Saturday, January 16, 2010

How long before someone (one hopes, a judge) find this “selective ignorance” excuse less than satisfying?

http://www.thetechherald.com/article.php/201002/5090/SCNB-hit-by-breach-%C2%96-over-8-000-clear-text-credentials-stolen

SCNB hit by breach – over 8,000 clear text credentials stolen

by Steve Ragan - Jan 15 2010, 18:04

'Twas the night before Christmas, when Suffolk Bancorp said an internal audit by Suffolk County National Bank (SCNB) discovered that over 8,000 customer online banking credentials were snatched from a server where they resided in plain text.

… After the attack was discovered, the servers used by SCNB were rebuilt and various other security measures were put in place. [Why is it that you never have time to do it right but you always find time to do it over? Bob]

… Neither SCNB, nor their parent Suffolk Bancorp, would discuss the technical aspects of the breach, which occurred over a six-day period from November 18-23. [We didn't look for it at the time, but in retrospect it's obvious. Bob] They said in a statement that they have detected no unauthorized use of the stolen credentials since the attack. [Not that we've been looking for any... Bob]



For the hack collection. Note that any inadvertent error can be converted to a non- inadvertent error (dis-inadvertent?) When you link to a site like Facebook, details of your connection are stored in a table (so Facebook can talk back to you). So all you need to do is cause their server to scroll up or down the table!

http://www.pogowasright.org/?p=6995

Network Flaw Causes Scary Web Error

January 16, 2010 by Dissent Filed under Breaches, Featured Headlines, Internet

Jordan Robertson reports:

A Georgia mother and her two daughters logged onto Facebook from mobile phones last weekend and wound up in a startling place: strangers’ accounts with full access to troves of private information.

The glitch – the result of a routing problem at the family’s wireless carrier, AT&T – revealed a little known security flaw with far reaching implications for everyone on the Internet, not just Facebook users.

In each case, the Internet lost track of who was who, putting the women into the wrong accounts. It doesn’t appear the users could have done anything to stop it. The problem adds a dimension to researchers’ warnings that there are many ways online information – from mundane data to dark secrets – can go awry.

Read more from The Associated Press.



In the old Soviet Union, they put you in the psych ward on heavy drugs.

http://www.phiprivacy.net/?p=1847

FL: Appeals court hears case of pregnant woman ordered to stay at TMH

By Dissent, January 16, 2010 8:54 am

Portman reports:

Does a woman lose her right to make medical decisions for herself when she is pregnant? Can the state effectively treat her as little more than an “incubator,” subject to the total control of her doctor?

Those are the key questions raised by attorneys on behalf of a Wakulla County woman whose case was heard last week by the 1st District Court of Appeal.

Samantha Burton was 25 weeks pregnant last March when she went for a prenatal doctor’s visit and was admitted into Tallahassee Memorial Hospital because of complications.

“I was desperately hoping to receive the care I needed to save my baby,” she said.

After examining Burton, Dr. Jana Bures-Forsthoefel found the 29-year-old mother of two had a ruptured membrane, had started contractions and was at risk of infection or premature birth, jeopardizing her health and the life of her unborn child.

Burton was ordered to immediately quit smoking and stay in the hospital on bed rest for the remainder of her pregnancy, but Burton didn’t like that idea. She wasn’t happy with care she was getting and wanted to go to another hospital and get a second opinion. She wanted to be able to go home.

Only, Burton wasn’t allowed to leave. [In less progressive states, that's called kidnapping. Bob]

Read more on Tallahassee.com



What would happen if they looked at my laptop and were able to determine that I had electronically transferred all my files to the law firm of Moe, Larry & Curly?

http://www.pogowasright.org/?p=6990

Laptop Search Documents Revealed

January 15, 2010 by Dissent Filed under Govt, Surveillance

Thomas Claburn reports:

Documents detailing nine months of searches and seizures of electronic devices by U.S. Customs and Border Protection (CBP) agents were released on Thursday by the American Civil Liberties Union, offering previously unavailable insight into border searches. Last summer, the Department of Homeland Security released new rules governing searches of laptops and other electronic devices at airports and other border crossings. The rules, regarded as an improvement in terms of clarity, nonetheless continued Bush administration policies giving government agents the right to search electronic devices as if they were suitcases or backpacks, without cause.

In February, 2009, the U.S. Supreme Court let stand an appeals court ruling that laptops are like suitcases and can be searched at borders without reasonable suspicion.

Read more on InformationWeek.

[From the ACLU:

Between July 2008 and June 2009, CBP transferred electronic files found on travelers' devices to third-party agencies almost 300 times. Over half the time, these unknown agencies asserted independent bases for retaining or seizing the transferred files. More than 80 percent of the transfers involved the CBP making copies of travelers' files.

… Those interested in analyzing the data themselves may find these spreadsheets useful. [Something for my Spreadsheet and Computer Forensics classes. Bob]



Cyber-War: See? I thought this smelled bigger than the early stories were indicating. What is the electronic equivalent of a declaration of war? What level must a “sneak attack” reach before it is considered an act of war? Are any industries/institutions protected by an electronic Geneva Conventions? If not, expect hospitals, banks, social security, etc. to be targeted. Why not? How would we respond in kind?

http://www.computerworld.com/s/article/9145218/U.S._to_lodge_formal_protest_with_China_over_alleged_cyberattacks

U.S. to lodge formal protest with China over alleged cyberattacks

State Department will present concerns in Beijing next week

By Jaikumar Vijayan January 15, 2010 01:29 PM ET

Computerworld - The U.S. will lodge a formal protest with China over the nation's alleged involvement in cyberattacks against Google.

More than 30 other companies also appear to have been targeted in the same attacks prompting widespread concern over state-sponsored cyberattacks originating from China.

Many security analysts say these kinds of cyber attacks are unlikely to be deterred by policy statements or expressions of protest given the enormous economic stakes involved. At that same time they also concede there is nothing the government can do by way of launching retaliatory attacks or initiating other non-diplomatic forms of response against cyber-adversaries operating out of China.


(Related) Perhaps I should design a “Citizen Retaliation” class? (Hacking for Vigilantes?) At least I could start collecting the tools.

http://tech.slashdot.org/story/10/01/16/029201/Code-Used-To-Attack-Google-Now-Public?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Code Used To Attack Google Now Public

Posted by timothy on Friday January 15, @10:46PM from the clever-scoundrels-still-scoundrels dept.

itwbennett writes

"The IE attack code used in last month's attack on Google and 33 other companies was submitted for analysis Thursday on the Wepawet malware analysis Web site. One day after being made publicly available, it had been included in at least one hacking tool and could be seen in online attacks, according to Dave Marcus, director of security research and communications at McAfee. Marcus noted that the attack is very reliable on IE 6 running on Windows XP, and could possibly be modified to work on newer versions of IE."



Oh look boys & girls, another new tax. And since it's a property tax, you don't even need to be profitable to pay it!

http://www.bespacific.com/mt/archives/023264.html

January 15, 2010

Treasury Fact Sheet: Financial Crisis Responsibility Fee

News release: "Today, the President announced his intention to propose a Financial Crisis Responsibility Fee that would require the largest and most highly levered Wall Street firms to pay back taxpayers for the extraordinary assistance provided so that the TARP program does not add to the deficit.

