Saturday, March 26, 2011

Truly an out of touch legislature. After ignoring warnings, they claim to be shocked that citizens actually read the bill and found it objectionable.

http://yro.slashdot.org/story/11/03/25/2321216/Utah-Repeals-Anti-Transparency-Law?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Utah Repeals Anti-Transparency Law

"After enduring two weeks of public fury, Utah lawmakers voted Friday to repeal a bill that would have restricted public access to government records. While Senate President Michael Waddoups accused the media of lobbying on the issue and others blamed the press for biased coverage that turned citizens against them, Sen. Steve Urquhart said bluntly: 'We messed up. It is nobody's fault but ours.'"



For my Risk Management students. Never test (or practice) on a live system.

http://news.slashdot.org/story/11/03/25/202235/Univ-of-Illinois-Goes-War-of-the-Worlds-On-Students?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Univ. of Illinois Goes War-of-the-Worlds On Students

"'Strange beings who landed in New Jersey tonight are the vanguard of an invading army from Mars.' (Orson Welles, 1938). 'Active shooter at BUILDING NAME/INTERSECTION. Escape area if safe to do so or shield/secure your location.' (Univ. of Illinois, 2011). An alert message sent out Thursday to 87,000 emails and cell phones warning recipients to escape from an 'active shooter' at the University of Illinois was an error, the Office of the Chief of Police confirmed. 'The alert sent today was caused by a person making a mistake,' explained an email. 'Rather than pushing the SAVE button to update the pre-scripted message, the person pushed the SUBMIT button. We are working with the provider of the Illini-Alert service to implement additional security features in the program to prevent this type of error.'"



I can see no obvious reason for MS to do this (unless they are signaling that governments have a backdoor into their “secure” communications?

http://politics.slashdot.org/story/11/03/26/0053203/MS-Removes-HTTPS-From-Hotmail-For-Troubled-Nations?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

MS Removes HTTPS From Hotmail For Troubled Nations

"Microsoft has removed HTTPS from Hotmail for many US-embargoed or otherwise troubled countries. The current list of countries for which they no longer enable HTTPS is known to include Bahrain, Morocco, Algeria, Syria, Sudan, Iran, Lebanon, Jordan, Congo, Myanmar, Nigeria, Kazakhstan, Uzbekistan, Turkmenistan, Tajikistan, and Kyrgyzstan. Journalists and others whose lives may be in danger due oppressive net monitoring in those countries may wish to use HTTPS everywhere and are also encouraged to migrate to non-Microsoft email providers, like Yahoo and Google."



Geeky stuff

http://download.cnet.com/8301-2007_4-20047349-12.html

Everything you need to know about Firefox 4



Interesting hack...

http://www.wired.com/gadgetlab/2011/03/kindlefish-turns-kindle-into-worldwide-universal-translator/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Kindlefish Turns Kindle Into Worldwide Translator

Nicholas found that Google Translate is badly suited to the e-reader’s admittedly limited web browser. “Standard Google Translate doesn’t work for the Kindle,” he writes on his blog, “and the mobile Google Translate page returns text that is too small to be easily read, and a little clunky for use on the Kindle.”

To get around this, he wrote a new front-end called Kindlefish, a homage to the universally translating Babelfish from Douglas Adams’ five-part Hitchhiker’s trilogy. The interface is simple, letting you set three preferred languages for quick access, and one input language (English by default). You just type your phrase on the Kindle’s little keyboard and hit the “Translate” button.

… If you want to try it out, head over to the Kindlefish site on your Kindle. The site is on free hosting, but if it is swamped by traffic then Nicholas plans to move it to a more permanent home.



You never know what you'll find in lists like this one.

http://savedelete.com/best-free-windows-business-software.html

Top 10 Extremely Useful Free Windows Software For Your Small Business

4. Calibre Ebook Management : calibre is a free and open source e-book library management application developed by users of e-books for users of e-books. It has a cornucopia of features such as Library Management, E-book conversion, Syncing to e-book reader devices, Downloading news from the web and converting it into e-book form, Comprehensive e-book viewer, Content server for online access to your book collection.

If you too into reading books, here you can check our article on 30 sites to download free ebooks and best free Microsoft ebooks for business persons.


Friday, March 25, 2011

Perhaps we can educate the educators?

http://www.databreaches.net/?p=17208

Hackers Take Schools To School

March 24, 2011 by admin

Nice to see on data on this. Tim Wilson of Dark Reading writes:

Some 63 percent of K-12 schools say they have experienced at least two security breaches in the past year, according to a new study, and their IT administrators are struggling to find the resources they need to keep up with security tasks.

According to the “Panda Security Kindergarten-12 Education IT Security Study,” which was published today, many schools are struggling to find the time and resources they need to build out their security programs.

Read more on Dark Reading.



Reminds me of an Inverse Drake Equation – instead of calculating the number of planets hosting an Intelligent species, it calculates the number of clueless victims on the Internet.

http://www.wired.com/magazine/2011/02/st_equation_spamprofits/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Equation: How Much Money Do Spammers Rake In?

After deleting the 10,000th Viagra offer from your inbox, you might wonder, does anyone actually make money off this crap? Chris Kanich and his colleagues at UC San Diego and the International Computer Science Institute wondered too—so they hijacked a botnet to find out. Kanich’s team intentionally infected eight computers with a middleman virus, software they found in the wild that was relaying instructions between a botmaster computer and the network of computers it had secretly turned into spam-sending zombies. Then they changed the orders, effectively zombifying the botnet for their own research. Instead of sending hapless rubes to the botmaster’s website, spam ads would instead funnel them to a site built by Kanich’s team. It looked like an authentic Internet pharmacy, but instead of taking credit card numbers in return for a bottle of sugar pills (or worse), the site coughed up an error message and counted the clicks. Then the researchers calculated an estimate of how much money the spammer grossed per day: about $7,000.



Nothing is as much fun to read as two legal scholars jousting...

http://www.pogowasright.org/?p=21951

Hard drive search warrants: should there be any limits?

