Wednesday, February 1, 2006

Health Workers' Choice Debated (Washington Post) More than a dozen states are considering new laws to protect health workers who do not want to provide care that conflicts with their personal beliefs, a surge of legislation that reflects the intensifying tension between asserting individual religious values and defending patients' rights. About half of the proposals would shield pharmacists who refuse to fill prescriptions for birth control and "morning-after" pills because they believe the drugs cause abortions. But many are far broader measures that would shelter a doctor, nurse, aide, technician or other employee who objects to any therapy. That might include in-vitro fertilization, physician-assisted suicide, embryonic stem cells and perhaps even providing treatment to gays and lesbians. Because many legislatures have just convened, advocates on both sides are predicting that the number debating such proposals will increase. At least 18 states are already considering 36 bills. "It's already a very hot issue," said Edward R. Martin Jr. of the Americans United for Life, who is advising legislators around the country pushing such bills. "I think it's going to get even hotter, for lots of reasons and in lots of places." [...] "This is a very significant threat to patients' rights in the United States," said Lois Uttley of the MergerWatch project, who is helping organize a conference in New York to plot a counterstrategy. "We need to protect the patient's right to use their own religious or ethical values to make medical decisions." [...] At least nine states are considering "right of refusal" bills that are far broader. Some would protect virtually any worker involved in health care; others would extend protection to hospitals, clinics and other health care facilities. Some would protect only workers who refuse to provide certain health services, but many would be far more expansive. At least five of the broad bills would allow insurance companies to opt out of covering services they find objectionable for religious reasons. A sixth state, Pennsylvania, is considering a bill designed for insurers. "These represent a major expansion of this notion of right of refusal," said Elizabeth Nash of the Guttmacher Institute, a nonprofit organization that studies reproductive health issues and is tracking the legislation. "You're seeing it broadening to many types of workers -- even into the world of social workers -- and for any service for which you have a moral or religious belief." [...] "The so-called right-to-life movement in the United States has expanded its agenda way beyond the original focus on abortion," Uttley said. "Given the political power of religious conservatives, the impact of a whole range of patient services could be in danger." Doctors opposed to fetal tissue research, for example, could refuse to notify parents that their child was due for a chicken pox inoculation because the vaccine was originally produced using fetal tissue cell cultures, said R. Alto Charo, a bioethicist at the University of Wisconsin. "That physician would be immunized from medical malpractice claims and state disciplinary action," Charo said. Advocates for end-of-life care are alarmed that the laws would allow health care workers and institutions to disregard terminally ill patients' decisions to refuse resuscitation, feeding tubes and other invasive measures. "Patients have a right to say no to CPR, to being put on a ventilator, to getting feeding tubes," said Kathryn Tucker of Compassion and Choice, which advocates better end-of-life care and physician-assisted suicide. Others worry that health care workers could refuse to provide sex education because they believe in abstinence instead, or deny care to gays and lesbians. 9:55:46 PM  PermaLink   / trackback []

FBI Agents Back Down When Librarian Refuses to Let Them Seize 30 Computers Without a Warrant An e-mail threat that prompted the evacuation of more than a dozen Brandeis University buildings on January 18 led to an unusual standoff in a public library in Newton, Mass., a few miles from the Brandeis campus. Federal Bureau of Investigation agents tried to seize 30 of the library's computers without a warrant, saying someone had used the library's Internet connection to send the threat to Brandeis. But the library director, Kathy Glick-Weil, told the agents they could not take the machines unless they got a warrant first. Newton's mayor, David Cohen, backed Ms. Glick-Weil up. After a brief standoff, FBI officials relented and sought a warrant from a judge. Meanwhile, Ms. Glick-Weil allowed an FBI computer-forensics examiner to work with information-technology specialists at the library to narrow down which computers might have been used to send the threatening message. They determined that three computers were implicated in the alleged crime. Late that evening, the FBI received a warrant to cart away the three computers. According to Mayor Cohen, the warrant allows the FBI to view only the threatening e-mail message and the messages sent immediately before and after that message. Mr. Cohen said in an interview on Monday that he and Ms. Glick-Weil demanded the warrant because the FBI agents did not indicate that anyone at Brandeis faced a "clear and present danger." If there had been such a danger, Mr. Cohen added, agents probably would have seized the computers without even asking for them. "We were able to both protect public safety and also protect the rights of people, the sense of privacy of many, many innocent users of the computers," he said. "Had we given them the computers, they would have gotten to see e-mails from ordinary citizens doing ordinary things and would not have preserved privacy." [...] Nonetheless, she said, the FBI decided to seek a warrant. By the time agents had determined that they needed to seize only three of the computers, about 5 p.m., they realized that people at Brandeis were not about to be killed, she added. Michael J. Sullivan, the U.S. attorney for Massachusetts, also said in an interview Monday that the FBI had acted within its authority to ask for the computers without a warrant. The event prompted talk-show hosts and newspaper columnists in Boston to lash out at Newton officials, arguing that they acted irresponsibly and could have jeopardized people's lives. But Mr. Cohen said he had also received many positive comments from people all over the country supporting his actions. 7:07:13 PM  PermaLink   / trackback []

