Saturday, September 17, 2011


Sony takes another step to ensure “Security.”
Use Sony's PlayStation Network, Waive Rights to Class-Action Suit?
… As first discovered by The Examiner, Sony updated its PlayStation Network terms of service on September 15 to ban class-action lawsuits against the company.
"Any dispute resolution proceedings, whether in arbitration or court, will be conducted only on an individual basis and not in a class or representative action or as a named or unnamed member in a class, consolidated, representative, or private attorney general action unless you and [Sony] agree to do so in writing," according to the updated terms.


It is possible to allow trading freedom while still monitoring risk. When would UBS managers want to be informed about unusual trade volumes or risk levels? Apparently, never.
"With the benefit of hindsight, IT experts are claiming that technical countermeasures at Swiss bank UBS could have stopped rogue trader Kweku Adoboli running up a $2 billion loss."
If American Express and Visa can mine transaction data and put a stop order on credit cards when you unexpectedly buy gas out of state, it seems like there could be patterns to watch for when the amounts are in the billions, too.


Should anyone quote an intelligence source by name?
Ethiopian Journalist Flees Country Over Exposure in WikiLeaks Cable


Something for my students to grab...
Students Can Now Create Wi-Fi Hotspots For Free With Connectify [News]
Connectify is offering free accounts until October 15th to students with .edu addresses, allowing them to set up free Wi-Fi hotspots for their devices. Students can sign up for the service for free and receive their Connectify Pro license here by using their .edu email address.

Friday, September 16, 2011


Local. I want to assure you that this has absolutely, positively nothing to do with our new campus in Aurora. (probably)
CO: Aurora City Council members become victims of ID fraud
September 16, 2011 by admin
Carlos Illescas reports:
At least five Aurora City Council members have had their identities stolen over the past few weeks, and police have opened an investigation to determine whether the cases are linked.
Someone — armed only with the council members’ basic personal information — opened accounts in their names at a billing service for PayPal and ordered items at retail online sites.
Read more on Denver Post.
Update: Make that at least seven known victims.
[From the Post article:
The bills came from a company called Bill Me Later, a service of PayPal, the online site where people can order items and send money securely.
A Bill Me Later account, which doesn't require a credit card, is easy to open. Basic personal information, such as name, phone number, date of birth and the last four digits of a Social Security number, is all that is needed. [Think of it as making ID Theft really, really simple! Bob]


It's nearly impossible to kill a government program/boondoggle. There's a story about a Hollywood mogul who kept tons of obsolete and useless paperwork. When asked if it could be tossed out, he replied, “Okay. But make a copy of it first.”
U.S. Representative John Mica (R-Florida), the sponsor of the original House bill that helped create the TSA, has become an outspoken opponent of the agency. In a recent interview, "Mica said screeners should be privatized and the agency dismantled." Mica seems to agree with other TSA critics that the agency 'failed to actually detect any threat in 10 years.' Mica is the House Transportation and Infrastructure Committee Chairman and receives classified briefings on TSA. Perhaps we should trust him more than most people on this topic.
In an older ABC news article (ignore the unrelated video) Mica describes how he deals with security checkpoints. "He won't go through a full body scanner at an airport because 'I don't want them circulating pictures of my beautiful body' all over. He said he opts for a pat-down, and just 'closes his eyes and imagines a beautiful female.'"

(Related) Fortunately, there is (at least seasonal) work for terminated TSA employees. Makes you wonder what risks they are addressing... Killer Calves? Aggressive Ankles? Note that they skip “Thunder Thighs” and all the “politically incorrect” search areas – could be difficult to retrain TSA agents.
NFL wants pat-downs from ankles up at all stadiums
September 16, 2011 by Dissent
Michael McCarthy reports:
The NFL wants all fans patted down from the ankles up this season to improve fan safety.
Under the new “enhanced” pat-down procedures, the NFL wants all 32 clubs to search fans from the ankles to the knees as well as the waist up. Previously, security guards only patted down fans from the waist up while looking for booze, weapons or other banned items.
Read more on USA Today.
[From the article:
The NFL suffered damage to its family-friendly image when a South Carolina man was arrested for using an illegal stun gun on other fans at a New York Jets-Dallas Cowboys game Sunday night. [Note that the new pat-down procedure was “recommended” well before this incident. Bob]


That didn't take long to undo. I wonder what got through to the law makers? Was there a Facebook Frenzy? A Twitter “Outing of Twits?” Nah, just a lawsuit.
"The Missouri State Teachers Association (MSTA) has managed to secure another win in its battle against a new law regarding social networking with students. A repeal of the recently passed law has unanimously passed the Missouri state Senate."