  • The fee the President is proposing would: Require the Financial Sector to Pay Back For the Extraordinary Benefits Received; Responsibility Fee Would Remain in Place for 10 Years or Longer if Necessary to Fully Pay Back TARP; Raise Up to $117 Billion to Repay Projected Cost of TARP; Apply to the Largest and Most Highly Levered Firms..."

[From the Press Release:

Fee Assessed at Approximately 15 Basis Points (0.15 Percent) of Covered Liabilities Per Year

Covered Liabilities = Assets - Tier 1 capital - FDIC-assessed deposits (and/or insurance policy reserves, as appropriate)



What are they hiding?

http://entertainment.slashdot.org/story/10/01/15/208219/Adding-Up-the-Explanations-For-ACTAs-Shameful-Secret?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Adding Up the Explanations For ACTA's "Shameful Secret"

Posted by ScuttleMonkey on Friday January 15, @05:25PM from the trying-to-pull-a-fast-one dept.

Several sources are reporting on a Google event this week that attempted to bring some transparency to the Anti-Counterfeiting Trade Agreement (ACTA) that has so far been treated like a "shameful secret." Unfortunately, not many concrete details were uncovered, so Ars tried to lay out why there has been so much secrecy, especially from an administration that has been preaching transparency.

"The reason for that was obvious: there's little of substance that's known about the treaty, and those lawyers in the room and on the panel who had seen one small part of it were under a nondisclosure agreement. In most contexts, the lack of any hard information might lead to a discussion of mind-numbing generality and irrelevance, but this transparency talk was quite fascinating—in large part because one of the most influential copyright lobbyists in Washington was on the panel attempting to make his case. [...] [MPAA/RIAA Champion Steven] Metalitz took on three other panelists and a moderator, all of whom were less than sympathetic to his positions, and he made the lengthiest case for both ACTA and its secrecy that we have ever heard. It was also surprisingly unconvincing."



Why do I keep harping on the fact that providers aren't investing in infrastructure? Because it's pretty obvious they aren't. Come on guys! It's for the children!

http://news.cnet.com/8301-1035_3-10434930-94.html

Akamai: World's Net connection speeds rising

by Lance Whitney January 14, 2010 11:23 AM PST

More cities and countries are enjoying faster Internet speeds, according to the latest State of the Internet report released Wednesday by Akamai.

Looking at the third quarter of 2009, the report found that most countries in the top-10 list for Internet performance saw an average 18 percent increase in speed from the second quarter. South Korea topped the list, with a 29 percent jump in speed to 14.6 megabits per second, while Ireland came in second for most improved, with a 26 percent rise to 5.3Mbps.

The United States failed to make the top-10 list again, coming in 18th, with a 1.8 percent increase to reach an average connection speed of 3.9Mbps.



The music industry saw this website as a place to contact safe-crackers, get-away drivers and a fence. The court saw it as a listing for garage sales.

http://yro.slashdot.org/story/10/01/15/174249/In-UK-Oink-Admin-Cleared-of-Fraud?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

In UK, Oink Admin Cleared of Fraud

Posted by kdawson on Friday January 15, @02:35PM from the bpi-not-best-pleased dept.

krou writes

"The BBC is reporting that Alan Ellis, who ran music file sharing site Oink from his flat in the UK, has been found not guilty of conspiracy to defraud. Between 2004 and 2007, the site 'facilitated the download of 21 million music files' by allowing its some 200,000 'members to find other people on the web who were prepared to share files.' Ellis was making £18,000 a month ($34,600) from donations from users, and claimed that he had no intention of defrauding copyright holders, and said 'All I do is really like Google, to really provide a connection between people. None of the music is on my website.'"

Reader Andorin recommends Torrentfreak's coverage, which includes summaries of the closing arguments.



Humor? Certainly one of the dumber ideas... But perhaps I could get a copyright on “electronically looking askance?”

http://news.cnet.com/8301-17852_3-10436071-71.html?part=rss&subj=news&tag=2547-1_3-0-20

Oh goody!!!!!! A punctuation mark for sarcasm

by Chris Matyszczyk January 15, 2010 3:36 PM PST



Tools & Techniques Could be useful for the e-Discovery crowd or researchers looking to archive search results – even simple handouts.

http://news.cnet.com/8301-27076_3-10436073-248.html?part=rss&subj=news&tag=2547-1_3-0-20

PDFmyURL turns any site into a PDF

by Josh Lowensohn January 15, 2010 3:29 PM PST

PDF enthusiasts have a new Web converter tool at their disposal with PDFmyURL, a simple, one-function site that converts any live Web site into a static PDF file--something handy for offline reading, long-term archiving, and sticking on PDF-friendly e-book readers like Amazon's Kindle. It can also be a lifesaver, if you're on a computer without PDF-making software that would otherwise enable you to "print" a PDF copy of your own.



I'm gonna make this article into a poster for my “geek” classes.

http://www.wired.com/dangerroom/2010/01/darpa-us-geek-shortage-is-a-national-security-risk/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Darpa: U.S. Geek Shortage Is National Security Risk



For my students, when I assign those pesky group projects.

http://www.makeuseof.com/tag/share-your-desktop-remotely-with-multiple-viewers-easily-with-logmein-express/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Makeuseof+%28MakeUseOf.com%29

Share Your Desktop Remotely With Multiple Viewers Easily With LogMeIn Express

By Tim Lenahan on Jan. 15th, 2010

… LogMeIn has come up with yet ANOTHER free product for us to try called LogMeIn Express. So far I love LogMeIn Express because it overcomes one tedious obstacle that LogMeIn Free has, and that’s the installation on the PC to be controlled.

Say your grandma who lives in Florida calls and needs you to show her how to find a lost Word document or how to update her status on her new Facebook account. And say YOU live in Maine. Well, you’re not there with her to install the LogMeIn program for her and she doesn’t have the “know how.” Read this article to see how easy it really is for her to share her desktop remotely with you using LogMeIn Express.

If you want to share your desktop with someone, head on over to the LogMeIn Express website, click the “share” button, download the very small file (under a meg), and run it.



This one may be a bit ahead of its time. (Would work for 95% of my students, but only 10% of us professors.)

http://www.techcrunch.com/2010/01/15/mightymeeting-mobile-presentation/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

MightyMeeting Lets You Conduct PowerPoint Presentations From Your Smartphone

by Jason Kincaid on January 15, 2010

... MightyMeeting allows you to use your smartphone to host a PowerPoint presentation while you’re on the go, and also lets you manage your library of Office and PDF files from your phone.



This could be fun. Incorporate the college logo into a cursor...

http://www.makeuseof.com/tag/realworld-cursor-editor-%E2%80%93-for-those-who-love-to-make-their-own-free-cursors/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Makeuseof+%28MakeUseOf.com%29

RealWorld Cursor Editor – Make Yourself A Custom Mouse Cursor

By Saikat Basu on Jan. 15th, 2010

… The freeware cursor application helps us create beautiful cursors –static or animated from image files. More importantly, one doesn’t have to have a degree in Fine Arts to design the cursors. A friendly wizard takes us through the steps. The drag and drop interface like any good graphic editor also gives it another point on the scale of user friendliness.

