Saturday, April 17, 2010

It seems the reporters in Pennsylvania are not very good at discovering and reporting facts. Perhaps they have never learned how to use “informed sources” as a euphemism for what the lawyers tell them “off the record” OR maybe they're just bad reporters.

http://www.philly.com/inquirer/front_page/20100417_L__Merion_to_let_parents_see_secretly_snapped_photos.html

L. Merion to let parents see secretly snapped photos

By John P. Martin and Dan Hardy Inquirer Staff Writers Posted on Sat, Apr. 17, 2010

The president of the Lower Merion school board said Friday that investigators had retrieved "a substantial number" of photos secretly snapped by laptops the district gave its high school students, and that officials were arranging for parents whose children were photographed to see the pictures in private.

In his strongest terms since the furor began over the laptop-tracking program two months ago, board president David Ebby also said district officials "deeply regret the mistakes and misguided actions" that have given rise to a lawsuit, a federal criminal inquiry, a call for new privacy legislation, and a wave of national publicity.

But Ebby said Lower Merion's continuing internal investigation had found no evidence that its employees used the technology for "inappropriate" purposes. [“mistakes and misguided actions” are appropriate? Bob]

… And U.S. Attorney Michael Levy, in a letter sent Friday, asked the judge presiding over the Robbinses' civil case to let FBI agents start analyzing the district's computers and the photos they collected. U.S. District Judge Jan E. DuBois has previously ruled that only lawyers for the Robbinses and the schools should see such evidence.

… In his latest motion, the Robbins family's attorney, Mark S. Haltzman, said that during two weeks in the fall, the tracking system on the Apple MacBook that Robbins took home captured more than 400 images of the 15-year-old and his family members - including shots of Blake asleep in bed. [Is there a legal definition of “enough?” Or any guidance provided by the school, state or federal law, or even common sense? Bob]


(Related)

http://www.philly.com/philly/news/local/90913074.html

Judge restricts access to L. Merion laptop photos

By John P. Martin Inquirer Staff Writer Posted on Thu, Apr. 15, 2010

… The order was faxed to 17 lawyers - a reflection of how the case has grown

… Once turned on, the camera - intended to track lost or stolen laptops - secretly snapped a photo, captured an image of the computer's screen, [First time I've seen that... Bob] recorded the laptop's Internet address, and repeated these events every 15 minutes until it was turned off.

… District officials have not said exactly how many students were photographed or monitored, or how often. [A good question because (if the laptops were stolen) one would hope no students appeared in the photos. Bob]


Now you too can violate student/employee rights! FOR FREE!

http://preyproject.com/

Prey

Prey helps you locate your missing laptop by sending timed reports with a bunch of information of its whereabouts. This includes the general status of the computer, a list of running programs and active connections, fully-detailed network and wifi information, a screenshot of the running desktop and — in case your laptop has an integrated webcam — a picture of the thief.



Most of these are small. But if you're “on the list” it would have been nice to have been contacted. What excuse criteria did they use to ignore the breach notification requirements?

http://www.databreaches.net/?p=11236

100 more breaches you probably never knew about in 2009


(Related)

http://www.databreaches.net/?p=11246

95 new breaches in 2010 that didn’t make the news



Well here's a truly vague, non-monetary not-quite-penalty! Let that be a lesson to ya – no need to protect data if your lawyer is a better negotiator than the AG. (Actually, it is almost impossible to protect data from an authorized insider. Detection is all you can guarantee.)

http://www.databreaches.net/?p=11268

Attorney General Reaches Settlement with Certegy Check Services over Data Breach

April 16, 2010 by admin

Attorney General Bill McCollum today announced a settlement with a financial services company over allegations the company did not provide adequate data security for consumer records. Certegy Check Services, Inc., a St. Petersburg-based company, experienced a massive data breach which exposed personal identification information from approximately 5.9 million consumer files. Under the settlement, the company will ensure that safeguards are in place to protect consumer data.

Certegy Check Services, Inc., a related company, Fidelity National Card Services, and subsidiaries of Fidelity National Information Services, Inc., reported in July 2007 that customer data had been stolen by a former company employee.

… In addition to the compliance standards, Certegy will contribute $125,000 to the Attorney General’s Seniors vs. Crime Program for educational, investigative and crime prevention programs for the benefit of senior citizens and the community and will pay $850,000 for the state’s investigative costs and attorney’s fees.



Police have bureaucracies too.

http://www.databreaches.net/?p=11260

Recovered: Stolen data on 3 million student loan borrowers

April 16, 2010 by admin

Paul Walsh reports:

Stolen personal information on more than 3 million student loan borrowers was recovered in connection with the discovery in a Minneapolis alley of two safes containing CDs and floppy discs and sat in a police evidence room for weeks before authorities knew just what they had, state officials said Friday.

[...]

The 200-pound safes, pried open, were found March 22 in a residential alley in the 3500 block of Knox Avenue N. by a landlord in the neighborhood and then taken by police to the department’s evidence room for later inspection, said Andy Skoogman, spokesman for the state Department of Public Safety. All 650 or so CDs and floppy discs, still in their original packaging, were found in the trash nearby.

Read more in the Star Tribune.

[From the article:

… stolen sometime over the March 20-21 weekend

… The Star Tribune reported the burglary March 27 in a front-page story

… Despite that publicity, Minneapolis police didn't realize until April 12 that they had recovered the data, officials said.

… The BCA lab in St. Paul is looking at the safes and their contents for additional evidence. When that analysis is complete, the U.S. Department of Education office of inspector general will review the digital media as a precaution to definitively determine whether data was compromised. [This is not possible. If they make a statement to that effect, can a victim sue their pants off? Bob]



Another legal first!

http://www.pogowasright.org/?p=9001

Spam Suspect Uses Google Docs, FBI Happy

April 16, 2010 by Dissent

Kevin Poulsen reports:

FBI agents targeting alleged criminal spammers last year obtained a trove of incriminating documents from a suspect’s Google Docs account, in what appears to be the first publicly acknowledged search warrant benefiting from a suspect’s reliance on cloud computing.