March 24, 2011 by Dissent

Matthew Lasar writes:

Here’s the latest hot debate among Fourth Amendment scholars: when magistrate judges issue search warrants on computers, should those warrants limit where in the machine’s directory system the police may look, or for how long they can scan the drive?

Professor Orin Kerr of George Washington Law School says no (PDF). Assistant Professor Paul Ohm of the University of Colorado Law School says yes (PDF).

Read more on Ars Technica.



Let's face it. Lawyers are in their own little world.

http://yro.slashdot.org/story/11/03/25/0434255/Federal-Prosecutors-Tempt-the-Streisand-Effect?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Federal Prosecutors Tempt the Streisand Effect

"As the case of NSA IT guru Thomas Andrews Drake nears trial, the fur has been flying between the defense and prosecution lawyers. Earlier this week the judge ordered the sealing of a defense motion because the government claimed it contained classified information. The problem? The document had been sitting on the Federation of American Scientists website for several days. Another problem: the document is marked 'Unclassified' in big bold letters at the top of the page."



Tweet globally, legislate locally.

http://www.pogowasright.org/?p=21950

EP demands personal data protection in US WikiLeaks investigation

March 24, 2011 by Dissent

On 23 March MEPs asked the Commission and the Council about the implications for EU citizens of a US court order obliging Twitter to hand over personal data, messages and communications of users considered to be related to WikiLeaks. What personal data protection rights do EU-based Twitter users have in such cases?

Read more on the European Parliament web site. Short answer: it sounds like everyone agreed to respect U.S. laws but to strengthen EU laws.

Dutch Liberal Sophie in ‘t Veld explained, “The US court argues that once you use Twitter, you no longer have a legitimate expectation of privacy, and that means that EU citizens no longer have any legal protection, because Twitter is US-based”. That is “a problem that must be addressed in the review of the data protection” directive, she said.

By all means, review it, but unless Twitter or another social network is actually a registered business in the EU or advertises to/pitches to EU citizens, how does the EU bring them under their directives? Or will we see court rulings out of the EU that are not enforceable here?

This is another opportunity to mention how much we need to get people together to see how we can better harmonize privacy laws and protections between the EU and US and how much we need to strengthen privacy protections here in the U.S.



I'm sure this is completely unrelated to the story above. It does make me think that Twitter can find twits anywhere... No doubt this will “prove” that the US is behind the technology curve and result in a multi-billion dollar program to catch up.

http://www.crunchgear.com/2011/03/24/rt-twitter-en-route-to-floor-of-uk-parliament/

RT: Twitter En Route To Floor Of UK Parliament

… A rules committee there has said that MPs should be be allowed to use the service from the floor provided it doesn’t “impair decorum.”

MPs will be allowed use devices no larger than a sheet of A4 paper. Laptops are still banned. [Apparently this is a space issue. Bob]

The idea is to allow MPs to bring in digital notes (on, say, their iPad) and maintain communications ties with their constituents from the floor.



Interesting. Should providers be required to prove the validity of their data before they can cut off/slow down/charge users of their (not really) unlimited plans?

http://www.crunchgear.com/2011/03/24/att-broadband-metering-is-shoddy-and-they-know-it/

AT&T Broadband Metering Is Shoddy And They Know It

… Readers over at Broadband Reports are noticing marked differences between AT&T’s measurements and their own. One user found differences of several orders of magnitude. Now, if AT&T (and of course Comcast and others) are unwilling to allow for wiggle room in their GB caps (fees start the byte over 250GB), why should we allow wiggle room in their measurement? After all, we don’t let grocers use poorly (or maliciously) calibrated scales.



Dude! Just because all these new words/terms/abbreviations appear in the OED does not mean it is appropriate to Tweet your research paper.

http://www.engadget.com/2011/03/24/omg-fyi-and-lol-enter-oxford-english-dictionary-foreshadow-th/

OMG, FYI, and LOL enter Oxford English Dictionary, foreshadow the apocalypse

In an acknowledgment of the internet's overwhelming influence on the triviality we sometimes refer to as "real life," the Oxford English Dictionary doyens have decided to add a few of the web's favorite pronouncements to their lexicon. Among them are the standouts OMG, LOL and FYI, joining their compatriots IMHO and BFF among the proud number of officially sanctioned initialisms (abbreviations contracted to the initials of their words) used in the English language. Shockingly enough, the expression OMG has had its history tracked all the way back to 1917, while LOL used to mean "little old lady" back in the '60s, and FYI first showed up in corporate lingo in 1941. Not only that, but the heart symbol -- not the emoticon, the actual graphic -- has also made it in. Just so long as Beliebers and fanpires are kept out, there's still hope for the future. A tiny, twinkling ember of a hope.



Thursday, March 24, 2011

Ebay (et al) as a tool for Identity Theft (is it theft if you purchase the phone “as is” from its owner?)

http://yro.slashdot.org/story/11/03/24/040255/Half-of-Used-Phones-Still-Contain-Personal-Info?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Half of Used Phones Still Contain Personal Info

"More than half of second-hand mobile phones still contain personal information of the previous owner, posing a risk of identity fraud. A study found 247 pieces of personal data stored on handsets and SIM cards purchased from eBay and second-hand electronics shops. The information ranged from credit card numbers to bank account details, photographs, email address and login details to social networking sites like Facebook and Twitter. According to data security firm CPP, 81 percent of previous owners claim they have wiped personal data from their mobile phones and SIM cards before selling them. However, deleting the information manually is 'a process that security experts acknowledge leaves the data intact and retrievable.'"


(Related) Legitimate uses for a used phone.

http://www.makeuseof.com/tag/5-interesting-spare-smartphone/

5 Interesting Uses For A Spare Old Smartphone



For my Computer Security students.

http://news.cnet.com/8301-31921_3-20046588-281.html

Hackers exploit chink in Web's armor

A long-known but little-discussed vulnerability in the modern Internet's design was highlighted yesterday by a report that hackers traced to Iran spoofed the encryption procedures used to secure connections to Google, Yahoo, Microsoft, and other major Web sites.

