Monday, November 29, 2004

News Item 408 

Leeway found in Wal-Mart's RFID mandate. Wal-Mart's January deadline for its top 100 suppliers to begin shipping cases and pallets outfitted with radio frequency identification tags is just around the corner - in theory. The reality is, compliance is going to be a multi-year effort, analysts say. [RFID news from Network World]
9:48:05 PM  PermaLink   / trackback []  

News Item 407 

Battling the bad guys. Couple complex network security with people's natural gullibility, and it's no wonder they're getting clobbered. [Virus and worm news from Network World Fusion]
9:45:56 PM  PermaLink   / trackback []  

News Item 406 

Hackers force creation of more IT security jobs. Security specialists are now in great demand, thanks to a boom in malicious attacks on computer systems by hackers and viruses, and an array of new communications technologies that carry new security risks. [Computerworld News]
9:36:21 PM  PermaLink   / trackback []  

News Item 405 

U.K.'s Blair tries to allay fears over ID card database. The Identity Cards Bill, published today, seeks to create by 2010 a system of ID cards with embedded chips that carry personal information and biometric identifiers. [Computerworld News]
9:35:22 PM  PermaLink   / trackback []  

News Item 404 

U.K. government hit with another large computer failure. LONDON -- IT system failures continued to plague the U.K. government this week, when as many as 80,000 civil servants working for the Department of Work and Pensions (DWP) had to deal with what is being described in the local press as the biggest computer crash in government history. [InfoWorld: Top News]
9:33:59 PM  PermaLink   / trackback []  

News Item 403 

U.K.'s Blair tries to allay fears over ID card database. LONDON -- U.K. Prime Minster Tony Blair attempted to quell growing concern over the security of the country's national identity program by threatening jail time for anyone caught tampering with the project's massive database.[InfoWorld: Top News]
9:32:13 PM  PermaLink   / trackback []  

News Item 402 

Is Microsoft creating tomorrow's IE security holes today?. Opinion Seeds of disaster [The Register]
9:27:47 PM  PermaLink   / trackback []  

News Item 401 

UK's biggest spammer goes AWOL. Peter Francis-Macrae wanted by the police and Nominet [The Register]
9:26:13 PM  PermaLink   / trackback []  

News Item 400 

eWEEK: Desktop Google Finds Holes. "Bruce Schneier". GDS is very good at searching. It's so good that it exposes vulnerabilities on your computer that you didn't know about. And now that you know about them, pressure your software vendors to fix them. Don't shoot the messenger. [Tomalak's Realm]
9:07:58 PM  PermaLink   / trackback []  

News Item 399 

U.S. Opposes Passport Privacy Protections. The Bush administration opposed security measures for new microchip-equipped passports that privacy advocates contended were needed to prevent identity theft, government snooping or a terror attack, according to State Department documents. -AP By APOnline. [washingtonpost.com - Technology]
8:42:59 PM  PermaLink   / trackback []  

News Item 398 

Wikipedia Creators Move Into News. The folks behind the open-source reference site that's challenging the encyclopedia industry decide to give journalism a go. Through the experimental Wikinews site, anyone can take a stab at being a reporter. By Joanna Glasner. [Wired News]
8:35:58 PM  PermaLink   / trackback []  

News Item 397 Wikinews Demo

Welcome to Wikinews, a free-content news source. We embarked on this journey in November 2004, and have written 90 articles. Our mission is to create a world where citizen journalists report the news on a wide variety of current events.

Anyone can help with Wikinews. If you see a headline linking to an empty story, you can create it. If a story needs to be moved to a new title as events develop, please move it. If you know of a headline story from other sources but don't have time to write a story, don't hesitate to add that headline without a story.

Everything here is under construction, so please give us some time to sort out the policies and procedures before relying on Wikinews as a source.
8:33:42 PM  PermaLink   / trackback []  


News Item 396 New Bofra Attack May Be a Sign of Things to Come

On 20 November 2004, a major malicious-code attack emerged targeting European Web sites via banner ads. This two-step attack exploits two previously identified security vulnerabilities: the Bofra (or IFRAME) flaw in some versions of Microsoft's Windows operating system, and the OpenSSL flaw in open-source Apache Web servers. When visitors using Microsoft's Internet Explorer 6.0 Web browser click on banner ads on infected Web sites, they are redirected to sites that download the Bofra worm, which can enable unauthorized parties to access or control their PCs.

Analysis

Gartner believes that attacks of this type will become increasingly common, especially around transition points âo[dot accent]014 systems where multiple versions of software (such as Windows 2000 and XP) are in use without full patches across both platforms. This attack makes use of an Internet Explorer browser vulnerability that Microsoft has not yet patched in Windows 2000 and Windows XP Service Pack 1 (SP1) âo[dot accent]014 SP2 is not believed to have this flaw âo[dot accent]014 and an unrelated vulnerability in the widely used Apache Web servers. Enterprises running Apache Web servers must take immediate defensive action and apply patches, which have been available since July 2004.
8:30:13 PM  PermaLink   / trackback []  


News Item 395 Techdirt:New Loophole In Do Not Call For Recorded Telemarketing Efforts?

It looks like some privacy groups are raising a stink over a proposed change to the FTC's rules on telemarketing, allowing telemarketing calls if they're pre-recorded, but only for companies who already have a relationship with whoever it is they're calling. The FTC says that people are making a bigger story out of this then it really is, because all they're really doing is trying to line up their own "Do Not Call" rules with the FCC's "Do Not Call" rules -- which already allows these sorts of pre-recorded messages. Unfortunately, the idea of a "pre-existing relationship" can be quite vague, and you can be sure that some telemarketers would interpret it quite broadly. Still, this discussion could use a few more details before it's worth getting too worked up about it. A simple solution is just to make it clear that such messages are only allowed if the person specifically agrees to receive such messages, and not just because of any relationship.
8:24:04 PM  PermaLink   / trackback []  

News Item 394 

Is the law's arm long enough?. Even though Congress continues to propose laws to defeat spyware and spammers, it seems law enforcement's hands are still essentially tied. [Network World on Privacy]
8:20:57 PM  PermaLink   / trackback []  

News Item 393 Color laser printers snitch on their owners with privacy-violating subliminal encoding of all printed documents

You may not be aware that your printer is leaving a trail that could point directly to you. Xerox, as well as other printer manufacturing companies, has been developing this tracking technology for over 20 years. A small microchip located near the laser beam on these printers prints out a series of small yellow dots that, when decoded, reveal the serial number of the printer that the document was printed on. Once this information is gathered, authorities can contact the manufacturer and some, like Xerox, will release the name of the printer owner to law enforcement authorities. The United States government has been working with Xerox to track down counterfeiters who used color laser printers to print fake currency. Several other countries are also interested in this technology. If you find this article interesting, be sure to also read 'Privacy International issues its sixth annual Big Brother Awards for the worst privacy invading organizations in the UK.'
8:19:35 PM  PermaLink   / trackback []  

News Item 392 

Results of Online Consumer Privacy Survey Released. More than a third of surveyed firms still share personal data with third parties without permission [GT: Privacy]
8:17:21 PM  PermaLink   / trackback []  

News Item 391 

Passport Privacy Protection? Nope. The Bush administration opposes security measures recommended by privacy advocates for new microchip-equipped passports, saying it's concerned for the safety of American travelers. Critics say the chips are good for identity thieves and government snoops. [Wired News: Security Blanket]
8:15:54 PM  PermaLink   / trackback []  

News Item 390 

Web Won't Let Government Hide. Advocates for open government are creating search engines and websites to let citizens peek into the inner workings of official agencies. Now more than ever, they say, openness is essential to self-government. By Ryan Singel. [Wired News: Security Blanket]
8:14:55 PM  PermaLink   / trackback []  

News Item 389 

Dumbing Down a Smartwatch. Researchers are developing an RFID-enabled watch system to help the memory-challenged find their stuff. But making sure it doesn't track too much is a big privacy concern. By Michael Bradbury. [Wired News: Security Blanket]
8:13:35 PM  PermaLink   / trackback []  

News Item 388 The New York Times > Education > Federal Plan to Keep Data on Students Worries Some

A proposal by the federal government to create a vast new database of enrollment records on all college and university students is raising concerns that the move will erode the privacy rights of students.

Until now, universities have provided individual student information to the federal government only in connection with federally financed student aid. Otherwise, colleges and universities submit information about overall enrollment, graduation, prices and financial aid without identifying particular students.

For the first time, however, colleges and universities would have to give the government data on all students individually, whether or not they received financial assistance, with their Social Security numbers.

The bid arises from efforts in Congress and elsewhere to extend the growing emphasis on school accountability in elementary and high schools to postsecondary education. Supporters say that government oversight of individual student data will make it easier for taxpayers and policy makers to judge the quality of colleges and universities through more reliable statistics on graduation, transfers and retention.

The change would also allow federal officials to track individual students as they journey through the higher education system. In recent years, increasing numbers of students have been attending more than one university, dropping out or taking longer than the traditional four years to graduate. Current reporting practices cannot capture such trends; a mobile student is recorded as a new student at each institution.

Under the proposal, the National Center for Education Statistics at the Department of Education would receive, analyze and guard the data. In making its case for the change, the center points to a history of working with student information and says it has never been forced to share it with law enforcement or other agencies. The proposal, first reported in the current issue of The Chronicle of Higher Education, is supported by the American Council on Education, the American Association of State Colleges and Universities, and the State Higher Education Executive Officers Association, but opposed by other education organizations, like the National Association of Independent Colleges and Universities.

A department overview of the proposal insisted that data would not be shared with other agencies and that outsiders could not gain access. By law, the summary says in capitals, "Information about individuals may NEVER leave N.C.E.S.," the National Center for Education Statistics.

But Jasmine L. Harris, legislative director at the United States Student Association, an advocacy group for students, said that since the Sept. 11 attacks, the balance between privacy and the public interest had been shifting. "We're in a different time now, a very different climate," Ms. Harris said. "There's the huge possibility that the database could be misused, and there are no protections for student privacy."

She pointed to the National Directory of New Hires, a register of people who re-enter the workforce, which began as an effort to track job trends. Since its creation, however, the database has also been used to track parents who fail to pay child support or who owe the federal government non-tax debt, she said. "The door is wide open," Ms. Harris said.

Luke Swarthout, higher education associate at the State PIRG for Higher Education, said his civic group, which has always monitored consumer issues and privacy rights, was of two minds about the plan. Improving the available data was important for Congress, policymakers and the public, who finance higher education through government loans and grants, Mr. Swarthout said. "But any time you're compiling a list of millions and millions of students, as they go through college, move and have Social Security numbers, we get concerns from a privacy perspective."

For colleges to hand over information on individual students, Congress would have to create an exemption to existing federal privacy laws, said Sarah Flanagan, vice president for government relations at the National Association of Independent Colleges and Universities.
8:12:40 PM  PermaLink   / trackback []  



© Copyright 1997- 2005 Paul Hardwick, with Web Hosting provided by MacRonin.com .
Last update: 12/25/05; 1:02:04 AM .

Click here to visit the Radio UserLand website. Valid CSS! Subscribe to "Privacy Digest: Privacy News (Civil Rights, Encryption, Free Speech, Cryptography)" in Radio UserLand. Click to see the XML version of this web page. Click here to send an email to the editor of this weblog.