Saturday, June 17, 2006

Laptop Stolen From D.C. Home With Personal Data of 13,000

Lyndsey Layton writes in The Washington Post:

A laptop containing personal data -- including Social Security numbers -- of 13,000 District workers and retirees was stolen Monday from the Southeast Washington home of an employee of ING U.S. Financial Services, the company said yesterday.

ING, which administers the District's retirement plan, known as DCPlus, notified the city about the theft late Friday.

The company is mailing a letter to all affected account holders to alert them to the risk of someone using the information to commit identity theft, spokeswoman Caroline Campbell said. The company is also telling customers that it will set up and pay for a year of credit monitoring and identity fraud protection.

The laptop was not protected by a password or encryption.

More here.

18 June 1983: First American Woman in Space


Sally Ride
Image source: Wikipedia

Via The History Channel Online.

From Cape Canaveral, Florida, the space shuttle Challenger is launched into space on its second mission. Aboard the shuttle was Dr. Sally Ride, who as a mission specialist became the first American woman to travel into space. During the six-day mission, Ride, an astrophysicist from Stanford University, operated the shuttle's robot arm, which she had helped design.

Her historic journey was preceded almost 20 years to the day by cosmonaut Valentina V. Tereshkova of the Soviet Union, who on June 16, 1963, became the first woman ever to travel into space. The United States had screened a group of female pilots in 1959 and 1960 for possible astronaut training but later decided to restrict astronaut qualification to men.

In 1978, NASA changed its policy and announced that it had approved six women to become the first female astronauts in the U.S. space program. The new astronauts were chosen out of some 3,000 original applicants. Among the six were Sally Ride and Shannon Lucid, who in 1996 set a new space endurance record for an American and a world endurance record for a woman during her 188-day sojourn on the Russian space station Mir.

More here.

Awesome Tech: Dog Brain in a Dish Plays Quake 3: Arena

Image source: Engadget

Paul Miller writes over on Engadget:

Don't get all PETA on us, we're just the messenger, but a University of Texas scientist has grown a living "brain" in a petri dish using 50,000 nerve cells from a dog.

We're sure there are many noble things to be done with a brain in a dish, but this scientist has instead opted for a bit of Quake 3: Arena. Sure, he says it's all about "how the brain makes decisions based on enormous amounts of real time information," so that "we can design adaptable computer systems capable of better pattern recognition."

But we know he just wanted a better alternative to getting completely pwned in Online multiplayer. The brain is hooked up to the game via 120 electrodes, and while at first the neurons in the dish are separate and unconnected, over time they start to naturally form connections and fragging like only a brain in a dish can. Be sure to check videos of the Quake 3 action, which track the progress from 4 hours of learning all the way to 9 days of learning.

More here.

User Friendly: Wanna Buy a Domain?


Click for larger image.

U.S. Government Asserts It Is Above the Law

Via EFF Deep Links.

Late last night, the Government filed its reply brief, providing a last round of written briefing in advance of next week's hearing in our case against AT&T for colloborating with the Government's surveillance program. Finally the Administration has come out and flatly said what it has hinted at throughout its arguments: that the Program is above the law. The Government wrote that:

the court—even if it were to find unlawfulness upon in camera, ex parte review—could not then proceed to adjudicate the very question of awarding damages because to do so would confirm Plaintiffs’ allegations. (emphasis added)

Essentially the Government is saying that, even if the Judiciary found the wholesale surveillance program was illegal after reviewing secret evidence in chambers, the Court nevertheless would be powerless to proceed, because the Executive has asserted that the Program, which has been widely reported in every major news outlet, is nevertheless still such a secret that the Judiciary (a co-equal branch under the Constitution) cannot acknowledge its existence by ruling against it. In short, the Government asserts that AT&T and the Executive can break the laws crafted by Congress, and there is nothing the Judiciary can do about it.

More here.

Gapingvoid: Get a Clue, or Die

Via Enjoy!

Researchers Find Technique to Quickly Erase Hard Drives

An EE Times article by R. Colin Johnson, via VAR Business, reports that:

In 2001, an American spy plane collided in the air with a Chinese fighter and was forced to land on Chinese island. Since then, researchers have been looking for a way to quickly erase computer hard drives to deny access to sensitive intelligence data.

Scientists at the Georgia Institute of Technology (Atlanta), working with L-3 Communications Corp. (New York), said they have developed a technique for quickly erasing hard-disk drives. The team reports development of a prototype fast-erasure system to prevent sensitive information from reaching enemy eyes.

More here.

802.11 pre-N Routers Running Into Issues

Via Gizmodo.

Not only are most of the the pre-N and draft-N routers on the shelves today going to be incompatible with the final spec, they’re incompatible with 802.11b/g products (and with each other). Three chipsets are on the market today that are being used in these N routers: Airgo, Broadcom and Marvell. In tests, Airgo received the highest speeds, but completely obliterated any 802.11b/g router in the vicinity. Broadcom and Marvell wasn’t as bad, but they still interfered with legacy gear.

What this means is if you’re using both 802.11n and 802.11b/g in your home, all your b/g gear will have loads of problems when your newer wireless is in use. And just forget about using this in an apartment complex, where many wireless routers are close together—your neighbors will be pissed. The problem could be solved if you were to use a high gain antenna with your N gear, but nobody really uses it until they need range, but if you need range that means nobody is close enough to you anyway.

More here.

AT&T's Naked DSL Won't Save Subscribers Much

Ryan Kim writes in The San Francisco Chronicle:

AT&T quietly rolled out standalone DSL broadband service for the first time this week, giving consumers the choice to drop their home phone land lines.

But before you get rid of your home phone line, be warned: The savings are only about $1 a month.

Some customer advocates had hoped that unbundling DSL and phone service might save many households at least $15 a month. DSL costs $29.99 a month, but AT&T (formerly SBC) also required subscribers to use its telephone service, which with taxes comes to about $16 per month. All told, the entire package is about $46 a month.

But if subscribers just use Internet service and forgo a phone line, which is appealing to many who rely on a cell phone, they might be able to realize some significant savings. That is, if AT&T continued to price its DSL at $29.99 a month.

More here.

Friday, June 16, 2006

17 June 1789: The Third Estate Declares Itself a National Assembly in France


Via Wikipedia.