This design, pioneered by Netscape in the early and mid-1990s, allows the creation of encrypted channels to Web sites, an important security feature typically identified by a closed lock icon in a browser. The system relies on third parties to issue so-called certificates that prove that a Web site is legitimate when making an "https://" connection.

The problem, however, is that the list of certificate issuers has ballooned over the years to approximately 650 organizations, which may not always follow the strictest security procedures. And each one has a copy of the Web's master keys

… This has resulted in a bizarre situation in which companies like Etisalat, a wireless carrier in the United Arab Emirates that implanted spyware on customers' BlackBerry devices, possess the master keys that can be used to impersonate any Web site on the Internet, even the U.S. Treasury, BankofAmerica.com, and Google.com. So do more than 100 German universities, the U.S. Department of Homeland Security, and random organizations like the Gemini Observatory, which operates a pair of 8.1-meter diameter telescopes in Hawaii and Chile.

… The vulnerability of today's authentication infrastructure came to light after Comodo, a Jersey City, N.J.-based firm that issues SSL certificates, alerted Web browser makers that an unnamed European partner had its systems compromised. The attack originated from an Iranian Internet Protocol address, according to Comodo Chief Executive Melih Abdulhayoglu, who told CNET that the skill and sophistication suggested a government was behind the intrusion.

Spoofing those Web sites would allow the Iranian government to use what's known as a man-in-the-middle attack to impersonate the legitimate sites and grab passwords, read e-mail messages, and monitor any other activities its citizens performed, even if Web browsers show that the connections were securely protected with SSL encryption.



Also for my Computer Security students

http://blogs.computerworld.com/18019/microsoft_accepts_reality_offers_it_tool_for_iphones_ipads_and_android

Microsoft accepts reality, offers IT tool for iPhones, iPads, and Android

Not everyone at Microsoft is marching in lockstep to the idea that Windows Phone 7 will rule the enterprise. At the Microsoft Management Summit (MMS), the company announced that it has released a beta of a tool to let IT manage iPhones, iPads, Android devices, Symbian devices, and Windows Phone 7 devices in the enterprise. Up until now, the tool only worked for Windows Mobile.

The tool is called System Center Configuration Manager (SCCM), and it's designed to deploy and update servers, clients, and devices across an enterprise's entire computing and network infrastructure. The current version is SCCM 2007, and the only mobile devices it handles are Windows Mobile ones --- it won't even handle Windows Phone 7 right now.

At MMS today, though, Microsoft made available for download beta 2 of SCCM 2012.


(Related) Why you should care. Ignorance is bliss only until the bill comes...

http://www.bespacific.com/mt/archives/026824.html

March 23, 2011

AVG Study Reveals Alarming Complacency Among Users of Mobile Devices on Security

Smartphone Security - Survey of U.S. consumers, Ponemon Institute© Research Report, Sponsored by AVG Technologies, Independently conducted by Ponemon Institute LLC, Publication Date: March 2011

  • News release: "AVG Technologies, one of the leading providers of consumer security software, today revealed details of a sobering study uncovering new statistics about the data security risks involved in everyday smartphone use. Findings are the result of a recent study conducted by the Ponemon Institute in concert with AVG of 734 random US consumers over age 18 regarding their mobile communications behavior. The study confirmed AVG’s concerns focus on consumers indifference to the many serious security risks associated with the storage and transmission of sensitive personal data on iPhone, Blackberry and Android devices. Following are three of the most alarming:

  • 89 percent of respondents were unaware that smartphone applications can transmit confidential payment information such as credit card details without the user’s knowledge or consent.

  • 91 percent of respondents were unaware that financial applications for smartphones can be infected with specialized malware designed to steal credit card numbers and online banking credentials, yet nearly a third (29 percent) report already storing credit and debit card information on their devices and 35 percent report storing “confidential” work related documents as well.

  • 56 percent of respondents did not know that failing to properly log off from a social network app could allow an imposter to post malicious details or change personal settings without their knowledge. Of those aware, 37 percent were unsure whether or not their profiles had already been manipulated.



Toys make sense. Shoelaces don't. It also suggests who Apple uses to test their user interfaces...

http://www.bespacific.com/mt/archives/026823.html

March 23, 2011

"Preschoolers better at navigating iPad than tying their shoes"

Inside iPad: "Hand a two-year-old child a shoe and he will probably end up throwing it. Hand him an iPad, however, and he'll navigate through it to find his favorite app in no time. According to a new survey from security software maker AVG, kids can grasp new tech skills long before they even learn how to do normal kid things, such as swimming or tying their shoelaces. AVG surveyed 2,200 parents with children between the ages of two and five in the US, Canada, UK, France, Italy, Germany, Spain, Japan, Australia and New Zealand. Nineteen percent said their kids know how to access a smartphone application (and it's not just the older kids either—17 percent of 2- to 3-year-olds did as well). Another 58 percent can play a computer game, and a quarter of kids can open and operate a Web browser. By comparison, only nine percent of kids between 2 and 5 can tie their shoelaces, 20 percent can swim without help, and 43 percent can ride a bike."



No liability here! Another Vigilante product.

http://news.cnet.com/8301-17938_105-20046421-1.html

Burglar alarm marks territory with pepper spray

Burglar alarms usually work by scaring off criminals with loud noises and the threat of police action. The Burglar Blaster from Heracles Research Corporation takes the law into its own hands.

It comes loaded with 4 ounces of painful, burning pepper spray.

… The concept behind the Burglar Blaster is really pretty simple. You screw this little terror to the wall where you expect criminals to come busting in. An intruder triggers the passive infrared motion sensor and the Blaster commences spraying mace at the offender. It runs on batteries, so all you really need for installation is a screwdriver and some determination.



I think they still don't get it. Buying the DVD or downloading and burning one are effectively the same thing, aren't they?

http://news.cnet.com/8301-31001_3-20046430-261.html

Sony Pictures eyes cheaper film downloads

By and large, the big Hollywood film studios have clung to the idea that digital downloads should be priced the same as DVDs. Sony Pictures is trying to find out if there's a better way.

