Thursday, September 7, 2006

New Word Flaw Being Used in Attacks. New Word Flaw Being Used in Attacks. Software giant confirms that a critical vulnerability exists in Microsoft Office 2000. [PC World: Latest Technology News] 11:10:19 PM  PermaLink   / trackback []

Feds Shut Down Spyware Operation. Feds Shut Down Spyware Operation. Malicious-toolbar distributor pays more than $2 million in federal settlement. [PC World: Latest Technology News] 11:07:54 PM  PermaLink   / trackback []

Online Data Vendors and Information Brokers: How to Opt Out There are many websites that sell or provide for free, personal information about individuals. This information is gathered from many sources including white pages listings (directory assistance), publicly-available sources and public records. Data vendors who offer an opt out policy Data vendors who do not offer an opt out policy 11:05:58 PM  PermaLink   / trackback []

Opting Out of Online Data Vendors. Opting Out of Online Data Vendors. The Privacy Rights Clearninghouse provides a very useful list of online data vendors along with URLs and instructions to remove your information from their databases. [michaelzimmer.org] 11:01:50 PM  PermaLink   / trackback []

CDT Offers Framework for Evaluating DRM. CDT Offers Framework for Evaluating DRM. The Center for Democracy & Technology (CDT) today released a document designed to help promote a greater public understanding of the choices and tradeoffs associated with products and services that include Digital Rights Management (DRM) technology. The paper details a series of "metrics" for evaluating DRM that fall into four major categories: transparency, effect on use, collateral impact, and purpose/consumer benefit. The paper is aimed at fostering greater public understanding and discussion of DRM, on the assumption that marketplace pressures from an informed consumer base can help promote a market for digital media products that is diverse, competitive, and responsive to reasonable consumer expectations. [Center for Democracy and Technology] 10:53:50 PM  PermaLink   / trackback []

Huge Victory - Another Court Refuses to Dismiss NSA Spying Case. Huge Victory - Another Court Refuses to Dismiss NSA Spying Case. A federal judge in Oregon today rejected [PDF] the government's attempt to block a lawsuit against the NSA's massive and illegal spying program. This is a huge victory -- like Judge Walker in our case against AT&T and Judge Diggs Taylor in the ACLU's case in Michigan, Judge King rejected the government's motion to dismiss on the basis of the "state secrets" privilege. But some Congressmen are still trying to squash this vigorous judicial oversight. Fortunately, Specter's surveillance bill was once again stalled before it could reach a vote today. Keep your phone calls to Congress coming and stop the surveillance bills. [EFF: Deep Links] 10:51:24 PM  PermaLink   / trackback []

DMCA 'Terror' Case Dismissed. DMCA 'Terror' Case Dismissed. A federal magistrate today dismissed with prejudice a disgraceful DMCA prosecution against three young Texas men who bought a lot of cell phones while looking Arab. Adham Othman, 21, his brother Louai Othman, 23, and their cousin Maruan Muhareb, 18, were cleared of money laundering and conspiracy charges after a day-long preliminary hearing. The three were rousted by local law enforcement in Michigan last month after they were spotted driving from Wal-Mart to Wal-Mart buying as many low-cost pre-paid cell phones as they could get their hands on. Tuscola County authorities arrested them as suspected terrorists and made a lot of noise. Then when the case didn't pan out the feds stepped in with charges that the men conspired to violate the DMCA. After hearing the evidence today, Michigan U.S. District Court Magistrate Charles Binder threw out the case. "I think (law enforcement) dug themselves a hole and they tried to dig themselves out," defense attorney Nabih Ayad told me. "The government had no evidence whatsoever that the phones and been modified or tampered with [sigma] And they didn't show that there was a third party they were conspiring with." [27B Stroke 6] 10:49:55 PM  PermaLink   / trackback []

