Saturday, December 23, 2006

Quote of the Day: FX

"A Google search for 'FBI computer crime' produces the email address of the FBI National Computer Crime Squad (NCCS) as nccs@fbi.gov. Unfortunately, the address bounces with a 'user unknown' SMTP error. Apparently, computer crime has been eradicated in the USA."

- FX, in a blog post regarding a rather dubious reporting incident of security disclosure.

NYC Workers in ID Fear Over Data Theft

David Seifman writes in The New York Post:

A major health insurer has delivered a gloomy holiday message to 42,000 city employees, warning that their personal data may have been compromised during a burglary in Massachusetts, The Post has learned.

Group Health Insurance Inc. reported that thieves made off with computer tapes containing the names, Social Security numbers "as well as other data" in a break-in at the office of one of its vendors, Concentra Preferred Systems, on Oct. 26.

More here.

(Props, Pogo Was Right.)

Happy Festivus!


Happy Festivus!

Friday, December 22, 2006

Personal Data of 15,000 TWU Students At Risk

Via Pegasus News.

Texas Woman’s University is notifying approximately 15,000 students that their personal data has been exposed to potential identity theft.

The personal data of all students who were enrolled at TWU in the calendar year 2005 was exposed. The personal data includes names, addresses and Social Security Numbers. This exposure affects the university’s three campuses in Denton, Dallas and Houston.

University officials discovered earlier this week that IRS 1098-T Tuition Statement data for 2005 was transmitted to an outside vendor via a non-secure connection. The data was briefly exposed only during transmission and is now secure.

At this time TWU has no indication that this data has been accessed or used by anyone. However, the university recognizes the seriousness of this exposure and the need to inform the affected students as quickly as possible.

More here.

(Props, Pogo Was Right.)

Dulcius Ex Asperis: Aye, Ferguson


I'm happy to submit this photo to you -- the claymore (sword) I obtained a while back, the tartan is my clan, and the stained glass celtic cross was made for me by my better half, Lori, as a Christmas present this year -- she made it herself.

With her own two hands. Pretty awesome.

I think it is perhaps one of the nicest things anyone has ever given me.

As you may or may not know, my ethnicity and family background is very Scottish.

Aye. And to ye, the same.

Cheers.

- ferg

An Oldie, But Goodie: Children's Xmas Letters to Christopher Walken




Something I blogged about last year -- the gift that keeps on giving.

Enjoy!

- ferg

U.S. Losing Web 2.0 War to Terror Groups?

Xeni Jardin writes on Boing Boing:

Researchers exploring the so-called "Dark Web" analyzed 86 websites from groups labeled as terrorist orgs by the US government, using data mining software. In a report titled "Analyzing Terror Campaigns on the Internet," a team of tech and culture experts from several US universities compared them to 92 US state and federal government websites.

The researchers determined that the government sites lagged behind in advanced web technologies. In short, they said, the terrorist groups demonstrated greater sophistication in their use of Web 2.0 tools.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Friday, Dec. 22, 2006, at least 2,963 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,377 died as a result of hostile action, according to the military's numbers.

The AP count is six higher than the Defense Department's tally, last updated Friday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

Popular Science: The Ten Sci-Tech Moments That Mattered in 2006

Image source: PopSci.com


Via PopSci.com.

Poison spinach! User-generated content! Space tourism! Global warming! With wars raging on several continents, a political tug of war playing out in the U.S., billionaires touring the cosmos, and a new virtual economy blossoming online, the world saw its share of amazing moments in 2006.

Throughout the year, PopSci.com provided perspectives on the most important sci-tech events, and here, in the spirit of bidding farewell to the old and ushering in the new, we offer a recap—our roundup of the most interesting and influential happenings of the auld lang syne.

More here.

Pressure Builds For Debate On Criminal Records

An AP newswire article, via WCCO.com (Minneapolis-St. Paul), reports that:

Problems with uneven background checks and sealed criminal records that leak out all over the Internet could lead to a fresh debate at the Legislature next year.

Lawmakers and others said it's time for a serious look at [Minnesota] state laws governing criminal records. A task force report released earlier this month called for a host of changes, including the opportunity to expunge criminal convictions after a waiting period.

More here.

(Props, Flying Hamster.)

Bush Signs Law to Study Data Center Energy Usage

Robert Mullins writes on ComputerWorld:

President George W. Bush has signed legislation directing the Environmental Protection Agency to study energy use in data centers.

The bill, passed by the Senate on Dec. 8, authorizes the EPA to analyze the growth of energy consumption at data centers. The issue is a growing concern to companies that operate large groups of servers, storage devices and other computer equipment. Many data center operators find that the cost of electricity and air conditioning that keeps servers cool rivals the cost of the servers themselves.

More here.

Lockheed Proceeds to Next Step for GPS III

Via UPI.

Lockheed Martin has received a $50 million contract to continue development of the next step in the U.S. Air Force Global Positioning System satellite program.

The contract announced Thursday by officials with Lockheed's Navigation Systems unit in Denver will fund the System Design Review phase of the GPS Block III satellite that will be used by both military and civilian customers.

The review will be carried out next March, leading up to the awarding of a multi-billion dollar development contract later in the year.

More here.

NORAD Santa Tracker: A Fun Site for The Wee Ones

"He knows if you've been bad, or good..."

I've seen a few other of my favorite websites have already mentioned this, and it promptly reminded me to mention it here as well.

So point the wee ones at this Santa Tracking website to pique their curiosity this Christmas season.

And whatever you celebrate this Yuletide season, be safe.

- ferg

User Friendly: Keepin' It Real

Via UserFriendly.org.


Click for larger image.


French Court Favors Personal Privacy Over Piracy Witchhunts

Thomas Crampton writes in The International Herald Tribune:

A French court has ruled that music companies and other copyright holders cannot conduct unrestrained Internet monitoring to find pirates.

The decision, which could leave record companies open to lawsuits in France for invasion of privacy, pits European Union-sanctioned data protection rules against aggressive tracing tactics used by the music and film industry.

More here.