Librarian Stands up to the Feds. Librarian Stands up to the Feds. Anonymous Coward writes "A librarian at Brandeis University forced the FBI to obtain a warrant to seize computers used to send threats. From the article: 'Federal Bureau of Investigation agents tried to seize 30 of the library's computers without a warrant, saying someone had used the library's Internet connection to send the threat to Brandeis. But the library director, Kathy Glick-Weil, told the agents they could not take the machines unless they got a warrant first. Newton's mayor, David Cohen, backed Ms. Glick-Weil up. After a brief standoff, FBI officials relented and sought a warrant from a judge.'" [Slashdot] 7:00:00 PM  PermaLink   / trackback []

Microsoft Won't Offer Patch Before Worm Strikes? Microsoft Won't Offer Patch Before Worm Strikes?  techmuse writes "According to an article in Information Week, Microsoft is aware that the 'Kama Sutra/Blackworm/MyWife' worm will hit on Friday, overwriting office documents, but will not release a patch until its regular monthly patch release on February 14th. Unless, that is, you  subscribe to one of Microsoft's pay security services, in which case your machine will have the worm removed in advance. " From the article: "The blog offered no explanation why the tool wouldn't be updated earlier, nor did Microsoft immediately respond to questions. Each month, Microsoft pushes a revised tool to Windows users who have Automatic Update enabled for Windows Update or Microsoft Update. The Redmond, Wash.-based company has released the Malicious Software Removal Tool off-schedule once before, in August 2005, shortly after the Zotob worm began striking Windows 2000 systems." [Slashdot] 4:51:55 PM  PermaLink   / trackback []

Wichita Eagle | 01/30/2006 | Trial begins in case over teen sexual privacy A federal judge in Wichita began hearing testimony this morning in a case that pits teenagers' sexual privacy against the state's ability to investigate abuse. The trial is being watched across the country by legal, women's and health-care groups. A coalition of health care workers is suing to challenge an opinion by the Kansas attorney general that they are required to report all adolescent sexual activity to state child protection services. 4:41:36 PM  PermaLink   / trackback []

ABC News: New Technology Used to Guarantee Super Bowl Safety "We'll have our eyes everywhere," said Ella Bully-Cummings, Detroit's police chief. "We will be able to see everything that's going on, when it's going on." Images from satellites monitoring city streets will be beamed to the Super Bowl security command center. "We have camera coverage virtually all over downtown Detroit, including in the stadium and we're able to watch it in our join operations center," said Dan Roberts, the FBI special agent heading Super Bowl security. Fans driving in from Canada on Sunday will have their license plates scanned into computers for instant background checks. Rows of radiation detectors will check for evidence of a nuclear or radiological bomb. Law enforcement plans to use portable X-ray machines to look inside any suspicious parked cars. Mobile bomb squads will then swab for explosive residue or use a vacuum to suck particles from the car. Samples will then be placed in a machine that detects whether explosives are present or not. 4:37:43 PM  PermaLink   / trackback []

StopBadware.org Website Launched. StopBadware.org Website Launched. Last week, Harvard University's Berkman Center and the Oxford Internet Institute launched a "Neighborhood Watch" initiative against spyware and other malicious software programs [GT: Privacy] 4:27:46 PM  PermaLink   / trackback []