On Tuesday, Sony began selling downloads of two new releases for about 13 percent less than the $15 DVD price. At Amazon.com and iTunes, "The Tourist" and "How Do You Know" could be downloaded for $12.99. Elsewhere at Amazon, the disc sold for $15. Both movies were disappointments at the box office, so the reductions seem barely to quality as a toe dip into price cutting.

But according to two film industry sources, the studio is experimenting with pricing for download-to-own videos. Sony, which has tried similar tests before, is searching for a price that stimulates download sales but won't erode demand for DVDs. [A sale is a sale is a sale... Bob]


Wednesday, March 23, 2011

At some point you have to ask if those who run the education system have ever taken advantage of it.

http://www.databreaches.net/?p=17183

SSNs of All Laredo ISD Students Missing In Data Breach; Trustee says not “a big deal”

March 22, 2011 by admin

Morgan Smith reports:

A disk holding the Social Security numbers of every student in the Laredo Independent School District — a total of 24,903 — has gone missing, according to the Texas Education Agency.

TEA spokeswoman Suzanne Marchman said the agency first became aware of the situation in January, [See below Bob] when officials with the University of Texas at Dallas’ Education Research Center contacted the TEA looking for sensitive data they had requested from Laredo ISD — data that was supposed to be sent to the TEA first.

At that point, the TEA contacted Laredo ISD for the package tracking number, only to learn that the CD had been signed for at the William B. Travis Building in Austin, which houses five state government agencies, including the TEA. But the CD was never delivered to James Van Overschelde, the TEA’s former director of educational research and policy who was working with UTD on the project — and the agency doesn’t know who signed for it.

Read more in the Texas Tribune.

Okay, insert the entity’s usual disclaimers and outrageous finger-pointing here, because what is really stunning about this report is a stunningly stupid statement reportedly made by George Beckelhymer, president of Laredo ISD’s Board of Trustees:

[Beckelhymer] said he was also unaware that the information had gone missing.

“I am trying to be sure we are looking in the right spot if we are looking for blame on this,” he said. “Is it really LISD’s blame? Did UTD use an inappropriate method to request the [information] and then tricked us? Does the TEA have fault that they didn’t have the proper personnel to sign legitimately?”

Beckelhymer also added that, while he doesn’t like “sharing” Social Security numbers, he doesn’t think the fact that they’re missing is “a big deal.”

Un—-believable.

[From the artiocle:

Van Overschelde said he left the TEA in June [Which means that the data should have arrived prior to that, right? So they didn't notice for AT LEAST seven months? Bob]



Mom thinks it's cool?

http://www.ispyce.com/2011/03/facebook-bans-20000-kids-day.html

Facebook Bans 20,000 Kids a Day

Although Facebook requires all users to be 13 or older, the social network bans 20,000 underage users a day, a spokeswoman said. "There are people who lie. There are people who are under 13 [accessing Facebook]," Mozelle Thompson, Facebook's chief privacy adviser, told the The Telegraph (Sydney, Australia). "Facebook removes 20,000 people a day, people who are underage."

When asked by the Australian parliamentary online safety committee how Facebook can detect those lying on age forms, Thompson replied, "It's not perfect." In fact, it's relatively easy. A standard online form asks a user if he or she is 13 or over, and the user can tell the truth or not. ComScore estimates about 3.6 million of kids under 12 use Facebook in the United States. [So they should have them all kicked off in 180 days, assuming no new sign-ups. Bob] Last week, a story in the New York Times highlighted the number of those under 13 who skirt the age requirement often with parental consent. Many began using Facebook or other online community in elementary school and many parents see nothing wrong with it. “It’s not like there’s a legal age limit for being on the Internet," said a parent whose 11-year-old son uses Facebook. He told the social media site he was 15.

There are obvious reasons why there are federal age requirements for Internet use: [There are? Bob] sexual predators, cyberbullying, adult content and explicit language. Most very young children are not equipped to be dumped at the equivalent of an online adult cocktail party and fend for themselves. While many want most of the security to be created by tech companies, they are ignoring the reality that many parents don't see a problem with their underage children using a social network with 600 million users. The best online security is a connected parent who carefully monitors online usage -- including only allowing children to use computers in a central location, not a bedroom, easily accessed by a parent -- and one that doesn't allow their children to use Facebook if they are younger than 13.



I'll say it's disturbing. How could they fail to find the other 15%? Police mine every database they can access. Does that mean they don't appear in any government or commercial database? No birth certificate, school records, tax return, drivers license, credit card, phone, etc.?

http://www.pogowasright.org/?p=21877

85 percent of B.C. adults in police database ‘disturbing’

March 22, 2011 by Dissent

Neal Hall reports:

The B.C. Civil Liberties Association says it is disturbing that up to 85 per cent of B.C. adults have their names in a police computer database designed to track criminals.

The association has written a letter to B.C. Solicitor General Shirley Bond, asking her to investigate why the majority of B.C.’s law-abiding citizens are in the PRIME-BC database.

Even more troubling, said Robert Holmes, president of BCCLA, is that no information is available as to how long the information is kept on file.

Read more in the Vancouver Sun



Think of it as a way for manufacturers to trace each device sold.

http://www.pogowasright.org/?p=21862

UDID: The Next Privacy Frontier?

March 22, 2011 by Dissent

The Womble Carlyle Team writes:

Companies that make their money in the mobile computing space – application developers, device manufacturers, software adaptors – have a new worry. Many functions and applications used on iPhone devices currently rely on reporting that includes the UDID unique device identifier. Two new lawsuits against Apple for its use of UDID information may change the way that mobile functions and applications are built, managed and paid for.

The UDID for the iPhone is a 40 character identifier that is set by Apple and stays with the specific defined device forever. Its function is to uniquely identify any one iPhone, allowing the UDID to be connected with the name and behaviors of that iPhone’s user.

The Wall Street Journal may have started the snowball of lawsuits rolling in its ongoing series of articles about how the computer industry tracks people using the internet.

Read more on Womble Carlyle.



Okay, this would seem to throw a monkey into the wrench... Does it override “appropriate use” policies?

http://www.pogowasright.org/?p=21874

Ca: Personal files on work computers ruled private

March 22, 2011 by Dissent

Tracey Tyler reports:

The Ontario Court of Appeal has recognized a right to privacy in the personal information Canadians store on work-issued computers.