U.S. DoD Bans Use of HTML e-Mail, Outlook Web Access

Bob Brewin writes on FCW.com:

Due to an increased network threat condition, the Defense Department is blocking all HTML-based e-mail messages and has banned the use of Outlook Web Access e-mail applications, according to a spokesman for the Joint Task Force for Global Network Operations.

An internal message available on the Internet from the Defense Security Service (DSS) states that JTF-GNO raised the network threat condition from Information Condition 5, which indicates normal operating conditions, to Infocon 4 “in the face of continuing and sophisticated threats” against Defense Department networks.

Infocon 4 usually indicates heightened vigilance in preparation for operations or exercises or increased monitoring of networks due to increased risk of attack.

More here.

Microsoft Acknowledges Vista vulnerability

Jeremy Kirk writes on InfoWorld:

A vulnerability that affects four of Microsoft's operating systems, including Vista, doesn't appear to pose a great risk, says one security vendor.

Microsoft's security blog said proof-of-concept code has been publicly released that targets the Client-Server Runtime Subsystem (CSRSS), which performs functions such as launching and closing applications.

A user could launch malicious code within the CSRSS that would elevate their privileges on a computer, such as going from an ordinary user to an administrator, said Thomas Kristensen, chief technology officer for Secunia AsP in Denmark.

More here.

Bank of America Says Customer Data May Have Been Stolen

Peter Hull writes on The (Charleston, South Carolina) Post and Courier:

Bank of America, one of the region's largest financial institutions, said this week that Social Security numbers and other information about an undisclosed number of its Charleston-area customers may have been stolen.

The Charlotte-based financial giant declined to say how many people were affected or what areas they live in, but it said it has notified all of them of the suspected breach in writing.

The ill-gotten personal information also includes names, addresses and telephone numbers, the company said.

Bank of America said it is working closely with law enforcement officials as part of an ongoing investigation.

More here.

(Props, Pogo Was Right.)

Bag of 700 Passport Forms Goes Missing

Stephen Speckman writes in the Deseret Morning News:

A bag of about 700 passport applications is missing and a handful of Utahns are among the impacted applicants.

The bag was reported missing by the U.S. State Department on Dec. 1, when the applications were supposed to be shipped by commercial air from Los Angeles to the State Department's Passport Center in Charlotte, N.C.

More here.

(Props, Flying Hamster.)

Photons Trapped by Trick of the Light

The loops act as optical buffers, delaying light by 0.5 nanoseconds before allowing it to continue on its way.
Image source: New Scientist


Jeff Hecht writes on NewScientistTech:

Optical microchips that can store light for short periods of time before sending it on its way have been constructed for the first time by researchers at IBM in the US.

The work is an important breakthrough for chip designers who hope one day to use “optical buffers” in superfast processors that rely on photons instead of electrons for their processing power.

More here.

Vista Won't End Windows XP Availability

Joe Wilcox writes on Microsoft Watch:

I can't count how many times people have asked me if Windows XP would be available on new PCs following Vista's release.

In the near term, the answer is as much a factor of user demand and OEM and system builder policies. That said, Microsoft will make Windows XP available for from 12 to 24 months after Vista's general availability, depending on the sales channel.

According to Microsoft's Life-Cycle Policy Web site, Windows XP Home, Professional, Tablet PC, Media Center and 64-bit editions will be available in direct OEM and retail licenses for 12 months following the beginning of Windows Vista's general availability, which is scheduled to be Jan. 30, 2007. System builder licenses will be available for another 12--or total 24--months from Vista's general availability, it said.

More here.

Ho! Ho! Ho! Zone-H Gets Defaced

SyS64738 writes on Zone-H News:

As you may have noticed, Zone-H got defaced in the night between Dec 21st and Dec 22nd. This was an elaborate attack that was possible (as most of the past Zone-H incidents), starting with the exploitation of the human factor. We are pleased to post this explanation as it is a very good example on how your security can be jeopardized by bugs, and ones (Hotmail) apparently not related to the system you are using.

The funny part is that the incident happened yesterday night, exactly when all Zone-H board members where around a table for the x-mas dinner discussing about an hypotethical Zone-H incident and backup policies.

More here.

Politics and Censorship in America

Harry Fuller writes on the C|Net Politics Blog:

The New York Times ran an Op-Ed piece today about U.S. relations via-a-vis Iran. Or rather the gray lady ran most of the article. By my rough estimate, ten percent of the piece was redacted.

One of the services paid for by your taxes: CIA's Publication Review Board. The Times says this Board found nothing wrong with the article, co-authored by a former employee of the National Security Council. However, the Board apparently made the deletions from the original article on orders from the White House.

Other anti-Bush blogs have seized on this, of course. For us outside the Beltway, it's more evidence of the cynical use of media in the propaganda barrage over the highly political Mideast mess.

More here.

Cyber Crime Hits the Big Time in 2006

Brian Krebs writes on Security Fix:

Call it the "year of computing dangerously."

Computer security experts say 2006 saw an unprecedented spike in junk e-mail and sophisticated online attacks from increasingly organized cyber crooks. These attacks were made possible, in part, by a huge increase in the number of security holes identified in widely used software products.

Few Internet security watchers believe 2007 will be any brighter for the millions of fraud-weary consumers already struggling to stay abreast of new computer security threats and avoiding clever scams when banking, shopping or just surfing online.

More here.

DDoS Attack Targets CafePress.com

Via Netcraft.

CafePress.com, which provides online stores for thousands of blogs and web sites, has been hit with a distributed denial of service attack (DDoS) which has disrupted service for many of its merchants during the critical final shopping days before Christmas. The attack began Tuesday evening and was continuing to cause "significant service interruptions" late Thursday. The cafepress.com main site and a sampling of online stores were accessible early Friday.

"Some customers have access that appears normal, some have intermittent access, and some have no access at all," Cafe Press reported Thursday on its customer forum. "Those of you who are able to access CafePress may be experiencing difficulties with certain functions, such as uploading images. This is normal based on the type of attack we’re experiencing."

The attack on CafePress follows a DDoS attack on web host Crystaltech on Cyber Monday, which has been heavily promoted by online retailers as the kickoff of the online shopping season. DDoS attacks are often timed to peak traffic periods when uptime is critical.

More here.

