Saturday, September 19, 2009

For a second, I thought they were going to strap a GPS ankle bracelet on the kids. Looks like they just can't trust their case workers.

http://www.cbs12.com/news/children-4721120-missing-foster.html?referrer=digg

DCF adding GPS, case workers to track down children

September 14, 2009 5:27 PM

TALLAHASSEE-- Florida is doing a better job of tracking the children in its foster care program.

The percentage of missing children has dropped in half over the past two years from 2.3 percent to a record low of 1.1 percent.

Currently 257 are missing, according to the Department of Children and Families. DCF Secretary George Sheldon says 90% are runaways and they remain missing for 4 days on average.

… "We are rolling out in the next couple of months mobile units so a picture of every child is taken every 30 days. There's a GPS coordinate date and time and coordinate stamp on the photograph so you know that visit was made at that given point in time and we'll now have automatic alerts that will alert us if a visit hasn't been made," said Sheldon.



Passwords alone are not adequate security. (This is example five billion and seven)

http://www.wired.com/threatlevel/2009/09/montgomery_defense/

Intelligence Analyst Says Hacking Charge Doesn’t Compute

By Kevin Poulsen Email Author September 18, 2009 2:10 pm

A Defense Department intelligence analyst hit with a federal computer hacking charge last week says he’s being made a scapegoat for a security slip-up that sent a password in a nationwide terrorism investigation to “tens of thousands” of analysts without the need-to-know.

… According to the government, Montgomery ignored a security warning in the message he saw, and twice logged in to a system used in the terrorism investigation: first on April 9, when he stayed on for two hours, and then on April 14. He’d gotten the password from another classified message to which he also had legitimate access.

Federal prosecutors in the Eastern District of Virginia charged Montgomery on September 11 with a single felony count of gaining unauthorized access to a protected computer or exceeding authorized access, and obtaining classified information.

“It was an unclassified account,” Montgomery says.



Does this mean the rules don't apply or that neither Commerce nor Treasury want to be bothered? (That means I can give copies to my Canadian students, right?)

http://yro.slashdot.org/story/09/09/18/234248/Mozilla-Firefox-Not-In-Violation-of-US-Export-Rules?from=rss

Mozilla Firefox Not In Violation of US Export Rules

Posted by Soulskill on Friday September 18, @07:58PM from the no-news-is-good-news dept.

darthcamaro writes

"While the internet may know no borders, the US government does. There are a number of rules that affect software vendors, including encryption export regulations from the US Department of Commerce and export sanctions by the Department of Treasury. But what do you do when your application is open source and freely available to anyone in the world? Do the same the rules apply? It's a question that Mozilla asked the US government about. The answer they received could have profound implications not just for Firefox but for all open source software vendors. 'We really couldn't accept the notion that these government rules could jeopardize the participatory nature of an open source project, so we sought to challenge it,' Harvey Anderson, VP and General Counsel of Mozilla, told InternetNews.com. 'We argued that First Amendment free speech rights would prevail in this scenario. The government took our filing and then we got back a no-violation letter, which is fantastic.'"



In Brazil, the court makes the law?

http://yro.slashdot.org/story/09/09/19/0156202/Brazilian-Court-Bans-P2P-Software?from=rss

Brazilian Court Bans P2P Software

Posted by Soulskill on Saturday September 19, @12:04AM from the next-up-cars-and-cheeseburgers dept.

Earlier this year, at the behest of an anti-piracy group consisting of the usual suspects from the recording industry, a Brazilian court ruled that a company named Cadare Information Technology must implement a filter on the P2P software they distributed on their website to weed out copyrighted content. Cadare was unable comply with the order because they didn't develop the software; they merely offered it for download. The case went back to court, and a Brazilian judge has now decided to ban distribution of the software because it can be used to assist copyright infringement. "He went on to suggest that any website offering the software alongside advertising (i.e, trying to profit from offering it) would be committing a crime, punishable by between two and four years in jail."

Friday, September 18, 2009

Once your data has been stolen, the crooks have it – no matter who has been arrested.

http://www.databreaches.net/?p=7192

Commerce Bank replaces cards compromised in Heartland breach

September 18, 2009 by admin Filed under Financial Sector, Government Sector, Hack, ID Theft, Malware

Dan Margolies reports that Commerce Bank in Kansas City is first replacing credit cards after a recent small wave of fraudulent activity was reported. The compromised cards were involved in the Heartland Payment Systems breach disclosed in January 2009.

“We are now beginning to reissue some cards that were part of the block of cards that went through Heartland Payment Systems and were compromised by the bad guys,” said Carl Bradbury, Commerce’s director of consumer card products.

[...]

Bradbury said the Heartland breach was only now hitting banks such as Commerce because when criminals “steal blocks of numbers, especially a large block of numbers like this, they break them into smaller blocks and sell them, and so it goes on” until the end users try to use those cards to get money out of ATMs or to make purchases.

Bradbury said Commerce had been “very lucky in that the wave of fraud largely passed over the bank.” But “fairly recently we’ve had some flickers on the radar that showed that some of our card numbers associated with trafficking through Heartland had been used to perpetrate fraud.”

[...]

Bradbury declined to quantify the fraud or the amount Commerce has absorbed.

“But it was a very small percentage of our portfolio,” he said.

Other local bank officials said the Heartland breach had affected some of their customers, but not recently.

“I don’t think more than a handful of our customers were affected,” said UMB Bank spokeswoman Pam Blase. “And it was months ago.”

Read more in The Kansas City Star.

As of its most recent count, BankInfoSecurity.com reported that 673 financial institutions had publicly revealed that they had been affected by the breach. If, as Commerce Bank’s spokesperson suggests, Commerce may be part of a new wave, we may see that number continue to climb slowly. In any event, if we add in Commerce and UMB Bank, the count currently stands at 675.



Maybe all unauthorized access to personal information is terrorism?

http://www.pogowasright.org/?p=3935

Chief Constable sued over data stolen from a police computer

September 18, 2009 by Dissent Filed under Breaches, Court, Govt, Non-U.S.

A story in today’s Belfast Telegraph reminds us that employee snooping on personal information is not always just out of curiosity or for purposes of ID theft:

A victims campaigner has launched legal proceedings against the Chief Constable and two loyalist bandsmen [Is that “English” for anti-IRA hit-men? Bob] over the gathering of information on Catholics from a police database.

Lawyers for Mark Thompson, director of the Relatives for Justice group, confirmed writs have been served in his High Court claim for damages.

Mr Thompson is suing the Police Service and Co Antrim men Aaron Hill (24) and Darren Richardson (31) who were both convicted of collecting information likely to be useful to terrorists. [Interesting crime... Don't all governments do that? Bob]

Hill, a former PSNI civilian member of staff from Mainebank, Randalstown, admitted carrying out checks on the police computer system for more than two years before being detected.

It was estimated that around 100 names were searched, with nearly 70 people warned to step up their personal security because their details had been accessed.

Read more in the Belfast Telegraph. PSNI is the Police Service of Northern Ireland.



Statistics. (and an indication that people use technology without understanding it.)

http://www.pogowasright.org/?p=3897

One in eight Brits hit by identity theft

September 17, 2009 by Dissent Filed under Breaches, Internet, Non-U.S.

Shaun Nichols reports:

A recent study has estimated that one in eight adults in the UK have been the victim of online fraud or identity theft.

The survey, conducted by research firm YouGov and backed by online security vendor VeriSign, polled roughly 2,100 adults in the UK. Some 12 per cent said that they had been a victim of online ID fraud within the past 12 months.

The researchers credited most of the losses to increasingly sophisticated attack methods, combined with larger numbers of users shopping online. Experts suggest that many users remain unaware of how to spot fraudulent sites and protect against data theft.

Read more on v3.



