Saturday, June 12, 2010

If you can't pass a tax increase, find another way! Besides, it's not much more expensive than college textbooks... Perhaps this will be my next “favorite school” – are there cameras on those computers?

http://apple.slashdot.org/story/10/06/11/1952230/MA-High-School-Forces-All-Students-To-Buy-MacBooks?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

MA High School Forces All Students To Buy MacBooks

Posted by Soulskill on Friday June 11, @04:31PM

An anonymous reader sends in this excerpt from the Salem News:

"A new program at Beverly High will equip every student with a new laptop computer to prepare kids for a high-tech future. But there's a catch. The money for the $900 Apple MacBooks will come out of parents' pockets. 'You're kidding me,' parent Jenn Parisella said when she found out she'd have to buy her sophomore daughter, Sky, a new computer. 'She has a laptop. Why would I buy her another laptop?' Sky has a Dell. Come September 2011, every student will need an Apple. They'll bring it to class and use it for homework. Superintendent James Hayes sees the technology as an essential move to prepare kids for the future. The School Committee approved the move last year, and Hayes said he's getting the news out now so families can prepare. 'We have one platform,' Hayes said. 'And that's going to be the Mac.'"



Inevitable. Will we need a way to bring in all those non-US parties (e.g. countries like Germany)?

http://www.pcworld.com/article/198560/Google.html?tk=rss_news

Google Seeks Consolidation of Wi-Fi Snooping Cases

In a motion this week with the U.S. Judicial Panel on Multidistrict Litigation, Google requests that the eight "Wi-Fi" lawsuits, as well as any future ones, be rolled into one at the U.S. District Court for the Northern District of California.

… So far, two lawsuits have been filed in California, two in Washington, D.C., and one each in Oregon, Illinois, Massachusetts and Pennsylvania. The plaintiffs in all the cases are requesting certification of class status, so that others similarly affected are included.



Have we finally driven the stake through their heart, doused them with holy water, shot them with a silver bullet and then burned the corpse?

http://techcrunch.com/2010/06/11/sconovell-lawsuit-is-over-sco-loses/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

SCO/Novell Lawsuit Is Over, SCO Loses



Something to think (obsess?) about.

http://www.pogowasright.org/?p=11125

The Future of Privacy: Facial Recognition, Public Facts, and 300 Million Little Brothers

June 12, 2010 by Dissent

David Thompson, co-author of Wild West 2.0 (Amazon) and general counsel of ReputationDefender, blogged on The Volokh Conspiracy:

… facial recognition is quickly becoming available on a wide scale. For just one example, an application called Face.com allows Facebook users to use photo recognition to find their friends in photos (even if they have not been tagged, or if they have removed their tag). Using the tool, it’s often possible to find hundreds of untagged photos of your friends (or yourself) posted by other people.

The Face.com developers just released an API (programming interface) to allow other websites to use the same technology. So far, Face.com has restricted use of the technology to known faces, but nothing technological prevents them from using their database of hundreds of millions of Facebook photos to identify millions of people in public photos.

The results of just one company unleashing photo recognition on the Internet could be huge. There are more than 3 billion photos on the site Flickr.com , and billions more in the unstructured Web, on sites like Facebook, and in automated surveillance systems (every time you walk past a security camera, imagine your name being logged).

Read more on The Volokh Conspiracy.



For your organizations Security Newsletter (or however you notify your employees about new security threats).

http://news.cnet.com/8301-19518_3-20007518-238.html?part=rss&subj=news&tag=2547-1_3-0-20

Tabnabbing: Like phishing within browser (podcast)

... Unlike traditional phishing attacks which trick people into clicking on links that take them to bogus sites that look legitimate, tabnabbing doesn't require a user to click on a link. But it too can trick people into disclosing their usernames and passwords.

While you're visiting a Web page infected with malicious tabnabbing code, a tab in the background morphs into what appears to be a legitimate site like Gmail or a banking site. To the user it looks quite familiar and since it's not uncommon for people to have multiple tabs open at the same time, it's easy to assume that it really is the site you want to visit. When you click on it, you're not logged in, but that too can seem quite normal since many sites log you out automatically after a period of time. However, if you're a tabnabbing victim and try to log in to the site, you wind up giving your log-in credentials to the tabnabber.



This could solve only SOME of the problems of Cloud Computing – and I still wouldn't bet the company on it.

http://tech.slashdot.org/story/10/06/11/2056235/The-Beginnings-of-Encrypted-Computing-In-the-Cloud?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

The Beginnings of Encrypted Computing In the Cloud

Posted by Soulskill on Friday June 11, @05:17PM

"A method of computing from a 2009 paper allows the computing of data without ever decrypting it. With cloud computing on the rise, this may be the holy grail of keeping private data private in the cloud. It's called Fully Homomorphic Encryption, and if you've got the computer science/mathematics chops you can read the thesis (PDF). After reworking it and simplifying it, researchers have moved it away from being true, fully homomorphic encryption, but it is now a little closer to being ready for cloud usage. The problem is that the more operations performed on your encrypted data, the more likely it has become 'dirty' or corrupted. To combat this, Gentry developed a way to periodically clean the data by making it self-correcting. The article notes that although this isn't prepared for use in reliable systems, it is a quick jump to implementation just one year after the paper was published — earlier encryption papers would take as much as half a decade until they were implemented at all."



Adjusting the law to reflect reality.

http://yro.slashdot.org/story/10/06/11/1841256/Finland-To-Legalize-Use-of-Unsecured-Wi-Fi?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Finland To Legalize Use of Unsecured Wi-Fi

Posted by Soulskill on Friday June 11, @03:04PM

"The Finnish Ministry of Justice has started preparing changes to a current law that criminalizes using unsecured wireless hot spots (Google translation; Finnish original). The reasoning includes the impossibility of tracking unlawful use, the ease of securing networks, and the lack of real damage done by this activity. It is also hard for a user to know if an unsecured network is intended for public use or not. The increased ubiquity of legal, open networks in parks, airports, and other public places has also influenced this move by the Ministry of Justice."



