Saturday, August 07, 2010

This could be a model for a paper in my Computer Security class. I wonder if we could get as quick a response (or even find similar data) here in Colorado? This might also serve my Statistics class as a basis for constructing the tools for a state by state comparison.

http://www.databreaches.net/?p=12884

Maine breach reports obtained by DataBreaches.net

August 6, 2010 by admin

To follow up on my curiosity about what kind of year 2010 is turning out to be, I decided to use a primary source. Thanks to the cooperation of officials in Maine who responded promptly to my requests under Freedom of Information, I was able to obtain data on all breaches reported to them for this calendar year to date.

As background: Maine’s statutes require breach notification of breaches involving electronic data and use an “unauthorized acquisition” standard. Although financial institutions experiencing breaches are required to report to the state, the statute only applies to state-chartered banks and credit unions. Maine has approximately 30 state-chartered banks. Reportable breaches are reported to one of several state bureaus: Consumer Protection, Insurance, Financial Regulation, or Securities. There is no exemption for health care or HIPAA-covered entities, and health care insurers report breaches to the Insurance bureau.

General Findings

Maine has received information on at least 93 breaches so far this year. In stark contrast to the recent Verizon report indicating that financial sector breaches accounted for over 90% of compromised records and 33% of all breaches in the merged Verizon-USSS dataset, there have been no reports from banks or credit unions in Maine so far this year. Although that may sound surprising, it is not as surprising when compared to last year’s figures when they received 2 reports from banks for the whole year. Of course, this doesn’t mean that there haven’t been any breaches affecting the financial sector, merely that there have been no reports from covered banks. The Securities bureau has received 3 reports so far this year, two of which were also submitted to Consumer Protection. The Insurance bureau has received 4 reports so far this year. The vast majority of the breach reports were submitted to the Consumer Protection Bureau.

Of the reported breaches, 58 of the incidents had previously been noted on DataBreaches.net or PHIprivacy.net, although for many of them, there were — and continue to be — no individual breach reports with sufficient details. Table 1 (pdf) summarizes these breach incidents with links to both the report to Maine and its previous coverage or note on my sites.

Table 2 (pdf) summarizes the 35 breach reports received by Maine this year that were either never reported in the media or on this site before. While a few of the breaches reported in Table 2 might have affected a large number of individuals, the total numbers were not reported and there was insufficient data to perform certain analyses.

Some observations on the 93 breaches reported to Maine since the beginning of this year:

  • 47 incidents were reported as HACKS (51%). Four of these specifically cited malware, but information/details were not available for many of the hacking incidents.

  • 10 incidents involved LOST/MISSING devices or records (11%). Of these, three involved loss by an employee, while the other 7 involved loss by carriers or third parties.

  • 14 involved THEFT (15%). These included two incidents where laptops were stolen from vehicles, eight incidents of thefts from the organization’s offices, two thefts off-site, one theft from a field representative’s office, and one theft where the location was not reported.

  • 14 incidents involved a Subcontractor, Affiliate, or Carrier (15%). Of these, 8 involved lost/missing incidents, 1 involved a burglary, 2 involved printing errors, and 3 involved employee misconduct.

  • 7 incidents involved EMPLOYEE MISCONDUCT (8%). Four of these involved employees of the organization, while 3 involved employees of affiliates or vendors.

  • 10 other incidents involved EMPLOYEE ERROR resulting in exposure (11%). These incidents included web exposure, accidental attachment of sensitive information to e-mails, etc. They do not include the 3 incidents where employees lost information. If those were included, the employee non-malicious error category would account for 14% of all reports. When employee conduct, error, and loss are combined, employee involvement was identified in 22% of reports. It is important to note that we cannot assume that employees were not involved in numerous hack/compromised systems reports where no details were provided, so the 22% may be an underestimate.

  • The Financial Services sector reported 17 incidents (18%). This appears significantly less than what we might expect based on the Verizon and Digital Forensic studies.

  • Businesses and Retail accounted for 57 incidents (61%), which is consistent with the studies’ findings. Of that figure, the Hospitality subsector had 18 incidents (19% of all breach reports). The hospitality sector represents a smaller percentage than I would have expected based on a Trustwave report and the two new studies.

Because there was so much information missing, it did not make sense to try to analyze records exposed or compromised.

Copies of the breach reports provided by Maine are being sent to the Open Security Foundation for the Primary Sources project, so hopefully, these should all also be available on their site as well as this one.



Update For my Ethical hacker class. The duties of “Custodians”

http://yro.slashdot.org/story/10/08/07/0317252/Ex-SF-Admin-Terry-Childs-Gets-4-Year-Sentence?from=rss

Ex-SF Admin Terry Childs Gets 4-Year Sentence

Posted by timothy on Saturday August 07, @08:13AM

"You remember Terry Childs, right? He was finally sentenced Friday. Childs got four years in prison for refusing to hand over passwords to his bosses. This is a denial of service under California law." [Even thought “service” to end-users was never interrupted. Bob]



For your Computer Security manager. A cautionary tale for senior managers who don't think it's worth spending money on logs...

http://yro.slashdot.org/story/10/08/06/150216/Child-Porn-As-a-Weapon?from=rss

Child Porn As a Weapon

Posted by Soulskill on Friday August 06, @11:59AM

"Want to get rid of your boss and move up to his position? Put kiddie porn on his computer then call the cops! This was the cunning plan envisaged by handyman Neil Weiner of east London after falling out with school caretaker Edward Thompson too many times. Thankfully, Weiner didn't cover his tracks quite well enough to avoid being found out — earlier boasts about his plan to friends at a BBQ provided the police with enough evidence to arrest him for trying to pervert the course of justice. Frighteningly, however, between being charged with possession of indecent images and being exonerated, innocent (if 'grumpy') Thompson was abused and ostracized for eight months by neighbors and colleagues. With computer forensics for police work often being performed by 'point 'n click'-trained, nearly-retired cops, or languishing in a 6-month queue for private sector firms to attend to it, the uncomfortable question is raised: how easily might this trick have succeeded if Weiner had been a little more intelligent about it?"


(Related) I've mentioned this before, but it would be a worthy accompaniment to the previous article.

http://download.cnet.com/8301-2007_4-20012984-12.html?part=rss&subj=news&tag=2547-1_3-0-20

'Porn mode' not necessarily anonymous

The private browsing options provided by the four major Web browser publishers aren't as anonymous and secure as most users might think, researchers at Stanford University's Computer Science Security Lab said in a new paper (PDF) to be published next week at the Usenix Security Symposium.



What action should we expect if “the company's own database” flags you as a car thief? All the usual questions apply: How do you correct bad data being the biggie. One mistake and you could find yourself subjected to a full cavity search every time you park you car.

http://www.pogowasright.org/?p=12678

UK: Big Brother facial recognition cameras being rolled out in NCP car parks

August 6, 2010 by Dissent

British citizens are the most watched people on Earth. Each UK citizen is caught on camera an average of 3,000 times a week.

And it’s about to get worse.

New facial recognition cameras are now being trialled in car parks in a bid to identify potential car thieves.

NCP is testing the controversial ‘Big Brother’ cameras in a number of Manchester car parks.

Footage of people entering the company’s car parks will be automatically scanned. Their faces will be checked to see if they match pictures of known or suspected car thieves held on the company’s own database.

Read more in the Daily Mail.