The warrant, issued August 21 in the Western District of New York, targeted Levi Beers and Chris de Diego, the alleged operators of a firm called Pulse Marketing, which was suspected of launching a deceptive e-mail campaign touting a diet supplement called Acai Pure. The warrant demanded the e-mail and “all Google Apps content” belonging to the men, according to a summary in court records.

Read more on Threat Level.



“Write you password on a sticky-note and leave it where students can find it” is not a Best Practice. (Interesting that a teacher can't change grades...)

http://www.computerworld.com/s/article/9175699/Police_called_after_9_year_old_steals_password?taxonomyId=17

Police called after 9-year-old steals password

By Robert McMillan April 16, 2010 08:06 PM ET

IDG News Service - A few weeks ago, officials at Fairfax County Public Schools thought they had a hacker on their hands.

Someone was changing teacher passwords on the Falls Church, Virginia, school district's Blackboard system, which is used to give teachers, students and parents a way to communicate and stay on top of homework assignments and class announcements over the Web.

Local police were called; they investigated and traced the incident to the home of a 9-year-old student at the school. Although police initially thought that the Blackboard system had been hacked, it turned out that a Fairfax student -- who has not been identified -- had simply taken a teacher's password from a desk and used it to change enrollment lists and other teachers' passwords.

"This was a case where an individual ... got hold of a teacher's password, and the passwords had administrative rights," said Paul Regnier, a school board spokesman.

The student was able to enroll teachers in classes, and when he did so he could modify their passwords on the Blackboard system, but there wasn't much more he could do, Blackboard representatives said. The intruder couldn't, for example, change grades or access other machines on the school's system.

… . "It was actually not a hack, unless you consider the fact that the 9-year-old took the teacher's username and password from the desk a hack," said Michael Stanton, Blackboard's senior vice president of corporate affairs.


(Completely unrelated)

http://gizmodo.com/5518472/password-tattoos-to-keep-pacemakers-safer-from-hackers

Password Tattoos To Keep Pacemakers Safer From Hackers

Some pacemakers are accessible wirelessly for reprogramming, but the trouble is that this easy access could be abused maliciously. [Attention hacking students! Bob] Sure, passwords would keep the devices safer from such intrusions, but the patient could forget or lose those. Solution? Password tattoos.

By tattooing passwords onto patients with ink that can only be seen under a UV light, doctors would have an easily accessible password in case of an emergency and patients would have an additional layer of security protecting their medical gadgets.



Sour grapes – but at least there is no troublesome precedent...

http://www.wired.com/threatlevel/2010/04/emailprivacy-2/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Yahoo Beats Feds in E-Mail Privacy Battle

By David Kravets April 16, 2010 1:52 pm

Yahoo prevailed Friday over Colorado federal prosecutors in a legal battle testing whether the Constitution’s warrant requirements apply to Americans’ e-mail.

Saying the contested e-mail “would not be helpful to the government’s investigation,” (.pdf) the authorities withdrew demands for e-mail in a pending and sealed criminal case. For the moment, the move ends litigation over the hotly contested issue of when a warrant under the Fourth Amendment is required for Yahoo and other e-mail providers to release consumer communications to the authorities.



Now mom & dad can be Big Brother too!

http://www.makeuseof.com/tag/mcgruff-safeguard-free-spy-software-download-monitor-kids/

McGruff SafeGuard – A Free Spy Software Download To Monitor Your Kids



Would this be an issue if people occasionally paid attention to their security?

http://it.slashdot.org/story/10/04/16/1646244/ClamAV-Forced-Upgrade-Breaks-Email-Servers?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

ClamAV Forced Upgrade Breaks Email Servers

Posted by kdawson on Friday April 16, @01:35PM

An anonymous reader writes

"A couple of weeks ago Sourcefire announced end-of-life for version 0.94 of its free ClamAV antivirus package (and in fact has been talking about it for six months). The method that Sourcefire chose to retire 0.94 was to shut down the server that provided its service. Those who had failed to upgrade are scrambling now. Many systems have no choice but to disable virus checking in order to continue to process email. I am very glad I saw the announcement last week!"



To doubt Climate data is to doubt that government is spending you tax dollars wisely. Of course you will be intimidated investigated.

http://www.pogowasright.org/?p=8997

Now being a skeptic will expose you to police investigation?

April 16, 2010 by Dissent

Donna Bowater reports:

The university embroiled in the scandal over leaked climate change emails has sparked outrage by handing the personal details of climate change sceptics (sic) to police.

The University of East Anglia claimed it had been deluged with requests from sceptics under the Freedom of Information Act shortly before hacked emails were published which appeared to show scientists manipulating climate change data.

But the university has angered privacy campaigners after passing on the details of those asking for information to Norfolk Police, which is investigating the alleged email theft with the National Domestic Extremism Unit.

[...]

Another, businessman Sebastian Nokes, said he had been called by a detective who “wanted to know what computer I used, my internet service provider, and also to which political parties I have belonged, what I feel about climate change and what my qualifications in climate science are. He questioned me at length.”

Read more on Express.co.uk

[From the article:

Detectives are interviewing all those who legally used the FOI Act to request information from the Climatic Research Unit, questioning them about their scientific and political beliefs.



Headlines will now read: “REDACTED found guilty!”

http://www.pogowasright.org/?p=9020

Missouri considers restricting access to court records

April 17, 2010 by Dissent

Chris Blank reports:

More information about people involved in the court system could be kept private under new rules being considered by a committee of Missouri judges.

The changes would cover civil and criminal cases and affect the release of personal information through the state court system’s online Casenet public database.

Under the proposed rules, online case records would show only the city, state and ZIP code for criminal defendants and those involved in civil lawsuits. Currently, those records contain full addresses.

Read more on KansasCity.com.


(Related) Compare the previous article to this one.

http://www.pogowasright.org/?p=9018

Illinois makes millions by selling personal records

April 17, 2010 by Dissent

Chris Essig reports:

This year’s census has some citizens fearing they are giving away too much personal information to the federal government.

But in Illinois, state officials already sell personal information to insurance companies, federal and state government agencies and others, raking in millions of dollars along the way.

Personal information found on driver’s licenses, driving records, vehicle registration and insurance documentation is available to not only law enforcement, but other outlets as well. The Secretary of State’s office holds the information and charges a fee of $12 per record to companies who wish to look at the data.

