Saturday, February 13, 2010

Interesting graphic of 'first mover' applications. The more “outside focused” the application, the more likely to move to the cloud?

http://news.cnet.com/8301-13846_3-10453066-62.html?part=rss&subj=news&tag=2547-1_3-0-20

Goldman Sachs: Shift toward cloud unstoppable

by Dave Rosenberg February 12, 2010 3:25 PM PST

The latest technology software report ["Techtonics: Unstoppable shift to SaaS continues." Bob] from investment bank Goldman Sachs confirms what IT industry analysts have been seeing as an unstoppable shift toward on-demand IT services and what we now consider to be cloud applications, especially among small businesses.

According the report, e-mailed to subscribers this week, the macroeconomic downturn has likely accelerated software-as-a-service, or cloud, adoption, as customers are forced to look for lower-cost solutions to mission-critical business problems.

… Terminology remains a bit confusing, as marketers take hold of the cloud, and vendors mix and match the terminology at will. Most analysts and marketers have dropped the SaaS term altogether, instead using the cloud as a descriptor for pretty much anything that doesn't live within a corporate firewall.



Don't worry citizen, we won't know it's you browsing those child porn sites. (Get the cuffs ready, Danno.) Perhaps a non-government (a la Pirate Bay?) site would work?

http://www.pogowasright.org/?p=7761

CZ: Ministry’s web monitoring tool off to rocky start

February 12, 2010 by Dissent

Christian Falvey reports:

The ministry’s has just unveiled a tool for internet users to report illegal material on the internet. In the four days it has been in operation though, the Red Button, as it’s called, may itself have come afoul of the law, reporting also its users’ personal data. Christian Falvey reports.

The Human Rights Ministry’s Red Button is not apparently lacking in popularity; it has been downloaded 5,000 times since it was released for a public trial period on Tuesday. The idea is, you come across something worrisome on the internet – child pornography or extremism for example – you anonymously push the button on your browser, and the police are notified and check it out. What happened in practice though was that the button was sending not only the site in question but your recent browsing history as well, it was going not to the police but to a private company which checked it for the police, and it was not entirely anonymous, as Hana Štěpánková of the Office for the Protection of Personal Data told me earlier today:

“The office has received complaints suspecting a violation of the Act on the Protection of Personal Data, and it also received a request from the provider for consultation. We will deal will all of these and make an inspection if there is a serious breach of the law. We cannot make any conclusions before that. What we can say outright is the provider is wrong in claiming that an Internet Protocol, or IP, address, is not personal data. Under certain circumstances an IP address does indeed constitute personal data.”

Read more on Radio Prague.



For my Computer Security class.

http://www.atthebreach.com/blog/the-insider-threat/

The Insider Threat

nsiders pose a huge threat to organizations. Kevin Prince, CTO of Perimeter E-Security has written a white paper on what the real threat is to companies by their employees. The article can be found at http://www.perimeterusa.com/public/files/Protecting-Your-Organization-from-Insider-Threat-WP.pdf



Tools & Techniques Forensics

http://yro.slashdot.org/story/10/02/12/1553221/Mining-EXIF-Data-From-Camera-Phones?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Mining EXIF Data From Camera Phones

Posted by kdawson on Friday February 12, @01:11PM

emeitner notes that folks at the Internet Storm Center wrote scripts that harvested 15,291 images from Twitpic and analyzed the EXIF information. This reader adds, "While mining EXIF data from images is nothing new, how many people would allow this data to leave their cell phone if they knew what it contained? The source code for the scripts is also available from the article."

"399 images included the location of the camera at the time the image was taken, and 102 images included the name of the photographer. ... The iPhone is including the most EXIF information among the images we found. ... It not only includes the phone's location, but also accelerometer data showing if the phone was moved at the time the picture was taken and the readout from the [built-]in compass showing in which direction the phone was pointed at the time."



'cause every citizen should have their own copy of the US Budget. (I think that was back when you could keep the fireplace blazing all winter with just one copy.)

http://www.bespacific.com/mt/archives/023497.html

February 12, 2010

Amazon Providing Free Gov Docs for Kindle

News release: "Amazon.com today announced that the Budget of the United States Government, Fiscal Year 2011, and Economic Report of the President, will both be available beginning tomorrow as free wireless downloads in Amazon's Kindle Store... "Our customers have always been heavy readers of books about current events and economic issues," said Russ Grandinetti, Vice President, Kindle Content. "Now they can download these important public government documents in under 60 seconds and read them in the easy and portable format that Kindle affords." These important documents can be read and synched between Kindle, Kindle DX, iPhones, iPod touches, PCs and soon, Mac computers and BlackBerry smartphones."



A useful website adds a useful new feature.

http://www.makeuseof.com/tag/5-questions-makeuseof-answers/

The 5 Best Questions From You [MakeUseOf Answers]

By Tina on Feb. 12th, 2010

It has only been about a week since we launched MakeUseOf Answers, our very own Q&A site.

At this point we have published over 200 questions and at least twice the amount of answers. Looks like MakeUseOf Answers is just what you have been looking for!

So let’s look at some of the more interesting questions so far.

  1. What are good backup programs?

  2. Can I search mails in GMail by size?

  3. How can I install a second operating system on a second hard drive?

  4. Do I have to worry about viruses and such on the iPhone?

  5. How can I find out why my computer slows down?



If true, the drivers may pay for these themselves...

http://news.slashdot.org/story/10/02/13/1317249/The-Wi-Fi-On-the-Bus?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

The Wi-Fi On the Bus

Posted by kdawson on Saturday February 13, @08:57AM

theodp writes

"For students who endure hundreds of hours on a school bus each year in a desert exurb of Tucson, the Wi-Fi on the bus improves the ride. Last fall, school officials mounted a $200 mobile Internet router from Autonet Mobile to bus No. 92's sheet-metal frame, enabling students to surf the Web. What began as a hi-tech experiment has had an unexpected result — Wi-Fi has transformed the formerly boisterous bus rides into a rolling study hall, and behavioral problems have virtually disappeared. 'Boys aren't hitting each other, girls are busy, and there's not so much jumping around,' said J. J. Johnson, the Internet Bus driver."



I know what I'm getting my niece for her birthday!

http://news.cnet.com/8301-13577_3-10452821-36.html?part=rss&subj=news&tag=2547-1_3-0-20

That 'P' in PHP stands for 'pink': It's Nerd Barbie!



Will politicians require Twitter to expand beyond 140 characters when they want to tweet about the budget?

http://mashable.com/2010/02/12/president-obama-wants-you-to-twitter-for-him/

President Obama Wants YOU… to Twitter for Him

February 12, 2010 by Brenna Ehrlich

… According to President Obama’s website, The Democratic National Committee and Organizing for America is in the market for a new hire. According to the Wall Street Journal, Mia Cambronero, who currently holds the position, said, “[I] will be stepping down from my infamous role as ‘Barack Obama’s twitterer… We’re looking for someone who is available to start immediately.”

Friday, February 12, 2010

Even customers can recognize inadequate security (ans sue you) so why should you be surprised when 'professional hackers' can find the flaws in your defense?

http://www.databreaches.net/?p=9973

Customer Sues Bank After Phishing Attack

February 11, 2010 by admin

Linda McClasson reports:

A Michigan-based metal supply company is suing Comerica Bank, claiming that the bank exposed its customers to phishing attacks.

