Monday, January 22, 2007

Microsoft Admits Vista Has "High Impact Issues". Microsoft Admits Vista Has "High Impact Issues". EggsAndSausage writes  "Microsoft has granted, in a roundabout way, that Vista has 'high impact issues.' It has put out an email call for technical users to participate in testing Service Pack 1, due out later this year, which will address 'regressions from Windows Vista and Windows XP, security, deployment blockers and other high impact issues.' It's hard to know whether to be reassured that Service Pack 1 is coming in the second half of 2007, and thus that there is a timeframe for considering deployment of Vista within businesses, or to be alarmed that Microsoft is unleashing an OS on the world with 'high impact issues' still remaining."  In other news, one blogger believes that Vista is the first Microsoft OS since Windows 3.1 to have regressed in usability from its predecessor (he kindly forgives and dismisses Windows ME). And there's a battle raging over the top 10 reasons to get Vista or not to get Vista. [Slashdot] 10:04:56 PM  PermaLink   / trackback []

Cleaning Up No-Fly Lists. Cleaning Up No-Fly Lists. A Homeland Security official says names of innocent people are being scrubbed from airport security watch lists -- but who's doing that, and how? We're looking into it. In 27B Stroke 6. [Wired News: Top Stories] 9:49:47 PM  PermaLink   / trackback []

Microsoft Answers Vista DRM Critics' Claims. Microsoft Answers Vista DRM Critics' Claims. skepsis writes "Recently have been some recent stories on Slashdot claiming that Vista would downgrade the quality of audio and video for every application in a machine where protected content was running. One of the stories painted a scary scenario where a 'medical IT worker who's using a medical imaging PC while listening to audio/video played back by the computer' would have his medical images 'deliberately degraded'. A post has been put up on the Vista team blog explaining exactly how the content protection works, and it turns out the medical IT staff and audio pros can relax. From the post: 'It's important to emphasize that while Windows Vista has the necessary infrastructure to support commercial content scenarios, this infrastructure is designed to minimize impact on other types of content and other activities on the same PC. For example, if a user were viewing medical imagery concurrently with playback of video which required image constraint, only the commercial video would be constrained -- not the medical image or other things on the user's desktop.'"  [Slashdot] 9:44:34 PM  PermaLink   / trackback []

Spam is Back With A Vengence. Spam is Back With A Vengence. Ant writes "The Red Tape Chronicles reports that just last December (2006), the FTC published an optimistic state-of-spam report. It cites research indicating spam had leveled off or even dropped during the previous year. It now appears spammers had simply gone back to the drawing board. There's more spam now than ever before. In fact, there's twice as much spam now as opposed to this time last year. And the messages themselves are causing more trouble. About half of all spam sent now is "image spam," containing server-clogging pictures that are up to 10 times the size of traditional text spam. And most image spam is stock-related, pump-and-dump scams which can harm investors who don't even use e-mail. About one-third of all spam is stock spam now." [Slashdot] 9:11:03 PM  PermaLink   / trackback []

The Anatomy of Pump N' Dump Stock Spamming. The Anatomy of Pump N' Dump Stock Spamming. giorgiofr writes "Laura Frieder and Jonathan Zittrain have analyzed pump n' dump spam activity in their paper 'Spam Works: Evidence from Stock Touts and Corresponding Market Activity'. Unbelievably, it appears that spammers are able to achieve a 5% gain on pumped stock before dumping it, along with a dramatic increase in transaction volume of the stock. From the synopsis: ' We suggest that the effectiveness of spammed stock touting calls into question prevailing models of securities regulation that rely principally on the proper labeling of information and disclosure of conflicts of interest to protect consumers, and we propose several regulatory and industry interventions. Based on a large sample of touted stocks listed on the Pink Sheets quotation system, we find that stocks experience a significantly positive return on days prior to heavy touting via spam. Volume of trading responds positively and significantly to heavy touting.'" [Slashdot] 9:05:31 PM  PermaLink   / trackback []

Blu-Ray DRM Cracked. Blu-Ray DRM Cracked. Muslix64, fresh from hammering down the walls of HD-DVD, applies the same technique to partially crack Blu-Ray disks. How long until the inner keep of high-def DRM comes tumbling down? In Gadget Lab. [Wired News: Top Stories] 8:56:30 PM  PermaLink   / trackback []

FCW.com - Subcommittee will examine information privacy, security With privacy concerns heightened after incidents of stolen laptop computers and information breaches in 2006, the newly appointed chairman of the House information policy subcommittee plans to delve into the problems surrounding technology and privacy. Rep. William Lacy Clay (D-Mo.) heads the House Oversight and Government Reform Committee's Information Policy, Census and National Archives Subcommittee, whose jurisdiction covers public information and records laws such as the Freedom of Information Act, the Presidential Records Act and the Federal Advisory Committee Act; the Census Bureau; and the National Archives and Records Administration. One of 2006's most prominent failures in securing sensitive information was the theft of a Department of Veterans Affairs' laptop and an external hard drive containing the personal information of 26.5 million veterans from the home of a VA employee in May. 8:26:56 PM  PermaLink   / trackback []

CSIA Renews Call to Congress to Pass a National Data Security Law. CSIA Renews Call to Congress to Pass a National Data Security Law. Law should address prevention and notification and establish reasonable security measures. [GT: Security and Privacy] 8:22:56 PM  PermaLink   / trackback []

Senators grill Gonzales over spying program - The Olympian  Senators still suspicious of the government's domestic spying program grilled Attorney General Alberto Gonzales Thursday over whether new oversight by a secret court will help protect peoples' privacy rights. Gonzales offered few answers, maintaining during 3 1/2 hours of sharp rebukes that disclosing details of the program would expose sensitive security information. His resistance was underscored by a letter from the Foreign Intelligence Surveillance Court's presiding judge, offering to detail some of its new authority with lawmakers if allowed to by the Bush administration. ''Are you saying that you might object to the court giving us a decision that you publicly announced?'' Senate Judiciary Chairman Patrick Leahy, D-Vt., asked. ''Are we a little Alice in Wonderland here?'' Gonzales responded: ''There is going to be information about operational details about how we're doing this that we want to keep confidential.'' His appearance in front of the Senate Judiciary Committee came a day after the administration announced it would allow judicial review of the spying program that President Bush secretly authorized after the Sept. 11, 2001, terror attacks. Until last week, the National Security Agency conducted domestic surveillance of people suspected of links to al-Qaida without court warrants. 8:18:32 PM  PermaLink   / trackback []

Hackers steal $35,000 from customers of federal savings plan. Hackers steal $35,000 from customers of federal savings plan. Thieves used keylogging software to break into the accounts of participants in the Thrift Savings Plan, a retirement savings and investment plan for federal employees. [Computerworld Privacy News] 8:11:36 PM  PermaLink   / trackback []

Vendors, human rights groups ponder Web code of conduct. Vendors, human rights groups ponder Web code of conduct. The Center for Democracy and Technology has been coordinating among major Web business interests, educators, and human rights groups to formulate a set of principles for companies doing business globally. The principles would establish guidelines for protecting privacy and freedom of expression. [Computerworld Privacy News] 8:09:10 PM  PermaLink   / trackback []

Canadian bank loses data on 470,000 customers. Canadian bank loses data on 470,000 customers. A missing backup drive may leave vital information on 470,000 Talvest Mutual Funds clients exposed. The drive disappeared in transit from a Montreal office of the mutual funds firm, a subsidiary of the Canadian Imperial Bank of Commerce (CIBC). [Computerworld Privacy News] 8:03:00 PM  PermaLink   / trackback []

p2pnet.net -Identity theft in Canada Privacy took centre stage in Canada late last week as TJX Cos., the parent company of retail giants Winners and HomeSense, disclosed that as many as two million Canadian credit cards may have been accessed by computer hackers. Less than 24 hours later, the CIBC revealed that account information for 470,000 customers had been lost when a computer file went missing while in transit between company offices. These two incidents, which follow a steady stream of similar security breaches in the United States, highlight the fragility of sensitive, personal information that is entrusted to Canadian businesses as well as the inadequacy of current Canadian privacy legislation. Business groups have cautioned against privacy law reforms, yet as the risk of identity theft grows, the calls for change are likely to become more vocal. Over the past two years, dozens of U.S. states have enacted security breach disclosure legislation. These laws require organizations that suffer a security breach that places personal information at risk to promptly disclose that fact to the affected individuals. By mandating notification, the laws ensure that individuals are better able to guard against identity theft by closely monitoring their credit card bills, bank accounts, and credit reports for any unusual activity. From a business perspective, the laws create a strong incentive to protect personal information since the notification process is both expensive and embarrassing. Moreover, the laws have persuaded some organizations to rethink the amount of personal information they retain, since mounting data collection and retention increases the damaging consequences of a security breach. As a result of these laws, there have been dozens of notifications from retailers (the TJX Cos. disclosure may well have been in response to a U.S. legal requirement), data aggregators, and educational institutions. Given the overlapping state notification laws, many U.S. privacy observers expect the U.S. Congress to soon enact a national notification requirement. 7:59:05 PM  PermaLink   / trackback []

Trial begins soon on N.H.'s prescription privacy law - Boston.com CONCORD, N.H. --A new state law barring data mining companies from getting information about individual doctors' drug prescribing habits will go on trial next week in federal court.The law, which took effect last June, made New Hampshire the first state to try to block drug manufacturers' hard-sell tactics by restricting access to data that identifies individual doctors. The law is supposed to prevent drug company sales representatives from learning which doctors favor brand name drugs or generics, and which are more willing to try new drugs. Bulk data including prescribers' zip codes, location and medical specialties may be released under the law, and the information also may be used for care management, clinical trials or education. Two companies that collect, analyze and sell such information sued the state days after the law took effect, arguing it violates the U.S. Constitution by impeding free speech in the "marketplace of ideas." New Hampshire represents fewer than 1 percent of prescriptions written nationwide. But IMS Health Inc. and Verispan LLC fear other states could follow suit, harming access to valuable information. IMS Health executive Randolph Frankel said such data, used for detailed profiles of doctors and hospitals, can help consumers make better choices and can better inform public health decisions. 7:53:46 PM  PermaLink   / trackback []

PSE penalized for illegal release of private customer data | NWCN.com | News for Seattle, Washington OLYMPIA - State regulators on Monday penalized Puget Sound Energy nearly $1 million for violating consumer privacy laws by intentionally sharing customers' private information with an outside marketing partner without the customers' written permission. The Washington Utilities and Transportation Commission accepted a settlement that calls for PSE to pay a $900,000 penalty, contribute an additional $95,000 to low-income heating assistance and permanently cease the marketing program that released private customer information in violation of state law. Under the settlement, PSE acknowledged transferring more than 65,000 phone calls to an outside marketing firm without the customers' written permission over a five-year period. In March 2006, the UTC began an investigation into a report that PSE call-center employees were transferring some customer calls and information to Allconnect, Inc., a Georgia-based marketing company. Known as PSE Connections, the program marketed household services, such as telephone, newspaper and lawn services, to PSE's residential customers. PSE received payment for transferring these residential customers to Allconnect. After PSE transferred a call and customer information, Allconnect would confirm the service order and then market additional services. 7:48:23 PM  PermaLink   / trackback []

Watchdog worried about Access Card (Australia) A government taskforce and the doctors' lobby group have raised serious privacy concerns about draft legislation for a new access card. Due to be introduced next year, it will replace the existing Medicare card, providing access for a range of social services including pensions and veterans' entitlements. But the government-appointed watchdog overseeing privacy and consumer issues relating to the card says there are still major concerns about some of the information to be displayed. The head of the taskforce, former Australian Competition and Consumer Commission chief Allan Fels, said the draft legislation also needed to make a strong statement that the new service was not a national identity card. "We would prefer the legislation to be slightly more emphatic than saying it in the negative that it's not supposed to be an ID card," he told ABC radio. "We say it should express that more positively as a general intention ... and insist that it won't become that." Professor Fels said the draft legislation also proposed too much personal information to be displayed on the card. 7:43:20 PM  PermaLink   / trackback []