Not sure if were narrowing toward a common definition or
raising more issues to debate.
UK: Privacy watchdog publishes e-privacy laws compliance guidance
September 15, 2011 by Dissent
The UK’s data protection watchdog’s guidance includes amendments made to the Privacy and Electronic Communications Regulations (PECR) in May. The changes transposed an EU Directive into national law.
The amendments included changes to rules on email marketing and for gaining internet users’ consent to ‘cookies’ – small text files that websites store about users’ online activity. It also introduced a requirement for organisations to inform the Information Commissioner’s Office (ICO) about all personal data breaches.
Read more on Out-Law.com
[From Out-Law:
[About Cookies:


Interesting vision of the future. With the growth of Cloud computing, I suspect this is true. And we need to bring more Smartphones into our computing classes...
"The build-out of 3G networks in developing countries, plus ultra-low prices from the likes of Samsung, will make the smartphone the sole computer of millions of citizens worldwide. And by 2016, 97 percent of smartphones are expected to use touchscreens. Now, don't get me wrong — I carry an iPad and an iPod Touch in my backpack and love touchscreens — but I still like a phone that fits in my pocket. However, I'm going to be in the minority five years from now, when the majority of wireless communicators will be smartphones."


Geeky stuff...

(Related) Will we be able to run Smartphone Apps on our desktop PC?
Forget Apps, Carbyn Has Built A HTML5 OS

Thursday, September 15, 2011


Virtual geopolitical boundaries for Cloud Computing. Inevitable, I suppose.
Deutsche Telekom Wants ‘German Cloud’ to Shield Data From U.S.
September 14, 2011 by Dissent
Deutsche Telekom AG’s T-Systems information technology unit is pushing regulators to introduce a certificate for German or European cloud operators to help companies guard data from the U.S. government.
T-Systems plans to lure customers by emphasizing the security of its servers, over which it delivers its Internet- accessed computing services, Reinhard Clemens, the division’s chief executive officer, told reporters in Bonn on Sept. 12. This includes shielding clients from government access such as that allowed by the U.S. Patriot Act, he said.
Read more from Bloomberg.


Is this a case of “techno-paparazzi,” teenage testosterone, or orchestrated publicity? (I'm sure the obvious solution has never occurred to these ladies...)
Celebs Hacked: Which Hollywood Hottie Will Have Nude Pics Leaked Next?
It's probably not the biggest surprise that some of Hollywood's biggest stars also happen to be exhibitionists (see Vanessa Hudgens—and quite a lot of her, as it turns out).
But on the heels of news that no less an authority than the FBI met with the clothes-eschewing starlet to investigate her latest scandalous nude photo leak, several more names have emerged as possible targets of the hacking ring.
Fifty names, to be precise. All female. And all of whom are no doubt shaking in their Louboutins at the prospect of becoming the next viral (and let's face it, in all likelihood naked) victim.

(Related) Maybe the hacking is just part of wholesale emails for sale?
New emails found in News of the World hacking scandal
''MANY tens of thousands'' of documents and emails that might be evidence of phone hacking have been found by the publisher of the now-defunct News of the World, Britain's High Court has been told.
The lawyer for News Group Newspapers, which had been ordered to search its internal mail system for any evidence of hacking of a list of public figures, said: ''Two very large new caches of documents have been [found] which the current management were unaware of.'' [That would be the Management in place after the business was shut down and everyone was fired? Bob]


The cost of Data Breaches. OR “How not to win friends...”
Uni hackers spoil exam
HACKERS from within the University of Tasmania have breached online exam security, leaving 600 nursing students without vital test results.
Angry students will be forced to sit a longer end-of-year exam that will now be worth a greater share of their final mark.
The closed-book test will now be worth 60 per cent instead of 40 per cent of their final mark for the compulsory unit.


