Wednesday, February 03, 2010

Why do all these government reports come out on Groundhog's Day? What does “Puxatony Phil” know, and when did he know it?

http://www.bespacific.com/mt/archives/023410.html

February 02, 2010

Annual Threat Assessment of the US Intelligence Community for the Senate Select Committee on Intelligence

Annual Threat Assessment of the US Intelligence Community for the Senate Select Committee on Intelligence, Dennis C. Blair, Director of National Intelligence, February 2, 2010

  • "The national security of the United States, our economic prosperity, and the daily functioning of our government are dependent on a dynamic public and private information infrastructure, which includes telecommunications, computer networks and systems, and the information residing within. This critical infrastructure is severely threatened. This cyber domain is exponentially expanding our ability to create and share knowledge, but it is also enabling those who would steal, corrupt, harm or destroy the public and private assets vital to our national interests. The recent intrusions reported by Google are a stark reminder of the importance of these cyber assets, and a wake-up call to those who have not taken this problem seriously. Companies who promptly report cyber intrusions to government authorities greatly help us to understand and address the range of cyber threats that face us all. I am here today to stress that, acting independently, neither the US Government nor the private sector can fully control or protect the country’s information infrastructure. [I smell the need to prepare us for a failure in the (undeclaired) cyber war to come. Perhaps they wish to crawl into Phil's hole? Bob] Yet, with increased national attention and investment in cyber security initiatives, I am confident the United States can implement measures to mitigate this negative situation."

[From the report:

The strategic landscape has changed considerably for US interests over the past year. We see some improvements, but also several entrenched problems and slow progress in some areas for the foreseeable future. Several large-scale threats to fundamental US interests will require increased attention, and it is on one of these threats that I will focus our initial discussion.



About what you'd expect. “We're doing a great job, but details are too sensitive to discuss here.”

http://www.bespacific.com/mt/archives/023416.html

February 02, 2010

DHS Quadrennial Homeland Security Review Report to Congress

The Department of Homeland Security delivered to Congress the Quadrennial Homeland Security Review (QHSR) Report, A Strategic Framework for a Secure Homeland, Februaru 10, 2010 on February 1, 2010. The QHSR outlines the strategic framework to guide the activities of participants in homeland security toward a common end.

  • "The purpose of the first-ever Quadrennial Homeland Security Review (QHSR) is to outline the strategic framework to guide the activities of participants in homeland security toward a common end. A safe and secure homeland must mean more than preventing terrorist attacks from being carried out. It must also ensure that the liberties of all Americans are assured, privacy is protected, and the means by which we interchange with the world through travel, lawful immigration, trade, commerce, and exchange are secured... The Nation’s first QHSR takes as its aim a vision for our homeland as safe, secure, and resilient against terrorism and other hazards where American interests, aspirations, and way of life can thrive."



They do this because it works.

http://www.bespacific.com/mt/archives/023409.html

February 02, 2010

Phishing Activity Trends Report, 3rd Quarter / 2009

The quarterly APWG (AntiPhishing Working Group) Phishing Activity Trends Report analyzes phishing attacks reported to the APWG by its member companies, its Global Research Partners, through the organization’s website and by email submissions. APWG also measures the evolution, proliferation and propagation of crimeware drawing from the research of our member companies. In the last half of this report you will find tabulations of crimeware statistics and related analyses."



Go where there is lots of data and it is easy to steal.

http://www.databreaches.net/?p=9759

Cybercrime Checks Into The Hotel Industry

February 2, 2010 by admin Filed under Commentaries and Analyses

Andy Greenberg reports:

Over the past year America’s hotels have had some uninvited guests: a wave of increasingly sophisticated invasions by organized cybercriminals.

That’s one finding of a report that cybersecurity researcher Nicholas Percoco plans to present Tuesday at the Black Hat security conference in Arlington, Va. His data shows a spike in hacking incidents that successfully targeted hotels and resorts, what Percoco describes as relatively unprotected sources of thousands or even millions of credit card account details.

Percoco, who works as a security auditor and data breach investigator for the security firm Trustwave, plans to outline the results of around 1,900 audits and 200 breach investigations that his company performed over the last year. The central anomaly in that data: While only 3% of the audits Trustwave performed proactively for companies were commissioned by the hospitality industry, hotels and resorts were victims in 38% of investigations following successful cybercriminal attacks.

Read more in Forbes.

[From the article:

In most cases Percoco says the methods cybercriminals used to gain access to their victims weren't particularly new. In fact, Trustwave tracked cases in which hackers exploited 10-year old software vulnerabilities that had long ago been patched by the software vendors but hadn't been updated by the companies using the applications--or, in many cases, the contractors that hotels hired to handle their information technology support.



