Tuesday, April 20, 2010

Like most of the cases in this blog, the size (number of victims) grows over time. This is because management has no idea what is going on under their nose.

http://www.pogowasright.org/?p=9117

Lower Merion report: Web cams snapped 56,000 images

April 19, 2010 by Dissent

John P. Martin reports:

Lower Merion School District employees activated the web cameras and tracking software on laptops they gave to high school students about 80 times [Not 42 as initially claimed. Bob] in the past two school years, snapping nearly 56,000 images that included photos of students, pictures inside their homes and copies of the programs or files running on their screens, district investigators have concluded.

In most of the cases, technicians turned on the system after a student or staffer reported a laptop missing and turned it off when the machine was found, the investigators determined.

But in at least five instances, school employees let the Web cams keep clicking for days or weeks after students found their missing laptops, [Suggesting that the videos were “no big deal?” Bob] according to the review. Those computers – programmed to snap a photo and capture a screen shot every 15 minutes when the machine was on – fired nearly 13,000 images back to the school district servers.

Read more on Philly.com

[From the article:

In a few other cases, Hockeimer said, the team has been unable to recover images or photos stored by the tracking system.

And in about 15 activations, investigators have been unable to identify exactly why a student's laptop was being monitored.

… "The whole situation was riddled with the problem of not having any written policies and procedures in place," Hockeimer said. "And that impacted so much of what happened here."


(Completely unrelated) ...but just down the road from Ardmore PA... Another case of school management not knowing what was happening in their schools?

http://www.pogowasright.org/?p=9154

Indictment: Robbinsville school IT guy spied with cameras under women’s desks

April 20, 2010 by Dissent

Artemis Coughlan reports:

A technology specialist for the Robbinsville School District has been indicted by a Mercer County grand jury on charges he allegedly set up cameras to spy on female workers at the Sharon Elementary School, prosecutors said yesterday.

Carl A. Alb, 30, of Beech Street, Pennington, is charged with two counts of invasion of privacy for the alleged incident that was discovered last June, prosecutors said. Robbinsville police said no children were involved or harmed in any way. [This assumes they have seen all the images and identified all the victims? Bob]

Read more in The Trentonian.



You can have Privacy, if you work at it. (These aren't perfect, but worth knowing.)

http://howto.wired.com/wiki/Browse_Privately?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Browse Privately

… In these private-browsing modes, now available in all major browsers, your web browser will reject cookies, stop keeping a surfing history and throw away any cached files. As a result, anyone else using your PC wouldn't have a clue what you'd been up to on the web.

Of course, it's important to realize there are plenty of ways your movements are still being tracked.



Shrink wrapping the Internet? How far can this be expanded?

http://www.pogowasright.org/?p=9144

Viewing a site’s jurisdiction statement did not indicate consent, says US court

April 20, 2010 by Dissent

One of the benefits of reading a lot of non-U.S. sites is that I occasionally find out about cases here in the U.S. that I might otherwise miss. In today’s news, Out-Law.com reports on a lawsuit and ruling involving jurisdiction:

Suzanne Shell created sets of information and training materials for families dealing with state child protection services, then later sued a long list of people and organisations for what she said was unauthorised use of her copyrighted works.

Many of the people she sued claimed that the Colorado courts system had no jurisdiction over them. Shell said that many of them were subject to Colorado justice because they had used her website.

The court held that viewing a web site statement saying that anyone using the site consents to jurisdiction in her county was not equivalent to consent binding as it was not the same as site visitors consenting to those terms.



Is this a “Catch 22?”

http://www.pogowasright.org/?p=9156

Judge Says Internet Privacy Lawsuit Can’t Be Private

April 20, 2010 by Dissent

Darryl Huff reports from Honolulu:

A Hawaii woman who said her ex-boyfriend posted sexual pictures of her on the Internet is not being allowed to sue him anonymously.

The woman’s attorney, Christopher K. Ridder of San Francisco, said if his client is forced to reveal her name, it would make the invasion of privacy over which she is suing a public event. She is seeking to sue as “Jane Doe.”

It’s a case that raises difficult legal issues — pitting a woman’s right to privacy against the public’s right to know. It also may determine whether victims of Internet harassment feel safe using the courts for redress.

Jane Doe’s court filings say pictures her ex-boyfriend took a decade ago were posted on a website called “Private Voyeur,” which boasts it has 800,000 viewers. The photo captions revealed her name and her workplace and said she had breast enhancement.

Read more on KITV.



Interesting. This should get everyone thinking about security in the Cloud. If I can recreate your password, I don't need to attack your systems or “tap” your communications. I just logon to your system and start downloading. What indication of “evil doing” would there be for a security system to detect?

http://tech.slashdot.org/story/10/04/20/0131246/Source-Code-To-Google-Authentication-System-Stolen?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Source Code To Google Authentication System Stolen

Posted by kdawson on Monday April 19, @10:04PM

Aardvark writes

"More details are coming out about the extent of the break-in at Google a few months ago. The NY Times is reporting that one of the things stolen was the source code to Google's single sign-on authentication system, called Gaia. Though Google is making changes to the system, the theft raises the possibility that attackers could analyze the code to find new exploits to take advantage of in the future. No wonder that Eric Schmidt recently said they've become paranoid about security."