Last year, the state made $61.1 million selling personal information. In 2007, the Secretary of State’s office received $64.3 million, while in 2008 it brought in $63.9 million.

The majority of the income comes from insurance companies that primarily request information to determine if they wish to cover someone and what rates to set, said Henry Haupt, spokesman for the secretary of state’s office.

Read more in the Quad-City Times.



Politically, I suspect it would be difficult to reverse software patents – if for no other reason than the great reduction in campaign contributions.

http://yro.slashdot.org/story/10/04/16/2041245/Is-the-Tide-Turning-On-Patents?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Is the Tide Turning On Patents?

Posted by Soulskill on Friday April 16, @05:05PM

Glyn Moody writes

"The FSF has funded a new video, 'Patent Absurdity: how software patents broke the system,' freely available (of course) in Ogg Theora format (what else?). It comes at a time when a lot is happening in the world of patents. Recent work from leading academics has called into question their basis: 'The work in this paper, and that of many others, suggests that this traditionally-struck "devil's bargain" may not be beneficial.' We recently discussed how a judge struck down Myriad Genetics's patents on two genes because they involved a law of Nature, and were thus 'improperly granted.' Meanwhile, the imminent Supreme Court ruling In re Bilski is widely expected to have negative knock-on effects for business method and software patents. Is the tide beginning to turn?"



DU ranks 18th in “Part Time Law” – For a second there I thought that meant their graduates were law abiding only some of the time... You know... Politicians!

http://www.bespacific.com/mt/archives/024041.html

April 16, 2010

U.S. News and World Reports Ranks Yale Law School Number 1

Best Law Schools: A career in law starts with finding the school that fits you best. With U.S. News’s rankings, narrow your search by location, tuition, school size, and test scores. Plus, see the top schools in specialties such as environmental law, intellectual property law, and tax law."


(Related?) I wonder if there is a relationship between the school these folks graduated from and its ranking. More likely, where they teach is closely related to ranking.

http://www.bespacific.com/mt/archives/024040.html

April 16, 2010

National Law Journal Report The Decade's Most Influential Lawyers

The Decade's Most Influential Lawyers - These are the lawyers who've defined a decade.

  • "For our annual Most Influential Lawyers special report, the editors of The National Law Journal have selected 40 attorneys in a dozen key legal areas whose work between Jan. 1, 2000, and Dec. 31, 2009, was so consequential that it helped to push the profession, an industry or a practice area substantially forward. The lawyers were selected through our staff's reporting, as well as from more than 100 nominations submitted by the legal community. Associate Editor Leigh Jones valiantly spearheaded the effort, sifting through mounds of material to help us come to our difficult, final decisions."



Your government in action

http://www.docuticker.com/?p=34414

Ten Thousand Commandments: An Annual Snapshot of the Federal Regulatory State

Federal regulations cost a whopping $1.187 trillion last year in compliance burdens on Americans.

Friday, April 16, 2010

This is beginning to smell worse and worse. I wonder if there are any clear instructions to the techies in any of that evidence.

http://www.pogowasright.org/?p=8956

Webcamgate: Laptops took thousands of images – lawyer

April 16, 2010 by Dissent

John P. Martin reports:

The system that Lower Merion school officials used to track lost and stolen laptops wound up secretly capturing thousands of images, including photographs of students in their homes, Web sites they visited, and excerpts of their online chats, says a new motion filed in a suit against the district.

More than once, the motion asserts, the camera on Robbins’ school-issued laptop took photos of Robbins as he slept in his bed. Each time, it fired the images off to network servers at the school district.

Back at district offices, the Robbins motion says, employees with access to the images marveled at the tracking software. It was like a window into “a little LMSD soap opera,” a staffer is quoted as saying in an e-mail to Carol Cafiero, the administrator running the program.

“I know, I love it,” she is quoted as having replied.

Those details, disclosed in the motion filed late Thursday in federal court by Robbins’ attorney, offer a wider glimpse into the now-disabled program that spawned Robbins’ lawsuit and has shined an international spotlight on the district.

Read more on Philly.com

[From the article:

The motion says Cafiero, who has been placed on paid leave, has failed to turn that computer over to the plaintiffs despite a court order to do so, and asks a judge to sanction her.

Cafiero's lawyer Thursday night disputed the suggestion that his client had downloaded any such photos to her home computer. Lawyer Charles Mandracchia said Cafiero has cooperated with federal investigators and is willing to let technicians hired by the district examine her computer if the judge so orders.

He also said Robbins' attorney had never asked him for Cafiero's personal computer. "He's making this up because his case is falling apart," Mandracchia said.

… The Robbinses' lawyer, Mark S. Haltzman, said the new details emerged in tens of thousands of pages of documents and e-mails the district turned over to him in recent weeks.

Three district employees have also given sworn depositions in the suit. A fourth, Cafiero, declined to answer Haltzman's questions, asserting her Fifth Amendment right against self-incrimination.


(Related) Is this another indication this is going to blow up?

Senators Introduce Bill in Response to EFF’s Call for New Protections Against Secret Video Surveillance

April 16, 2010 by Dissent

Kevin Bankston writes:

Wow, that was fast: little more than two weeks after EFF testified to a Senate subcommittee that federal electronic privacy law needs to be updated to protect against secret video surveillance just like it regulates electronic eavesdropping, Senator Arlen Specter has responded by introducing a bill to do just that.

Specter, chairman of the subcommittee that held the hearing in response to the scandal over a Pennsylvania school district’s alleged use of webcams on school-issued laptops to spy on students at home, today introduced the Surreptitious Video Surveillance Act of 2010. The bill, co-sponsored by Senators Feingold and Kaufman, would update the federal wiretapping statute to create serious criminal and civil penalties for secret, nonconsensual [Isn't that redundant? Could you have “secret, consensual” surveillance? Bob] video surveillance inside any temporary or permanent residence, be it your house, your apartment, or your hotel room.

Read more on EFF.


(Related)

http://www.pogowasright.org/?p=8961

Study finds young adults do care about online privacy, despite anecdotes of raunchy photos

April 16, 2010 by Dissent

Barbara Ortutay of the Associated Press reports:

All the dirty laundry younger people seem to air on social networks these days might lead older Americans to conclude that today’s tech-savvy generation doesn’t care about privacy.