The RealWorld Cursor Editor comes as a 6.6MB download bundle and also has the option of a 7.2MB portable version.

Friday, January 15, 2010

I'm noticing more and more articles reporting that regulatory agencies are (finally!) starting to get serious about enforcing basic (common sense) security practices.

http://www.phiprivacy.net/?p=1835

(follow-up) Ca: Durham told to encrypt health data on mobile devices

By Dissent, January 14, 2010 1:17 pm

Ontario’s privacy commissioner is ordering Durham Region’s health officer to ensure medical data is encrypted on portable devices.

The order follows an incident in December when the health data of more than 83,000 people who received H1N1 flu shots went missing.

A nurse was taking a USB key containing the records to her car in Whitby, Ont., to take it to a clinic site when the device was lost.

Commissioner Ann Cavoukian says she also expects all health data stored on mobile devices in Ontario to include strong encryption.

Read more from The Canadian Press.



Apparently, this is now “where the money is.”

http://www.phiprivacy.net/?p=1839

FEATURED: Medical Identity Theft Is Low-Tech, High-Risk and Rapidly Growing

By Dissent, January 14, 2010 3:44 pm

Reprinted from REPORT ON PATIENT PRIVACY, the industry’s most practical source of news on HIPAA patient privacy provisions.

By Liana Heitin, Editor

With many legislators, law enforcement officials, and privacy experts now calling it the fastest-growing type of crime, medical identity theft has emerged as a forefront issue for health care providers.

And while ID theft may conjure images of hackers overriding systems with sophisticated technology, the reality is that stealing health care information is generally a low-tech endeavor. Stepping into 2010, health care providers should be vigilant about the physical safekeeping of portable tech equipment and take a hard look at their employee hiring and training practices.

Read more on AIS Health.

[From the article:

There are four types of medical ID theft, Rhodes explains:

(1) One-off: An insured individual gives his or her insurance card to a relative, and the relative accesses medical services under that person’s name. Or an individual sells his or her insurance card on the street.

(2) Insider: An employee at a health care organization who has the ability to process bills files false claims. Often the employee sets up a bank account and has the payment sent directly there.

(3) Organized crime: Insiders steal and sell patient information, or pay off beneficiaries to give it to them. The organized crime unit sets up a sham medical business and files false claims.

(4) Drug seeking: People buy or steal others’ insurance information for the purpose of obtaining narcotics.


(Related) but opposite? Still, the judge based his decision on the existence of a real (reasonable?) security effort

http://www.databreaches.net/?p=9447

(follow-up) Kr: Website not responsible for data theft

January 14, 2010 by admin Filed under Breach Incidents, Business Sector, Hack, Non-U.S., Of Note

This is one of the breaches in the top 10 list, where I had previously noted that some sources said 18 million were affected by the hack, while Auction claimed 10.8 million. Whatever the correct number, the online service was found not to be responsible for the breach.

Joong Ang Daily Reports:

A local court ruled against 146,000 users of online shopping mall Auction who filed a class-action suit asking for 150 billion won ($133 million) in compensation from the retailer for not preventing the leak of millions of users’ personal data by a 2008 hackers attack from China. Ending legal dispute more than a year old, the Seoul Central District Court handed down its verdict in its first trial on the issue.

There’s no evidence that the Auction was lenient about its security countermeasures against hacking,” said Lim Seong-guen, a judge who presided over the case. “It’s not legally mandatory for companies to set up firewalls for their Web sites and considering that there was low credibility over installing firewalls among businesses at that time, it’s hard to say Auction is liable for the breach.”

Though it’s regretful that the online retailer’s Web site was attacked by hackers that led a leak of names, ID numbers, addresses and phone numbers, Lim said Auction was unable to prevent the attack because security technology at that time couldn’t block the hackers. [Not that's an interesting argument. Bob] “Though Auction does not bare legal responsibility, it would be desirable if the company takes ethical responsibility and takes appropriate measures for users,” Lim continued.

Read more on Joong Ang Daily.

The Korea Herald also provides coverage of the decision:

Auction, a major online open market, is not responsible for the theft of its customers’ personal information, the Seoul Central District Court ruled yesterday.

Auction cannot be seen as having violated any duties as a Web service provider,” ruled the court.

The company also immediately reported the data breach to authorities and to its customers, and thus may be seen as having taken appropriate countermeasures, said the court.

Read more in The Korea Herald.


(Related) So, what's reasonable in the US? A Colorado lawyer has an opinion.

http://www.databreaches.net/?p=9454

Online Banking and “Reasonable Security” Under the Law: Breaking New Ground?

January 14, 2010 by admin Filed under Commentaries and Analyses, Of Note

David Navetta writes:

With the report of another data security-related lawsuit involving online banking (another 2009 lawsuit referenced here involved an alleged loss of over $500,000), and a recent victory for a plaintiff on a summary judgment motion in a similar online banking data security breach case, the question arises whether online banking breaches will yield some substantive case law on the issue of “reasonable” security procedures as a matter of law. [Interesting topic for a law journal article. Does the law say anything about “reasonable security” now? (Think “T. J. Hooper?”) Bob] Ironically, this question may be answered by reference to a 20 year old model code (UCC 4A) originally drafted to address technological advances from that era. This post explores two complaints recently filed against banks for online banking (Patco Construction Co. v. People’s United Bank (”PATCO”) and JM Test Systems, Inc. v. Capital One Bank (”JMT”)) and a court’s ruling on a motion for summary judgment in similar lawsuit (Shames-Yeakel v. Citizens Bank Memo and Memo Order on Motion for Summary Judgment – “Shames-Yeakel” case). In short, since the Shames-Yeakel case proceeded past the “damages” pleading phase, it (and possibly these other online breach suits) reveals how some courts view security “standards” and approach the question of whether a company has achieved “reasonable security.” I also believe they demonstrate the difficulty defendants face if they have to defend their security measures in a litigation context after a security breach.

Read more on InformationLawGroup.



This just keeps getting more interesting.

http://www.databreaches.net/?p=9469

Google Hack Attack Was Ultra Sophisticated, New Details Show

January 15, 2010 by admin Filed under Breach Incidents, Hack, Malware

Kim Zetter reports:

Hackers seeking source code from Google, Adobe and dozens of other high-profile companies used unprecedented tactics that combined encryption, stealth programming and an unknown hole in Internet Explorer, according to new details released by researchers at anti-virus firm McAfee.

We have never ever, outside of the defense industry, seen commercial industrial companies come under that level of sophisticated attack,” says Dmitri Alperovitch, vice president of threat research for McAfee. “It’s totally changing the threat model.” [No, it's not. Bob]

In the wake of Threat Level’s story disclosing that a zero-day vulnerability in Internet Explorer was exploited by the hackers to gain access to Google and other companies, Microsoft has published an advisory about the flaw that it already had in the works. McAfee has also added protection to its products to detect the malware that was used in the attacks and has now gone public with a number of new details about the hacks.