Thursday, December 21, 2006

A Tale of Corporate Atrocity: Microsoft Tries to Patent RSS

Dave Winer:

Today I received a link to a patent granted to Microsoft, where they claim to have invented all this stuff.

Presumably they're eventually going to charge us to use it. This should be denounced by everyone who has contributed anything to the success of RSS.

More here (and here).

Report Says TSA Violated Privacy Law

Ellen Nakashima and Del Quentin Wilber write in The Washington Post:

Secure Flight, the U.S. government's stalled program to screen domestic air passengers against terrorism watch lists, violated federal law during a crucial test phase, according to a report to be issued today by the Homeland Security Department's privacy office.

The agency found that by gathering passenger data from commercial brokers in 2004 without notifying the passengers, the program violated a 1974 Privacy Act requirement that the public be made aware of any changes in a federal program that affects the privacy of U.S. citizens. "As ultimately implemented, the commercial data test conducted in connection with the Secure Flight program testing did not match [the Transportation Security Administration's] public announcements," the report states.

The finding marks the first time that the Homeland Security Department has acknowledged that the problem-plagued Secure Flight program has violated the law. It comes at a time when a separate program to screen international passengers is under attack for officials' failure to disclose until recently that they were creating passenger profiles that would be stored for 40 years.

More here.

Toon: A Christmas Wish


Click for larger image.


Second Sony Rootkit Settlement Ups Payout to $5.75M

Robert McMillan writes on ComputerWorld:

Sony BMG Music Entertainment's botched attempt to stop unauthorized music copying has cost the company another $4.25 million.

Two days after reaching settlements worth a combined total of $1.5 million with Texas and California, Sony on Thursday agreed to pay another 40 states the money to end investigations into its use of two copy protection programs: First 4 Internet Ltd.'s XCP (extended copy protection), and MediaMax, written by SunnComm International Inc.

In a statement, Sony said it was pleased with Thursday's settlements.

More than 12 million Sony BMG CDs shipped with this software last year, according to a statement from the Massachusetts Attorney General.

More here.

U.S. Toll in Iraq

Via The Boston Globe (AP).

As of Thursday, Dec. 21, 2006, at least 2,959 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,373 died as a result of hostile action, according to the military's numbers.

The AP count is six higher than the Defense Department's tally, last updated Thursday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

National Reconnaissance Office Yields to FAS Lawsuit

Steven Aftergood writes on Secrecy News:

A government attorney indicated yesterday that the National Reconnaissance Office will cease to oppose a Freedom of Information Act request from the Federation of American Scientists for unclassified NRO budget justification documents, and that it will provide the requested records as early as next week.

Last July, a federal court ruled in favor of FAS and told the NRO that the budget documents are not "operational files" that would be exempt from processing under the FOIA. In September, the NRO filed a notice of appeal (pdf) seeking to overturn the court order.

But this week, after FAS filed a motion to compel the NRO to comply with the order, the agency said it would withdraw its appeal and provide the document.

More here.

Have a Cool Yule -- Winter Solstice Today

The precise moment of the 2006 solstice will be December 21, 2006 at 7:22 P.M. EST (Dec. 22, 00:22 UT).


Today is Yule, the winter solstice celebration of the Germanic pagans still celebrated by some new (old?) age movements around the world. It is also one of the eight solar holidays, or sabbats, of Paganism. In modern Paganism, Yule is celebrated on the winter solstice, which is today, at precisely 12:35 central standard time (CST, -06:00 UTC).

All pagans celebrate!

VoIP Companies Going Bankrupt?

Om Malik:

As a reader put it nicely1 - VoIP business is no different than the long distance business. High costs of acquisition, and very low margins.

In other words it is a sucker’s game. One IP Voice, learnt this the hard way, and had to file2 for Chapter 11 Bankruptcy protection as it tries restructures.

More here.

Stephen Cohen Rewrites Sex.com History

Kieren McCarthy writes on his blog:

Stephen Michael Cohen, the man who stole the Sex.com domain and is currently out of jail, has embarked on a touch of history rewriting, starting with the various entries of Wikipedia that deal with the case.

The Stephen M Cohen entry has been redirected to “Stephen Cohen sex.com” by Cohen himself, and all the information has been pulled out of it to be replaced with Cohen’s assertion that the story is incorrect.

In a first edit, he outlined his current fantasy that the case will be reversed based on Gary Kremen’s lack of standing. Unfortunately the judge already ruled very clearly on that issue about four years ago, so I’m not sure why Cohen keeps focussing on this.

But he turned abusive as he decided to have a go at Gary Kremen’s entry.

More here.

Gapingvoid: Give and Take

Via gapingvoid.com. Enjoy!

Florida Democrat Loss Could Trigger Hearings on Voting Machines

Scott M. Fulton, III writes on BetaNews:

The candidate declared the loser in last month's race for Florida's 13th US congressional district is now seeking the help of the incoming Congress she might have joined, in investigating whether an apparent 18,382 undercount by voting machines in Sarasota County might have prevented her from losing by just 369 votes.

If Christine Jennings gains the support of incoming Democratic committee heads - which, with the help of Democratic National Committee Chairman Howard Dean, she's likely to do - the result could be a series of congressional hearings into the integrity of electronic voting machines nationwide.

More here.

Local: Stolen Santa Clara Server Contains 2,500 Social Security Numbers

Truong Phuoc Khánh writes in The Mercury News:

A computer stolen from Santa Clara County's employment agency contained the Social Security numbers of 2,500 people who are being advised to take steps to protect themselves from identity theft.

The risk to clients is not believed to be high because the information was encrypted by passwords, according to a statement from the county. Only those who have used the PESCO software to assess their job skills are affected.

The theft was discovered last week and reported to police Friday.

More here.

Clipboard Data Theft Optional In IE 7

Brian Krebs writes on Security Fix:

A little known secret about Microsoft's Internet Explorer Web browser is the long-standing feature that lets Web sites silently read data stored in the Windows "clipboard" -- the storage space that serves as a semi-temporary repository for any text the user has recently cut-and-pasted or copied in virtually any Windows program.