In a 3-0 ruling Tuesday, the court said a Sudbury high school teacher charged with having nude photos of a Grade 10 student on a laptop issued by the school board had a right to expect his personal files on the computer’s hard drive would remain private.

Read more in Toronto Star.



I wonder who tipped them off?

http://www.computerworld.com/s/article/9214928/Senators_to_Apple_Pull_iPhone_DUI_checkpoint_alert_apps

Senators to Apple: Pull iPhone DUI checkpoint alert apps

Four U.S. senators Tuesday called on Apple to yank iPhone and iPad apps that help drunken drivers evade police, saying the programs are "harmful to public safety."



Does this extend Copyright to Shakespeare’s descendants? Chaucer's Copyrighted Tales?

http://www.bespacific.com/mt/archives/026815.html

March 22, 2011

EPIC: Courts Rejects Google Books Settlement as Unfair

EPIC: "Judge Denny Chin struck down a proposed settlement between Google and copyright holders that would have imposed significant privacy risks on e-book consumers. Google's proposal would have entitled the company to collect each users' search queries as well as the titles and page numbers of the books they read. In a February 2010 hearing before the Court, EPIC President Marc Rotenberg explained EPIC Press Release: EPIC Urges Court To Reject Google Books Settlement; EPIC: Google Books Settlement and Privacy."



When you grown to the size of a medium country, people start asking why you haven't issued your own currency... And lot's of people think Google is printing money as it is.

What is the Dollar – Google exchange rate?

http://news.slashdot.org/story/11/03/23/0210207/Google-Engineer-Releases-Open-Source-Bitcoin-Client?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Google Engineer Releases Open Source Bitcoin Client

"A Google engineer has released an open source Java client for the Bitcoin peer-to-peer currency system, simply called BitcoinJ. Bitcoin is an Internet currency that uses a P2P architecture for processing transactions, avoiding the need for a central bank or payment system. Cio.com.au also has an interview with Gavin Andresen, the technical lead of the Bitcoin virtual currency system."



You don't have to understand technology to really screw up technology.

http://www.latimes.com/news/local/la-me-court-resignation-20110323,0,7040071.story

Top California courts administrator to step down

The top administrator for California's courts announced Tuesday that he would step down, a month after two state lawmakers urged that he be fired for his handling of a computer modernization project that has skyrocketed in cost from $260 million to $1.9 billion.

… Philip Carrizosa, a spokesman for the chief justice, said the retirement had nothing to do with the lawmakers' recent criticism.

Lowenthal said the departure "gives the chief justice a chance to set a whole new level of responsiveness and accountability." [What, he had Tenure or something on the Chief Justice? Bob]



For my Risk Management students

http://jps.anl.gov/Volume4_iss2/Paper3-RGJohnston.pdf

Being Vulnerable to the Threat of Confusing Threats with Vulnerabilities



Looking for that perfect word or phrase? Try entering “Looking for that * word or phrase?” (They did not return “perfect.”)

http://www.killerstartups.com/Web-App-Tools/phraseup-com-write-better-phrases?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+killerstartups%2FBkQV+%28KillerStartups.com%29

PhraseUp.com - Write Better Phrases

what Phrase Up does is to let you fill gaps in sentences. Using Phrase Up, you can write a half-baked sentence and have it automatically fleshed out.

And all the suggestions produced by Phrase Up can be translated. Handy for those who are using the site because English is not their first language, and they are looking for the words they have not yet learned.

http://www.phraseup.com/



http://www.makeuseof.com/tag/5-podcast-directories-visit-subscribe-download-free-podcasts/

5 Podcast Directories You Can Visit To Subscribe & Download Free Podcasts

Here are five where you can download podcasts for free:

Podcast Alley

Podcast Alley usually comes up tops in a Google podcast search. It is a large podcast directory with nearly 90,000 podcasts and 6,000,000 episodes. Access genres with a dropdown which cover everything from arts to TV & Film. You can subscribe to podcasts directly from here or go to the individual websites. You can click to even listen to the podcasts online if you don’t want to clutter your podcatcher.

Podcast

Looking at the domain name, these guys probably had first dibs at setting up a directory and they have done a nice job of it with nearly 85,000 podcasts

Podiobooks

This is a cool collection of serialized audiobooks which you can subscribe to using RSS. You can choose to subscribe, listen online, or download the episodes. The site is completely free

Podfeed

Podfeed is a podcast directory with a relatively small collection of 16000+ podcasts and 2783515 episodes. With a sign-up, you can also submit your own podcasts.

The Education category for instance, is helpful if you want to learn a language like Spanish or even English. Another category that’s worth a look is that of Storytelling with its collection of nearly 500 podcasts.

Tech Podcasts

Tech Podcasts is all about technology and geeky topics with the help of free podcasts.



Mitchell's Law of Committees: Any simple problem can be made insoluble if enough meetings are held to discuss it.


Tuesday, March 22, 2011

Are they suggesting a cover up by the former director? Sure sounds like it. What use would they be?

http://www.pogowasright.org/?p=21834

All of East Chicago Public Library’s records on stolen drives

March 21, 2011 by Dissent

Wow. Steve Zabroski reports:

East Chicago – Indiana State Police arrived at the East Chicago Public Library on Friday afternoon to investigate the reported theft of computer hard drives holding all the library’s records, but the library’s former director said nobody told him about missing equipment.

Manuel “Manny” Montalvo was abruptly fired by library trustees late Wednesday in an action he characterized as illegal, just one month after a previous group of trustees had extended his contract through 2013.

Employees taking inventory Thursday after the change in administration called city police to the main library branch, 2401 E. Columbus Drive, after allegedly discovering hard drives missing from the library’s main computer room and the desktop computer in the office of the library director.

[...]

A locksmith called by Library Board President Clifton Johnson was on the scene opening doors and changing locks, and finally managed to get into the director’s office about 2 p.m., when employees were able to confirm that that drive, too, was physically missing.