The formation of the National Constituent Assembly marked the end of the Estates-General, but not of the three estates. The momentum continued rapidly in that direction. On August 4, 1789, seigneurial dues were abolished, along with religious tithes. The nobility were subjected to the same taxation as their co-nationals, but for the moment they retained their titles.

Notions of equality and fraternity would soon triumph over official recognition of a noble class. Some nobles such as the Marquis de Lafayette supported the abolition of legal recognition of nobility, but even some other liberal nobles who had happily sacrificed their fiscal privileges saw this as an attack on the culture of honor.

Nonetheless, the French Nobility was disbanded outright by the National Constituent Assembly on June 19, 1790, during the same period in which they were debating the Civil Constitution of the Clergy.

More here.

UserFriendly: Register Everything


Click for larger image.

SCADA Industry Debates Flaw Disclosure

Robert Lemos writes on SecurityFocus:

The outing of a simple crash bug has caused public soul-searching in an industry that has historically been closed-mouthed about its vulnerabilities.

The flaw, in a particular vendor's implementation of the Inter-Control Center Communications Protocol (ICCP), could have allowed an attacker the ability to crash a server.

Yet, unlike corporate servers that handle groupware applications or Web sites, the vulnerable server software--from process-control application maker LiveData--monitors and controls real-time devices in electric power utilities and healthcare settings. The best known types of devices are supervisory control and data acquisition (SCADA) devices and distributed control system (DCS) devices.

More here.

Netcraft: PayPal Security Flaw Allows Identity Theft

Fraudsters manipulating content on genuine PayPal site.
Image source: Netcraft

Via Netcraft.

A security flaw in the PayPal web site is being actively exploited by fraudsters to steal credit card numbers and other personal information belonging to PayPal users. The issue was reported to Netcraft today via our anti-phishing toolbar.

The scam works quite convincingly, by tricking users into accessing a URL hosted on the genuine PayPal web site. The URL uses SSL to encrypt information transmitted to and from the site, and a valid 256-bit SSL certificate is presented to confirm that the site does indeed belong to PayPal; however, some of the content on the page has been modified by the fraudsters via a cross-site scripting technique (XSS).

More here.

Update: Apparently this has been fixed.

Data-Thieving Worm Targets Orkut Users

Joris Evers writes on C|Net News:

A new worm that attempts to steal online banking credentials is propagating on Google's social-networking Web site, a security company warned Friday.

The worm, dubbed MW.Orc, primarily targets Brazilian users of Google's Orkut Web site. It uses a message in Portuguese to entice people to click on a file that is disguised as a JPEG image, FaceTime Security Labs said in a statement.

More here.

U.S. Arrests 2 for Stealing Chip Secrets

Via UPI.

Federal agents Friday arrested two Bay Area men who allegedly used stolen trade secrets to start their own Silicon Valley semiconductor company.

The U.S. Attorney's office said Lan Li of Palo Alto and Yuefei Ge of San Jose were released on bond following their initial appearance before a federal magistrate on five counts of theft of trade secrets and conspiracy to steal trade secrets.

The pair allegedly pinched secret information from their employers -- NetLogics Microsystems and Taiwan Semiconductor Manufacturing Corp. -- and used it to establish their own company, SICO Microsystems.

More here.

Australian Nuke Plant Mishaps Give Rise to Concerns

Via UPI.

Concerns have been raised about worker safety at Australia's sole nuclear power plant after three incidents in 24 hours.

The Australian reported on June 16 that one worker was sent to the Royal Prince Alfred Hospital after radioactive material splashed into his eye, while another worker at the plant was exposed when radioactive material splashed his garments and boots.

The Lucas Heights nuclear reactor was forced to ration supplies of an isotope used for medical scans after an earlier accident halted production, halving the weekly shipments of diagnostic isotopes to hospitals in Sydney, Melbourne, Adelaide, Perth and Brisbane.

A week ago a pipe ruptured about one third of a mile from the reactor, expelling a plume of radioactive gas into the atmosphere. Lucas Heights officials insisted that the "puff of gas" was harmless to the public.

More here.

Cisco Secure ACS for Unix Cross-Site Scripting Vulnerability

Via Secunia.

A vulnerability has been reported in Cisco Secure ACS for Unix, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to specified parameters in LogonProxy.cgi is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability has been reported in Cisco Secure ACS for Unix. Cisco Secure ACS for Windows and Cisco Secure ACS Solution Engine are reportedly not affected.

Apply patch.

Provided and/or discovered by:
The vendor credits Thomas Liam Romanis and Fujitsu Services Limited.

Original Advisory:

More here.

Data-Loss Disclosure Falls Short

David Lazarus writes in The San Francisco Chronicle:

Another day, another data leak. Today I bring news of railroad operator Union Pacific, which can make trains run on time throughout California but apparently can't keep track of confidential info affecting its own employees and retirees.

The company recently sent letters to workers acknowledging that an "employee's personal computer" was stolen on April 29. It said the computer contained data for "many" current and former Union Pacific employees, including names, birth dates and Social Security numbers.

No other details were provided.

Before we delve deeper into this latest case of missing info, it's worth noting (yet again) how unacceptable it is that companies believe they can get away with providing the barest minimum of disclosure when employees or customers are exposed to a potentially devastating risk of fraud and identity theft.

More here.

TSA Criticized Over Terrror Watch-List Flaws

Via UPI.

Members of the U.S. Congress have called for improvements in the Transportation Security Administration's terrorist watch list.

The congressional critics cited the detainment of frequent fliers with names similar to those of suspected terrorists as one major problem plaguing the TSA's watch list program, reported Thursday.

As more terrorists' identities emerge, the list is growing ever longer. Improved algorithms are needed to both narrow the search for potential hijackers and expedite the boarding process for scores of innocent passengers, according to several members of the Homeland Security Subcommittee on Intelligence, Information Sharing and Terrorism Risk Assessment of the U.S. House of Representatives.

More here.

Gapingvoid: This Business Model HAS to Work!

Via Enjoy!

IPTV Testing Methodology Goes Standard

Ray Le Maistre writes on Light Reading:

If you hadn't heard of MDI (Media Delivery Index) a month ago, there's a good chance you'll know about it now, especially if you went to this month's Globalcomm show in Chicago.

That's because it was the tag du jour of some of the major test and measurement firms that were touting their IPTV capabilities on the show floor.