I had never heard of Missoni, but apparently it is possible to generate as much excitement with fashion as with the latest teenage movie heroes or world series tickets going on sale.
Target’s Missoni launch: empty racks, crashed website, furious eBay bidding


“Security is as security does” F. Gump ...and it is much harder to retro-fit security than to design it in at the beginning.
Slow learning curve for DHS on infosec
September 14, 2011 by admin
Aliya Sternstein reports:
Security weaknesses in the computers that track money for the Homeland Security Department could lead to a substantial mistake in the agency’s financial statements, according to a federal audit.
KPMG analysts hired by the DHS inspector general to assess the department’s various financial systems for the fiscal year ending Sept. 30, 2010, found about 160 deficiencies, or inadequate controls, most of which — 65 percent — were repeats of the previous year’s problems. The IG office released a redacted version of the April 26 report on Monday.
Among the information technology inadequacies highlighted: ex-employees were still able to logon to their accounts and unauthorized outsiders successfully acquired user passwords from DHS personnel.
Read more on NextGov.


Privacy costs sales?
National Retail Federation opposes Sen. Leahy’s data breach notification bill
September 14, 2011 by admin
The National Retail Federation today voiced concern over data breach legislation set for consideration by a Senate committee, saying the bill is too broadly written and would lead to “notice fatigue” among consumers. [Assuming all retailers have lousy security? Bob]
[...]
French’s comments came in a letter sent today to members of the Senate Judiciary Committee. The panel is scheduled to consider S. 1151, the Personal Data Privacy and Security Act of 2011, sponsored by Chairman Patrick Leahy, D-Vt., Thursday morning.
The bill would require businesses to notify customers when “sensitive personally identifiable information” has been breached, such as in a number of recent data breach cases targeting retailers along with universities, government agencies, financial institutions and other businesses. But French said the bill’s definition of such information “is far reaching and covers common data items, the disclosure of which in most cases is inconsequential or does not lead directly to identity theft.” In one example, the breach of a customer’s name, address and date of birth would be deemed sensitive even though that combination of items alone “provides very little risk of leading to identity theft.”
What is there about “It’s not just about ID theft” that the NRF refuses to acknowledge?


Didn't take long for this brilliant idea to go south...
AU: Westfield Bondi caught in ‘find my car’ privacy flap
September 15, 2011 by Dissent
Less than one week after Ben Grubb reported privacy concerns or the potential for abuse of a new mobile app, he reports that there’s been a breach:
Westfield’s new mobile app has been caught leaking customers’ car number plate data on to the public internet, allowing for “anyone with the knowhow” to monitor when cars entered and exited its Bondi Junction shopping centre car park.
Sydney software architect Troy Hunt discovered the leak and posted about it on his blog yesterday, saying the hole could have potentially been used by stalkers, a suspicious husband tracking his wife, an aggrieved driver holding a grudge from a nearby road rage incident and a car thief with their eye on a particular vehicle.
Shortly after his blog was posted Westfield and the developer of the app’s technology, Park Assist, closed the hole.
Read more on The Age.


I don't think this is how it's supposed to work. But then, Texas is “a whole other country”
(Update) EPISD Lawyer: District Is Not Legally Liable For The Hacking
September 14, 2011 by admin
Gaby Loria reports:
El Paso Independent School District trustees heard from concerned employees and parents at a Tuesday evening board meeting regarding the hacking situation that put more than 70,000 students and employees at risk for identity theft.
[...]
The district alerted the community about the breach the day it found out about it and negotiated a deal with a credit monitoring company to offer a 50 percent discount on anti-identity-theft services.
[...]
The school board’s attorney, Anthony Safi, explained the district is not legally liable for the hacking and is therefore limited in the options it can offer the community. “The district does not have any liability for what occurred due to the doctrine of governmental immunity,” Safi said. “Because there is no liability, to pay (for services) could very well be considered a gift of public funds, which is prohibited.”
Read more on KVIA.
No liability? Did the Veterans Administration have no liability for the incident involving 26.5 millions’ veterans data or did they wind up having to compensate people for it in a huge settlement?
And if there is no liability under a theory of governmental immunity, then what recourse is there for individuals who now have incurred out-of-pocket expenses for something that they had no responsibility for?