I guess this isn't being viewed as the electronic equivalent of “follow that car!” Would this mean other electronic means (OnStar, the car's BlackBox, traffic cameras, surveillance drone, etc.) are also suspect? Does it apply even to tracking individuals use of the Internet for “Behavioral Advertising?”

http://www.pogowasright.org/?p=12687

Court Rejects Warrantless GPS Tracking

August 6, 2010 by Dissent

From my heroes at EFF:

The U.S. Court of Appeals for the District of Columbia Circuit today firmly rejected government claims that federal agents have an unfettered right to install Global Positioning System (GPS) location-tracking devices on anyone’s car without a search warrant.

In United States v. Maynard, FBI agents planted a GPS device on a car while it was on private property and then used it to track the position of the automobile every ten seconds for a full month, all without securing a search warrant. In an amicus brief filed in the case, EFF and the ACLU of the Nation’s Capital argued that unsupervised use of such tactics would open the door for police to abuse their power and continuously track anyone’s physical location for any reason, without ever having to go to a judge to prove the surveillance is justified.

The court agreed that such round-the-clock surveillance required a search warrant based on probable cause. The court expressly rejected the government’s argument that such extended, 24-hours-per-day surveillance without warrants was constitutional based on previous rulings about limited, point-to-point surveillance of public activities using radio-based tracking beepers. Recognizing that the Supreme Court had never considered location tracking of such length and scope, the court noted: “When it comes to privacy…the whole may be more revealing than its parts.”

The court continued: “It is one thing for a passerby to observe or even to follow someone during a single journey as he goes to the market or returns home from work. It is another thing entirely for that stranger to pick up the scent again the next day and the day after that, week in and week out, dogging his prey until he has identified all the places, people, amusements, and chores that make up that person’s hitherto private routine.”

“The court correctly recognized the important differences between limited surveillance of public activities possible through visual surveillance or traditional ‘bumper beepers,’ and the sort of extended, invasive, pervasive, always-on tracking that GPS devices allow,” said EFF Civil Liberties Director Jennifer Granick. “This same logic applies in cases of cell phone tracking, and we hope that this decision will be followed by courts that are currently grappling with the question of whether the government must obtain a warrant before using your cell phone as a tracking device.”

“GPS tracking enables the police to know when you visit your doctor, your lawyer, your church, or your lover,” said Arthur Spitzer, Legal Director of the ACLU-NCA. “And if many people are tracked, GPS data will show when and where they cross paths. Judicial supervision of this powerful technology is essential if we are to preserve individual liberty. Today’s decision helps brings the Fourth Amendment into the 21st Century.”

Attorneys Daniel Prywes and Kip Wainscott of Bryan Cave LLP also volunteered their services to assist in preparing the EFF-ACLU brief.

For the full opinion: http://www.eff.org/files/filenode/US_v_Jones/maynard_decision.pdf

For more information on the case, formerly known as U.S. v. Jones: http://www.eff.org/cases/us-v-jones


(Related)

http://www.pogowasright.org/?p=12669

W.D.Tex. clarifies USMJs’ position on cell phone tracking orders, summarizing all the case law

August 6, 2010 by Dissent

Oops — I missed this one on FourthAmendment.com the other day:

A Magistrate Judge of the Western District of Texas issues an opinion summarizing five years of case law to guide applications for cellular site location information (“CSLI”). In re United States for an Order: Authorizing the Use of a Pen Register and Trap and Trace Device, 2010 U.S. Dist. LEXIS 77319 (W.D. Tex. July 29, 2010).

(From the opinion:)

[...]

What is the significance of the conclusion that a cell phone acts as a tracking device when it transmits information about its location? The significance is that if cell phones squarely meet the definition of “tracking devices” it is time to stop treating them as something else, at least when the Government seeks to use them to track a person’s movements. Rule 41 contains express procedures governing tracking device warrants, and those procedures need to be followed with regard to future requests for CSLI. This means several things. First, in past applications, the Government has taken the position that it has no obligation to provide notice of the tracking to the cell phone user, as its notice obligation was met by service of the order on the telecommunications provider from whom it received the CSLI. This does not meet the requirements of Rule 41, which provides that when a tracking device warrant is authorized, “the officer must serve a copy of the warrant on the person who was tracked or whose property was tracked.” FED. R. CRIM. P. 41(f)(2)(C). 19 Thus, warrants seeking CSLI must meet this obligation of Rule 41. Similarly, a return must be filed, as with all other warrants. FED. R. CRIM. P. 41(f)(2)(B).

Read more on FourthAmendment.com.



Eventually, everyone is impacted by HIPAA. Probably should have started an organization to analyze the law and gather “best practices” – then sell that information to the victims organizations impacted.

http://www.phiprivacy.net/?p=3249

CDT breaks down proposed changes to HIPAA

By Dissent, August 6, 2010

The Center For Democracy and Technology (CDT) just sent out this announcement:

The U.S. Department of Health and Human Services (HHS) proposed a set of significant updates to health privacy rules. The proposed rule tackles how sensitive patient information is handled under the Health Insurance Portability and Accountability Act (HIPAA), which is the nation’s foremost health privacy law. The rule is open for public comment until September 13th, and CDT intends to file a set during this period.

Although the proposed rule does not clarify some outstanding issues in the health information technology (health IT) area, CDT is encouraged that HHS’ proposed rule would strengthen patient privacy, data security and enforcement of the law. The proposed rule contains numerous changes to the HIPAA Privacy Rule; of those changes, CDT considers the four discussed below to be the most consequential.

1) Business Associates

2) Enforcement

3) Marketing

4) Research

Read their analysis and commentary at http://cdt.org/policy/cdt-breaks-down-proposed-changes-hipaa


(Related)

http://www.phiprivacy.net/?p=3247

Thousands of ‘Subcontractors’ May Soon Have to Comply With HIPAA

By Dissent, August 6, 2010

AIS’s Health Business Daily has reprinted an article from REPORT ON PATIENT PRIVACY that talks about the expansion of mandates to subcontractors:

Perhaps the biggest surprise in HHS’s July 14 proposed rulemaking was a concept that went beyond language contained in the HITECH Act, namely the appearance of the term “subcontractors” in the list of organizations that would have to comply with the same privacy and security regulations as business associates.

This will have a huge impact because it means that there are many, many people who have to comply with the HIPAA rules who didn’t have to before,” Kristen Rosati, a partner with Coppersmith Schermer & Brockelman PLC in Phoenix, tells RPP. “It really vastly expands the universe of organizations that have to comply with these regulations.”

Read more on AISHealth.com.



The Optimist in me says, “Thank God, they finally came to their senses.” The Pessimist says, “The data just moved to a secret database because this one is drawing too much attention.”

http://politics.slashdot.org/story/10/08/07/0031253/UK-Switches-Off-pound235M-Child-Database?from=rss

UK Switches Off £235M Child Database

Posted by timothy on Saturday August 07, @05:13AM

"The UK's controversial ContactPoint database has actually been switched off! It's rare that we hear anything this sensible from government about an expensive, privacy-destroying, 'think of the children' solution: 'The government argued the system was disproportionate to the problem, [Note that they did not say this solution is too big/intrusive. Perhaps they meant they wanted a bigger, more intrusive solution? Bob] so is looking at developing other solutions.' Perhaps the UK coalition government really is winding back Big Brother, as they had promised to do? Does seem unlikely."



I'm thinking that this might make an interesting research project for my IT classes. Do they even bother to consider grouping their data into categories like: “What should pass to my heirs,” “What should be returned to my employers,” and “What should be burned before reading?” Is there a business opportunity here?

http://hardware.slashdot.org/story/10/08/06/1754219/Web-Based-Private-File-Storage?from=rss

Web-Based Private File Storage?