A lawsuit filed by Experi-Metal Inc. (EMI) in Sterling Heights, MI alleges that Dallas-based Comerica opened its customers to phishing attacks by sending emails asking customers to click on a link to update the bank’s security software. EMI says even though the bank had two-factor authentication using digital certificates for its online banking portal, the phishing scam was able to circumvent these measures.

EMI contends that Comerica’s actions opened its online bank account to a successful phishing attack where more than $550,000 was stolen from the company’s bank accounts and sent overseas.

News of this suit comes days after news of another Dallas-based bank, PlainsCapital Bank, suing one of its customers in a dispute over a similar hack.

EMI is but one of many companies across the U.S. being targeted by hackers in this fashion.

Read more on BankInfoSecurity.


(Related) Beware any assertion of “Totally Secure!” “They ain't no sech thing!” (But it is enough to deny liability until someone catches on...)

http://news.slashdot.org/story/10/02/11/2129212/European-Credit-and-Debit-Card-Security-Broken?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

European Credit and Debit Card Security Broken

Posted by timothy on Thursday February 11, @04:52PM

Jack Spine writes

"With nearly a billion users dependent on smart banking credit and debit cards, banks have refused liability for losses where an idenification number has been provided. But now, the process behind the majority of European credit and debit card transactions is fundamentally broken, according to researchers from Cambridge University. The researchers have demonstrated a man-in-the-middle attack which fooled a card reader into accepting a number of point-of-sale transactions, even though the cards were not properly authenticated. [Hacker axiom 14b: “If you can't defeat it, go around it.” Bob] The researchers used off-the-shelf components (PDF), and a laptop running a Python script, to undermine the two-factor authentication process on European credit and debit cards, which is called Chip and PIN."



I'm thinking that my Computer Security students should have to do this to pass my class. (Remember, NSA is looking for a few good hackers...) Is it really hacking if the security is so weak, even a caveman can “break in?”

http://www.databreaches.net/?p=9997

FL: District investigates computer security breach

February 12, 2010 by admin

The Associated Press reports:

The Broward County School District in South Florida is investigating whether students at several schools were able to change grades by hacking into computers.

The district said Thursday it had found “several security breaches” with school computer systems.

A district spokeswoman told the South Florida Sun-Sentinel officials aren’t sure how many schools or students may be involved. She declined to say which schools are being investigated.

Read more in the Miami Herald.

[From the article:

The investigation began after Broward Teachers Union officials received complaints about students breaking into the district's online system, getting access to teacher passwords and selling the information to other students. [In a secure system, the school district would be the first to notice this. Bob]



Significant? Possibly not.

http://www.pogowasright.org/?p=7740

Employee Misuse of Computer Access Ruled Not a Crime

February 12, 2010 by Dissent

Mary Pat Gallagher reports:

Using a password-accessed workplace computer in violation of company rules or policies may get you disciplined, but it’s not enough to be prosecuted in New Jersey, says a Mercer County judge in a published case of first impression.

Superior Court Judge Mitchel Ostrer threw out an indictment against Princeton Borough police sergeant Kenneth Riley, for viewing a digitally stored video of a January 2008 motor vehicle stop by other officers in his department.

Riley had a password allowing him to access videos of motor stops, but department policy only allowed him to view them for training purposes.

Read more about the case and legal analysis from the New Jersey Law Journal.



Seems to be a “hot topic” in Privacy circles this year.

http://www.pogowasright.org/?p=7738

Ca: Privacy Commissioner launches public consultations on privacy implications of cloud computing

February 12, 2010 by Dissent

.. Proponents of cloud computing say it gives business and private users free or low-cost access to powerful computer resources, without having to purchase these resources themselves.

Critics, however, warn about potential privacy risks. Users, for instance, could lose control over their personal information stored in a cloud, including where it may be stored, who has access to it, and how it may be used, retained or disclosed. Data, moreover, may be stored on computers located in different countries, where it is subject to local laws.



If you follow one person you're a “stalker” What do you call someone who follows many people?

http://www.pogowasright.org/?p=7758

Prosecutors: ESPN reporter Erin Andrews’ stalker taped 16 other women, ran background checks

February 12, 2010 by Dissent

The Associated Press reports that prosecutors claims that sportscaster Erin Andrew’s stalker also breached other individuals’ privacy:

The man who stalked ESPN reporter Erin Andrews and shot nude videos of her through a hotel room peephole videotaped 16 other women and ran background checks on 30 people, including female sports reporters and TV personalities, according to court documents.

A sentencing memo filed Monday in U.S. District Court in Los Angeles says Michael Barrett uploaded videos of 16 other women to an online account.

Barrett also allegedly conducted 30 Internet background checks that can produce birthdays and home addresses, the document said. The filing did not name the other alleged victims or say what information he obtained or how he may have used it.

Read more in the Hartford Courant.



Okay, here's a new argument for “privacy”

http://www.popsci.com/technology/article/2010-02/virginia-legislators-outlaw-microchips-implanted-against-persons-will

Virginia Legislators Outlaw Involuntary Implantation of Microchips

Concerns include privacy issues and preventing the apocalypse

By Jeremy Hsu Posted 02.10.2010 at 5:08 pm



Ultimate IP protection scheme? Microsoft recently won (suit was dropped) a case I reported earlier (http://www.pogowasright.org/?p=7686 ) Looks like they had even more “updates” waiting for a green light from their legal department.

http://yro.slashdot.org/story/10/02/11/1735210/Anti-Piracy-Windows-7-Update-Phones-Home-Quarterly?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Anti-Piracy Windows 7 Update Phones Home Quarterly

Posted by kdawson on Thursday February 11, @12:54PM

Lauren Weinstein sends in news of a major and disturbing Microsoft anti-piracy initiative called Windows Activation Technologies, or WAT. Here is Microsoft's blog post giving their perspective on what WAT is for. From Lauren's blog:

"The release of Windows 7 'Update for Microsoft Windows (KB71033)' will change the current activation and anti-piracy behavior of Windows 7 by triggering automatic 'phone home' operations over the Internet to Microsoft servers, typically for now at intervals of around 90 days. ... These automatic queries will repeatedly — apparently for as long as Windows is installed — validate your Windows 7 system against Microsoft's latest database of pirated system signatures (currently including more than 70 activation exploits known to Microsoft). If your system matches — again even if up to that time (which could be months or even years since you obtained the system) it had been declared to be genuine — then your system will be 'downgraded' to 'non-genuine' status until you take steps to obtain what Microsoft considers to be an authentic, validated, Windows 7 license. ... KB971033... is scheduled to deploy to the manual downloading 'Genuine Microsoft Software' site on February 16, and start pushing out automatically through the Windows Update environment on February 23. ... [F]or Microsoft to assert that they have the right to treat ordinary PC-using consumers in this manner — declaring their systems to be non-genuine and downgrading them at any time — is rather staggering."

Update: 02/12 02:08 GMT by KD : Corrected the Microsoft Knowledge Base number to include a leading 9 that had been omitted in the pre-announcement, per L. Weinstein.