King George I on privacy. King George I on privacy. I'm left with the nagging feeling that the Google case is just an excuse to find out if there are characteristics of search strings that can be used to ferret out bad guys of one sort or another. If the government thinks that turns out to be the case, how long will it be before the government 'asks' the search companies to become its agents and turn over additional information that would identify the person who entered specific search strings in the future? [Network World on Privacy] 4:24:35 PM  PermaLink   / trackback []

New 'blink' credit card has critics concerned - OrlandoSentinel.com: Business JPMorgan Chase's new, high-tech charge card, just introduced in Orlando, is taking heat from some consumer advocates who think the new technology makes card fraud easier. The new Chase card contains a microchip that speeds card transactions by eliminating the need to "swipe" the card through an electronic reader at the checkout. Also, no signature or PIN is required. Cardholders enjoy the added convenience and stores sell more products, says the bank-card giant, which has introduced the card in Orlando and six other U.S. markets. But consumer advocates say the convenience of the Chase "blink" card -- named for the speed with which purchases are processed and approved -- comes at a steep price: greater risk of fraud. By removing security checkpoints such as matching signatures, PINs or photo IDs, the Chase card could lead to even more identity fraud at a time when much of corporate America is trying to impose added safeguards, some experts say. "I consider what Chase is doing irresponsible on many levels," said Beth Givens, director of the "Privacy Rights Clearinghouse", a San Diego-based watchdog group. "The fact is they are adopting and promoting a technology that could actually exacerbate fraud." Chase says that's not true. The company argues that its nationwide anti-fraud system can detect and curtail the misuse of blink cards as quickly as fraud involving regular credit cards. Chase officials also say the new card technology can't be compromised electronically -- and will not face the pitfalls exposed by a study last year in which researchers at Johns Hopkins University compromised the Exxon Mobil Speedpass system, which also uses "contact-less" payment devices. 4:21:32 PM  PermaLink   / trackback []

FutureWire - futurism and emerging technology: Are RFID Credit Cards Secure? JPMorgan Chase's new "Blink" and American Express' new ExpressPay credit cards, designed to give consumers greater speed and convenience when shopping, are a fraud and identity theft crisis waiting to happen, according to some critics. The cards, which use RFID chips, speed the checkout process by eliminating signatures and PIN numbers. The shopper simply place the card near a reader, and they're done. However, the elimination of these forms of authentication is precisely what worries security experts. "I consider what Chase is doing irresponsible on many levels," said Beth Givens, director of the Privacy Rights Clearinghouse, a San Diego-based watchdog group. "The fact is they are adopting and promoting a technology that could actually exacerbate fraud." Adds Mark Ferullo of the Public Interest Research Group, "It's certainly a big concern when companies make it easier for thieves to use stolen credit cards... No matter how good a bank says its detection systems are, fraud still falls through the cracks." 4:17:38 PM  PermaLink   / trackback []

R.I. government site hacked, credit card numbers stolen. R.I. government site hacked, credit card numbers stolen. Hackers who broke into the official Rhode Island state government Web site late last month stole 4,117 credit card numbers, according to New England Interactive, the company that manages the site. [Computerworld Privacy News] 3:03:18 PM  PermaLink   / trackback []

Senator seeks information on subpoena of Google - Yahoo! News WASHINGTON (Reuters) - The Senate Judiciary Committee's top Democrat asked Attorney General Alberto Gonzales what steps are being taken to protect Americans' privacy rights as the Justice Department demands information about Internet searches. In the letter released on Wednesday, Sen. Patrick Leahy   of Vermont asked Gonzales about the subpoena to Google Inc. and three other companies seeking data about what millions of Americans search for on the Internet's leading search engines. Leahy asked about the types of information being sought, how the department intends to use the information while protecting individual privacy rights and civil liberties and whether it will issue any additional subpoenas. Leahy's letter comes at a time of growing criticism in Congress over the government's monitoring of communications, after the disclosure that the Bush administration has been conducting domestic eavesdropping after the September 11 attacks. 3:01:26 PM  PermaLink   / trackback []

FCC proposes to fine AT&T for missing privacy report. FCC proposes to fine AT&T for missing privacy report. The U.S. Federal Communications Commission yesterday proposed fining AT&T Inc. $100,000 for failing to file an annual report detailing its compliance with the FCC's customer privacy-protection rules [Computerworld Privacy News] 2:56:48 PM  PermaLink   / trackback []