Even unive3rsity support staffs can learn!

http://yro.slashdot.org/story/10/02/03/158239/Univ-Help-Desk-Staffer-Extorts-Over-Copyright-Violations?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Univ. Help Desk Staffer Extorts Over Copyright Violations

Posted by timothy on Wednesday February 03, @10:15AM from the judge-jury-and-accounts-payable dept.

McGruber writes

"The Atlanta fishwrap is reporting that an University of Georgia 'IT security support' employee was accusing students of copyright violations, then demanding money to clear their names. Sounds like he's been caught stealing the RIAA business model."



Good on ya, mate!

http://arstechnica.com/tech-policy/news/2010/02/internet-uprising-overturns-australian-censorship-law.ars

Internet uprising overturns Australian censorship law

By Nate Anderson | Last updated February 2, 2010 11:59 AM

… The cries of the outraged citizenry have had an effect. While defending the new rules as recently as yesterday, Atkinson suddenly backed off from them today. He sent a statement to AdelaideNow, one remarkable for its candor.

"From the feedback we've received through AdelaideNow, the blogging generation believes that the law supported by all MPs and all political parties is unduly restrictive. I have listened. I will immediately after the election move to repeal the law retrospectively... It may be humiliating for me, but that's politics in a democracy and I'll take my lumps."


(Related) As usual, Bruce is right!

http://www.pogowasright.org/?p=7522

Anonymity and the Internet

February 3, 2010 by Dissent Filed under Featured Headlines, Internet

Bruce Schneier writes:

Universal identification is portrayed by some as the holy grail of Internet security. Anonymity is bad, the argument goes; and if we abolish it, we can ensure only the proper people have access to their own information. We’ll know who is sending us spam and who is trying to hack into corporate networks. And when there are massive denial-of-service attacks, such as those against Estonia or Georgia or South Korea, we’ll know who was responsible and take action accordingly.

The problem is that it won’t work. Any design of the Internet must allow for anonymity. Universal identification is impossible. Even attribution — knowing who is responsible for particular Internet packets — is impossible. Attempting to build such a system is futile, and will only give criminals and hackers new ways to hide.

Read more on Schneier on Security.



I think this is a first...

http://www.pogowasright.org/?p=7513

U.S. Court Compels Discovery of German Personal Information

February 3, 2010 by Dissent Filed under Court, Featured Headlines

In AccessData Corporation v. ALSTE Technologies GmbH, 2010 U.S. Dist. LEXIS 4566 (D. Utah Jan. 21, 2010) the U.S. District Court for the District of Utah, Central Division, compelled the production of personal information about customers of the German defendant after finding that German laws did not necessarily bar the production of such information and that the Hague Convention did not apply to the requested discovery.

In this breach of contract case, AccessData claimed that ALSTE, a German corporation, owed nearly $80,000 in unpaid invoices for reselling software manufactured by AccessData to ALSTE customers.

In response, ALSTE alleged that the software was defective, and counterclaimed that AccessData violated a separate agreement by failing to pay ALSTE for providing technical support to certain users of the software in Germany.

During discovery, AccessData sought information regarding customer complaints and related injuries. ALSTE’s objections included that disclosing information relating to its customers and their employees would violate German law. AccessData then moved to compel.

Read the eData NewsFlash by Morgan Lewis (pdf).



I can be private! Where's my grant?

http://news.cnet.com/8301-11386_3-10445862-76.html?part=rss&subj=news&tag=2547-1_3-0-20

Google gives millions of dollars in research awards

by Lance Whitney February 2, 2010 10:45 AM PST

… The grants cover four specific areas of interest to Google--machine learning, using mobile phones to collect information on health and the environment, energy-efficient computing, and privacy.

Privacy:

  • Ed Felten of Princeton University

  • Lorrie Cranor of Carnegie Mellon University

  • Ryan Calo of Stanford University's Center for Internet and Society

  • Andy Hopper of Cambridge University Computing Laboratory



http://news.cnet.com/8301-13578_3-10446503-38.html?part=rss&subj=news&tag=2547-1_3-0-20

Police want backdoor to Web users' private data

by Declan McCullagh February 3, 2010 4:00 AM PST

Anyone with an e-mail account likely knows that police can peek inside it if they have a paper search warrant.

But cybercrime investigators are frustrated by the speed of traditional methods of faxing, mailing, or e-mailing companies these documents. They're pushing for the creation of a national Web interface linking police computers with those of Internet and e-mail providers so requests can be sent and received electronically.