MDI is a measure of video quality, in the same way that MOS (mean opinion score) is used as a measure of voice quality. It provides an "at-a-glance" indicator of IP jitter and packet loss using data gathered by network probes, and is expressed as a "delay factor" and "media loss rate."

But it's nothing new: Specialist IPTV test firms like Bridge Technologies Co AS and IneoQuest Technologies Inc. have been singing from the MDI hymn sheet for months, and in IneoQuest's case, years.

More here.

New Jersey Divorce Case: Husband 'Wiretaps' Spouse's Computer

Declan McCullagh writes on C|Net News:

Peter Garfinkel, 41, asked for a divorce from his wife of six years, Lori Garfinkel, 38, in March 2001. They had separated earlier that month, and Lori remained in the marital home with three children under 3 years old.

After her husband started court proceedings for a divorce, Lori Garfinkel filed a counterclaim alleging the following: transmission of sexual disease, negligent infliction of emotional distress, intentional infliction of emotional distress and wiretapping.

During the trial in state court, the judge dismissed Lori's claims related to sexual disease and emotional distress. But Peter admitted to "wiretapping" Lori's computer.

The description is general: Peter used an unspecified monitoring device to track his wife's computer transactions and record her e-mails. Lori was granted $7,500 on the wiretapping claim.

More here.

Sendmail Developing Open-Source Plans

Tom Espiner writes on C|Net News:

Sendmail is close to releasing some of its propietary e-mail software under an open-source license.

The company has a long involvement in the collaborative software movement. It sells proprietary software that works with a popular open-source component, also called Sendmail, used to transfer e-mail from one server to another.

It hinted back in April that it may release some of its tools to open source, and Eric Allman, the original developer of the software and Sendmail's chief science officer, gave an update on the plans this week.

More here.

European Anti-Trust Officials Cautious About iTunes Attack

David Lawsky writes for Reuters:

European competition officials are wary about proposals to crack open Apple Computer's iTunes Web store to other music players, despite concerns shown by consumer advocates.

The French parliament is debating a new copyright bill that would require Apple to permit iTunes music to play on devices other than its iPod.

Scandinavian ombudsmen have said they may act, and others in the European Union are also contemplating doing so.

But Philip Lowe, director general of competition at the European Commission, said that although some member states believed there should be open access to all Web sites, he wanted to wait.

More here.

Thursday, June 15, 2006

16 June 1963: First Woman in Space


Cosmonaut Valentina Tereshkova
On June 16, 1963 Valentina was the first woman in space with 48 orbits totaling 70 hours and 50 min.
Image source: Wikipedia

Via The History Channel Online.

On June 16, 1963, aboard Vostok 6, Soviet Cosmonaut Valentina Tereshkova becomes the first woman to travel into space. After 48 orbits and 71 hours, she returned to earth, having spent more time in space than all U.S. astronauts combined to that date.

Valentina Vladimirovna Tereshkova was born to a peasant family in Maslennikovo, Russia, in 1937. She began work at a textile factory when she was 18, and at age 22 she made her first parachute jump under the auspices of a local aviation club. Her enthusiasm for skydiving brought her to the attention of the Soviet space program, which sought to put a woman in space in the early 1960s as a means of achieving another "space first" before the United States.

More here.

Verizon Will Unveil TV Deal with PBS on Friday

A Reuters newswire article, via USA Today, reports that:

Verizon Communications will announce Friday an agreement to carry public television programming on its new subscription video service, the company said Thursday.

Verizon, the No. 2 U.S. telephone company, "will carry the full range of public television programming, including next-generation multicast offerings," according to a company statement.

As broadcasters switch to digital, new technology enables them to use the airwaves for additional channels, known as multicasting.

Executives from Verizon, the Public Broadcasting Service (PBS) and the Association of Public Television Stations (APTS) are expected to attend the news conference Friday.

More here.

The Slow Sound of a Scream on Mars

Bjorn Carey writes on

In space, no one can hear you scream, the saying goes. But what about on the surface of Mars?

A new computer simulation reveals just how far sound waves travel on the red planet. And if you're screaming for help, you better hope people are nearby.

Sound in air, water or any medium travels in waves that propagate as one molecule collides into the next, and so on. Because the Martian atmosphere is much thinner than Earth's, the distance between molecules is 120 times as far as in your back yard.

More here.

NetMotion Wireless and Padcom to Merge

Matt Hines writes on eWeek:

Wireless virtual private network specialists NetMotion Wireless and Padcom announced a deal to merge their businesses June 15, with plans to aim their combined products squarely at enterprise customers.

The two former rivals, who will unite under the NetMotion Wireless moniker, say that their proposed marriage will create the largest dedicated provider of wireless VPN tools on the market today.

More here.

Internet2 Selects Level (3) as Backbone Provider for New Network

Denise Pappalardo writes on NetworkWorld:

Internet2 Thursday named Level 3 as its new network provider that will build its future backbone to support 10 times more capacity than the current network.

At Internet2’s spring meeting in May, members talked about the goals of its new network and what it might look like, which includes supporting 10 10Gbps Lambdas.

The network will initially support 100Gbps connections to Internet2 members. Level 3 is designing the network so bandwidth upgrades will be seamless for future needs.

In April, Internet2 announced that it would not renew its contract with Qwest, the primary network carrier for its Abilene network, which is being phased out. Level 3 is Internet2’s network provider of the future.

More here.

Toon: Summertime

Click for larger image.

China: Yahoo! Worst Offender in Censorship Tests on Search Engines

Via Reporters sans Frontières.

Reporters Without Borders said it found Yahoo! to be the clear worst offender in censorship tests the organisation carried out on Chinese versions of Internet search engines Yahoo!, Google, MSN as well as their local competitor Baidu.

The testing threw up significant variations in the level of filtering. While censors results as strictly as, search engines and the beta version of let through more information from sources that are not authorized by the authorities.

While Microsoft has just said it does not operate censorship, Reporters Without Borders found that the Chinese version of its search engine displays similar results to those of, which admits to filtering its content. Searches using a "subversive" key word display on average 83% of pro-Beijing websites on, against 78% on By contrast, the same type of request on an uncensored search engine, like, produces only 28% of pro-Beijing sources of information. However, Microsoft like Google appears not to filter content by blocking certain keywords but by refusing to include sites considered illegal by the authorities.

More here.