I find these amusing... (Notice the volume of data!)

http://e-discoveryteam.com/2010/06/10/the-good-the-bad-and-the-ugly-%E2%80%9Cmt-hawley-ins-co-v-felman-production-inc-%E2%80%9D/

The Good, the Bad, and the Ugly: “Mt. Hawley Ins. Co. v. Felman Production, Inc.”

This essay is about a new case on keyword search and sampling that I recommend you read. It is from West Virginia of all places, which shows that subtle e-discovery arguments and important rulings can now pop up in any jurisdiction, not just N.Y. and D.C. . Mt. Hawley Ins. Co. v. Felman Production, Inc., 2010 WL 1990555 (S.D. W. Va. May 18, 2010).

… This is a case for insurance proceeds where the plaintiff responded to defendants’ requests for production by producing over 346 gigabytes of data. Id. at *12. Defendants were not happy about receiving so much information. Instead they complained and called it a “classic document dump.” Id. At *1. But then they searched though the data and found a “smoking gun.” The plaintiff had produced an email to their attorney dated May 14, 2008, actually two versions of the email. After finding the emails, which the plaintiff had listed on its privilege log, the defense did not tell plaintiff’s counsel about it and ask if they wanted it back.

… Defense counsel did not do that. Instead, they disclosed the email to the judge and made it a public record. They apparently did this by filing a copy of the email with the court as an exhibit to their motion for leave to amend their pleadings to add a claim for fraud. They argued that there was no privilege to the attorney email because of the crime-fraud exception, or alternatively by disclosure to a third-party. Also, they claimed waiver of any privilege by negligent review before production. The court agreed with the last point and that is what puts this decision on the e-discovery-world map.



For my Ethical Hackers and others learning how to remain anonymous...

http://www.smashingmagazine.com/2010/06/11/how-to-permanently-delete-your-account-on-popular-websites/

How To Permanently Delete Your Account on Popular Websites



This looks like the classic “head & shoulder” graph to me...

http://techdirt.com/articles/20100611/0203309776.shtml

The Rise And Fall Of The RIAA



Fodder for my Data Mining/Data Analysis class (Save the planet, get an “A”)

http://tech.slashdot.org/story/10/06/11/1739253/DoE-Posts-Raw-Data-From-Oil-Spill-Coast-Guard-Asks-For-Tech-Help?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

DoE Posts Raw Data From Oil Spill, Coast Guard Asks For Tech Help

Posted by Soulskill on Friday June 11, @02:23PM

"The US Department of Energy this week opened an online portal where the public can get all the technical details it can stomach about the BP oil disaster in the Gulf. The DoE site offers online access to schematics, pressure tests, diagnostic results and other data about the malfunctioning blowout preventer and other problems in the ongoing mess. This comes alongside news that the US Coast Guard has issued a call for better specialized technology to help it respond to the ever-widening spill. The Coast Guard is looking for all manner of technology, such as advanced wireless sensors to help it track the movement and amount of oil in the Gulf, or devices that could help to contain and control the underwater leak."

Reader freddled points out a story at the Guardian that illustrates how the location of an oil leak is frequently the primary factor in its perceived importance.


(Related) I see a need for someone to check both the analytical methods and the conclusions of “not quite knowledgeable” citizen-statisticians. But I can also see such fun applications as “Find me the basis for a Class Action lawsuit”

http://developers.slashdot.org/story/10/06/11/2124216/Open-Data-and-a-Critical-Citizenry?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Open Data and a Critical Citizenry

Posted by Soulskill on Friday June 11, @06:04PM

Last week we discussed news that the UK government had released a treasure trove of public spending data. Charles Arthur, the Guardian's technology editor, wrote at the time how crucial it was for citizens to find ways to examine and interpret the data; otherwise it would be useless. Now, an anonymous reader sends in a response from open data activist David Eaves, who takes it a step further. He writes,

"We need a data-literate citizenry, not just a small elite of hackers and policy wonks. And the best way to cultivate that broad-based literacy is not to release in small or measured quantities, but to flood us with data. To provide thousands of niches that will interest people in learning, playing and working with open data. ... It is worth remembering: We didn’t build libraries for an already literate citizenry. We built libraries to help citizens become literate. Today we build open data portals not because we have a data or public policy literate citizenry, we build them so that citizens may become literate in data, visualization, coding and public policy."



Useful tools

http://www.makeuseof.com/tag/isobuddy-burn-iso-image/

Use ISOBuddy To Convert A Disk Image To ISO & Then Burn

… If the image was an ISO you could use IMGBurn to burn an ISO file, but what do you do if it’s not? How do you burn the image onto your thumb drive on a friend’s computer without the software it was created with?

Well you can download a little 2.0MB file called ISO Buddy. ISOBuddy will help you burn your images. What it does is convert some of the most popular disk image extensions to be an ISO image. Once you have the image you can burn the ISO file easily.

The file formats that are supported by ISOBuddy are as follows: GI, NRG, CDI, MDF, IMG, B5I, B6I, DMG, PDI, BIN and CCD to ISO image.



http://www.makeuseof.com/tag/protect-email-subscribe-check-links/

How To Protect Your Email and Still Subscribe To Everything

We’ve all been there. You’re interested in a website or a download, but the site wants your email address before letting you near the goods. You want access, but you’re not quite sure you want it enough to hand over the information.

The site asks you to supply an email address, and follow up with confirmation, and perhaps a login and password. It’s hard to avoid the process or any of the steps, but the part that really annoys me is the need to supply my email address to yet another unknown party.

But what if you could instead supply a temporary email address that was forwarded to your own? And then define either a maximum number of emails to forward, or a maximum period of time for which that would happen? This would stop you from receiving spam email to your regular email account. That’s what the website below do. And do it very nicely.

http://tempalias.com/



Looking at this as a way to “nag” my students. “Your paper is due in ___ days! Will you make the deadline?”

http://www.makeuseof.com/dir/cloud-sms-send-unlimited-sms-worldwide/

Cloud SMS: Send Unlimited SMS Worldwide For Free

Cloud SMS however, is one website that fulfills its promise and lets you send unlimited sms worldwide for free.

Cloud SMS is a free to use website supported by the University of Liverpool.

www.for-ever.us

Similar tools: FutureMessage, TextMe2Day, TxtDrop, 160by2, GizmoSMS, FreeSMSText.org and ConnectMe.



This could be a useful service, since not all of my students have unlimited financial resources.

http://www.killerstartups.com/Web-App-Tools/web-based-software-com-the-best-web-based-software

Web-Based-Software.com - The Best Web Based Software

http://www.web-based-software.com/



Something for my website students

http://www.killerstartups.com/Web-App-Tools/web2cal-com-building-implementing-calendars

Web2Cal.com - Building & Implementing Calendars

http://www.web2cal.com/

Web2Cal is a tool that can be used by anybody in order to come up with event calendars for keeping track of upcoming activities and available resources. These calendars are build and implement, and they are meant to go with most applications you could think of.


Ditto Perhaps I'll update my Blog...

http://www.freetech4teachers.com/2010/06/slick-new-blogger-designs-for-everyone.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+freetech4teachers%2FcGEY+%28Free+Technology+for+Teachers%29

Friday, June 11, 2010

Slick New Blogger Designs for Everyone!

… Yesterday, Google added Blogger Template Designer to all blogs. Now anyone with using Blogger can create aesthetically pleasing Blogger blogs without having to hack into the HTML of their blogs.



Ah! A tool to help me seem less out of touch with my students! (I still won't allow them to use acronyms in their papers.)

http://www.teenchatdecoder.com/

Teen Chat Acronym Decoder

Friday, June 11, 2010

My favorite school...

http://www.philly.com/inquirer/local/pa/20100610_Judge_orders_plaintiff_review_in_webcam_case.html#axzz0qYKnDWaQ

Posted on Thu, Jun. 10, 2010

Judge orders plaintiff review in webcam case

If there was one phrase that irked critics of Lower Merion School District's 69-page report on how, when, and why it secretly activated webcams on student laptops, it might have been the two words in large type on the cover:

Independent Investigation.

On Wednesday, a federal judge took a step that could quell those concerns, ordering the district to share some of its computer evidence with a consultant for the family suing Lower Merion over the webcam monitoring.

In essence, the order signed Wednesday allows the Robbinses' computer expert to run his own tests to see if the steps taken by the district's investigators were sufficient to locate all of the photos captured by the webcams.

The order requires L-3 Communications Holdings Inc. to let that expert, John Steinbach, copy a mirror image of the hard drive of the computer used by a network technician, Michael Perbix.

… One of Perbix's bosses, information-systems coordinator Carol Cafiero, spent more than six hours Tuesday answering questions under oath from the Robbinses' attorney as part of the lawsuit. In an earlier deposition, Cafiero had declined to answer Haltzman's questions, citing her Fifth Amendment right against self-incrimination.



This is interesting. I like: “Even if you don't have to report it, you have to keep a record of it.” but there are too many loopholes.

http://www.databreaches.net/?p=12125

Ie: Proposed Data Security Breach Code of Practise

June 11, 2010 by admin

Brian Honan, who has often contributed news leads and links to this site, blogs about the proposed breach notification law in Ireland:

As someone who has been campaigning for mandatory data breach disclosure laws in Ireland for a number of years I am pleased to see the proposed Data Security Breach Code of Practise from the office of the Data Protection Commissioner. I have long argued that organisations need to realise that the data they hold on staff and customers is not theirs but rather has been entrusted to them by those individuals. The purpose of breach notification should not be to punish the organisation that suffered a breach but rather to help the affected individuals take appropriate steps to protect themselves, especially nowadays with identity theft and financial fraud being so rife.

Read more on Security Watch.



Interesting take on search. If you claim the searches are necessary to prevent terrorist activity, shouldn't you actually search immediately? The CNET article suggests a single image was found (at the time he entered the country) that was considered illegal. We'll never see the evidence of course, it's illegal.

http://www.pogowasright.org/?p=11093

Judge limits DHS warrantless laptop searches

June 10, 2010 by Dissent

Dan Goodin reports:

A federal judge has thrown out key evidence in a child pornography trial because the laptop alleged to contain more than 1,000 illegal images wasn’t searched until about five months after US customs officials seized it at a US border crossing.

The ruling by US District Judge Jeffrey S. White of the Northern District of California is a rebuke to the federal government’s controversial search and seizure practices at US borders. Two years ago, a federal appeals court ruled customs officers had the right to rummage through electronic devices even when there was no reason to suspect the hardware held illegal contents. Last week’s ruling suggests the government’s latitude isn’t without limit.

Read more in The Register. Declan McCullagh has more on the case on cnet.

[From the CNET article:

The Justice Department invoked a novel argument--which White dubbed "unpersuasive"--claiming that while Hanson was able to enter the country, his laptop remained in a kind of legal limbo where the Bill of Rights did not apply.

… Customs agents also searched Hanson's laptop three times in February 2009, with the first search taking place about a week after he entered the country and turning up no evidence of child pornography. The second and third searches allegedly did. White allowed the results of those searches to be used as evidence, saying they were "justified as an extended border search supported by reasonable suspicion."


(Related) I can see an interest when investigating crime (or accidents?) but how about “drive-by” examinations, or third party (your insurance agent or the repair guys) reviews of your driving history?

http://www.pogowasright.org/?p=11090

More on vehicle “black boxes”–applying the “Big Brother” standard under the Fourth Amendment

June 10, 2010 by Dissent

Over on FourthAmendment.com, John Wesley Hall, Jr. has a commentary on the use of automotive “black boxes” and under what conditions the government can use them as evidence. The commentary seems inspired by a National Highway Traffic Safety Administration proposal to require black boxes in all cars.

John writes, in part:

What about the privacy implications? Can the government legitimately require a “black box” as an event recorder? They do in commercial airliners, but the interests are vastly different. What’s the government interest in having them in all cars manufactured after a certain date, which I’m guessing means they will be in 85+% of all cars in ten years.

People have been convicted based on evidence from the “black box” refuting their statements to the police, as noted in the blog and the case law. My view is that a search warrant is required for the “black box” in a car. It is not like any other search of a car. Liken it to finding a computer in a car. It can’t be searched under the automobile exception or inventory, and a warrant is required for it, too.

Read his entire commentary on FourthAmendment.com



Describing the world, one statistic at a time?

http://www.bespacific.com/mt/archives/024449.html

June 10, 2010

Pew Study: When to Buy Your Child a Cellphone

When to Buy Your Child a Cellphone, Stefanie Olsen, New York Times, Jun 9, 2010: "About 75 percent of 12- to 17-year-olds in the United States own a mobile phone, up from 45 percent in 2004, according to an April study by the Pew Internet and American Life Project, part of the Pew Research Center. And children are getting their phones at earlier ages, industry experts say. The Pew study, for example, found that 58 percent of 12-year-olds now had a cellphone, up from 18 percent in 2004. Parents generally say they buy their child a phone for safety reasons, because they want to be able to reach the child anytime. Cost also matters to parents, cellphone industry experts say; phones and family plans from carriers are both becoming more affordable. Also, as adults swap out their old devices for newer smartphones, it is easier to pass down a used phone. But for children, it is all about social life and wanting to impress peers. The Pew study found that half of 12- to 17-year-olds sent 50 text messages a day and texted their friends more than they talked to them on the phone or even face to face."


(Related)

http://www.bespacific.com/mt/archives/024452.html

June 10, 2010

Pew Internet Report: Neighbors Online

Neighbors Online by Aaron Smith, June 9, 2010: "One in five Americans use digital tools to communicate with neighbors and monitor community developments."



Let your computer tell you whenever something wrong/strange/different happens.

10 Database Activities You Should Monitor to Prevent Data Breaches, featuring Gartner

Date: Tuesday, June 29, 2010 Time: 8:00 am PT/11:00 am ET Duration: 60 Minutes

hear featured presenter, Jeffrey Wheatman, Gartner's research director discuss the "Ten Database Activities Enterprises Need to Monitor," a newly-released Gartner Report, which details the latest security threats, reveals best practices for securing sensitive data and explains how to evaluate database activity monitoring (DAM) and fraud detection technologies.

  • Identify fraud with application-layer monitoring (ERP, CRM, HR, BI/data warehouse, financial/accounting).

  • Address audit findings for database segregation of duties (SOD) and change management.

  • Mitigate the high levels of risk resulting from database vulnerabilities.

  • Leverage advanced functions such as data leak prevention, proactive blocking, discovery of at-risk data, configuration auditing and database user rights attestation.

  • Provide database audit capability without enabling resource-intensive native database logging and audit functions.

The webcast will also cover real-world case studies of enterprises that have implemented real-time database security and monitoring solutions to secure sensitive data and reduce compliance costs, with a meaningful ROI and typical payback period of less than 6 months.

Register now (limited availability).



Many of my international students probably know this already.

http://techcrunch.com/2010/06/11/world-cup-2010/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

2010 FIFA World Cup South Africa: The Ultimate Guide To Digital Delight

… Sure, Mike Butcher over at TechCrunch Europe already posted a few pointers, and Nicholas Deleon from CrunchGear tried to compile an exhaustive list of websites, apps and podcasts as well.

But frankly, those guys are amateurs. I know you deserve better. So here goes.


(Related)

http://techcrunch.com/2010/06/10/kosmix-tweetbeat-world-cup/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

Kosmix Unleashes Its Realtime Tweetbeat On The World Cup



For my geeks

http://www.makeuseof.com/dir/softlogr-download-handpicked-free-software/

SoftLogr: Download Hand-Picked Free Software

www.softlogr.com


(Related) ...as in, also geeky

http://www.makeuseof.com/tag/top-10-professional-sample-code-websites-for-programmers/

Top 10 Professional Sample Code Websites For Programmers



How teaching has evolved...

http://www.makeuseof.com/dir/qlipboard-create-how-to-video/

QlipBoard: Create How To Videos Easily

www.qlipmedia.com

Similar tools: CaptureFox, ShowMeWhatsWrong, Screenr and ScreenJelly.



This could be useful, but only when translated...

http://www.makeuseof.com/dir/bbc-documentaries-radio-documentaries-online/

BBC Documentaries: Download & Listen To 500 Free Radio Documentaries Online

Thursday, June 10, 2010

AT&T continues to impress depress users.

http://apple.slashdot.org/story/10/06/10/0021228/ATampT-Leaks-Emails-Addresses-of-114000-iPad-Users?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

AT&T Leaks Emails Addresses of 114,000 iPad Users

Posted by samzenpus on Wednesday June 09, @09:56PM

"Daily Tech reports that in what is one of the biggest leaks of email addresses in recent history, a group called Goatse Security has published the personal email addresses of 114,067 iPad 3G purchasers in what appears to be a legal fashion by querying a public interface that AT&T accidentally left exposed. Apparently AT&T left a script on its public website, which when handed an ICC-ID would respond back with the email address of the subscriber. This apparently was intended for an AJAX-style response inside AT&T's web apps. Gawker reports that it's possible that confidential information about every iPad 3G owner in the US has been exposed. ' This is going to hurt the telecommunications company's already poor image with iPhone and iPad customers, and complicate its very profitable relationship with Apple,' writes Ryan Tate, adding that the leak is likely to unnerve customers thinking of buying iPads that connect to AT&T's cellular network. 'Although the security vulnerability was confined to AT&T servers, Apple bears responsibility for ensuring the privacy of its users, who must provide the company with their email addresses to activate their iPads.' In a statement, AT&T says that the issue was escalated to the highest levels of the company and that it has essentially turned off the feature that provided the email addresses. 'We are continuing to investigate and will inform all customers whose email addresses and ICC IDS may have been obtained,' says AT&T. 'We take customer privacy very seriously and while we have fixed this problem, we apologize to our customers who were impacted.'"



Same old story. Unencrypted data on a laptop left unattended. Company doesn't know what data is in the file.

http://www.databreaches.net/?p=12098

(UPDATE) Over 21,000 affected by DentaQuest breach in March still have not been notified

June 9, 2010 by admin

Cross-posted from phiprivacy.net:

From the what-took-so-long dept:

On May 11, this site reported that the New Mexico Human Services Department had just revealed that a laptop theft that occurred on March 20 affected about 9,600 people. The laptop was stolen from the car of an employee of West Monroe Partners, a subcontractor for DentaQuest, the company that does Medicaid billing for the state agency.

No explanation was given in the media report as to why it took from March 20 until May 11 to disclose the breach. Now, almost another month later, Daniel Potter reports that those affected will first start getting notifications next week:

More than 10 thousand Tennesseans’ names and social security numbers were on a laptop that was stolen this spring. The computer belonged to a contractor for DentaQuest, which manages dental benefits for several government agencies, including TennCare….. DentaQuest opened a call center today, and will start mailing out notifications next week.

The more than 10,000 Tennesseans are apparently in addition to the 9,600 affected individuals in New Mexico. So our initial reports that the breach affected 9,600 was only a partial report. It now appears that over 21,000 individuals had their first and last names and Social Security Numbers in the stolen database. Another 55,000 individuals had partial or non-personal information on the stolen laptop.

A statement on DentaQuest’s site explains some of the delay in notification by saying that they were first notified of the March 20th theft on April 1.

DentaQuest, a dental benefits manager for multiple government programs in the U.S., was informed on April 1, 2010 that one of its contractors had experienced the theft of a laptop containing confidential patient information. The laptop was stolen on March 20, 2010 and contained a database with approximately 76,000 individuals’ information. Most of the data was not sensitive in nature, but nearly 21,000 individuals’ first names, last names, and Social Security Numbers were contained on the device. Approximately 10,500 Tennesseans were included in the 21,000 total.

Read more of the statement on their site. I note that they omit any mention that the laptop was stolen from an employee’s car.

And do you think that their press release claiming that “DentaQuest Officials Move Quickly to Notify…” is accurate if it is taking them over two months to send out notifications?



I still think this was intended to collect and map open Wifi systems, possibly for a “Where to find” database – fairly common on the Internet.. It is unlikely that a drive-by would capture a significant amout of traffic from any single source. Could it have been done better? Sure!

http://www.bespacific.com/mt/archives/024448.html

June 09, 2010

Google Posts Audit of WiFi Code Used to Collect Data in Europe

Official Google Blog: "When we announced three weeks ago that we had mistakenly included code in our software that collected samples of payload data from WiFi networks, we said we would ask a third party to review the software at issue, how it worked, and what data it gathered. That report, by the security consulting firm Stroz Friedberg, is now complete and was sent to the interested data protection authorities today. In short, it confirms that Google did indeed collect and store payload data from unencrypted WiFi networks, but not from networks that were encrypted. You can read the report here. We are continuing to work with the relevant authorities to respond to their questions and concerns.

  • Privacy International: "Google today published an audit on its blog of the code used to collect Wi-Fi data as part of the company's global Street View operation. The report asserts that the system had intent to identify and store all unencrypted Wi-Fi content. This analysis establishes that Google did, beyond reasonable doubt, have intent to systematically intercept and record the content of communications and thus places the company at risk of criminal prosecution in almost all the 30 jurisdictions in which the system was used. The independent audit of the Google system shows that the system used for the Wi-Fi collection intentionally separated out unencrypted content (payload data) of communications and systematically wrote this data to hard drives. This is equivalent to placing a hard tap and a digital recorder onto a phone wire without consent or authorisation. The report states: "While running in memory, gslite permanently drops the bodies of all data traffic transmitted over encrypted wireless networks. The gslite program does write to a hard drive the bodies of wireless data packets from unencrypted networks." This means the code was written in such a way that encrypted data was separated out and dumped, leaving vulnerable unencrypted data to be stored on the Google hard drives. This action goes well beyond the "mistake" promoted by Google. It is a criminal act commissioned with intent to breach the privacy of communications. The communications law of nearly all countries permits the interception and recording of content of communications only if a police or judicial warrant is issued. All other interception is deemed unlawful."

[From the audit report:

The executable program, gslite, works in conjunction with an open source network and packet sniffing program called Kismet, which detects and captures wireless network traffic. The program facilitates the mapping of wireless networks. It does so by parsing and storing to a hard drive identifying information about these wireless networks – including but not limited to their component devices’ numeric addresses, known as MAC addresses, and the wireless network routers’ manufacturer-given or user-given names, known as “service set identifiers,” or “SSIDs.” The “parsing” involves separating these identifiers into discrete fields. Gslite then associates these identifiers with GPS information that the program obtains from a GPS unit operating in the Google Street View vehicle. Gslite captures and stores to a hard drive the header information for both encrypted and unencrypted wireless networks

The gslite program does write to a hard drive the bodies of wireless data packets from unencrypted networks. However, it does not attempt to analyze or parse that data.



Should this be a concern? Clearly, they would never store classified data on their iP ad and then leave it in their car – would they?

http://www.washingtonpost.com/wp-dyn/content/article/2010/06/07/AR2010060701140.html

At the White House, getting in touch with the inner circle's inner iPads

Practically everyone has an iPad -- or will have one very soon.

… But the big question is: What's on your iPad? So we asked.

Summers has the Bloomberg app for financial information, says adviser Matt Vogel. Also Scrabble.

… Burton, who has been a bit of an iPad evangelist at the White House, has the app for Vanity Fair magazine, Scrabble, a news app and the entire last season of ABC's "Lost."

Emanuel has "all the newspaper apps," says a top aide, and has installed the iBooks app so he can read books on the device, just like on a Kindle.

Axelrod has only downloaded a couple of apps so far, his assistant, Eric Lesser, said. They include the Major League Baseball app and the National Public Radio one.



Interesting statistics, but is the graphic really necessary?

http://www.istrategy2010.com/blog/social-media-in-business-fortune-100-statistics/

Social Media in Business: Fortune 100 Statistics



I've been posting articles on the trend toward free journals. This is “Rupert Murdock-ing” science.

http://science.slashdot.org/story/10/06/09/213256/Univ-of-California-Faculty-May-Boycott-emNatureem-Publisher?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Univ. of California Faculty May Boycott Nature Publisher

Posted by timothy on Wednesday June 09, @05:29PM

"Nature Publishing Group (NPG), which publishes the prestigious journal Nature along with 67 affiliated journals, has proposed a 400% increase in the price of its license to the University of California. UC is poised to just say no to exorbitant price gouging. If UC walks, the faculty are willing to stage a boycott; they could, potentially, decline to submit papers to NPG journals, decline to review for them and resign from their editorial boards."



Our language has added LOL and OMG, but I suspect it's not at the same intellectual level.

http://news.slashdot.org/story/10/06/09/1941213/Official-Kanji-Count-Increasing-Due-To-Electronics?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Official Kanji Count Increasing Due To Electronics

Posted by timothy on Wednesday June 09, @04:42PM

"Those who have studied Japanese know how imposing kanji, or Chinese characters, can be in learning the language. There is an official list of 1,945 characters that one is expected to understand to graduate from a Japanese high school or be considered fluent. For the first time in 29 years, that list is set to change — increasing by nearly 10% to 2,136 characters. 196 are being added, and five deleted. The added characters are ones believed to be found commonly in life use, but are considered to be harder to write by hand and therefore overlooked in previous editions of the official list. Japanese officials seem to have recognized that with the advent and spread of computers in daily life, writing in Japanese has simplified dramatically. Changing the phonetic spelling of a word to its correct kanji only requires a couple of presses of a button, rather than memorizing an elaborate series of brush strokes. At the same time, the barrage of words that people see has increased, thereby increasing the necessity to understand them. Computers have simplified the task of writing in Japanese, but inadvertently now complicated the lives of Japanese language learners. (If you read Japanese and are interested in more details on specific changes, Slashdot.jp has some information!)"



Unfortunately, Dilbert has this right too.

http://dilbert.com/strips/comic/2010-06-10/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+DilbertDailyStrip+%28Dilbert+Daily+Strip%29



For the Computer Design students.

http://www.downloadsquad.com/2010/06/09/sculptris-is-insanely-cool-free-3d-modeling-software/

Sculptris is insanely cool, free 3D modeling software



http://www.killerstartups.com/Web-App-Tools/letsannotate-com-annotate-pdfs-in-an-easy-way

LetsAnnotate.com - Annotate PDFs In An Easy Way

http://www.letsannotate.com/

As the title of the review puts it, Lets Annotate is a tool that can be used in order to make annotations on any PDF, either for quicker reference or for having your insight shared with fiends and colleagues.

This is accomplished by way of an online interface that has the added advantage of letting you dispense with emailing files. That is, the whole application is browser-based. You don’t have to install anything, and files are edited while you are online.

The Free Plan: 5 MB storage, 2 collaborators*per document Unlimited uploads Free forever



For my students who can't seem to remember to bring their thumb drives to school...

http://www.killerstartups.com/Web-App-Tools/fiabee-com-a-tool-for-backing-everything-up

Fiabee.com - A Tool For Backing Everything Up

http://www.fiabee.com/en/

Backing up your files should never be an afterthought, and I am speaking from experience here.

Fiabee is a tool that will let you carry out both automatic and selective backups by simply signing up for an account. It can back mostly anything that has a certain degree of relevance - from photos and documents to even you email messages, you will be capable of storing your data and accessing your files whenever you want, and also share them effortlessly with your contacts.

Furthermore, a mobile version is provided in the shape of an iPhone app.



Hey, it was fun!

http://www.killertechtips.com/

Download Google Pacman

Free Download Google Pacman, Play Offline! If you went to Google’s homepage today and got disappointed that the Pacman Google doodle is no more, don’t worry – you can download Google’s Pacman game and play it offline on your computer. All you need to do is download this file from Mediafire, unzip it and then open “Play Google Pacman” HTML file to play it offline.

http://www.mediafire.com/?kml3oz0mwyy



SHORT NOTICE!

http://www.freetech4teachers.com/2010/06/free-webinar-teach-with-video.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+freetech4teachers%2FcGEY+%28Free+Technology+for+Teachers%29

Wednesday, June 9, 2010

Free Webinar - Teach With Video

Tomorrow (June 10) at 3pm EST, Steven Katz and Simple K12 are presenting a free webinar about teaching with video. Steven is the author of Teach With Video, a practical guide to integrate video projects into the subjects you teach. Register for the webinar here.

Here are some related items that may be of interest to you:

Free Guide - Making Videos on the Web
Using Screen Captures to Enhance Instructions
How to Put a Video Editor on Your School's Website

Wednesday, June 09, 2010

Our theme today seems to be failure to take basic security measures...


This should be embarrassing, but I doubt their customers will even notice.

http://www.databreaches.net/?p=12090

FTC Approves Final Settlement Order with Dave & Busters

June 8, 2010 by admin

Following a public comment period, the Federal Trade Commission has approved a final settlement order with entertainment operation Dave & Busters. The final order settles charges that the company failed to secure customers’ sensitive credit and debit card information, resulting in several hundred thousand dollars in fraudulent charges.

The FTC vote approving the final order was 4-0, with Commissioner Edith Ramirez not participating. (FTC File No. 0823153; the staff contact is Katrina Blodgett, Bureau of Consumer Protection, 202-326-3158. See press release dated March 25, 2010 at http://www.ftc.gov/opa/2010/03/davebusters.shtm.)

Source: FTC

[From the release:

Specifically, it failed to:

  • Take sufficient measures to detect and prevent unauthorized access to the network.

  • Adequately restrict outside access to the network, including access by Dave & Buster’s service providers.

  • Monitor and filter outbound data traffic to identify and block the export of sensitive personal information without authorization.

  • Use readily available security measures to limit access to its computer networks through wireless access points.



Billionaire Mayors have a different financial perspective...

http://www.databreaches.net/?p=12081

Crooks Steal $644,000 from NYC Department of Education

June 8, 2010 by admin

Michael Cheek reports:

Hackers have defrauded the New York City’s Department of Education of more than $644,000 by targeting an online bank account used to manage petty cash expenditures, according to investigators.

The Department of Education’s bank account with JPMorgan Chase was supposed to have a $500 limit but, due to an oversight, any amount of funds could be transferred. The cyber criminals were able to carry out the crime for 3 years because the DOE failed to reconcile its accounts on a regular basis. [A simple “Management Control” that no one bothered with. Bob]

“It is difficult to understand how the DOE accumulated years of account statements, reflecting hundreds of thousands of public dollars spent to pay bills, but did not review them,” the report, which was written by Special Commissioner of Investigation for the New York City School District, stated. “A cursory examination would have shown that the charges were not normal school expenses.”

Albert Attoh, who spearheaded the theft, was sentenced in April to 364 days in federal prison and ordered to pay more than $275,000 in restitution after pleading guilty to bank larceny. Attoh provided the routing and account information to others in exchange for cash.

Read the report here

The report explains the “oversight” mentioned above as to why there was no limit on transfers:

In interviews with DOE officials, SCI investigators learned that the DOE account used to perpetrate the fraud was one of two SIPP accounts at Chase which covered the entire DOE school system and it was limited to purchases of less than $500. However, there was no limit to the amount of money that could be used to pay bills by an EFT, because the DOE had not blocked the use of EFT from any DOE bank accounts, some of which had been established before EFT existed.

DOE officials explained that the fraudulent transfers dated back to October 2003, began with relatively small amounts, increased significantly starting in November 2004, and continued until the discovery of the fraud in February 2007. At that time, DOE officials blocked the use of EFT on the two accounts. DOE officials said that the SIPP accounts were not reconciled on a monthly basis, but when they were, the DOE employees who conducted the reconciliation believed the charges were legitimate. The SIPP accounts were subsequently moved from Chase to the NYC DOF.

In interviews with Chase officials, SCI investigators learned that, although there was a $500 limit for purchases from the account, there was no amount limit for an EFT and, because the DOE had not blocked the use of EFT, any amount could be electronically debited from the account. Chase officials acknowledged that, at the time the account was opened in 1990, EFT was not in existence. A Chase official said that the bank would be able to go back 60 days and recover approximately $130,000 debited from the DOE account.

The report also notes:

This is not the first time that SCI has found serious lapses in fiscal oversight within the DOE. Just last year, SCI reported substantiated findings about a clerk assigned to the unit then known as the Division of Assessment and Accountability who was able to steal more than $60,000 because no one looked at statements which reflected that he made thousands of dollars worth of personal purchases, including flying his family around the world. Last month, SCI issued another report which pointed out the lack of financial oversight in a number of DOE schools.

NYC DOE security grade: FAIL.

Anyone care to hazard a guess how often the employee and student databases may have been breached without the NYC DOE ever discovering it?


(Related)

http://www.databreaches.net/?p=12086

Another Small Company Takes a Financial Hit on the Cyber Chin

June 8, 2010 by admin

Matthew Gardiner writes:

Similar to the case of Hillary Machinery that I previously blogged about, another small company, DKG Enterprises, has recently taken a nearly $100K hit from cyber thieves. Very simply the thieves stole the corporate controller’s banking credentials, fraudulently transferred money to multiple mules, and voila, goodbye $100K. The headline of the KrebsonSecurity article that describes the case appears to blame Windows and its vulnerabilities for the breach since the company typically used Macs. While using a Mac versus a Windows PC to do sensitive transactions like transferring money for DKG and similar organizations may be reasonable advice for the short-term, we really need to address the bigger security problem and to do that, we need to first agree that the user (and his Web access machine) is not to blame.

Read more on CA Community.



If I use an open wifi connection at the local library, don't I “intercept” the same data? Otherwise I wouldn't know which packets belong to me rather than the guy sitting next to me.

http://www.pogowasright.org/?p=10972

Former Prosecutor: Google Wi-Fi Snafu ‘Likely’ Illegal

June 8, 2010 by Dissent

David Kravets reports:

Google “likely” breached a U.S. federal criminal statute in connection with its accidental Wi-Fi sniffing — but not for siphoning private data from internet surfers using unsecured networks, a former federal prosecutor said Tuesday.

Ironically, says former prosecutor Paul Ohm, it’s likely Google did not violate wiretap regulations, but instead might have breached the Pen Register and Trap and Traces Device Act for intercepting the metadata and address information alongside the content.

“I think it’s likely they committed a criminal misdemeanor of the Pen Register and Trap and Traces Device Act,” said Ohm, a prosecutor from 2001 to 2005 in the Justice Department’s Computer Crime and Intellectual Property Section. “For every packet they intercepted, not only did they get the content, they also have your IP address and destination IP address that they intercepted. The e-mail message from you to somebody else, the ‘to’ and ‘from’ line is also intercepted.”