Posted by kdawson on Friday August 06, @02:14PM

"Recently, someone died in our company, and word is getting around that the admins who were given access to his Outlook account have found personal things that are embarrassing at best (the rumor mill differs on what was found). No matter, it raises a question. I have personal stuff in Outlook folders that I would not want someone in IT to see if I suddenly dropped dead: emails to the wife, photos of the kids, that kind of thing. I also keep a journal at home that I save to a server; personal reflections that I never want anyone else to see, especially if I die. So I was thinking that some sort of web-based storage for files, individual emails, and perhaps even Outlook folders would be perfect. All my most private personal stuff in one place. I found CryptoHeaven, which seems to offer some of what I'm looking for — but it is pricey. I'm willing to pay, but something less than $400/year would be nice. Best would be a service with a dead-man's switch, so that if I don't access it in, say, three months, it auto-purges. Any thoughts?"



Implications for the security of Cloud Computing!

http://it.slashdot.org/story/10/08/07/035255/Cache-On-Delivery-mdash-Memcached-Opens-an-Accidental-Security-Hole?from=rss

Cache On Delivery — Memcached Opens an Accidental Security Hole

Posted by timothy on Saturday August 07, @02:00AM

jamie spotted this eye-opening presentation (here's a longer explanation) about how easy it is to access sensitive data on many sites using memcached, writing

"If you already know what memcached is, skim to slide #17. The jaw-drop will happen around slide #33. Turns out many websites expose their totally-non-protected memcached interface to the internet, including gowalla, bit.ly and PBS."



For my Geeks.

http://www.makeuseof.com/tag/10-hd-video-podcasts-geeks/

The 10 Best HighDef Video Podcasts For Geeks



Interesting. Not sure I like these, but my students may well.

http://www.killerstartups.com/Web-App-Tools/axmag-com-create-a-digital-magazine

aXmag.com - Create A Digital Magazine

http://www.axmag.com/

The days in which starting and running a magazine was something that only a selected few could do are not just gone, they are completely inexistent. Now, the services provided by sites such as aXmag make the creation and distribution of your own publication over the WWW something as easy and instant as merely sending out an email.

aXmag will let you take a PDF and have it turned into a high-quality Flash file that will come with streaming page loading and stepless magnification. What’s more, the resulting file will be a small one - sharing it won’t be a problem at all.

This conversion process can be carried out in two different ways. You can either upload the PDF that you want converted and then retrieve the resulting file, or you can get the desktop converter that is provided and use it to convert your files from anywhere - even from places in which an Internet connection is limited, or completely unavailable.

Both options can be tried for free, and if you find that aXmag suits your needs you can proceed to buy a license through the site, and gain unlimited access to the application. Both a standard and a pro version are available, too.



I'm not sure this is a reason to use Chrome as your default browser, but I do keep a copy on my system “just in case”

http://www.makeuseof.com/tag/3-google-chrome-extensions-great-screenshots/

3 Google Chrome Extensions To Make Great Screenshots

With the three Chrome extensions discussed below, you can snap and annotate screen snapshots without ever leaving your browser. With one of these tools, you can even take screenshots from your desktop and other applications!



When one of your students diagrams a brilliant idea on the whiteboard, you just snap a picture with your phone, email it to these guys and get back a clean, ready to share, image!

http://www.makeuseof.com/dir/snapclean-photo-cleanup/

SnapClean: Simple Photo Cleanup Tool

Due to their rough background, images of drawings and texts on whiteboards or napkins are not as clear as one would prefer. If you have such a picture, you can use SnapClean to tidy it up.

SnapClean tidies up images which have an almost-white background. What SnapClean does is increase the contrast of the images until you see only the writing / drawing on a white background thereby ‘tidying up’ your image.

The process works in 4 easy steps:

  • You obtain a digital picture of the text or image on the whiteboard or napkin.

  • You email the image to doodle@snapclean.me

  • SnapClean tidies up the image.

  • SnapClean emails back the tidied up picture to you.

www.snapclean.me

Similar tools: Doodle, Twiddla and WhiteyBoard.

Friday, August 06, 2010

A simple twist on the trend to target small businesses (any business with less than adequate security)

http://www.databreaches.net/?p=13003

Hackers find a new target in payroll processing

August 5, 2010 by admin

Oh ho…. this explains the confusion created by a recent breach report by Regeneron to the New Hampshire Attorney General’s Office. I had been wondering why Regeneron was claiming that they had first found out about a breach involving Ceridian in June when Ceridian had claimed back in February that everyone was notified. I had even called Ceridian last week to ask about Regeneron’s report, but despite their promise to get back to me, they never did. Now I understand why. It appears that what Regeneron was talking about was not the Ceridian breach we knew about in February, but a new breach — this one of Regeneron — that attempted to steal or divert funds by using Regeneron’s credentials to access their payroll account with Ceridian. Robert McMillan reports:

… In what may be a troubling sign of things to come, criminals recently hacked into a desktop computer belonging to Regeneron Pharmaceuticals and tried to steal money by redirecting funds using Regeneron’s account on the company’s third-party payroll system, operated by Ceridian.

The attack didn’t work, but it shows that criminals, who have been making millions of dollars by hacking into computers and initiating fraudulent bank transfers, may have found a new target.

The hacking happened sometime around June 18, said Ross Grossman, vice president of human resources with Regeneron, a 1,200-employee drugmaker based in Tarrytown, New York. “Someone using some kind of malware was able to hack in and get the user name and password of one of our employees and use the Ceridian system,” he said in an interview.

Read more on Computerworld.



How to get tickets to the big game?

http://www.pogowasright.org/?p=12664

AU: Secret police files made available on AFL players, coaches shared with AFL

August 6, 2010 by Dissent

Steve Lillebuen reports:

Secret police files gathered on AFL players, coaches, board members and even staff have been made available to the league.

Victoria Police struck a deal with the league to share any records it has gathered on AFL identities, including handing over photos and videos.

An AFL club president, civil liberties advocates and the state opposition have all blasted the agreement as unprecedented, insulting invasion of privacy.

Hawthorn president Jeff Kennett said the agreement is utterly disturbing.

“I cannot imagine any circumstance that would justify our police force handing over its files to a sporting body,” the former Victorian premier told AAP.

Read more on Adelaide Now.



Interesting how much even the size of the policies vary...

http://www.pogowasright.org/?p=12633

US Government File Spying Series

August 6, 2010 by Dissent

John Young of Cryptome writes:

The vast US Government files (a/k/a records, data, profiles, dossiers) on its citizens and employees are governed by privacy law. Every government department and agency is required to establish, maintain and publish privacy polices. As with other privacy policies by businesses and individuals, government privacy policies describe the files and who has access to the files under privacy law for diverse governmental and non-governmental purposes.

The Office of the Federal Register provides US Government privacy issuances, the latest for 2009.

John has zipped up 15 of these files (41.1MB). They contain descriptions of their purpose, scope, handling, confidentiality, security measures and availability to other parties. His zip file includes:

Treasury Department (Includes IRS, 1,009 pages, 3.8MB)
Department of Defense (Excludes OSD, 1,333 pages, 5.0MB)
Department of the Air Force (1,146 pages, 4.1MB)
Department of the Army (946 pages, 3.4MB)
Department of the Navy (Excludes Marine Corps, 777 pages, 2.9MB)
Justice Department (Includes FBI, 1,490 pages, 5.9MB)
Department of Health and Human Services (1,763 pages, 6.8MB)
Department of Homeland Security (1,058 pages, 4.3MB)
Department of Energy (392 pages, 1.5MB)
State Department (296 pages, 1.2MB)
Central Intelligence Agency (158 pages, 666KB)
Agency for International Development (106 pages, 477KB)
Office of the Director of National Intelligence (86 pages, 457KB)
Executive Office of the President (29 pages, 240KB)
National Security Council (24 pages, 180KB)

Links to individual files are provided on Cryptome for those who don’t want the zipped archive.