Read more on NWI.com

If all of the library’s records means, quite literally, all of their records, this is one horrific breach – not only because of employee personnel information and records that could be on the drives, but have all of the library patrons’ records been stolen, too, showing what they read and when?

If anyone sees a follow-up on this one, please let me know!



Another interesting breach

http://www.pogowasright.org/?p=21838

Play.com joins ranks of firms with breaches of customer email addresses

March 22, 2011 by Dissent

Online retailer Play.com has been accused of leaking its customers’ email addresses to spammers.

Many customers reported receiving a spam email yesterday, offering an Adobe Reader upgrade which requires registration and payment. Some of these emails were sent to unique email addresses that have only been used at play.com, [Think of this as the “canary in the mine” test for security breaches. Bob] suggesting that the spammer had access to private customer details.

Most complaints relate to an email with the subject line “Get more done, much faster, with Acrobat X PDF Reader. Upgrade Available Now

Read more on Netcraft.

Play.com has now acknowledged the breach. Patrick Goss reports:

Play.com, one of Britain’s best known online retailers, has suffered a security breach that has compromised customer’s email addresses and names.

Play has issued an email to customers admitting the problem and blamed its third-party marketing communications company for the leak.

Read more on TechRadar. The marketing firm was not named.

There seems to a goodly number of complaints concerned hacked or leaked names email addresses (and in some cases, passwords!) these days. I haven’t covered most of them on DataBreaches.net, but this is the second complaint I’ve received like this this just this week involving people who used site-specific email addresses receiving spam and suspecting a leak or breach.

The other complaint I received this week was from a reader who has been receiving a number of spams and 419 attempts to an address that he created specifically for ProFlowers.com. ProFlowers.com did not respond to a request I sent them last week asking to speak to someone about the concern, and I have no idea if that situation could possibly be related to a breach involving SilverPop, a company that handles businesses email marketing lists, or if it’s wholly unrelated as SilverPop never released a list of affected clients after their breach. But we’ve seen a number of brick-and-mortar as well as online businesses like dating sites have their user lists or customer lists seemingly compromised in the past few months. Some of them may have been for personal reasons (e.g., Gawker was specifically targeted to teach them a lesson), while others may have been compromised for purposes of spamming.

Whatever’s going on, this is a good time to change passwords on accounts that you care about. Using site-specific passwords and usernames is also a good idea, as it will help you contain any damage should a user list be compromised and it will help you identify which company had the breach.



Small numbers, but great physical risks...

http://www.databreaches.net/?p=17164

UK: Security scare as council loses memory stick containing medical info and access codes to the homes of thousands of vulnerable people

March 22, 2011 by admin

The Daily Mail reports:

A council has lost a memory stick containing home security codes and medical information for thousands of elderly people. The data device holds the medical details on 4,000 people looked after by Leicester City Council support service as well as 2,000 key codes which can be used to gain access to their homes.

The codes, used by LeicesterCare, the council service that supports vulnerable people, open outside boxes that contain keys to people’s front doors.

The council launched an operation to reset all the codes after admitting they lost the data more than two weeks ago in a massive security breach.

The memory stick, used to back up information on council computers, was supposed to be locked in a safe every night.

But council staff reported it missing to the Information Commissioner’s Office (ICO) on March 9 – four days after it disappeared.

Read more on Daily Mail. It’s not totally clear to me whether the data were encrypted or otherwise adequately secured. On the one hand, they’re notifying everyone and changing access codes, which suggests that it’s not encrypted. But there’s also this statement in the story, attributed to a council spokesperson:

‘However, while we have been assured by our supplier the information on the device is not accessible to anyone who may find it, [Why not? Because you need a computer? Bob] we are taking every precaution and we are urgently carrying out changes to the keysafe codes of around 2,000 users.



Insuring the Cloud. It would be interesting to see how they define it...

http://www.databreaches.net/?p=17161

Data Breach in the Clouds

March 22, 2011 by admin

David Navetta writes:

I was recently provided an opportunity to write the lead article for Hisox’s new “global technology news” publication. Hiscox is one of the leading international insurers of “cyber risk” (a.k.a.data security and privacy insurance) and has taken an active role in understanding and insuring this risk. Their expertise lead them to focus on the challenges of breach/incident response in the Cloud (among other cloud computing issues).

Read more on InformationLawGroup.



I wonder how much effort (expertise and treasure) is being expended here.

http://www.nytimes.com/2011/03/22/world/asia/22china.html?_r=1

China Tightens Censorship of Electronic Communications

A host of evidence over the past several weeks shows that Chinese authorities are more determined than ever to police cellphone calls, electronic messages, e-mail and access to the Internet in order to smother any hint of antigovernment sentiment. In the cat-and-mouse game that characterizes electronic communications here, analysts suggest that the cat is getting bigger, especially since revolts began to ricochet through the Middle East and North Africa, and homegrown efforts to organize protests in China began to circulate on the Internet about a month ago.

… Several popular virtual private-network services, or V.P.N.’s, designed to evade the government’s computerized censors, have been crippled.

… In an apology to customers in China for interrupted service, WiTopia, a V.P.N. provider, cited “increased blocking attempts.” No perpetrator was identified.

Beyond these problems, anecdotal evidence suggests that the government’s computers, which intercept incoming data and compare it with an ever-changing list of banned keywords or Web sites, are shutting out more information. The motive is often obvious: For six months or more, the censors have prevented Google searches of the English word “freedom.”



Gosh, maybe students do have some privacy rights... I don't even what to ask what rights Mom and Dad might have to communicate with their child.

http://www.pogowasright.org/?p=21844

Texas Teen Scores Legal First in ‘Sexting’ Privacy Case

March 22, 2011 by Dissent

Matthew Heller writes:

A Texas teenager has taken a major step toward winning her privacy lawsuit against an assistant middle school principal who searched the contents of her cell phone, finding a nude photo of her. [Does that immediately make him a “possessor of Child Pornography?” Bob]

Alexis Mendoza, then an eighth-grader at Kimmel Intermediate School in Spring, Texas, admitted sending the photo to a boy because he had sent similar photos to her. She sued the principal, assistant principal and school district in December 2009, alleging the search of her cell phone went beyond what was reasonable to determine whether she had been using it during school hours to send text messages.