(Related) How can an unsupported user tell the difference? If they can't get their own updates to work properly, what chance do users have? Another reason I dislike push updates.

http://tech.slashdot.org/story/10/02/11/2217239/Windows-Patch-Leaves-Many-XP-Users-With-Blue-Screens?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Windows Patch Leaves Many XP Users With Blue Screens

Posted by timothy on Thursday February 11, @05:38PM

CWmike writes

"Tuesday's security updates from Microsoft have crippled Windows XP PCs with the notorious Blue Screen of Death, users have reported on the company's support forum. Complaints began early yesterday, and gained momentum throughout the day. 'I updated 11 Windows XP updates today and restarted my PC like it asked me to,' said a user identified as 'tansenroy' who kicked off a growing support thread: 'From then on, Windows cannot restart again! It is stopping at the blue screen with the following message: 'A problem has been detected and Windows has been shutdown to prevent damage to your computer.' Others joined in with similar reports. Several users posted solutions, but the one laid out by 'maxyimus' was marked by a Microsoft support engineer as the way out of the perpetual blue screens."



More grants to create lists of “Best Practices” that companies can ignore.

http://www.wired.com/threatlevel/2010/02/facebook-denies-all-wrongdoing-in-beacon-data-breach/

Facebook Denies ‘All Wrongdoing’ in ‘Beacon’ Data Breach

By David Kravets February 11, 2010 5:20 pm

Facebook is denying it illegally breached the privacy of its users in a proposed $9.5 million settlement to a class action challenging its program that monitored and published what users of the social-networking site were buying or renting from Blockbuster, Overstock and other locations.

To settle allegations that the social networking site’s “Beacon” program breached federal wiretap and video-rental privacy laws, Facebook is agreeing to seed what the agreement is calling a “Digital Trust Fund” that would issue more than $6 million in grants to organizations to study privacy. Facebook would have a seat on the fund’s three-member board — a move raising some eyebrows in the privacy community.



Here's where the next Willie ShakeYourSpear will come from. I'm sure someone (Google?) has a txt-to-English translation program. (“2B or ain't 2B”)

http://gizmodo.com/5468836/texting-is-the-scourge-of-this-generation

Texting Is the Scourge Of This Generation

By John Herrman

Nielsen stats put the average teen's texting rate at about ten per hour during the day.

… somewhere over 3000 text per month, per teen, on average.

… Even if the average word length is very generous five characters (that's six, including a space), these kids are tapping out about 40,000 words of ephemeral nothingness every month, or roughly one Catcher in the Rye's worth of "WILL UR BRTHR BUY US SUM BEER?" and "R U REDDY 2 DO IT YET?" every two months.



Did you ever stop to consider that very few people ever contemplated this question before computers?

http://www.maximumpc.com/article/howtos/10_best_ways_use_your_pc_night_or_while_youre_office

10 Best Ways to Use Your PC While You're Sleeping or at Work

Posted 02/12/10 at 10:00:00 AM by Mark Edward Soper



Observation: It amazes me that so many people ask questions that I should have been asking, but it is reassuring to note that lots of others have found a solution that works for them. (see the comments)

http://ask.slashdot.org/story/10/02/11/1954225/Document-Management-For-Research-With-Annotation?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Document Management For Research With Annotation?

Posted by timothy on Thursday February 11, @03:04PM

msimm writes

"I'm currently looking for a document management system for personal and research-related use. Having looked at Alfresco and KnowledgeTree along with a slew of similar open source document management systems they seem to have a common set of features including version control, archiving, document permission/ownership and search/indexing. What I'd like, in order to help me manage my own continually growing collection of pdf/doc/odf/rtf/txt files, would be something that allowed me to view and annotate documents (and possibly collaborate/share notes) without requiring me to download, edit and re-upload each document. Obviously there are plenty of capable document management systems out there, so I really suspect I've simply missed something and am hoping someone can point me to a better way to index, search, collaborate and keep and share notes on the ever increasing glut of useful information I seem to use and collect."



For my students (website and digital design)

http://techcrunch.com/2010/02/11/aviary-free/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

Aviary Now Free As A Bird

by MG Siegler on Feb 11, 2010

Aviary is easily one of the best online image editors out there — maybe the best. But to take full advantage of all it offers, you had to pay for its full suite, which cost you $24.99 a year. Well, that is until now. Starting today, the full service is now available for free to all users.



For my website students (and the University?)

http://www.jobboardshq.com/

JobBoardsHQ



Now all we need to do is scale it up! Tomorrow pigeons in New York, eventually satellites and aircraft, then Klingon warbirds!

http://www.wired.com/epicenter/2010/02/death-star-laser-zaps-mosqitoes-dead/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

TED 2010: Death Star Laser Gun Zaps Mosquitoes Dead

By Kim Zetter February 11, 2010 9:41 pm

LONG BEACH, California — If Microsoft founder Bill Gates unleashes more mosquitoes at this year’s Technology, Entertainment and Design conference, Nathan Myhrvold will be ready for him.

Myhrvold demonstrated a “Death Star” laser gun designed to track and kill mosquitoes in flight. The device was crafted from parts purchased on eBay by scientists at Myhrvold’s Intellectual Ventures Laboratory.

… Myhrvold’s team demonstrated the system onstage using a green laser light rather than a real laser for safety reasons. They let loose mosquitoes in a glass box rigged with a camera on one side of the stage, then pointed the laser device at the box. The laser lights quickly located the mosquitoes in flight.

After the live demo, Myhrvold showed a video depicting mosquitoes being zapped for real in flight.

Thursday, February 11, 2010

There's a big difference between replacing a credit card and insuring against unauthorized bank transfers. (Class Actions are less likely?) I wonder if any of those “assurances” were in writing?

http://www.databreaches.net/?p=9955

Online Robbery: Hackers Steal $50,000. Bank Says ‘Tough Luck’

February 10, 2010 by admin

Kathy Kristof reports on a story that should make everyone who banks online think about whether they, too, are at risk:

…. Seven years ago, Fan Bao opened a checking account at Bank of America to facilitate his small import-export business called ZICO USA. When he needed to wire money, he or his wife, Cathy Huang, would walk a few blocks to Bank of America’s Highland Park, Calif., branch and execute the transfer in person.

But two summers ago, a BofA branch official urged Bao to do his banking online, assuring him that it was every bit as safe as banking in person. Only wires sent from Zico’s computer, accompanied by a downloaded security certificate, would be honored, he was told. Bao followed the bank’s security instructions to the letter, and accepted the bank’s assurances that his money was safe.

But last summer, two fraudulent drafts were sent through Bao’s account–one for $50,000 and another for $99,100. Both drafts were going to a bank in Croatia that Bao had never done business with. In fact, Bao had never before sent a wire transfer to anyone outside of Hong Kong or China.

[...]

Huang immediately denounced the charges as unauthorized and fraudulent. The bank was subsequently able to stop payment on the second draft for $99,100, but the other $50,000 already had been paid to the Croatian bank and the money had been withdrawn. When Bao asked for the money back, Bank of America told him the missing $50,000 wasn’t their problem.

Read more on Money Watch.



If nothing else, I may learn some useful new phrases... Don't recall a breach notice theough.

http://www.databreaches.net/?p=9968

Lawrence Welk Resort Furious with Visa

February 11, 2010 by admin

Elizabeth Banicki reports:

The Lawrence Welk Resort says a tech company disabled its computer security system, making 1,427 customers’ credit cards vulnerable to ID theft. Welk says it paid Micros Systems $100,000 for the botched job, to “ensure compliance with evolving Visa and other industry security standards,” and that Visa, for “no legitimate reason,” ordered banks to withhold $500,000 that should have gone to the resort.