… The survey, according to two people with knowledge of the situation, is part of a broader push from law enforcement agencies to alter the ground rules of online investigations. Other components include renewed calls for laws requiring Internet companies to store data about their users for up to five years and increased pressure on companies to respond to police inquiries in hours instead of days.



Is this my “get out of jury duty free” card? I must use email to teach my students – I send my tests via email. (In fact, the restriction only applies to communications about the case, but it is interesting to see the list of technologies.)

http://yro.slashdot.org/story/10/02/02/222231/Courts-Move-To-Ban-Juror-Use-of-Net-Social-Sites?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Courts Move To Ban Juror Use of Net, Social Sites

Posted by kdawson on Wednesday February 03, @02:09AM from the tell-no-one dept.

coondoggie passes along a NetworkWorld report on the pronouncement of a judicial conference committee recommending that trial judges specifically instruct jurors not to use any electronic communications devices or sites during trial and deliberations.

"If you think you're going to use your spanking new iPhone to entertain yourself next time you're on jury duty, think again. Judges are going to take an even dimmer view of jury member use of Blackberry, iPhone, or other electronic devices as a judicial policy-setting group has told district judges they should restrict jurors from using electronic technologies to research or communicate. ... The instructions state jurors must not use cell phones, e-mail, Blackberry, iPhone, text messaging, or on Twitter, or communicate through any blog or website, through any internet chat room, or by way of any other social networking websites, including Facebook, MySpace, LinkedIn, and YouTube."

Here's the committee report (PDF) http://www.uscourts.gov/newsroom/2010/DIR10-018.pdf



A Democrat and a Republican from Colorado are Twitterers. Wish they had something useful to say.

http://www.bespacific.com/mt/archives/023408.html

February 02, 2010

Congress and Twitter - A Growing Relationship

Congress Is All Atwitter, Daniel Newhauser, Roll Call: "Since the microblogging Web site Twitter launched in 2006, tens of millions of people have logged on and churned out billions of 140-character messages called tweets. And Congress has certainly embraced the trend. In fact, by early last year, some 20 Members were using the site, according to Tweet Congress, which monitors Members’ Twitter use. The current count, the group says, is 162 (plus 16 committees and seven caucuses). But computer-savvy political junkies already know that. Whether politicians are using Twitter to its full potential is another matter entirely."



News as entertainment? Avatar meets Walter Cronkite? For my Visual Communications students. (Wait 'till the supermarket tabloids start using this technology!) Seems many of the commenters agree...

http://news.slashdot.org/article.pl?sid=10/02/02/1642207

And Now, the Animated News

Posted by samzenpus on Tuesday February 02, @02:39PM from the portions-of-this-report-have-been-re-enacted dept.

theodp writes

"'You have a lot of missing images, in the TV, in the news reporting,' explains billionaire Jimmy Lai. It's a gap that Lai's Next Media intends to fill with its animated news service. Artists lift details from news photos while actors in motion sensor suits re-create action sequences of stories making headlines. Animators graft cartoon avatars to the live-motion action, and the stories hit the Web. When news agencies didn't have footage of scenes from the Tiger Woods car crash, Lai's team raced to put together animation dramatizing the incident that became a YouTube sensation. Thus far, Lai has been denied a television license, but with or without his own station, he thinks his animations are headed for televisions worldwide. His company is currently in talks with media organizations to churn out news animations on demand using Next Media's graphic artists and software tools



Ah ha! I'll use this to explain correlation to my Statistics students, assuming I can find someone to explain it to me.

http://www.bespacific.com/mt/archives/023415.html

February 02, 2010

Report - Correlation in Credit Risk

Correlation in Credit Risk, Xiaoling Pu, Xinlei Zhao. Office of the Comptroller of the Currency, Economics Working Paper 2009-5, February 2, 2010.

  • "Abstract: We examine the correlation in credit risk using credit default swap (CDS) data. We find that the observable risk factors at the firm, industry, and market levels and the macroeconomic variables cannot fully explain the correlation in CDS spread changes, leaving at least 30 percent of the correlation unaccounted for. This finding suggests that contagion is not only statistically but also economically significant in causing correlation in credit risk. Thus, it is important to incorporate an unobservable risk factor into credit risk models in future research. We also find, consistent with some theoretical predictions, that the correlation is countercyclical and is higher among firms with low credit ratings than among firms with high credit ratings.


(Related) ...and I can use this as a cautionary tale. Not all correlations make sense. Sometimes a symptom is misinterpreted as a cause.

http://www.wired.com/autopia/2010/02/could-cars-have-caused-the-mortgage-meltdown/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Could Cars Have Caused the Mortgage Meltdown?

By Keith Barry February 2, 2010 8:30 am

In yet another analysis of the causes behind the current financial crisis, it turns out that vehicle ownership and a lack of access to public transportation may be just as predictive of mortgage foreclosure rates as low credit scores and high debt-to-income ratios.

Such are the results of a study, commissioned by the Natural Resources Defense Council, of foreclosure rates in San Francisco, Chicago and Jacksonville, Florida. The survey found mortgage holders were less likely to face foreclosure (.pdf) if they lived in “compact” neighborhoods with sufficient public transit to make owning a car optional.



Tools & Techniques Intercept and listen to ANY iPhone

http://apple.slashdot.org/article.pl?sid=10/02/02/1827219

New iPhone Attack Kills Apps, Reroutes Web Traffic

Posted by kdawson on Tuesday February 02, @04:11PM from the dead-cert dept.

Trailrunner7 sends in a threatpost.com article on exploiting flaws in the way the iPhone handles digital certificates. "[Several flaws] could lead to an attacker being able to create his own trusted certificate and entice users into downloading malicious files onto their iPhones. The result of the attack is that a remote hacker is able to change some settings on the iPhone and force all of the user's Web traffic to run through any server he chooses, and also to change the root certificate on the phone, enabling him to man-in-the-middle SSL traffic from that phone. ... Charlie Miller, an Apple security researcher at Independent Security Evaluators, said that the attack works, although it would not lead to remote code execution on the iPhone. 'It definitely works. I downloaded the file and ran it and it worked,' Miller said. 'The only thing is that it warns you that the file will change your phone, but it also says that the certificate is from Apple and it's been verified.'"



The market for free software. Remember, Open Office started as an IBM sponsored project in Europe. Also note that the research method apparently required no interaction with people.

http://tech.slashdot.org/story/10/02/02/2148201/OpenOffice-Tops-21-Market-Share-In-Germany?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

OpenOffice Tops 21% Market Share In Germany

Posted by kdawson on Tuesday February 02, @11:07PM from the camel's-head-and-neck dept.

hweimer writes

"A novel study analyzes the installed base of various office packages among German users. (Here is the original study report in German and a Google translation.) While Microsoft Office comes out top (72%), open source rival OpenOffice is already installed on 21.5% of all PCs and growing. The authors use a clever method to determine the installed office suites of millions of web users: they look for the availability of characteristic fonts being shipped with the various suites. What surprised me the most is that they found hardly any difference in the numbers for home and business users."


(Related) The trend continues.

http://politiken.dk/newsinenglish/article890196.ece

Denmark chooses open formats

AF Julian Isherwood

As of April next year, Danish state communication will be in open formats that fulfill set principles for open standards.

After four years of discussion, Parliamentary parties have decided to use open formats and to produce a list of acceptable document types.

A previous suggestion that this immediately precludes Microsoft's OOXML format proves not to be the case.

My ambition is that in the future we will only communicate using open standards,” Science Minister Helge Sander told Parliament.

But he later rejected as 'ridiculous' media reports that the decision excluded Microsoft's products.



For parents?

http://www.makeuseof.com/dir/growshow-time-lapse-imaging/

GrowShow: Time Lapse Imaging Tool For Parents

Everybody has tons of pictures for their kids starting right from their birth. GrowShow is a time lapse imaging tool that lets you organize those pictures into a chronological order without any extra effort. Simply upload the pictures to GrowShow and they will automatically be sequenced.

www.growshow.com

Similar sites: Baby-Connect and Kidmondo.



Tools & Techniques Something for my website class (and all the programmers)

http://www.makeuseof.com/dir/quickhighlighter-code-syntax-highlighter/

QuickHighlighter: Free Code Syntax Highlighter Online

Quick Highlighter is a simple code syntax highlighter that highlights any programming code for easier reading and sharing. It converts any code to a formatted and highlighted text so you can quickly paste it to your webpage and share it with your readers.

Quick Highlighter supports over a hundred programming languages including Javascript, CSS, HTML, XML, Visual Basic, and many more.

Free, no signup is required.

www.quickhighlighter.com



MakeUseOf.com had an interesting article on making your printer wireless, but they seem to be having a database connection glitch, so I found some alternative articles. Now my wife can print from her laptop without bothering asking for my assistance.

http://www.laptopmag.com/Advice/tips/how-to-make-your-printer-wireless.aspx

http://www.ehow.com/how_4530941_make-printer-wireless.html


No comments: