Sunday, January 15, 2006

Official: iPod owners are not thieves | The Register A survey of US and UK music buyers reveals that although 25 per cent of people admit to downloading music from file-sharing services, only seven per cent of iPod owners do so. Proving that iPod users are either scrupulously honest or more paranoid they'll get sued by RIAA than owners of lesser music players. 3:54:20 PM  PermaLink   / trackback []

iPod Owners Not Thieves. iPod Owners Not Thieves. An anonymous reader writes  "Remember last year when Microsoft head Steve Ballmer said iPod owners were music thieves and their iPods were full of stolen music? It turns out they're actually less likely to download music using filesharing software than owners of other MP3 players. A lot less likely." --- From the article:  "A survey of US and UK music buyers reveals that although 25 per cent of people admit to downloading music from file-sharing services, only seven per cent of iPod owners do so. Proving that iPod users are either scrupulously honest or more paranoid they'll get sued by RIAA than owners of lesser music players." [Slashdot] 3:50:39 PM  PermaLink   / trackback []

MIT Startup Tests Top Million Sites for Spyware. MIT Startup Tests Top Million Sites for Spyware. torrentami writes  "An MIT startup called SiteAdvisor has downloaded over 100,000 programs from the top million Web sites and tested them for adware and spyware using an automated system they've built. They've got a blog entry where they dissect 5 of the worst adware bundles they found. There is some amazingly invasive stuff in there."  [Slashdot] 3:42:21 PM  PermaLink   / trackback []

Web Site of Agency Is Called Insecure - New York Times The General Services Administration has shut a Web site for government contractors after a computer industry consultant reported that he was able to view and modify corporate and financial information submitted by vendors. The security flaw, which could have permitted contractor fraud, was reported to the agency's inspector general on Dec. 22, but almost three weeks passed before the system was taken offline Wednesday afternoon. The General Services Administration is the federal agency responsible for procuring equipment and services, including computer security technology, making the lapse all the more striking. "This is the government entity responsible for letting contracts for security," said Mark Rasch, chief security counsel for Solutionary, a security firm. "Clearly the people who log in would know about security." The agency said it believed that the flaw had not been exploited by intruders or by authorized users. 2:45:11 PM  PermaLink   / trackback []

GSA Bidding Site Compromised By Flaw. GSA Bidding Site Compromised By Flaw. thomville writes "NY Times reports that eOffer, the government site allowing on-line bids for contracting government computer services, allowed viewing and modification of other contractor's corporate and financial data." From the article: "The security flaw, which could have permitted contractor fraud, was reported to the agency's inspector general on Dec. 22, but almost three weeks passed before the system was taken offline Wednesday afternoon. The General Services Administration is the federal agency responsible for procuring equipment and services, including computer security technology, making the lapse all the more striking. 'This is the government entity responsible for letting contracts for security,' said Mark Rasch, chief security counsel for Solutionary, a security firm. 'Clearly the people who log in would know about security.'" [Slashdot] 2:42:41 PM  PermaLink   / trackback []

RFID Cookware. RFID Cookware. HaggiZ writes "Vitacraft are claiming to have what they call RFIQin Robotic Cookware (unfortunate name). It's basically pots and pans that you can place RFID cooking cards in the handle with. The communicate with the induction stove 16 times a second to adjust the cooking when required. Neat idea, although I'm not sure anything I cook needs to have it's temperature reviewed or adjusted every 0.06 of a second." For all the evil uses of RFID that have been floated over the years, it's nice to see that someone is going to finally make it so I stop burning my lunch.  [Slashdot] 2:39:34 PM  PermaLink   / trackback []

ABC News: NSA Whistleblower Alleges Illegal Spying Former Employee Admits to Being a Source for The New York Times 1:56:06 PM  PermaLink   / trackback []

NSA Wiretapping Whistleblower. NSA Wiretapping Whistleblower. Kagu writes "ABC News is running a short piece about an interview with former NSA Employee Russell Tice and his allegations that the NSA wiretaps are more pervasive than believed and used in ways he believes violated the law. " [Slashdot: Your Rights Online] 1:53:35 PM  PermaLink   / trackback []

Symantec Caught in Norton 'Rootkit' Flap Symantec Corp. has admitted to using a rootkit-type feature in Norton SystemWorks that could provide the perfect hiding place for attackers to place malicious files on computers. The anti-virus vendor acknowledged that it was hiding a directory from Windows APIs as a feature to stop customers from accidentally deleting files but, prompted by warnings from security experts, the company shipped a SystemWorks update to eliminate the risk. Symantec, of Cupertino, Calif., is the second commercial company caught in the flap over the use of rootkit-type techniques to hide files on computers. Rootkits are programs that are used to give a remote user access to a compromised system while avoiding detection from security scanners. 1:48:26 PM  PermaLink   / trackback []

Rootkit-like Feature Found in Norton Systemworks. Rootkit-like Feature Found in Norton Systemworks.   GenieGenieGenie writes  "eWeek reports a rootkit-like 'feature' in Symantec's Norton Systemworks, discovered by the Mark Russinovich, who was also responsible for blowing the whistle on Sony's DRM rootkit. The cloaked directory is intended to prevent users from accidentally deleting important files, but could compromise a system by serving as a hiding place for malware, as was the case with Sony's rootkit. Russinovich says Symantec had good intentions, but they were right to post an update to fix this hole." [Slashdot: Your Rights Online] 1:44:42 PM  PermaLink   / trackback []

GROKLAW - Some Safety and Reliability Questions About DRM, by Victor Yodaiken Digital Rights Management (DRM) technologies are supposed to protect digitized "content", like movies and musical performances from being illicitly copied or used. DRM technology is sometimes described as security technology when it is really licensing technology -- something very different. In fact, DRM may decrease security and reliability. Consider what might happen if a computer equipped with DRM technologies was also used for the primary telephone of some unlucky person who opened his email mail to find a spammer had sent him a pirated copy of a song. The song begins to play automatically just as our fictional victim recognizes that he is experiencing a heart attack and he desperately clicks the Skype window to dial emergency services. But all he sees on the screen is a big notice: DETECTION OF UNLICENSED USE OF MEDIA: SYSTEM SHUT DOWN. Is this a realistic scenario? Based on the recent Sony BMG fiasco, it is. Sony BMG put DRM software onto CDs that broke the basic system security and made the entire system slower and less reliable. Imagine that your children put such a CD on your computer and opened an avenue for hackers to make copies of your business memos and personal email. Imagine what would happen to the PC running a safety monitoring system for a nuclear power plant that was also used by a technician who wanted to listen to CDs on the job. We are entering the era of ubiquitous and safety critical computing, but the developers of DRM technologies seem to believe that computers are nothing more than personal entertainment systems for consumers. This belief is convenient, because creating DRM mechanisms that respect security, safety, and reliability concerns is going to be an expensive and complex engineering task. 1:39:49 PM  PermaLink   / trackback []

The Choice Between DRM and Security. The Choice Between DRM and Security. gormanly writes "Victor Yodaiken has an article up on Groklaw in which he discusses how DRM may decrease security and reliability. He raises several questions that the developers of DRM technologies ought to answer - because not all computers are merely personal entertainment systems for 'content' consumers." From the article: "Sony BMG put DRM software onto CDs that broke the basic system security and made the entire system slower and less reliable. Imagine that your children put such a CD on your computer and opened an avenue for hackers to make copies of your business memos and personal email ... We are entering the era of ubiquitous and safety critical computing, but the developers of DRM technologies seem to believe that computers are nothing more than personal entertainment systems for consumers. This belief is convenient, because creating DRM mechanisms that respect security, safety, and reliability concerns is going to be an expensive and complex engineering task." [Slashdot: Your Rights Online] 1:33:48 PM  PermaLink   / trackback []

RFID Scare Tactics and the Push To Adopt Privacy advocates leery of RFID have been pointing out how the technology could be misused to track all kinds of consumer-buying habits, and comparisons to Big Brother are common in their arguments. Do these privacy groups have a valid point or are they just standing in the way of progress? "The reality is that these advocacy groups are basically looking for governance around something that simply is not happening yet," McCullough said. "But saying they are getting in the way of progress may be too harsh a judgment." In fact, the Yankee Group analyst thinks the role of privacy groups "is warranted as a check and balance" for a rapidly evolving RFID industry. With consumers increasingly concerned about privacy, many analysts recommend that CIOs take a hands-on approach to the issue. One way to respond would be to ensure that responsible codes of conduct are introduced hand-in-hand with any RFID tag deployments. In this respect, companies already involved in supply-chain applications of the technology have an excellent opportunity to become leaders, McCullough said. For example, they could promise never to allow an RFID-enabled product to leave a store without the consumer having the option of turning it off, McCullough suggested. "Certainly, some will go in that direction." Education Is Key A Forrester Research report published last year found that 81 percent of consumers surveyed said they would find RFID acceptable as long as the tags were disabled prior to leaving the store. Moreover, 58 percent of the respondents indicated that they would have no problem with the technology if retailers agreed not to use it to collect data about customers or their shopping habits. Such a code of conduct can be an effective first step in overcoming consumer concerns. CIOs also should focus on conveying the consumer benefits of RFID tags, said Forrester Research analyst Christine Overby. "Without clarification about how RFID works, consumers will base their opinion on the Big Brother stories currently making the headlines." 1:30:04 PM  PermaLink   / trackback []

ImageWare Systems to Participate in Voluntary Credentialing Industry Coalition; New Group Will Advise Government on Large-Scale Public Credentialing Programs, Registered Traveler Initiatives ImageWare Systems, Inc. (AMEX:IW), a world leading developer and provider of biometric identity management solutions has joined the Voluntary Credentialing Industry Coalition (VCIC). The VCIC is a new alliance of biometric and access-control companies formed to advise the government on large-scale public credentialing programs such as the Transportation Security Administration's (TSA) Registered Traveler Program. The VCIC will be led by Wexler & Walker Vice Chairman, Tom Blank. The VCIC will focus on voluntary credentialing programs and related issues including consumer privacy and data theft. The first order of business is the TSA's Registered Traveler Program, which is designed to let pre-screened, frequent fliers carry biometric identification cards. Program participants can then conveniently move through security checkpoints at airports. The TSA finished a successful pilot program at five airports during 2005 and expects the Registered Traveler Program to be expanded nationwide. ImageWare and its Washington DC federal staff are also actively involved in tracking projects such as Registered Traveler and similarly engaging industry partners in forwarding Federal Government biometric initiatives. 1:24:40 PM  PermaLink   / trackback []

RFP seeks state input about health records exchange RTI International has issued a request for proposals seeking U.S. states and territories that want to participate in a project that could help make it easier for them to legally exchange health records. The RFP states that as many as 40 states or territories could get federal support for yearlong projects in which they review privacy laws, policies and regulations that prevent the legitimate exchange of health care information. Although the project's results will be part of a report on legal barriers and best practices, the real goal appears to be to prod states to change their laws and regulations. States must submit their proposals by March 1, and RTI, a nonprofit federal contractor based in the Research Triangle Park, N.C., expects the projects to start in early May. 1:21:00 PM  PermaLink   / trackback []

Windows Wireless Flaw a Danger to Laptops. Windows Wireless Flaw a Danger to Laptops. At the ShmooCon gathering in Washington, D.C., today, old-school hacker and mischief maker Mark Simple Nomad Loveless released information on a staggeringly simple but very dangerous wireless security problem with a feature built into most laptop computers running any recent version of the Microsoft Windows operating system. Laptops powered by Windows XP or Windows 2000 with built-in wireless capabilities ... [Security Fix] 1:08:53 PM  PermaLink   / trackback []