Such an assumption fits happily with declarations that privacy is dead, as online marketers and social sites such as Facebook try to persuade people to share even more about who they are, what they are thinking and where they are at any given time.

But it’s not quite true, a new study finds. Despite mounds of anecdotes about college students sharing booze-chugging party photos, posting raunchy messages and badmouthing potential employers online, young adults generally care as much about privacy as older Americans.

Read more in the Chicago Tribune.

[The full report: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1589864



It is bad, but not uncommon, for management not to know where their assets are, but I would have expected the Police to look for some evidence before arresting people!

http://www.databreaches.net/?p=11230

(follow-up) St Albans laptop theft suspect released

April 16, 2010 by admin

Alex Lewis reports:

The man arrested for stealing a laptop computer containing the addresses of thousands of people in St Albans has been released by police without charge.

The 35-year-old Stevenage man, employed by a contractor providing computer services to the authority, was arrested in October after it emerged that a computer with the personal details of every postal voter in the district was missing.

Police spokeswoman Laurel Smithson said: “After an extensive and thorough police investigation, it is unknown whether the laptops were stolen or simply went missing, possibly over a much longer time period.”

Source: St. Albans Review.

That last statement suggests that St. Albans cannot even determine that anyone actually saw the laptop or checked it off on an inventory at some point in time close to the date when it went missing or was stolen. Not good.



A website for financial institutions with no adequate legal representation? Or is the assumption: Otherwise, nothing will get done?

http://www.pogowasright.org/?p=8965

Federal Regulators Release Model Consumer Privacy Notice Online Form Builder



For my Computer Security students.

http://www.makeuseof.com/dir/trackerwatcher-checks-websites-companies-track/

TrackerWatcher: Checks Websites For Companies That Track You

… TrackerWatcher is a Firefox plugin that helps us know which companies track our activities on websites and how they handle that information they collect.

This plugin was developed by PrivacyChoice, a website that aims to make consumer privacy choices understandable and actionable. Installing this plugin will add an eye button to your toolbar. Clicking it while on a website will open a PrivacyChoice page that will show you what ad-targeting companies are running on that page.

It also displays the highlights of those companies’ privacy statements on how they handle your information on various aspects such as anonymity, sharing, sensitivity, and deletion.

After viewing the privacy policies, you can use PrivacyChoice to tell these companies not to use your information to target advertising to you. [i.e. You can opt out. Bob]

Check out and download TrackerWatcher @ https://addons.mozilla.org/addon/14454



Know your hackers... Will Cyber Command become just a division of NSA?

http://www.wired.com/dangerroom/2010/04/pentagons-prospective-cyber-commander-talks-terms-of-digital-warfare/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Prospective U.S. Cyber Commander Talks Terms of Digital Warfare

By Nathan Hodge April 15, 2010 9:57 am

… In a hearing this morning, the Senate Armed Services Committee will review the nomination of Army Lt. Gen. Keith Alexander to be the head of the Pentagon’s new Cyber Command.

…. He comes from the world of electronic intelligence: He is director of the National Security Agency (NSA), [and he stays in command. Bob] the super-secretive military and intelligence outfit at Fort Meade, Maryland, that is charged with code-cracking and foreign communications interception. And he will head an organization that, in large part, will be an important line of defense against cyberspying. (He’s a classmate of Gen. David Petraeus, West Point class of ‘74.)



It never hurts to ask. If you can do it with a straight face, many politicians my even believe you.

http://gizmodo.com/5517850/riaampaa-want-government+mandated-spyware-that-deletes-infringing-content-automatically

RIAA/MPAA Want Government-Mandated Spyware That Deletes 'Infringing' Content Automatically

The RIAA and MPAA have submitted a plan to the Office of Intellectual Property Enforcement. It's basically a plan that they want the government to enact, and it's terrifying.

Here are some of the lovely things that they're calling for:

* spyware on your computer that detects and deletes infringing materials;

* mandatory censorware on all Internet connections to interdict transfers of infringing material;

* border searches of personal media players, laptops and thumb-drives;

* international bullying to force other countries to implement the same policies;

* and free copyright enforcement provided by Fed cops and agencies (including the Department of Homeland Security!).



The FCC could care less what the rest of the world is doing, but Apple should...

http://www.pcmag.com/article2/0,2817,2362697,00.asp

Israel Bans iPad Imports Over Wi-Fi Issue

… "The iPad device sold exclusively today in the United States operates at broadcast power levels [over its WiFi modem] compatible with American standards," according to statement published by the Monitor. "As the Israeli regulations in the area of WiFi are similar to European standards, which are different from American standards, which permit broadcasting at lower power, therefore the broadcast levels of the device prevent approving its use in Israel."

Thursday, April 15, 2010

“Surprise, surprise, surprise!” G. Pyle

http://www.databreaches.net/?p=11224

First Annual French Ponemon Study Shows the High Cost of Data Breaches for French Organizations

April 15, 2010 by admin

Privacy and information management research firm Ponemon Institute, together with PGP Corporation, a global leader in enterprise data protection, today announced the results of the first annual study into the costs incurred by French organisations after experiencing a data breach. The “2009 Annual Study: French Cost of a Data Breach” report, compiled by the Ponemon Institute and sponsored by PGP Corporation, found that each lost customer record cost on average of euro 89 in 2009. The ex-post response is the main contributor to this expense (euro 31), followed jointly by lost business and detection and escalation of incidents (euro 27). With no data breach notification law currently applicable in France, it is unsurprising that data breach notification accounts for only euro 4 of the average cost.

… One of the most striking findings of the 2009 study is the significant difference in costs incurred in the various sectors, particularly in the public versus private sector. While the public sector faced average costs of euro 31 per lost record, the cost increased to as much as euro 147 per record in the pharmaceutical industry and euro 140 in the financial industry. These were also the industries that experienced the highest level of customer turnover due to diminished customer confidence and trust, a factor which had no impact on the public sector.

… ”Should the new data breach notification bill that has just been passed by the French Senate be adopted by the National Assembly, the costs associated with handling incidents will surely increase.