Read more on Threat Level.


(Related) Seems I've heard stories like this before.

http://blogs.laweekly.com/ladaily/city-news/law-firm-cyber-attack/

L.A. Law Firm Reports Cyber Attack From China

By Dennis Romero in City News, community, crime Thu., Jan. 14 2010 @ 6:00AM

A Los Angeles law firm representing a company suing China for allegedly stealing its software code announced its computers have come under a cyber-attack that originated in the Asian nation and that the FBI is investigating the attempted intrusion.

[See our original post about the lawsuit against China here].



If not Big Brother, at least “Getting Bigger” Brother. Of course, their job is: “overseeing policies relating to privacy,” so we have noting to worry about. No Conspiracy Theories here! This is not the Blogger you want!

http://politics.slashdot.org/article.pl?sid=10/01/14/2226219

Obama Appointee Sunstein Favors Infiltrating Online Groups

Posted by timothy on Thursday January 14, @05:28PM from the freedom-of-somethingeruther dept.

megamerican writes

"President Barack Obama's appointee to head the Office of Information and Regulatory Affairs advocated in a recent paper the 'cognitive infiltration' of groups that advocate 'conspiracy theories' like the ones surrounding 9/11 via 'chat rooms, online social networks, or even real-space groups and attempt to undermine' those groups. Sunstein admits that 'some conspiracy theories, under our definition, have turned out to be true' [But that's okay, we can undermine them too. Bob] Sunstein has also recently advocated banning websites which post 'right-wing rumors' [Like: “Liberals are nuts?” Bob] and bringing back the Fairness Doctrine. You can find a PDF of his paper here. For decades (1956-1971), the FBI under COINTELPRO focused on disrupting, marginalizing and neutralizing political dissidents, most notably the Black Panthers. More recently CENTCOM announced it would be engaging bloggers 'who are posting inaccurate or untrue information, as well as bloggers who are posting incomplete information.' In January 2009 the USAF released a flow-chart for 'counter-bloggers' to 'counter the people out there in the blogosphere who have negative opinions about the US government and the Air Force.'" [Yeah, but that's fighting lies with truth. This advocates fighting opinion (granted, often mis-informed) with lies. Boo! Bob]

[From the paper:

(1) Government might ban conspiracy theorizing.

(2) Government might impose some kind of tax, financial or otherwise, on those who disseminate such theories.

(3) Government might itself engage in counterspeech, marshaling arguments to discredit conspiracy theories.

(4) Government might formally hire credible private parties to engage in counterspeech.

(5) Government might engage in informal communication with such parties, encouraging them to help.

[How about: Government might ignore anyone who thinks Osama bin Laden is the Tooth Fairy? Bob]



Food for thought?

http://www.wired.com/thisdayintech/2010/01/0115martin-luther-king-warns?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Jan. 15, 1929: Birth of a Moral Compass, Even for Science

By Tony Long January 14, 2010 8:00 pm

… King delivered a lecture at the University of Oslo, Norway, on Dec. 11, 1964, the day after receiving the Nobel Peace Prize. He argued that progress in science and technology has not been equaled by “moral progress” — instead, humanity is suffering from a “moral and spiritual lag.”



How could they not be considered a trust? I don't understand all the arguments though.

http://yro.slashdot.org/story/10/01/15/1329200/Antitrust-Case-Against-RIAA-Reinstated?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Antitrust Case Against RIAA Reinstated

Posted by kdawson on Friday January 15, @08:45AM from the collusion-and-restraint dept.

NewYorkCountryLawyer writes

"After Starr v. SONY BMG Music Entertainment was dismissed at the District Court level, the antitrust class action against the RIAA has been reinstated by the US Court of Appeals for the Second Circuit. In its 25-page opinion (PDF), the Appeals court held the following allegations sufficiently allege antitrust violations: 'First, defendants agreed to launch MusicNet and pressplay, both of which charged unreasonably high prices and contained similar DRMs. Second, none of the defendants dramatically reduced their prices for Internet Music (as compared to CDs), despite the fact that all defendants experienced dramatic cost reductions in producing Internet Music. Third, when defendants began to sell Internet Music through entities they did not own or control, they maintained the same unreasonably high prices and DRMs as MusicNet itself. Fourth, defendants used MFNs [most favored nation clauses] in their licenses that had the effect of guaranteeing that the licensor who signed the MFN received terms no less favorable than terms offered to other licensors. For example, both EMI and UMG used MFN clauses in their licensing agreements with MusicNet. Fifth, defendants used the MFNs to enforce a wholesale price floor of about 70 cents per song. Sixth, all defendants refuse to do business with eMusic, the #2 Internet Music retailer. Seventh, in or about May 2005, all defendants raised wholesale prices from about $0.65 per song to $0.70 per song. This price increase was enforced by MFNs.'"



Strange to me. Are they admitting they were treating everyone like pirates and now they'll take your word you aren't a pirate?

http://torrentfreak.com/comcasts-bittorrent-settlement-excludes-pirates-100114/

Comcast’s BitTorrent Settlement Excludes Pirates

Written by Ernesto on January 14, 2010

A few weeks ago Comcast decided to settle one of the class action lawsuits brought against the ISP in response to its BitTorrent throttling actions. Affected users can now claim their part of the $16 million fund [$16 each. Bob] that was setup, but only if they state under penalty of perjury that BitTorrent was never used to download copyrighted content.

… Whatever the motivation to include this option, it is completely irrelevant to the case itself. Comcast has never used copyright infringement as a justification for stopping BitTorrent traffic, so the lawfulness of the traffic should not be an issue.



These cards allow employees to bypass all that pesky (and time consuming) security. Why don't we screen airport workers exactly the same way we screen passengers? Because they are the stage hands in our little “security theater.” (i.e. they know how the rabbit gets in the hat.)

http://it.slashdot.org/story/10/01/15/0744204/Airport-Access-IDs-Hacked-In-Germany?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Airport Access IDs Hacked In Germany

Posted by timothy on Friday January 15, @04:50AM from the wilkommen-sie-herr-aktentasche dept.

security

teqo writes

"Hackers belonging to the Chaos Computer Club have allegedly cloned digital security ID cards for some German airports successfully which then allowed them access to all airport areas. According to the Spiegel Online article (transgoogleation here), they used a 200 Euro RFID reader to scan a valid security ID card, and since the scanner was able to pretend to be that card, used it to forge that valid ID. Even the airport authorities say that the involved system from 1992 might be outdated, but I guess it might be deployed elsewhere anyway."



Interesting that this is happening in English speaking countries. Is that why we haven't seen it here?

http://www.pogowasright.org/?p=6970

AU: ALRC renews data loss financial penalty call

January 14, 2010 by Dissent Filed under Breaches, Legislation, Non-U.S.

Christina Zhou reports:

The Australian Law Reform Commission (ALRC) has renewed its call for fines for failing to notify the privacy commissioner of data breaches after the UK introduced penalties of up to half a million pounds. [Way to low a cap, in my opinion. Bob]

The ALRC initially made the call in its report: For Your Information: Australian Privacy Law and Practice released in 2008.