The Welk Resort, a large housing development in North San Diego County, sued Visa and Micros Systems in Superior Court.

Read more about the lawsuit on Courthouse News. A copy of the lawsuit can be found here.

The lawsuit alleges that as a result of the manner in which MICROS disabled the the security, not only were customers’ credit cards vulnerable to ID theft, there were actual reports of a “limited number of unauthorized charges.” The complaint also provides a description of VISA’s operating rules, which the complaint describes as an

obfuscatory, convoluted and malleable set of Rules in order to provide itself with a legitimizing cloak for arbitrary actions intended to maximize the profits of VISA and its members to the detriment of merchants and the general public.

The complaint goes into a lot of detail about how VISA operates and the experience from the perspective of a merchant (and breached entity). Keeping in mind that a complaint is untried allegations, it still makes for interesting reading.



Opinions vary. Go figure...

http://www.databreaches.net/?p=9962

Credit card data security: Who’s responsible?

February 11, 2010 by admin

By Phil Lieberman, president & CEO, Lieberman Software, and Henry Helgeson, co-CEO, Merchant Warehouse, Network World

About a year ago security at Heartland Payment Systems Inc. was breached and information affecting more than 100 million credit cards stolen. Was it Heartland’s fault, or should the credit card companies shoulder more of the responsibility?

The experts:

Phil Lieberman, CEO of Lieberman Software, argues that Heartland met its legal obligations and the breach was not the company’s fault, but rather due to the lack of smart card technology that credit card issuers refuse to issue in the United States.

Henry Helgeson, CEO of Merchant Warehouse, argues that it’s the job of merchant account providers like his company (and Heartland), to take the security measures necessary to prevent breaches, but enhancing existing cards could help.

Read their point and counterpoint on Network World.



I thought China said they shut these guys down?

http://yro.slashdot.org/story/10/02/11/011257/Experts-Closing-In-On-Google-Attack-Coders?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Experts Closing In On Google Attack Coders

Posted by samzenpus on Wednesday February 10, @11:57PM

ancientribe writes

"The targeted attacks out of China that hit Google, Adobe, and other U.S. organizations are still ongoing and have affected many more companies than the original 20 to 30 reported. [What strategic goal is behind the underreporting of attacks? If I was the suspicious type, I might think the government wanted to avoid frightening/inciting the citizenry into demanding cyber war. Bob] Security experts now say they are getting closer to identifying the author or authors of the malware used to breach Google and other organizations."

[From the article:

Meanwhile, HBGary today released a free tool for downloading that scans and removes the Aurora malware from Windows machines. Hoglund calls it an "inoculation shot."



Speaking of Class Actions...

http://www.pogowasright.org/?p=7704

Facebook Hit With More Privacy Lawsuits In The Wake Of Changing Users’ Settings

February 10, 2010 by Dissent

Wendy Davis writes:

Facebook has been hit with two new potential class-action lawsuits stemming from recent revisions to its privacy settings.

The cases, filed in federal district court in San Jose, Calif. on behalf of nine Facebook users, allege that the new settings decreased users’ privacy and “resulted in wider access to personal information that users had included in their profiles,” according to court papers submitted on Wednesday by Facebook.

Late last year, Facebook sparked controversy by classifying a host of data as “publicly available information” — including users’ names, profile pictures, cities, networks, lists of friends and pages that people are fans of. Facebook also changed the default settings for many users to share-everything, spurring criticism that users who reviewed their settings quickly and accepted the defaults might inadvertently share more than they had intended.

[...]

The consumers in the most recent lawsuits allege that Facebook’s new settings violate California’s business code as well as their “right of publicity,” or right to control the commercial use of their images, according to Facebook’s papers.

Read more on MediaPost.

One of the cases is Silvestri v. Facebook, 5:10-cv-00429-JF. The other case is Markowitz v. Facebook, 5:10-cv-00430-JF. Both lawsuits were filed in January.


(Related) Might Google face the same problem?

http://www.pogowasright.org/?p=7708

WARNING: Google Buzz Has A Huge Privacy Flaw

February 10, 2010 by Dissent

Nicholas Carlson writes:

There is a huge privacy flaw in Google’s new Twitter/Facebook competitor, Google Buzz.

When you first go into Google Buzz, it automatically sets you up with followers and people to follow.

A Google spokesperson tells us these people are chosen based on whom the users emails and chats with most using Gmail.

That’s fine.

The problem is that — by default — the people you follow and the people that follow you are made public to anyone who looks at your profile.

Read more on Business Insider.


(Related) But then, maybe that is the “common business practice” for social networks.

http://www.pogowasright.org/?p=7702

Social networking sites failing to hide kids’ details, finds European Commission

February 10, 2010 by Dissent

The Commission analysed the policies of 22 social networking sites in a study aimed at finding out how well-protected under-18s were when using them as part of a campaign to urge young people to protect their information online.

It said that just 40% of the sites they examined had default settings which hid the personal information of minors from all but their friends and family. Just 11 of 22 sites examined stopped minors’ profiles being visible to search engines.

Read more on Out-Law.com



Completely innocent, I'm sure. Any country would want their own citizens, employed in their own country , running a service as important as the mail (even email).

http://yro.slashdot.org/story/10/02/10/2125242/Iran-Suspends-Googles-Email-Service?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Iran Suspends Google's Email Service

Posted by timothy on Wednesday February 10, @04:36PM

appl_iran writes

"Iran's telecommunications agency announced that it would be suspending Google's email services permanently, saying it would roll out its own national email service."

From the short WSJ article that is kernel of this Reuter's story: "An Iranian official said the measure was meant to boost local development of Internet technology and to build trust between people and the government." Funny way to go about that.



What goes on here? Huge bands of heavily armed Taliban terrorists roaming the cities and fields of England? They are fed up with their soccer hooligans? RIAA finally has the anti-piracy tool they always wanted?

http://hardware.slashdot.org/story/10/02/11/016239/Armed-Robot-Drones-To-Join-UK-Police-Force?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Armed Robot Drones To Join UK Police Force

Posted by samzenpus on Thursday February 11, @02:24AM

Lanxon writes

"British criminals should soon prepare to be shot at from unmanned airborne police robots. Last month it was revealed that modified military aircraft drones will carry out surveillance on everyone from British protesters and antisocial motorists to fly-tippers. But these drones could be armed with tasers, non-lethal projectiles and ultra-powerful disorienting strobe lighting apparatus, reports Wired. The flying robot fleet will range from miniature tactical craft such as the miniature AirRobot being tested by one police force, to BAE System's new 12m-wide armed HERTI drone as flown in Afghanistan."