AT&T sued over alleged role in domestic spying effort. AT&T sued over alleged role in domestic spying effort. The Electronic Frontier Foundation has stepped into the fray over the Bush administrationÂ[base ']s domestic surveillance program, filing a lawsuit against AT&T Inc. over any role the company may have played in divulging customer information to the U.S. government [Computerworld Privacy News] 2:54:26 PM  PermaLink   / trackback []

AT&T Sued Over NSA Eavesdropping. AT&T Sued Over NSA Eavesdropping. The EFF files a class-action lawsuit on behalf of customers allegedly caught up in the NSA's domestic surveillance program, claiming that AT&T illegally gave the government access to customer databases. By Ryan Singel. [Wired News: Security Blanket] 2:51:54 PM  PermaLink   / trackback []

Security Boot Camp: Day Two. Security Boot Camp: Day Two. How can you claim to have control of security when an outside contractor has root passwords? [GT: Privacy] 2:50:03 PM  PermaLink   / trackback []

Security snafu at Boston Globe exposes subscriber data. Security snafu at Boston Globe exposes subscriber data. Confidential information belonging to more than 240,000 subscribers of The Boston Globe and the Worcester Telegram & Gazette has been inadvertently exposed, the Globe said today. [Computerworld Privacy News] 2:48:29 PM  PermaLink   / trackback []

Trusted Computing comes under attack - ZDNet UK News The "Trusted Computing" technologies promoted by major IT companies such as Microsoft and IBM could have negative consequences for customers and rival software makers, according to security experts. Alan Cox, a lead Linux kernel developer and security architect, said that trusting computing has often been used to lock customers into buying a particular software and to prevent rival software makers from competing on that platform. "What we've seen so far in the games console industry has been directed as if users are scum -- 'this console has lots of fancy hardware so you can't run games we haven't written'. This has been a very negative thing and has been used as a way of cutting down competition," Cox said, at a conference on Trusted Computing held in London on Thursday. The Trusted Computing Group is developing industry standard specifications for trusted computing building blocks. It has claimed that that the technology will create a safer computer environment, reduce business risks and protect end-user data. Ross Anderson, a professor of security engineering at Cambridge University who spoke at the same event, agreed with Cox that trusted computing could be used to reinforce monopolies and lock in customers. He claimed the Information Rights Management (IRM) technology that Microsoft introduced in Office 2003, which aims to protect customer's information from unauthorised access, makes it more difficult for companies to migrate to alternative desktop products. 2:42:18 PM  PermaLink   / trackback []

TSA and FBI Settle "No Fly" List FOIA Lawsuit. TSA and FBI Settle "No Fly" List FOIA Lawsuit. The Transportation Security Administration and the FBI have agreed to pay $200,000 in attorneys' fees to the ACLU to settle a Freedom of Information Act and Privacy Act lawsuit filed in 2003 seeking information about the government's "no fly" list to screen airline passengers. ACLU press release here; additional news coverage here. U.S. District Judge Charles Breyer of the Northern District of California in San Francisco approved the settlement Tuesday afternoon (1/24/06). The Plaintiffs -- Rebecca Gordon and Janet Adams, were stopped at San Francisco International in 2002, told they were on the government's "no fly" list, and not allowed to fly until "screened" by local law enforcement. Gordon and Adams sued after the FBI said it had no records responsive to their FOIA request and after the TSA refused to even publicly acknowledge that it was using such a screening process. The Gordon/Adams Freedom of Information Act lawsuit accomplished at least three things: First, it forced the government to publicly concede that it was using a "no fly" and other watch lists to screen airline passengers after September 11th; Second, the documents released revealed for the first time, the exponential growth of the "no fly" list -- from only 16 names on the government's "no transport" list as of September 11, 2001 and within days thereafter, hundreds of names; within a year, over 1,000 names; and over 30,000 names now. Third, the released documents revealed the subjective nature of how the government decides to include a name on the "no fly" list and informed the public debate about the privacy and security implications that flow from a process in which the government's practices remain virtually unchecked. A complete set of the documents released through this litigation are available online here. [Privacy and Security Law Blog] 2:36:44 PM  PermaLink   / trackback []