Post data breach responses

The organisations participating in the research identified encryption and strengthened perimeter controls as the top two technology responses following a data breach with 25 percent and 21 percent respectively. However, the most popular preventative measures taken were additional manual procedures and controls (53 percent) and training and awareness programs (46 percent)

.... A copy of the study, including a full breakdown of the various direct and indirect costs impacting organisations, is available from PGP Corporation at: www.encryptionreports.com.

Source: PR Newswire



Interesting idea: rate computer security by grade level. I wonder what percentage would be at the college graduate level?

http://www.databreaches.net/?p=11228

Boy, 9, accused of hacking into Fairfax schools’ computer system

April 15, 2010 by admin

Tom Jackman reports:

Are you smarter than a third-grader? Because the online education system used by the Fairfax County public schools apparently is not.

Police say a 9-year-old McLean boy hacked into the Blackboard Learning System used by the county school system to change teachers’ and staff members’ passwords, change or delete course content, and change course enrollment.

[...]

The Fairfax schools’ network security manager reported the breach to police March 22, according to a search warrant affidavit written by Detective Brooke D. Ware. The manager found that most of those targeted worked at Spring Hill Elementary or Churchill Road Elementary schools and that a student’s account at Spring Hill had been enabled with administrator privileges, Ware wrote.

Read more in the Washington Post.



You could fall asleep reading the title, but that's bureaucrats for you.

http://www.pogowasright.org/?p=8920

Statement of Glenn A. Fine, Inspector General, U.S. Department of Justice before the House Committee on the Judiciary Subcommittee on the Constitution, Civil Rights and Civil Liberties concerning “Report by the Office of the Inspector General on the Federal Bureau of Investigation’s Use of Exigent Letters and Other Informal Requests for Telephone Records”

April 14, 2010 by Dissent

The testimony, here, makes clear that the FBI misused and abused exigent letters. In many cases, there was no real emergency and in many cases where the FBI said that subpoenas had been sought, they had not been sought at all. Fine’s testimony also describes how the FBI engaged in other improper practices such as obtaining phone records on hot numbers without any legal process, improperly using administrative subpoenas, inaccurate statements to the Foreign Intelligence Surveillance Court, and improper requests for reporters’ telephone numbers without required approval.

Part of the investigation and report dealt with how having representatives of three communication providers “on site” with the FBI facilitated a more casual approach to “exigent” letters and contributed to a blurring and weakening of required protections and procedures.

There’s a lot more to the report, including reference to another unspecified legal authority that the FBI claims it could have (but has not) used to obtain telephone records without relying on the NSL provisions of the ECPA.

What is clear from the testimony is that after 9-11, the government attempted to speed up acquisition of information for identifying potential terrorists, but that the sense of urgency led to wholesale disregard for proper procedure and protections, with all levels of the FBI being responsible for the misuse and abuse of procedures.



Will they also predict which voters will find this offensive enough to vote their congressman out of office?

http://gizmodo.com/5517231/crime-prediction-software-is-here-and-its-a-very-bad-idea

Crime Prediction Software Is Here and It's a Very Bad Idea

There are no naked pre-cogs inside glowing jacuzzis yet, but the Florida State Department of Juvenile Justice will use analysis software to predict crime by young delinquents, putting potential offenders under specific prevention and education programs. Goodbye, human rights!

They will use this software on juvenile delinquents, using a series of variables to determine the potential for these people to commit another crime. Depending on this probability, they will put them under specific re-education programs. Deepak Advani—vice president of predictive analytics at IBM—says the system gives "reliable projections" so governments can take "action in real time" to "prevent criminal activities?"



One idea of “guidance”

http://yro.slashdot.org/story/10/04/14/1946216/Thailand-Cracks-Down-On-Twitter-Facebook-Etc?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Thailand Cracks Down On Twitter, Facebook, Etc.

Posted by timothy on Wednesday April 14, @04:22PM

An anonymous reader writes

"The ongoing poitical turmoil in Thailand has inspired the country's Ministry of Information, Computers, and Telecommunications to issue a stern warning that all users of the Internet in Thailand must 'use the internet in the right way or with appropriate purpose and avoid disseminating information that could create misunderstanding or instigate violent actions among the public', that 'all popular websites and social networks such as facebook, twitter, hi5 and my space [sic] will be under thorough watch,' and that 'Violators will be prosecuted by law with no compromise.' Thailand has draconian anti-lèse majesté laws which are routinely abused in order to settle political scores and silence dissent, and recently implemented a so-called 'Computer Crimes Act' which appears to be almost solely focused on thoughtcrimes and censorship, rather than dealing with, you know, actual crime. Several Web forums have recently been shut down, their operators charged because they failed to delete 'harmful posts' quickly enough to suit the Thai authorities."



How (and why) would you search this archive?

http://www.bespacific.com/mt/archives/024020.html

April 14, 2010

Library of Congress Library Acquires Entire Twitter Archive

News release: "Have you ever sent out a “tweet” on the popular Twitter social media service? Congratulations: Your 140 characters or less will now be housed in the Library of Congress. That’s right. Every public tweet, ever, since Twitter’s inception in March 2006, will be archived digitally at the Library of Congress. That’s a LOT of tweets, by the way: Twitter processes more than 50 million tweets every day, with the total numbering in the billions."


(Related) A contrast of style (and an interesting idea for legislation)

http://www.pogowasright.org/?p=8939

To tweet or to delete?

April 15, 2010 by Dissent

Peter Fleischer blogs:

How would you resolve the conflict between the cultural imperative to archive human knowledge and the privacy imperative to delete some of it? To put this in perspective, compare the approaches of the US Library of Congress and the French Senate.

As reported by The New York Times, the “the Library of Congress, the 210-year-old guardian of knowledge and cultural history, …will archive the collected works of Twitter, the blogging service, whose users currently send a daily flood of 55 million messages, all that contain 140 or fewer characters.”

Meanwhile, the French Senate is moving in the opposite direction, as it explores a law to legislate “the right to be forgotten”. The French Senate has been considering a proposed law which would amend the current data protection legislation to include, among other things, a broader right for individuals to insist on deletion of their personal information. The proposed law in France would require organisations to delete personal information after a specified length of time or when requested by the individual concerned.

Read more on Peter Fleischer: Privacy…?