(Related) I don't think government immunity even came up in this one...
Court: FERPA Doesn’t Shield Settlement Over Student Strip-Search Lawsuit
September 15, 2011 by Dissent
Matthew Heller writes:
After winning a public records lawsuit, On Point has learned that an Arizona school district paid a $250,000 settlement to a former student who was illegally strip-searched by school officials looking for prescription drugs.
An Arizona judge recently ordered the Safford Unified School District to produce the settlement agreement, finding that the privacy interest of the former student, Savana Redding, “is minimal when weighed against the greater public interest for transparency in the expenditure of public funds by the district.”
Read more on On Point.


I can remember a day when lawyers knew very little about technology... Oh wait, that day was today.
September 14, 2011
University of Victoria Law Student Technology Survey 2011
Via Rich McCue: UVic Law Student Technology Survey 2011 - "In addition to the technology questions we’ve been asking UVic Law students over the past nine years, we decided for the second year in a row to ask some extra questions about the mobile technology that students are arriving at Law School equipped with. This survey was completed by 139 incoming and transferring law students, which is a strong 90% plus response rate. Executive Summary:
  • 84% of incoming law students own “Smart Phones that can browse the internet (up dramatically from 50% last year), with 42% of the total being iPhones, 13% Android and 27% Blackberry’s.
  • 19% of students own tablet devices or ebook readers.
  • 98% of students own laptops, and 16% own both a laptop and a desktop computer.
  • 50% of student laptops are Mac’s, up from 44% last year.
  • The average laptop price stayed basically the same as last year at $1,186, which is down from $1400 in 2007, and from $2,100 in 2004.
  • The students’ average typing speed was was 60 wpm. [Impressive, since I don't think they teach typing any more... Do they? Bob]
  • 72% of all students bring their laptops to school almost every day.
  • 55% of students use Gmail as their primary email account (up from 49% last year), 9% use UVic email and 22% Hotmail.
  • 60% of students identified MS Word as their favorite tool for collaborative document editing (down from 67%). 30% favor Google Docs (up from 27%) and 2% OpenOffice.
  • 58% of students report backing up their primary computer on a regular basis. 60% of those backing up do so to an external hard drive and 25% to a cloud storage solution.
  • 97% of students use Facebook (up from 91%) and 92% (up from 80%) would like to see law school events and activities published on Facebook as well as through the online faculty calendar

Wednesday, September 14, 2011


A most intriguing topic...
Damages From Hannaford Bros. Data Breach Dominate 1st Circuit Debate
September 13, 2011 by admin
Sheri Qualters writes:
A debate about the damages available to some to 4.2 million customers of the Hannaford Brothers Co. supermarket company whose financial information was compromised during a data breach dominated an oral argument at the 1st U.S. Circuit Court of Appeals.
The Sept. 8 hearing in Anderson v. Hannaford Brothers Co. concerned the appeal of a May 2009 order by District of Maine Judge D. Brock Hornby that rejected most of the plaintiffs’ claims.
Read about some of the exchanges between the judge and attorneys during oral argument on Law.com.


“No good deed goes unpunished”
Two years later, Texas parent who reported a breach gets prosecutors off his back and his laptop returned
September 13, 2011 by admin
A Texas parent who reported a school district security breach involving sensitive student records spent the next two years facing federal charges and trying to get his laptop back
Back in August 2009, DataBreaches.net reported that a parent had his work and personal computers seized by the FBI after he reported a security breach to his child’s school district, Leander ISD, and the Texas Education Agency. The parent, Mark Short, had discovered a working login on the district’s web site for a vendor-maintained database of students’ educational records. Having not received all of his child’s records that he had requested under FERPA (the federal law that gives parents the right to inspect all of their children’s education records), Short explored the database enough to confirm that it contained additional records on his child as well as sensitive information on other students. Short then notified the district of their security lapse and filed a complaint with the state.
Rather than thanking him for alerting them to their security gaffe and FERPA noncompliance, the district reportedly referred the matter to law enforcement, who treated him as a criminal.
Short informed DataBreaches.net that his personal laptop was seized by FBI agents without a search warrant “under the guise of concluding the investigation.” Short claims that he was not informed that he could refuse, and that after the FBI hung on to the computer for one week and he started insisting on its return, the FBI first obtained and served him with a search warrant for the laptop they had already seized.
Short has kept DataBreaches.net apprised of the case over the past two years, and now reports:
Two years after the FBI seized my personal property and just two days before a scheduled hearing to force the return of my computer, the US District Attorney has decided to not prosecute and return my computer.
This is after I was offered plea agreements two or more times and refused. Then I would get threatened that I would face prosecution if I did not accept.
The entire situation has been costly for Short, who lost his job due to the FBI showing up his workplace and seizing his work computer. It also created significant family stress. Short tells DataBreaches.net:
This has been a huge “pain in the ass” in order to assert individual rights and force a return of personal property – potentially improperly obtained; however, the government has really exceeded their mandate in this case. For them to seize my computer, refuse to return it (even after two years) without even making a formal charge is insane.
I can see why some people would rather just give-in to the federal government and simply forfeit their personal property. However, I cannot do that and allow the continued erosion of individual constitutional rights and freedoms.
In the meantime, the school district that had failed to turn over all his child’s records and that had failed to adequately secure access to the outsourced records has incurred no penalty for noncompliance with FERPA’s requirement nor for the breach.
What’s wrong with this picture?


