Wednesday, February 8, 2006

EFF - LA Times: Senate Should Take On The Telcos To Stop NSA. LA Times: Senate Should Take On The Telcos To Stop NSA. The Senate Judiciary Committee began hearings Monday on the NSA's illegal domestic spying program. Though the questioning of Attorney General Alberto Gonzales revealed few details, news reports continue to shed light on the program's scope. The Washington Post confirmed that the NSA is indeed using "computer-controlled systems [that] collect and sift basic information about hundreds of thousands of faxes, e-mails and telephone calls," mining the communications of myriad ordinary Americans. While pressing government officials to come clean is certainly a necessary step, an LA Times editorial nicely explains why senators might also want to take on the telcos that helped the government, just as EFF's suit against AT&T does: "The lawsuit takes an indirect route to the foundation's ultimate goal, which is to force investigators to get a court's approval before spying on U.S. residents. At Senate hearings on the NSA program [sigma] members of the Judiciary Committee may want to borrow from the foundation's strategy and see what they can learn not just from government officials but from telecommunications executives, who cannot hide behind executive privilege. "Ma Bell is certainly an inviting target. Outside of the NSA, no one knows more about the domestic surveillance program than the phone companies, the largest of which is AT&T." Couldn't have said it much better ourselves. Even as telecommunications companies refuse to affirm their involvement, USA Today corroborated reports that AT&T has assisted the NSA and revealed that MCI and Sprint were involved as well. Not only should AT&T and other involved companies be held accountable for breaking the law, they should also be compelled to expose the truth about the program, whether in court or the Senate hearings. [EFF: Deep Links] 11:26:41 AM  PermaLink   / trackback []

UK.gov inflates ID theft risk | The Register The UK government has come out with yet another questionable study to support its obsessive bent to impose ID cards on the British public. Once again, ID fraud figures as the reason why Brits need expensive biometric proofs of identity. A Home Office study claims ID fraud costs Britain £1.7bn. But most of these losses have either been overstated or represent nothing to do with ID fraud, an investigation by Silicon.com has discovered. Figures for the theft of a credit or debit card, missing trader, VAT fraud, and even the cost of police time in investigating con men trying to get into homes, have been added together with genuine ID fraud by the government in a hamfisted attempt to artificially inflate its figures. A full breakdown of the government's figures can be found here (PDF). 11:25:01 AM  PermaLink   / trackback []

IT Architect | Is Application Security Training Worth the Money? | February 1, 2006 Software security--sometimes called application security by the myopic--is catching on. That's good because we can certainly use less broken software in the world. But it's bad because there aren't enough knowledgeable people to build secure software. You see, the people who build software know next to nothing about security. It's no wonder they keep cranking out the security holes. One partial solution is to train your developers. The problem is that everyone and their brother seem to be hanging up a shingle to teach about software security. Asking a potential instructor the right questions will determine whether you end up being shafted, or actually affect the way your developers build software. 11:19:57 AM  PermaLink   / trackback []

Attack Code Published for Firefox Flaw. (patch already issued) Attack Code Published for Firefox Flaw. Mozilla has already issued a patch for the vulnerability found in Firefox 1.5. [PCWorld.com - Latest News Stories] 11:16:29 AM  PermaLink   / trackback []

Microsoft: Another Critical IE Flaw. Microsoft: Another Critical IE Flaw. Microsoft Corp. late Tuesday issued an advisory warning about an unpatched security hole in some versions of its Internet Explorer Web browser that attackers could use to take full control of computers via code embedded in Web sites or e-mail attachments.   [Security Fix] 11:14:00 AM  PermaLink   / trackback []

Lose your backup tapes? It could be worse | Tech News on ZDNet Commentary--Identity theft became a real possibility for millions of Americans last year when corporate backup tapes got lost while being moved from data centers to off-site storage facilities.   The list of companies reporting transportation foul-ups included blue-chip names like Bank of America, Citibank, Marriott and Time Warner. Incredibly, any career IT person will tell you that companies have been losing tapes for years. What's new here are disclosure laws. For example, the California Database Breach Act (SB 1386) mandates that organizations publicly disclose data breaches if a single California resident's personal information is at risk. If this personal data just happens to be on misplaced backup tape, so be it. SB 1386 and other similar laws were certainly enacted with the best of intentions, but do lost tapes really create a security risk? The technically accurate answer is yes but the realistic answer is no. Here's why. 11:11:50 AM  PermaLink   / trackback []

Honeywell blames ex-employee in data leak Honeywell says a former employee has disclosed sensitive information relating to 19,000 of the company's U.S. employees. Honeywell discovered the information being published on the Web on Jan. 20 and immediately had the Web site in question pulled down, said company spokesman Robert Ferris. In court filings dated Jan. 30, the company accused former employee Howard Nugent, of Arizona, of accessing the information on a Honeywell computer and then causing "the transmission of that information." 11:08:25 AM  PermaLink   / trackback []

France rules in favour of P2P. France rules in favour of P2P. But only for personal use... The French courts have ruled that using peer-to-peer networks (P2P), providing you are doing so for personal rather than commercial reasons, is legal. The decision comes just as the French Parliament meets to discuss whether internet users should pay a voluntary tax or surcharge of â[not equal]¬5 a month to use P2P networks. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 11:05:00 AM  PermaLink   / trackback []

BMC introduces Identity Management for .Net. BMC introduces Identity Management for .Net. It was more than 10 years ago that Microsoft began talking about Active Directory - but only it seemed in the context of access to the server and network. Initially, Exchange, SQLServer and other applications and services would maintain their own authentication mechanisms. It was only much later - within the past 5 years - that Active Directory came to dominate Microsoft's vision of identity management. [Identity mangement news] 11:01:12 AM  PermaLink   / trackback []

NYC Time Warner offering free cable? ( 7Online.com: - WABC-TV ) (New York-WABC, February 6, 2006) - As many as six million Time Warner customers may be eligible for free cable. It's all part of a proposed settlement in which Time Warner is now offering a choice between a free premium channels like HBO or free pay per view movies. [...] Six million customers -- whose cable service from 1994 to 1998 is part of a class action lawsuit against the cable giant-- will receive an award. [...] The suit claims the company sold subscriber information to marketing firms. If you don't have the service anymore, your credit can be given to a residential subscriber. 9:29:46 AM  PermaLink   / trackback []