Read more about this case on OnPoint. The court seemed to uphold the school’s right to search for non-content information because they had reasonable suspicion that the student used the phone during school hours on school premises, in violation of school policy. But the judge held that the right to search did not extend to the content of those messages.

If you care about student privacy and Fourth Amendment issues, this is a good case to watch, and Matthew Heller provides links to relevant court documents.



I must admit, their strategy baffles me. You are limited to 20 articles per month except you aren't if you get there by following a Blog link, but it does screw you up if you go to the “Official Times” site and try to use that... Huh???

http://techcrunch.com/2011/03/21/pay-sieve/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

All Blog Links To The New York Times Will Be Freebies. This Could Get Ugly.

It’s not news that the New York Times payfence isn’t much of a fence. We’ve already written about the Facebook and Twitter loophole, but it turns out that the loophole is more like a loop chasm.

NYT head Martin Nisenholtz told AllThingsD’s Peter Kafka on Friday that all blog links will render stories accessible for non-subscribers. [Thanks, I think... Bob] And while blog and social media referral visits will count towards the 20 free articles a month allotted, Times articles will not be blocked if a user goes over their limit and clicks on a Times link from an aggregator like Digg or Reddit or a blog like TechCrunch. Users will, however, be out of luck if they subsequently try to go to the Times’ website directly that month.



Who came up with this idea? Did Equifax “sell” them the idea or is it already being used in other government areas?

http://www.washingtonpost.com/local/us-may-strengthen-identity-verification-system-for-workers/2011/03/21/ABH8Si8_story.html

U.S. may strengthen identity verification system for workers

The federal government is exploring the possibility of using a credit rating giant like Equifax to verify the identity of American workers, a move that could make it far more difficult for undocumented immigrants to get work using stolen Social Security numbers.

The plan by the Department of Homeland Security, which is still preliminary and would probably require congressional approval, could have far-reaching consequences. The government already allows employers to check the legal status of employees using a system known as E-Verify, but hundreds of thousands of undocumented immigrants beat the system by using stolen Social Security numbers.

… On Monday, the government announced that it would begin allowing individuals in the District, Virginia and four other states to voluntarily use a system provided by Equifax to verify their identity. Once they did that, they could access a federal database to verify their authorization to work. The move will help the small number of legally authorized immigrants and U.S. citizens who encounter problems each year when an employer runs their Social Security numbers through the E-Verify system. [Is this an admission that e-Verify isn't working properly? Bob]

By giving workers the ability to check their records before they apply for a job, authorities said that citizens and immigrants who are authorized to work will be able to take care of spelling mistakes and other common errors. The voluntary program will be piloted in the District, Virginia, Arizona, Colorado, Idaho and Mississippi. It will be expanded nationwide in the coming months.



Implications for whistle blowers.

http://www.pogowasright.org/?p=21828

Ex-Employee’s Blogs Can’t Be Stopped Absent Extraordinary Circumstances, New York Court Rules

March 21, 2011 by Dissent

Joseph Lazzarotti and John Snyder comment on Cambridge Who’s Who Publishing v. Sethi, a case recently covered on DataBreaches.net because of its reference to an alleged data breach that had never been reported in the media. Of significance to me, the court ruled that Cambridge Who’s Who could not get an injunction that would stop its former employee from writing about a data breach that occurred while he was employed by them, nondisclosure agreements notwithstanding. As I noted in my comments, I was pleased that the judge appreciated the significance of data breaches to the public and that such revelation would be protected speech.

Lazzarotti and Snyder discuss the case from the perspective of workplace law on Workplace Privacy Data Management & Security Report. They write, in part:

Cambridge provides employers with several significant lessons.

  • First, it is instructive of the enforceability of a non-solicitation-of-customers provision that it enforced by injunction.

  • Second, absent compelling facts constituting “extraordinary circumstances,” courts generally are reluctant to enjoin or restrain speech that may be protected by the First Amendment.

  • Third, the decision raises two key points about data security:

    • Companies that experience an unauthorized access to or acquisition of personal information that they possess may be required to report the unauthorized access to affected individuals and certain state agencies. In New York, there are three state agencies that must be notified in cases of certain breaches of personal information: Office of Cyber Security, Attorney General’s Office, and Consumer Protection Board.

    • Likewise, companies must take appropriate steps when employees complain about or raise data-security issues. In at least two court decisions, one in New Jersey and the other in California, employees were permitted to proceed with claims of employment retaliation upon asserting they have suffered an adverse employment action after their complaints about data security at their companies.

What I find intriguing is that this breach was never reported to the New York State Consumer Protection Board, even though there seems to be some documentation from one of the vendors that would seem to confirm that data went missing. Cambridge Who’s Who has not responded to an email request for a statement or clarification on these allegations, but I will keep trying to find out what, if anything, happened there.



This suggests companies with a high cost of customer acquisition should have the best security.

http://www.databreaches.net/?p=17152

2010 Annual Study: U.K. Cost of a Data Breach

March 21, 2011 by admin

This 2010 Ponemon Institute benchmark study, sponsored by Symantec Corporation, examines the costs incurred by 38 organisations after experiencing a data breach. Results were not hypothetical responses; they represent cost estimates for activities resulting from actual data loss incidents. This is the fourth annual study of this issue.

Breaches included in the study ranged from 6,900 records to 72,000 records from 13 different industry sectors.

And because some of us having been looking more closely at the issue of whether churn rates and “harm” are being objectively measured and reported, here’s what the study says on churn:

Customer turnover in direct response to breaches remains the main driver of data breach costs: Abnormal churn or turnover of customers after data breaches appears to remain the dominant data breach cost factor. Regulatory compliance helps lower churn rates by boosting customer confidence in companies’ IT security practices.

Average abnormal churn rates across all 38 incidents dropped a point to 3 percent. The sectors with the highest 2010 churn rate were communications, financial and services, all at 7 percent. The industries with the lowest abnormal churn rates were transportation (2 percent), consumer and retail (each at 1 percent) and public sector (less than 1 percent).

