That “something is fishy” feeling
still remains. If use of Carrier-IQ software is entirely legitimate
and beneficial, how come everyone is backing away form them? “We
no longer need to know why our phones are failing?”
Sprint
disables Carrier IQ software on its handsets
December 16, 2011 by Dissent
Jaikumar Vijayan reports:
Sprint, the biggest
user of Carrier IQ’s software, said Friday it has disabled use
of the tool in response to customer concerns.
The wireless
carrier is no longer collecting data using the tool and is evaluating
its options regarding the software going forward, the company said in
an emailed statement.
Read more on Computerworld.
(Related)
An anonymous reader writes with a
report that Sprint, in an attempt to extricate itself from the
Carrier IQ drama, has "ordered that all of their hardware
partners remove
the Carrier IQ software from Sprint devices as soon as possible."
Sprint confirmed that they've disabled the use of Carrier IQ on
their end, saying, "diagnostic information and data is no longer
being collected." The software is currently installed on
roughly 26 million Sprint phones, though the company has only been
collecting
data from 1.3 million of them.
The law is changing for the better?
(update)
Michaels Stores Still PINned beneath Payment Card Skimming Lawsuit
December 16, 2011 by admin
Ah, I missed a ruling. Thankfully,
Brendon Tavelli didn’t. He writes:
In May 2011,
Michaels Stores reported that “skimmers” using modified PIN pad
devices in eighty Michaels stores across twenty states had gained
unauthorized access to customers’ debit and credit card
information. Not a pretty picture for Michaels. Lawsuits soon
splattered on the specialty arts and crafts retailer, alleging a
gallery of claims under the Stored Communications Act (“SCA”),
the Illinois Consumer Fraud and Deceptive Business Practices Act
(“ICFA”), and for negligence, negligence per se, and breach of
implied contract.
Late last month,
U.S. District Court Judge Charles Kocoras ruled
on Michaels’s motion to dismiss. Some claims were dismissed,
but others survived. The opinion presents a broad-brush survey of
potential data security breach claims, with some fine detail and
local color particular to this variety of criminal data security
breach.
Read more on Proskauer Privacy
Law Blog.
[From the article:
PIN pads aren’t a communications
service under the SCA.
In dispensing with those claims that
plaintiffs “artfully tailor[ed]” to the language of the SCA, the
court ruled that Michaels’ provision of PIN pads enabling consumers
to pay by credit or debit card did not amount to the provision of
“electronic communications services” or “remote computing
services” as contemplated by the SCA. According to the court, the
plaintiffs failed to allege either that Michaels provided the
underlying service that transported consumer credit and debit card
data or that Michaels provided any off-site computer storage or
processing services. Thus, the plaintiffs’ SCA claims failed.
Michaels didn’t deceive, but it may
have been unfair.
The court next considered the
plaintiffs’ claims under Illinois consumer law. The plaintiffs
alleged that Michaels committed both a deceptive and an unfair trade
practice by failing to take proper measures to secure access to PIN
pad data.
The court rejected the plaintiffs’
deception theory because the plaintiffs failed to identify any
communication by Michaels that contained a deceptive
misrepresentation or omission. But the court went the other way on
plaintiffs’ unfair trade practice claim, in part because Michaels
is alleged to have failed to implement PCI PIN Security Requirements
that might have thwarted the skimmers.
Lastly, relying on the First Circuit’s
“persuasive” reasoning in Anderson v. Hannaford Bros., 2011 WL
5007175 (1st Cir. Oct. 20, 2011), see our Anderson
blog post, the court concluded that the
plaintiffs’ allegations “demonstrate the existence of an implicit
contractual relationship between Plaintiffs and Michaels,
which obligated Michaels to take reasonable measures to protect
Plaintiffs’ financial information and notify Plaintiffs of a
security breach within a reasonable amount of time.”
Local, unfortunately. Doesn't everyone
already have the lyrics memorized?
'Internet
is for Porn' pops up during House SOPA debate
A two-day debate in the House Judiciary
committee--which has been postponed
until at least next Wednesday and perhaps until 2012--was interrupted
by the appearance of the popular meme "The Internet is for
Porn."
Rep. Jared Polis, a Colorado Democrat
who presumably knows his way around the Internet better than any
other member of Congress (he founded BlueMountainArts.com), was the
committee member who decided to bring up the prevalence of online
porn. (See CNET's Q&A
with Polis earlier this week.)
A "high percentage" of the
Internet's use is for porn, Polis said. It's "a pornographer's
wet dream!"
Polis then offered an amendment that
would stop the Justice Department from using SOPA's vast powers to
aid adult industry businesses who happen to hold valid copyrights.
"Pornography should not be the focus of the attorney general's
protection," he said.
It was a brilliant tactical maneuver.
First, it delayed discussions while members of the august Judiciary
committee wrangled with how to handle this unusual conversational
detour. Second, it put SOPA-supporting chairman Lamar Smith, a
conservative
Republican whose district is largely Texas Hill Country, on the
defensive by appearing to show him siding with the
intellectual-property rights of people who create triple-X movies.
… Polis, whose district includes
the progressive enclave of Boulder, Colo., presumably wasn't too
serious in offering his antiporn amendment (PDF),
[The lyrics:
The future, the present or the past?