(Related) Obviously, Google thinks you will want to search it.

http://www.bespacific.com/mt/archives/024023.html

April 14, 2010

Google search across the Twitter archive

Official Google Blog: "Since we first introduced real-time search last December, we’ve added content from MySpace, Facebook and Buzz, expanded to 40 languages and added a top links feature to help you find the most relevant content shared on updates services like Twitter. Today, we’re introducing a new feature to help you search and explore the public archive of tweets. With the advent of blogs and micro-blogs, there’s a constant online conversation about breaking news, people and places — some famous and some local. Tweets and other short-form updates create a history of commentary that can provide valuable insights into what’s happened and how people have reacted. We want to give you a way to search across this information and make it useful. Starting today, you can zoom to any point in time and “replay” what people were saying publicly about a topic on Twitter. To try it out, click “Show options” on the search results page, then select “Updates.” The first page will show you the familiar latest and greatest short-form updates from a comprehensive set of sources, but now there’s a new chart at the top. In that chart, you can select the year, month or day, or click any point to view the tweets from that specific time period."



Interesting statistics

http://finance.yahoo.com/news/Beryl-Zyskind-Report-Expected-prnews-773674574.html;_ylt=AhJyEt_rVbWFHJ_z0_6ke7iscq9_;_ylu=X3oDMTFlcnF2aXZvBHBvcwMxNwRzZWMDbmV3c0h1YkFydGljbGVMaXN0BHNsawNiZXJ5bHp5c2tpbmQ-?x=0

Beryl Zyskind Report - Expected Web Trends of 2010

Press Release Source: Verified Ltd On Wednesday April 14, 2010, 9:00 am EDT

BEVERLY HILLS, Calif., April 14 /PRNewswire/ -- Beryl Zyskind, an authority internet watchdog agency, concluded it's 2009 internet report by suggesting that Ecommerce, Digital TV, and Mobile Search Engines are on the rise while technologies like p2p, VoIP, and selling music online are at a record low.

Based on the Dept. of Commerce's Quarterly E-Commerce Sales report - online retail ecommerce rose to $32.4 billion - which accounts for 3.6% of all US sales during the second quarter of 2009.

According to Zyskind's Report, websites like eBay.com, Faljo.com, & Amazon are expected to increase their sales margins by as much as 18% in 2010. "Going to Walmart or Target – often costs more than just money. It costs time and honestly, you're never really sure if you got the best deal for your money," says Didi Ehrlich, an international marketing consultant while explaining "The consumer's ability to locate, access, and compare products in real-time to get the best possible deal is what makes these ecommerce sites so lucrative"

"Today, there are more cellphones on earth than computers & TV's put together – which has opened up a vacuum of marketing potential," says SEO Expert, Daniel Cohen who suggests, "we should all be on the lookout for wifi search engines."



Okay, this is scary. I can't see the free world being led by the “Twitter-in-Chief”

http://news.cnet.com/8301-13578_3-20002555-38.html?part=rss&subj=news&tag=2547-1_3-0-20

Meet Russian President Medvedev, Internet geek

by Declan McCullagh April 14, 2010 5:28 PM PDT

Russian President Dmitry Medvedev already has a LiveJournal.com page, a video blog on kremlin.ru, and a Twitter account is in the works.

But the full extent of Medvedev's unalloyed geekiness wasn't apparent until a question-and-answer session in Washington, D.C., on Tuesday. Putin was in town for the 47-nation nuclear summit.

During an appearance at the center-left Brookings Institution, the head of the Russian Federation suggested that he and President Obama should dispense with their legions of aides and chat on iPhones through text messaging instead.



A lot of nifty but biased charts. Somehow I think they reflect my bias too

http://www.docuticker.com/?p=34343

Chart Book Exposes Spendathon in Graphic Terms

Source: Heritage Foundation

The federal government is spending more per household than ever before. At this rate, by the time this spring’s college graduates turn 67, federal spending on just three programs — Medicare, Medicaid and Social Security — could consume two-fifths of the nation’s economic output.

The 2010 Budget Chart Book, a highly visual online resource just released by The Heritage Foundation, shines a light on such ominous tax-and-spend trends in the federal budget. These trends threaten not only the nation’s economy but its very security, Heritage analysts warn.

Visitors to heritage.org/BudgetChartBook may download, post or e-mail any of 39 information graphics, 12 of which are new to this updated edition. Included are links to relevant Heritage research and tools for bookmarking, embedding and information sharing through Twitter, Facebook and RSS feeds.



Laugh until you cry? Colorado is 42nd, with a mere $15,40 per person! It will take more than that to buy my vote!

http://www.docuticker.com/?p=34383

Earmark Spending $16.5 Billion in CAGW’s 2010 Congressional Pig Book

The Pig Book Summary profiles the most egregious examples, breaks down pork per capita by state, and presents the annual Oinker Awards. All 9,129 projects are listed in a searchable database on CAGW’s website www.cagw.org.



So many tools, so little time.

http://www.makeuseof.com/tag/12-great-free-video-tutorial-sites-brush-tech-skills/

12 Great Free Video Tutorial Sites To Brush Up Your Tech Skills



For ALL my students

http://www.makeuseof.com/tag/ten-best-antivirus-programs/

The 10 Best Free Anti-Virus Programs

[My pick for best security tool:

Common Sense 2011

This one’s unusual in that it’s free and considered by far the best protection out there, yet can’t be downloaded anywhere. Without it, however, even the best security software is rendered useless.

If you haven’t already figured this out, Common Sense 2011 isn’t a product you can download so much as it is a state of mind. If you’re going to be free of viruses and malware you need to use your head while browsing the web. The most important thing to remember is this: if something sounds too good to be true, it probably is—and your computer will probably be compromised.

Wednesday, April 14, 2010

For my Business students. Think of this as a model for a global business you can start in your basement “hacker lair!”

http://www.databreaches.net/?p=11186

Data stolen from 95,000 credit card customers

April 13, 2010 by admin

Kim Mi-ju reports:

A single information trafficker managed to steal the personal data of more than 95,000 Korean credit card users – and sell it to thieves who created cloned credit cards, police said Sunday.

Police said a Romanian used the Internet to install spyware in point-of-sale systems at 36 large discount stores, restaurants and gas stations in Korea, then stole card information from 95,266 customers last August. The Romanian sold the data to Malaysian traffickers, who in turn sold part of it to four men whom police arrested Sunday.