The debate rages on and I'm sure each country is correct under their laws. Which should make International agreements interesting.

http://www.pogowasright.org/?p=7699

Norway court rejects industry bid to block The Pirate Bay


(Related)

http://yro.slashdot.org/story/10/02/10/1833230/Italian-Court-Rules-ISPs-Must-Block-Access-To-Pirate-Bay?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Italian Court Rules ISPs Must Block Access To Pirate Bay



Google has a way of noticing niche (or gaping) holes they can exploit to gain market share. Are they about to do to telecoms what they did to newspapers?

http://tech.slashdot.org/story/10/02/10/1712200/Googles-Experimental-Fiber-Network?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Google's Experimental Fiber Network

Posted by CmdrTaco on Wednesday February 10, @12:20PM

gmuslera writes

"Not enough speed from your ISP? Google seems to go into that market too. 'We're planning to build and test ultra high-speed broadband networks in a small number of trial locations across the United States. We'll deliver Internet speeds more than 100 times faster than what most Americans have access to today with 1 gigabit per second, fiber-to-the-home connections. We plan to offer service at a competitive price to at least 50,000 and potentially up to 500,000 people.' The goal isnt just to give ultra fast speed for some lucky ones, but to test under that conditions things like new generations of apps, and deployment techniques that take advantage of it."

If they need a test neighborhood, I'm sure mine would be willing. [Amen! Bob]



This list now includes a technology section.

http://www.bespacific.com/mt/archives/023476.html

February 10, 2010

The 2009 Global "Go-To Think Tanks"

The 2009 Global "Go-To Think Tanks", The Leading Public Policy Research Organizations In The World, Revised, January 31, 2010, James G. McGann, Ph.D. [Stuart Basefsky]

  • "The 2009 Global Go To Think Tank Rankings marks the fourth year edition of what has now become an annual report. The Think Tanks and Civil Societies Program at the International Relations Program, University of Pennsylvania has created a process for ranking think tanks around the world. It is the first comprehensive ranking of the world’s top think tanks, based on a worldwide survey of hundreds of scholars and experts. The think tank index has been described as the insider’s guide to the global marketplace of ideas. For this ambitious project, I have assembled a panel of close to 300 experts from around the world, across the political spectrum and from every discipline and sector to help nominate and select public policy research centers of excellence for 2009. The members of the Expert Panel were asked to nominate regional or global centers of excellence that they felt should be recognized for producing rigorous and relevant research, publications and programs in one or more substantive areas of research."



Thinking of “going Cloud?”

http://www.killerstartups.com/Web20/cloudxl-com-find-the-right-saas-provider-for-you

CloudXL.com - Find The Right SaaS Provider For You

http://www.cloudxl.com/

The way that software as a service and cloud computing have taken off implies that there are endless providers on the market, and the number increases by the minute. That couldn’t be avoided, and in the end those who have never hired the services of such companies before might be a bit at loss. How could they tell which companies are reputable from the ones that don’t make the cut, in a way that is fast and easy? Well, checking a site like CloudXL is a good way to start telling one from the other.

… Besides, you can always subscribe to the provided RSS feed and be in the loop when new providers are posted and eventually rated.


(Related) The porn industry is normally the earliest of early adopters.

http://news.cnet.com/8301-1009_3-10451566-83.html?part=rss&subj=news&tag=2547-1_3-0-20

Cutting-edge crooks keen on the cloud

by Toby Wolpe February 11, 2010 6:04 AM PST

… "One of the things that persuades me personally that the cloud is absolutely a viable model and has longevity is that it has already been adopted by criminals," Ferguson said. "They are the people who are leading-edge adopters of technology that is going to work and going to stick around for a long time.



This kind of article interests my students (Okay, me too)

http://www.makeuseof.com/tag/6-tips-optimize-pc-playing-movies/

6 Tips To Optimize Your PC For Playing Movies



Phones can do much more than the minimums the telecoms are willing to support.

http://www.theregister.co.uk/2010/02/10/droid_usb_hack/

USB hack connects Droid to printers, video cams, and more



Something for my nephew and niece?

http://www.makeuseof.com/tag/learning-type-online-morefun-defeating-ninjas/

Make Learning To Type Online More Fun By Defeating Ninjas!

http://www.addictinggames.com/ninjahunter.html

Wednesday, February 10, 2010

It is almost axiomatic that initial reports don't fully report the damage.

http://www.databreaches.net/?p=9930

Update: BlueCross ID theft warnings top 500,000 and growing

February 10, 2010 by admin

Dave Flessner reports:

Another 301,628 current and former members of BlueCross BlueShield of Tennessee soon will be getting letters alerting them that their personal information was included on computer hard drives stolen from the insurance company last year.

The Chattanooga-based health insurer announced today that the number of affected customers with potentially compromised identification and health information has more than doubled from the 220,133 persons already notified about the identity threat.

[...]

BlueCross still is accessing records of those whose names and addresses — but not Social Security numbers and other sensitive identity data — may be on the hard drives. Mr. Vaughn said even more people are likely to be contacted.

[...]

“The company seems to be bending over backwards to alert anyone whose records may be involved and authorities in the states where the affected people live,” said Deven McGraw, a privacy advocate with Center for Democracy and Technology. “It’s costing them a huge amount of money. They could have avoided this if they would have spent just a little bit more on the front end to better secure these hard drives or use data encryption to protect the records.”

Read more in the Chattanooga Times Free Press.

[From the article:

BlueCross already has spent more than $7 million to identify the scope of what was taken and to notify those affected, officials said.

… But so far, no one has been charged with any crime and BlueCross officials say there is no evidence that anyone has improperly accessed or used the data on the hard drives. [A common assertion of no value. They have no way to know that the data wasn't accessed, but they can say they have no 'evidence' that it was. Bob]



Are we seeing some push back at last?

http://www.databreaches.net/?p=9926

Javelin Study Finds Identity Fraud Reached New High in 2009, but Consumers are Fighting Back

February 10, 2010 by admin

The 2010 Identity Fraud Survey Report – released today by Javelin Strategy & Research (http://www.javelinstrategy.com/) – found that the number of identity fraud victims in the United States increased 12 percent to 11.1 million adults in 2009, while the total annual fraud amount increased by 12.5 percent to $54 billion(1). The report found that protection of data by consumers and businesses and enlisting assistance in resolution are helping consumers and businesses resolve fraud more quickly, and are also reducing or eliminating costs for the consumer.

To register for an interactive webinar detailing the report’s findings, please visit: https://www1.gotomeeting.com/register/115681009



Should we feel honored that criminals are fighting over us? (Have they no honor?)

http://it.slashdot.org/story/10/02/10/1337238/New-Russian-Botnet-Tries-To-Kill-Rivals?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

New Russian Botnet Tries To Kill Rivals

Posted by CmdrTaco on Wednesday February 10, @10:10AM

alphadogg writes

"An upstart Trojan horse program has decided to take on its much-larger rival by stealing data and then removing the malicious program from infected computers. Security researchers say that the relatively unknown Spy Eye toolkit added this functionality just a few days ago in a bid to displace its larger rival, known as Zeus. The feature, called "Kill Zeus," apparently removes the Zeus software from the victim's PC, giving Spy Eye exclusive access to usernames and passwords. Zeus and Spy Eye are both Trojan-making toolkits, designed to give criminals an easy way to set up their own "botnet" networks of password-stealing programs. These programs emerged as a major problem in 2009, with the U.S. Federal Bureau of Investigation estimating last October that they have caused $100 million in losses."



Just when people are beginning to understand the concept of a cookie, we start seeing variations.

http://www.wired.com/threatlevel/2010/02/feds-bust-cookie-stuffing-code-seller/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Feds Bust Cookie-Stuffing Code Seller

By David Kravets February 9, 2010 6:48 pm

… The now-defunct site lets nefarious website owners purchase his cookie-stuffing code to unwittingly dupe eBay to pay those site owners thousands of dollars in advertising referral fees, the authorities said.