Interesting that the FBI bothers with these guys, even if the network has offices in New york. But of course, they deal with “rich people” not us second-class citizens.

http://www.databreaches.net/?p=7174

Private Jet-Set Network Hacked

September 17, 2009 by admin Filed under Breach Incidents, Business Sector, Hack, Other

McAfee Research Blog reports that ASmallWorld, a social networking site for jetsetters received an extortion demand:

Yesterday the French police force (OCLCTIC), accompanied by FBI agents, arrested two French residents. They were suspected of hacking [ASmallWorld] social-network platform dedicated to the worldwide upper crust. They allegedly attempted to extort US$1 million from the webmasters to not divulge stolen data.

Two years ago, a paper named “Asmallworld.net: we have hacked the smartest worldwide website” made some noise in France.

Danny Shea provides additional details on Huffington Post:

French police, assisted by the FBI, took in the two hackers — one in Paris, one in the Gironde — for an attempt to blackmail several members of ASMALLWORLD’s management team by suggesting they had full access to the member data base and asking them to cough up a million dollars in exchange for their silence. The hackers contacted ASMALLWORLD in late May.

The company, which keeps neither credit card information nor any private information about its members, assessed the threat level as low and began working with authorities to launch an investigation monitoring the hackers’ online activity. That investigation helped reveal their identities, and they are now in police custody.



This is an updating of the old “rounding error” scheme. Remember, it's not the size of the theft, it's the volume! ($200,073.44 / 58,000 = $3.45 per transaction)

http://www.databreaches.net/?p=7182

Man sentenced for micro-deposit scam

September 17, 2009 by admin Filed under Financial Sector, Of Note, Other, U.S.

A 22-year old man was sentenced to 15 months in prison and restitution of $200,073.44 for fraud and related activity in connection with computers. After release from prison, Michael Largent will also face three years of strict restrictions on his use of computers and the Internet.

According to Assistant United States Attorney Matthew D. Segal, a prosecutor in the Eastern District California U.S. Attorney’s Office’s Computer Hacking and Intellectual Property (CHIP) unit, from November 2007 through May 2008, Largent wrote a computer program that allowed him to defraud E*Trade, Charles Schwab & Co., and Google by opening or attempting to open more than 58,000 brokerage accounts. He did this to steal the “micro-deposits.” A financial institution will make a micro-deposit when an account is opened to test the functionality of an account. The amounts deposited in this case ranged from $0.01 to $2.00.

Largent used false names, addresses, driver’s license numbers, and social security numbers, including the names of known cartoon and comic book characters to open the accounts. When the deposits occurred, he would transfer the funds into his own bank accounts or onto prepaid debit cards, without the authorization or knowledge of his victims. [Only indication that there were Identity Theft victims, too. Probably just poor reporting. Bob] As a result, Largent fraudulently obtained or attempted to obtain tens of thousands of dollars, which he used for personal expenses.

E*TRADE and Charles Schwab detected the fraud and notified law enforcement independently of each other. Largent was originally indicted in May 2008.

In sentencing Largent, United States District Judge Morrison C. England Jr. observed that Largent’s scheme took some sophistication, and wondered why he had not used his skills and talents in a lawful way.



This caught my eye because it's from the area where I grew up.

http://www.pogowasright.org/?p=3902

Former officer charged with computer crime

September 17, 2009 by Dissent Filed under Breaches, Court, Govt

Linda Seida reports:

A former New Hope Borough and Solebury Township part-time police officer has been charged with unlawful use of a computer and related offenses that stem from a traffic stop in which he used a woman’s cell phone to send an “explicit picture” of her to another man, according to a court document.

Later, when the woman confronted Officer Michael Montalbano in the New Hope police station, he chastised her for having “pictures like that,” according to an affidavit filed by the Bucks County detectives who investigated the officer’s alleged misbehavior.

A preliminary hearing for Officer Montalbano is scheduled for Oct. 26.

Read more on CentralJersey.com



Unintended consequences.

http://news.slashdot.org/story/09/09/18/0011218/Spyware-Prank-Exposes-Hospital-Medical-Records?from=rss

Spyware Prank Exposes Hospital Medical Records

Posted by kdawson on Friday September 18, @02:23AM from the epic-keylogger-fail dept.

cheerytt writes

"Let this be a lesson to all the broken-hearted geeks out there. A 38-year-old Ohio man is set to plead guilty to federal charges after spyware he meant to install on the computer of a woman he'd had a relationship with ended up infecting computers at a children's hospital. Spyware was sent to the woman's Yahoo e-mail address in the hope it would be used to monitor what his former girlfriend was doing on her PC. But instead, she opened the spyware on a computer in the hospital's pediatric cardiac surgery department. The spyware sent more than 1,000 screen captures via e-mail, including details of medical procedures, diagnostic notes and other confidential information relating to 62 patients. The man will pay $33,000 to the hospital for damages and faces a maximum sentence of five years in prison."

[From the article:

"While Scott Graham does take responsibility for his conduct, it was never his intention to harm any organization or entity," said his attorney, Ian Friedman, in a telephone interview. [Just his ex-girlfriend Bob]

… Still Howes faulted the hospital's IT staff for allowing someone to download spyware from Yahoo mail and install it on their systems.

… A spokeswoman with the Akron Children's Hospital was unaware of the case and unable to comment. [How could this be? “Oh, we don't much care about HIPAA violations...” Bob]



The Republic of Massachusetts drags its citizens forward to 1984. Question: If you notice the GPS device and remove it, have you committed crime?

http://yro.slashdot.org/story/09/09/17/2030222/Secret-GPS-Tracking-Now-Legal-In-Massachusetts?from=rss

Secret GPS Tracking Now Legal In Massachusetts

Posted by timothy on Thursday September 17, @04:43PM from the unsecret-kind-requires-anklet dept.

dr. fuzz writes

"The Supreme Judicial Court of Massachusetts has ruled in favor of John Law tracking you with secret GPS devices in Massachusetts provided a warrant is obtained. You've been warned. To the dissenters' credit, Justice Ralph Gants is quoted with 'Our constitutional analysis should focus on the privacy interest at risk from contemporaneous GPS monitoring, not simply the property interest.'"



Ah dem Canadians, dey has a firm grasp of de obvious, eh? Does this not reflect/extend the concept that ISPs are merely conduits for content?

http://yro.slashdot.org/story/09/09/17/1829242/Canadian-Court-of-Appeals-Decides-Website-Linking-Isnt-Libelous?from=rss

Canadian Court of Appeals Decides Website Linking Isn't Libelous

Posted by timothy on Thursday September 17, @02:48PM from the reelect-that-man dept.

inject_hotmail.com writes

"I found this promising news over on Michael Geist's website: In an amazing display of wisdom and understanding, British Columbia (Canada) court of appeals (in a split decision) decided that it is not libelous to link to defamatory content. The judge stated that 'there is, in my view, no substantial difference between providing a web address and a mere hyperlink. Whether the hyperlink is a web address, as is often the case, or a more specific reference, both require a decision on the part of the reader to access another website, and both require the reader to take a distinct action, in the one case typing in a web address and in the other case clicking on the hyperlink. In other words, there is a barrier between the accessed article and the hyperlinked site that must be bridged, not by the publisher, but by the reader. The essence of following a hyperlink is to leave the website one was at to enter a different and independent website.' The case was brought about by B.C. businessman Wayne Crookes, who claimed that p2pnet had damaged his character by linking to websites with which he did not agree. Presumedly, the website with the actual content in question is outside of the purview of the Canadian courts; however, p2pnet is not."



In virtual worlds we have virtual lawyers chasing virtual ambulances and that still results in real world lawsuits?

http://www.wired.com/threatlevel/2009/09/linden

Linden Lab Targeted in Second Life Sex-Code Lawsuit

By David Kravets Email Author September 17, 2009 7:41 pm



The Joys of Computer Forensics. With old operating systems come old application software. Do you have a copy of VisiCalc I could borrow?

http://tech.slashdot.org/story/09/09/17/1747259/Old-Operating-Systems-Never-Die?from=rss

Old Operating Systems Never Die

Posted by timothy on Thursday September 17, @01:59PM from the they-just-start-running-in-loops dept.