Bidders Abound for Sprint Pseudowire RFP

Carmen Nobel writes on Light Reading:

While the Sprint Nextel Corp. RFP for pseudowire indicates that the company is still in the nascent stages of consideration, several suitors have jumped on board to bid. In the meantime, the company has been lobbying the U.S. Congress to regulate backhaul access fees.

A copy of the 10-page request for proposal, obtained by Light Reading, is vague on the timing or scope of a possible pseudowire deployment. But it does spell out how the company intends to use the technology -- both for wired and wireless services.

Pseudowires allow carriers to carve up bandwidth into small, packetized virtual channels, helping reduce the need for additional T1 lines to backhaul traffic from cell sites to the network backbone -- lines that wireless carriers often have to lease from incumbent wireline carriers.

More here.

Bill Gates Stepping Down from Full-Time Microsoft Role

Scott Ard writes on C|Net News:

Bill Gates is transitioning out of his full-time role at Microsoft, the software giant that's been under pressure due to a sagging stock price, competition from Google and nagging delays in the Vista operating system.

In a press conference held Thursday after the stock markets had closed for regular trading, Gates announced that over the next two years he will gradually step away from his daily responsibilities at the company he co-founded some 30 years ago.

Microsoft's Chief Technical Officer Ray Ozzie will immediately assume the title of chief software architect, Gates said. In addition, Chief Technical Officer Craig Mundie will immediately take the new title of chief research and strategy officer and will assume Gates' responsibilities for the company's research and incubation efforts.

More here.

U.S. Government Increasingly Turning to Data Mining

Arshad Mohammed and Sara Kehaulani Goo write on The Washington Post:

The Pentagon pays a private company to compile data on teenagers it can recruit to the military. The Homeland Security Department buys consumer information to help screen people at borders and detect immigration fraud.

As federal agencies delve into the vast commercial market for consumer information, such as buying habits and financial records, they are tapping into data that would be difficult for the government to accumulate but that has become a booming business for private companies.

Industry executives, analysts and watchdog groups say the federal government has significantly increased what it spends to buy personal data from the private sector, along with the software to make sense of it, since the Sept. 11, 2001, attacks. They expect the sums to keep rising far into the future.

Privacy advocates say the practice exposes ordinary people to ever more scrutiny by authorities while skirting legal protections designed to limit the government's collection and use of personal data.

More here.

China's GPS: Military Threat?

Via Defense Tech.

Peter B. de Selding hit the front page of Space News the other day with a scoop about a Chinese plan to build a 24-satellite navigation network, called Compass, in roughly the same orbit as the American and European sat-nav systems, GPS and Galileo. But there’s more: the Chinese are apparently “threatening” to use an encrypted signal for military ops that would actually overlay – and maybe interfere with – "M-Code," the Pentagon's GPS broadcast. That's the signal that keeps everything from precision bombs to flying drones on track.

You might remember that the Pentagon had a right royal hissy fit when the Europeans proposed to overlay Galileo’s encrypted signal on the M-code, because under those circumstances the U.S. military wouldn’t be able to jam Galileo during any hostilities without blocking its own ability to access the GPS signal. So, you would figure collective hair would be on fire over at the five-sided building at the news of the Chinese plan, right?

Well, maybe and maybe not. Turns out this jamming biz is not as simple as it sounds.

More here.

Trend Micro: Open Source is More Secure

[Full Disclosure: Trend is my employer.]

Tom Espiner writes on C|Net News:

Antivirus vendor Trend Micro is claiming that open-source software is inherently more secure than proprietary software such as Microsoft Windows.

Trend said one reason open-source software has fewer security issues is the variety of Linux distributions. Although they use the same kernel, if one distribution is compromised, the same piece of malicious software may not work on a different distribution, the company said Monday.

"Open source is more secure. Period," Raimund Genes, chief technical officer for anti-malware at Trend, said. "More people control the code base; they can react immediately to vulnerabilities; and open source doesn't have so much of a problem with legacy code because of the number of distributions."

Genes said open-source developers "openly talk about security," so patches are "immediate--as soon as something happens," whereas proprietary vendors with closed code have to rely purely on their own resources to push patches out.

More here.

Justice Department Sues New Jersey over NSA Data

Jason Ryan reports on the ABC News' "The Blotter":

The Justice Department has sued the state of New Jersey in a lawsuit against State Attorney General Zulima Farber and her deputy Cathleen O'Donnell for their efforts to subpoena telephone companies to obtain NSA call history data.

The suit, filed late Wednesday in federal court in Trenton, relates to the State Attorney General sending subpoenas to the phone companies in order to obtain records and documents relating to the data provided to the NSA. The Justice suit seeks an injunction from the U.S. District Court in Trenton to ensure that the subpoenas from the Attorney General are not enforced. Responses to the subpoenas are due by today.

The Justice Department suit notes that the New Jersey subpoenas "seek disclosure of matters with respect to which the Director of National Intelligence has determined that disclosure…would improperly reveal intelligence sources and methods."

"The United States will be irreparably harmed if the carrier defendants are permitted or are required to disclose sensitive and classified information to the defendants in response to the subpoenas," the suit says.

More here.

CTIA Presses for Traffic Studies to Determine USF Contributions

Heather Forsgren Weaver writes on RCR Wireless News:

Wireless industry trade association CTIA continued to press the Federal Communications Commission to allow its members to use studies to determine long distance vs. local traffic and thus how much they owe in universal-service fund contributions. CTIA’s statements came as the FCC confirmed it will consider the issue at its meeting Wednesday.

The universal-service fund system was set up in the 1930s to bring telecom services to high-cost areas by using a portion of long-distance revenues. Today, carriers contribute 10.9 percent of their long-distance revenues to the universal-service fund. Since wireless carriers have a difficult time calculating what percentage of revenues come from long-distance, the government uses an estimate (or a safe harbor) set today at 28.5 percent of all revenues. FCC Chairman Kevin Martin has proposed increasing this estimate to 37.1 percent. What is unclear is whether wireless carriers will be able to use traffic studies to determine their actual contribution amount rather than using the safe-harbor amount.

More here.

VA Hired ISS to Analyze Stolen Data

Bob Brewin writes on

Internet Security Systems (ISS) said the Department of Veterans Affairs has hired it to conduct forensic analysis of data containing records on 28.5 million veterans and potentially more than 1 million active military personnel that was stolen from an employee’s home last month.

An ISS spokeswoman declined to provide any details of the work the company is performing for the VA because of the sensitive nature of the data involved.