Makes me wonder why this is being mentioned? Was it going to come out in a more negative way? Perhaps it is just a staged incident to show how “impartial” Blumenthal is?

http://www.pogowasright.org/?p=12642

Blumenthal Finds Improper Use Of Bysiewicz Office Database; Probe Concludes With Report, Referral To Chief Prosecutor

August 6, 2010 by Dissent

Jon Lender reports:

State Attorney General Richard Blumenthal said Thursday that the office of Secretary of the State Susan Bysiewicz maintained “inappropriate” personal and political information in a taxpayer-funded office database – creating “the reasonable perception that the state database was developed as a useful tool for political campaign purposes.” [Why was it developed? See below. Bob]

Blumenthal made those findings in an investigative report. He said he was was referring the report to the state’s top prosecutor, Chief State’s Attorney Kevin Kane, as well as the State Elections Enforcement Commission and legislative leaders in hopes of closing a longstanding loophole in state law that permits political activity in state offices by elected officials and their appointed aides.

The referral to Kane also will allow the prosecutor to review whether any criminal laws were violated, Blumenthal’s office confirmed Thursday.

Blumenthal also said in his report that it was “not proper” for his fellow Democrat, Bysiewicz, to use its 36,000-name database to identify the “religion, race and ethnicity” of more than 2,400 citizens, and to keep “special notes” records of some citizens’ political leanings and personal characteristics. In a few cases, those notes included “descriptions of [citizens'] medical issues, choice of clothing, and favored political candidates,” the report said.

Read more in the Hartford Courant.

[From the article:

Blumenthal found no violations of state law.

… The attorney general said that although Bysiewicz's office database has a legitimate use -- "to enable the agency and the Secretary of the state to properly fulfill their duties and responsibilities to the public" [Ah! The very definition of vague! Bob] - it also includes much information not essential to the operation of her office.



Another “Lower Merion” class of lawsuit.

http://www.pogowasright.org/?p=12621

Dad Fights Suspension Over Party Photo

August 5, 2010 by Dissent

Adam Klasfield reports on yet another lawsuit based on a school attempting to punish students for what they do outside of school and on their own time:

A high school girl was suspended from extra-curricular activities for two years based on a bogus “good conduct policy” implemented after the superintendent found a photograph of her allegedly holding a beer at a party, the girl’s father claims in Thomas County Court. He says the school changed its handbook after he questioned the punishment.

Richard Jameson claims the superintendent of Thedford High School came to his home in May to tell him that he had a photograph of Jameson’s daughter, Courtney, holding a beer at a party.

Read more on Courthouse News, where you can also find a copy of the complaint.

Even if the policy wasn’t “bogus,” schools should confine themselves to educating students and dealing with issues that occur on school property. If extra-curricular activities spill over into school, such as cyberharassment cases, yes, I think the schools will need to deal with that in school, but only to the extent that they meet their obligation to create a safe environment for all students. Underage drinking may be of concern to them, but that’s the parents’ responsibility to deal with and not the school’s, unless it happens on school property or the kids are coming in inebriated.

Paging the ACLU to Aisle 4…..


(Related) Speaking of our favorite school district...

http://mainlinemedianews.com/articles/2010/08/05/main_line_times/news/doc4c5af75028ce0646119198.txt

LMSD continues laptop policy update review

… Another issue that has been addressed, he said, is that students should understand that once a computer is turned in at the end of the year any files on the computer become district property.


(Related) It is good to see that someone can learn from this kerfuffle.

http://mainlinemedianews.com/articles/2010/08/04/main_line_times/news/doc4c599360c12b5478165725.txt

Rosemont school launching one-one-one computer program for middle-schoolers

… Students in sixth, seventh and eighth grades attending the Rosemont School of the Holy Child in Rosemont this fall will get a new netbook computer to use in school and take home. But officials say it will have one major difference from another local school’s highly publicized one-on-one laptop program.

“We do not have any remote-activation software on these machines and there will be no GPS tracking,” said Jim Breslin, the school’s director of technology. “We have not purchased anything like that. It’s not in our mind at all.”

… So students don’t lose their assignments, they will be encouraged to store them on the school’s server as a backup.

There are webcams on the computers but school officials say they will have no access to remotely activate them.



Now parents can be just as intrusive as school districts! Think of it as an electronic version of the ankle bracelet they make Lindsay Lohan wear.

http://techcrunch.com/2010/08/05/yc-funded-whereoscope-gives-parents-an-easy-way-to-track-where-their-kids-are/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

YC-Funded Whereoscope Gives Parents An Easy Way To Track Where Their Kids Are

Since the dawn of mankind, and probably even a while before that, parents have been asking themselves the same question: “Where are my kids?”

Now Whereoscope, a Y Combinator-funded startup that’s launching today, may have a solution that’s more reliable and easier to use than most other kid-tracking solutions on the market.

Whereoscope consists of an iPhone application that runs in the background (you’ll need iOS 4, which enabled background apps). During an initial setup process, you designate a handful of key locations, or geofences, that your children often visit — their school, home, a best friend’s house, etc. You can elect to receive a push notification whenever your child leaves or arrives at one of these areas. Your child doesn’t have to actually do anything to check in, so there’s nothing for them to forget. And, if your child were to “accidentally” disable the application, Whereoscope can send you a warning giving you a heads up.



So, I'm covered right?

http://www.pogowasright.org/?p=12635

Discovery Rule for Libel Doesn’t Apply to Blogs, Says Federal Judge

August 6, 2010 by Dissent

Shannon P. Duffy writes:

Aviation lawyer and seasoned pilot Arthur Alan Wolk knows quite a bit about the stratosphere and the troposphere, but he may have learned something new this week about the blogosphere when a federal judge tossed out his libel suit against the bloggers at Overlawyered.com.

As U.S. District Judge Mary A. McLaughlin sees it, a blog is legally the same as any other “mass media,” meaning that any libel lawsuit filed against a blog in Pennsylvania must make its way to court within one year.

[...]

Wolk has already filed a notice of appeal to challenge McLaughlin’s ruling.

Rosen said he believed that McLaughlin had erred by failing to apply recent Pennsylvania Supreme Court decisions that say the discovery rule tolls the statute of limitations until an “awakening event.”

The Internet, Rosen said, poses “unique challenges” for the courts in the field of defamation.

“Unlike mass media print defamation claims, where the publication is pervasive for a short time, but soon becomes yesterday’s news, the Internet is a different animal,” Rosen said.

“In cases such as Mr. Wolk’s, involving a blog that is relatively obscure, but which published a false statement that may appear on any Google type search, the discovery rule is of particular importance,” Rosen said.

Onufrak said that if his clients had not won the case on statute-of-limitations grounds, he was confident that they would have won on First Amendment grounds because the blog entry was not defamatory and would have been considered protected opinion.

Read more about the case and issues on Law.com.



How to bypass the mommie barrier. OR “We don't need no stinking iPhones!”

http://news.cnet.com/8301-1035_3-20012720-94.html?part=rss&subj=news&tag=2547-1_3-0-20

How to text without a cell phone

Kids, of course, come in all varieties and their interests run the gamut. But when it comes to 10-year-old girls, I dare say, there are two ubiquitous desires: getting one's ears pierced and getting a cell phone.