'RFID tag' - the rude words ID card ministers won't say. 'RFID tag' - the rude words ID card ministers won't say. Lengthy descriptions of duck, but no d-word. .. When it comes to RFID, is MP Andy Burnham lying or drowning? If it's lying, then in principle the Home Office Minister is no more lying than other people are - the US Department of Homeland Security, the EU's Justice & Home Affairs Committee and impressive numbers of RFID, sorry, contactless, proximity chip vendors. But if he's not, the drowning act is pretty convincing. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 2:15:07 PM  PermaLink   / trackback []

Face and fingerprints swiped in Dutch biometric passport crack. Face and fingerprints swiped in Dutch biometric passport crack. Chip skimmed, then security breached Dutch TV programme Nieuwslicht (Newslight) is claiming that the security of the Dutch biometric passport has already been cracked. As the programme reports here, the passport was read remotely and then the security cracked using flaws built into the system, whereupon all of the biometric data could be read. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 2:12:44 PM  PermaLink   / trackback []

Encrypted RFID passport data intercepted and cracked. Encrypted RFID passport data intercepted and cracked. A Dutch television news program has commissioned experiments by security research firm Riscure in which radio communications between the RFID chip in a prototype Dutch passport (using the same technology and encryption scheme recently adopted as an international standard and being deployed in USA passports) were intercepted, stored for analysis later at leisure, the password cracked in about 2 hours on a PC, and the digitized fingerprint, photograph, and all other encrypted and plain text data on the RFID chip in the password recovered. Like the RFID passports scheduled for deployment in the USA by the end of this year (although the date seems to keep slipping due to technical, manufacturaing, and relaibility problems), the Dutch passports use ISO 14443 chips and the "Basic Access Control" encryption scheme, both of which have been adopted by ICAO as global standards and, through laws mandating "compliance" with ICAO standards, incorporated by reference into national laws in the USA and many other countries. Under the "Basic Access Control" (BAC) scheme, the decryption key is derived from the subset of passport data printed in optically-readable type in the "Machine Readable Zone" (MRZ) at the bottom of the "data page" of the passport. The theory is that the exchange between the reader and the chip in the passport, even if intercepted, can't be decrypted without access to this data (which, unlike the RFID data, would be hard to obtain remotely). The newly-reported Dutch experiment shows that this isn't true: anyone who can eavesdrop on the radio conversation between a "basic access control" RFID passport chip and a legitimate reader can later decrypt it and recover the data. The attack was made somewhat easier and quicker, in the Dutch case, by patterns in the assignment of passport numbers that form part of the MRZ data and thus the basis of the BAC decryption key. But since the passport cracking and decryption can be performed at leisure, once the encrypted data stream is captured and stored, this would only effect the time required to crack each passport with a given computer, not the basic possibility of doing so. Neither the "Nieuwslicht" (Newslight) television report (as translated by my Dutch colleague), nor the press release on the Riscure Web site, specify the range at which the radio exchange between the chip in the passport and a reader (such as would be deployed at an immigration checkpoint or airline check-in counter) was intercepted. But another Dutch rearch presentation cited in The Register (UK) suggests that it could be up to 10 meters (30+ feet). [...] [Thanks to Katherine Allbrecht of Spychips.com for being the first to bring the Dutch news to my attention. See her excellent new blog with Liz McIntyre, co-author of the Spychips book, for more news about RFID chips.] [The Practical Nomad] 2:09:50 PM  PermaLink   / trackback []

Research: Buggy, Flawed 'ActiveX' Controls Pervasive. Research: Buggy, Flawed 'ActiveX' Controls Pervasive. Microsoft takes its share of lumps from security experts for building software that constantly requires security updates, but dozens of major corporations may also be guilty of piling their own security problems into Windows machines.  [Security Fix] 2:05:12 PM  PermaLink   / trackback []