More here.

Entrust Acquires Orion Security Solutions for $9M

Sean Michael Kerner writes on

Security software maker Entrust is expanding its government security presence with the acquisition of Orion Security Solutions.

Entrust agreed to buy Orion Security Solutions for $8 million in cash, with a potential of $1 million more if certain targets are met, for a total of $9 million.

Orion Security Solutions makes public key infrastructure services (PKI) for federal government agencies, including the National Security Agency (NSA), Department of Defense (DoD), and the United States Marine Corps (USMC).

More here.

User Friendly: Last Minute Domain Squatting


Click for larger image.

UK Government's Encryption Key Plan Could Backfire


The clause of a law which forces people to hand over encryption keys will be activated after controversy delayed its implementation for six years. But one security expert has warned that the law itself could cause more criminals to turn to encryption.

The Regulation of Investigatory Powers Act will be modified later this year to allow government agencies to force the handing over of data keys after a consultation period announced on Monday. The contentious section of the legislation lay dormant when opponents argued that it could infringe on civil liberties, but the Home Office has said that increasing use of encryption makes its enaction necessary.

More here.

Report: VoIP Undermining Bahamas Telco

Via UPI.

A boom in Voice over Internet Protocol in the Bahamas is reportedly cutting into the value of the national telco.

The Bahama Journal said Wednesday that despite requirements for a permit to use VoIP, some 70 percent of outbound telecom traffic from the islands bypasses Bahamas Telecommunications Company.

The report from the Inter-American Development Bank recommended the government "recognize the futility of trying to stop" the spread of VoIP service.

More here.

C2 Files Patent Suit Against U.S. Phone Giants

A Reuters newswire article, via Yahoo! News, reports that:

C2 Communications, a subsidiary of C2 Global Technologies Inc., said on Thursday it had filed a law suit against seven big U.S. telecommunications providers saying the companies infringed its patent for Internet telephone services.

C2, a patent licensing company, said the suit. filed in a Texas court against AT&T Inc, Verizon Communications, BellSouth Corp, Qwest Communications International Inc, Sprint Nextel Corp Level 3 Communications Inc and Global Crossing Ltd.

Representatives from six of the telephone companies were not immediately available for comment and Global Crossing declined comment.

More here.

Video Tech Firm Sues Cable Operators Over VoD

Via Reuters.

USA Video Technology Corp., a small technology firm that holds patents for the digital delivery of media, said on Thursday it has filed a suit against top U.S. cable operators over their video-on-demand services.

The Old Lyme, Conneticut-based company said it sued Time Warner Inc., Cox Communications Inc., Charter Communications Inc., and Comcast Corp., alleging the cable operators violated its patent with their video-on-demand services offered to subscribers.

USA Video Technology is a subsidiary of USA Video Interactive Corp. The company said it holds a patent for what it called "store-and-forward video," filed in 1990 and issued by the U.S. Patent and Trademark Office in 1992.

The company said it is seeking fair compensation and a court injunction against further infringement.

More here.

Political Toon: Sinking, Sinking, Sinki....

Click for larger image.

Wednesday, June 14, 2006

15 June 1215: The Magna Carta is Sealed


A version of the Magna Carta issued in 1225 by Henry III of England and preserved in the UK's National Archives.
Image source: Wikipedia

Via Wikipedia.

Magna Carta (Latin for "Great Charter", literally "Great Paper"), also called Magna Carta Libertatum ("Great Charter of Freedoms"), was an English charter originally issued in 1215. Magna Carta is the most significant early influence on the long historical process that led to the rule of constitutional law today. Magna Carta was originally created because of disagreements between the Pope, King John and his English barons about the rights of the King. Magna Carta required the king to renounce certain rights, respect certain legal procedures and accept that the will of the king could be bound by law.

There are a number of popular misconceptions about Magna Carta, such as it was the first document to limit the power of an English king by law (it was not the first, and was partly based on the Charter of Liberties); that in practice it limited the power of the king (it mostly did not in the Middle Ages); and that it is a single static document (it is a variety of documents referred to under a common name).

Magna Carta was renewed throughout the Middle Ages, and further during the Stuart period, the Tudor period, and the 17th and 18th centuries. By the early 19th century most clauses had been repealed from English law. The influence of Magna Carta outside England can be seen in the United States Constitution and Bill of Rights. Indeed just about every common law country with a constitution has been influenced by Magna Carta, making it one of the most important legal documents in the history of democracy.

More here.

Story of the Day: Porn Download at Oregon State Office Puts Taxpayers at Risk

Thanks to a post over on /.

Via KATU 2/ABC News.

Electronic files containing personal data of up to 2,200 Oregon taxpayers may have been compromised by an ex-employee's unauthorized use of a computer, the Oregon Department of Revenue said Tuesday.

Amy McLaughlin, an information technology security officer with the state, said the incident apparently occurred when an employee downloaded a contaminated file from a porn site.

More here.

Texas AG Cyber Crimes Unit Arrests Two Men For Targeting Teens Online

Via The Texas Attorney General's Office.

Texas Attorney General Greg Abbott’s Cyber Crimes Unit investigators continued their pursuit of child sex offenders, arresting two men who allegedly used the Internet to solicit sex from children and obtaining a 10-count indictment against a Brenham man for possessing sexually explicit images of children.

Gary Wayne Bonorden, 50, of Hallettsville, was arrested when he showed up at a restaurant in Bastrop, bringing wine coolers to an alleged sexual rendezvous he had arranged with someone he believed to be a 14-year-old girl.

Christopher R. Kronshagen, 37, of Conroe, was arrested at a Sugar Land gas station when he allegedly showed up to meet what he thought would be a 13-year-old girl for sex.

More here.

ACLU Sues Pentagon for Monitoring

A Reuters newswire article, via Wired News, reports that:

The American Civil Liberties Union sued the U.S. Defense Department Wednesday to demand information it says the government has collected on groups opposed to the war in Iraq.

The group says the Pentagon has been monitoring antiwar groups and individuals and has compiled lists on people it sees as potential threats but who the ACLU says are exercising their free-speech rights.

The suit was the ACLU's first attempt to force the Pentagon to disclose domestic surveillance and followed similar suits by the organization against the FBI and the Justice Department.

More here.