...because his lips are moving.

http://www.pogowasright.org/?p=7697

UK: ISA chairman assures nation: Your data is safe

February 10, 2010 by Dissent

John Ozimek reports:

On Monday night, Panorama took a close look at the new scheme that went live last October, to create a vetting database that will determine whether adults are allowed to work with children and vulnerable adults. This scheme will, on the government’s own figures, cost the taxpayer an additional £277 million over the next three years.

Interviewed by Jeremy Vine, former Information Commissioner Richard Thomas was cautious. He said: “With any large governmental collection of personal information, there are clear and substantial risks that the information may be inaccurate.

[...]

Roger Singleton, Chairman of the Independent Safeguarding Authority (ISA) reassured viewers by confirming that there is a very high level of security within the government’s secure information system in terms of physical safeguards. [Hackers will have no trouble accessing the data. Bob]

He pointed out that the ISA has never lost any personal data, although as Jeremy Vine observed, the ISA has not yet had any data to lose.

Read more on The Register.


(Related) Not only can they keep the data, they can prove it's authentic by having the victim sign it! (Ah, to be a Bollywood movie star!) After all, what use is evidence that you can't later produce in court?

http://www.pogowasright.org/?p=7688

Shah Rukh signs off sexy body-scan printouts at Heathrow – or does he?

February 10, 2010 by Dissent

How many assurances have we seen that data from airport strip search scanners is destroyed immediately? A news story of February 6 by ANS suggested that this may not be the case. Indian star Shah Rukh Khan recently told BBC’s Jonathan Ross that not only did airport staff at Heathrow print out his very revealing digital images, but that he autographed copies for them:


(Related) Keeping customers can take on a whole new meaning.

http://www.wired.com/epicenter/2010/02/what-do-we-want-our-data-when-do-we-want-it-now?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

What Do We Want? Our Data. When Do We Want It? Now!

By Eliot Van Buskirk February 9, 2010 3:58 pm

Predictions about the appeal of cloud computing were on the money. We increasingly share, communicate, socialize and entertain ourselves with software and media on remote servers rather than on our own computers. But a big catch prevents more of us from investing much time or money in ephemeral digital media or constantly-changing online services: It can be difficult, if not impossible, to grab your stuff and split.



Now this surprises me. I have expressed a few concerns with the “push” updates to software. Adding new software that has nothing to do with the original product seemed a bit beyond the original agreement to me. I'd like to see some documentation of the arguments, but I suspect that won't be possible.

http://www.pogowasright.org/?p=7686

Judge dismisses Windows anti-piracy software lawsuit

February 10, 2010 by Dissent

Gregg Keizer reports:

A federal judge last week dismissed a three-year-old lawsuit that accused Microsoft of duping customers when it fed them company anti-piracy software as a critical security update, court documents show.

U.S. District Court Judge Richard Jones dismissed the case last Friday, a day after the plaintiffs and Microsoft agreed to drop the lawsuit.

[...]

Multiple lawsuits filed in July 2006 claimed that Microsoft mislead users by labeling the WGA software as a security update, and failed to tell customers that WGA collected information from their PCs, then frequently “phoned home” the data to Microsoft’s servers. The plaintiffs later combined their cases and asked the court to grant the joint lawsuit as a class-action.

Read more on Computerworld.

The plaintiffs seem to have dropped the suit because of the way the judicial winds were blowing. So it seems that Microsoft or any other company can dupe consumers into downloading and installing software that spies on the consumer’s system and “phones home” and they may get away with it.

[From the article:

Last year, Microsoft warned Jones that if the lawsuit was allowed to proceed as a class-action, it could be tapped for big money. "Plaintiffs seek hundreds of millions of dollars on behalf of tens of millions of persons for twelve forms of alleged damages," Microsoft said as it cast the plaintiffs as little more than gold diggers.



Can't say this surprises me. Very little happens in China without official approval (or an official deliberately ignoring something or someone).

http://arstechnica.com/tech-policy/news/2010/02/hacker-training-site-reappears-after-takedown-by-china.ars

Hacker training site backup lives after takedown by China

By Jacqui Cheng Last updated February 8, 2010 12:25 PM

Chinese authorities are making a cursory effort to crack down on hackers as of late, and have shut down hacker training website Black Hawk Safety Net. According to state-run news organization Xinhua, police in the Hubei Province made three arrests associated with the massive recruiting site and have confiscated numerous assets, including cash, servers, and a Honda Accord. With all eyes on China thanks to the Great Google Scandal of 2010, a move like this may calm fears that China is allowing itself to become a Wild West of cybercriminals. The problem is that Black Hawk already has a contingency plan in place and may be back sooner than later.



How do you distinguish a deposit to your personal bank account from a payment for services rendered? Expect the suspension to last until India can figure out which transfers should be taxed. (Or PayPal users realize they could deposit that money in a Swiss account.)

http://news.slashdot.org/story/10/02/10/0048246/India-Suspended-From-PayPal-For-At-Least-a-Few-Months?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

India Suspended From PayPal For "At Least a Few Months"

Posted by kdawson on Tuesday February 09, @11:24PM

More details have come about about what was behind PayPal's decision to suspend personal payments to any user in India, as we discussed on Sunday. In a blog post today, PayPal revealed that payments to India will remain in suspension for at least a few months. Customers in India will be able to pull rupees out of the service into their bank accounts within a few days. The suspension came about when Indian government regulators raised questions about whether PayPal's service was enabling remittences (transfers of money by foreign workers) to Indian citizens.

"The problems may have been triggered by a marketing push that promotes PayPal as a way to send money abroad, a source familiar with the matter said. The campaign — which reads 'As low as $1.50 to send $300 to countries like India' — may have caught the attention of Indian regulators, the source said."

[From the article:

PayPal notified users on Saturday that personal payments to and from India had been suspended, as well as transfers to local banks. Customers can still make commercial payments to India, but merchants can’t withdraw funds in rupees to local banks, the company said.

On Tuesday it said customers should be able to withdraw funds to a local bank within a few days. But for now it can do nothing to facilitate personal transactions.



Good news/bad news? Looks like a technique US ISPs might try.

http://arstechnica.com/telecom/news/2010/02/australias-internet-non-neutral-and-proud-of-it.ars

Australia's Internet: nonneutral and proud of it

By Nate Anderson | Last updated February 9, 2010 6:35 AM

Last week, an Australian federal judge issued a major ruling—the first of its kind worldwide—saying that ISPs aren't required to take action against subscribers after receiving letters alleging copyright infringement. But lost in most of the discussion of the ruling is another hot topic, net neutrality. If you want a good look at what a non-neutral 'Net looks like, take a gander at Australia.

The judge's ruling discussed the business practices of Australia's third-largest ISP, iiNet, and in doing so reminded non-Aussie readers about a defining feature of Internet life Down Under: bandwidth caps. Such caps are common around the world, but Australian ISPs take the idea one step further by setting up partnerships with entertainment services and music download companies. Any data usage directed at one of these favored services doesn't count against the monthly bandwidth cap.