Harry writes

"Haiku, an open-source re-creation of legendary 1990s operating system BeOS, was released in alpha form this week. The news made me happy and led me to check in on the status of other once-prominent OSes — CP/M, OS/2, AmigaOS, and more. Remarkably, none of them are truly defunct: In one form or another, they or their descendants are still available, being used by real people to accomplish useful tasks. Has there ever been a major OS that simply went away, period?"



...and if it's not registered you can buy it here!

http://www.bespacific.com/mt/archives/022345.html

September 17, 2009

Free Search Engine for All U.S. Trademarks Filed Since 1870

TradeMarkia - Search for a trademark by: name (here is the result for beSpacific), filing date(s), category, goods & services, company name, status [via Google Blogoscoped]



Woz is worth watching.

http://fora.tv/2006/09/26/Steve_Wozniak

Steve Wozniak: How I Invented the Personal Computer



Free is good!

http://www.killerstartups.com/Search/freebook-s-com-find-every-book-you-want-for-free

FreeBook-s.com - Find Every Book You Want For Free

http://www.freebook-s.com/

Can’t get your hands on enough books to read? If you happened to answer that question affirmatively, then this portal will no doubt appeal to you. In essence, here you will be capable of looking up and procuring free books about most topics you could think of.

Thursday, September 17, 2009

Is it just me, or is reading all those emails somewhat intrusive... For all my students. I should work this into my “Email Etiquette” rant. Also provides guidance for Social Engineering.

http://blog.okcupid.com/index.php/2009/09/14/online-dating-advice-exactly-what-to-say-in-a-first-message/

Ok, here’s the experiment.

We analyzed over 500,000 first contacts on our dating site, OkCupid. Our program looked at keywords and phrases, how they affected reply rates, and what trends were statistically significant. The result: a set of rules for what you should and shouldn’t say when introducing yourself online.



Tools & Techniques For stalkers? At least you can get to know your new neighbors...

http://www.makeuseof.com/tag/how-to-conduct-a-free-criminal-background-check-online/

How To Conduct A Free Criminal Background Check Online

Sep. 16th, 2009 By Mahendra Palsule

Criminal Searches

Criminal Searches allows you to:

  • Search criminal records by first and last name, optionally filtered by US state

  • Search criminals in a neighborhood

  • Search sex offenders in a neighborhood

  • Sign up to receive alerts on criminal records of up to 5 names

  • Get criminal statistics based on types of crime, ethnicity, gender and age

… You can also check out previously profiled SpotCrime for crime reports in your neighborhood and Family Watchdog to get a map view of the National Sex Offender registry.



It's public or it's not, isn't it? Ignorance of the law is no excuse, but does that apply to “secret laws?” If the law is not freely (as in free) available, isn't it “secret?” If I link to it online, have I committed a “Copyright crime?” (I wouldn't know if I can't access the law...)

http://yro.slashdot.org/story/09/09/16/1925206/Professor-Posts-Illegal-Copy-of-Guide-To-Oregon-Public-Record-Laws?from=rss

Professor Posts "Illegal Copy" of Guide To Oregon Public Record Laws

Posted by timothy on Wednesday September 16, @03:48PM from the hey-man-I-paid-for-that dept.

An anonymous reader writes

"Copyright law has previously been used by some states to try to prevent people from passing around copies of their own government's laws. But in a new level of meta-absurdity, the attorney general of Oregon is claiming copyright over a state-produced guide to using public-records laws. That isn't sitting well with one frequent user of the laws, who has posted a copy of the guide to his website and is daring the AG to respond. The AG, who previously pledged to improve responses to public-records requests, has not responded yet."

The challenger here is University of Oregon Professor Bill Harbaugh.

[From the article:

Instead, the attorney general sells the 326-page book for $25 a pop, mostly to law firms and other state agencies. Kroger's spokesman, Tony Green, says that's how the AG's office makes back the cost of producing the book.

That doesn't mollify Harbaugh, who challenged the state's copyright claim by posting a scanned copy of the book. Harbaugh, who tends to get under the skin of public officials, complains it's just another chapter in the long effort by state bureaucrats to make using the law as difficult as possible.



SANS study

http://www.sans.org/top-cyber-security-risks/

The Top Cyber Security Risks

Two risks dwarf all others, but organizations fail to mitigate them

Featuring attack data from TippingPoint intrusion prevention systems protecting 6,000 organizations, vulnerability data from 9,000,000 systems compiled by Qualys, and additional analysis and tutorial by the Internet Storm Center and key SANS faculty members.

September 2009

Best Practices in Mitigation and Control of The Top Risks

A few weeks ago, the Center for Strategic and International Studies published an updated version of the Twenty Critical Controls for Effective Cyber Defense.

http://csis.org/files/publication/Twenty_Critical_Controls_for_Effective_Cyber_Defense_CAG.pdf

These controls reflect the consensus of many of the nation's top cyber defenders and attackers on which specific controls must be implemented first to mitigate known cyber threats.


(Related) Crooks are getting more sophisticated.

http://news.cnet.com/8301-27080_3-10355069-245.html?part=rss&subj=news&tag=2547-1_3-0-20

New scam adds live chat to phishing attack

by Elinor Mills September 16, 2009 1:22 PM PDT Updated 4 p.m. PDT throughout with minor additional details.

Online scammers have created a phishing site masquerading as a U.S.-based bank that launches a live chat window where victims are tricked into revealing more information, researchers at the RSA FraudAction Research Team said on Wednesday.

After a user accesses the phishing site, the chat window messages come through the browser and not via a typical instant messenger application, RSA said in a blog post.

The chat window is displayed if the log-in credentials are typed in or if any other link on the page is clicked, said Sean Brady, an online fraud expert at RSA.

The scammer claims to be from the bank's fraud department and says that the bank is requiring members to validate their accounts, asking for additional information such as name, phone number, and e-mail address, according to screenshots. That information could be used to get access to accounts and money online or over the phone.


(Related) and their numbers are increasing fast.

http://news.cnet.com/8301-1009_3-10354540-83.html

Web 2.0 security risks scrutinized

by Vivian Yeo September 16, 2009 7:45 AM PDT

Web 2.0 sites that enable people to create content are increasingly used to carry out a wide range of attacks, according to a new security study.

Websense's State of Internet Security" (PDF), released Tuesday, notes that attackers are focusing their attention on interactive Web 2.0 elements. Some 95 percent of user-generated comments on blogs, message boards, and chat rooms are either spam or contain malicious links, the security vendor warned. [I find that very hard to believe. Bob]

"The very aspects of Web 2.0 sites that have made them so revolutionary--the dynamic nature of content on the sites, the ability for anyone to easily create and post content, and the trust that users have for others in their online networks--are the same characteristics that radically raise the potential for abuse," Websense said in its report.

… According to Websense statistics, the number of malicious sites between January and June grew 233 percent over the second half of 2008, and 671 percent compared with the same period last year.

The security company also found that during the first six months of 2009, 78 percent of new Web pages with objectionable content such as pornography or gambling, contained at least one malicious link. Some 77 percent of Web sites with malicious code were compromised legitimate sites.



Some more Quick References (Okay, Cheat Sheets)

http://www.customguide.com/quick_references.htm

FREE Quick References

  • Distribute them at your organization.

  • Forward them to users with support issues.

  • Post them on your organization's Website.



For my website students.

http://www.killerstartups.com/Web20/ws4ws-com-the-why-wherefore-of-websites

WS4WS.com - The Why & Wherefore Of Websites

http://ws4ws.com/

Succinct answers to the "what", "why" and "who" for websites as a whole. That is what this portal is all about. The categories that you can have your pick from include “Database”, “Collaboration”, “Reference” and “Wiki”. Of course, a “Social Media” category is likewise part of the main list, along with a “Productivity” one.