Stolen AIG Computer Server Sparks ID Theft Fears for Almost 1 Million

Notice the last sentence in this article:

"Ironically, an AIG member company announced earlier this year that it now offers identity-theft insurance coverage."

Jim Popkin, Tim Sandler and the NBC Investigative Unit:

A thief recently stole a computer server belonging to a major U.S. insurance company, and company officials now fear that the personal data of nearly 1 million people could be at risk, insurance industry sources tell NBC News.

The computer server contains personal electronic data for 930,000 Americans, including names, Social Security numbers and tens of thousands of medical records. The server was stolen on March 31, along with a camcorder and other office equipment, during a break-in at a Midwest office of American Insurance Group (AIG), company officials confirm.

An AIG spokesman says that there's no evidence that the thief has accessed the personal data on the server or used it for any illicit purpose. The server is password protected, the AIG spokesman adds.

More here.

3 Out of 4 Financial Institutions Suffered External Breach in Past Year

Dan Kaplan writes on SC Magazine Online:

More than three out of every four of the world’s largest financial institutions experienced an external security breach in the past year, a dramatic increase over 2005, a new survey has revealed.

The fourth annual poll, released today by Deloitte Touche Tohmatsu, found that 78 percent of the world’s top 100 financial services organizations that responded to the survey confirmed a security breach from outside the organization, up from just 26 percent in 2005. The survey also learned that nearly half of the organizations experienced at least one internal breach, up from 35 percent in 2005.

Phishing and pharming were responsible for 51 percent of the external attacks, while spyware and malware accounted for 48 percent. Meanwhile, insider fraud was responsible for 28 percent of the internal breaches and customer data leaks were to blame for 18 percent.

More here.

FBI Loses 400 'Pieces of Equipment'

Via UPI.

The U.S. FBI may have lost 400 pieces of equipment, National Journal's Technology Daily reported Monday.

The Federal Bureau of Investigation still has not told the Government Accountability Office what has happened to hundreds of pieces of equipment that were supposed to be part of a failed department-wide case-management system.

"The FBI also has not provided any additional explanation for the remaining roughly 400 missing assets," Linda Calbom, the GAO's director of financial management and assurance wrote in a letter.

The letter, dated Friday, was addressed to Senate Judiciary Committee Chairman Arlen Specter, R-Pa., and addressed many of the follow-up questions that the committee had for GAO. The GAO released a report in May detailing the flaws in the FBI's Trilogy system, Technology Daily said.

It reported that the FBI could not locate more than 1,200 pieces of equipment, valued at about $7.6 million. The FBI responded by saying that it had accounted for 800 of those items, but GAO could not verify that claim, Calbom wrote, the report said.

More here.

Jesus Cartoons Could Draw Jail for Singapore Blogger

An AFP newswire article, via Yahoo! News, reports that:

A Singaporean blogger is under investigation for posting cartoons mocking Jesus Christ and could be jailed up to three years, the police said.

A police spokesman declined to give details about the suspect, who was described by the Straits Times as a 21-year-old office worker with his own blog site. His race and religion were not disclosed.

The blogger, who described himself as a "free thinker," had first posted a cartoon depicting Jesus Christ as a zombie biting a boy's head in January, the Straits Times said.

He ignored an online message asking for the cartoon's removal and went on to post more caricatures of Christ to spite the sender.

More here.

Canada: Nationwide 'IP Trunking' Launched

Via UPI.

The first Internet Protocol trunking service in Canada has been launched, opening the door to easier Internet access for business customers.

MTS Allstream announced at the Canadian Telecom Summit this week that its IP trunking will enable clients to use a single connection to the public telephone network for their PBX and IP networking.

MTS said its trunking service was delivered through its national network, which uses Cisco's CRS-1 Carrier Routing System platform.

More here.

Ex-Verizon Wireless Employee Sentenced for Stealing Numbers

Kelly Hill writes on RCR Wireless News:

A former Verizon Wireless employee has reportedly been sentenced to almost six years in prison for stealing access numbers for about $21 million in prepaid minutes and selling them to retailers at a discount.

The Associated Press reported that Timothy Charles Mattos, 34, of Folsom, Calif., received a sentence of 70 months in federal prison and three years of probation after his release; he also was ordered by the district court judge to pay back $21.3 million to Verizon Wireless parent company Verizon Communications Inc.

More here.

User Friendly: So Very Web 1.0


Click for larger image.

San Jose to Expand WiFi Hotspots Downtown

Jessie Seyfer writes in The Mercury News:

Finding free wireless Internet access in the center of Silicon Valley will finally get a little easier this summer.

San Jose city leaders awarded Mountain View-based MetroFi a contract Tuesday to expand the city's free, wireless Internet hotspots along thoroughfares and in parks downtown by early August.

The city decided last year that it would be better to expand existing hotspots little by little rather than launch a citywide plan that could end up costing taxpayers money.

More here.

Dispute Credit Card Charges at Your Peril

David Lazarus writes in The San Francisco Chronicle:

If you've ever reversed the charge for a dubious credit card transaction or online purchase, your name could be on a secretive overseas database that consumer advocates say may violate protections guaranteed under U.S. law.

The database is maintained by a Panama company named Goldwell Corp., which runs an online service called ChargeBack Bureau.

More here.

Sandia Supercomputer Takes on a Cosmic Threat

Leonard David writes on

Researchers have utilized the number-crunching brainpower of Red Storm—a supercomputer at Sandia National Laboratories in Albuquerque, New Mexico.

Red Storm, a Cray XT3 supercomputer, is the first computer to surpass the 1 terabyte-per-second performance mark—a measure that indicates the capacity of a network of processors to communicate with each other when dealing with the most complex situations—in both classified and unclassified realms.

The massively parallel computing simulations have modeled how much explosive power it would take to destroy or sidetrack an asteroid that’s got Earth in its cross-hairs.

More here.

Bill Seeks to Limit ID Theft Law

Via CNN/Money.

In what likely will be a prickly issue with many Americans, Congress next week is expected to vote on a bill that would limit consumers' ability to request a credit freeze, according to a published story Wednesday.

USA Today reported that the proposed Financial Data Protection Act of 2006 pre-empts laws in 17 states that allow anyone to freeze their own credit and instead permits only ID theft victims to request a freeze.

If it becomes a law, vets and military personnel who live in states that permit unrestricted credit freezes would lose that option, the newspaper said.