"As the price of digital
storage drops and the technology to tap electronic communication
improves, authoritarian governments will soon be able to perform
retroactive surveillance on anyone within their borders,
according to a Brookings Institute report. These regimes will store
every phone call, instant message, email, social media interaction,
text message, movements of people and vehicles and public
surveillance video and mine it at their leisure, according to
'Recording
Everything: Digital Storage as an Enabler of Authoritarian
Government,' written by John Villaseno, a senior fellow at
Brookings and a professor of electrical engineering at UCLA."
Always interesting to see what the
government thinks it's doing..
December 15, 2011
Blueprint
for a Secure Cyber Future: The Cybersecurity Strategy for the
Homeland Security Enterprise
"The
Blueprint for a Secure Cyber Future builds on the Department
of Homeland Security Quadrennial Homeland Security Review
Report’s strategic framework by providing a clear path to create a
safe, secure, and resilient cyber environment for the homeland
security enterprise. With this guide, stakeholders at all levels of
government, the private sector, and our international partners can
work together to develop the cybersecurity capabilities that are key
to our economy, national security, and public health and safety. The
Blueprint describes two areas of action: Protecting our Critical
Information Infrastructure Today and Building a Stronger Cyber
Ecosystem for Tomorrow. The Blueprint is designed to protect our most
vital systems and assets and, over time, drive fundamental change in
the way people and devices work together to secure cyberspace. The
integration of privacy and civil liberties protections into the
Department’s cybersecurity activities is fundamental to
safeguarding and securing cyberspace."
- The Atlantic Council: The New US “Blueprint” for National Cyber Security
[From the Atlantic
Council article:
However, for many years, the United
States government has been unsuccessfully trying to defeat cyber
criminals, balance security and privacy, and create a secure
cyberspace. As noted by the Government
Accountability
Office, the
department has had problems executing this mission and it is not
clear that this Blueprint and its recently released brethren will be
sufficient to pull us out of this long dive.
(Related) Haven't we seen this before?
Governmental
Tracking of Cell Phones and Vehicles: The Confluence of Privacy,
Technology, and Law
December 16, 2011 16:04 Source:
Congressional Research Service
From the summary:
This report will
briefly survey Fourth Amendment law as it pertains to the
government's tracking programs. It will then summarize federal
electronic surveillance statutes and the case law surrounding cell
phone location tracking. Next, the report will describe the
GPS-vehicle tracking cases and review the pending Supreme Court GPS
tracking case, United States v. Jones. Finally, the report will
summarize the geolocation and electronic surveillance legislation
introduced in the 112th Congress.
Direct
link to full report (PDF; 341 KB)
Not the first time that the Copyright
army has overstepped the actual ruling. No one bothers to see what
the courts actually ruled? No simple way to preempt these lawsuits?
"The Belgian Anti-Piracy
Federation (BAF), has been threatening ISPs into expanding
their blockade of thepiratebay. Recently they
have been sending threatening letters to various other ISPs which
were not involved with the original judgment to
block thepiratebay. The letter 'kindly requests' that all ISPs
voluntarily block thepiratebay, or BAF will bring legal action
against them. The ISP BASE
has succumbed to these legal threats. Also, many of the same Belgian
ISPs have taken it one step further and also blocked the DNS for
depiraatbaai.be.
depiraatbaai.be was setup by thepiratebay as an alternative domain
which directs users to the piratebay's servers to circumvent DNS
censorship. For those who can't wait for The Pirate Bay to set up
new alternative domains, a full working mirror of the site still
exists at malaysiabay.org,
which was originally set up to circumvent the piratebay
block in Malaysia."
It beats IE8, but not all versions
taken together... (Is that why Microsoft is going to force updates?
So they can consolidate all their versions and remain on top?)
December 16, 2011
Reports
that Google Chrome Overtakes IE 8 in Global Market
Technolog:
"Ireland-based StatCounter — which posts Web analytics based
on aggregate data it collects from a sample exceeding 15 billion
pageviews per month (including 4 billion in the U.S.), collected from
the StatCounter network of more than 3 million websites — released
a statement about Chrome 15's ascension, humbling the initial
enthusiasm of any Google devotee when it also made it clear that in
the U.S., reports of IE's demise are still premature. According to
StatCounter, it was still able to capture 27 percent of browser
action last week, compared to 18.1 percent for Chrome 15."
Interesting infographic.
The
Rise of The Digital Doctor
For my Ethical Hackers...
… While we all trust antivirus
software and anti-malware programs like IOBit
or MalwareBytes
to identify those nasty varmints, the truth is that sometimes things
slip through the cracks.
Luckily, there is a new tool you can
use to manually go through and clean up those evil processes.
The bottom line is that any malware is
typically meant to run in some form on your PC, and somehow transmit
information into or out of your computer via the Internet.
A very simple utility called
CloseTheDoor
lets you probe into the processes that are running on your computer,
and analyze those processes at a level that usually requires a
professional. The reason you can do this is because CloseTheDoor
makes the analysis very simple and logical, putting all of the tools
you need in one place.
Perspective
Worth a read...
100
Excellent Hints and Tips for every Computer User
Dilbert shows how Smartphones will
subjugate humans...