Apparently, Microsoft has finally changed that feature with IE 7. The newest version of the browser throws up a prompt asking users whether they really want to share the contents of their clipboard (should they stumble upon a site that tries to filch it).

It's probably worth mentioning that alternative Web browsers such as Firefox and Opera do not allow Windows clipboard data-stealing.

More here.

Grinch Hacks Santa Claus' Website

Ericka Chickowski writes on SC Magazine Online:

Not even Santa Claus is safe from hackers this year, as StopBadware.org reported today that a philanthropist with the legal name of Santa Claus had his site targeted by hackers who uploaded an iframe that installed malicious software onto visitors' computers

The "neighborhood watch" organization had initially flagged the Nevada-resident's site, www[dot]santaslink[dot]net as a site containing malicious content. Through StopBadware's partnership with Google, vistiors directed to the children's advocate site through the search engine were being warned that they were at risk to enter.

When Claus contacted StopBadware to ask why his site was being filtered, the organization did a little digging and found that someone had snuck into the site and planted a badware link without Claus' knowledge.

More here.

Blogger's Sloppy Stumble Out of Beta

Caroline McCarthy writes on the C|Net Google Blog:

Blogger's new makeover, launched in a selective beta back in August, was supposed to make the personal publishing software easier to use. After all, in order to remain a blogging platform for everyday users, the Google-owned service was going to have to do something.

Its previous incarnation required a basic knowledge of HTML, which is practically prehistoric in today's world of Ajax-spiced platforms like Six Apart's Vox, which launched earlier this year. So Blogger released a new beta version that featured tags (or "labels" in Googlespeak), "friends-only" posts, and drag-and-drop capabilities. On Thursday, it left the beta phase for a full launch.

But things don't appear to have gone entirely smoothly. According to some Blogger readers, the software exited beta in the manner of an egg nog-filled guest leaving a Christmas party.

More here.

Virginia is for Longer Data Retention

Anne Broache writes on C|Net News:

All Internet service providers should keep their subscribers' data for lengthier time periods in order to aid police prowling for criminals online, a task force organized by the Virginia state attorney general recommended this week.

Echoing similar calls from U.S. Attorney General Alberto Gonzales and FBI Director Robert Mueller earlier this year, the latest suggestions arrived in a 103-page report drawn up by Virginia Attorney General Bob McDonnell and his 6-month-old Youth Internet Safety Task Force.

More here.

Wednesday, December 20, 2006

Censored SNL Sketch Jumps 'Bleepless' Onto the Internet

Jacques Steinberg writes in The New York Times:

The nearly three-minute digital film, shown on “Saturday Night Live” last Saturday, was a parody of two boy-band singers (including one played by the real Justin Timberlake) crooning a holiday song about making a gift to their girlfriends of their male anatomy, which they appeared to have wrapped in boxes (strategically placed) and then topped with bows.

Given the subject matter, it was little surprise that NBC bleeped a recurring word in the chorus 16 times. But soon after the broadcast concluded at 1 a.m. Sunday, viewers who’d seen the bit on TV (and others who had just heard about it) could find the uncensored version online. That’s because the network itself had placed it on its own Web site (nbc.com) and YouTube.com, under the headings “Special Treat in a Box” or “Special Christmas Box.”

More here.

Phone Location Tip for Kim Family Went Unheeded

Via The Oregonian.

The engineer whose cell phone records helped find the Kim family in a search-and-rescue drama that riveted the nation told police the Kims were “most likely in the vicinity of Bear Camp Road” two full days before they were found, according to a Portland police detective’s report.

The Edge Wireless engineer provided a far more precise idea of where to look for James and Kati Kim and their two young daughters than had previously been understood.

The Portland Police Bureau report, released Wednesday, said Detective Michael Weinstein immediately relayed that information the evening of Dec. 2 to the Oregon State Police, which headed the investigation into the San Francisco family’s disappearance.

Yet no detailed search of the logging roads around Bear Camp Road was begun in earnest until two days later.

More here.

Record Labels Finally Sue Allofmp3.com

Mike Masnick writes on techdirt.com:

The only surprise here is that it's taken this long. However, after tremendous efforts to influence politicians to force Allofmp3.com to shut down, it appears that a bunch of record labels have finally filed a lawsuit against the company.

The timing on this is a bit odd, as the record labels had succeeded in pressuring Russia into going after the site and pressuring credit card companies to stop accepting charges from the site.

However, the RIAA still hasn't learned that every time they try to shut these types of offerings down, it just makes them stronger -- and Allofmp3 has continued to fight back and find alternatives.

It will be interesting to see how this lawsuit turns out -- as it was filed in New York, and Allofmp3 is a Russian company, meaning the laws in the US are pretty much meaningless to it.

More here.

Gangs Flooding the Web for Prey

Kevin Voight writes for CNN:

On December 8, Australia suffered a sneak-attack from malevolent forces based in the former Soviet states. The weaponry was a multi-million fusillade of bogus e-mail touts targeting customers of iiNet, owner of Ozemail, one of the most popular Internet providers in the country.

The barrage overwhelmed company servers, which saw e-mail traffic spike from a daily average of 12 million messages to nearly 20 million -- 98 percent of which were spam -- and caused a 10-minute delay for users.

"We're seeing a lot of spam coming from China and Eastern Europe," says Greg Bader, chief information officer of iiNet. "They are organizations that are obviously very well set up and funded in order to release the volume of email they're pumping out."

Cybercrime is big business. The FBI estimates that computer-related crimes -- such as virus attacks and identity theft -- have cost companies and consumers $400 billion in the United States alone, according to a September report.

More here.

Juniper to Take a Whopping $900M Charge for Options

Stephen Lawson writes on InfoWorld:

Juniper Networks Inc. will take a non-cash charge of about US$900 million in the wake of an investigation that found the company improperly dated employee stock-option grants.

The router and network security vendor on Wednesday announced the completion of a seven-month probe by its audit committee, assisted by independent counsel and forensic accountants. The investigation found that in many cases Juniper chose grant dates for options after the fact, in an effort to give employees the benefit of a better stock price.

More here.

Privacy Tech: Bush's Data Strip-Mining Plans

John Prado writes on TomPaine.com:

Nothing seems to prevent the Bush administration from demanding more and more of our personal information. They observe few moral or constitutional barriers. There’s no evidence that all this information increases our security, but that doesn’t slow them down. They just keep coming.

For instance, Alberto Gonzales’ Department of Justice, in little-noticed moves, has proposed to amend a 1994 law governing how the communications industry helps law enforcement to require Internet companies to design their applications so as to be wiretap-friendly . And in June 2006 Justice further proposed the companies be required to retain and store everyone’s Internet transaction records for the feds to pore over. Most recently, the Department of Homeland Security, after efforts to create a massive database on airline passengers not only encountered technical difficulties but were prohibited by Congress, revealed they simply modified a counter-narcotics program to the same end.

With typical cynicism, the Bush administration has continually immersed its initiatives in a web of secrecy, and congressional allies have further muddied the waters. Many remember the Bush fiasco of a few years ago, appointing Reagan-era Iran-Contra figure John Poindexter to head a Total Information Awareness Program that was going to sort through masses of detail gathered from all sources—thus including files on every American—to find terrorists.

More here.

(Props, Pogo Was Right.)

Help EFF Investigate Invasive Travel Screening Program

Via EFF Deep Links.

For several years, the Department of Homeland Security has been treating innocent travelers like suspected terrorists by using the Automated Targeting System (ATS) to assign them "risk assessment" scores. This invasive data-mining program was only recently revealed to the public, and EFF is attempting to document the system's effect on law-abiding individuals.

If you have experienced difficulties when entering or leaving the United States, we'd like to hear from you. We are particularly interested in hearing from folks who have had repeated problems, or have been told by government agents that they are on a "list" or that there is some unexplained "problem" that needs to be resolved. Please share your story with us by writing travel@eff.org and providing as much detail as possible. We will treat all responses confidentially and may contact you to follow-up.

More here.

Bloggers Must Disclose Sponsored Posts

An AP newswire article by Anick Jesdanun, via MSNBC, reports that:

A company that helps advertisers connect with bloggers willing to write about their products for payment will now require disclosures amid criticism and a regulatory threat.

Before this week, advertisers were barred by PayPerPost Inc. from telling bloggers they can't disclose the sponsorship, but bloggers were able to decide on their own whether or not to do so. Under the new policy, bloggers must disclose that they are accepting payment, either in the write-up or in a general disclosure policy on the blogger's Web journal.

More here.

UK: Banks Reject Lords' Call to Disclose Security Details

Tom Young writes on Computing (UK):

Banking industry body Apacs has rejected calls to publish details of which banks have poor online security.

Members of the House of Lords Science and Technology Committee raised the issue as part of an investigation begun last week into personal internet security.

Banks are not all equally rigorous in the way that they protect themselves, says Lord O’Neill of Clackmannan.

More here.

Singapore Teen Convicted of Stealing Neighbor's WiFi

Via MSNBC.

A Singapore teenager has pleaded guilty to tapping into a neighbor’s wireless Internet network and will be sentenced next month, a newspaper reported Wednesday.

In mitigation Tuesday, the lawyer for 17-year-old Garyl Tan Jia Luo said his client was “deeply remorseful” for his actions, the Straits Times reported.

Court officials could not be immediately reached for comment.

Tan’s offense carries a penalty of up to three years in jail and a maximum fine of more than $6,000. He is the first person in Singapore to be charged with the offense.

More here.

Media Takes on AT&T in Spy Case

Ryan Singel writes on Wired News:

News organizations will argue Thursday that documents under seal in a high-profile lawsuit against AT&T for its alleged participation in warrantless surveillance of Americans' phone calls and e-mails should be made public.

Wired News -- joined by the San Francisco Chronicle, Los Angeles Times, Associated Press, San Jose Mercury News and Bloomberg News -- is seeking documents and statements provided by former AT&T technician Mark Klein about the government spy program. AT&T says the pages contain corporate trade secrets.

At 2 p.m. Thursday, both sides will make oral arguments before U.S. District Judge Vaughn Walker in San Francisco.

More here.

Multi-Network Video Sharing Site Deal Probably Dead

Scott M. Fulton, III writes on BetaNews:

Broadcasting & Cable this morning cited a source close to negotiations between NBC Universal, MySpace parent Fox Interactive, and former siblings CBS Corp. and Viacom to produce a rival video sharing service to Google's YouTube, as having broken down after MTV parent Viacom walked away from the table.

At first, the concept of producing a television-centric mega-site where users would apparently happily upload clips of the network owners' own content on their behalf, for free, without fear of copyright reprisal, may have seemed tempting to negotiators even from a cost-savings standpoint.

But observers today believe the deal may have been doomed from the start, especially with the notable absence of ABC's parent company Disney, and the CW's co-owner Time Warner, whose own AOL trademark is busy trying to remake itself into some sort of YouTube/MySpace/IM amalgam.

Other analysts today said negotiators may have come to a startling realization: They're each other's direct competitors.

More here.

DNS Provider ZoneEdit Downed By Denial Of Service Attack

Antone Gonsalves writes on InformationWeek:

Domain name service provider ZoneEdit has suffered a massive denial of service attack that has left thousands of customers with intermittent service over at least two days.

The attack, which started early Tuesday morning Eastern time and continued Wednesday, affected four of ZoneEdit's 25 domain name servers, said George DeCarlo, senior VP of marketing for Vancouver, Wash.-based Dotster, which owns ZoneEdit. "It really was a massive denial of service attack," he said.

Less than 5% of ZoneEdit's customer base was affected, but that amounts to thousands of customers, DeCarlo said. He refused to provide more specific numbers.

More here.

Battelle Wins $500M BioDefense Contract

Wilson P. Dizard III writes on Washington Technology:

Battelle National Biodefense Institute has received a $500 million contract award to manage and operate a new biodefense analysis center, currently under construction at Fort Detrick, Md., according to an announcement by the Homeland Security Department today.

The Battelle organization, a unit of Battelle Memorial Institute of Columbus, Ohio, received a base contract award of $250 million over five years, with five option years that could bring the projected award cost to $500 million, DHS said in a press statement.

The department’s Science and Technology Directorate hired Battelle to conduct scientific programs and operate the National Biodefense Analysis and Countermeasures Center as a federally funded R&D center.

More here.

New State Laws Go Into Effect Jan. 1

Via Government Technology News.

Residents in at least 32 states will wake up New Year's Day to a host of new state laws, according to a compilation of legislation from the National Conference of State Legislatures (NCSL).

The new state laws run the gamut of issues, as lawmakers have responded to the needs of their constituents, said NCSL.

Five states increased the minimum wage. New Mexico started a DNA database. Rhode Island now requires health plans to cover smoking cessation programs. And it will be illegal in Arkansas to publicly display a person's Social Security number.

Smokers in Texas will pay an additional $1 tax per pack of cigarettes. In Illinois, you can talk to a live operator when you call a state agency. And in Michigan, you can use the Internet to find out where illegal meth labs have been located.

More here.

Lawsuit Challenges Government's Right to Read Your e-Mail

John Reinan writes in The (Minneapolis-St. Paul) Star-Tribune:

The government needs a search warrant if it wants to read the U.S. mail that arrives at your home. But federal prosecutors say they don't need a search warrant to read your e-mail messages if those messages happen to be stored in someone else's computer.

That would include all of the Big Four e-mail providers -- Yahoo, AOL, Hotmail and Google -- that together hold e-mail accounts for 135 million Americans.

More here.

Breaking: Divided FCC Approves New Cable Rules

An AP newswire article, via PhysOrg.com, reports that:

A sharply divided Federal Communications Commission voted 3-2 along partisan lines Wednesday to impose new measures meant to ensure that local governments do not block new competitors from entering the cable television market.

FCC Chairman Kevin Martin also released a new pricing report that showed in 2004, rates for basic and expanded cable, which account for about 84 percent of subscribers, rose 5.2 percent. Over a 10-year period, rates had increased a total of 93 percent, the report said.

The new franchising rules will require local cable franchising authorities to act on new applications from competitors with access to local rights-of-way within 90 days, and within six months for other new competitors.

The FCC will also ban local governments from forcing new competitors to build out new systems more quickly than the incumbent carriers and to count certain costs required of new carriers to go toward the 5 percent franchise fee they must pay.

More here.

'Devastating' Trial Results for Controversial Artificial Blood Product

Joseph Rhee reports on ABC News' "The Blotter":

A controverisal drug experiment, involving artificial blood given to accident victims without their consent, resulted in a 40 percent higher death rate than the standard treatment given to a control group.

Preliminary trial results released yesterday revealed that 46 subjects died after receiving the experimental blood substitute, Polyheme. There were 35 deaths among patients in the control group who received the standard care of saline solution in the field and real blood in the hospital.

An ABC News investigation this year raised questions about the propriety of administering the experimental product to subjects without their consent.

More here.

Background here, here, here, and here.

Incoming Chairman of the House Energy and Commerce Committee Questions FCC on TV Franchises

An AP newswire article by John Dunbar, via Yahoo! News, reports that:

The incoming chairman of the House Energy and Commerce Committee is questioning whether the Federal Communications Commission has the legal authority to issue rules that would make it easier for competitors to enter the cable television business.

The commission was scheduled to vote on the issue Wednesday morning, but the meeting was delayed because FCC staff were still working on some agenda items.

In a letter, Rep. John Dingell, D-Mich., wrote, "It would be extremely inappropriate for the Federal Communications Commission to take action that would exceed the agency's authority and usurp congressional prerogative to reform the cable television and local franchising process."

More here.

To Catch A Thief: Police Department Puts A Video On YouTube

W. David Gardner writes on InformationWeek:

A Massachusetts police department has posted a video on YouTube that shows two men using what is believed to be a stolen credit card to purchase merchandise at a Home Depot.

Officer Brian Johnson, a night patrolman for the Franklin police, said Wednesday that he posted the surveillance video in the hope that someone will recognize the two men and alert police. "We want to get as many eyes on this as we can," said Johnson in an interview.

A security camera at the Home Depot captured a video of the two men as they nonchalantly used the card to check out items worth hundreds of dollars. Police said the pair stole a card just minutes before they carried out the transaction in the Home Depot.

More here.

Foreign Internet Firms Struggle in China

Steven Schwankert writes on InfoWorld:

For the second time in two years, a major U.S. Internet company has chosen to offer its subsidiary to a local company, after failing to be competitive and attain profitability in China.

EBay's announcement Wednesday that it will move from stand-alone ownership of its eBay EachNet subsidiary and enter into a joint venture with Tom Online capped a three-year slide in eBay popularity in China. When the auction giant bought the 67 percent of Shanghai-based EachNet that it didn't own in 2003, that site held about 90 percent market share. As of Wednesday's sale, it has about 29 percent.

More here.

Toon: Christmas Follies


Click for larger image.


Santa's Immigration Status Questioned on Website

Jon Hurdle writes for Reuters:

Santa isn't welcome in Hazleton because he's an illegal immigrant just like all the others the Pennsylvania town is trying to get rid of -- or so someone would have you believe.

A new Web site, http://www.nosantaforhazleton.com, says the town intends to keep Santa out this Christmas because he represents the illegal immigration the town council believes increases crime and burdens local services.

But the site is a hoax, created by someone in a bid to satirize a local law passed in July that has attracted national attention by imposing penalties on businesses and landlords to deter them from hiring or renting rooms to illegal immigrants.

More here.

Websense to Buy Palo Alto's PortAuthority for $90M

Via The Silicon Valley/San Jose Business Journal:

Websense Inc. will acquire PortAuthority Technologies Inc. for about $90 million, the company said Wednesday.

San Diego-based Websense and Palo Alto-based PortAuthority have already been working together on security solutions to protect users and data from internal and external threats.

Staffing and other details about the acquisition were not disclosed. Along with its Palo Alto headquarters, PortAuthority has facilities in Ra'anana, Israel.

More here.

Privacy Horizon: Menlo Park's Spock Networks Gts $7M in First Round VC Funding

Via The Silicon Valley/San Jose Business Journal:

Spock Networks Inc. received $7 million in its first round of funding, the company said Wednesday.

Menlo Park-based Spock said the funding came from Clearstone Venture Partners, which has an office in Menlo Park, and Menlo Park-based Opus Capital Ventures.

Spock is developing a search engine focused on helping users find and discover people, and said it expects to publicly launch in 2007.

More here.

SEC: Russian Trader Used Stolen Passwords

Floyd Norris writes in The International Herald Tribune:

"Pump and dump" schemes in the stock market are an old way of making money from gullible investors, but they require persuading the investor to buy an overpriced stock.

A Russian trader, operating through an Estonian brokerage firm, found a simpler way to pump and dump stocks, the U.S. Securities and Exchange Commission said Tuesday.

The commission said the trader, Evgeny Gashichev, who was trading though an account of Grand Logistic, a Belize corporation based in Estonia, had used the Internet to steal passwords of account holders at online brokerage firms, among them E*Trade Securities, TD Ameritrade and Scottrade.

The commission said Gashichev would buy, through his own account, shares in a thinly traded company. Immediately afterward, he would use the accounts of victims to buy large amounts of the stock, driving up the price. He would then sell his shares into that demand. In some cases, he would then sell the stock short, profiting further when the price declined.

More here.

Cable Chief Slams FCC Chief

Alan Breznick writes on Light Reading:

Lashing out at cable's chief regulator, National Cable & Telecommunications Association (NCTA) president Kyle McSlarrow blasted the Republican-led Federal Communications Commission (FCC) yesterday for what he termed its "micromanagement" of communications policy and "fundamental misunderstanding" of the cable industry.

In particular, McSlarrow, a former high-ranking federal official appointed by President Bush, took aim at FCC Chairman Kevin Martin, a fellow Bush appointee. Using some of the harshest language that an NCTA president has reserved for an FCC chairman in recent memory, McSlarrow stopped just short of calling Martin a blatant hypocrite, as well as a traitor to the Bush Administration cause of open markets and government deregulation.

More here.

FBI Releases Its Lennon Surveillance Files

Via TheDay.com.

The FBI agreed Tuesday to make public the final 10 documents about the surveillance of John Lennon that it had withheld for 25 years from a University of California, Irvine historian on the grounds that releasing them could cause "military retaliation against the United States."

Despite the fierce battle the government waged to keep the documents secret, the files contain information that is hardly shocking, just new details about Lennon's ties to New Left leaders and antiwar groups in London in the early 1970s, said the historian, Jon Wiener.

More here.

(Props, Pogo Was Right.)

Fiber-Optic Internet Connections Hit 7M in Japan

Martyn Williams writes on InfoWorld:

The number of fiber-optic broadband Internet subscriptions in Japan reached 7 million in the third quarter, according to data released Wednesday.

The figures from Japan's Ministry of Internal Affairs and Communications (MIC) also show that the fiber-optic service, which is low cost and offered throughout Japan by several competing carriers, continues to drive the expansion in the country's broadband Internet market.

More here.

Princeton Professor Ed Felten Joins EFF Board of Directors

Congratulations, Ed. - ferg

Via The EFF.

The Electronic Frontier Foundation (EFF) welcomes the newest member of its Board of Directors, computer security expert Edward W. Felten. A professor of Computer Science and Public Affairs at Princeton University, Felten recently demonstrated the ability to manipulate results on a Diebold electronic voting machine -- showing that the equipment was extremely vulnerable to "vote-stealing" attacks that would undermine the accuracy of vote counts.

Felten's research interests include computer security and privacy -- especially relating to media and consumer products -- and technology law and policy. He has published about 80 papers in the research literature and two books. Felten was the lead computer science expert witness for the Department of Justice in the Microsoft antitrust case. He has also testified before the Senate Commerce Committee on digital television technology and regulation and before the House Administration Committee on electronic voting.

Felten is the founding Director of Princeton's Center for Information Technology Policy, and his weblog, at freedom-to-tinker.com, is widely regarded for its commentary on technology, law, and policy. In 2004, Scientific American magazine named Felten to its list of 50 worldwide science and technology leaders.

More here.

Ed also posts frequently to his own blog, Freedom to Tinker.

Quote of the Day: Jennifer Granick

"2006 will be remembered as the year in which our government imprisoned journalists, embraced kidnap and torture as a 'no-brainer,' and moved toward implementing an infrastructure for total surveillance of American citizens. Hopefully, it also will be remembered as the year we started to bring these practices to a halt."

- Jennifer Granick, writing in her Wired News column today.

Siemens Sets Network Speed Record

Via Reuters.

Germany's Siemens AG has set a new speed record for electrical processing of data through a fiber-optic cable, it said on Wednesday, opening the possibility of cheaper Internet and data networks.

Siemens said in a statement it had processed data using exclusively electrical means at 107 gigabits per second -- roughly two full DVDs per second -- and sent it over a single optical fiber channel in a 100 mile-long (161-kilometre) U.S. network, the first time outside of a laboratory.

More here.

Securities Regulator Says Morgan Stanley Withheld E-Mail in Cases

Gretchen Morgenson writes in The New York Times:

The NASD, the nation’s largest self-regulatory organization for the securities industry, accused Morgan Stanley yesterday of routinely failing to provide e-mail messages to aggrieved customers who had filed arbitration cases against the firm over three and a half years and with making false claims that millions of e-mail messages in its possession had been lost in the Sept. 11 attack on the World Trade Center.

The regulator also contended in its complaint against Morgan Stanley that the firm regularly destroyed millions of e-mail messages by overwriting its backup tapes and by allowing employees to delete messages. Securities and Exchange Commission rules require that firms keep all e-mails and business communications for three years.

More here.

Tuesday, December 19, 2006

Security Breach Affects 2,400 MSU Students, Workers

Richard Lake writes in The (Jackson, Mississippi) Clarion-Ledger:

Social Security numbers and other private information from about 2,400 Mississippi State University students and employees were “inadvertently” posted on a publicly accessible Web site, the university said Tuesday.

Everyone who was affected has been sent a letter explaining the situation and will be offered free credit monitoring service for one year, the university said.

More here.

(Props, Pogo Was Right.)

Phone Companies Pushing Hard to Change Cable Rules

Steve Alexander writes on the (Minneapolis-St. Paul) StarTribune.com:

After years of tentatively testing the cable television waters, telephone companies are poised to invade the market with their own service.

But first, the phone companies, including dominant local player Qwest Communications, are pushing hard to change the federal rules governing cable competition. They want to reduce their costs of becoming cable providers by reducing obligations to each city government. They argue easing rules would spur competition.

New rules being issued today in Washington by the Federal Communications Commission (FCC) are likely to give them some of what they want, reducing barriers to entry for new cable providers.

More here.

Ericsson to Buy Redback Networks for $2.1 Billion

A Reuters newswire article, via Yahoo! News, reports that:

Telecommunications equipment maker Ericsson AB will buy data networking equipment vendor Redback Networks Inc. for $2.1 billion in cash, the companies said on Tuesday.

Once complete, the transaction would give Ericsson Redback's expertise in data-routing technology that helps service providers deliver broadband, telephone, television and services over networks using standard Internet infrastructure, San Jose, California-based Redback and Sweden's Ericsson said.

More here.

U.S. Toll in Iraq - UPDATE

Via The Boston Globe (AP).

As of Tuesday, Dec. 19, 2006, at least 2,956 members of the U.S. military have died since the beginning of the Iraq war in March 2003, according to an Associated Press count. The figure includes seven military civilians. At least 2,369 died as a result of hostile action, according to the military's numbers.

The AP count is seven higher than the Defense Department's tally, last updated Tuesday at 10 a.m. EST.

More here.

And as always, cryptome.org keeps a very, very extensive list here, as does the Iraq Coalition Casualty Count website here.

UPADTE 12/20 11:36: The Associated Press has issued a correction for their casualty numbers here.

U.S. National Defense University Takes Systems Offline

Josh Rogin writes on FCW.com:

For the second time in two months, a major Defense Department educational institution has shut down its computer and e-mail systems. The National Defense University, located in Washington, D.C., is currently without Internet or e-mail while undergoing unspecified maintenance activities.

NDU is no longer connected to DOD networks and staff and students will be without service for two to four weeks, according to Dave Thomas, NDU’s director of public affairs. Thomas declined to comment on the reasons for the maintenance and could not confirm or deny whether there had been a recent network intrusion at NDU.

“I won’t acknowledge one way or the other security issues with the system,” he said.

More here.

Ameriprise Financial Fined $25,000 for Losing Laptop Data

Deni Conner writes on NetworkWorld:

Losing data can be a costly problem for a company -- even if the lost data isn’t misused. That’s a lesson Ameriprise Financial just learned the hard way.

The Minneapolis-based financial services company will pay a $25,000 fine to the state of Massachusetts as punitive damages for the company’s temporary loss of a laptop containing customer data. The fine will cover the state’s investigative costs.

Ameriprise also has agreed as part of the settlement to hire a consultant to work to improve its computer security.

More here.

The Dangers of Sharing Medical Data with Government

Via InsideBayArea.com.

Kaiser Permanente has agreed to pay for a study involving a computer program that would give doctors, pharmacists and, in some cases, law officers online access to medical records.

It's an attempt to curb the abuse of prescription narcotics by monitoring drug distribution in a way that would enable a doctor or pharmacist to find out the last time — and from whom — a patient received a prescription for Vicodin, Oxycontin and other addictive drugs.

However, it also raises serious privacy concerns.

More here.

(Props, Flying Hamster.)

EFF Lawsuit Demands Answers About Government's Secret 'Risk Assessment' Scores

Via The EFF.

The FLAG Project at the Electronic Frontier Foundation (EFF) filed suit against the Department of Homeland Security (DHS) in federal court today, demanding immediate answers about an invasive and unprecedented data-mining system deployed on American travelers.

The Automated Targeting System (ATS) creates and assigns "risk assessments" to tens of millions of citizens as they enter and leave the country. In November, DHS announced that the program would launch on December 4, but Homeland Security Secretary Michael Chertoff later admitted that the program had already been in operation for several years.

More here.

Microsoft Releases First Draft of PatchGuard APIs

Jaikumar Vijayan writes on ComputerWorld:

Microsoft Corp. today released draft application programming interfaces (API) designed to allow third-party security products to get around a contentious kernel protection technology in the Vista operating system called PatchGuard.

The draft APIs will be available to security vendors for testing and comment through the end of January. A final version of the APIs will then become available when Microsoft releases Service Pack 1 for Vista sometime in mid-2007, according to Ben Fathi, vice president of development for the Windows Core Operating System.

Microsoft today also released a separate Criteria Evaluation document that details the processes Microsoft used in evaluating vendor requests for APIs to the Vista kernel. As with the draft APIs, Microsoft is seeking third-party security vendor feedback on its criteria evaluation processes.

More here.

Sony BMG to Pay $1.5M to Settle State Suits Over CD Rootkit Debacle

An AP newswire article, via USA Today, reports that:

Sony BMG Music Entertainment will pay $1.5 million and kick in thousands more in customer refunds to settle lawsuits brought by California and Texas over music CDs that installed a hidden anti-piracy program on consumers' computers.

The program surreptitiously monitored users' behavior, and the method Sony BMG originally recommended for removing the software also damaged computers.

The settlements, announced Tuesday, cover lawsuits over CDs loaded with one of two types of copy-protection software — known as MediaMax or XCP.

Under the terms of the separate settlements, each state will receive $750,000 in civil penalties and costs.

More here.

Time to Upgrade: Mozilla Firefox Multiple Vulnerabilities

Via Secunia.

Multiple vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to gain knowledge of certain information, conduct cross-site scripting attacks, and potentially compromise a user's system.

More here.

U.S. Military, Agencies to Phish Their Workers

Wade-Hahn Chan writes on FCW.com:

The military services and some agencies, including the Homeland Security Department and the Department of Veterans Affairs, can launch diagnostic phishing attacks against their own workers.

The government-sanctioned attacks will be designed to test how well federal workers adhere to organization's e-mail security policies.

The agencies will launch the attacks will Core Security Technologies' CORE IMPACT penetration testing software. The IMPACT software will send keep track of how many employees click on the malicious links. With that information, agencies can gauge the effectiveness of their IT security education program.

More here.