… This is quite clearly nonneutral behavior in any sense of the term. ISPs like iiNet shape traffic when the quota is reached, meaning that all traffic to nonpartner sites is slowed dramatically, while the favored services continue at full speed. This isn't an outright "blocking" of other websites, which can be freely accessed until the cap is reached, but the effect is quite similar. How are high-bandwidth services like video streaming going to compete against those services favored by an ISP? How will new players ever gain market share?



Because you should never be exposed (no pun intended) to sub-standard porn. Is an Tampa jury applying Florida standards to a video produced in California a jury of his peers?

http://yro.slashdot.org/story/10/02/10/0140245/Appeals-Court-Rules-On-Internet-Obscenity-Standards?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Appeals Court Rules On Internet Obscenity Standards

Posted by kdawson on Wednesday February 10, @05:21AM

dark_requiem writes

"The 11th Circuit Court of Appeals has ruled that online content can be judged by the standards of the strictest community that is able to access it. The court upheld the conviction of pornography producer Paul F. Little, aka Max Hardcore, for violating obscenity laws in Tampa, despite the fact that the 'obscene' material in question was produced and sold in California. From the article: 'The Atlanta-based court rejected arguments by Little's attorneys that applying a local community standard to the Internet violates the First Amendment because doing so means material can be judged according to the standards of the strictest communities. In other words, the materials might be legal where they were produced and almost everywhere else. But if they violate the standards of one community, they are illegal in that community and the producers may be convicted of a crime. ... Jurors in Little's trial were told to judge the materials on the basis of how "the average person of the community as a whole — the Middle District of Florida" — would view the material.'" [They definitely would not want me on that jury. I would remind them that statistically, half the world is below average. Bob]

[From the article:

Little is from California but was tried in Tampa after investigators here ordered his videos through the mail and downloaded them over the Internet. [I wonder if anyone else did? Bob]



I wonder if this could be expanded into a moot court?

http://www.killerstartups.com/User-Gen-Content/instantjury-com-where-everybody-becomes-a-jury

InstantJury.com - Where Everybody Becomes A Juror

http://www.instantjury.com/

This site is based on an interesting premise: it lets the public become web-based jurors and settle disputes by casting their own votes in favor of either the plaintiff or the defendant. That is, people submit their own cases and dilemmas on the site, and each party can set down why he thinks that he is right. People will then vote for the one that they sympathize with, and they will also be able to leave comments in the forum that is opened for each and every case.



Google streetview expanded to include images of malls and standalone stores, now ski slopes. Next we will be asked to swallow Google capsule cam to map our intestinal tract... (Google Colon-Cam?)

http://www.wired.com/gadgetlab/2010/02/google-snowmobile-street-view/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Google Tricks Out a Snowmobile for Stunning Street View


(Related) Can't recall ever needing a worm's-eye view of my garden, but you can never have too much information.

http://www.wired.com/dangerroom/2010/02/darpas-plan-for-world-domination-map-entire-planets-underground/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

With Darpa’s ‘Transparent Earth,’ Underground Doesn’t Mean Out of Sight



What fun! Drive your cubicle-mates nuts by raining on their day! (Sorry boss, I can't get to work today. All the roads are washed out. … What do you mean it's not raining there?)

http://www.makeuseof.com/dir/rainymood-sound-of-rain-and-thunder-mp3/

RainyMood: Relax to the Sound of Rain and Thunder mp3

www.rainymood.com

Similar tool: SoundSleeping.

Similar sites: iSerenity, NapSounds, SimplyNoise and WhiteNoise (iPhone).



This is from a law blog (specifically e-discovery) but it has much wider implications. ...and I agree with him.

http://e-discoveryteam.com/2010/02/07/why-online-education-will-surpass-traditional-face-to-face-education-in-the-next-5-10-years/

Why Online Education Will Surpass Traditional Face-to-Face Education in the Next 5-10 Years

Those who change and go with the times will prosper, those who do not will go the way of the newspapers. For law schools that means their income and rankings will decline, their enrollment will suffer, and their faculty will transfer. They will struggle to make ends meet, and ultimately, many will close. The few who lead the way, or quickly catch up, will make up the difference as world-wide matriculation increases. They will grow in quality, prestige, and wealth.

Tuesday, February 09, 2010

I have often (perhaps too loud and too often) expressed my opinion that a “harm threshold” is a weasel clause, allowing the breached organization to “conclude” there was no harm because they can envision a harm-free scenario.

http://www.phiprivacy.net/?p=1984

HIPAA Harm Threshold Works, Say Providers

By Dissent, February 8, 2010 10:04 am

Dom Nicastro reports:

HHS’ “harm threshold” standard in its interim final rule on breach notification will prevent healthcare organizations from overwhelming patients with unnecessary breach notification [I want to hear every time. Bob] responses, according to providers who work with privacy and security.

At the 18th annual National HIPAA Summit Friday, Judi Hofman, CAP, CHP, CHSS, privacy/information security officer for Cascade Healthcare Community at St. Charles Medical Center in Bend, OR, and Debbie Mikels, corporate manager, confidentiality for Partners Healthcare System in Boston, said the provision published August 24 in the Federal Register gives covered entities the power to prevent unnecessary notifications.

“If you flood your patients with huge concerns, you’re going to open up a floodgate of problems in your organization where you really may not have had a risk to start with,” Hofman said.

Read the full coverage on Health Media Leaders.

[From the article:

According to the interim final rule, the important questions are:

  • In whose hands did the PHI land? [If you don't know (95% of the cases?) should you assume Mother Teresa? Bob]

  • Can the information disclosed cause "significant risk of financial, reputational, or other harm to the individual"? [And please have this opinion in writing signed by a C-level manager who is willing to “bet his job” he is correct. Bob]

  • Was mitigation possible? For example, can you obtain forensic proof that a stolen laptop computer's data was not accessed? [No. You can show there is no evidence of access, but lack of evidence is not proof the data was not accessed. Bob]


(Related) Consider this a lesson from the weasel-wording 101 textbook.

http://www.databreaches.net/?p=9904

AvMed: Data of 208,000 at risk after Gainesville theft

February 8, 2010 by admin

The Gainesville Sun reports that AvMed Health Plans announced that personal information of some current and former subscribers may have been compromised [If they define compromised the way most dictionaries do (expose or make liable to danger, suspicion, or disrepute ) there is no “may have been” The data was stolen. Bob] by the theft of two company laptops from its corporate offices in Gainesville on Dec. 11.

The information includes names, addresses, phone numbers, Social Security numbers and protected health information, according to an AvMed news release.

“The theft was immediately reported to local authorities but attempts to locate the laptops have been unsuccessful,” according to the news release. “On December 23, 2009, AvMed determined that the data on one of the laptops may not have been protected properly, [Well DUH! The information was stolen, clearly it wasn't protected adequately. They mean it wasn't encrypted. Bob] and approximately 80,000 of AvMed’s current subscribers and their dependents may be affected. An additional approximate 128,000 former subscribers and their dependents, dating back to April 2003, may also have been affected.”

Read more in The Gainesville Sun.

A copy of AvMed’s release does not appear to be available on their web site at the time this entry was filed.

