Friday, March 17, 2006

O'Connor Forecasts Dictatorship - Why didn't the American press chase the story? By Jack Shafer The smoke drifting out of your computer over the weekend was not the result of a fried motherboard but the scent of bloggers setting themselves on fire in response to Nina Totenberg's NPR Morning Edition Friday, March 10, dispatch. Totenberg had attended a speech at Georgetown University given the night before by retired Supreme Court Associate Justice Sandra Day O'Connor in which O'Connor invoked the word "dictatorship" to describe the direction the country may be headed if Republicans continue to attack the judiciary. O'Connor's voice was "dripping with sarcasm," says Totenberg. But the retired justice didn't name Rep. Tom DeLay, R-Texas, or Sen. John Cornyn, R-Texas, as the leading perps, in part because she didn't need to. (See Rawstory.com's transcription of Totenberg's NPR segment.) Filled with fury, the bloggers wanted to know why the mainstream media--outside Keith Olbermann on MSNBC's Countdown--hadn't mentioned O'Connor's broadside. The only newspaper stories I could find on the topic today were from England's Guardian, with Julian Borger reporting and writer Jonathan Raban filing an opinion piece on it. [...] To begin with, the Georgetown talk wasn't the first in which O'Connor had chided congressional meddlers, and it won't be the last. Give a gander to her 2003 speech before the Arab Judicial Forum titled "The Importance of Judicial Independence." Last July, the Washington Post's Blaine Harden transcribed similar sentiments from the justice at the annual 9th Circuit Judicial Conference in Spokane, Wash. O'Connor, who had announced her departure from the court, didn't use the "D" word or name any names in Spokane, but she lamented the threat posed to an independent judiciary by "some members of Congress." Ralph Thomas of the Seattle Times quoted her as saying, "in our country today, we're seeing ... a desire not to have an independent judiciary." [...] Addendum, March 14, 11 a.m.: As recently as November 2005, O'Connor gave a similar speech about judicial independence, as Tony Mauro of Legal Times writes: O'Connor's speech Nov. 7 to the American Academy of Appellate Lawyers in Washington, D.C., was a rip-snorting defense of judicial independence that criticized--without naming them--former House Majority Leader Tom DeLay, R-Texas, Sen. John Cornyn, R-Texas, and even the late president Franklin Delano Roosevelt, whom she described as "the fellow on the dime." An ear-witness to the Georgetown talk tells me O'Connor reused the Roosevelt line, indicating that elements of the talk are part of her new stump speech. 10:38:49 PM  PermaLink   / trackback []

NOW | PBS - next week / Pentagon's controversial TALON information-gathering program The Pentagon's controversial TALON information-gathering program will be the topic for next weeks episode. 9:29:30 PM  PermaLink   / trackback []

IT Conversations: Cory Doctorow - Europe's Coming Broadcast Flag The motion picture and television industries have seemingly declared global war on copyright infringement. This is understandable, of course, most of us want the creators of works to be able to enjoy their rights and profit from their efforts. But in the enduring battle for stricter restrictions on usage, the rights to create technology that's potentially infringing is caught in the crossfire. Cory Doctorow argues that these battles have little to do with the real intent of copyright and stresses that open source developers have a real stake in the outcome of this battle. European mandates such as the Digital Video Broadcasting organization's Content Protection & Copy Management are similar to the American broadcast flag but possibly more draconian in scope. Doctorow argues that digital rights management (DRM) is based on the notion that you can design a safe "so strong you can leave it in the robber's living room" and that DRM technologies treat users as attackers. According to Doctorow, DRM does little to protect copyright and is not a contract, as some might argue. At stake, he believes, is the open source community's ability to write software, understand and improve technology, and disrupt markets with new and better way to create or distribute creative works. An active question and answer period follows Cory's talk. 9:08:23 PM  PermaLink   / trackback []

IT Conversations: Gary McGraw - Software Security Security is a major concern in the IT industry, but most people think of securing the network rather than the software we all use every day. Gary McGraw argues that we need to move beyond the firewall and build security into software as it is being created in order to achieve a more secure environment. Most security practitioners focus on the network, though most attackers aim their attacks at the code. In order to combat these attacks, it is the code that need to be strengthened. Dr. McGraw offers seven concrete ways that software engineers can make their code secure from the design stage through to implementation. 9:05:16 PM  PermaLink   / trackback []

Blue Box Podcast #19 - VoIP security news, interview about VoIP over cable and much more. Blue Box Podcast #19 - VoIP security news, interview about VoIP over cable and much more. Synopsis: Interview with Geoff Devine from Cedar Point Communications about the security of VoIP over cable networks, VoIP security news and much more Welcome to Blue Box: The VoIP Security Podcast show #19, a 63-minute podcast from Dan York and Jonathan Zar around news and commentary in the world of VoIP security. This show features a 36-minute interview with Geoff Devine from Cedar Point Communications about security of VoIP over cable networks. As usual, the show also features news and comments from listeners. Download the show here (MP3, 33MB) or subscribe to the RSS feed to download the show automatically. Blue Box: The VoIP Security Podcast] 8:57:34 PM  PermaLink   / trackback []