And you may as well let go of that ol' school stereotype of a preteen--phone glued to ear--gabbing on and on with friends about inanities. The phone is not really for talking. It's for texting.

Which is why my own 10-year-old daughter--too young in her stodgy mom's eyes for piercings or a cell phone--was ecstatic to have found a workaround for the latter. Earlier this summer, a friend told her about an app for her iPod Touch called Textfree, which assigns her a real phone number and lets her send and receive texts for free.

Unbeknownst to her, however, she might also be helping to shake up traditional wireless carrier models as we know them.

In the roughly two months since users of Pinger's Textfree app started getting assigned actual phone numbers, Pinger has handed out 1.6 million. That's as many wireless numbers as AT&T gave out to net new subscribers in April,


(Related) Another reason for Apple to control Apps on the iPhone. Isn't there something like a “prior art” test?

http://apple.slashdot.org/story/10/08/05/237240/Apple-Mines-App-Store-Submissions-For-Patent-Ideas?from=rss

Apple Mines App Store Submissions For Patent Ideas

Posted by timothy on Thursday August 05, @07:56PM

I Don't Believe in Imaginary Property writes

"Apple has started filing a bunch of patents on mobile applications. That might not be so interesting in and of itself, but if you look closely at the figures in one of the patents, you can see that it's a copy of the third-party Where To? application, which has been on the App Store since at least 2008. There's also a side-by-side comparison which should make it clear that the diagram was copied directly from their app. Even though it's true that the figures are just illustrations of a possible UI and not a part of the claimed invention, it's hard to see how they didn't get some of their ideas from Where To? It might also be the case that Apple isn't looking through the App Store submissions in order to patent other people's ideas, but it's difficult to explain some of these patents if they're not. And with the other patents listed, it's hard to see how old ideas where 'on the internet' has been replaced with the phrase 'on a mobile device' can promote the progress of science and useful arts. This seems like a good time to use Peer to Patent."



Perhaps we shouldn't worry about “applicability” or what concerns various governments when we are building a basic definition.

http://www.bespacific.com/mt/archives/024886.html

August 05, 2010

Defining Internet Freedom - eJournal - U.S. Department of State

Defining Internet Freedom - eJournal - U.S. Department of State, July 2010

  • "The first part of this journal addresses the difficulty agreeing on a universally applicable definition of Internet freedom. Nations impose many different kinds of restrictions. Some represent the efforts of authoritarian regimes to repress their opponents, but others instead reflect diverse political traditions and cultural norms. Other materials survey the current state of ‘net freedom in different parts of the world. Freedom House, a leading nongovernmental organization, has studied government efforts to control, regulate, and censor different forms of electronic social communication. Its findings are explained here. We also explore a number of issues that help define the contours of Internet freedom. The term “intermediary liability” may not pique one’s interest, but it assumes new relevance phrased as whether YouTube is liable for an offensive video posted by a third party. From dancing babies to public libraries, the issues that will delimit global citizens’ access to information are being contested every day."



Pop quiz for my Computer Security students: Suggest seven ways to defeat these controls.

http://yro.slashdot.org/story/10/08/05/152255/Tech-Specs-Leaked-For-French-Spyware?from=rss

Tech Specs Leaked For French Spyware

Posted by CmdrTaco on Thursday August 05, @12:09PM

"With the 'three strikes' law now in effect in France, the organization tasked with implementing it, Hadopi, has been working on technology specs for making the process work — and those specs have now leaked. It appears to involve client-side monitoring and controlling software, that would try to watch what you were doing online, and even warn you before you used any P2P protocol (must make Skype phone calls fun). It's hard to believe people will accept this kind of thing being installed on their computers, so I can't wait to see how Hadopi moves forward with it. It also appears to violate EU rules on privacy."



Video from the Black Hat conference.

http://blogs.computerworld.com/16661/mobile_malware_you_will_be_billed_90_000_for_this_call

Mobile malware: You will be billed $90,000 for this call

"There are more phones on the planet than computers. And it's easier to steal money from phones," stated Mikko Hypponen, chief research officer at security firm F-Secure Corp. In a video interview, Hypponen explained there haven't been more mobile phone attacks, since Windows XP computers are still the "easist" and most exploitable target.

… According to the video, he expects to eventually see mobile smartphone worms that spread automatically to everyone listed in a phone's address book. When this happens, a worm could spread infection around the world in only a couple of minutes.



For my Ethical Hackers/Broncos fans. What say we give the home team an edge? “It's first and ten. The Broncos are on their own 6 yard line. There's the snap! It's a Draw that goes for about half a yard... WAIT! The scoreboard indicates it's a touchdown!”

http://news.cnet.com/8301-13506_3-20012807-17.html?part=rss&subj=news&tag=2547-1_3-0-20

Microchips making their way into NFL footballs?

The technology, which was originally designed for soccer balls, helps referees know when the ball has crossed a line. In soccer, the technology is used to help referees determine if a ball did, in fact, pass the goal line.



Attention Math students! Consider yourselves lucky! This is the homework I could have assigned!

http://science.slashdot.org/story/10/08/06/0326237/5-Trillion-Digits-of-Pi-mdash-a-New-World-Record?from=rss

5 Trillion Digits of Pi — a New World Record

Posted by timothy on Friday August 06, @05:12AM



A backgrounder for my Computer Security students.

http://www.makeuseof.com/tag/wardriving/

What Is That Wardriving Thing All About?



This could be used in place of a “Forum” Might be interesting to see if short messages are more popular with students.

http://www.killerstartups.com/Comm/mychatbox-me-building-microblogging-communities

MyChatbox.me - Building Microblogging Communities

http://mychatbox.me/

A service that has just surfaced, My Chatbox will let you create a private microblogging community in which you will be able to communicate only with those that you want. Using this platform, you grant admission to others into your small community and proceed to interact with them as you would using Twitter (IE, by sending micro messages) that in this case will most likely revolve around a specific topic.

… and since creating a community costs nothing you will be able to come up with one for testing purposes if the idea appeals to you.

Thursday, August 05, 2010

It is one thing to “spin” the breach report to make it seem less catastrophic to reporters, it is something else entirely to push a lot of regulatory hot buttons by not bothering to comply with the reporting requirements at all. “You were serious about dat?” Joe Pecsi in “My Cousin Vinny”

http://www.phiprivacy.net/?p=3233

Hundreds of Ont. patient health files stolen

By Dissent, August 4, 2010

If you’re going to have a breach, you probably don’t want the authorities finding out about it from the media instead of from you. CBC News reports:

The head of Ontario’s privacy watchdog says she “hit the roof” after hearing from CBC News that a computer memory stick containing the medical files of hundreds of Toronto patients was stolen.

Last week, the University Health Network (UHN) sent letters to 763 patients who had undergone surgery at one of three of its sites between January and March of this year — Toronto General, Toronto Western and Princess Margaret hospitals — informing them that their medical information had been compromised, the CBC’s Metro Morning has learned.

Some of their files were copied onto an unencrypted USB key, which was stolen from the purse of a staff member on June 18, the letter said.

While the patients’ OHIP numbers, addresses and other contact information weren’t in the files, the patients’ names, their admission and discharge dates and any surgical procedures they underwent were. Police have been informed, but the memory stick has not been recovered.

Read more on CBC News.