… The aim of such a site is a clear one. General users can understand websites and how they work, effectively maximizing them. For its part, publishers do get the chance to promote their sites for free. The site is completely inexpensive in every case, so that if you want to question away simply set your browser to it and see what you can find.



Global Warming! Global Warming! Something useful from the recycle guys! Now is the time to grab the mineral rights (recycle rights?) to dumps and landfills!

http://hardware.slashdot.org/story/09/09/16/2228236/Transforming-Waste-Plastic-Into-10Barrel-Fuel?from=rss

Transforming Waste Plastic Into $10/Barrel Fuel

Posted by samzenpus on Wednesday September 16, @07:15PM from the mr.-fusion dept.

Mike writes

"Today Washington DC-based company Envion opened a $5 million dollar facility that they claim will be able to efficiently transform plastic waste into a source of oil-like fuel. The technology uses infra-red energy to remove hydrocarbons from plastic without the use of a catalyst, transforming 82% of the original plastic material into fuel. According to Envion, the resulting fuel can then be blended with other components, providing a source for gasoline or diesel at as low as $10 per barrel."



Dilbert explains the best reaction you can expect from a PowerPoint presentation...

http://dilbert.com/strips/comic/2009-09-17/

Wednesday, September 16, 2009

Why does this ring hollow?

http://www.databreaches.net/?p=7138

Heartland CEO: Credit Card Encryption Needed

September 15, 2009 by admin Filed under Breach Incidents, Financial Sector

Grant Gross of IDG News Service reports that in testimony before the Senate Homeland Security and Governmental Affairs Committee yesterday, Heartland Payment Systems CEO Robert Carr was hit with a question about how the payment processor could have been breached for over one year and yet not detected it:

Senators asked Carr some pointed questions about the breach. Senator Susan Collins, a Maine Republican, wanted to know how the company could be compromised from October 2006 to May 2008 without discovering the breach. “I was astounded at what a long period elapsed where these hackers were able to steal these credit card numbers,” she said. “Explain to me how a breach of that magnitude could go undetected for so long.”

Card holders were not reporting major breaches, [Translation: We rely on complaints from our customer's customers, even though they have no idea who we are... Bob] Carr answered. “The way breaches are normally detected is that fraudulent uses of cards are determined,” he said. “There was no hint of fraudulent use of cards that came to our attention until toward the end of 2008.”

Collins pressed him further. “But are there no computer programs that one can use to check to see if an intrusion has occurred?” she asked.

“There are, and the cybercriminals are very good at masking themselves,” Carr said.

Read more on PC World.



'We rely on intimidation and obfuscation to secure our computers.” Note: He was released in February 2007 and not re-arrested until November 2008. I guess no one noticed what he had done.

http://www.databreaches.net/?p=7150

Former inmate pleads guilty to hacking prison computer

September 15, 2009 by admin Filed under Breach Incidents, Government Sector, Hack

A former prisoner of the Plymouth County Correctional Facility pled guilty today in federal court to intentionally damaging the prison’s computer network while he was an inmate.

Acting United States Attorney Michael K. Loucks and Warren T. Bamford, Special Agent in Charge of the Federal Bureau of Investigation - Boston Field Division, announced that Francis G. Janosko, age 43, pled guilty before U.S. District Judge George A. O’Toole, Jr., to one count of intentional damage to a protected computer.

At today’s plea hearing, the prosecutor told the Court that had the case proceeded to trial the Government’s evidence would have proven that while Janosko was an inmate at the Plymouth County Correctional Facility in 2006 and 2007, the correctional facility provided inmates a computer for legal research with security controls to prohibit Internet access, e-mail, or using other computers or computer programs. [The simplest “control” would have been to ensure no physical connection (no network card and no wireless card) Bob] Despite these restrictions, Janosko hacked the computer network to send e-mail; provide inmates access to a report that listed the names, dates of birth, Social Security numbers, home addresses and telephone numbers, and past employment history of over 1,100 current and former Plymouth County Correctional Facility personnel and applicants; and access (without success) an important prison management computer program.

Judge O’Toole scheduled sentencing for December 15, 2009. Under the terms of the plea agreement, both parties will recommend a sentence of incarceration for 18 months, to be followed by 3 years of supervised release, and restitution to Plymouth County in an amount to be determined. Janosko had been free following his release from the Plymouth County Correctional Facility, but has been incarcerated since he was re-arrested in November 2008.

The case was investigated by the Federal Bureau of Investigation and the Plymouth County Sheriff’s Department. It is being prosecuted by Assistant U.S. Attorney Scott L. Garland of Loucks’s Computer Crime Unit.

Source: U.S. Attorney’s Office

Update: The Patriot Ledger provides a few additional details.

[From the Patriot Ledger article:

Investigators said Janosko down-loaded an aerial photograph of the jail, and shared jail workers’ phone numbers and employment histories with other inmates. He also obtained a user name and password for a prison-management computer program [Another indication of lousy security. Bob] but was stopped before gaining access, an indictment against him stated.



For my Security Students. (Tip: It's not just China)

http://it.slashdot.org/story/09/09/16/1256249/Feds-Ask-IT-Execs-To-Throw-Away-Cellphones-After-Visiting-China?from=rss

Feds Ask IT Execs To Throw Away Cellphones After Visiting China

Posted by Soulskill on Wednesday September 16, @09:46AM from the guilty-of-aberrant-longitude dept.

sholto writes

"US intelligence agencies are advising top US IT executives to weigh their laptops before and after visiting China as one of many precautions against corporate espionage. Symantec Chief Technology Officer Mark Bregman said he was also advised to buy a new cellphone for each visit and to throw it away after leaving. Bregman said he kept a separate MacBook Air for use in China, which he re-images on returning, but claimed he didn't subscribe to the strictest policies. 'Bregman said the US was also concerned about its companies employing Chinese coders, particularly in security.'"



Not quite a “How to” guide, but enough for my Security students. Thank you, US Attorney!

http://www.databreaches.net/?p=7146

Trial set in botnet hacking conspiracy

September 15, 2009 by admin Filed under Malware, U.S.

Thomas James Frederick Smith, 21, and David Anthony Edwards, 20, have been charged in a federal indictment with conspiring to intentionally cause damage to a protected computer and commit computer fraud. The indictment was announced U.S. Attorney James T. Jacks of the Northern District of Texas. Edwards, of Mesquite, Texas, and Smith, most recently of Parris Island, South Carolina, both entered not guilty pleas and are on pre-trial release. Trial has been set for November 16, 2009, before U.S. District Judge Jane J. Boyle.

The indictment alleges that from summer 2004 through October 2006, Smith, a/k/a “Zoot,” “TJ,” and “kingsmith007,” and Edwards, a/k/a “Davus,” conspired together to cause the transmission of a program, information, code, or command, by using an IRC chat network to cause damage to a protected computer.

The indictment alleges that Smith and Edwards searched the Internet for vulnerable computers [i.e. unprotected computers? Bob] and planted a malicious program on the computers that caused all the compromised computers to login to an IRC chat room. Once the compromised computers were logged into the IRC chat room, Smith and Edwards typed in commands which remotely controlled the behavior of the compromised computers, such as causing all of the compromised computers to simultaneously participate in a Distributed Denial of Service (DDOS) attack. Smith and Edwards also accessed, without authorization, websites and either defaced the site, or in the case of one webhost server, “published” its client database.

In trying to sell the bot to a potential botnet purchaser, Smith demonstrated the partial capabilities of the bot to the potential purchaser by causing a portion of the botnet to engage in a DDOS by flooding an IP address at ThePlanet.com, an internet-hosting company in Dallas.

An indictment is an accusation by a federal grand jury and a defendant is entitled to the presumption of innocence unless proven guilty. However, if convicted, each defendant faces a maximum statutory sentence of five years in prison, a $250,000 fine and restitution.

The case is being investigated by the FBI and prosecuted by Assistant U.S. Attorney C.S. Heath.