[...]

Police said 943 credit cards were cloned and used to charge 677 million won in 49 countries. The losses will be borne by the issuing credit card companies and banks, which in turn may seek reimbursement from the card-reading companies whose system the hacker broke.

Read more from JoongAng Daily



Didn't the bank know what was taken? What (feeble?) encryption method was used?

http://www.databreaches.net/?p=11190

79,000 clients identified from stolen HSBC data: prosecutor

April 13, 2010 by admin

Some 79,000 customers have been identified from data stolen from a Swiss unit of HSBC bank, a French prosecutor said Tuesday, citing a far higher number than previously made public.

The chief executive of HSBC Private Bank (Switzerland) said last month that details on 24,000 bank customers may have been leaked in the theft three years ago by an IT worker at the bank.

However, French prosecutor Eric de Montgolfier said the stolen files, which have now been decrypted, allowed for the identification of 127,000 accounts belonging to 79,000 people.

Read more from AFP.


(Related) Ethics? Or part of their new “You can't trust the Swiss” AD campaign?

http://www.databreaches.net/?p=11201

Liechtenstein digs in heels against stolen bank data

April 14, 2010 by admin

The small tax haven of Liechtenstein is preparing to backpedal on an agreement with Germany to crack down on tax dodgers, and now plans to give no help if investigations are based on stolen data, a report said Wednesday.

The tiny alpine principality, which lies between Switzerland and Austria, intends to introduce new clauses into an agreement it made in March with the German government, daily Süddeutsche Zeitung reported.

The changes mean it would give no help to countries such as Germany in investigating tax evasion if a case involved stolen bank data.

Read more in The Local (De)



http://www.databreaches.net/?p=11207

Almost Half of Disclosed Breaches Do Not Include Number of Records Compromised

April 14, 2010 by admin

Perimeter E-Security today unveiled the results of its annual U.S. Data Breach Study, a review of the scope and impact of data security breaches that occurred in the past year.

“While 2009 had the fewest number of data breach incidents reported in the last four years, there was a dramatic increase in the average number of records lost in each incident and a rise in the costs associated with a breach,” said Kevin Prince, Chief Technology Officer, Perimeter E-Security. “The most disturbing trend is that almost half of publicly disclosed data breaches do not include the total number of records compromised.”

[...]

Amongst the key study findings:

  • 2009 had the fewest number of data breach incidents reported in the last four years.

  • Nearly 40 percent of publicly disclosed data breaches in 2009 did not include the number of records compromised.

  • Stolen laptops remain the number one cause of a data breach incident in 2009.

  • Improper disposal of documents that lead to a data breach rose a sharp 130 percent over 2008.

  • Third parties caused 12 percent of data breach incidents in 2009.

Read more of the press release here.

Related: U.S. Data Breach Study of 2009.



Google was one of Obama big supporters. Is it possible they feel betrayed? Or is this just a good strategy for promoting their “Cloud Computing” business?

http://news.cnet.com/8301-13578_3-20002423-38.html?part=rss&subj=news&tag=2547-1_3-0-20

Google backs Yahoo in privacy fight with DOJ

by Declan McCullagh April 13, 2010 5:27 PM PDT

Google and an alliance of privacy groups have come to Yahoo's aid by helping the Web portal fend off a broad request from the U.S. Department of Justice for e-mail messages, CNET has learned.

In a brief filed Tuesday afternoon, the coalition says a search warrant signed by a judge is necessary before the FBI or other police agencies can read the contents of Yahoo Mail messages--a position that puts those companies directly at odds with the Obama administration.

Yahoo has been quietly fighting prosecutors' requests in front of a federal judge in Colorado, with many documents filed under seal. Tuesday's brief from Google and the other groups aims to buttress Yahoo's position by saying users who store their e-mail in the cloud enjoy a reasonable expectation of privacy that is protected by the U.S. Constitution.

… For its part, the Justice Department has taken a legalistic approach: a 17-page brief it filed last month acknowledges that federal law requires search warrants for messages in "electronic storage" that are less than 181 days old. But, Assistant U.S. Attorney Pegeen Rhyne writes in a government brief, the Yahoo Mail messages don't meet that definition.

"Previously opened e-mail is not in 'electronic storage,'" Rhyne wrote in a motion filed last month. "This court should therefore require Yahoo to comply with the order and produce the specified communications in the targeted accounts." (The Justice Department's position is that what's known as a 2703(d) order--not as privacy-protective as the rules for search warrants--should let police read e-mail.)

On December 3, 2009, U.S. Magistrate Judge Craig Shaffer ordered Yahoo to hand to prosecutors certain records including the contents of e-mail messages. Yahoo divulged some of the data but refused to turn over e-mail that had been previously viewed, accessed, or downloaded and was less than 181 days old.

… A few weeks ago, for instance, Justice Department prosecutors told a federal appeals court that Americans enjoy no reasonable expectation of privacy in their mobile device's location and that no search warrant should be required to access location logs.

Update 8:15 p.m. PT: I've heard back from a Justice Department representative who says he'll be able to answer questions on Wednesday after he talks to the cyber crime section.


(Related) Or maybe the lower courts are taking longer to understand the implications of technology?

http://www.pogowasright.org/?p=8912

Where is the Fourth Amendment docket?

April 14, 2010 by Dissent

Orin Kerr writes:

Next Monday, the Court will hear oral argument in City of Ontario v. Quon, a Fourth Amendment case on employee rights in text messages. Notably, Quon is one of only two Fourth Amendment cases to be decided this Term. And the other Fourth Amendment case, Michigan v. Fisher, was at best a minor footnote: Fisher was a per curiam summary reversal, meaning that the Court thought the case was so easy that it reversed without merits briefing or oral argument. The presence of only two search and seizure cases is a bit surprising. In the previous Term, for example, the Court handed down decisions in five such cases. The dearth of cases raises a question: What happened to the Court’s Fourth Amendment docket?

If you look closely, some clues emerge.

Read more on SCOTUSblog. Orin hypothesizes that what may be happening is that justices who are more inclined to rule for defendants are denying cert because they have some fear or uncertainty as to how the cases will turn out in light of the pro-government justices on the current court.


