Saturday, July 18, 2009

Today's theme seems to be “How can I misunderstand thee? Let me count the ways...”



It is always amusing that “Security Standards” can be documented in fewer pages that it took to describe the impact of the data breach.

http://www.wired.com/threatlevel/2009/07/pci/

4 Years After TJX Hack, Payment Industry Sets Security Standards

By Kim Zetter July 17, 2009 1:30 pm

Four years after hackers breached TJX’s unsecured wireless network and stole information on more than 94 million customers, a standards body for the payment-card industry has finally released guidelines for securing wireless networks.

The Payment Card Industry Security Standards Council released its 33-page report (.pdf) on Thursday



Do de do do , do de do do (theme from the Twilight Zone)

http://yro.slashdot.org/story/09/07/17/2138213/Amazon-Pulls-Purchased-E-Book-Copies-of-em1984em-and-emAnimal-Farmem?from=rss

Amazon Pulls Purchased E-Book Copies of 1984 and Animal Farm

Posted by Soulskill on Friday July 17, @06:39PM from the miniplenty-malquoted-kindle-rectify dept. books handheld

Oracle Goddess writes

"In a story just dripping with irony, Amazon Kindle owners awoke this morning to discover that 1984 and Animal Farm had mysteriously disappeared from their e-book readers. These were books that they had bought and paid for, and thought they owned. Apparently the publisher changed its mind about offering an electronic edition, and apparently Amazon, whose business lives and dies by publisher happiness, caved. It electronically deleted all books by George Orwell from people's Kindles and credited their accounts for the price. Amazon customer service may or may not have responded to queries by stating, 'We've always been at war with Eastasia.'"


(Related) Is this the result of outrage by customers or a quiet conversation with their lawyers about the potential for Class Actions?

http://news.cnet.com/8301-13860_3-10290047-56.html?part=rss&subj=news&tag=2547-1_3-0-5

Amazon says it won't repeat Kindle book recall

by Ina Fried July 17, 2009 4:59 PM PDT

Amazon said late Friday that it recalled two Kindle e-books because the publisher lacked the rights to the book. However, in the future, it says it won't pull already downloaded material from customers' devices.

… Some said that Amazon's move appeared to violate its own terms of service.



Doesn't this smell like a scam? “Give me money to find out if the police know you're a victim of Identity Theft.”

http://www.databreaches.net/?p=6275

Four million British IDs up for sale on the internet

July 17, 2009 by admin Filed under Breach Incidents, Non-U.S., Of Note, U.S.

The identities of more than four million Britons are being offered for sale on the internet, The Times has learnt. Highly sensitive financial information, including credit card details, bank account numbers, telephone numbers and even PINs are available to the highest bidder.

[...]

The information being traded on the web has been intercepted by a British company and collated into a single database for the first time. The Lucid Intelligence database contains the records of four million Britons, and 40 million people worldwide, mostly Americans. Security experts described the database as the largest of its kind in the world.

[...]

The database is held by Colin Holder, a retired senior Metropolitan police officer, who served on the fraud squad. He has collected the information over the past four years. His sources include law enforcement from around the world, [...as well as his local mob contacts... Bob] such as British police and the FBI, anti-phishing and hacking campaigners and members of the public. Mr Holder said he had invested £160,000 in the venture so far. He plans to offset the cost by charging members of the public for access to his database to check whether their data security has been breached.

Read more on The Times Online.



“Hey! We got all this stimulus money that we have to spend! Spending it on projects we couldn't do before because we didn't have enough money would be too logical, so we have to come up with completely new boondoggles. And this will save us lots of money providing we never have a data breach.”

http://www.pogowasright.org/?p=1954

LA’s move to the cloud raises concerns

July 17, 2009 by Dissent Filed under Featured Headlines, Govt, Internet, U.S.

A multimillion-dollar proposal to overhaul the computer network used by thousands of Los Angeles city workers raised concerns Thursday about the security of confidential information kept by the Police Department and other agencies.

The nation’s second-largest city is considering dumping its in-house computer network for Google Inc. e-mail and office programs that are accessed over the Internet. At issue is the security of computerized records on everything from police investigations to potholes.

Read more from the Associated Press on SanLuisObispo.com.

The story quotes Pam Dixon of the World Privacy Forum, who raises a number of concerns that the city does not seem to have adequately considered nor planned for. Indeed, the idea of the entire city’s databases with personally identifiable information being up in the cloud is downright frightening to privacy advocates who point out that no how much Google may attempt to keep everything secure, the risks of compromise, access, or acquisition of sensitive data are enormous.


(Related) If you are required to store someone else's data on your computer, what happens to the RIAA's “evidence?”

http://hardware.slashdot.org/story/09/07/17/1739239/The-Pirate-Bay-to-Become-a-Distributed-Storage-Cloud?from=rss

The Pirate Bay to Become a Distributed Storage Cloud?

Posted by ScuttleMonkey on Friday July 17, @04:28PM from the volunteer-to-make-your-computer-run-slower dept. storage business internet

eldavojohn writes

"After announcing the sale of The Pirate Bay to Global Gaming Factory X, it was unknown what would become of TPB. Details of the future plans have been released. 'According to Rosso, GGF plans to build a massive "storage cloud" on top of TPB that would use individual users as storage system's nodes. Apparently users can opt out for being part of the decentralized storage system, but then they'd have to pay a monthly fee for the service. More resources the user is willing to commit for the service, the cheaper the monthly subscription fee will be ... GGF's plan is to harness the resources users are willing to allocate to the cloud service and sell that computing power and bandwidth to 3rd party companies, essentially creating a service that could be used as a content delivery network (system that most large sites — including ours — use to deliver static content, such as images, software downloads and stylesheets, faster to the end user) or even as a web hosting cloud. As the service would use P2P technology, it could bring massive savings to ISPs, as the delivery of content to an end user would be provided from the closest possible "node," most likely from an user within the same ISP network.'"



When they make this assertion aren't they saying “our companies (and citizens) are subject to your laws?”

http://www.pogowasright.org/?p=1961

Belgium fines Yahoo for protecting user privacy

July 17, 2009 by Dissent Filed under Court, Internet, Non-U.S., U.S.

from the this-is-bad… dept

For many years, we’ve discussed the many challenges faced by countries in trying to recognize that “jurisdiction” on the internet isn’t what they probably think it is. Many countries want to interpret internet jurisdiction as “if it’s accessible here via the internet, it’s covered by our laws.” But it doesn’t take much scenario planning to recognizing what a disaster would result from such an interpretation. Effectively that means that the most restrictive legislation anywhere in the world (think: China, Iran, Saudi Arabia, etc.) would apply everywhere else.

That’s why it’s quite worrisome to find out that Belgium is trying to fine Yahoo for protecting its users’ privacy and refusing to hand over user data to Belgian officials. Yahoo noted, accurately, that it does not have any operation in Belgium, and the data in question was held on US servers, not subject to Belgian law. On top of that, the US and Belgium have a good diplomatic relationship, such that such a data request could have gone through established diplomatic channels to make sure that US laws were properly obeyed as well. But, instead, Belgian officials just demanded the info from Yahoo’s US headquarters directly, and then took the company to criminal court where the judge issued the fine.

Read more on techdirt.