Yeah, but whose privacy?

http://news.cnet.com/8301-17852_3-20012732-71.html?part=rss&subj=news&tag=2547-1_3-0-20

Man faces jail for YouTube video of traffic stop



Oh, here's a big surprise...

http://www.databreaches.net/?p=13000

Symantec survey: companies retaining way too much way too long

August 4, 2010 by admin

Symantec Corp. released the findings of its 2010 Information Management Health Check Survey, which hammers home a point I made the other day about getting rid of unnecessary data.

For the current survey, Symantec surveyed 1,680 enterprises in 26 countries. They found that while 87% of respondents believe in the value of a formal information retention plan, only 46 percent actually have one. Too many enterprises save information indefinitely:

For example, three quarters of backups have infinite retention or are on legal hold. That is a huge number. Think of this: Some estimates are that there is roughly 50 petabytes of backup tape stock in enterprise backup libraries. That means nearly 38 petabytes of backup tape is dedicated to retaining enterprise information forever in a format that is extremely difficult to access and manage. To put that in perspective, 38 petabytes of backup tape would stretch to the moon and back 13 times with enough left over to circle the globe 7 times. That is a lot of tape.

Furthermore, enterprises told us they know a quarter of the information isn’t even needed and shouldn’t be retained.

Enterprises also report that one in six files is archived indefinitely.

According to the report, over-retention is having serious consequences:

Studies show that storage costs continue to skyrocket as over retention has created an environment where it is now 1,500 times more expensive to review data than it is to store it. And it is not just the raw cost of tape stock and hard disks, but the higher costs of managing such massive stores.

Second, backup windows are bursting at the seams. It is becoming increasingly common to hear of weekend backups taking more than a single weekend. Recovery times are even worse. The time it takes to restore such massive backups will bring any disaster recovery program to its knees.

Finally, with the massive amounts of information stored on difficult-to-access backup tapes, eDiscovery has become a lengthy, inefficient and costly exercise.

Read the full report here (pdf).



Apparently, Schmidt made a number of profound (or at least interesting) statements while on this panel. Or, more likely, the conference hosts are good at PR.

http://techcrunch.com/2010/08/04/schmidt-data/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

Eric Schmidt: Every 2 Days We Create As Much Information As We Did Up To 2003

Every two days now we create as much information as we did from the dawn of civilization up until 2003, according to Schmidt. That’s something like five exabytes of data, he says.


(Related)

http://news.cnet.com/8301-13860_3-20012704-56.html?part=rss&subj=news&tag=2547-1_3-0-20

Google's Schmidt: Society not ready for technology



This seems to be a very artificial “complication”

http://www.phiprivacy.net/?p=3235

HHS panel mulls patient control over select data

By Dissent, August 4, 2010

Mary Mosquera reports:

The Privacy and Security Tiger Team yesterday began exploring how current technologies can help patients make decisions on consent and access to their electronic health records when more sensitive patient data is involved.

The team, composed of government and private sector healthcare privacy experts, teed up questions related to how to accommodate patients [Is accommodation the correct approach? Bob] who might want to exercise highly-selective levels of control over electronic versions of their personal health information or portions of that data.

Read more on Government Health IT. The story gives a useful example of how quickly things can become complicated:

Some technologies can enable patients to release parts of their medical record to their providers, but the tools and techniques supporting such piece-meal management of patient data are far from fool-proof, noted Paul Egerman, a software entrepreneur and also co-chair of the tiger team.

For example, a provider can decide to not show certain codes in the exchange of a standard Continuity of Care Document (CCD) that specify a condition or illness that the patient does not want shared, such as a sexually transmitted disease (STD), Egerman said.

However, other codes in the record for test results or medications can still allow others to infer the patient has an STD. [“and we are unable to relate the treatment to the diagnosis.” Bob] “It’s leaky,” Egerman said. “Downstream inferences are beyond the state of the art.”



Amusing. This suggests that 77 percent didn't remember Pearl Harbor.

http://it.slashdot.org/story/10/08/04/2330230/Most-Consumers-Support-Government-Cyber-Spying?from=rss

Most Consumers Support Government Cyber-Spying

Posted by samzenpus on Wednesday August 04, @10:28PM

"Nearly two thirds of computer users globally believe that it is acceptable for their country to spy on other nations by hacking or installing malware, according to Sophos's mid-year 2010 Security Threat Report. And 23 percent claimed to support this action even during peacetime. Perhaps more surprisingly, 32 percent of respondents said that countries should also be allowed to plant malware and hack into private foreign companies in order to spy for economic advantage."

[The Report:

http://www.sophos.com/sophos/docs/eng/papers/sophos-security-threat-report-midyear-2010-wpna.pdf


(Related) Is this an attack on Wall Street? I doubt it. Much more likely to be an idling algorithm waiting for a trading threshold to be reached.

http://news.slashdot.org/story/10/08/04/1920224/Market-Data-Firm-Spots-the-Tracks-of-Bizarre-Robot-Trading?from=rss

Market Data Firm Spots the Tracks of Bizarre Robot Trading

Posted by timothy on Wednesday August 04, @04:16PM

jamie spotted a fascinating story at The Atlantic about "mysterious and possibly nefarious trading algorithms [that] are operating every minute of every day in" the stock market:

"Unknown entities for unknown reasons are sending thousands of orders a second through the electronic stock exchanges with no intent to actually trade. Often, the buy or sell prices that they are offering are so far from the market price that there's no way they'd ever be part of a trade. The bots sketch out odd patterns with their orders, leaving patterns in the data that are largely invisible to market participants."

Spotting the behavior of these bots was possible by looking at much finer time slices than casual traders ever see — cool detective work, but as the story points out, discovering it is just the beginning: "[W]e're witnessing a market phenomenon that is not easily explained. And it's really bizarre."

[From the article:

Donovan thinks that the odd algorithms are just a way of introducing noise into the works. Other firms have to deal with that noise, but the originating entity can easily filter it out because they know what they did. Perhaps that gives them an advantage of some milliseconds. In the highly competitive and fast HFT world, where even one's physical proximity to a stock exchange matters, market players could be looking for any advantage.



The 'evil twin' of Behavioral Advertising?

http://it.slashdot.org/story/10/08/05/0158207/Anatomy-of-an-Attempted-Malware-Scam?from=rss

Anatomy of an Attempted Malware Scam

Posted by samzenpus on Thursday August 05, @01:44AM

"Malicious advertisements are getting more and more common as the Bad Guys try to use reputable ad networks to spread malware. Julia Casale-Amorim of Casale Media details the lengths that some fake companies will go to to convince ad networks to take the bait."



Apple gave schools significant discounts to “addict” children to their early computers. Could they be attempting the same thing here?

http://ocunwired.ocregister.com/2010/08/03/all-new-uci-medical-students-get-ipads/

UPDATE: Free iPads for new UCI medical students

UPDATE: Stanford too is offering iPads to the class of 2014. Any others?



Well, Google IS bigger than the US Government...

http://tech.slashdot.org/story/10/08/05/0327200/Google-and-Verizon-In-Talks-To-Prioritize-Traffic?from=rss

Google and Verizon In Talks To Prioritize Traffic

Posted by samzenpus on Thursday August 05, @05:13AM

"Google and Verizon are nearing an agreement that could allow Verizon to speed some online content to Internet users more quickly if the content's creators are willing to pay for the privilege. Any agreement between Verizon and Google could also upend the efforts of the Federal Communications Commission to assert its authority over broadband service, which was severely restricted by a federal appeals court decision in April. People close to the negotiations who were not authorized to speak publicly about them said an agreement could be reached as soon as next week. If completed, Google, whose Android operating system powers many Verizon wireless phones, would agree not to challenge Verizon's ability to manage its broadband Internet network as it pleased."