Encryption Not Equal to More Rights. Encryption Not Equal to More Rights. Encrypting your communications -- even using the strongest algorithm possible -- gives you no extra legal privacy rights, according to the good professor Orin Kerr. Kerr recently blogged his 2001 law review article, which argues persuasively, yet counter-intuitively, that wrapping your communication in code isn't new (the Founders did it too!). He also argues that the expectation that it would be hard for an outsider to decipher a communication or figure something out, doesn't give you legal cover to prevent the government from cracking your code or flying over your house in a plane to see that you are growing marijuana. That doesn't mean that you have no expectation of privacy in your emails, just that you shouldn't have any higher legal expectation of privacy in an encrypted email (practically speaking, this is not true since non-encrypted email is easy to spy on but a PGP-encrypted message is obviously not). A]s a practical matter, the privacy regime that protects Internet communications extends strong privacy protections even if encryption itself does not trigger the Fourth Amendment. This is true for two reasons. First, the practical hurdle inherent in obtaining a warrant will always be secondary to the practical difficulties of decrypting ciphertext. Second, the full panoply of Fourth Amendment protections applies to the acquisition of ciphertext, which will always precede any effort to obtain plaintext. These two factors, operating in tandem, create a strong privacy regime that protects the privacy of Internet users even if encryption does not trigger the Fourth Amendment. In other words, in encryption algorithms you should trust, but you get no +4 bonus against government subpoenas. Find the whole paper here (I had no luck downloading in FireFox and then trying to open it with Adobe, but was able to open it in Adobe by clicking on the link with IE). There's also, as usual, a fine discussion of the piece over at the Volokh Conspiracy, where Professor Kerr first blogged the article. [27B Stroke 6] 10:47:13 PM  PermaLink   / trackback []

USATODAY.com - Former TSA workers' data exposed The Transportation Security Administration is warning 1,195 of its former employees that a contractor may have mailed their Social Security numbers and birth dates to the wrong addresses and left them open to identity fraud. The error, acknowledged in letters the TSA mailed in late August to each of the former employees, is the latest in a series of data breaches that may have exposed workers in both private and government jobs to identity thieves. "Making a mistake like this is abominable," said Beth Givens, director of the Privacy Rights Clearinghouse, an advocate for consumer privacy. "You've got an agency whose mission is security." The TSA is part of the Homeland Security Department. Its 55,000 employees primarily run airport security. TSA spokeswoman Amy von Walter said the breach was "an administrative error, and the contractor has taken steps to ensure it's not repeated." Accenture, a contractor that handles TSA personnel, sent 1,195 documents to the wrong former employees during a recent mailing, according to a letter signed by Richard Whitford, TSA assistant administrator for human capital. 10:44:06 PM  PermaLink   / trackback []

Wired News: HP Spied on Own Directors Hewlett-Packard admitted in a securities filing Wednesday that it used a technique known as "pretexting" to obtain private phone records of its own company directors, but added that an internal review concluded the tactic "was not generally unlawful" at the time of the investigation. The company sought the records to determine who had leaked information to the press. The filing revealed George Keyworth as the source of the media leak and announced that Keyworth will not be re-nominated to the board. In addition, HP said that it has been contacted "informally" by the California attorney general in regard to the matter. The filing disclosed the details of the resignation in May of board member Tom Perkins, one of the founders of Silicon Valley venture capital giant Kleiner Perkins Caufield and Byers, who left the company over a dispute about how it handled the leak investigation. 10:39:26 PM  PermaLink   / trackback []

Reporters' records hacked in HP probe | CNET News.com Two CNET News.com reporters' personal telephone records were accessed by a contractor hired by Hewlett-Packard to uncover the source of boardroom leaks to the media, according to the California attorney general's office. The investigation conducted by a company hired by HP used a controversial technique called "pretexting" to obtain the personal phone records of reporters Dawn Kawamoto and Tom Krazit, state prosecutors said. Pretexting is a sometimes-illegal method of obtaining personal records through misrepresentation of someone's identity. 10:37:28 PM  PermaLink   / trackback []