Perhaps they have brain damage. Have newspapers ever charged readers for content? Don't they charge for delivering the paper? (If they charged for content, the price would go up on big news days.) They forget that they make their money on advertising and that an advertiser or a potential buyer values a newspaper based on its circulation.

http://www.bespacific.com/mt/archives/021842.html

July 17, 2009

Financial Times Editor Predicts End of Free News Organization Content

Guardian UK: "The Financial Times editor, Lionel Barber, has predicted that "almost all" news organisations will be charging for online content within a year. Barber said building online platforms that could charge readers on an article-by-article or subscription basis was one of the key challenges facing news organisations."


(Related) One quick way to reduce the number of visitors to your website (the e-quivalent of subscribers) is to drop off of search engines. Why would I visit your site to see IF you are carrying a specific story when I can visit sites that I KNOW are carrying the story?

http://latimesblogs.latimes.com/technology/2009/07/google-newspapers.html

Google to newspapers: Put up or shut up

1:13 PM, July 16, 2009

Is Google stealing our content? That, anyway, seemed to be the suggestion when a European publishing group announced last week that it had garnered a number of supporters for its Hamburg Declaration, which calls for "urgent improvements in the protection of intellectual property on the Internet."

This week, Google had a reply, which basically boils down to: Put up or shut up.

In a post written by Josh Cohen, senior business product manager, on the company's public policy blog Wednesday afternoon, Google said publishers can easily tell search engines to take a hike. All it takes is a two-line piece of code, which he helpfully included in his post. Tuck that on your website, and no search engine will crawl it; the stories won't show up when people look for content using search engines.

It's unlikely that newspapers will call Google's bluff. Here's why: Google's search engine and its Google News site sends 1 billion visits to newspaper websites each month. Those visitors drive up the traffic numbers that website ad rates are partially based on. More readers = higher ad rates, which is why few publishers will say no to Google's traffic referrals.

… Google's retort to publishers is that it is open to work with them on whatever business model they deem fit. Want only paid subscribers to read? Fine, it can steer clear of the site, or follow a model like that of the Wall Street Journal, which lets readers referred from search engines see the article for free but makes them subscribe if they want to read any other articles on the site. Want the articles to expire after a few days and go into an archive where readers would have to pay to see? There's a line of code for that too.

Right now, the vast majority of newspaper sites serve up free, ad-supported content. And Google said it's happy to send traffic to those sites. Unless, of course, they don't want all those readers.



Think of them as pre-arrest mug shots.

http://www.bespacific.com/mt/archives/021845.html

July 17, 2009

111th Congress Congressional Pictorial Directory

"The 111th Congressional Pictorial Directory provides a color photograph of each member of the House of Representatives and the Senate for the 111th Congress. It also includes information about a Member of Congress' length of service, political party affiliations, and Congressional district. Also contains pictures of the President, Vice President, and House and Senate officers and officials."



For my computer security class – never rely on a password!

http://www.makeuseof.com/tag/hack-windows-passwords-with-ophcrack/

Ophcrack – A Password Hack Tool to Crack Almost Any Windows Password

Jul. 17th, 2009 By Simon Slangen

There are a lot of different reasons why one would want to use any number of password hack tools to hack a Windows password. Of course, there are the good-hearted reasons, like helping your grandpa because he forgot his password and is locked out of his own computer. Then, there are the more dubious reasons, like spying on your accountant.

In the past, MakeUseOf has published other password-cracking related articles. Those who are interest should check out T.J. Miniday’s 3 Ways to Reset Forgotten Windows Administrator Password.

However, there might be circumstances in which you’d need unnoticed access – being able to use the terminal without literally changing the password.

Ophcrack

That’s where Ophcrack comes in. Ophcrack is one of the more effective password hack tools that runs via Windows, Mac and Linux installations or on a Live CD, and it can be used to crack almost any Windows password.



Tools & Techniques Automating backups means never having to say you're sorry. And for a couple of hundred dollars, you can buy enough storage to completely safeguard all the information on your home network. (Many external hard drives come with free backup software.)

http://www.killerstartups.com/Web-App-Tools/idlebackup-nl-automatic-backup-software-for-free

IdleBackup.nl - Automatic Backup Software For Free

http://www.idlebackup.nl/

It is possible that you store very important information on your computer. However, there are so many important things you probably do on your machine that it is necessary to back them up because otherwise, you might lose them and you already know how bad that feels.

That is one of the main reasons why you should use a solution that gives you the possibility to back all your information up. In this way, you can make sure that no matter what happens to your computer your information is going to be safe.

This is an online solution called IdleBackup you can use to automatically back your files up. This service is totally free and you can be benefited with it by setting your backing up preferences. In this way you can either save you files to your whole hard disk or any other folder you want. You can save your files using your computer disk or just by using an external FTP.

Friday, July 17, 2009

A large number of small breaches are being reported today, I'll just pass on the more interesting ones.



HIPPA obfuscation?

http://www3.signonsandiego.com/stories/2009/jul/16/1m16breach001243-computers-breached-cancer-center/

Computers breached at cancer center

By Angelica Martinez Union-Tribune Staff Writer 2:00 a.m. July 16, 2009

SAN DIEGO — A letter has been sent to 30,000 patients of UCSD's Moores Cancer Center after a hacker breached the center's computers and gained access to patients' personal information.

The computer servers affected contained information such as patients' names, dates of birth, medical record number, diagnosis and treatment dates back to 2004, Marshall said. The vast majority of patients' information did not include Social Security numbers, she said.

She said there is no evidence that any of the information has actually been viewed or used. Patients' medical records, which are stored in separate servers, were not breached.


(Related) The costs of a breach include:

http://www3.signonsandiego.com/stories/2009/jul/17/1m17hacker221630-hotline-ucsd-patients-swamped/

Hotline for UCSD patients swamped

Hacker causes ID theft concern

By David Hasemyer Union-Tribune Staff Writer 2:00 a.m. July 17, 2009

… LA JOLLA — The hotline established by UCSD's Moores Cancer Center after a hacker breached the center's computers and gained access to patients'personal information has been swamped with hundreds of calls from worried patients.

… She said hospital officials have determined that just 36 of the files contained Social Security numbers.

A letter was sent to all of the patients earlier this month telling them that the center's computer network was “illegally accessed” twice by overseas hackers and that some personal information may have been stolen.

… Jan Emerson, a spokeswoman for the California Hospital Association, said it's difficult to assess what allowed the hacker into the UCSD system, and consequently there is little alarm to be raised for other hospitals. [You don't have to worry about this happening to you because we have no idea what happened? Does that strike you as an extremely illogical statement or an extremely naive one? Bob]

… “Medical records have no real value other than the very specific medical information,” Jennex said. [What am I bid for the results of Michael Jackson's drug screen? Bob]



If every state auditor can find evidence that every hospital violated access rules, the state budget deficit would vanish. Think of it as an e-Gold-Rush...

http://www.pogowasright.org/?p=1931

Kaiser Bellflower fined again for privacy breach

July 16, 2009 by Dissent Filed under Breaches, Featured Headlines, U.S.

The Kaiser Permanente hospital in Bellflower has been hit with a $187,500 fine for failing for a second time to prevent unauthorized access to confidential patient information, state pubic health officials said today.