Blue Box Podcast Spring VON #1 - Phil Zimmermann interview about Zfone. Blue Box Podcast Spring VON #1 - Phil Zimmermann interview about Zfone. Synopsis: Interview with Phil Zimmermann about his new Zfone project, the ZRTP protocol and other related topics. The interview was recorded at the Spring VON show in San Jose, California, on March 16, 2006. Welcome a special edition of Blue Box: The VoIP Security Podcast from the floor of the Spring 2006 VON conference in San Francisco, CA.   In this interview with Phil Zimmermann we talk about his Zfone project and how it has evolved since it was first announced in January (which we covered here). Phil explains the origins of his ideas, how Zfone works, how ZRTP works and how people can get involved with the public Zfone beta program. More information is available at http://www.philzimmermann.com/ Download the show here (MP3, 20MB) or subscribe to the RSS feed to download the show automatically. The interview runs about 22 minutes.   [Blue Box: The VoIP Security Podcast] 8:51:50 PM  PermaLink   / trackback []

Does DRM Really Eat Batteries? Does DRM Really Eat Batteries?  CNET's test of battery life seems to be flawed. Plus: See censored pictures of a torched MacBook power connector. In Cult of Mac. [Wired News: Top Stories] 8:42:27 PM  PermaLink   / trackback []

DRM Reduces Battery Life. DRM Reduces Battery Life. gr8_phk writes "An interesting article over at C|Net claims that playing DRMed music can reduce battery life up to 25 percent. Yet another reason to stick with plain old MP3 files." From the article: "Those who belong to subscription services such as Napster or Rhapsody have it worse. Music rented from these services arrive in the WMA DRM 10 format, and it takes extra processing power to ensure that the licenses making the tracks work are still valid and match up to the device itself. Heavy DRM not only slows down an MP3 player but also sucks the very life out of them." [Slashdot] 8:37:44 PM  PermaLink   / trackback []

Privacy a main concern in health IT lawmaking Privacy surfaced yesterday as the most troublesome issue for legislators trying to craft a federal law to promote health information technology. Almost everyone who spoke at a hearing of the House Energy and Commerce Committee's Health Subcommittee expressed concerns about protecting the privacy of patients' information. But they had different views of how to ensure the confidentiality of the records. The hearing also revealed divisions on anti-kickback proposals and other elements of pending legislation. It was the first hearing on the Health IT Promotion Act of 2005, which Rep. Nancy Johnson (R-Conn.) introduced last October. The subcommittee's chairman, Rep. Nathan Deal (R-Ga.), is a co-sponsor of the bill. 8:22:54 PM  PermaLink   / trackback []

New York Investigation Reveals Massive Privacy Breach. New York Investigation Reveals Massive Privacy Breach. On Monday, New York Attorney General Eliot Spitzer announced a settlement to address what may have been the largest breach of privacy in internet history [GovTech: Privacy] 8:19:39 PM  PermaLink   / trackback []

The Lie Behind Lie Detectors. The Lie Behind Lie Detectors. Advancing technologies could replace the polygraph with genuine mind-reading science that can discern deception. But the truth is, even the best lie detectors remain too unreliable for most purposes. Commentary by Jennifer Granick. [Wired News: Security Blanket] 8:17:57 PM  PermaLink   / trackback []

Satellites Will See More, Faster. Satellites Will See More, Faster. The next generation of commercial satellites will offer higher resolution and more frequent image updates, so applications like Google Earth will come closer than ever to a real-time look at the globe. By Joanna Glasner. [Wired News: Security Blanket] 8:15:46 PM  PermaLink   / trackback []

House Slated to Pass Data Breach Bill The Financial Data and Protection Act of 2005 (HB3997) currently in the House of Representatives has some problems. The bill, supposedly meant to offer relief for consumers who've been victims of data breaches, is really very weak, particularly compared states laws like California's version. In fact, some may say it offers consumers even less protection than they have now.    While the majority of identity fraud doesn't occur through these types of breaches, if criminals ever figured out what they have, it would get very bad. Privacy advocates have real problems with this bill, calling it "easily the worst data breach bill ever." Ed Mierzwinksi, Program Direct for the U.S. Public Interest Research Group (PIRG) discussed the bill on his blog. His words were none to kind to this legislation. One of his beefs is how the bill deals with stronger state legislation, namely preempting it. Freeze laws for example "give consumers real control over access to their credit report that no other identity theft prevention action provides them with." This bill only offers the freeze to victims after the damage has been done. The Privacy Rights Clearinghouse rails against the bill. They've put together a list of problems with the bill based on a letter sent around by US PIRG : 8:13:46 PM  PermaLink   / trackback []

Consumer groups rail against proposed data-breach notification law. Consumer groups rail against proposed data-breach notification law. Consumer and privacy groups slammed a proposed federal notification law that is under review by the House Financial Services Committee this week. [Computerworld Privacy News] 8:07:50 PM  PermaLink   / trackback []