Once again, though, churn rate is merely the estimate of the interviewee and does represent verified data.

You can download the full report from Symantec’s site.



For my Data Analysis students

http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1789749

Tragedy of the Data Commons

Jane Yakowitz Brooklyn Law School March 18, 2011

Abstract:

Accurate data is vital to enlightened research and policymaking, particularly publicly available data that are redacted to protect the identity of individuals. Legal academics, however, are campaigning against data anonymization as a means to protect privacy, contending that wealth of information available on the Internet enables malfeasors to reverse-engineer the data and identify individuals within them. Privacy scholars advocate for new legal restrictions on the collection and dissemination of research data. This Article challenges the dominant wisdom, arguing that properly de-identified data is not only safe, but of extraordinary social utility. It makes three core claims. First, legal scholars have misinterpreted the relevant literature from computer science and statistics, and thus have significantly overstated the futility of anonymizing data. Second, the available evidence demonstrates that the risks from anonymized data are theoretical - they rarely, if ever, materialize. Finally, anonymized data is crucial to beneficial social research, and constitutes a public resource - a commons - under threat of depletion. The Article concludes with a radical proposal: since current privacy policies overtax valuable research without reducing any realistic risks, law should provide a safe harbor for the dissemination of research data.


(Related) An application of Data Mining/Data Analysis. Matching you work email to your personal grocery purchases... A piece of cake.

http://techcrunch.com/2011/03/22/googlers-buy-more-junk-food-than-microsofties-and-why-rapleaf-is-creepy/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

Googlers Buy More Junk Food Than Microsofties (And Why Rapleaf Is Creepy)

If you weren’t creeped out by data-mining startup Rapleaf after reading about their ways in a relatively unsettling Wall Street Journal article published last October (“The San Francisco startup says it has 1 billion e-mail addresses in its database”), chances are you will be now.

For its latest ‘study’, Rapleaf has tapped its database of identifiable information to extract a sample of 6,000 Google employees (email addresses ending in @google.com) and 16,000 Microsoft employees (email addresses ending in @microsoft.com) and subsequently analyzed their grocery purchase behavior in partnership with an unnamed loyalty cards aggregator.



Of course, we don't need anything as obvious a email or cookies to identify you.

http://www.pogowasright.org/?p=21849

Device Fingerprinting Raises Privacy Fears

March 22, 2011 by Dissent

Jack Marshall reports:

Privacy advocates have expressed concern about device fingerprinting, an emerging technology that allows advertisers to uniquely and persistently identify connected devices such as computers, smartphones, and tablets.

When sending or receiving data, connected devices transmit pieces of information about their properties and settings, which can be collected and pieced together to form a unique, persistent “fingerprint” for that specific device.

Once a device has been assigned a fingerprint, advertisers can use that ID to track its behavior as it moves across the web, providing similar functionality to a cookie. The strength of a fingerprint, however, is that it tracks the device itself rather than the cookie placed on it, meaning it cannot be deleted or lost, and can – in theory – remain consistent for the life of a device.

Read more on ClickZ



Another front in the “You don't buy books, you license them” war.

http://yro.slashdot.org/story/11/03/22/0231214/Amazon-Stymies-Lendle-E-book-Lending-Service?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Amazon Stymies Lendle E-book Lending Service

"CNET quotes Lendle co-founder Jeff Croft: 'They [Amazon] shut the API access off, and without it, our site is mostly useless. So, we went ahead and pulled it down. Could we build a lending site without their API? Yes. But it wouldn't be the quality of product we expect from ourselves.' Croft also said 'at least two other Kindle lending services got the same message' yesterday.'"


(Related) Publishers face the same future as the Music Labels. Is there a similar solution?

http://news.slashdot.org/story/11/03/22/0125218/Best-Selling-Author-Refuses-500k-Self-Publishes-Instead?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Best-Selling Author Refuses $500k; Self-Publishes Instead

Last week we discussed an IT book author's adventures in trying to self-publish. Now, an anonymous reader points out an article examining another perspective:

"Barry Eisler, a NY Times best-selling author of various thriller novels, has just turned down a $500,000 book contract in order to self-publish his latest work. In a conversation with self-publishing aficionado Joe Konrath, Eisler talks about why this makes sense and how the publishing industry is responding in all the wrong ways to the rise of ebooks. He also explains the math by which it makes a lot more sense to retain 70% of your earnings on ebooks priced cheaply, rather than 14.9% on expensive books put out by publishers."



A milestone...

http://techcrunch.com/2011/03/22/boom-professional-social-network-linkedin-passes-100-million-members/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

Boom! Professional Social Network LinkedIn Passes 100 Million Members


(Related) Mapping your professional connections.

http://www.makeuseof.com/tag/3-ways-meaningfully-visualize-linkedin-network/

3 Ways To Meaningfully Visualize Your LinkedIn Network



We are going to put this on every computer at the University.

http://www.makeuseof.com/tag/microsoft-mathematics-40-advanced-calculator-tool-students-love/

Microsoft Mathematics 4.0 – An Advanced Calculator Tool That Students Love

With a simple program from Microsoft named Microsoft Mathematics 4.0, you have the full power of a graphing calculator – and more – right at your computer.

… When you launch the program you have an interface that is very similar to any other graphing calculator. You can enter your numbers and calculations directly into the program by either pressing the buttons with your mouse or just typing it in.

… You can also draw your calculations and Mathematics will try to decipher your drawing into an equation. This is helpful if you receive an problem but don’t know exactly how to enter it into the program. It works fairly well, but does have some difficulty decoding some more complicated equations.

… Another interesting portion of the program is the equation solver. Once you type in an equation it will help you step through to solve it for one of the variables you have listed.

If you are interested in learning how you can apply Microsoft Mathematics to help your child or student learn mathematics, Microsoft offers this free guide to give you learning ideas.

The Equation Library built into the program also gets you started on some interesting ways you can enter data into the program.

Microsoft Mathematics 4.0 can be downloaded here and is free. It is only available for Windows, however if you have VirtualBox you will be able to run it on any other OS.