Are there still people who believe their phones are secure?

http://mashable.com/2010/08/03/iphone-pdf-exploit/?utm_source=feedburner

Security Exploit Can Give Hackers Control of Your iPhone or iPad [WARNING]



For my Computer Security standards.

http://www.networkworld.com/community/node/64514

Who really sets global cybersecurity standards?

This week in a report that was critical about how the US will face global cybersecurity events, the Government Accountability Office identified 19 global organizations" whose international activities significantly influence the security and governance of cyberspace."



Geeky stuff. Looks much like a targeting system...

http://www.bespacific.com/mt/archives/024877.html

August 04, 2010

Microsoft Street Slide: Browsing Street Level Imagery

Street Slide: Browsing Street Level Imagery - Johannes Kopf, Billy Chen, Richard Szeliski, Michael Cohen [Microsoft Research]. Please see the accompanying video here.

  • "Systems such as Google Street View and Bing Maps Streetside enable users to virtually visit cities by navigating between immersive 360 degree panoramas, or bubbles. The discrete moves from bubble to bubble enabled in these systems do not provide a good visual sense of a larger aggregate such as a whole city block. Multi-perspective “strip” panoramas can provide a visual summary of a city street but lack the full realism of immersive panoramas. We present Street Slide, which combines the best aspects of the immersive nature of bubbles with the overview provided by multiperspective strip panoramas. We demonstrate a seamless transition between bubbles and multi-perspective panoramas. We also present a dynamic construction of the panoramas which overcomes many of the limitations of previous systems. As the user slides sideways, the multi-perspective panorama is constructed and rendered dynamically to simulate either a perspective or hyper-perspective view. This provides a strong sense of parallax, which adds to the immersion. We call this form of sliding sideways while looking at a street facade a street slide. Finally we integrate annotations and a mini-map within the user interface to provide geographic information as well additional affordances for navigation. We demonstrate our Street Slide system on a series of intersecting streets in an urban setting. We report the results of a user study, which shows that visual searching is greatly enhanced with the Street Slide interface over existing systems from Google and Bing."



This could be useful. Copy your old message traffic as you change email providers or steal all your business correspondence from your old employer.

http://www.smashingapps.com/2010/08/04/backup-data-stored-on-email-servers-and-online-social-networks-with-backupify.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SmashingApps+%28Smashing+Apps%29

Backup Data Stored On Email Servers And Online Social Networks With Backupify



This sounds trivial, but we geeks are creating an e-Grammer completely unrelated to the traditional (but illogical) rules of the past.

http://ask.slashdot.org/story/10/08/04/161232/Sentence-Spacing-mdash-1-Space-or-2?from=rss

Sentence Spacing — 1 Space or 2?

Posted by CmdrTaco on Wednesday August 04, @01:18PM

An anonymous reader noted an epic battle is waging, the likes of which has not been seen since we all agreed that tab indenting for code was properly two spaces. He writes

"Do you hit the space bar two times between sentences, or only one? I admit, I'm from the typewriter age that hits it twice, but the article has pretty much convinced me to change. My final concern: how will my word processor know the difference between an abbr. and the end of a sentence (so it can stretch the sentence for me)? I don't use a capital letter for certain technical words (even when they start a sentence), making it both harder to programmatically detect a new sentence and more important to do so. What does the Slashdot community think?"



At least, take a peak...

http://www.makeuseof.com/tag/10-google-services-limelight/

10 Google Services That Don’t Get the Limelight



I'm not sure, but – isn't this the biggest threat I could make? Ten articles a day for four years is over 14,000 articles. Is the world ready?

http://www.freetech4teachers.com/2010/08/anthologize-turn-your-wordpress-blog.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+freetech4teachers%2FcGEY+%28Free+Technology+for+Teachers%29

Wednesday, August 4, 2010

Anthologize - Turn Your Blog Into an Ebook

Wednesday, August 04, 2010

Another example of management making decisions without understanding the technology. The implication here is that they saw the password as an impediment, not as a security measure.

http://www.databreaches.net/?p=12983

When the road to ID theft is paved with good intentions

August 3, 2010 by admin

Nancy Amons reports that some Nashville, Tennessee flood victims discovered that their personal information was publicly available online after they submitted documentation such as canceled checks and other sensitive information online to obtain property tax relief.

It seems that the Metro Assessor of Property had tried to make things easier for people to upload documentation to request relief by wait for it…. removing the system’s password protection.

“When I found out that information was exposed to the public, I wasn’t real happy about that,” [Property Assessor George] Rooker said.

Rooker says 68 flood victims accidentally had documents posted on-line. In three cases, the breach was serious, he said.

Source: WSMV



“The machines can't store an image.” “Okay, they can store an image, but we never use that feature.” “We won't store the images.” “No, we won't.” “I promise we won't.” “You can trust us!” “Okay, yes we store the images.”

http://news.cnet.com/8301-31921_3-20012583-281.html?part=rss&subj=news&tag=2547-1_3-0-20

Feds admit storing checkpoint body scan images

For the last few years, federal agencies have defended body scanning by insisting that all images will be discarded as soon as they're viewed. The Transportation Security Administration claimed last summer, for instance, that "scanned images cannot be stored or recorded."

Now it turns out that some police agencies are storing the controversial images after all. The U.S. Marshals Service admitted this week that it had surreptitiously saved tens of thousands of images recorded with a millimeter wave system at the security checkpoint of a single Florida courthouse.

This follows an earlier disclosure (PDF) by the TSA that it requires all airport body scanners it purchases to be able to store and transmit images for "testing, training, and evaluation purposes." The agency says, however, that those capabilities are not normally activated when the devices are installed at airports.



Tools for ubiquitous surveillance.

http://www.killerstartups.com/Mobile/mobiscope-com-video-surveillance-comes-to-your-mobile

Mobiscope.com - Video Surveillance Comes To Your Mobile

http://www.mobiscope.com/

Mobiscope is a new product bringing a full surveillance system into the palm of your hand. That’s right, by installing the provided application you will be able to turn you smartphone into a true surveillance camera. All that you need for this to work is having a webcam or a network camera in order to have everything recorded and streamed on your mobile.

In this way, you can keep an eye on your home or even your office when you are away from it. You can also use such a service in order to see what your children are doing when you have left them at home with strict orders to do their homework and steer clear of the Wii.



This should be interesting...

http://news.cnet.com/8301-27080_3-20012550-245.html?part=rss&subj=news&tag=2547-1_3-0-20

TippingPoint gives vendors six months to fix holes

As of Wednesday, software vendors will have a deadline to fix vulnerabilities reported to them by TippingPoint's Zero Day Initiative rather than allowing holes to remain unpatched indefinitely.

Vendors will be required to fix the holes within six months, said Aaron Portnoy, manager of security research at TippingPoint, owned by Hewlett-Packard. TippingPoint runs the Zero Day Initiative, which acts a broker paying researchers for information on vulnerabilities and then providing the information to the vendors so they can fix them.

Extensions to the deadline will be given on a case by case basis, he said. If they don't fix the hole within six months and haven't received an extension, TippingPoint will release limited details on the vulnerability, along with mitigation information so organizations and consumers who are at risk from the hole can protect themselves, he added.