Authorities in the UK recently amended the Data Protection Act to allow the Information Commissioner to issue fines for data breaches of up to £500,000.

Read more in Computerworld (AU)



These “studies” never satisfy me. I need to check their assumptions, because as near as I can tell, I've never spent $9,000 on commuting so even if public transportation was free I couldn't save that much.

http://www.bespacific.com/mt/archives/023260.html

January 14, 2010

Report: Riding Public Transit Saves Individuals $9,242 Annually

News release: "Individuals who ride public transportation can save on average $9,242 annually based on the January 11, 2010 national average gas price and the national unreserved monthly parking rate. Compared to last year at this time, the average cost per gallon of gas was $1.79 which is nearly $1 less than the current price of gas at $2.75 per gallon. This increase in cost equates to an additional $600 in savings per year for transit commuters as compared to last year’s savings amount at this same time. “The Transit Savings Report” released monthly by the American Public Transportation Association (APTA) calculates the average annual and monthly savings for public transit users. The report examines how an individual in a two-person household can save money by taking public transportation and living with one less car."



At first, I thought this would be an interesting add-on for my website students. But it might also catch some plagiarism (not my students of course) if the tag was a bit more subtle (say a character or two) Better block all those pesky JavaScript thingies...

http://yro.slashdot.org/story/10/01/14/1818222/Tynt-Insight-Is-Watching-You-Cut-and-Paste?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Tynt Insight Is Watching You Cut and Paste

Posted by timothy on Thursday January 14, @01:31PM from the peeking-at-your-poke dept.

jerryasher writes

"In recent weeks I've noticed that when I copy and paste text from Wired and other websites, the pasted text has had the URL of the original website appended to it. Cool, and utterly annoying, and how do I make that stop? Tynt Insight is a piece of Javascript that sends what you copy to Tynt's webservers and adds the backlinks. Tynt calls that a service for the site owner, many people call that a privacy invasion. Worse, there are some reports that it sends not just what you copy, but everything you select. And Tynt provides no opt outs. Not cookie-based, not IP-based, but stop-it-you-creeps-angry-phone-call-based. It ain't a pure useful service, and it ain't a pure privacy invasion. But I sure wish they'd go away or have had the decency never to start up in the first place. I block it on Firefox with Ghostery."



Something for my Intro to Computer Security class. (The students love tricks like these.)

http://www.makeuseof.com/tag/four-funny-ways-to-prank-your-parents-with-the-family-computer/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Makeuseof+%28MakeUseOf.com%29

Four Funny Ways To Prank Your Parents With The Family Computer

By Justin Pot on Jan. 14th, 2010


(Related)

http://www.img4me.com/

IMG4Me

IMG4Me is an online tool to protect your private information from collected by crawlers by converting your text into image.



Monitizing my lecture notes?

http://news.cnet.com/8301-1023_3-10435753-93.html?part=rss&subj=news&tag=2547-1_3-0-20

Amazon expands Kindle self-publishing worldwide

by Lance Whitney January 15, 2010 7:16 AM PST

Authors worldwide can now self-publish Kindle versions of their books, Amazon.com said Friday.

Amazon also said that its Digital Text Platform will now support books written in German and French.

The self-publishing platform, which allows writers to upload electronic versions of their books to Amazon's e-book reader store, was previously limited to English and to authors based in the United States.

In an effort to expand global readership, Amazon said support for additional languages is expected to come over the next few months.

The Digital Text Platform enables writers to publish without the middleman (i.e. a book publisher) by uploading PDF, text, Word, or HTML versions of their books. Authors can set their own prices and in return grab 35 percent of sales.

Thursday, January 14, 2010

Today's theme seems to be examples of the Blanche DuBois theory of Computer Security, “I have always depended on the kindness of strangers.” Did no one on the Board of Directors every ask about Security? About compliance to the law? About anything?



I suspect that politically ambitious AGs (that's all of them, right?) will find that these cases are like shooting fish in a barrel. Big numbers (of both victims and dollars), protect the citizens of my state, clear evidence of failure on the part of the health care provider, etc.

http://www.databreaches.net/?p=9426

CT Sues Health Net For Massive Security Breach (updated)

January 13, 2010 by admin Filed under Breach Incidents, Healthcare Sector, Of Note, U.S.

Leave a Comment

Attorney General Richard Blumenthal today sued Health Net of Connecticut, Inc. for failing to secure private patient medical records and financial information involving 446,000 Connecticut enrollees and promptly notify consumers endangered by the security breach.

Blumenthal is also seeking a court order blocking Health Net from continued violations of HIPAA [Thar is both repetitious and redundant. Bob] (Health Insurance Portability and Accountability Act) by requiring that any protected health information contained on a portable electronic device be encrypted.

This case marks the first action by a state attorney general involving violations of HIPAA since the Health Information Technology for Economic and Clinical Health Act (HITECH) authorized state attorneys general to enforce HIPAA.

“Sadly, this lawsuit is historic — involving an unparalleled health care privacy breach and an unprecedented state enforcement of HIPAA,” Blumenthal said. “Protected private medical records and financial information on almost a half million Health Net enrollees in Connecticut were exposed for at least six months — most likely by thieves — before Health Net notified appropriate authorities and consumers.

… On or about May 14, 2009, Health Net learned that a portable computer disk drive disappeared from the company’s Shelton office. The disk contained protected health information, social security numbers, and bank account numbers for approximately 446,000 past and present Connecticut enrollees.

Blumenthal alleges that Health Net failed to promptly notify his office or other Connecticut authorities of this missing protected health and other personal and private information.

The missing information included 27.7 million scanned pages of over 120 different types of documents, including insurance claim forms, membership forms, appeals and grievances, correspondence and medical records.

Update: see Health Net’s statement here.


(Related) Could you ask for a closer parallel to the case of the “T. J. Hooper?” (I only know the facts in about 6 cases, so you should be impressed when I find a match.)

http://it.slashdot.org/story/10/01/14/0350216/Only-27-of-Organizations-Use-Encryption?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Only 27% of Organizations Use Encryption

Posted by samzenpus on Thursday January 14, @03:31AM from the here's-all-my-data dept.

An anonymous reader writes

st year have more remote users connecting to the corporate network from home or when traveling, compared to 2008. The clear majority (77%) of businesses have up to a quarter of their total workforce consisting of regular remote users. Yet, regardless of the growth in remote users, just 27% of respondents say their companies currently use hard disk encryption to protect sensitive data on corporate endpoints. In addition, only 9% of businesses surveyed use encryption for removable storage devices, such as USB flash drives. A more mobile workforce carrying large amounts of data on portable devices leaves confidential corporate data vulnerable to loss, theft and interception."


Q: What happens when you don't follow “Best Practices?” A: This.

http://www.databreaches.net/?p=9431

FINRA notifies Lincoln National of security vulnerability

January 13, 2010 by admin Filed under Financial Sector, Of Note, Other

A vulnerability in the portfolio information system for broker-dealer subsidiaries of Lincoln National Corporation potentially exposed the records of 1,200,000 people, 18,900 of whom are New Hampshire residents.