EFF Sues AT&T to Stop Illegal Surveillance. EFF Sues AT&T to Stop Illegal Surveillance. Telecom Collaborated with NSA to Spy on Customers San Francisco - The Electronic Frontier Foundation (EFF) filed a class-action lawsuit against AT&T Tuesday, accusing the telecom giant of violating the law and the privacy of its customers by collaborating with the National Security Agency (NSA) in its massive and illegal program to wiretap and data-mine Americans' communications. The NSA program came to light in December, when the New York Times reported that the president had authorized the agency to intercept telephone and Internet communications inside the United States without the authorization of any court. Over the ensuing weeks, it became clear that the NSA program has been intercepting and analyzing millions of Americans' communications, with the help of the country's largest phone and Internet companies. Reporting has also indicated that those same companies[~]and AT&T specifically[~]have given the NSA direct access to their vast databases of communications records, including information about whom their customers have phoned or emailed with in the past. And yet little has been accomplished by this illegal spying: recent reports have shown that the data from this wholesale surveillance has done little more than waste FBI resources on dead leads. "The NSA program is apparently the biggest fishing expedition ever devised, scanning millions of ordinary Americans' phone calls and emails for 'suspicious' patterns, and it's the collaboration of US telecom companies like AT&T that makes it possible," said EFF Staff Attorney Kevin Bankston. "When the government defends spying on Americans by saying, 'If you're talking to terrorists we want to know about it,' that's not even close to the whole story." In the lawsuit, EFF alleges that AT&T, in addition to allowing the NSA direct access to the phone and Internet communications passing over its network, has given the government unfettered access to its over 300 terabyte "Daytona" database of caller information[~]one of the largest databases in the world. [EFF: Breaking News] 1:46:07 PM  PermaLink   / trackback []

CDT, Others Call for Delay of FCC Wiretapping Rules. CDT, Others Call for Delay of FCC Wiretapping Rules. CDT joined with a coalition of industry and public interest groups this week to urge the Federal Communications Commission to delay its controversial Internet wiretapping rules. In comments filed with the FCC, the groups requested that the commission push back the effective date of the rule requiring that that broadband Internet and interconnected voice-over Internet Protocol (VOIP) services be designed to make government wiretapping easier. CDT, which is also involved in a court challenge against the ruling, supports the delay because the FCC set a deadline for VoIP and broadband providers to modify their networks but failed to specify what modifications were required. [Center for Democracy and Technology] 1:40:34 PM  PermaLink   / trackback []

AOL Patches Serious Winamp Bug. AOL Patches Serious Winamp Bug. Users urged to upgrade their software to fix the major security hole. [PCWorld.com - Latest News Stories] 1:37:52 PM  PermaLink   / trackback []

Symantec Readies Security Subscription Service. Symantec Readies Security Subscription Service. Genesis service, coming later this year, will offer antivirus, antispyware, and anti-phishing capabilities. [PCWorld.com - Latest News Stories] 1:36:15 PM  PermaLink   / trackback []

Hackers Lurk in AMD's Web Site. Hackers Lurk in AMD's Web Site. Attackers are using AMD's customer support forums to deliver malicious software. [PCWorld.com - Latest News Stories] 1:33:43 PM  PermaLink   / trackback []

Microsoft Warns of File-Trashing Worm. Microsoft Warns of File-Trashing Worm. Security advisory issued, but experts think danger not as great as originally reported. [PCWorld.com - Latest News Stories] 1:32:02 PM  PermaLink   / trackback []

Hollywood vs. Your PC: Round 2. Hollywood vs. Your PC: Round 2. Legal options in digital entertainment are growing. But they come with restrictions that can hobble your ability to enjoy the content you've paid for--and even threaten your control over your system. [PCWorld.com - Latest News Stories] 1:24:40 PM  PermaLink   / trackback []

AT&T Sued Over U.S. Wiretapping Program. AT&T Sued Over U.S. Wiretapping Program. Company is accused of collaborating with an NSA program to intercept Internet and telephone communications. [PCWorld.com - Latest News Stories] 1:22:38 PM  PermaLink   / trackback []

Submission of Andrew McLaughlin, Google Inc. - Human Rights Caucus briefing Human Rights Caucus briefing Posted by Andrew McLaughlin, Senior Policy Counsel For today's Member Briefing of the U.S. Congressional Human Rights Caucus on "Human Rights and the Internet -- The People's Republic of China," we've submitted the following statement: [Official Google Blog] 1:20:34 PM  PermaLink   / trackback []