Read more on Threat Level.



You need to manage your lawsuits as well as your IT... Or better in this case.

http://www.philly.com/inquirer/local/20100608_Lower_Merion_s_legal_fees_near__1_million_in_webcam_case.html#axzz0qIrc9LSS

Lower Merion's legal fees near $1 million in webcam case

By John P. Martin Inquirer Staff Writer

Legal fees in the Lower Merion School District's webcam case are inching toward $1 million, a sum that could end up handed to local taxpayers.

A district spokesman on Monday disclosed that the bills to defend the use of the now-disabled laptop tracking system have grown to about $780,000.

At the same time, the lawyer whose lawsuit over the webcam monitoring drew worldwide attention disclosed in court papers that his fees - costs he is likely to ask Lower Merion to pay - were more than $148,000 and climbing.

And the district's insurance firm renewed its contention that it shouldn't have to foot the bill in the case.

… Who will pay the legal tab remains unclear. Attorneys for Lower Merion contend that the district's multimillion-dollar insurance policy covers Robbins' claim. But in its Monday filing, Graphic Arts contended the district had breached its policy by "unilaterally retaining counsel and incurring other obligations and expenses."


(Related) Not surprising, Schools don't think about governance of IT either.

http://thejournal.com/articles/2010/06/07/lower-merion-seeks-outside-help-with-it-policies-in-wake-of-webcam-suit.aspx

Lower Merion Seeks Outside Help with IT Policies in Wake of Webcam Suit

By Dian Schaffhauser 06/07/10

The school district enmeshed in a lawsuit for using school laptops to capture images of students without their knowledge has just signed a $25,000 contract with SunGard Services to help with IT auditing and policy development. The school board for Lower Merion School District in Pennsylvania approved the emergency expenditure in May 2010 after reviewing a report from a national legal firm that investigated the district's use of a "theft tracking" Webcam feature.

"There are a number of policy requirements delineated in the recent court order the district received," said Superintendent Christopher McGinley during a board meeting. "In order to fulfill both requirements and to make certain we're taking appropriate considerations in terms of the state of the art in other school districts, we are asking the school board to approve the contract with a company that specializes in IT governance, so that our policies we'll be working on in the next couple of months are fully developed and complete before we turn them back to the board. This will involve a number of policies in the area of technology."



It's one way to attract new businesses to Spain...

http://yro.slashdot.org/story/10/06/08/2352223/Spanish-Judges-Liken-File-Sharing-To-Lending-Books?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Spanish Judges Liken File Sharing To Lending Books

Posted by kdawson on Wednesday June 09, @02:14AM

"A three-judge panel in the Provincial Court of Madrid has closed a case that has been running since 2005, ruling that the accused are not guilty of any copyright infringement on the grounds that their BitTorrent tracker did not distribute any copyrighted material, and they did not generate any profit from their site: '[t]he judges noted that all this takes places between many users all at once without any of them receiving any financial reward.' This implies that the judges are sympathetic to file sharers. The ruling essentially says that file sharing is the digital equivalent of lending or sharing books or other media. Maybe it's time for all them rowdy pirates to move to Spain."



How much do you want to bet that China's perspective will serve as a guide for US legislation?

http://www.bespacific.com/mt/archives/024438.html

June 08, 2010

China's cabinet published a white paper on the Internet in China

The Register: "The Chinese government has issued a white paper laying out current, and future, internet policy - and you might not recognise its view of internet use in that country. The paper warns: "Citizens are not allowed to infringe upon state, social and collective interests or the legitimate freedom and rights of other citizens. No organization or individual may utilize telecommunication networks to engage in activities that jeopardize state security, the public interest or the legitimate rights and interests of other people."..."China's 3G network covers the whole country. Of all internet users in China - 346 million use broadband and 233 million use mobile phones to access the net."

  • Full Text: The Internet in China, Information Office of the State Council of the People's Republic of China, Tuesday, June 8, 2010



For my Computer Security geeks. NOW CUT IT OUT!

http://www.makeuseof.com/tag/6-signs-cell-phone-tapped/

6 Possible Signs Your Cell Phone May Be Tapped



Looks like parts of this site are down at the moment, but what a concept!

http://www.makeuseof.com/tag/post-your-videos-to-your-blo/

Post Memorable Videos To Your Blog Where You’re the Star

… One awesome resource I discovered that can help to post your own videos to your blog is Oddcast Widgets.

Oddcast is a very cool technology that major brands have used to offer customers the ability to create viral videos that incorporate their own face. Saikat touched on this technology earlier when he wrote about Gizmoz. However, Oddcast takes the technology to a whole new level by allowing you to customize really funny videos with your own messages, or by integrating your own face into famous movie scenes, and letting you post your custom movie videos anywhere online.



Let's see if my Statustics students can figure this one out...

http://tech.slashdot.org/story/10/06/08/2158202/2-In-3-Misunderstand-Gas-Mileage-Heres-Why?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

2 In 3 Misunderstand Gas Mileage; Here's Why

Posted by kdawson on Tuesday June 08, @06:34PM

thecarchik sends in this piece, which was published last March but remains timely:

"OK, so here's a little test: Which saves more gasoline, going from 10 to 20 mpg, or going from 33 to 50 mpg? If you're like most Americans, you picked the second one. But, in fact, that's exactly backwards. Over any given mileage, replacing a 10-mpg vehicle with one that gets 20 mpg saves five times the gasoline that replacing a 33-mpg vehicle with one that gets 50 does. Last summer, Duke University's Fuqua School of Business released a study that shows how much damage comes from using MPG instead of consumption to measure how green a car is. Management professors Richard Larick and Jack Soll's experiments proved that consumers thought fuel consumption was cut at an even rate as mileage increased."