Study: Americans have mixed views on electronic surveillance. Study: Americans have mixed views on electronic surveillance. Most Americans would not object to their employers monitoring their e-mail and Internet activities while at work, but they don't want the government monitoring those activities, according to a study by the Ponemon Institute. [Computerworld Privacy News] 8:05:19 PM  PermaLink   / trackback []

Ex-GM security guard charged with hacking into company's database. Ex-GM security guard charged with hacking into company's database. A former GM security guard was charged with stealing the Social Security numbers of nearly 100 General Motors employees at technical center. [Computerworld Privacy News] 8:02:28 PM  PermaLink   / trackback []

Hacking Made Easy Automated Tools Gather Victims' Keystrokes, Upload Passwords to Illicit Database [...] Frost is just one of thousands of victims whose personal data has been stolen by what security experts are calling one of the more brazen and sophisticated Internet fraud rings ever uncovered. The Web-based software employed by ring members to manage large numbers of illegally commandeered computers is just as easy to use as basic commercial office programs. No knowledge of computer programming or hacking techniques is required to operate the software, which allows the user to infiltrate and steal financial information from thousands of PCs simultaneously. The quality of the software tools cyber criminals are using to sort through the mountains of information they've stolen is a clear sign that they are seeking more efficient ways to monetize that data, experts say. "We believe this to be the work of a group, not a single person," said Vincent Weafer, senior director of security response at Cupertino, Calif.-based computer security giant Symantec Corp. "This type of sophistication really shows the ability that [criminals] have to do 'data mining' on where all this stolen information is coming from." 6:00:33 PM  PermaLink   / trackback []

Point and Click Cracking. Point and Click Cracking. An anonymous reader writes "Washingtonpost.com is running a story about a number of botnets and keylogger operations being controlled by Web-sites with point-and-click type front-end software interfaces. The sites mentioned in the story look like fairly slick PHP pages designed to sort through password data from keylog victims and update infected computers with new code or instructions. From the story: 'The hacking software also features automated tools that allow the fraudsters to make minute adjustments or sweeping changes to their networks of hacked PCs. With the click of a mouse or a drag on a pull-down menu, users can add or delete files on infected computers.'"[Slashdot: Your Rights Online] 5:56:03 PM  PermaLink   / trackback []

Police blotter: Judge orders Gmail disclosure | CNET News.com What: In a lawsuit brought by the Federal Trade Commission, a subpoena is sent to Google for the complete contents of a Gmail account, including deleted e-mail messages. This is unrelated to the Department of Justice's own subpoena to Google for search terms and excerpts from its search database. When: U.S. Magistrate Judge Elizabeth Laporte in San Francisco ruled on Jan. 31 and March 13. Outcome: Judge grants subpoena and orders that all e-mail messages, including deleted ones, be divulged. 5:52:16 PM  PermaLink   / trackback []

Judge Orders Deleted Emails Turned Over. Judge Orders Deleted Emails Turned Over. Anonymous Coward writes "In a lawsuit brought by the Federal Trade Commission, a subpoena sent to Google orders the turnover of the complete contents of a Gmail account, including deleted e-mail messages. The Judge has granted the subpoena and orders that all e-mail messages, including deleted messages, be divulged. Google's privacy policy says deleted e-mail messages 'may remain in our offline backup systems' in perpetuity. It does not guarantee that backups are ever deleted. So much for the Delete Forever button." [Slashdot: Your Rights Online] 5:50:04 PM  PermaLink   / trackback []

ID Cards compulsory again. ID Cards compulsory again. Oh no they're not, oh yes...oh, shut up After the Lords voted again yesterday to stand by amendments that would have made Identity Cards voluntary in Britain, MPs have voted again for creeping compulsion. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 5:45:02 PM  PermaLink   / trackback []

Adobe Fixes Critical Flash Vulnerabilities. Adobe Fixes Critical Flash Vulnerabilities. Both Windows and Mac systems are affected. [PCWorld.com - Latest News Stories] 5:39:21 PM  PermaLink   / trackback []

RFID Tags Subject to Viruses, Study Says. RFID Tags Subject to Viruses, Study Says. Radio tags used to track goods are not as secure as previously thought, researchers show. [PCWorld.com - Latest News Stories] 5:37:44 PM  PermaLink   / trackback []

Virus Encrypts Data, Demands Ransom. Virus Encrypts Data, Demands Ransom. Trojan horse asks you to pay $300 to regain access to your documents. [PCWorld.com - Latest News Stories] 5:35:08 PM  PermaLink   / trackback []

Feds Get Low Marks for Computer Security. Feds Get Low Marks for Computer Security. Department of Homeland Security is among the federal agencies receiving a failing grade. [PCWorld.com - Latest News Stories] 5:33:01 PM  PermaLink   / trackback []

Microsoft Goes Public With Its Hacker Conference. Microsoft Goes Public With Its Hacker Conference. Information from BlueHat event posted online. [PCWorld.com - Latest News Stories] 5:30:53 PM  PermaLink   / trackback []