HP Snooped on Reporter. HP Snooped on Reporter. A Hewlett-Packard contractor used false pretenses to get the home phone records of a News.com reporter who relied on an anonymous Sun source for a story as part of HP's investigation of an internal company leak, News.com reports. News reports yesterday revealed that HP snooped on the emails and phone records of at least two of its board members, Tom Perkins and George Keyworth and there may also be other reporters who were snooped on. In [News.com reporter Dawn] Kawamoto's case, AT&T said that on Jan. 30, 2006, someone used the last four digits of her husband's Social Security number to establish an online account, and provided the e-mail address red@yahoo.com. "As was the case with the Perkins account," AT&T general attorney Travis Dodd wrote in an e-mail to the attorney general's office, "the IP address associated with the browser of the person who established the account was 68.99.17.80. As was also the case with the Perkins account, this appears to have been the only date of access to the account." Given the recent increase in the federal government's attempts to discover the identity of confidential sources, it's not all that shocking that corporations would feel "empowered" to try the same kind of techniques, said Christine Tatum, president of the Society of Professional Journalists and a business writer for the Denver Post. HP is just shocked, shocked, shocked to find that the investigators it hired to sniff out the leakers used "pretexting" to get at the records of reporters. "HP is dismayed that the phone records of journalists were accessed without their knowledge and we are fully cooperating with the attorney general in his investigation," said Mike Moeller, an HP spokesman. Dismayed? They HIRED the snoop. I hope that Kawamoto has a very good lawyer. Photo: Aronchi [27B Stroke 6] 10:35:06 PM  PermaLink   / trackback []

National Call-In To Stop the Surveillance Bills! National Call-In To Stop the Surveillance Bills! Congress returns from recess this week, and EFF is joining a coalition of organizations for a two week national call-in to stop the dangerous NSA spying bills. Visit our Action Center to call your members of Congress now, and spread the word to friends and family about these bills as well. Let's keep those phones ringing in the Congressional halls for two weeks straight! Senator Arlen Specter is still rushing to pass his surveillance bill, which would help the government and the NSA continue to break the law by spying on ordinary Americans. He's planning a committee vote this Thursday, and a floor vote as early as next week. Senator Mike DeWine has also proposed a bill that would attempt to retroactively legalize the NSA dragnet surveillance. That's bad enough, but now there's another dangerous bill afoot -- Representative Heather Wilson's H.R. 5825. The House will hold a hearing tomorrow on this proposal and a vote may shortly follow. Take action now to stop the surveillance bills. Full list of call-in coalition groups after the jump: [EFF: Deep Links] 10:31:33 PM  PermaLink   / trackback []

36 Organizations Oppose New Rights for Broadcasters. 36 Organizations Oppose New Rights for Broadcasters. For immediate release Sept. 5, 2006 36 Organizations Oppose New Rights for Broadcasters Background: The World Intellectual Property Organization (WIPO) is considering a new treaty that would grant broadcasters a new 50-year property right over the content of broadcasts, regardless of whether the broadcasters own the content they are transmitting. Thirty-six companies, public-interest groups and non-profit associations today declared their opposition to the proposed World Intellectual Property Organization (WIPO) treaty that would extend new property rights to broadcasters. Signers ranged from AT&T, Verizon Communications, Dell, Intel and HP to Public Knowledge, the Electronic Frontier Foundation and the Consumer Project on Technology. The statement, released at a roundtable discussion of the proposed treaty held today by the U.S. Patent and Trademark Office (PTO), set out the basic objections on which all of the signers agreed. Individual organizations also had other areas of concern. read more [Public Knowledge - Press Releases] 10:29:14 PM  PermaLink   / trackback []

Airlines Caught Between U.S. and European Union. Airlines Caught Between U.S. and European Union. Disagreement regarding passenger data could ground thousands of flights. [PC World: Latest Technology News] 10:25:57 PM  PermaLink   / trackback []

Microsoft Downplays Malware Warnings. Microsoft Downplays Malware Warnings. Despite Window Server vulnerability recently reported, company says there's no cause for alarm. [PC World: Latest Technology News] 10:22:16 PM  PermaLink   / trackback []

CA Antivirus Flagged Windows Component as Virus. CA Antivirus Flagged Windows Component as Virus. eTrust Antivirus mistook a critical security process for malware. [PC World: Latest Technology News] 10:20:31 PM  PermaLink   / trackback []

Microsoft Nets New Phishing Filters for IE. Microsoft Nets New Phishing Filters for IE. Company will use technology from Digital Resolve that builds lists of Web sites and their legitimate IP address. [PC World: Latest Technology News] 10:19:06 PM  PermaLink   / trackback []