Source: U.S. Attorney’s Office



“It's for the children!” The question about how the data will be used is on target. Is it ONLY to prevent over-stressing during exercise? Will it become part of the child's permanent record? Who has access to the data besides the parents?

http://yro.slashdot.org/article.pl?sid=09/09/15/206254

Heart Monitors In Middle School Gym Class?

Posted by kdawson on Tuesday September 15, @05:17PM from the please-don't-sue-me dept.

Education Privacy

An anonymous reader writes

"My son brought home an order form from his middle school. Apparently the 7th (his grade) and 8th graders are being asked (required?) to purchase their own straps for the heart monitors they're to wear during gym class. I know nothing yet of the device in question, but have left a voice-mail with the assistant principal asking him to call me so I may ask some questions about the program and the device. My tinfoil-hat concern is that the heart rate data will be tied to each child, then archived and eventually used for/against them down the road when applying for insurance, high-stress jobs, etc. 'I see you had arrhythmia during 7th grade pickle ball? No insurance for you' Has anyone heard of such a program, or had their child(ren) take part in it? Does the device transmit to the laptop the overweight gym teacher will be watching instead of running laps with the kids? Perhaps data is downloaded from the device after the class? Or am I just being paranoid? Thanks for any insight."


(Related) “It's for the taxes!” ...and because we want to know where you are every minute of every day.

http://yro.slashdot.org/story/09/09/15/1952208/Congress-Mulls-Research-Into-a-Vehicle-Mileage-Tax?from=rss

Congress Mulls Research Into a Vehicle Mileage Tax

Posted by kdawson on Tuesday September 15, @04:20PM from the just-get-on-the-bike dept.

BJ_Covert_Action writes to let us know that an Oregon congressman has filed legislation to spend $154.5M for a research project into tracking per-vehicle mileage in the US, and asks: "Do we really want the government to track our movement and driving habits on a regular basis?"

"US Representative Earl Blumenauer (D-Oregon) introduced H.R. 3311 earlier this year to appropriate $154,500,000 for research and study into the transition to a per-mile vehicle tax system... Oregon has successfully tested a Vehicle Miles Traveled fee... the [Oregon] report urged a mandate for all drivers to install GPS tracking devices that would report driving habits [That sounds like more than “miles driven” Bob] to roadside RFID scanning devices."

Here is the bill (PDF). The article notes that the congressman's major corporate donors would likely benefit with contracts if such a program were begun. [I'm shocked! Bob]


(Related) Will this be broadened to include a “right” to any data that monitors products and services you purchase? i.e. will we be able to see an ISP's performance data to ensure we are getting the advertised speeds?

http://yro.slashdot.org/story/09/09/15/2236213/Right-To-Repair-Bill-Advances-In-Massachusetts?from=rss

"Right To Repair" Bill Advances In Massachusetts

Posted by kdawson on Tuesday September 15, @06:55PM from the not-open-source-but-it's-a-step dept.

Wannabe Code Monkey sends along an article from the Patriot Ledger about an effort in Massachusetts to pass a "Right to Repair" bill.

"Since the advent of congressionally mandated computers in vehicles more than 15 years ago (for emissions), cars have evolved into complex machines that are no longer just mechanical. Computers now monitor and control most systems in the car from brakes to tire pressure and all the electronics and engine fluids... [and] car manufacturers continue to hold back on some of the information that your mechanic needs in order to properly repair your car and reset your codes and warning lights... Massachusetts is now poised to solve this problem and car-driving consumers should pay attention this fall when the Massachusetts Legislature takes up landmark legislation that would force manufacturers to respect the right of consumers to access their own repair information. The legislation, known as Right to Repair, is seen by car manufacturers as a threat to the lucrative service business in their dealerships and they are massing their lobbyists on Beacon Hill in an effort to defeat it."



The charge is e-Pimping? Craigslist automates ads, newspapers still put people in the loop. If there are ads in the local newspapers, shouldn't that be the first place you look?

http://news.cnet.com/8301-17852_3-10353855-71.html?part=rss&subj=news&tag=2547-1_3-0-20

Another sheriff goes after Craigslist

by Chris Matyszczyk September 15, 2009 4:23 PM PDT

Grady Judd, the sheriff for Polk County in Florida, has followed in the anti-Craigslist footsteps of Cook County, Illinois, counterpart, Tom Dart.

In a sweep imaginatively titled "Operation Hot Date," the sheriff's forces arrested 28 women for allegedly advertising prostitution services on Craigslist.

The Smoking Gun quoted the sheriff as declaring that the site is still a "one-stop shop for all your prostitution needs."



For my statistics class?

http://yro.slashdot.org/story/09/09/15/2111252/AU-Goverment-To-Break-Up-Telstra-Filtering-News?from=rss

AU Goverment To Break Up Telstra; Filtering News

Posted by kdawson on Wednesday September 16, @12:21AM from the breaking-up-is-hard-to-do dept.

benz001 writes

"The Minister who has pushed the ridiculous broadband filter plan has at least won a few brownie points with yesterday's press conference, in which he promised to force Telstra to split its network and wholesale businesses. Australia's largest ISP, and the country's main infrastructure owner, will be given a chance to implement the structural separation voluntarily; if it does not, the Government will step in with legislation. Here is the Minister's official press release."

And speaking of the filtering program, reader smash writes

"After several years of debate and electioneering, some statistics on the Australian national web filtering effort have been disclosed. Apparently, the typical Aussie web surfer is 70 times more likely to win the national lotto than stumble across a blocked page. Additionally, despite the claim that the main aim of the filter is to block child pornography, only 313 of the 977 total sites blocked is on the basis of child porn. At $40M AU so far in taxpayers funds, the cost so far is around $40,900 per blocked URL. Government efficiency at work..."



Just because we vilified Bush for it in the campaign doesn't mean we don't love it!

http://www.pogowasright.org/?p=3855

Obama: Renew PATRIOT Act provisions on domestic surveillance

September 16, 2009 by Dissent Filed under Featured Headlines, Govt, Surveillance, U.S.

David Kravets writes:

The Obama administration is informing Congress it supports renewing three Patriot Act provisions expiring at year’s end, measures making it easier for the government to spy in the United States.

In a letter to Patrick Leahy, the Vermont senator and chairman of the Senate Judiciary Committee, the Justice Department on Monday suggested the administration might consider “modifications” to the act to protect civil liberties.

“The administration is willing to consider such ideas, provided that they do not undermine the effectiveness of these important authorities,” Ronald Weich, assistant attorney general, wrote to the Vermont senator, (.pdf) whose committee is expected next week to consider renewing the three expiring Patriot Act provisions. The government disclosed the letter Tuesday.

Read more about the expiring provisions that Obama wants to renew over the objections of privacy advocates and civil libertarians on Threat Level.

Note that Obama’s position on this is not a flip flop. During his campaign, when asked about the PATRIOT Act, he pointed out what he saw as its advantages and blamed the problems on executive orders. [That other President Bob]



Could be useful for scholarly research, or even e-discovery.

http://news.cnet.com/8301-27076_3-10353904-248.html?part=rss&subj=news&tag=2547-1_3-0-20

Perpetually archives the Web for you

by Josh Lowensohn September 15, 2009 3:57 PM PDT

Perpetually is a new Web archiving tool demoed at the TechCrunch50 conference. It saves entire instances of Web pages, then lets users dial back to older versions. You just point it to a site or entire domain name then tell it what you want it to archive and for how long. It then does the hard work of saving pages to its servers.

… The service is not free; in fact, it's not even aimed at consumers. The lowest plan costs $99 a month, all the way up to $499 month, each with a higher level of monthly archiving storage. Considering each page takes up some storage space, it can fill up quickly, which is why the pro plans offer more.

The company said it's aiming Perpetually at media networks, historians, and PR companies. It also butts heads with Iterasi and its Positive Press product whose core technology was first demoed in January 2008.