I suppose it is possible they confused Wikipedia with Wikileaks... Note that the article includes a picture of the FBI logo.

http://www.bbc.co.uk/news/technology-10851394

Wikipedia and FBI in logo use row

In a letter sent to Wikipedia's San Francisco office, the FBI said that "unauthorised reproduction of the FBI Seal was prohibited by US law".

"Whoever possesses any insignia...or any colourable imitation thereof..shall be fined...or imprisoned... or both," the FBI wrote.

However, Wikipedia denied that it had done anything wrong and said that FBI lawyers had "misquoted the law".

The issue centred on the FBI's Wikipedia entry which, in addition to information on the US bureau, also features an image of the "Seal of the Federal Bureau of Investigation".

The image can be viewed in four different resolutions, including a high-resolution 2000px version.

The FBI said that this was "particularly problematic, because it facilitates both deliberate and unwitting violations of restrictions by Wikipedia users".

It is not yet known why the FBI has singled out Wikipedia, when the FBI seal is published on numerous other websites.

Terminology

In response, the lawyer for Wikipedia - Mike Godwin - wrote back to the bureau saying that there was a big difference between the words "problematic" and "unlawful".

"The enactment of [these laws] was intended to protect the public against the use of a recognisable assertion of authority with intent to deceive.

"The seal is in no way evidence of any 'intent to deceive', nor is it an 'assertion of authority', recognisable or otherwise," he wrote.

Mr Godwin claimed that the FBI letter sent to Wikipedia omitted key words, which changed the interpretation of the law.

"We are compelled as a matter of law and principle to deny your demand for removal of the FBI Seal from Wikipedia and Wikimedia Commons," said Mr Godwin adding that the firm was "prepared to argue our view in court."



Another interesting “legal interpretation”

http://tech.slashdot.org/story/10/08/03/1823216/No-Net-Neutrality-Doesnt-Violate-the-5th-Amendment?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

No, Net Neutrality Doesn't Violate the 5th Amendment

Posted by kdawson on Tuesday August 03, @02:34PM

"Yesterday we discussed the theory that net neutrality might violate the 5th Amendment's 'takings clause.' Over at TechDirt they've explained why the paper making that claim is mistaken. Part of it is due to a misunderstanding of the technology, such as when the author suggests that someone who puts up a server connected to the Internet is 'invading' a broadband provider's private network. And part of it is due to glossing over the fact that broadband networks all have involved massive government subsidies, in the form of rights of way access, local franchise/monopolies, and/or direct subsidies from governments. The paper pretends, instead, that broadband networks are 100% private."



Does Apple have the clout to do this? Would they really risk their customers?

http://www.informationweek.com/news/hardware/handheld/showArticle.jhtml?articleID=226500146&cid=RSSfeed_IWK_All

Apple May Brick Jailbroken iPhones

Despite last week's ruling that jailbreaking the iPhone is legal, Apple is still warning consumers that doing so is a violation of the company's terms of service and that it reserves the right to terminate service to jailbreakers.



Ethical Hacking mid-term question: List four more ways, including one you wrote yourself.

http://www.makeuseof.com/tag/tips-securely-configure-wireless-router-public-access-point/

4 Ways To Securely Configure A Wireless Router As A Public Access Point



Interesting, but is it statistically significant?

http://tech.slashdot.org/story/10/08/03/2023203/How-High-Tech-Gadget-Trends-Differ-By-US-Region?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

How High-Tech Gadget Trends Differ By US Region

Posted by kdawson on Tuesday August 03, @04:50PM

Ant writes in with news of a study revealing differences in gadget preferences by US region. The survey is not rigorous, based as it was on 7,500 online questionnaires submitted to Retrevo, a website for tech shoppers. The company plans to run the survey annually.

"...in the smartphone category, the state of Maryland came out on top with 48 percent more households owning at least one such handset than elsewhere in the country. ... In iPad use, the state of New York took top honors. According to the survey, 52 percent more households have at least one iPad in the Empire State. … Massachusetts beat out the rest of the nation in e-reader adoption..."



Another way to distract drivers... Might be a fun tool to nag my students: “Did you remember to bring your homework? Your pencil? Your textbook? I know you brought your cellphone...”

http://www.makeuseof.com/dir/spokentwitter-voice-to-tweet/

SpokenTwitter: Use Your Voice To Tweet

SpokenTwitter is a nifty service for Twitter users that lets use voice to tweet.

Here’s how it works – you sign up with the service, give it access to your Twitter account, call your nearest country based access number (it shows that on the homepage), speak your tweet and it gets posted as a SpokenTwit link on your Twitter profile. When you click on that link, you are directed to the website where you can listen to the recording.

There is no limit to the length of the recording,

www.spokentwit.com/voice/index.php

Similar tools : Chir.ps and Chirbit.



A word to the wise: Use tools like this at your peril. I doubt my students use one of these, the excuses I get are too lame. Fortunately (for me, not the students) I don't give a damn. I'm an equal opportunity flunker.

http://www.makeuseof.com/dir/excusegenerator-excuses-for-being-absent/

ExcuseGenerator: Generate Good Excuses For Being Absent (iPhone App)

It is an app for iPhone/iPod/iPad that just needs to know if the excuse is for work or for school.

Once you have specified your choice, the app shows you a number of relevant and believable excuses for being absent. You can also click to check out the top 10 excuses of all time. Many times you might not be able to use the exact excuses displayed by the app, but they can definitely act as a source of inspiration to create your own excuses.

A pro version of the app also lets you generate sounds like rain or barking dogs and use them as an excuse.

Download ExcuseGenerator from iTunes



Useful? Now I can be Centennial-Man and Mr-Math-Master and The-Hooded-Hacker all at the same time!

http://www.wired.com/epicenter/2010/08/google-lets-you-sign-in-to-multiple-accounts-at-once/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Google Lets You Sign In to Multiple Accounts at Once



I hope I can still use this for my Finance students...

http://techcrunch.com/2010/08/04/forbes-sells-investopedia-to-valueclick-in-42-million-deal/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

Forbes Sells Investopedia To ValueClick In $42 Million Deal

Online marketing services company ValueClick is buying financial information and investing education website Investopedia from Forbes for approximately $42 million in cash.

… Founded in 1999, Investopedia provides visitors with a glossary of financial terms, news articles, tutorials, and investing education tools, such as virtual trading simulators and exam preparation materials.



Good News! Definitely worth looking at, particularly the Professors section. For all my students

http://www.freetech4teachers.com/2010/08/nook-study-from-barnes-noble-now-live.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+freetech4teachers%2FcGEY+%28Free+Technology+for+Teachers%29

Tuesday, August 3, 2010

Nook Study from Barnes & Noble is Now Live

Last month I reported on a free study tool from Barnes & Noble called Nook Study. Nook Study is now available for free as a free download for Mac and Windows. Nook Study gives students access to more than 500,000 free ebooks. Students can also purchase and download other titles.

Nook Study provides more than just ebooks for students. Nook Study provides students with the ability to sort titles according to the courses they're taking. Students can use Nook Study to highlight and annotate ebooks. Nook Study also provides a search function that enables students to highlight a word then in one click search for it on Google, Wolfram Alpha, Wikipedia, and other online reference tools.

… Nook Study seems to have been designed for college students, but high school students could use it as well.

[From the Nook site:

… 7-day free trials on eTextbooks

SparkCharts – a course-in-a-chart, amazingly complete information on subjects from Research to Economics. It’s like a cheat sheet, without cheating!

[You can import handouts! Some print and copy functions. ]


(Related) Bad News?

http://www.slashgear.com/barnes-winner-takes-nook-0496476/

Barnes & Noble up for sale; winner takes nook