Google's data minefield. Google's data minefield. Search engine vs Government The US Government's broad subpoena to search engines effectively seeks to mine the data of the internet. While Google has resisted the subpoena, there may be little they can do to protect our privacy from many prying eyes. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 1:18:08 PM  PermaLink   / trackback []

AT&T sued over NSA warrantless wiretapping. AT&T sued over NSA warrantless wiretapping. Sneakers US telco AT&T is being sued over allegations it helped the National Security Agency (NSA) in its "massive and illegal program" to wiretap and data-mine Americans' communications The Register - Internet and Law: Digital Rights/Digital Wrongs] 1:16:32 PM  PermaLink   / trackback []

Verizon Splits With Other Bells On Need For 'Net Neutrality' Solution. Verizon Splits With Other Bells On Need For 'Net Neutrality' Solution. Friday, January 27) Verizon Communications opened more distance between itself and two other leading Bell operating companies when its top public policy official strongly pushed voluntary Internet neutrality principles. "We are trying to work with other players [in the technology and communications industries] to see how we can create the right climate to put market pressure on everyone to abide by the Internet principles," Verizon Executive Vice President Tom Tauke told a press briefing. [Public Knowledge - Breaking News] 1:15:06 PM  PermaLink   / trackback []

AT&T chief warns on internet costs. AT&T chief warns on internet costs. Ed Whitacre, AT&T's chairman and chief executive, warned on Monday that internet content providers that wanted to use broadband networks to deliver high-quality services such as movie downloads to their customers would have to pay for the service or face the prospect that new investment in high speed networks 'will dry up' � [Public Knowledge - Breaking News] 1:12:43 PM  PermaLink   / trackback []

SecuriTeam - Cross Site Cooking here are three fairly interesting flaws in how HTTP cookies were designed and later implemented in various browsers; these shortcomings make it possible (and alarmingly easy) for malicious sites to plant spoofed cookies that will be relayed by unsuspecting visitors to legitimate, third-party servers. 1:09:28 PM  PermaLink   / trackback []

NIST updates cryptography guidelines for U.S. Federal Agencies - IT Security News - SC Magazine US In a bid to help U.S. federal agencies protect sensitive, but unclassified information, the National Institute of Standards and Technology (NIST) has updated guidelines for selecting and implementing cryptographic methods. Originally published in 1999, Guideline for Implementing Cryptography in the Federal Government (NIST Special Publication 800-21-1) is intended primarily for federal employees who design computer systems and procure, install and operate security products to meet specific needs. NIST warned that the need for securing data is more pressing now than ever before: "In an increasingly open environment of interconnected computer systems and networks, security is essential to ensure that information remains confidential, is not modified or destroyed and is available when needed." 1:07:13 PM  PermaLink   / trackback []

SecurityFocus - Nmap 4.00 Released Insecure.Org is pleased to announce the immediate, free availability of the Nmap Security Scanner version 4.00 from http://www.insecure.org/nmap/ . I try not to burden the Bugtraq list with more than one Nmap announcement per year. So I encourage those of you who would like to hear about new Nmap releases as they happen to join the low-volume nmap-hackers list at http://cgi.insecure.org/mailman/listinfo/nmap-hackers . I just did an interview for SecurityFocus which provides some further details on this release: http://www.securityfocus.com/columnists/384 12:59:18 PM  PermaLink   / trackback []

Shmoocon 2006: Wi-Fi Trickery or How to Secure, Break and Have Fun with Wi-Fi - hack a day - www.hackaday.com _ Franck Veysset and Laurent Butti, both from France Telecom R&D, presented several proof-of-concept tools at Shmoocon that use 802.11 raw injection. The first is Raw Fake AP. The original Fake AP is a script that generates thousands of fake access points. It is easy to spot because of tell-tale signs like the BSSID showing the AP has only been up for a couple milliseconds. Raw Fake AP tries to generate legitimate access points by modifying BSSIDs and sending beacon frames at coherent time intervals. Raw Glue AP is designed catch probe requests from clients scanning for a preferred ESSID. It then tries to generate the appropriate probe responses to keep the client occupied. Raw Covert was the final tool. It creates a covert channel inside of valid ACK frames. ACK frames are usually considered harmless and ignored by wireless IDS. The tool is really basic right now, there is no encryption and it doesn't handle dropped frames. 12:56:18 PM  PermaLink   / trackback []