This could be real useful! For example, I should be able to attach a link to the scene in The Treasure of the Sierra Madre that I (mis-)quote so often: “Badges? We ain't got no badges. We don't need no badges. I don't have to show you any stinking badges. ”

http://www.techcrunch.com/2009/09/15/tc50-find-the-perfect-scene-every-time-anyclip-is-a-search-engine-for-movie-clips/

TC50: Find The Perfect Scene, Every Time. AnyClip Is A Search Engine For Movie Clips

by Jason Kincaid on September 15, 2009

… People reference scenes all the time in their daily lives, and on the web it’s not uncommon for a blogger to accentuate their post with a particularly relevant clip. But for their popularity, there still isn’t an established site that’s known as the place to find a movie clip — YouTube and Hulu are always worth a shot, but they can be very hit or miss. AnyClip, a new startup that’s launching today at TechCrunch 50, wants to be the solution, with a searchable database of movie scenes.



Another TechCrunch article. Not sure I like the first start-up, but Insttant is interesting!

http://news.cnet.com/8301-27076_3-10354087-248.html?part=rss&subj=news&tag=2547-1_3-0-20

TC50: Two new ways to get the news

by Josh Lowensohn September 15, 2009 5:48 PM PDT

SAN FRANCISCO--Two new companies are launching products designed to get the news to users faster--and from a wider variety of sources. Both are in private beta and not yet available to the general public but were demoed live at the TechCrunch50 conference.

Thoora is a new tool that clusters and aggregates news.

Insttant, on the other hand, cuts out traditional news sources entirely and uses Twitter's public stream instead. It takes these tweets and turns them into an interactive news page that covers people, places, and companies, including a way to track trending topics and user sentiment. All of this goes on a front page, which can be reordered and personalized with topics the user wants to see.



Global Warming! Global Warming! “We're pretty sure that global warming is important, we're unsure this will help, but we're definitely gonna raise taxes!”

http://news.cnet.com/8301-13578_3-10354179-38.html?part=rss&subj=news&tag=2547-1_3-0-20

Obama administration: Cap and trade could cost families $1,761 a year

by Declan McCullagh September 15, 2009 6:12 PM PDT

The Obama administration has privately concluded that a cap and trade law would cost American taxpayers up to $200 billion a year, the equivalent of hiking personal income taxes by about 15 percent.

A previously unreleased analysis prepared by the U.S. Department of Treasury says the total in new taxes would be between $100 billion to $200 billion a year. At the upper end of the administration's estimate, the cost per American household would be an extra $1,761 a year.



Tools & Techniques For when faces turn green?

http://www.makeuseof.com/tag/use-calibrize-to-color-calibrate-your-monitor-windows/

Use Calibrize To Color Calibrate Your Monitor (Windows)

Sep. 16th, 2009 By Karl L. Gechlik

Tuesday, September 15, 2009

Long road, but another proof that the harm is real...

http://torrentfreak.com/retailer-must-compensate-sony-anti-piracy-rootkit-victim-090914/

Retailer Must Compensate Sony Anti-Piracy Rootkit Victim

Written by enigmax on September 14, 2009

In 2005 there was a huge scandal when it was revealed that Sony’s attempts to crack down on music piracy had got out of control. The company included a rootkit (XCP) on many of its music CDs which was installed on the user’s PC without permission. Now a court has ordered compensation to be paid to an XCP victim.

… According to Germany’s Heise, a district court has just ruled in a case where an individual claimed that the presence of the Sony rootkit caused him financial losses.

After purchasing an Anastacia CD, the plaintiff played it in his computer but his anti-virus software set off an alert saying the disc was infected with a rootkit. He went on to test the CD on three other computers. As a result, the plaintiff ended up losing valuable data.

Claiming for his losses, the plaintiff demanded 200 euros for 20 hours wasted dealing with the virus alerts and another 100 euros for 10 hours spent restoring lost data. Since the plaintiff was self-employed, he also claimed for loss of profits and in addition claimed 800 euros which he paid to a computer expert to repair his network after the infection. Added to this was 185 euros in legal costs making a total claim of around 1,500 euros.

The judge’s assessment was that the CD sold to the plaintiff was faulty, since he should be able to expect that the CD could play on his system without interfering with it.

The court ordered the retailer of the CD to pay damages of 1,200 euros.



Security? What's Security?

http://www.pogowasright.org/?p=3825

Privacy issues plague Facebook users – yet again

September 14, 2009 by Dissent Filed under Breaches, Featured Headlines, Internet

Steve Ragan reports:

Over the weekend, there was an interesting bit of news out of the social networking world, which once again places the privacy protection and controls offered by Facebook in the spotlight. A post on Reddit described a Google search that displayed notes written by Facebook users, and with those notes, a good deal of personal information.

The story on Reddit was picked up by The Next Web, and as they said in their coverage, the issue isn’t so much the fact that the notes were discovered via a Google search, the issue is that the notes discovered were associated with profiles that were marked as private. The Tech Herald did some research on several profiles, and every single user we looked at had privacy settings in full effect, but in some cases, several notes were easily obtainable with a Google search.

Read more on The Tech Herald.



Some debate on this, but at minimum I see it as a nose in the tent. If you can monitor my machine for malware, you can also look for copyrighted music, child porn, or “subversive material” Simpler question: How will the ISP deal with a false positive?

http://it.slashdot.org/story/09/09/15/0429234/Australian-ISPs-Asked-To-Cut-Off-Malware-Infected-PCs?from=rss

Australian ISPs Asked To Cut Off Malware-Infected PCs

Posted by timothy on Tuesday September 15, @02:08AM from the good-of-the-tribe dept.

bennyboy64 writes

"Australia's Internet Industry Association has put forward a new code of conduct that suggests ISPs contact, and in some cases disconnect, customers that have malware-infected computers. 'Once an ISP has detected a compromised computer or malicious activity on its network, it should take action to address the problem. ISPs should therefore attempt to identify the end user whose computer has been compromised, and contact them to educate them about the problem,' the new code states. The code won't be mandatory, but it's expected the ISP industry will take it up if they are to work with the Australian Government in preventing the many botnets operating in Australia."



Security – Cleaning up after the CEO

http://www.pcmag.com/article2/0,2817,2352755,00.asp

Kill Your Phone Remotely

09.11.09

Many of today's most popular smartphones can be erased remotely if they are lost or stolen. Here's how to do it.

… That's why many of today's smartphones support a mobile kill switch, also called "remote wipe" capability. Remote wipe lets a device owner or IT support engineer remotely erase the handheld's data in case it's lost or stolen.



Perhaps the law means what we thought it meant... Sorry RIAA.

http://news.cnet.com/8301-1023_3-10352183-93.html?part=rss&subj=news&tag=2547-1_3-0-20

Veoh wins copyright case; YouTube wins, too?

by Greg Sandoval September 14, 2009 12:47 PM PDT

… Universal Music Group, the largest of the four top record companies, accused Veoh of copyright violations in a lawsuit filed two years ago. But on Friday, U.S. District Judge A. Howard Matz granted Veoh's motion for summary judgment, and ruled that the company is protected against such claims by the Digital Millennium Copyright Act.



This again suggests that Microsoft pushes the software envelope toward “tomorrows” machine. Moving to Windows 95 required many hardware upgrades, looks like this one will too.

http://tech.slashdot.org/story/09/09/14/1338207/Windows-7-Upgrade-Can-Take-Nearly-a-Day?from=rss

Windows 7 Upgrade Can Take Nearly a Day

Posted by CmdrTaco on Monday September 14, @10:56AM from the just-sleep-on-it dept.

Eugen writes

"A Microsoft Software Engineer has posted the results of tests the company performed on the upgrade time of Windows 7. The metric used was total upgrade time across different user profiles (with different data set sizes and number of programs installed) and different hardware profiles. A clean 32-bit install on what Microsoft calls 'high-end hardware' should take only 30 minutes. In the worst case scenario, the process will take about 1220 minutes. That second extreme is not a typo: Microsoft really did time an upgrade that took 20 hours and 20 minutes. T hat's with 650GB of data and 40 applications, on mid-end hardware, and during a 32-bit upgrade. We don't even want to know how long it would take if Microsoft had bothered doing the same test with low-end hardware. The other interesting point worth noting is that the 32-bit upgrade is faster on a clean install than a 64-bit upgrade, regardless of the hardware configuration, and is faster on low-end hardware, regardless of the Data Profile. In the other six cases, the 64-bit upgrade is faster than the 32-bit upgrade."