(Related) Sometimes we forget that the rest of the world works a bit differently...

http://techcrunch.com/2010/04/19/google-censorship/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

Google Is Blocked In 25 Of The 100 Countries They Offer Products In


(Related)

http://www.pogowasright.org/?p=9140

Privacy guardians warn multinationals to respect laws



Reminds me of my late Uncle Wilber, who died testing his anti-submarine idea: “We just cut a hole in the bottom of the ship and drop depth charges!” First rule of security software “Do no harm!”

http://tech.slashdot.org/story/10/04/20/0023238/IE8s-XSS-Filter-Exposes-Sites-To-XSS-Attacks?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

IE8's XSS Filter Exposes Sites To XSS Attacks

Posted by kdawson on Tuesday April 20, @01:22AM

Blue Taxes writes

"The cross-site scripting filter that ships with Microsoft's Internet Explorer 8 browser can be abused by attackers to launch cross-site scripting attacks on websites and web pages that would otherwise be immune to this threat. The IE8 filter works by scanning outbound requests for strings that may be malicious. When such a string is detected, IE8 will dynamically generate a regular expression matching the outbound string. The browser then looks for the same pattern in responses from the server. If a match is made anywhere in the server's response, the browser assumes that a reflected XSS attack is being conducted and the browser will automatically alter the response so that the XSS attack cannot succeed. The researchers figured out a way to use IE8's altered response to conduct simple abuses and universal cross-site scripting attacks, which worked against sites that would not otherwise have been vulnerable to XSS."

Here is the researchers' backgrounder (PDF) on the attack. Microsoft says that they have issued two patches that address the issue, but the researchers insist that holes remain.



The next step in my scheme to let geeks rule the world!

http://yro.slashdot.org/story/10/04/19/2114251/SEC-Proposes-Wall-Street-Transparency-Via-Python?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

SEC Proposes Wall Street Transparency Via Python

Posted by Soulskill on Monday April 19, @06:25PM

An anonymous reader writes

"A US federal agency is considering the use of computing languages to specify legal requirements. 'We are proposing that the computer program be filed on EDGAR in the form of downloadable source code in Python. ... Under the proposed requirement, the filed source code, when downloaded and run by an investor, must provide the user with the ability to programmatically input the user's own assumptions regarding the future performance and cash flows from the pool assets, including but not limited to assumptions about future interest rates, default rates, prepayment speeds, loss-given-default rates, and any other necessary assumptions.' Does this move make sense? If the proposed rule is enacted, it certainly will bring attention to Python or other permitted languages. Will that be a good thing?"

The above quotes were pulled from pages 205 and 210 of the dense, 667-page proposal document (PDF). Market expert and professor of finance Jayanth R. Varma says it's a good idea.


(Related) Remember, you can't have electronic lawyers until the laws are machine readable!

http://www.bespacific.com/mt/archives/024056.html

April 19, 2010

Delaware Posts Authenticated PDF Version of Administrative Code

Delaware's Administrative Code



The care and feeding of your cell phone...

http://cellphones.org/cell-phone-features/

Cell Phone Features



My take: Because it's not “by geeks, for geeks.”

http://www.pcworld.com/article/194506/why_americas_telecom_system_stinks.html

Why America's Telecom System Stinks

Analysis: Technologist Lawrence Lessig exposes a rigged system of poor service for higher cost.



For you e-Discovery lawyers (and my hackers)

http://www.cbsnews.com/stories/2010/04/19/eveningnews/main6412439.shtml

Digital Photocopiers Loaded With Secrets

Your Office Copy Machine Might Digitally Store Thousands of Documents That Get Passed on at Resale


(Related) answer: nothing good. (Also: Source of the phrase “Let George do it.” is revealed)

http://e-discoveryteam.com/2010/04/18/what-can-happen-when-lawyers-delegate-their-e-discovery-duties-to-a-client/

What Can Happen When Lawyers Delegate Their e-Discovery Duties to a Client



So, would this reverse the Google convictions?

http://www.pogowasright.org/?p=9114

Both sides claim victory in Rome court’s privacy ruling

April 19, 2010 by Dissent

Philip Willan reports:

Both sides claimed victory Monday after a Rome judge took a minimalist view of the responsibilities of telecom carriers for stamping out online piracy in a court battle pitting copyright defenders against Internet distributors and privacy interests.

Judge Antonella Izzo rejected a request from the Audiovisual Antipiracy Federation (FAPAV) that Telecom Italia identify customers responsible for copyright violations and report them to the justice authorities, block their access to peer-to-peer Web sites where they were illegally downloading copyright material, and inform them that they had been breaking the law.

Read more on GoodGearGuide.

[From the article:

"We are very pleased because the judge has turned down all of FAPAV's principal requests and established that Telecom Italia is absolutely not responsible for the material carried over its network," a Telecom Italia source said in a telephone interview Monday.



Something for my Statistics (and Excel) students

http://docs.google.com/support/bin/answer.py?hl=en&answer=91610

Gadgets: Motion Chart

If you're tracking several data points to see changes over time, you can create an interactive Motion Chart. Here's how:



For my students

http://www.makeuseof.com/tag/top-10-downloaded-utilities-movers-shakers/

Top 10 Most Downloaded Utilities [Movers & Shakers]

No comments: