Wednesday, January 4, 2006

World Economic Forum - Broadcasting, Podcasting, Webcasting and Blogging at the World Economic Forum Annual Meeting 2006 in Davos The World Economic Forum announced ambitious plans today to share the proceedings of the World Economic Forum Annual Meeting 2006 in Davos with as wide a public as possible. Held under the theme of The Creative Imperative, the Meeting will again be broadcast, webcast and, for the first time this year, many sessions will also be "podcast". Additionally, all participants will be asked to take part in the Forum's blog.  * Every participant of the Annual Meeting - ranging from business leaders to political leaders, heads of NGOs, religious leaders academics and journalists - will be asked to join the Forum blog. The World Economic Forum was the first international organization to set up a blog at the Annual Meeting in January 2005 and the upcoming Annual Meeting will see a significant development in the experiment. All of the more than 2,000 participants, including presidents and prime ministers, will be asked to provide at least one posting for the blog. www.forumblog.org * For the first time at the Meeting, which will take place from 25-29 January, the Forum will also provide podcasts of a dozen of the key sessions. The podcasts or audio-blogs will be available for downloading from the following site: www.weforum.org/annualmeeting/podcasts * The Forum will once again webcast nearly 40 of the main sessions from the Annual Meeting. Twenty-five of the sessions will be webcast live and a further 17 will be available once the session is over. An additional eight sessions from the Open Forum will also be webcast. The World Economic Forum has been webcasting from Davos since 2001. All the webcasts can be accessed on the Forum's website at: www.weforum.org/annualmeeting/webcasts 9:59:10 PM  PermaLink   / trackback []

The Capital Times - New law ensures voting paper trail - Machines must generate ballot Gov. Jim Doyle signed into law today a bill that will require that touch screen voting machines produce a verifiable paper ballot. The bill requires that if a municipality uses an electronic voting system that consists of a voting machine, the machine must generate a complete paper ballot showing all votes cast by each elector that is visually verifiable by the elector before he or she leaves the machine. "This is important for democracy. Voters have to be able to trust that their votes are counted," Mike McCabe, executive director of the Wisconsin Democracy Campaign, said after the bill signing. The bill, AB 627, also will ensure that reliable recounts can be done, added McCabe, whose organization lobbied for its enactment. 9:36:43 PM  PermaLink   / trackback []

Wisconsin Requires Open Source, Verifiable Voting. Wisconsin Requires Open Source, Verifiable Voting.  AdamBLang writes  "Previously covered on Slashdot, Wisconsin Governor Jim Doyle today signed legislation that "will require the software of touch-screen voting machines used in elections to be open-source. Municipalities that use electronic voting machines are responsible for providing to the public, on request, the code used." Madison's Capital Times reports "the bill requires that if a municipality uses an electronic voting system that consists of a voting machine, the machine must generate a complete paper ballot showing all votes cast by each elector that is visually verifiable by the elector before he or she leaves the machine."" [Slashdot] 9:32:47 PM  PermaLink   / trackback []

InformationWeek | Operating-System Security | Linux/Unix Vulnerabilities Outnumber Microsoft Windows' 3 To 1 | January 4, 2006 Tallies kept by the U.S. government's computer security group show that Linux and Unix operating systems faced nearly three times the number of vulnerabilities in 2005 than did Microsoft's often-maligned Windows. In the US-CERT (United Stated Computer Emergency Readiness Team) year-end vulnerability summary, Linux/Unix accounted for a whopping 2,328 vulnerabilities, about 45 percent of the 5,198 total. Windows, on the other hand, sported just 812 vulnerabilities during the year, said US-CERT, or 16 percent of the total. Another 2,058 vulnerabilities affected more than one operating system. Although US-CERT didn't break out Mac vulnerabilities in a separate category, the Linux/Unix section listed more than 25 attributed to the Apple Computer operating system. The end-of-year vulnerability score should be taken with a grain of salt, however, since US-CERT doesn't filter out updates (so one actual vulnerability can be counted numerous times) nor does it break out individual vulnerabilities from warnings that cover multiple bugs (as in the many Mac OS X vulnerability listings). Editor: The article also doesn't mention severity of exposure, a rather critical point. 9:29:27 PM  PermaLink   / trackback []

Linux/Unix Tops Charts for Vulnerabilities in 2005. Linux/Unix Tops Charts for Vulnerabilities in 2005. BeanBunny writes  "I realize that this topic is almost as volatile around here as Intelligent Design, but I think this is interesting nonetheless. US-CERT has released their year-end vulnerability summary. According to InformationWeek.com, Linux/Unix (including Mac OS) had almost three times the number of OS-specific vulnerabilities reported last year compared to Microsoft Windows. Obviously, statistics are meaningless without the proper conjecture, speculation, and opinionation, so let the debate begin again over which OS is really more secure."  [Slashdot] 9:23:16 PM  PermaLink   / trackback []

Data Mining for Fun and Profit. Data Mining for Fun and Profit. Tom Owad at applefritter.com has posted a detailed story on how he was able to use Amazon wishlists to profile thousands of people. By using the search function at Amazon, he accessed and downloaded over 260,000 publicly-available wishlists. He then searched the lists for "suspicious" books and authors, including Fahrenheit 451, Michael Moore, Rush Limbaugh, the Koran/Quran and, of course, Build Your Own Laser, Phaser, Ion Ray Gun and Other Working Space Age Projects. At this point, Tom had a list of Amazon usernames and had identified any "suspicious" books and author that appeared on each user's wishlist. But there was still more to do. Amazon allows a user to include their city and state information on their wishlist, so Tom had the information to take it to the next level: plotting his suspects on a Google map. [PrivacySpot.com - Privacy Law and Data Protection - nothing but privacy] 9:15:55 PM  PermaLink   / trackback []

MPR: Hatch wants end to selling of driver's license info Minnesota Attorney General Mike Hatch wants the Minnesota Department of Public Safety to stop selling driver's license information in bulk to private companies. Hatch says the DPS is compromising personal privacy and helping identity thieves. St. Paul, Minn. -- Mike Hatch says the Minnesota Department of Public Safety has sold the driver's license data to about 5,000 outside groups. He says that info can now be accessed on the Internet for the right price. "The name, address, height, weight and driver's license number of every Minnesota driver can be accessed over the Internet by anyone willing to pay for it. If you don't think that's shocking, the threat is brought to you by state government," according to Hatch. Hatch says he wants the state Legislature to pass a law that would restrict the bulk sale of driver's license information to any commercial company. Federal law already prevents just anyone from getting driver's license info with some exceptions. Hatch wants to tighten those restrictions even more except in the cases of the news media, government agencies and other groups. Hatch says under his proposal anyone who wants the information would have to pay $5 per name and notify the person that they're seeking the information. 9:13:25 PM  PermaLink   / trackback []

United Press International - British DNA database grows amid concern ONDON, Jan. 4 (UPI) -- As the British DNA database grows to more than 3 million people, privacy proponents argue against sweeping inclusion and possible misuse. The London Telegraph reports 4.25 million people will have their DNA samples recorded by the Home Office, which is roughly one in 14 people. The government has bolstered the DNA Expansion Program over the past five years with more than $521 million in funding. The Home Office defends it with statistics showing a quadruple jump in crimes solved with DNA evidence. But Lynne Featherstone, a spokeswoman for the Liberal Democrat Party called it "an intolerable infringement of liberty and personal privacy." The DNA program records and keeps samples of those convicted, as well as those acquitted, arrested but not charged and victims. Featherstone also worried about misuse of the database. 9:10:09 PM  PermaLink   / trackback []

Brad Thomson (Ottawa South, Progressive Canadian Party) answers CIPPIC questions | Digital Copyright Canada Brad Thomson (Ottawa South, Progressive Canadian Party) answers CIPPIC questions 9:05:55 PM  PermaLink   / trackback []

State sues telemarketing firms | IndyStar.com Indiana Attorney General Steve Carter said today his office is suing five Florida companies and at least three individuals, alleging they placed telemarketing calls to Hoosiers on the state's Do-Not-Call list. The companies pitch travel packages on pre-recorded telephone messages. The calls were from "Michelle" with Vacation Depot or USA Travel and "Jessica" with Premier Travel, Carter said in a news release. "These telemarketers were blanketing the state with unwanted and illegal telemarketing calls and have been evasive and uncooperative," he said. "We attempt to seek settlement and compliance with the law and have taken this legal step to protect the privacy rights of Hoosiers." This is the second suit the state has filed to enforce the Do-Not-Call law. In August, an Anderson telemarketer was ordered to pay $100,000 after he was sued. 8:58:13 PM  PermaLink   / trackback []

SUSAN TOMPOR: More are savvy about ID theft Consumers have become more aware of lost data ever since February 2005 when they first learned of trouble at ChoicePoint Inc., the data collection company that unwittingly provided information to identity scammers. If crooks get data like your Social Security number, you're a potential victim of identity theft. Almost 53 million Americans have had their personal information compromised since last February -- including breaches at Bank of America, Tufts University, Polo Ralph Lauren, Time Warner, CitiFinancial and Marriot International Inc.'s time-share division. Judith Collins, an associate professor at the Michigan State University School of Criminal Justice, said consumers should be concerned about the possibility of identity theft anytime anybody announces that data are missing or computers have been hacked. She noted that identity theft isn't just about credit card fraud or bank fraud. Criminals also steal identities to engage in terrorism, smuggle illegal immigrants or children and sell illegal drugs. Beth Givens, director of the Privacy Rights Clearinghouse, a nonprofit consumer and advisory organization, recommends that ABN AMRO mortgage customers still sign up and take advantage of that one-year, free credit monitoring service. "In general, we're in a state of ongoing insecurity as it is," she said. "We're all vulnerable to identity theft." 8:55:07 PM  PermaLink   / trackback []

InformationWeek | Data Security | Sad State Of Data Security | January 2, 2006 How does this keep happening? Companies have been publicly humiliated, slapped with audits, and threatened with prosecution, but sensitive personal data continues to be compromised. The U.S. Department of Justice is the latest to demonstrate its information-security incompetence. The mistake: exposing Social Security numbers on its Web site. It's the IT problem that just won't go away. From the time early last year that ChoicePoint Inc. admitted it had been duped into revealing personal data to identity thieves, dozens of other businesses, government agencies, and schools have followed with their own admissions of ineptitude. In most cases, victims can't do much more than keep a watchful eye on their financial statements and credit reports--and hope for the best. Not surprisingly, fraud is on the rise and consumer confidence on the decline. The Justice Department's blunder came to light when InformationWeek investigated the concerns of Nick Staff, a systems security manager at a large bank, who had grown frustrated when Justice failed to remove several Social Security numbers from its Web site, www.usdoj.gov, after Staff contacted the agency directly. In one case, the Social Security number of a woman involved in a 2003 immigration-review case was included in documentation about the case. Additional site searches yielded other peoples' numbers in a half-dozen other places. It's not clear whether the Justice Department broke any laws or regulations in exposing Social Security numbers. It's bound by the Privacy Act, which sets terms for how federal agencies use and disclose personal information, and by its own privacy policies. The Privacy Act, however, is frustratingly fuzzy and comes with a dozen exceptions. 7:03:16 PM  PermaLink   / trackback []

Windows Attacks on the Rise. Windows Attacks on the Rise. Malicious software targeting the unpatched WMF vulnerability is now the most widely reported threat on the Internet. [PCWorld.com - Latest News Stories] 6:58:30 PM  PermaLink   / trackback []

Microsoft to Patch Windows Flaw Next Week. Microsoft to Patch Windows Flaw Next Week. Microsoft has updated its advisory on an unpatched flaw in Windows that hackers are using to embed spyware and other malicious programs on PCs running the company's Windows operating system. Redmond now says it plans to release a patch on Jan. 10 to fix the problem. [Security Fix] 6:55:13 PM  PermaLink   / trackback []

EFF Calls on EMI to Permit Security Research on Copy-Protected CDs. EFF Calls on EMI to Permit Security Research on Copy-Protected CDs. Fear of Legal Action Chills Computer Security Researchers San Francisco - The Electronic Frontier Foundation (EFF) today sent an open letter to EMI Music -- the record label representing artists including Paul McCartney and Coldplay -- calling on it to agree not to pursue any legal action against computer security researchers who examine the copy-protection technologies used on some EMI CDs. In late 2005, independent researchers uncovered security problems with Sony-BMG copy-protected CDs, forcing the label to issue patches and uninstallers to those customers who had played the CDs on Windows computers. Several record labels owned by EMI, including Virgin Records, Capitol Records, and Liberty Records, use similar copy-protection technologies supplied by Macrovision. On those CDs, an end user license agreement (EULA) forbids reverse engineering for any reason, including security testing. In addition, the Digital Millennium Copyright Act (DMCA) has chilled the efforts of computer security researchers interested in examining copy-protected CDs. In the open letter published Wednesday, EFF urges EMI Music to publicly declare that it will not take legal action against computer security researchers who study copy-protected CDs released by record labels owned by EMI. "Music fans deserve to know whether EMI's copy-protected CDs are exposing their computers to security risks," said Fred von Lohmann, senior staff attorney with EFF. "When it comes to computer security, it pays to have as many independent experts kick the tires as possible, and that can only happen if EMI assures those experts that they won't be sued for their trouble." Full text of the open letter to EMI Music: http://eff.org/IP/DRM/emi.pdf Contact: Fred von Lohmann Senior Intellectual Property Attorney Electronic Frontier Foundation fred@eff.org [EFF: Breaking News] 6:53:30 PM  PermaLink   / trackback []