Convergence Another step toward a computer controlled TV

http://hothardware.com/News/CableCARD-Now-Open-To-All-No-Need-For-OEM-Installations/

CableCARD Now Open To All, No Need For OEM Installations

Sunday, September 13, 2009 - by Shawn Oliver

… As Windows 7 enters the fray, users will be able to add CableCARDs to their own systems with little to no hassle. These cards will allow users to access all of their carrier's cable channels right on their HTPC, eliminating the need for a cable box and a media center PC.



Retire early! Get you kids interested in games!

http://www.makeuseof.com/tag/top-ways-for-kids-to-make-money-online-nb/

Top 3 Ways for Kids To Make Money Online

Sep. 14th, 2009 By Ryan Dube



Useful stuff for my students. Besides, they love it when the professor encourages “cheating”

http://www.makeuseof.com/tag/14-great-cheat-sheets-posters-to-make-you-a-software-wizard/

14 Great Cheat Sheets & Posters to Make You a Software Wizard

Sep. 14th, 2009 By Varun Kashyap

… Plus, don’t forget that MakeUseOf have our very own cheat sheets. Click here to check them out and if you like them, download them for free!

Monday, September 14, 2009

Paperless, remote access, and automate-able. What more could a modern crook want? How about systems that don't bother with all that security stuff? Allow me to repeat and reiterate my redundant refrain: Passwords alone are not adequate security.

http://www.databreaches.net/?p=7130

UK: Hackers steal £1m in online tax scam

September 14, 2009 by admin Filed under Breach Incidents, Government Sector, ID Theft, Non-U.S., Of Note

Stephen Condron and Christopher Leake report:

Police are investigating how criminals managed to steal £1million from the taxman by accessing a Government computer system and granting themselves rebates.

The thieves filed returns online using the passwords of genuine self-assessment taxpayers – then diverted the money to bogus accounts.

The sting prompted concern yesterday that the fraudsters may have obtained the passwords from one of the many Whitehall laptops stolen over the past few years. [Why would the laptops have user passwords? Bob]

[...]

The system penetrated by the thieves, the Government Gateway, was set up at a cost of £18million as part of Tony Blair’s vision for services to be administered electronically. It allows users to fill in forms online for anything from paying parking tickets to claiming child tax credit.

The thieves are understood to have diverted the money to bank accounts set up fraudulently using the names of the password holders.

Scotland Yard’s specialist e-crime unit, which arrested a man last week in connection with the case, is investigating whether the fraudsters used sophisticated software to find a weakness in Gateway or whether they targeted the computers of the people whose identities they stole.

Read more in The Mail.

[From the article:

One accountant, who had 52 of his 110 clients targeted by the tax fraudsters, said he was told by HM Revenue & Customs of rebates totalling more than £150,000.

...HMRC has taken the attack on its system so seriously that it has provided a template for a letter accountants can send to clients to apologise and reassure them that their tax affairs will not be affected. [Sounds like this is much larger than the article suggests. Bob]



A response the US should adopt?

http://tech.yahoo.com/news/afp/20090913/tc_afp/skoreaitinternetsecurity_20090913073323

SKorea to train 3,000 'cyber sheriffs': report

Posted on - Sun Sep 13, 2009 3:33AM EDT



Is this the basis for DNA testing as well?

http://news.yahoo.com/s/ap/20090913/ap_on_re_us/us_police_dui_blood;_ylt=AgzpQc9CsdrwQpDfGAAAe_qs0NUE;_ylu=X3oDMTJnZTZrbzY4BGFzc2V0A2FwLzIwMDkwOTEzL3VzX3BvbGljZV9kdWlfYmxvb2QEcG9zAzQEc2VjA3luX21vc3RfcG9wdWxhcgRzbGsDcG9saWNlc2F5c3ly

Police say syringes will help stop drunk driving

By REBECCA BOONE, Associated Press Writer– Sun Sep 13, 2:56 pm ET

… For years, defense attorneys in Idaho advised clients to always refuse breath tests, Ada County Deputy Prosecutor Christine Starr said. When the state toughened the penalties for refusing the tests a few years ago, the problem lessened, but it's still the main reason that drunk driving cases go to trial in the Boise region, Starr said.

Idaho had a 20 percent breath test refusal rate in 2005, compared with 22 percent nationally, according to an NHTSA study.

Starr hopes the new system will cut down on the number of drunken driving trials. Officers can't hold down a suspect and force them to breath into a tube, she noted, but they can forcefully take blood — a practice that's been upheld by Idaho's Supreme Court and the U.S. Supreme Court.



Here's a non-lawyer question: Knowing that the City was likely to be sued on occasion, shouldn't the city attorney review the records retention policies? More pointed question: Why haven't they noticed this several lawsuits ago?

http://yro.slashdot.org/story/09/09/13/1151226/Boston-City-Government-Discovers-Email-Retention?from=rss

Boston City Government Discovers Email Retention

Posted by Soulskill on Sunday September 13, @09:27AM from the hey-those-stacks-of-emails-take-up-a-lot-of-space dept.

An anonymous reader writes

"The Boston Globe, covering a battle to unseat the 16-year incumbent mayor, has found out that the city has no email retention policy. A city official who receives hundreds of emails a day was found to have only 18 emails in his mailbox. The city has enabled journaling on its Exchange server in response. The Globe also notes that they had to curtail requests for emails under the Open Records law because for each mailbox, 'City officials estimated they would charge $5,000 for six months worth of email.'"

[From the article:

“Clearly, employees cannot delete e-mails that have substantial content,’’ said Secretary of State William F. Galvin, who is responsible for enforcing the law. “The improper deletion of e-mail is a violation of the public records law. Period.’’

Without copies of substantive e-mails that Kineavy or others deleted, however, there is no proof of violations and therefore no sanctions can be imposed, Galvin’s office said

… The city’s most powerful official, Menino, leaves almost no electronic trail that is subject to the public records law, in part because he conducts some city business on his personal cellphone and does not use e-mail. [...and this make him untouchable? Bob]


(Related) I'll be watching this one.

http://www.pogowasright.org/?p=3790

Is personal eMail subject to open-records law?

September 14, 2009 by Dissent Filed under Court, U.S., Workplace

Maya T. Prabhu reports:

A case that will be argued before the Wisconsin Supreme Court in November could set a precedent that affects the way educators and other public employees use their eMail.

The court has agreed to hear a case that will determine whether the public’s right to know what its government is doing extends to reading personal eMails of teachers sent while at work–and legal experts say the employees in question, and all public school employees in general, might not have a reasonable expectation of privacy.

[...]

The case began when a private citizen filed a public-records request asking the Wisconsin Rapids School District to provide eMail messages sent “from the computer [the teachers] use[d] during their school work day” between March 1 and April 13, 2007. He stated that he was on a “fishing expedition” to see if the teachers violated school policy by using their work eMail to discuss school board elections.

Read more in eSchool News.