[Updated at 3 p.m.: A spokesman for the hospital said the fine was part of the ongoing investigation into employees improperly accessing the medical records of Nadya Suleman and her children. Disciplinary action has been taken against the employees, said Jim Anderson, a hospital spokesman. All the incidents occurred in January; a previous post said they had occurred in April and May.]

State officials said Kaiser Permanente Bellflower Medical Center compromised the privacy of four patients when eight employees improperly accessed records. This is the second penalty against the hospital, officials said.

The hospital was fined $250,000 in May for failing to keep employees from snooping in the medical records of Nadya Suleman, the woman who set off a media frenzy after giving birth to octuplets in January.

Read more in the Los Angeles Times. Keep in mind that this is not HHS fining them under HIPAA, but the state fining them.



For a “Think Tank” there seems to be quite a lot of “we don't know” and (since they are politicians) a lot of double-talk and a clear statement of “You employees are to blame.”

http://www.databreaches.net/?p=6225

Center for American Progress security breached

July 16, 2009 by admin Filed under Breach Incidents, Miscellaneous, Of Note, U.S., Unauthorized Access

The Center for American Progress and the Center for American Progress Action Fund were reportedly the victims of a “highly sophisticated computer security breach by an unauthorized outside party” where the motive for the breach may not have been personal information. [No doubt they wanted to steal their Liberal bias? Bob]

In a letter to the Maryland Attorney General’s Office dated April 30, CAP’s General Counsel, Debbie Fine, reports that the names and Social Security numbers of current and former employees and dependents or 401k beneficiaries may have been accessed. Some of those affected were notified that the outside party might have accessed names and Social Security numbers of health care dependents insured by American Progress’s health care plan, the employee’s CAP and CAPF email accounts, and their office computers.

No free services were offered to those affected, which included Maryland residents, but CAP’s letter to those affected included a statement that

an unauthorized party may have gained access to the contents of your office computer. We understand that information stored on your office computer can include a wide range of sensitive information. We therefore suggest considering whether you used your office computer to store information with respect to which you may want to take additional steps.



A question for my Security students (and you readers) What are the risks? Someone uses some of my “unlimited Internet access” while drinking a “double double toil and trouble, mocha jamocha toka half-eye-of-newt rootie-toot, half-decalf distaff falstaff nonfat wing of bat summer smoothie” and I should care, why?

http://hardware.slashdot.org/story/09/07/17/0527203/Australian-Police-Plan-Wardriving-Mission?from=rss

Australian Police Plan Wardriving Mission

Posted by timothy on Friday July 17, @05:00AM from the village-green-preservation-society dept. wireless government security

bfire writes

"Police officers in the Australian state of Queensland plan to conduct a 'wardriving' mission around select towns in an effort to educate citizens to secure their wireless networks. When unsecured networks are found, the Police will pay a friendly visit to the household or small business, informing them of the risks they are exposing themselves to. Officers also hope to return to surveyed areas within a month to see if users have fixed their security settings. The idea is modeled on another campaign where officers walk around railway stations checking cars have been locked, and leaving notes warning people of the dangers involved with leaving their vehicles unsecured."



Why would they want to keep this confidential? My guess is they don't have the data erquested.

http://news.slashdot.org/story/09/07/16/1748235/RIAA-Loses-Bid-To-Keep-Revenues-Secret?from=rss

RIAA Loses Bid To Keep Revenues Secret

Posted by timothy on Thursday July 16, @02:43PM from the but-your-honor-that's-our-secret-recipe-for-money-soup dept. court money

NewYorkCountryLawyer writes

"The RIAA's motion to keep secret the record companies' 1999-to-date revenues for the copyrighted song files at the heart of the case has been denied, in the Boston case scheduled for trial July 27th, SONY BMG Music Entertainment v. Tenenbaum. The Judge had previously ordered the plaintiff record companies to produce a summary of the 1999-to-date revenues for the recordings, broken down into physical and digital sales. On the day the summary was due to be produced, instead of producing it, they produced a 'protective order motion' asking the Judge to rule that the information would have to be kept secret. The Judge rejected that motion: 'the Court does not comprehend how disclosure would impair the Plaintiffs' competitive business prospects when three of the four biggest record labels in the world — Warner Bros. Records, Sony BMG Music Entertainment, and UMG Recording, Inc. — are participating jointly in this lawsuit and, presumably, would have joint access to this information.'"


(Related) Is this just hubris or is there something I'm just not seeing?

http://news.slashdot.org/story/09/07/17/085244/New-Developments-In-NPGWikipedia-Lawsuit-Threat?from=rss

New Developments In NPG/Wikipedia Lawsuit Threat

Posted by timothy on Friday July 17, @08:06AM from the I-see-portraits-of-dead-people dept. court media internet

Raul654 writes

"Last week, it was reported that the UK's National Portrait Gallery had threatened a lawsuit against an American Wikipedian for uploading pictures from the NPG's website to Wikipedia. The uploaded pictures are clearly in the public domain in the United States. (In the US, copies of public domain works are also in the public domain. UK law on the matter is unclear.) Since then, there have been several developments: EFF staff attorney Fred von Lohmann has taken on the case pro-bono; Eric Moeller, Wikimedia Foundation Deputy Director, has responded to the NPG's allegations in a post on the WMF blog; and the British Association of Picture Libraries and Agencies has weighed in on the dispute in favor of the NPG."


(Related) An interesting perspective.

http://www.zeropaid.com/news/86657/are-hopeless-copyright-wars-against-p2p-our-new-prohibition/

Are “Hopeless” Copyright Wars Against P2P “Our New Prohibition?”

Written by soulxtc

Stanford Law professor Lawrence Lessig says using outdated copyright laws to sue illegal file-sharers hasn’t caused a decrease in illegal file-sharing, and that in fact “a whole generation of children has been raised to think the law is an ass—and an ass that is to be ignored.”



Tools & Techniques The Internet is forever, but only if you keep making backup copies. (Note: Technology seems to be devolving. 8,000 years ago the Pharaohs knew how to make thinks last!)

http://hardware.slashdot.org/story/09/07/17/1213203/New-DVDs-For-1000-Year-Digital-Storage?from=rss

New DVDs For 1,000-Year Digital Storage

Posted by kdawson on Friday July 17, @08:52AM from the you-must-remember-this dept.

anonymous cowpie sends word of a Utah startup that is about to introduce technology for writing DVDs that can be read for 1,000 years after being stored at room temperature. (Ordinary DVDs last anywhere from 3 to 12 years, on average.) The company, Millenniata, is said to be in the final stages of negotiation with Phillips over patent licensing and plans to begin manufacture in September. 1,000-year "M-ARC Discs" are expected to retail for $25-$30 at first, with the price coming down with volume.

"Dubbed the Millennial Disk, it looks virtually identical to a regular DVD, but it's special. Layers of hard, 'persistent' materials (the exact composition is a trade secret) are laid down on a plastic carrier, and digital information is literally carved in with an enhanced laser using the company's Millennial Writer, a sort of beefed-up DVD burner. Once cut, the disk can be read by an ordinary DVD reader on your computer."

Thursday, July 16, 2009

California: Home to the most easily bribed bureaucrats in the world?

http://www.pogowasright.org/?p=1867

Pay as you drive “black boxes” threaten privacy

July 15, 2009 by Dissent Filed under Businesses, Legislation, U.S.

The California Department of Insurance (DOI) is considering regulations that would enable insurance prices to depend on the precise number of miles a car is driven in a given billing period. But in implementing these “Pay As You Drive” regulations, the DOI appears poised to empower insurance companies to require customers’ cars to be outfitted with “black-box” devices that could transmit back to the insurance companies all sorts of data about car motion (acceleration, braking, and so forth) as well as driver behavior (steering and seat-belt wearing).

Although DOI has retreated from its prior position that these devices should track your location – a definite improvement – it’s still true that every car already has a reliable, tamper-resistant device that verifies actual mileage: an odometer.

Read more on the Electronic Frontier Foundation.



New law.

http://www.pogowasright.org/?p=1880

ID theft law enacted in CT

July 16, 2009 by Dissent Filed under Breaches, Legislation, U.S.

Criminals who target senior citizens while committing identity theft will face tougher penalties this year under a law that passed with bipartisan support.

The law also empowers the state to seize cash and property obtained through identity theft and use it to reimburse victims.

[...]

The new bill bars businesses from printing their customers’ Social Security numbers on ID or access cards, or requiring customers to transmit Social Security numbers over the Internet unless the connection is secure.

Employers also are required to shred job applications so identity information on them is not revealed inadvertently.

Read more in The Hartford Courant.



One billion Indians can't be wrong! But what if they don't get a choice?

http://www.pogowasright.org/?p=1860

India to issue biometric ID cards to 1.2 billion

July 15, 2009 by Dissent Filed under Govt, Non-U.S., Surveillance

The Indian government has announced that it is to issue all of its 1.2 billion citizens with biometric identity cards.

The operation will be run by the Unique Identification Authority, a new government department created specifically for the task of assigning every living Indian an exclusive number and gathering and electronically storing their personal details.

Read more on The Telegraph.

Thanks to the The Jeff Farias Show.com for sending me this lead.

[From the article:

It is hoped that the operation, which is expected to cost at least £3 billion, [Approx $5 per card. I bet it costs a lot more. Bob] will fight corruption but it could also be used to identify illegal immigrants and tackle terrorism.

… At present Indian citizens can be issued with up to 20 proofs of identity, including birth certificates, driving licences and ration cards, although none is accepted universally.

A computer chip in each card will contain personal data and proof of identity, such as fingerprint or iris scans. Criminal records and credit histories may also be included. [Think they will be targets for hackers? Bob]

Mr Nilekani, who left Infosys, the outsourcing giant that he co-founded, to take up his new job, wants the cards to be linked to a “ubiquitous online database” accessible from anywhere.



How retro! Would anyone younger than 30 recognize the ring?

http://www.makeuseof.com/tag/free-ringtones-that-sound-like-real-phones/

Free Ringtones That Sound Like Real Phones

Jul. 15th, 2009 By Guy McDowell

Universal Phone Ring -

This one should sound familiar to almost everyone as it is the phone ring used most often in old movies and TV shows. Thanks to Hollywood Lost and Found for this one.

Black Rotary Phone Ring -

Sounds just like the one that your dad might have had in his office, doesn’t it? Those were the days.

Candlestick Phone Ring -

Ever seen those old phones where the earpiece hung on the main phone that looked like a candlestick? This is the ring from one of those.

French Rotary Phone -

Looking for that certain je ne sais quoi? This one is the ticket. C’est bon!

Classic British Phone -

I like the distinctive double-ring of the UK phones. Reminds me of old episodes of Coronation Street.

Higher Tone UK Phone -

Here’s the same kind of UK ring, but with a little higher pitch.

Now for some famous classic phone rings…

Maxwell Smart’s Shoe Phone Tone -

This is the ring that Agent 86’s shoe phone made. Yes, there was a TV show of Get Smart before the not-so-good movie.

Our Man Flint/Austin Powers Phone Ring

This one is my favourite! It seems not many people under 40 know that the phone ring from Austin Powers was taken from the Our Man Flint movie, starring James Coburn. It was also a sort of spy-spoof movie.

Counter Terrorist Unit on 24 Phone Ring -

Apparently this is the ring tone from Jack Bauer’s CTU unit on 24. Honestly, I’ve never made it through a full episode of this show, but the ringtone is pretty cool.

If what we have here doesn’t fill your boots, there is one other really good source for classic real phone ringtones that I found over at BeepZoid’s Vintage Phone Ringtones. With over 60 different ringtones in MIDI, MP3 and iPhone formats, there’s a good chance you’ll find what your looking for.

Wednesday, July 15, 2009

Follow-up They don't say it wasn't a mainframe, but unless they had cameras every few yards throughout Texas, they wouldn't need one. Interesting that the computer belonged to “Security”

http://www.databreaches.net/?p=6168

CORRECTS and REPLACES: Mainframe computer stolen from local TVCC campus

July 14, 2009 by admin Filed under Breach Incidents

Yesterday this site posted a story from and link to The Palestine Herald about a breach at Trinity Valley Community College. I just received this email, however, that the original source was in error:

Good Afternoon,

It has been brought to my attention that your website has posted as Associated Press news item regarding a potential security breach at Trinity Valley Community College in Palestine, Texas. That article contained completely erroneous information. The computer that was stolen was used exclusively for security surveillance. No personal, confidential or student information was stored on that computer. TVCC has had no breach of security at all.

If you have any questions, please feel free to contact me at the number below or on my cell phone at [redacted].

Thank you,

Jennifer Hannigan
Public Information Officer
Trinity Valley Community College



One of the primary justifications for buying laptops for employees is that they can take them with them when they leave the office. Why were all these left in the office?

http://www.databreaches.net/?p=6177

Laptops stolen from Springfield (OH) schools

July 14, 2009 by admin Filed under Breach Incidents, Education Sector, Theft, U.S.

Ten laptop computers stolen from Keifer Alternative School June 30 contained information about students with disabilities, but not social security numbers, Springfield City Schools Interim Superintendent Don Thompson said.

The district sent letters home to parents of students who were affected following the theft, said Thompson. The laptops belonged to employees of the district’s special education department, including psychologists, which relocated to Keifer as part of a plan to move all administrative offices out of the South High School building.

Read more on Springfield-Sun.



Isn't this the basis for all “data breach” cases? Either deliberately or through gross carelessness the custodian of the data leaked it.

http://www.pogowasright.org/?p=1830

Woman threatens suit against Tigo over info leak

July 14, 2009 by Dissent Filed under Breaches, Non-U.S.

Millicom Ghana, operators of Tigo could soon be in the dock for allegedly releasing confidential information about a subscriber.

A married woman, name withheld, accused the network operator of providing her ‘jealous’ husband with details of her call records.

[...]

She was however surprised when the husband produced a detailed account of all calls she had made, the duration of those calls and and text messages she sent.

Upon further investigation she found a white envelope with the inscription ‘Tigo’ containing all the details of the calls.

Read more on ModernGhana.com.



(Could have been worse, could have been a Western Diamondback.) I doubt the virus story. More likely, the Superintendent's userid and password were stolen (keylogger?) from his computer. But it does look like there was a weakness in the bank's controls...

http://www.databreaches.net/?p=6179

Western Beaver Sues ESB Bank

July 14, 2009 by admin Filed under Breach Incidents, Education Sector, Malware, Of Note, U.S.

Western Beaver School District has sued Ellwood City-based ESB Bank, saying the bank allowed someone to siphon more than $700,000 from two accounts while school administrators were off during the Christmas break in December and January.

The district says it’s still missing nearly $450,000.

According to the suit filed in Beaver County Court, someone infected Western Beaver’s computer system with a virus, which deceived the bank’s computer system into thinking that Superintendent Robert Postupac requested 74 electronic fund transfers totaling $704,610.35. Postupac was unaware of the transfers, the suit said.

Money was deposited from Dec. 29 through Jan. 5 into the bank accounts of 42 separate individuals from as far away as California and Puerto Rico. The suit did not identify the people who received the money, but noted that none of them had had any connection to Western Beaver.

Read more on iStockAnalyst.com.

[From the article:

In May, Pittsburgh's FBI office confirmed that it was investigating a computer crime within the school district. A phone call to the FBI on Friday was not returned.

… The suit alleges that ESB should have immediately realized that the transfers were fraudulent for the following reasons:

The bank's contract with Western Beaver stipulates that it can electronically transfer money only from the district's payroll account. The transfers in question came from the district's tax account and general fund account.

The contract stipulates that only certain board members and the district business manager -- not Postupac -- are permitted to authorize withdrawals from the tax and general fund accounts.

In the five months prior to the incident, Western Beaver had requested only 29 third-party fund transfers, and the unusual number of transfers should have raised a red flag.

The suit alleges that ESB eventually learned of the transfers on Jan. 2 only through a phone call from an unidentified out-of-state bank, which called after becoming suspicious when a large electronic deposit showed up in a customer's account.

At that point, the suit says, ESB had permitted 55 transfers.

It permitted about 19 more transfers after the call, the suit says.



For your Security Manager and my Excel class.

http://it.slashdot.org/article.pl?sid=09/07/14/1932234

Attacks Against Unpatched Microsoft Bug Multiply

Posted by kdawson on Tuesday July 14, @06:59PM from the how-not-to-excel dept. Security Microsoft

CWmike writes

"Attacks exploiting the latest Microsoft vulnerability are quickly ramping up in quantity and intensity, several security companies warned today as they rang alarms about the developing threat. Symantec, Sunbelt Software, and SANS' Internet Storm Center bumped up their warnings yesterday after Microsoft announced that attackers were exploiting a bug in an ActiveX control used by IE to display Excel spreadsheets. There is no patch for the vulnerability; Microsoft didn't release one in today's Patch Tuesday. A temporary fix that sets the 'kill bits' of the ActiveX control is available, but experts believe it's likely most users won't take advantage of the protection. Symantec raised its ThreatCon ranking to the second of four steps. "We're seeing it exploited, but currently on a limited scale," said Symantec's Ben Greenbaum. Sunbelt also bumped up its ranking, to high."

Firefox users can't be too complacent; Secunia is warning of a 0-day in version 3.5.



Updating (but not resolving) the issue.. Reminds me of “The Cuckoo's Egg” Let's hope the Military (somebody) has better tools! Or we could depend on the Vietnamese...

http://it.slashdot.org/story/09/07/14/1715252/UK-Not-North-Korea-Is-Source-of-DDoS-Attacks?from=rss

UK, Not North Korea, Is Source of DDoS Attacks

Posted by kdawson on Tuesday July 14, @02:16PM from the one-master-to-rule-them-all dept. security military

angry tapir writes

"The UK was the likely source of a series of attacks last week that took down popular Web sites in the US and South Korea, according to an analysis performed by a Vietnamese computer security researcher. The results contradict assertions made by some in the US and South Korean governments that North Korea was behind the attack. Security analysts had been skeptical of the claims, which were reportedly made in off-the-record briefings and for which proof was never delivered."

The Vietnamese security site's blog is linked from the article, but it is very slow even before Slashdotting. The researchers observed 166,908 zombies participating in the attacks — a number far larger than most earlier estimates.

Update: 07/14 21:24 GMT by KD : Wired is reporting that the UK owner of the IP address in question is pointing a finger at a server in Florida, which it says opened a VPN to the UK machine for the attacks. Once again, the attacker could be anywhere.



Ethics. We can, therefore we must (publish) What happened to the “fit to print” part?

http://www.pogowasright.org/?p=1839

TechCrunch reveals confidential Twitter docs

July 15, 2009 by Dissent Filed under Breaches, Businesses, Featured Headlines

Michael Arrington of TechCrunch discusses the dilemma they grappled with when they received a zip file from “Hacker Croll” containing hundreds of confidential corporate and personal documents of Twitter and Twitter employees.

There is clearly an ethical line here that we don’t want to cross, and the vast majority of these documents aren’t going to be published, at least by us. But a few of the documents have so much news value that we think it’s appropriate to publish them.

Marie Boran of Silicon Republic comments on the controversy about publishing the documents:

Plans to publish the stolen confidential corporate documents were met with some disapproval from Twitter users, some of whom labelled this action ‘going too far’, a ‘bad move’, and ‘wrong and unethical’.

In light of the recent scandal in the UK involving phone tapping by the press, this action by TechCrunch continues to raise questions on what role the media plays in the violation of privacy laws. Is this publishing in and of itself a criminal act? Where are the police with a court injunction to stop one firm publishing the stolen, private documents of another?



We're lawyers, we don't need to know nothing! Discusses social media as 'advertising'

http://www.bespacific.com/mt/archives/021819.html

July 14, 2009

Five Things Lawyers Should Know About Social Media

Five Things Lawyers Should Know About Social Media: Lawyer, writer and blogger Nicole Black advises fellow professionals about important core techniques and goals to consider before jumping on the “social media” bandwagon.



Cyborg: part man , part machine. I don't think I'd want this on record anywhere. (I don't think their last paragraph has much basis in reality either.)

http://www.pogowasright.org/?p=1814

Anonymous web data can be personal data

July 14, 2009 by Dissent Filed under Featured Headlines, Internet, Non-U.S.

The Register has a story on a fascinating legal analysis by Chris Pounder of Amberhawk Training (report here, pdf) as to how identifying yourself as being the individual associated with a particular IP address might be used to force companies such as Google and Yahoo to treat your data as being under the UK Data Protection Act. According to the report:

This analysis is valid for countries where the national data protection legislation is based on the Data Protection Directive 95/45/EC or on the OECD Guidelines; Google’s privacy policy suggests that the analysis applies to it.

According to the report’s overview:

In outline, an individual user can, at any time, send an Internet service provider his name, address, time the service was used, and any relevant URL, reference number or IP address associated with that user session. If this information is sent, then the service provider possesses all the identifying information needed to link any related service data or profiling data derived from a user session to that individual. That individual has become unambiguously identifiable and any further processing of the personal data related to the user session will engage the usual data protection obligations.

As more and more users of a service send a service provider these details, there will become a threshold of user contact after which a service provider should assume that personal data are processed on ALL users of a service without the need for user identifying information to be sent. This is because the rate of user contact is such that a service provider can anticipate that he is likely to be sent the identifying information about an individual user.

Report: IP ADDRESSES, REFERENCE NUMBERS, URLs AND THE UK’s DATA PROTECTION ACT 1998



Failure to have a clear policy or failure to ensure employees understand the policy.

http://www.pogowasright.org/?p=1826

Employee sacked for smutty emails is reinstated

July 14, 2009 by Dissent Filed under Non-U.S., Workplace

A worker sacked for sending dozens of grubby emails has got his job back after successfully arguing that the correspondence was part of a wider work culture.

Philip Walker said a culture of sending emails “where the content was not likely to offend and was banter between colleagues” existed at his Safe Air workplace in Blenheim.

The Employment Relations Authority (ERA) found in Mr Walker’s favour, awarding him $1000 for “a loss of dignity and injury to his feelings’ and ordering Safe Air to reinstate him.

Read more in The New Zealand Herald. There is some commentary on the case and its implications by an employment lawyer here.

If I apply the logic described, it seems that if a company does not make its policies clear to employees about appropriate use of its computer network or databases, it may be difficult to fire an employee for misuse. Just another reminder on the importance of ensuring that employees know and acknowledge privacy and security policies.

[From the article:

Click here for infamous email incidents



“I've been studying for my Psych test” takes on a whole new meaning...

http://yro.slashdot.org/story/09/07/14/1829231/Wikipedia-Debates-Rorschach-Censorship?from=rss

Wikipedia Debates Rorschach Censorship

Posted by kdawson on Tuesday July 14, @04:38PM from the guy-drawing-the-dirty-pictures dept. censorship internet

GigsVT writes

"Editors on Wikipedia are engaged in an epic battle over a few piece of paper smeared with ink. The 10 inkblot images that form the classic Rorschach test have fallen into the public domain, and so including them on Wikipedia would seem to be a simple choice. However, some editors have cited the American Psychological Association's statement that exposure of the images to the public is an unethical act, since prior exposure to the images could render them ineffective as a psychological test. Is the censorship of material appropriate, when the public exposure to that material may render it useless?"



Tools & Techniques

http://www.makeuseof.com/tag/10-websites-for-free-mobile-phone-ringtones-other-mobile-downloads/

10 Websites For Free Mobile Phone Ringtones & Other Mobile Downloads

Jul. 14th, 2009 By Saikat Basu



Tools & Techniques Crowd sourcing with source code. Could be used for other things...

http://ushahidi.com/

Ushahidi

Welcome to Ushahidi, which means “testimony” in Swahili, where we are building a platform that crowdsources crisis information. Allowing anyone to submit crisis information through text messaging using a mobile phone, email or web form.

Tuesday, July 14, 2009

Florida strikes again!

http://www.databreaches.net/?p=6140

FL DOE loses loan promissory notes

July 13, 2009 by admin Filed under Breach Incidents, Education Sector, Financial Sector, Lost or Missing, U.S.

Bill Cotterell of the Tallahassee Democrat reports a breach involving the Florida Department of Education’s Office of Student Financial Assistance:

The agency is notifying 475 student-loan borrowers that their financial records have been exposed to identity theft because the OSFA managed to lose 1,186 “promissory notes” that they signed when they were going to school, and have now fallen behind on.

It’s not that the money is lost. There are copies of the promissory notes, so the loans can be collected.

But Jose Blas Lorenzo Jr., director of policy, regulatory compliance and institutional review for the OSFA, said the missing files bear Social Security numbers, names and addresses, birth dates, personal references and lots of other little tidbits that could come in handy for an identity thief.

“While your file was being processed for reassignment during the week of May 25, 2009, your promissory note(s) was lost,” he wrote in the official notice approved by the Federal Trade Commission and sent to borrowers. He added that the OSFA “cannot verify if the record of your promissory note(s) has been tampered with or if the confidentiality of your promissory note(s) was compromised.”

Cotterell reportedly filed a public records request on the incident and discovered that although OSFA’s director of policy, regulatory compliance and institutional review was informed of the breach on June 2, he did not notify the bureau chief until June 23.

The story doesn’t seem to report how the promissory notes were lost.



Lexis as “good citizen?” OR, did this occur before 2004 and Lexis is only learning about it because of the arrest?

http://www.databreaches.net/?p=6146

LexisNexis warns of breach after alleged mafia bust

July 13, 2009 by admin Filed under Business Sector, Insider, Of Note, U.S., Unauthorized Access

Information broker LexisNexis has warned more than 13,000 consumers, saying that a Florida man who is facing charges in an alleged mafia racketeering conspiracy may have accessed some of the same sensitive consumer databases that were once used to track terrorists.

Lee Klein, 39, of Boynton Beach, Florida, was charged by the U.S. Department of Justice in May following an undercover sting operation that netted 11 suspects from an alleged South Florida crew of the Bonanno crime family.

On Friday, the office of the New Hampshire Attorney General posted a letter that LexisNexis sent out to consumers last month, warning that Klein may have used his access to LexisNexis’ Seisint databases “in order to perpetrate certain crimes.”

Read more of Bob McMillan’s report on Network World.

[From the article:

On Friday, the office of the New Hampshire Attorney General posted a letter that LexisNexis sent out to consumers last month, warning that Klein may have used his access to LexisNexis' Seisint databases "in order to perpetrate certain crimes."

… In a statement, LexisNexis said Monday that "the former Seisint customer involved in this matter should have provided notice to potentially affected individuals. However, because the customer is no longer in business we provided the notice."

… Seisint is best known as the creator of the ill-fated MATRIX (Multi-State Anti-Terrorism Information Exchange) terrorist data-mining project, which was shut down in 2005 following privacy concerns. LexisNexis, a division of Reed Elsevier, acquired Seisint in 2004 for US$775 million. It sells two Seisint products: Accurint, which provides information on individuals and their assets, and Securint, a background screening tool.



It takes little effort to steal an ID

http://www.databreaches.net/?p=6150

OK: ID theft attributed to online public records

July 13, 2009 by admin Filed under Breach Incidents, Exposure, Government Sector, ID Theft

Some Pottawatomie County residents claim they are the victims of identity theft, and they believe it is the result of their Social Security numbers being visible online.

[...]

At issue are mortgage and lease documents posted to a publicly accessible Web site. The documents were posted with social security numbers in view.

Pottawatomie County clerk Nancy Bryce said there is no plan currently to remove them from the Web.

Read more on KOCO.com.



Bigger is not always better. (Nor as easily fenced.) Somehow I doubt this is actually a mainframe. Sounds more like a rack-mounted server.

http://www.databreaches.net/?p=6162

Mainframe computer stolen from local TVCC campus

July 14, 2009 by admin Filed under Breach Incidents, Education Sector, Theft, U.S.

A “mainframe computer” containing confidential student information was stolen over the weekend from the Palestine campus of Trinity Valley Community College, according to local authorities.

Source: The Palestine Herald

The number of students with information on the computer was not reported, and no notice appears on the college’s web site at the time of this posting.

In an unusual twist, although thieves stole a computer and some money, they reportedly left a glass container filled with urine in the office from which the money was stolen. [Thank you for the DNA sample! Bob]

[From the article:

“Of course, they cut a lot of wires (to take the mainframe computer),” the sheriff said. [Most computer 'wiring' (cable) unplugs at both ends. Bob]



I'm sure there's a perfectly logical explanation.

http://yro.slashdot.org/story/09/07/13/1727218/Wells-Fargo-Bank-Sues-Itself?from=rss

Wells Fargo Bank Sues Itself

Posted by samzenpus on Monday July 13, @01:37PM from the so-crazy-it-just-might-work dept.

Extreme economic problems require extreme solutions, and Wells Fargo Bank has come up with a good one. They have decided to sue themselves. Wells Fargo holds the first and second mortgages on a condominium that is going into foreclosure. As holder of the first, they are suing all other lien holders, including the holder of the second, which is Wells Fargo. It gets better. The company has hired a lawyer to defend itself against its own lawsuit. The defense lawyer even filed this answer to the complaint, "Defendant admits that it is the owner and holder of a mortgage encumbering the subject real property. All other allegations of the complaint are denied." On the website The Consumer Warning Network, Angie Moreschi wrote: "We've apparently reached the perfect storm for complete and utter idiocy by some banks trying to foreclose on homes."



Citizens in a Surveillance Society. Is this a business opportunity for GPS technology (minus the phone contract)

http://hardware.slashdot.org/story/09/07/13/2148232/Tracking-a-Move-Via-Find-My-iPhone?from=rss

Tracking a Move Via "Find My iPhone"

Posted by kdawson on Tuesday July 14, @02:45AM from the unintended-consequences dept. cellphones macbook

dmolnar writes

"I recently helped my girlfriend move her stuff from Chicago, IL to Oakland, CA. The movers were scheduled to arrive at 8AM on the 5th of July, and we were stressing the day before about all the things that could go wrong with a move. We realized that if we knew where her stuff was, it'd make us feel better. This is a story about using the $99 iPhone to track the move ... and about a somewhat surprising potential use of Find My iPhone to track your friends' iPhones without them noticing."



Privacy is never a 'one size fits all” absolute.

http://www.bespacific.com/mt/archives/021813.html

July 13, 2009

Report examines Privacy Implications of Data.Gov

"Center for Democracy and Technology (CDT) today released a Policy Post discussing privacy implications for the federal data clearinghouse known as data.gov and de-identification considerations for the Open Government Directive. While this initiative signifies a step in the right direction towards a more open and transparent federal government, it must be done in concert with protecting the privacy of individuals. The Policy Post recommends specialized review procedures for each data set on data.gov. In addition, it says that different levels of data protections should be implemented in different contexts and that de-identification guidelines should be adaptable over time. This is essential in addressing consumer privacy risks associated with handling large data sets, as is the case with data.gov."



A candidate article for “A brief history of Privacy”

http://blog.law.cornell.edu/voxpop/2009/07/08/peter_winn/

Bentham and the Privacy of the Grave

Published July 8, 2009

… Bentham famously believed that publicity was the key to truth. His ideal was a Panoptic universe, where all in the world would believe themselves to be constantly observed, listened to, and monitored.



Isn't it the third generation (the grandchildren) who have the most difficulty with inherited wealth?

http://news.yahoo.com/s/nm/us_korea_north

North Korea leader Kim has pancreatic cancer: report

By Jack Kim Jack Kim – Mon Jul 13, 10:54 am ET

SEOUL (Reuters) – North Korean leader Kim Jong-il has life-threatening pancreatic cancer, South Korean broadcaster YTN said on Monday, citing information gathered from Chinese and South Korean intelligence sources.

… Kim's health is one of the most closely guarded secrets in the reclusive state. There has never been official confirmation of him falling ill.

… South Korean officials said the military grandstanding was aimed at helping Kim build internal support as he prepares for succession, with his youngest son seen as the likely heir.



Very interesting, if a bit awkward.

http://radar.oreilly.com/2009/07/recovery-mapping-arra-spending.html

Recovery Mapping: ARRA Spending Across the US

by Brady Forrest

To really understand economic and government data you need a map. This is especially important to remember right now with the American Recovery and Reinvestment Act (ARRA) spending. There's a lot of data out there and it's when you see can see the relative concentration of funds within a state that the spending priorities begin to become clear.

A number of states have put their spending plans online in map form. ESRI, the GIS toolmaker, has compiled a list of states and federal agencies that use their technology to put recovery data online. (ESRI is the dominant GIS provider to governments around the world so this a pretty good list). I applaud states and agencies that have taken the time to put their data online, I just wish that they had invested more in the UI (see Colorado's use of nurse heads to represent relative Health spending across the state for an example).



What planet are these guys living on? Some journalists. They give us a list of singers, but not the text of the document they signed. It turns out to be vague and whiny.

http://www.bespacific.com/mt/archives/021807.html

July 13, 2009

International publishers demand new intellectual property rights protection to safeguard the future of journalism

News release, July 9, 2009: "On the day that Commissioner Viviane Reding unveils her strategy for a Digital Europe during the Lisbon Council, and as the European Commission's consultation on the Content Online Report draws to a close this week, senior members of the publishing world are presenting to Information Society Commissioner Viviane Reding and Internal Market Commissioner Charlie McCreevy, a landmark declaration adopted on intellectual property rights in the digital world in a bid to ensure that opportunities for a diverse, free press and quality journalism thrive online into the future."

[From the article:

Universal access to our services should be available, but going forward we no longer wish to be forced to give away property without having granted permission. [The current law addresses that. Perhaps they don't need new laws after all? Bob]

[The Hamberg Declaration:

http://www.axelspringer.de/downloads/153453/Hamburg_Declaration.pdf



How to be a non-typical newspaper? Could be a useful app at any seminar or large classroom.

http://www.guardian.co.uk/open-platform/blog/curating-conversations

Open Platform Blog

Curating conversations

Twitter is becoming an ever present backchannel at conferences and events. However sometimes it needs curating and moderating, especially if it's to be displayed large as a part of the event. Here we talk about an app built in a few hours and open sourced today which we used for this purpose for The Guardian's Activate Summit.

Twitter is becoming a very fertile backchannel at conferences and news stories. It provides a simple mechanism for those at conferences to discuss themes, to amplify topics of interest and to engage those unable to attend. We wanted to keep the immediacy of Twitter as a backchannel but also maintain some sense of respect for the speakers, who would often have the messages writ large above their head.

… An un-moderated or un-curated stream obviously gives you the purest view in terms of openness, but when displayed large, can actually give a poorer experience for the conference goers.

The two main problems as ever are unwelcome content (swearing, racist or homophobic content, links to pornography and other linkbombs) and automated spam aimed at trending topics.



Interesting. Monitoring all that data might provide some interesting intelligence too.

http://news.cnet.com/8301-1001_3-10285718-92.html?part=rss&subj=news&tag=2547-1_3-0-5

Ghost's operating system comes alive

by Dara Kerr July 13, 2009 5:35 PM PDT

In the middle of the desert between Israel and Palestine, Ghost's high-tech Virtual Computer is set to launch Tuesday. After three years of work, Ghost finished the development of its Web-based operating system that uses "cloud computing" to let users access their desktop and data from any computer worldwide.

Ghost, short for Global Hosted Operating System, was founded in 2006 by Zvi Schreiber, whose goal was to create the Virtual Computer that works with third-party Web applications like Google Docs, Zoho, and Flickr and joins them together into one online service and can be accessed from any computer with the Internet. Users can also access their personal desktop, files and applications.


(Related) Cloud computing is the next big thing?

http://news.cnet.com/8301-19413_3-10286028-240.html?part=rss&subj=news&tag=2547-1_3-0-5

Lawyers shine light on real cloud concerns

by James Urquhart July 14, 2009 5:00 AM PDT

Like moths to a porch light (or trial lawyers to ambulances), many lawyers are finding the uncertain legal and regulatory terrain of cloud computing fertile ground for new legal analysis--and new legal business.

… The gap between the cloud and the current state of legislation is serious. Check out these examples from past posts:

… For example, take CNET's recent coverage of a panel on the effects of cloud computing on cyber crime at Symantec's Norton Cyber Crime Day. Matthew Parrella, chief of the computer hacking and intellectual property unit at the U.S. Attorney's Office, noted that "hacking" PCs by inserting software into the system by various means is being replaced by a new threat:

"That model of importation of software is becoming obsolete because we're seeing on the horizon cloud computing where so many of these operations are pushed from a user's PC or a user's computer onto Google Docs or Salesforce.com," he said.

… Barry Reingold and Ryan Mrazik, members of the Privacy and Security practice group at law firm Perkins Coie, coauthored a very well written paper in Cyberspace Lawyer (a legal journal I hope I can afford). The paper, titled "Cloud Computing: The Intersection of Massive Scalability, Data Security and Privacy" (PDF), covers a wide swath of issues largely targeted at data and processing taking place in external clouds.

… Also of interest to me was a post by Daniel Schwartz of the Connecticut Employment Law Blog, titled "Cloud Computing and Employment Law: The Uncharted Sky". In this post, Schwartz asks some interesting questions regarding data stored in external clouds:

From an employment law perspective, I have not seen much, if anything on the subject. For example, Connecticut's wage and hour laws require employers to keep track of various records of the employee including hours worked, etc. The catch? Such records need to be kept at the employer's place of business for three years. Does storing the information in "the cloud" satisfy that?

… Of course, it could also lead to a whole new collection of cloud lawyer jokes...



Another resource for my Math students

http://www.makeuseof.com/tag/the-best-free-algebra-homework-help-websites/

The Best Free Algebra Homework Help Websites

Jul. 13th, 2009 By Ryan Dube

… As usual, help is available on the Internet, and the following list are some of the best free algebra homework help websites that can make the process of learning algebra a whole lot easier.

MyAlgebra – A Free Algebra Problem Solver

A very simple and useful resource is the MyAlgebra online problem solver application. While this isn’t the first place a student should go for help, because it simply provides the answer to the equation, it is an excellent website for students to check their work.

Illuminations – Cool Algebra Activities and Lessons

Nothing is quite as frustrating for many students as trying to understand abstract concepts, and learning to do so by reading drab and boring textbooks that make you want to go to sleep. Luckily, the National Council of Teachers of Mathematics in the U.S. understands this problem and created a website called Illuminations that brings the subject (including algebra) to life for students.

Algebra.com – Math Tutors Who Just Can’t Get Enough

Of course, the best place to get some free algebra tutoring is Algebra.com, an online community of mathematicians who are obsessed with the topic. You can turn their obsession into your child’s advantage by posting problems for the tutor community to answer. The website itself offers more lessons and information than probably any other algebra help website out there.

Math.com – Interactive Algebra Help

Another valuable site filled with step-by-step instructions and lessons for students to learn the most important algebra concepts is Math.com. This site covers both the basics as well as advanced concepts under categories like “The Language of Algebra”, “Equations and Inequalities” and “Graphing Equations and Inequalities.”

Drexel University – The Math Forum

The Math Forum is a valuable public service offered by Drexel University that offers both students and teachers dozens of resources. Many of the resources are buried within internal links, but the Algebra Section alone offers classroom materials for teachers, Internet projects, public forums and even links to algebra software throughout the net.



Can I make my students subscribe?

http://radar.oreilly.com/2009/07/citizen-engineer-open-source-h.html

Citizen Engineer: Open Source Hardware Hacking Zine

by Brady Forrest

Over at Adafruit, Limor Fried and Phil Torrone have put out the first issue of Citizen Engineer. It's a zine devoted to open-source hardware, electronics arts and hacking.

… The issue also contains info on how to modify old payphones. It reminds me of 2600, but pt and Limor provide the hardware for the hacks.


(Related) Perhaps more of the Surgical Technology students will take my hacking course?

http://radar.oreilly.com/2009/07/recovery-mapping-arra-spending.html

Hackers' Next Target — Your Brain?

Posted by ScuttleMonkey on Monday July 13, @04:27PM from the true-tongue-in-cheek dept.

security biotech

Hugh Pickens writes

"Wired reports that as neural devices become more complicated — and go wireless — some scientists say the risks of 'brain hacking' should be taken seriously. ' "Neural devices are innovating at an extremely rapid rate and hold tremendous promise for the future," said computer security expert Tadayoshi Kohno of the University of Washington. "But if we don't start paying attention to security, we're worried that we might find ourselves in five or 10 years saying we've made a big mistake."' For example, the next generation of implantable devices to control prosthetic limbs will likely include wireless controls that allow physicians to remotely adjust settings on the machine. If neural engineers don't build in security features such as encryption and access control, an attacker could hijack the device and take over the robotic limb."

Relatedly, several users have written to tell us that science may be closer to the science fiction "mind wipe" than previously thought. Put this all together and I welcome the next step in social networking; letting the cloud drive my limbs around town via a live webcam and then wiping the memory from my brain. Who has MyLimb.com parked and is willing to deal?



Humor? Maybe they are looking for someone to pretend to be a satisfied customer?

http://www.networkworld.com/community/node/43490

Best Buy calls Twitter a job qualification

Employment ad asks for "250 plus followers" on social networking site

By Paul McNamara on Mon, 07/13/09 - 10:46am.

Twitter skeptics -- and they remain legion -- will find the idea silly … but it's not, particularly not in this case.

From a Computerworld Canada story:

A recent job posting on Best Buy Co Inc.’s Web site for a Senior Manager – Emerging Media Marketing position based out of the company’s corporate headquarters in Richfield, Minn. listed two preferred job qualifications: a graduate degree and 250+ followers on Twitter.

(Update: Just stumbled across this item noting that Best Buy in general is big on Twitter and that company CEO Brian Dunn has an account, albeit one that just barely would qualify him for employment in his marketing department.)


(Related)

http://www.wired.com/gadgetlab/2009/07/girl-falls-into-manhole-while-texting-parents-sue/

Girl Falls Into Manhole While Texting, Parents Sue

By Charlie Sorrel Email Author * July 13, 2009 | * 9:06 am

It’s hard to decide who are the biggest morons in this story: parents or daughter. 15 year-old Alexa Longueira was walking along Victory Boulevard in Staten Island when she fell into an open manhole.

Why didn’t she see it? You’re ahead of me here. She was too intent on tapping out a text message to notice the gaping gap in the sidewalk and just dropped straight on in.



He who steals my flash drive, steals o more – ever! KaBoom!

http://hardware.slashdot.org/article.pl?sid=09/07/13/1836204

IronKey Unveils Self-Destructing USB Flash Drive

Posted by ScuttleMonkey on Monday July 13, @05:11PM from the better-than-having-to-eat-it dept.

fysdt writes to share that IronKey has released a USB flash drive with self-destruct capability. Specializing in "secure flash drives," IronKey has launched the S200 aimed at government and enterprise customers, "featuring hardened physical security, the latest Cryptochip technology, active anti-malware and enhanced management capabilities. It's the 'first and only USB storage device to achieve FIPS 140-2, Level 3 validation' and delivers advanced Cryptochip featuring AES-256, tamper-resistance and self-destruction circuitry."