By letter dated January 4, attorneys for Lincoln Financial Securities Corporation and Lincoln Financial Advisors notified the New Hampshire Attorney General’s Office that although an outside forensic review found no reason to believe that client data were actually accessed or misused, information such as names, addresses, Social Security numbers, account numbers, account registration, transaction details, account balances, and in some cases, dates of birth and email addresses had been potentially exposed. The affected system is not used to transfer funds or effect trades.

Lincoln first became aware of the problem on August 17, when it was notified by FINRA, the Financial Industry Regulatory Agency, that someone had contacted them with a username/password combination that gave access to the portfolio information system. The user/pass had reportedly been shared among various employees of LFS and employees of affiliated companies, in violation of LNC’s policies. FINRA declined to inform LNC as to whether the provider of the user/pass was a current employee, but when FINRA investigated, they discovered that LFA was also using a shared user/pass.

LNC’s investigation subsequently determined that there were six shared user/password combinations, going back as early as 2002.



Is there a class in the PR curriculum that teaches these people to “low ball” their estimates in the first press releases with the assumption that doubling and tripling the numbers later won't be noticed?

http://www.phiprivacy.net/?p=1829

(follow-up) Stolen Tenn. BlueCross hard drives affect at least 220,000

By Dissent, January 13, 2010 8:00 pm

The Associated Press reports that BCBS in Chattanooga now says that 220,000 members had personal information on the hard drives reported stolen in October, but that the number could go up to 500,000.

In other words, they still don’t know who had what on the stolen hard drives. By today’s standards, it’s taking them too long to sort this out, even if, as they claim, there’s no evidence that the data have been misused (yet). The statement on their site says:

In October 2009, 57 hard drives containing audio and video files related to coordination of care and eligibility telephone calls from providers and members were stolen from a leased facility in Chattanooga that formerly housed a BlueCross BlueShield of Tennessee call center. The video files were images from computer screens of BlueCross customer service representatives and the audio files were recorded phone conversations from January 1, 2007 to October 2, 2009.

The files contained BlueCross members’ personal data and protected health information that was encoded but not encrypted, including:

* Members’ names and BlueCross ID numbers

* In some recordings – but not all – diagnostic information, date of birth and/or a Social Security number

BlueCross immediately investigated the theft and continues to work closely with local and federal authorities in their investigation of this crime. In addition, BlueCross hired Kroll, a global leader in security services, to conduct an independent assessment of its system-wide security and has taken several actions to strengthen these protocols.



Reads like a list of proposed topics for the Privacy Foundation. (Hint, hint)

http://www.eff.org/deeplinks/2010/01/trends-2010

12 Trends to Watch in 2010

Deeplink by Tim Jones January 13th, 2010


(Related) Potential speakers

http://www.pogowasright.org/?p=6950

The Year in Privacy Books 2009

January 14, 2010 by Dissent Filed under Other

Daniel Solove has posted a list of six notable books published in 2009 that you might want to know about, here.



What were they worried about? Would their force seem excessive in preventing “suicide by overdose?” Were they ever charged? Was there even a complaint?

http://www.pogowasright.org/?p=6936

Police fight cellphone recordings

January 13, 2010 by Dissent Filed under Court, Featured Headlines, Surveillance, U.S.

Daniel Rowinski reports:

Simon Glik, a lawyer, was walking down Tremont Street in Boston when he saw three police officers struggling to extract a plastic bag from a teenager’s mouth. Thinking their force seemed excessive for a drug arrest, Glik pulled out his cellphone and began recording.

Within minutes, Glik said, he was in handcuffs.

“One of the officers asked me whether my phone had audio recording capabilities,’’ Glik, 33, said recently of the incident, which took place in October 2007. Glik acknowledged that it did, and then, he said, “my phone was seized, and I was arrested.’’

The charge? Illegal electronic surveillance.

[...]

In 1968, Massachusetts became a “two-party’’ consent state, one of 12 currently in the country. Two-party consent means that all parties to a conversation must agree to be recorded on a telephone or other audio device; [video only would be Okay? Bob] otherwise, the recording of conversation is illegal. The law, intended to protect the privacy rights of individuals, appears to have been triggered by a series of high-profile cases involving private detectives who were recording people without their consent.

In arresting people such as Glik and Surmacz, police are saying that they have not consented to being recorded, that their privacy rights have therefore been violated, and that the citizen action was criminal.

“The statute has been misconstrued by Boston police,’’ said June Jensen, the lawyer who represented Glik and succeeded in getting his charges dismissed. The law, she said, does not prohibit public recording of anyone. “You could go to the Boston Common and snap pictures and record if you want; you can do that.’’

Read more in The Boston Globe.



Update on the Sino-Google war. (This may be a much bigger story than I thought.)

http://yro.slashdot.org/story/10/01/14/1321218/China-Emphasizes-Laws-As-Google-Defies-Censorship?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

China Emphasizes Laws As Google Defies Censorship

Posted by CmdrTaco on Thursday January 14, @08:40AM from the going-to-war dept.

Lomegor writes

"Chinese Foreign Ministry spokeswoman Jiang Yu said on Thursday that all companies are welcome to operate in China but that they must do so under local laws. Although not explicitly, this is in some way a response to Google's threat to leave the country. China also stated that they have strict cyber laws and that they forbid any kind of 'hacking attack'; when asked if those laws apply to the government as well it was quickly avoided. 'It is still hard to say whether Google will quit China or not. Nobody knows,' the official in the State Council Information Office was quoted as saying."

I sure would love to be a fly on the wall of these discussions. We certainly live in interesting times.


(Related)

http://it.slashdot.org/story/10/01/13/2150245/Gmail-Moves-To-HTTPS-By-Default?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Gmail Moves To HTTPS By Default

Posted by timothy on Wednesday January 13, @05:34PM from the you-mean-I-gotta-log-in-again? dept.

clone53421 writes

"Although Gmail has long supported HTTPS as an option, Gmail announced their decision yesterday to switch everyone to HTTPS by default: ' We initially left the choice of using it up to you because there's a downside: https can make your mail slower since encrypted data doesn't travel across the web as quickly as unencrypted data. [The protocol is slightly slower as it is encrypting on the fly. You can send an encrypted message via insecure (HTTP) protocols. That is slower only if encryption adds volume. Bob] Over the last few months, we've been researching the security/latency tradeoff and decided that turning https on for everyone was the right thing to do.' I wonder if this has anything to do with the reports of Chinese users having their accounts hacked? 'Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves,' said David Drummond in that blog update. That does sound like it perhaps could be a result of insecure HTTP traffic being intercepted in transit between the users and Gmail's servers."


(Related) but unlikely.

http://blogs.computerworld.com/15401/microsoft_should_follow_google_and_drop_censorship_in_china

January 13, 2010 - 11:08 A.M.

Microsoft should follow Google and drop censorship in China


(Related) It is unlikely to rise to the level of standing in front of tanks, but something is happening.

http://www.latimes.com/business/la-fi-china-google-2010jan14,0,3880471.story

Chinese Internet users praise Google's threat to exit

By David Pierson Barbara Demick January 13, 2010 | 8:39 a.m.