Not sure there is much new, but good to see it being covered

http://www.pogowasright.org/?p=3788

Designing the personal data stream: Enabling participatory privacy in mobile personal sensing

September 14, 2009 by Dissent Filed under Other

The Abstract from Designing the Personal Data Stream: Enabling Participatory Privacy in Mobile Personal Sensing by Katie Shilton, Jeffrey A. Burke, Deborah Estrin, Ramesh Govindan, Mark Hansen, Jerry Kang, and Min Mun:

For decades, the Codes of Fair Information Practice have served as a model for data privacy, protecting personal information collected by governments and corporations. But professional data management standards such as the Codes of Fair Information Practice do not take into account a world of distributed data collection, nor the realities of data mining and easy, almost uncontrolled, dissemination. Emerging models of information gathering create an environment where recording devices, deployed by individuals rather than organizations, disrupt expected flows of information in both public and private spaces. We suggest expanding the Codes of Fair Information Practice to protect privacy in this new data reality. An adapted understanding of the Codes of Fair Information Practice can promote individuals’ engagement with their own data, and apply not only to governments and corporations, but software developers creating the data collection programs of the 21st century. To support user participation in regulating sharing and disclosure, we discuss three foundational design principles: primacy of participants, data legibility, and engagement of participants throughout the data life cycle. We also discuss social changes that will need to accompany these design principles, including engagement of groups and appeal to the public sphere, increasing transparency of services through voluntary or regulated labeling, and securing a legal privilege for raw location data.

Full-text article available here (pdf).

[From the conclusion:

Mobile sensing provides the ability to bring individuals and groups into research on a massive scale, opening up data collection and participation in data analysis by taking advantage of mobile phones, tools widely adopted across the world.



Interesting read. I (naively) assumed most of this was already in place. How else does a service firm prove their value?

http://www.bespacific.com/mt/archives/022310.html

September 13, 2009

New on LLRX.com - Are Law Firms Ready for Transparency?

Are Law Firms Ready for Transparency? Attorney and KM expert V. Mary Abraham provides details on how one law firm has found a way to create real transparency in its dealings with clients via an extranet, and whether this process may start a trend.



The ICO “undertakings” seem to spell out “what went wrong” quite clearly. Perhaps I'll have my Security students collect and categorize them...

http://www.ico.gov.uk/what_we_cover/data_protection/enforcement.aspx

Information Commissioner's Office

The ICO has legal powers to ensure that organisations comply with the requirements of the Data Protection Act. It is important to note that these powers are focused on ensuring that organisations meet the obligations of the Act.



Technology marches on.

http://www.bespacific.com/mt/archives/022311.html

September 13, 2009

New on LLRX.com: Legal Implications of Cloud Computing - Part One (the Basics and Framing the Issues)

Legal Implications of Cloud Computing - Part One (the Basics and Framing the Issues) - Attorney David Navetta contends that there there will be significant financial pressure on organizations to take advantage of the pricing and efficiency of cloud computing, and if attorneys fail to understand the issues ahead of time there is a serious risk of getting "bulldozed" into cloud computing arrangements without time or resources to address some serious legal issues that are implicated.

[From the article:

Bottom line: this is not your father's outsourcing relationship, and trying to protect clients with contracts may be very difficult or impossible unless the cloud computing community begins to build standards and processes to create trust.

… One of the key differences between a traditional outsourcing relationship and cloud computing is where the data resides or is processed. [This was the most difficult aspect of Cloud Computing for my Security students to get their minds around. Bob]

… In a cloud environment, geography can lose all meaning. Cloud platforms may not be able to tell "where" data is at any given point in time. Data may be dispersed across and stored in multiple data centers all over the world. In fact, use of a cloud platform can result in multiple copies of data being stored in different locations. This is true even for a "private cloud" that is essentially run by a single entity. What this also means is that data in the cloud is often transferred across multiple borders, which (as discussed below) can have significant legal implications.



Basil: Next time someone recommends software to me, I'm going to look at investing in them...

http://www.techcrunch.com/2009/09/13/intuit-to-acquire-former-techcrunch50-winner-mint-for-170-million/

Intuit To Acquire (Former TechCrunch50 Winner) Mint For $170 Million

by Michael Arrington on September 13, 2009



Now this is fun science! Perhaps the Galapagos iguanas have evolved to eat Global Warming scientists?

http://science.slashdot.org/story/09/09/14/0747259/Darwins-Voyage-Done-Over-Live?from=rss

Darwin's Voyage Done Over, Live

Posted by timothy on Monday September 14, @05:12AM from the it-was-live-the-first-time-too dept.

thrill12 writes

"Almost 178 years ago, Charles Darwin set sail in the HMS Beagle, to do the now famous explorations that formed the basis for Darwin's On The Origin Of Species. Now, a group of British and Dutch scientists, journalists and artists set sail again to redo the voyage of the Beagle. This time, they are taking modern equipment with them and they have live connections through Twitter, Youtube, Facebook and Flickr. As they re-explore, and (re)discover, we can join that 8-month-long trip, live over the internet."



I always read the book (honest!) but I also read the Cliff Notes because I didn't always “get” what the author was trying to say. I still don't see what the big deal was about the ducks in Catcher n the Rye.

http://www.makeuseof.com/tag/7-alternatives-to-sparknotes-cliffsnotes-for-book-summaries/

7 Alternatives to SparkNotes & CliffsNotes For Book Summaries

Sep. 14th, 2009 By John McClain

… Sites like SparkNotes and CliffsNotes are often hailed as lifesavers for those reading-intensive classes, providing quick, easy-to-read study guides and summaries of books that students may not have even bothered to read at all. Still, these websites aren’t just for lazy bums, as they do make for great tools with understanding and analyzing the text.

PinkMonkey

With over 460 free study guides, book notes, and chapter summaries, PinkMonkey is a great resource for students.

Shmoop

Shmoop is one of the best sites on the Web for learning about not only literature, but also other school topics like U.S. history, poetry, civics, biography, and even current bestsellers.

JiffyNotes

If you find the book you’re reading on JiffyNotes, it’s worth looking into. While the website’s design isn’t that great, it’s the content that counts.

GradeSaver

GradeSaver is another great place for students in need of help. A well-written summary and analysis is provided for the book’s chapters, with other helpful additions like a glossary of terms, character list, and major themes.

BookRags

BookRags has a sizable collection of free literature summaries and study guides. Along with chapter summaries, the site covers author/context, plot summary, major characters, objects/places, and quotes.

Bookwolf

Like JiffyNotes, Bookwolf’s design isn’t very appealing, but again, content prevails.

WikiSummaries

At just over 300 summaries, WikiSummaries boasts a collection of mostly classic books and novels.

… Students should also be sure to check out these handy online learning tools and the 10+ Web tools to save your butt in school.



Tools & Techniques

http://www.makeuseof.com/tag/masher-%E2%80%93-a-free-online-video-share-tool-to-make-little-photo-stories/

Masher – A Free Online Video Share Tool To Make Little Photo Stories

Sep. 13th, 2009 By Saikat Basu

http://www.masher.com/

[An example: http://www.masher.com/player.jsp?key=78a5f7db-2c08-0559-36f4-0000758146e0&adScheme=0



Put this in your Search or Swiss Army folder.

http://www.phrases.net/

Phrases

Phrases.net is a large collection of common phrases, casual expressions and idioms that can be browsed, searched, rated, heard and translated to several languages.



Tools & Techniques I think I'll mention this to my students. Easiest way to kill it? Make it mandatory!

http://teachingcollegemath.com/?p=1449

Notesharing in the Digital Age

[…]

Here are just a few sites available for free:

  • NoteMesh — this site seems like the most honest of the bunch in that students collaborate to build a set of good notes and there is no profit to be made. Students have to indicate their college/university and add their classes to their profile upon registering. Students in the same class can then post and edit their own notes. Since each class uses a wiki, students are able to view and edit their peers notes as well. Like most wikis, there is a “history feature” which allows you to remove any changes if necessary.

  • Notecentric — this site is similar to NoteMesh but also gives the user the ability to “spy” on other classes.

  • Knetwit - students can (try to) make money off their class notes (one muses to oneself why the student without notes does not just pick up and read their textbook instead)

  • Sharenotes – students (or presumably the professor) can post notes and charge by the download if you’d like. You can also browse institutions for specific notes on specific classes. Some notes are shared free of charge.

  • University Notes — in addition to sharing notes and/or tests nationwide, students can also rate their professors here and use the on-site blog.

Here are some links to other blog posts / articles on this topic in case you are, like us, morbidly fascinated with this industry that is emerging around the economy of notes: