manipulate) the alleged origin of your network activities. It can be used to surf anonymously and also to access country-restricted services like Hulu, Spotify, and many others.


Related. If you are grabbing illegal/immoral/fattening files, you probably don't want to keep them on your computer.

http://www.adrive.com/

ADrive

FREE 50GB Online Storage