Critics of the measure said the bill tramples states' rights and undermines the consumer-protection role of state attorney generals, the report said.

More here.

Tuesday, June 13, 2006

14 June: U.S. National Flag Day


Old Glory -- "Long May She Fly"

Via Wikipedia.

In the United States, Flag Day (more formally, National Flag Day), is celebrated on June 14. It commemorates the adoption of the flag of the United States, which happened that day by resolution of the Second Continental Congress in 1777.

In 1916, Woodrow Wilson issued a proclamation that officially established June 14 as Flag Day; in August 1949, National Flag Day was established by an Act of Congress.

More here.

Canadian Telecoms Propose Shutting Hate Sites

Slippery slope alert.

A Canadian Press article, via The Globe and Mail, reports that:

A proposal to give Internet service providers the power to shut down hate-mongering or pornographic websites received an enthusiastic response Monday by top telecommunications executives, said the plan's creator.

Bernie Farber, chief executive of the Canadian Jewish Congress, presented the idea at the Canadian Telecom Summit in Toronto to senior managers from such major Internet providers as Rogers, Cogeco, and Sympatico, owned by BCE Inc.

Most service providers are unable to remove objectionable content from their servers unless it has been found illegal through a lengthy court process, Farber said in his speech.

Farber proposed that major Canadian Internet providers devise a protocol based on existing laws that would allow them to remove hateful or pornographic material at their own discretion.

More here.

U.S. Supreme Court Seeks Bush Administration Input on Preemption

Jeffrey Silva writes on RCR Wireless News:

The Supreme Court asked the Bush administration to weigh in on Minnesota Attorney General Mike Hatch’s appeal of a lower court ruling over whether mobile phone carriers must notify subscribers in advance of changes to service contracts. The lower court ruling—which Hatch is appealing—struck down a state wireless consumer law that alerted subscribers of changes in their contracts that can result in increased monthly bills.

That the Supreme Court has reached out to U.S. Solicitor General Paul Clement is a potentially positive development for the mobile phone industry. Bush administration lawyers have been sympathetic to wireless industry pre-emption arguments in consumer and health litigation.

More here.

KDDI Reports Massive Personal Data Leak

An AFP newswire article, via, reports that:

KDDI Corp, Japan's number two mobile operator, said that private information on nearly four million subscribers to its Internet service had been leaked.

Police said extortionists tried to sell the data which included the names, addresses, contact numbers, sex, birthdate and e-mail addresses of those who applied for KDDI's Dion Internet service by December 18, 2003.

But information such as their passwords, bank account information and communications logs has not released, the company said.

Tadashi Onodera, KDDI president and chairman, offered a public apology at a press conference.

"We consider that this will hurt our company's credibility. We will do our best to restore customers' trust by explaining the issue," Onodera told reporters, although he said there were no plans for compensation.

Information seems to have been leaked by KDDI employees or a vendor who had access to the system because it is impossible to access it from the outside, Onodera said.

Police said they arrested two men who attempted extortion in the case, reportedly demanding KDDI pay five million to 10 million yen (43,700 to 87,000 dollars) for the data.

More here.

CPA Group Says Data on 330,000 Members Missing

Jaikumar Vijayan writes on ComputerWorld:

Adding to the lengthening list of organizations reporting data compromises, the American Institute of Certified Public Accountants (AICPA) today [7 June 2006] confirmed that a computer hard drive containing the unencrypted names, addresses and Social Security numbers of nearly all of its 330,000 members has been missing since February.

The hard drive had been accidentally damaged by an AICPA employee and was sent out for repair to an external data-recovery service in violation of the AICPA's policies, said Joel Allegretti, a spokesman for the New York-based organization. It was on its way back to the AICPA via FedEx but failed to arrive. Allegretti did not say when exactly the drive went missing except to note that the package containing it was due back at the AICPA "toward the end of February."

It took the organization until March 31 to "re-create the drive" and determine what data it contained. The AICPA began notifying affected members of the potential compromise of their personal data on May 8 and has since completed the task, Allegretti said.

More here.

Level 3 Still Hungry for Fiber?

R. Scott Raynovich and Mark Sullivan write on Light Reading:

Level 3 Communications Inc. is on the prowl for more acquisitions, and it’s getting more serious about buying another metro service provider, according to Light Reading sources.

Two leading candidates are AboveNet Inc. and XO Communications Inc., according to one reliable source familiar with the talks, who asked to remain anonymous. And a number of analysts say that Level 3 could be looking at up to half a dozen candidates.

More here.

FAA Telecom Outage Reported at New Atlanta Tower

Aliya Sternstein writes on

A telecommunications system at the new Atlanta air traffic control tower went down for four-and-a-half hours on the morning of June 9 and caused three flight delays, according to officials at the Federal Aviation Administration’s employee union, Professional Airways Systems Specialists (PASS).

However, officials at Harris, the contractor that installed the network, said the interruption caused no safety issues or flight delays. They blamed the outage on a maintenance interruption to the FAA Telecommunications Infrastructure (FTI) service.

Because data services were down, air traffic controllers had to fax flight plans between air traffic control facilities and the tower, and then handwrite information on flight strips.

More here.

Internet Pioneers: VoIP Wiretapping is Complicated

Grant Gross writes on InfoWorld:

The study [.pdf], co-authored by several people including TCP/IP co-creator Vinton Cerf and former U.S. National Security Agency encryption scientist Clinton Brooks, comes days after a U.S. appeals court upheld the FCC's VOIP wiretapping rules. On Friday, the U.S. Court of Appeals for the District of Columbia upheld the ruling, requiring that VOIP providers offering a substitute for traditional telephone service comply with a 1994 telephone wiretapping law called the Communications Assistance for Law Enforcement Act (CALEA).

The FCC did not immediately respond to a request for comments about the ITAA study. But on Friday, FCC Chairman Kevin Martin said allowing law enforcement wiretapping of VOIP calls is of "paramount importance" to U.S. security.

Tracking VOIP calls would be more difficult than tracking calls on the traditional telephone network, because VOIP providers have little control over how their calls are routed across the Internet, said Whitfield Diffie, chief security officer at Sun Microsystems Inc. VOIP providers "have no special Internet privileges" to control traffic, said Diffie, one of the study's authors.

More here.

Net Neutrality Fight Returns to Senate

Anne Broache writes on C|Net News:

The political tussle over Net neutrality shifted back to the Senate's turf Tuesday, taking center stage at the last public hearing before a mammoth communications bill goes up for a preliminary vote.

As leaders of the Senate Commerce Committee continue negotiations over how to deal with the controversial concept, committee members and witnesses from advocacy groups took turns airing their positions yet again.

The latest draft of the sweeping bill, called the Consumer's Choice and Broadband Deployment Act, numbers 151 pages and covers everything from the digital television switch to city-run broadband networks to changes in the procedure by which video services operators seek franchises to serve new areas.

Arguably the most contentious portion has turned out to be Net neutrality, the idea that network operators should not be allowed to prioritize Internet content and services that travel across their pipes or to make deals with companies seeking special treatment.

More here.

Barracuda Glitch Leaves Customers Incommunicado

Candice Lombardi writes on C|Net News:

A faulty antivirus update left thousands of Barracuda Networks' customers without e-mail for hours on Tuesday.

More than three-quarters of the spam firewall company's 35,000 customers were affected by the hitch, Barracuda said. Their systems downloaded an incomplete antivirus update file just before 5 a.m. PDT, and as a result, their Barracuda appliances stopped all e-mail traffic and stored messages in a queue. A fixed file was sent out and service was fully operational about two hours later, the company said.

More here.

U.S. Labs Compete to Make New Nuclear Bomb

An AP newswire article, via USA Today, reports that:

The Lawrence Livermore National Laboratory in the San Francisco Bay area and the Los Alamos National Laboratory in New Mexico are competing to design the nation's first new nuclear bomb in two decades.

Scientists at both facilities are working around the clock on plans that will be presented to the Nuclear Weapons Council, a federal panel that oversees the nation's nuclear weapons. The council will choose a winner later this year.

More here.

AT&T: Wired News Is a 'Scofflaw'

Ryan Singel writes on Wired News:

Wired News is a "scofflaw" full of "hot air" and should not be heard in a class-action lawsuit accusing AT&T of violating customers' privacy by cooperating with the National Security Agency in a warrantless internet wiretap operation, the telecommunications company said in a court filing Monday.

AT&T was responding to a May 23 petition from Wired News asking to intervene in the case in order to seek the unsealing of more than 140 pages of documents submitted as evidence.

On May 22, Wired News published 30 pages of documents acquired from an anonymous source who is not a party to the case. The papers include an affidavit from whistle-blower Mark Klein and eight pages of documents stamped "AT&T Proprietary." The AT&T pages are believed to be excerpts from some of the documents filed under seal in the case, and depict a detailed scheme for capturing and analyzing data flowing through AT&T's fiber-optic backbone. Klein's accompanying statement describes the setup as part of an NSA wiretap operation in AT&T's San Francisco switching center.

More here.

UK Betting Sites Hit By Outages During World Cup

Via Netcraft.

Several popular UK-based betting online betting sites have been hit by brief outages this morning, interrupting wagering on the World Cup. Sites operated by BetDirect and UKBetting were offline for periods of between 45 minutes and two hours during the same general time period.

Industry observers say as much as £1 billion ($1.84 billion U.S.) could be wagered on this year's World Cup, five times the betting volume for the 2002 event. It's not clear whether heavy traffic was a factor in today's outages, but that type of betting volume makes downtime quite expensive for online bookmakers. Historically, betting sites have been targeted by DDoS extortionists during major sporting events.

More here.

Al Qaeda Identifies 20th 9/11 Hijacker on Web Site

Via CNN.

Al Qaeda identified a Saudi militant, who was killed in 2004, as the 20th hijacker in the September 11, 2001, attack on the United States, according to a statement published Tuesday on an Islamist Web site.

"Turki bin Fheid al-Muteiri -- Fawaz al-Nashmi -- may God accept him as a martyr (was) the one chosen by Sheikh Osama bin Laden to be the martyrdom-seeker number 20 in the raid on September 11, 2001," the statement said.

Al-Muteiri was not able to join the other hijackers in time for those attacks, the date of which had been pushed forward, the group said without elaborating.

More here.

More of Your Info Might be Online Than You Think

Drew Griffin and Kathleen Johnston write for CNN:

If you are worried about a thief stealing your identity, it's not your wallet that needs guarding -- it's your state and local governments.

That's the alarm Betty "BJ" Ostergren, the self-proclaimed Virginia Watchdog, has been sounding for the past four years from her rural Virginia home.

Sitting at her computer, she shows us with just a click of the mouse she can find Social Security numbers, birthdates, bank loans and even digitized signatures that a clever thief could easily manipulate onto official-looking documents. Everything anyone would need to steal your identity is right online, put there by local and state government agencies.

More here.

UK Government Must Publish Secret Report on ID Cards

James Murray writes in IT Week:

The government may soon be forced to release many of its secret reports on the costs, benefits and risks of its controversial identity (ID) card scheme after the information commissioner last week ordered it to release a secret Department of Work and Pensions (DWP) feasibility study on the initiative.

The ruling followed a complaint to the data-protection and freedom of information (FoI) watchdog from Liberal Democrat MP Mark Oaten in 2004, after the DWP refused his parliamentary question request to release the report.

More here.

New Senate Telecom Bill Stays the Course on 'Net Neutrality'

Arshad Mohammed writes in The Washington Post:

Senate staffers appear to have made little progress resolving one of the most contentious issues in new telecom legislation: whether to impose "net neutrality" provisions that would limit how cable and telephone companies may charge others for access to their networks.

A fresh draft of telecom legislation released by the Senate Commerce Committee yesterday leaves its net neutrality language untouched, simply requiring the Federal Communications Commission to study the issue annually and to report back if it sees any problems.

More here.

UserFriendly: Ellinux


Click for larger image.

Monday, June 12, 2006

Yahoo! Hit by Worm

Via Reuters.

Yahoo Inc., the world's largest provider of e-mail services, said on Monday that a software virus aimed at Yahoo Mail users had infected "a very small fraction" of its base of more than 200 million accounts.

The e-mail virus, or worm, has been dubbed Yamanner and landed in Yahoo mailboxes bearing the headline "New Graphic Site." Once opened, the message infects the computer and spreads to other users listed in Yahoo users' e-mail address books, security experts said.

The e-mail containing the virus need only be opened -- in contrast to most worms that are hidden in attachments and require users to take an additional step -- to release the virus, according to computer security site Symantec Corp.

More here.