Do you suppose this will come to the US? How powerful is the advertising lobby?
Google Lets Wi-Fi Owners Opt Out of Registry
September 14, 2011 by Dissent
Kevin J. O’Brien reports:
Google defused a confrontation with European privacy regulators by announcing on Tuesday that it would give the owners of Wi-Fi routers worldwide the option of removing their devices from a registry Google uses to locate cellphone users.
The change was made less than four months after European regulators warned that the unauthorized use of data sent by Wi-Fi routers violated European law. Google and other companies use the signals from Wi-Fi routers as navigational beacons, helping them pinpoint the locations of nearby cellphone users.
Read more on the New York Times.


This has been a SciFi staple for years.
Your face — and the Web — can tell everything about you
September 13, 2011 by Dissent
Bob Sullivan has an absolutely chilling article on Red Tape that I wish were SciFi but isn’t:
Imagine being able to sit down in a bar, snap a few photos of people and quickly learn who they are, who their friends are, where they live, what kind of music they like … even predict their Social Security number.
Now, imagine you could visit one of those anonymous online dating sites and quickly identify nearly every person there, just from their photos, despite efforts to keep their online romance search a secret.
Such technology is so creepy that it was developed, and withheld, by Google — the one initiative that Google deemed too dangerous to release to the world, according to former CEO Eric Schmidt.
Too late, says Carnegie Mellon University researcher Alessandro Acquisti.
That genie is already out of the bottle,” he said Thursday, shortly before a presentation at the annual Las Vegas Black Hat hackers’ convention that’s sure to trouble online daters, bar hoppers and anyone who ever walks down the street.
Using off-the-shelf facial recognition software and simple Internet data mining techniques, Acquisti says he’s proven that most people can now be identified simply through a photograph of their face — and anyone can do the sleuthing. In other words, our faces have become our identities, and there little hope of remaining anonymous in a world where billions of photographs are taken and posted online every month.
Read more on Red Tape.


We have a “Software Security Engineering” class, which is really an eye opener for our students. Changes the way they think about building applications.
"Perhaps no segment of the security industry has evolved more in the last decade than the discipline of software security. At the start of the 2000s, software security was a small, arcane field that often was confused with security software. But several things happened in the early part of the decade that set in motion a major shift in the way people built software ... To get some perspective on how far things have come, Threatpost spoke with Gary McGraw of Cigital about the evolution of software security since 2001."