(Related)

http://www.pogowasright.org/?p=8915

Some Thoughts on the Reply Brief in City of Ontario v. Quon

April 14, 2010 by Dissent

Orin Kerr writes:

The Reply Brief in the Court’s only major Fourth Amendment case this term, the text-messaging case City of Ontario v. Quon, has now been filed and is available here. Here are a few thoughts on it.

(1) The parties focus significant attention on the Stored Communications Act, somewhat to my surprise. The Stored Communications Act (SCA) is the federal statute that governs access to e-mail and the like: The Quon case was originally litigated under both the SCA and the Fourth Amendment. Quon argues that the SCA helps create a reasonable expectation of privacy in the stored text messages. By creating statutory privacy rights, Quon argues, the SCA helped make any expectation of privacy “reasonable.”

I don’t think that’s a persuasive argument, with a possible caveat I’ll get to in a minute. As a general rule, I think statutory privacy laws have to be considered independently from the Fourth Amendment: The creation of statutory privacy laws cannot make an expectation of privacy constitutionally reasonable, and the absence of them cannot make an expectation of privacy constitutionally unreasonable.

Read more on The Volokh Conspiracy.



Clearly the government will have to make telling the truth mandatory! Just like they ensured everyone files their taxes honestly.

http://www.phiprivacy.net/?p=2431

Survey: Patients May Lie if Electronic Medical Records Are Shared

By Dissent, April 13, 2010 10:05 am

Katherine Hobson reports:

Patients already lie to their doctors. And almost half of respondents in a new survey said if there was any hint their health information — even stripped of identifying details like name or date of birth — would be shared with outside organizations, they might be even less forthcoming.

A study on electronic medical records use by the California HealthCare Foundation, a philanthropic group, found that 15% of the 1,849 adults surveyed said they’d conceal information from a physician if “the doctor had an electronic medical record system” that could share that info with other groups. Another 33% would “consider hiding information.”

Read more on the WSJ Health Blog.



This story hasn't made so much as a ripple, but isn't it an indication that even Microsoft finds supporting Microsoft software expensive and difficult?

http://www.thetechherald.com/article.php/201015/5503/Microsoft-hands-internal-tech-support-to-India-s-Infosys

Microsoft hands internal tech support to India's Infosys

by Stevie Smith - Apr 14 2010, 06:13

In a move to reduce IT costs and add flexibility to its tech operations, American software titan Microsoft has announced a three-year deal that will see its worldwide internal technical support outsourced to India-based Infosys.



A new media needs a new Prize. Since Rupert Murdock is unlikely to fund one, we need to find an appropriate Daddy Warbucks who would like to be immortalized for a mere few millions...

http://news.slashdot.org/story/10/04/13/2020227/First-Pulitzer-Awarded-To-an-Online-News-Site?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

First Pulitzer Awarded To an Online News Site

Posted by kdawson on Tuesday April 13, @05:47PM

Hugh Pickens writes

"The Columbia Spectator reports that ProPublica, an independent, non-profit online newsroom, is the first online organization to win a Pulitzer Prize. Propublica reporter Sheri Fink won a Pulitzer Prize for Investigative Reporting for her story about the deadly choices faced at one New Orleans hospital in the days after Hurricane Katrina. The winning article was published in the New York Times Magazine and on ProPublica.org. Pulitzer Prize administrator Sig Gissler says that ProPublica's model represents a mode of journalism that will become increasingly influential, as fewer resources for investigative journalism remain available at the disposal of news outlets. In addition to ProPublica, another online entry won for the first time in the category of cartooning — Mark Fiore was awarded a Pulitzer for his self-syndicated animated cartoons, which appeared on the San Francisco Chronicle website."


(Related) Fertile ground for Innovation Awards (telling the old school how it should be done)

http://www.bespacific.com/mt/archives/024015.html

April 13, 2010

News Leaders and the Future The State of Journalism

News release: "America's news executives are hesitant about many of the alternative funding ideas being discussed for journalism today and are overwhelmingly skeptical about the prospect of government financing, according to a new survey by the Pew Research Center's Project for Excellence in Journalism in association with the American Society of News Editors (ASNE) and the Radio Television Digital News Association (RTDNA). Many news executives, however, sense change for the better in their newsrooms despite cutbacks and declining revenue. Editors at newspaper-related companies praise the cultural shifts in their organizations, the younger, tech-savvy staff, and a growing sense of experimentation. Many broadcast executives see so-called one-person crews -- in which the same individual reports, produces and shoots video -- as improving their journalism by getting more people on the street. But the leaders of America's newsrooms are nonetheless worried about the future. Fewer than half of all those surveyed are confident their operations will survive another 10 years -- absent significant new sources of revenue. Nearly a third believe their operations are at risk in just five years or less. And many blame the problems not on the inevitable effect of technology but on their industry's missed opportunities."



This is inevitable.

http://techcrunch.com/2010/04/13/800000-households-abandoned-tvs-web/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

Estimate: 800,000 U.S. Households Abandoned Their TVs For The Web



Tools & Techniques

http://developers.slashdot.org/story/10/04/13/1951246/How-To-Exploit-NULL-Pointers?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

How To Exploit NULL Pointers

Posted by kdawson on Tuesday April 13, @05:03PM

An anonymous reader writes

"Ever wondered what was so bad about NULL pointer exceptions? An MIT Linux kernel programmer explains how to turn any NULL pointer into a root exploit on Linux. (There was also a previous installment about virtual memory and how to make NULL pointers benign.)"



For my website students

http://www.makeuseof.com/dir/css3-generator-quick-reference-creating-css3-tidbits/

CSS3 Generator: A Quick Reference For Creating CSS3 Tidbits

.. Just select what you want to accomplish from the pull-down menu and you’ll be presented with options related to it. Fill in the form and CSS3 Generator will output code for you, perfect for use in your latest project.

A single drop-down menu gives you access to border radius, box shadow, text shadow, RGBA, @FontFace, multiple columns, box resize, box sizing, outline and selectors. Select any of these functions and you’ll be presented with a few options; fill those in and you’ll have your code. You’ll also see a preview of the function you’re experimenting with, so if you’re not sure what these functions do you can find out quickly and easily. Simple, right?

www.css3generator.com