Reporting from Beijing - Bouquets of flowers were laid in front of Google Inc.'s headquarters in China today, a show of support for a company whose threat to exit China rather than tolerate more censorship is a dramatic shot across the bow of the Chinese Communist Party.



Here's one I really want to follow...

http://www.pogowasright.org/?p=6943

Have You Been Subjected to Suspicionless Laptop Search or Seizure at the Border?

January 14, 2010 by Dissent Filed under Court, Surveillance

Jennifer Granick of EFF writes:

… the National Association of Criminal Defense Lawyers is seeking potential plaintiffs for a lawsuit challenging suspicionless laptop searches. As a first step in this effort, NACDL is seeking to identify defense lawyers who have had their laptops searched at the border and are willing to serve as individual plaintiffs. In order to demonstrate the effect of this policy on members of the criminal defense bar and to support the constitutional challenge, NACDL plans to assemble a group of individual plaintiffs who will develop affidavits describing the harm they suffer by having their electronic information exposed to government officials.

Read more on EFF.



Don't all the 'phone companies do this?

http://arstechnica.com/tech-policy/news/2010/01/lawsuits-claim-att-collects-illegal-taxes-on-internet-access.ars

Lawsuits: AT&T collects illegal taxes on Internet access

Over the last month, a series of federal lawsuits around the country have charged AT&T with illegally collecting "taxes" on wireless data plans. The suits, which all seek class action status, say that there are no such taxes.

By Nate Anderson Last updated January 12, 2010 7:52 PM



Another fun case to watch. (and another industry very low on my list of favorites.)

http://arstechnica.com/tech-policy/news/2010/01/digital-music-prices-are-they-illegally-fixed.ars

Digital music prices: are they illegally fixed?

A federal lawsuit against the major music labels calls them a cartel which has banded together illegally to fix the prices of digital music. A New York appeals court has ruled the case can proceed.

By Nate Anderson Last updated January 13, 2010 9:29 PM



Technology alert. The porn industry is an early adopter of technologies. They may be a bit reluctant here, since someone could get hurt if certain anatomical bits start popping out of the screen.

http://hardware.slashdot.org/story/10/01/13/2130205/Porn-Industry-Tiptoes-Into-3D-Video?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Porn Industry Tiptoes Into 3D Video

Posted by timothy on Wednesday January 13, @04:43PM from the been-there-seen-that dept.

itwbennett writes

"The 3D porn experience is coming (eventually) to a home theater near you. Most adult filmmakers are moving slowly toward 3D video because of higher production cost, the small number of 3D TVs in the home, and, of course, the glasses. Rob Smith, director of operations at Hustler Video Group says he hopes that market penetration of 3D TVs in the home is high enough that 'by the fourth quarter of this year it will be at the point where we can justify doing a 3D product.' The average adult movie costs around $25,000 to $40,000 to make, and 3D movies cost about 30% more, [First estimate I've seen. Bob] says Ali Joone, founder of Digital Playground. But Joone thinks the biggest hurdle for 3D isn't so much the cost as the glasses: people don't want to be encumbered by eyewear when viewing a film, says Joone."



Free is good. (Yes, I'm cheap. What's your point?)

http://www.makeuseof.com/tag/the-freebie-hunters-toolkit/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Makeuseof+%28MakeUseOf.com%29

The Freebie Hunter’s Toolkit

By Ann Smarty on Jan. 13th, 2010



This is full of all that politically correct, green is good stuff. I still think it has some value for my students.

http://www.commutesolutions.org/calc.htm

True Cost of Driving

When considering the cost of driving, most people think only about how much they pay for gas. Drivers also pay to buy and maintain a car, including tune-ups, oil and tires, as well as for insurance, registration, and parking.

Wednesday, January 13, 2010

Like Willie Sutton, they go “where the money is.”

http://www.databreaches.net/?p=9415

Health care: A ‘goldmine’ for fraudsters

January 13, 2010 by admin

Filed under Commentaries and Analyses, Healthcare Sector, Of Note, U.S.

Parija Kavilanz reports:

There’s a group of people who really love the U.S. health care system — the fraudsters, scammers and organized criminal gangs who are bilking the system of as much as $100 billion a year.

Health care identity theft dominated all other crimes in the sector last year, according to Louis Saccoccio, executive director of the National Health Care Anti-Fraud Association (NHCAA), an advocacy group whose members include insurers, law enforcement and regulatory agencies.

The most common method of health care identity fraud occurs when someone with legitimate access, such as a hospital administrator or a doctor’s assistant, sells patients’ information to organized criminal groups.

Increasingly, criminal groups are hacking into digital medical records so that they can steal money from the $450 billion, 44-million-beneficiary Medicare system — making the government, by far, the “single biggest victim” of health care fraud, according to Rob Montemorra, chief of the FBI’s Health Care Fraud Unit.

Read more on CNN.



Is this an attack sponsored by China (exercising their army's Hacking Division) or “merely” some very sophisticated hackers who happen to use Chinese websites?

http://www.wired.com/threatlevel/2010/01/google-hack-attack/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Google Hackers Targeted Source Code of More Than 30 Companies

By Kim Zetter January 13, 2010 2:28 am

A hack attack that targeted Google in December also hit 33 other companies, including financial institutions and defense contractors, and was aimed at stealing source code [What source code would be shared by 33 different companies? Bob] from the companies, say security researchers at iDefense.

The hackers used a zero-day vulnerability in Adobe Reader to deliver malware to the companies and were in many cases successful at siphoning the source code they sought, according to a statement distributed Tuesday by iDefense, a division of VeriSign. The attack was similar to an attack that targeted other companies last July, the company said.

… Adobe acknowledged on Tuesday in a blog post that it discovered Jan. 2 that it had been the target of a “sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies.”

The company didn’t say whether it was a victim of the same attack that struck Google. But Adobe’s announcement came just minutes after Google revealed that it had been the victim of a “highly sophisticated” hack attack originating in China in December.

Neither Google nor Adobe provided details about how the hacks occurred. Google said only that the hackers were able to steal unspecified intellectual property from it and had focused their attack on obtaining access to the Gmail accounts of human rights activists who were involved in China rights issues. [Sounds more government than criminal. Bob]



(Related) Is this the corporate equivalent of war? Google shut off the AP in December (see yesterday's Blog) so perhaps they are just tired of dealing with all the posturing.

http://www.bespacific.com/mt/archives/023242.html

January 12, 2010

Google Announces "A new approach to China"

Official Google Blog:

  • "In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident--albeit a significant one--was something quite different... We launched Google.cn in January 2006 in the belief that the benefits of increased access to information for people in China and a more open Internet outweighed our discomfort in agreeing to censor some results. At the time we made clear that "we will carefully monitor conditions in China, including new laws and other restrictions on our services. If we determine that we are unable to achieve the objectives outlined we will not hesitate to reconsider our approach to China." These attacks and the surveillance they have uncovered--combined with the attempts over the past year to further limit free speech on the web--have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China."