Tuesday, September 13, 2011


Another card processor (a la Heartland?) or “merely” a poor local installation?
WI, TN: Up to 40,000 credit and debit cards exposed in data breach
September 12, 2011 by admin
Credit and debit cards used at Vacationland Vendors arcade games in Wisconsin Dells may be affected by a data breach.
Vacationland Vendors, Inc., a supplier of arcade equipment and vending machines to businesses, announced Monday that up to 40,000 cards used at its Wisconsin Dells and Sevierville, Tenn., arcades may have been exposed, according to a business press release.
The company discovered that a hacker gained unauthorized access to its card processing systems at Wilderness Waterpark Resort in the Dells and Wilderness at the Smokies in Sevierville , said Bill Bray, spokesperson for the Wisconsin Dells-based Vacationland Vendors.
[...]
The breach occurred March 22, according to the release.
Read more on fdlreporter.com.
A statement on Vacationland Vendors’ web site says:
An Important Notice to our Customers
This notice pertains to any customer who used a credit card or debit card at the Wilderness Resorts in Wisconsin or Tennessee from December 12, 2008 to May 25, 2011. In advance, Vacationland Vendors apologies for any inconvenience that you may experience from the circumstances described below.
Vacationland Vendors recently discovered that an unauthorized person wrongfully accessed certain parts of the point of sales systems that Vacationland Vendors uses to process credit and debit transactions at the Wilderness Resorts. Based upon its investigation to date, Vacationland Vendors reasonably believes that a computer hacker improperly acquired credit card and debit information. This incident did not involve an internal security issue [Are they blaming the card swipe machine? Bob] within the Wilderness Resort. Vacationland Vendors has learned that other businesses just like its’ own have been affected by this computer hacker.
Vacationland Vendors has moved swiftly to address this unfortunate incident and is working with an outside consultant to ensure that its point of sale systems are secure and protected from any further intrusions.
If you have used your credit card or debit card at the Wilderness Resort locations from December 12, 2008 through May 25, 2011, please consider taking the following immediate steps in order to prevent the unauthorized and unlawful use of your personal information:
[...]
I don’t see any explanation of why they retained card numbers going back to December 2008.


Is this based on fear of the Privacy Commissioner or failure to understand the law?
By Dissent, September 13, 2011
I’ve often commented how entities shield the names of rogue employees or contractors. Here’s a letter to an editor from Ann Cavoukian, Information Privacy Commissioner for Ontario, about the paper’s coverage of an insider privacy breach:
Your article suggests the North Bay and District Hospital was unable to reveal to patients the name of the nurse who had inappropriately accessed their files. Why?
The reason given was the privacy of the nurse. To be clear, in my orders under the Personal Health Information Protection Act (PHIPA) I have consistently said that an individual whose health record has been accessed by an unauthorized staff person has a right to know how the organization has responded to the breach.
Privacy considerations do not prevent the identity of the staff member responsible for the breach being disclosed to the affected individuals.
In this case, there were most likely other reasons why the hospital chose not to identify the responsible nurse, for example, their human resources practices. However, privacy is not the problem – it does not present a barrier to such disclosure.
Ann Cavoukian
Information Privacy Commissioner
Update: The paper now reports that the hospital will reveal the name – but only to those who have received notification letters. [And they (or their lawyers) will tell the press... Bob]


Time is money.
"A new transatlantic cable (the first in 10 years) is going to be laid at the cost of $300M. The reason? To shave 6ms off the time to transmit packets from London to New York. The Hibernian Express will reduce the current transmission time — roughly 65 milliseconds — by less than ten percent. However, investors believe the financial community will be lining up to pay premium rates to use the new cable. The article suggests that a one-millisecond advantage could be worth $100M per year to a large hedge fund."

(Related) Apparently, a lot of articles start with “Facebook sucks”
Facebook sucks up Americans' time
The folks at Nielsen have confirmed what we've long suspected--we waste more time on Facebook than anywhere else. The famed media metrics and ratings company says in its latest social-media report that Americans spend more time on Facebook than any other destination on the Web--about 53 billion total minutes in the month of May 2011 alone.


Something I tell my students every quarter...

Monday, September 12, 2011


“Anything, anywhere, anytime – and we get to choose who gets prosecuted and who gets mailed to Guantanamo.
Comments on DOJ’s Defense of The Broad View of “Exceeds Authorized Access” in the Computer Fraud and Abuse Act — And A Proposed Statutory Fix
September 12, 2011 by Dissent
Orin Kerr writes:
In his post below, Stewart Baker writes that DOJ official James Baker “gave a persuasive defense” of the broad view of that the Computer Fraud and Abuse Act should apply to Terms of Service violations and employee restrictions on computers. In this post, I want to explain why I don’t find DOJ’s defense of existing law persuasive. I will then propose a statutory fix to reconcile DOJ’s concerns with the concerns of the CFAA’s critics — critics including myself.
Read more on The Volokh Conspiracy.
[From the article:
But here’s the problem. The Computer Fraud and Abuse Act does not only protect particularly sensitive or valuable information. Instead, the statute protects access to any information, no matter of what source or kind, protected by any restriction, no matter of how silly or serious, stored inside any computer, no matter of what nature or importance, located anywhere in the galaxy that the Commerce Clause can reach.