[From the article:

The random way the data was listed makes the risk of identity theft very low, the company said. [The data is very unlikely to be listed randomly, although it may appear so to non-techies. Bob]

… It announced the breach in a release dated Feb. 5. [Less than two months. Bob]

The delay in announcing the breach was to avoid hindering the investigation and to set up identity protection services. [Because we never considered that we might have a breach, so we made no effort to contract with a service before the breach. Bob]

There are currently no known reports of identity theft, [Not that anyone knew who to report to until your announcement. Bob] but Ruiz-Topinka said AvMed will have a better idea once members start registering for identity protection.

… AvMed has also implemented additional security procedures and training. [I wonder if the procedures now require data to be encrypted or portable devices to have low-jack software installed? Bob]



They have about 50 million people. If the proportion held in the US, we would be seeing more than 30 million “cases” a month!

http://www.databreaches.net/?p=9909

Za: Hijacked IDs are fuelling spending sprees

February 9, 2010 by admin

Identity theft has increased phenomenally in South Africa, reaching such a level that a major retailer is thinking about installing photo-recognition or fingerprint scanners in its stores.

Johan Kok, chief operating officer of JD Group, said identity theft had become much more sophisticated in the past five years. Their group is part of the South African fraud-prevention service, and they see between five and six million cases of fraud a month.

JD Group has Bradlows, Hi-Fi Corporation, Incredible Connection, Joshua Doore, Morkels and Russells among its stable.

Read more on iol.co.za



A hacker does not need to be an Einstein, just tenacious.

http://www.databreaches.net/?p=9915

Woman worms into D.C. taxpayer accounts

February 9, 2010 by admin

Michael Neibauer reports:

A mentally ill woman exploited a loophole in D.C. tax office online systems to gain unauthorized access to taxpayer accounts, establish herself as the owner of dozens of businesses and file returns on their behalf.

Details of the online trespass, by a woman who law enforcement sources say believed herself to be the guardian of large corporations, were laid out in an independent auditor’s review of the District’s fiscal 2009 books and financial systems. BDO Seidman, D.C.’s outside auditor, found automated and manual tax processes in the Office of Tax and Revenue to be “significant deficiencies” in internal controls.

OTR was home to the largest theft in D.C. government history. In that case, tax office manager Harriette Walters exploited failings in the agency’s tax refund process to steal $50 million over two decades.

Law enforcement sources confirmed to The Examiner that the latest caper was performed by a mentally ill woman. She was not a D.C. employee. A review by the U.S. attorney is ongoing.

Read more in The Examiner. H/T, Privacy Lives.



This sounds entirely too much like my classes...

http://www.fastcompany.com/blog/kit-eaton/technomix/china-gets-serious-about-cyber-security-busts-nations-biggest-hacking-schoo

China Busts Nation's Biggest Hacking School ... for Google's Sake?

BY Kit EatonToday

… It seems that their main crime isn't so much hacking themselves, but running a subscription site which provided sophisticated tools like trojans and account-hijacking code. They also ran training sessions in which they'd show other coders how to write malicious code. Over the years of operation, Black Hawk attracted some 17,000 VIP members, 140,000 free-access members and had made a haul of the equivalent of just over a million dollars in membership fees.


(Related) This does not. (Demonstrating my cattle prod the first day of class keeps them on their toes.)

http://science.slashdot.org/story/10/02/08/1724245/Turns-Out-You-Actually-Can-Be-Bored-To-Death?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Turns Out You Actually Can Be Bored To Death

Posted by samzenpus on Monday February 08, @02:22PM

A study conducted by researchers at University College London shows that boredom can kill you. The researchers found that people who reported feeling a great deal of boredom were 37 per cent more likely to have died by the end of the study. Martin Shipley, who co-wrote the report said, "The findings on heart disease show there was sufficient evidence to say there is a link with boredom."



This is not just a Global Warming problem. Imagine the same levels of error in drug test analysis software...

http://science.slashdot.org/story/10/02/09/1336250/Call-For-Scientific-Research-Code-To-Be-Released?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Call For Scientific Research Code To Be Released

Posted by Soulskill on Tuesday February 09, @09:41AM

Pentagram writes

"Professor Ince, writing in the Guardian, has issued a call for scientists to make the code they use in the course of their research publicly available. He focuses specifically on the topical controversies in climate science, and concludes with the view that researchers who are able but unwilling to release programs they use should not be regarded as scientists. Quoting: 'There is enough evidence for us to regard a lot of scientific software with worry. For example Professor Les Hatton, an international expert in software testing resident in the Universities of Kent and Kingston, carried out an extensive analysis of several million lines of scientific code. He showed that the software had an unacceptably high level of detectable inconsistencies. For example, interface inconsistencies between software modules which pass data from one part of a program to another occurred at the rate of one in every seven interfaces on average in the programming language Fortran, and one in every 37 interfaces in the language C. This is hugely worrying when you realise that just one error — just one — will usually invalidate a computer program. What he also discovered, even more worryingly, is that the accuracy of results declined from six significant figures to one significant figure during the running of programs.'"



Need low-jack for your phone?

http://www.makeuseof.com/dir/wavesecure-anti-theft-software-for-mobile/

WaveSecure: Anti Theft Software For Mobile

WaveSecure is a nifty anti theft software for mobiles (Android, Symbian and Windows Mobile based cellphones). It can help you backup and restore your cellphone data automatically, lock down the phone when it is lost, send SMS alert to a friend you specified earlier, wipe out your private data and track it down if the cellphone is Wi-FI or GPS enabled.

www.wavesecure.com



GIMP is an extremely huge, complex and capable package. You'll need help becoming a master.

http://www.makeuseof.com/tag/5-websites-learn-gimp-photo-editor-online/

5 Websites To Make You A GIMP Ninja



Because you don't want to be using your Kindle while you drive. Lots of early science fiction and even Flatland!

http://www.makeuseof.com/dir/audioowl-free-audio-books-for-ipod/

AudioOwl: Get Free Audio Books For iPod

www.audioowl.com

Similar tools: ThoughtAudio, NewFiction, WellToldTales, PodioBooks and LibriVox.


(Related) A do-it-yourself tool. Perhaps I can get my students to listen to their textbooks, because they seem to be very reluctant to actually read them!

http://www.killerstartups.com/Web-App-Tools/carryouttext-com-rendering-texts-as-audio-files

CarryoutText.com - Rendering Texts As Audio Files

http://www.carryouttext.com/

In a nutshell, Carryout Text will empower you to take any text document and have it transposed into an audio file that you can save on your HD and play whenever you want. A service like this one certainly has as many uses as you can dream up. Some will employ it to have their emails read to them while they are at the gym, whereas others will use it to have the news read to them while they are commuting. Also, busy housewives can use it while they are cooking or doing the cleaning and they want to keep abreast of new content within their favorite blogs.



We don't need no stinking lawyers!

http://www.makeuseof.com/tag/create-software-license-agreement/

How to Create Your Own Software License Agreement



Like I needed an excuse! Still, I don't want to risk a silicon deficiency...

http://news.cnet.com/8301-27083_3-10449270-247.html?part=rss&subj=news&tag=2547-1_3-0-20

Silicon: It's good for you, especially in beer

by Elizabeth Armstrong Moore February 8, 2010 3:58 PM PST



Dilbert illustrates another risk of technology. “We can, therefore we must!”

http://dilbert.com/strips/comic/2010-02-09/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+DilbertDailyStrip+%28Dilbert+Daily+Strip%29