(Related) Or perhaps just coincidence?

http://yro.slashdot.org/story/10/01/12/204231/Twitter-Hackers-Take-Down-Baidu?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Twitter Hackers Take Down Baidu

Posted by kdawson on Tuesday January 12, @04:51PM from the thought-they-were-friends dept.

snydeq writes

"The group that took down Twitter last month has apparently claimed another victim: China's largest search engine Baidu.com. Offline late Monday, Baidu.com at one point displayed an image saying 'This site has been hacked by Iranian Cyber Army,' according to a report in the official newspaper of the Chinese Communist Party and other Web sites. The Iranian Cyber Army first gained notoriety with its Dec. 18 Twitter attack. Baidu's domain name records were the focus of the hack. On Monday, the company was using domain name servers belonging to HostGator, a Florida ISP, instead of the Baidu.com nameservers the company normally uses."



Towards ubiquitous surveillance (If Mom can do this, what can Big Brother do?)

http://news.cnet.com/8301-19518_3-10433539-238.html?part=rss&subj=news&tag=2547-1_3-0-20

CES: Is Taser's phone-monitoring product overparenting?

by Larry Magid January 12, 2010 4:27 PM PST

Taser International, the company that makes Taser guns to help law enforcement subdue unruly suspects, now has a product aimed at children. At CES, the company announced the Protector Family Safety Program--a series of products designed to help parents monitor and control what their kids are doing with their phones.

Lets parents listen in

Protector goes further than most parental control products in that it doesn't just provide a summary of activity--such as the incoming and outgoing numbers of people the kids call or text--but allows parents to listen to actual calls and read text messages. [...and if the little darlings say something completely unacceptable, like: “Let's join the Young Republicans,” Mom or Dad can hit them with 50,000 volts! Bob]



Facts? Opinions? At least they asked the consumers.

http://www.pogowasright.org/?p=6931

Consumer protection agencies need privacy definitions (commentary)

January 12, 2010 by Dissent Filed under Businesses, Internet, Legislation

Ari Schwartz of CDT writes:

Internet privacy continues to be a major concern among Americans. In a recent study, the Annenberg School found that 69 percent of American adults feel there should be a law that gives people the right to know everything that a website knows about them; 92 percent of those surveyed believe there should be a law that requires “websites and advertising companies to delete all stored information about an individual,” if requested to do so; and 35 percent of the respondents believe that officials of companies that break these laws should serve jail time. These strong responses suggest that there is pent-up anger about the lack of transparency, control and respect for the use of personal information.

Therefore, it is surprising that in his recent op-ed on The Hill website (“Protecting consumer privacy online,” Jan. 11) the president of the Interactive Advertising Bureau, Randall Rothenberg, would not only continue to suggest that industry is adequately addressing all privacy concerns, but also would cite a report calling for greater law enforcement action in doing so.

Read more on The Hill.


(Related) Semantics or politics (either way, I got the tics...)

http://www.pogowasright.org/?p=6920

F.T.C.: Has Internet Gone Beyond Privacy Policies?

January 12, 2010 by Dissent Filed under Govt, Internet

Stephanie Clifford writes:

Two top Federal Trade Commission officials questioned whether the Internet had evolved past privacy policies, at a meeting with editors and reporters of The New York Times today.

The chairman of the F.T.C., Jon Leibowitz, and David Vladeck, chief of the commission’s Bureau of Consumer Protection, stopped by for an on-the-record chat about online privacy and the news business, among other topics. Mr. Leibowitz was appointed chairman in 2009 after five years at the commission, while Mr. Vladeck is a relatively new arrival to the F.T.C.

[...]

“Philosophically, we wonder if we’re moving to a post-disclosure era and what that would look like,” Mr. Vladeck said. “What’s the substitute for it?”

He said the commission was still looking into the issue, but it hoped to have an answer by June or July, when it plans to publish a report on the subject.

Read more in The New York Times.

[From the article:

Both have signaled to Internet publishers and advertisers that they expect the commission to take a more active role in safeguarding consumer privacy, a subject they discussed on Monday.

… For example, if a Web site asks people to agree to a transaction and to let their data be sold in one form. “I don’t necessarily think that’s fair,” Mr. Vladeck said. [“Fair” is a codeword. It means “the liberals are coming!” Bob]



For my students. Forward to any Facebookers you know.

http://www.makeuseof.com/tag/8-steps-to-regain-control-of-your-facebook-privacy-part-1/

8 Steps To Regain Control Of Your Facebook Privacy

By Mahendra Palsule on Jan. 12th, 2010

In this Part 1, we will cover 8 steps to reset Facebook privacy settings – covering privacy in the context of search visibility, photos and videos, relationships and contact information.

… In the upcoming Part 2 of this guide, we will cover steps you can take to reset Facebook privacy settings in the context of applications, friends, news feed, wall posts, groups, ads, and quitting Facebook. Have questions or other tips to share?



The opposite of blocking?

http://about.digg.com/node/499

Two Major News Outlets Integrate with Digg

by Bob Buch on January 10, 2010 - 12:00am

In your travels across the web, you may have noticed little “Digg This” buttons out there on various publisher or news sites. Some sites also have Digg widgets that display their top stories as ranked by Digg. Two of the most recent publishers to add these types of integrations are CBS News and WSJ.com - who this week added the Digg widget to all their blogs (the ones that do not require a subscription to view).

You can check out the CBS integration here and the WSJ integration here.



“Clearly you don't understand Napoleonic Law, you miserable blogger, you.”

http://torrentfreak.com/french-3-strikes-group-unveils-copyright-infringing-logo-100112/

French 3 Strikes Group Unveils Copyright Infringing Logo

Written by enigmax on January 12, 2010

Hadopi, the French agency charged with handling file-sharers’ copyright digressions, has just made a huge infringement faux pas of its own. Last week the group unveiled the logo which is set to represent this bastion of copyright righteousness, but embarrassingly it was designed with unlicensed fonts.



The supermarket tabloids make money, why can't Wikileaks?

http://yro.slashdot.org/story/10/01/13/0130254/The-Economy-of-Wikileaks?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

The Economy of Wikileaks

Posted by kdawson on Tuesday January 12, @09:42PM from the greater-good dept.

StefanBerlin writes

"Wikileaks is fast becoming one of the most politically important platforms on the Web. In this interview Julian Assange, the spokesperson, talks about its current situation and about the financial and economic background of Wikileaks. He also talks about why they cancelled the planned auction of the emails of Hugo Chavez's former speechwriter in Venezuela, and about Wikileaks' plans for a subscription model that could possibly solve the site's financial problems once and for all."



Lazy is good. Note: This won't work for Archival Blogs like mine. 140 characters, remember?

http://www.killerstartups.com/Web-App-Tools/twitterlive-net-feeding-your-blog-to-twitter-easily

Twitterlive.net - Feeding Your Blog To Twitter Easily

http://www.twitterlive.net/

The aim of this website is a straightforward one: it will let you take your blog’s feed and have the content published to Twitter automatically. As any blogger worth his salt knows, Twitter is where it’s at when it comes to promoting what he does on the blogosphere.