The US Tax Code is always amusing...
Rich Tax Breaks Bolster Makers of Video Games
… Because video game makers straddle the lines between software development, the entertainment industry and online retailing, they can combine tax breaks in ways that companies like Netflix and Adobe cannot. Video game developers receive such a rich assortment of incentives that even oil companies have questioned why the government should subsidize such a mature and profitable industry whose main contribution is to create amusing and sometimes antisocial entertainment.
For example, Electronic Arts of Redwood City, Calif., shipped more than two million copies of Dead Space 2 in the game’s first week on the market this year. It shows a total of $1.2 billion in global profits the last five years using an accounting method that management says captures its operating profits.
But largely because of deferred revenue, deductions for executive stock options and a variety of accounting requirements, the company officially reports a net loss for the period. And the company reports that it paid out $98 million in cash for taxes worldwide in those years.
Neither corporations nor the government make tax returns public, and the information most companies disclose in their regulatory filings is insufficient to determine how much they pay in federal taxes and how that compares to the official United States corporate rate of 35 percent.
All told, the federal government gave $123 billion in tax incentives to corporations in 2010, according to the Joint Committee on Taxation, with breaks for groups and people as diverse as Nascar track owners, mohair producers, hedge fund managers, chicken farmers, automakers and oil companies.


A very handy tool!
FeedDude
FeedDude lets you create an RSS feed from any web site on the Internet. If your favorite web site doesn't provide an RSS feed, you can generate one here for free. The service is easy to use and free for non commercial use. Try it out now!


Just follow the lines – it makes perfect sense!
This infographic was designed by Intel.
Click here for the larger view.

Sunday, September 11, 2011


This looks phishy. Apple can ID your phone, but allows apps “you” purchase to be installed on other phones (e.g. your family) This could be bigger that it seems. Suppose there is a hack that allows them to take (erase) all the credit on all the gift cards in one 'swell foop'
"Back on November 28, 2010, somebody started a thread on Apple's support forums about someone spending more than $50 of his iTunes Store credit on iPhone apps. That discussion thread has since swelled to more than 45 pages, with nearly 700 posts. 'Someone — or some group of someones — seems to be able to spend iTunes gift card credit without permission, buying apps that users don't want. And whoever's doing the hacking seems pretty good at it: Hundreds of users have seen their iTunes credit stolen, and the hack shows no signs of slowing, ten months after it was first reported.' Apple has refunded certain accounts, but not in all cases. Apple suggests that the hack stems from weak, easily guessable passwords, and/or phishing attacks where customers are fooled into entering their passwords into hackers' forms."


It starts as: “Let us remind you where you parked...” Once the database is built, they will know when you visit the mall and for how long. Tie that to facial recognition inside and they can tell which stores you visit. Sell that to the stores and they can tell how much money you spend, what products you purchase and what size shoe you wear...
"Westfield Group, one of the largest shopping centre (mall) operators in the world, has launched a find-my-car iPhone app. The system uses a series of license plate reading cameras dotted throughout their multi-level car parks. Westfield said police could also use it to find stolen or unregistered vehicles. (Hello, slippery slope.) Initially launched in just one Sydney centre, it will be rolled-out to others if the trial is successful."


Save the trees!
September 10, 2011
BookStats Publishing Formats Highlights
The Association of American Publishers - BookStats Publishing Formats Highlights: "e-books and other non-physical formats - "The consistent, growing popularity of e-books and apps are a major success story in content formats, even in advance of data for 2011, which is currently tracking high e-format sales. Highlights:
  • e-books have grown from 0.6% of the total Trade market share in 2008 to 6.4% in 2010. While that represents a small amount in the total market for formats, it translates to 1274.1% in publisher net sales revenue year-over-year with total net revenue for 2010 at $878 Million.
  • Net unit sales growth for e-books was equally impressive, increasing 1039.6% for the same three-year period. In 2010, e-book net units were 114M.
  • Beyond the top-level format figures, the explosive growth of e-books is even more visible when considering certain categories. In Adult Fiction, e-books are now 13.6% of the net revenue market share.


You know I couldn't make this stuff up – not that I won't try.
Facebook more crucial than having a toilet--survey