Court: N.J. Net users can expect privacy Computer users in New Jersey can expect that personal information they give their Internet service providers be treated as private, a state appellate court decided today in the first such case considered in the state. As a result, New Jersey and several other states give greater privacy rights to computer users than most federal courts, and law enforcement officers in New Jersey need to obtain valid subpoenas or search warrants to obtain the information. The court ruled that a computer user whose screen name hid her identity has a "legitimate and substantial" interest in anonymity. "Yes, this indicates that New Jersey, like a lot of states, is ahead of the curve on Internet privacy," said Kevin Bankston, a staff attorney with the Electronic Frontier Foundation, a San Francisco-based digital rights group. Bankston also praised the decision for recognizing anonymity as a core free speech right. 7:38:15 PM  PermaLink   / trackback []

United States Worst for Malware Hosting and Spam-Relaying, Says Security Report. United States Worst for Malware Hosting and Spam-Relaying, Says Security Report. "The U.S. market is undeniably a target for online criminal activity." [GT: Security and Privacy] 7:32:57 PM  PermaLink   / trackback []

TJX breach occurred seven months before it was detected. TJX breach occurred seven months before it was detected. The data breach at TJX Companies that exposed credit and debit card data belonging to an unknown number of customers occurred nearly seven months before it was detected, a company spokeswoman said. [Computerworld Privacy News] 7:28:54 PM  PermaLink   / trackback []

U.S. Agency Tries to Fix No-Fly List Mistakes - washingtonpost.com Every time Kiernan O'Dwyer arrived at the airport after traveling overseas in recent years, he was flagged as a potential terrorist. But his uniform was a dead giveaway to his true identity: He is a veteran pilot for American Airlines. U.S. customs agents have stopped him about 80 times since 2003, apparently because his name and birth date nearly match those of an Irish Republican Army leader, one of at least 300,000 names on the U.S. government's watch lists. O'Dwyer falls under an unenviable category of false positives, people who are wrongly detained because some of their personal information matches that of a terrorist or other suspect. The number of misidentifications is unknown, according to government auditors, but it has caused headaches for a cross-section of travelers, including nuns, infants and members of Congress. The U.S. Customs and Border Protection agency, under the jurisdiction of the Homeland Security Department, said it was trying to remedy the problem with a system to prevent unwarranted detentions on international flights. An agency official said in an interview that the system, launched in February 2006, has eliminated about 17,500 detentions involving people entering the country at airports, seaports and at land borders. It is part of what the government says is an effort to prevent terrorism while not inconveniencing travelers or violating their privacy and civil liberties, though it is not yet applied to domestic flights. The challenge is complicated by the vast and growing databases of electronically stored personal information that draw on different agencies' records, which must be continually updated to be accurate. Federal agencies and airlines are using computer-driven algorithms to compare travelers' names against watch lists. Under the new system, which overrides Customs and Border Protection's main database, people continue to be stopped if their name appears on a watch list. But if the follow-up screening clears them, customs agents make note of that so the next time they travel, those people should not be detained. 7:25:09 PM  PermaLink   / trackback []

Telegraph | Honours probe police hacked No10 computers Detectives in the cash-for-honours inquiry were forced to "hack" into Downing Street computers in the search for evidence, The Sunday Telegraph has discovered. Police used computer experts to obtain confidential material, and are also believed to have approached Number 10's internet suppliers to gain access to government email records. Scotland Yard became suspicious that potentially vital information was being withheld after it twice asked Downing Street for all emails, letters and other material relating to the system of awarding peerages. Concerns grew among officers that there had been a cover-up. They were deeply frustrated by the "very slim" file of documents that was handed over -- and decided to obtain further evidence by their own devices, senior sources close to the inquiry have revealed. It is understood that John Yates, the Metropolitan Police assistant commissioner leading the investigation, authorised officers to use all lawful and legitimate means to discover whether information was being withheld. 6:58:20 PM  PermaLink   / trackback []

British Cops Hack Into Government Computers. British Cops Hack Into Government Computers. CmdrGravy writes "The British Police have hacked into Government computers as part of the on-going 'cash for peerages' investigation. They've uncovered evidence which has, so far, led to one arrest and charge of perverting the course of justice for a leading Labour party figure. This charge carries a potential life sentence. The British police have the power to hack into computer systems as part of an investigation. On previous occasions they have said they did not believe the government was providing them with the information they had been asking for and had warned that they would seek other methods to gather evidence. The police won't say what tools they have used. From the article: 'The investigators did not have to notify No 10 if they were "hacking" into its system. One legal expert said: "In some cases, a senior officer can give permission. In other cases, you might need the authorization of an independent commissioner, who is usually a retired judge appointed by the Home Office."'" [Slashdot: Your Rights Online] 6:55:16 PM  PermaLink   / trackback []

Record labels rethink digital rights management at Midem - International Herald Tribune CANNES: Now that even digital music revenue growth is faltering amid rampant file-sharing by consumers, the major record labels are closer than ever to releasing music on the Internet with no copying restrictions -- a step they once vowed never to take. Executives of several technology companies meeting here at Midem, the annual global trade fair for the music industry, said this weekend that a move toward the sale of unrestricted digital files in the MP3 format from at least one of the four major record companies could come within months. Music executives, while saying that timetable was self-serving on the part of technology companies that would benefit from the change, nevertheless acknowledged that the debate was front and center. "Each of the majors is wrestling with the advantages and the disadvantages of going with MP3s without any restrictions at all," said John Kennedy, head of the International Federation of the Phonographic Industry, at a press briefing on Sunday. "But I think this is an experimental year." Most independent record labels already sell tracks digitally compressed in MP3 format, which can be downloaded, e-mailed or copied to computers, cellphones, portable music players and compact discs without limit. Partially, the independents see providing songs in MP3 as a way of generating publicity that could lead to future sales. Should one of the big four take that route, however, it would be a capitulation to the power of the Internet, which has destroyed their monopoly over the worldwide distribution of music in the past decade and allowed file-sharing to take its place. 6:52:22 PM  PermaLink   / trackback []

Music Companies Mull Ditching DRM. Music Companies Mull Ditching DRM. PoliTech writes to mention an International Herald Tribue article that is reporting the unthinkable: Record companies are considering ditching DRM for their mp3 albums. For the first time, flagging sales of online music tracks are beginning to make the big recording companies consider the wisdom of selling music without 'rights management' technologies attached. The article notes that this is a step the recording industry vowed 'never to take'. From the article: "Most independent record labels already sell tracks digitally compressed in MP3 format, which can be downloaded, e-mailed or copied to computers, cellphones, portable music players and compact discs without limit. Partially, the independents see providing songs in MP3 as a way of generating publicity that could lead to future sales. Should one of the big four take that route, however, it would be a capitulation to the power of the Internet, which has destroyed their monopoly over the worldwide distribution of music in the past decade and allowed file-sharing to take its place." [Slashdot: Your Rights Online] 6:49:33 PM  PermaLink   / trackback []

Microsoft PR Paying to "Correct" Wikipedia. Microsoft PR Paying to "Correct" Wikipedia.  Unpaid Schill writes "Over on the O'Reilly Network, there's an interesting piece about how Microsoft tried to hire people to contribute to Wikipedia. Not wanting to do the edits directly, they were looking for an intermediary to make edits and corrections favorable to them. Why? According to the article, it was apparently both to let people know that Microsoft will not 'enable death squads with their UUIDs' and also to fight the growing consensus that OOXML contains a useless pile of legacy crap which is unfit for standardization." [Slashdot: Your Rights Online] 6:45:17 PM  PermaLink   / trackback []

Fix Flaws in Internet Explorer, Windows Media Player. Fix Flaws in Internet Explorer, Windows Media Player. Microsoft Word and Acrobat are also vulnerable to attacks from poisoned files. [PC World: Latest Technology News] 6:40:05 PM  PermaLink   / trackback []

CDT Releases 2007 Legislative Agenda. CDT Releases 2007 Legislative Agenda. CDT today urged lawmakers to adopt an approach to Internet-related policymaking that protects fundamental civil liberties, reestablishes meaningful privacy protections and paves the way for the United States' continued leadership in technological innovation. In its Congressional Agenda for the 110th Congress, CDT offers both a broad overview of the challenges associated with policymaking in the Internet space, as well as granular, issue-by-issue recommendations for lawmakers. CDT is distributing the recommendations to lawmakers and the press. [Center for Democracy and Technology] 6:37:54 PM  PermaLink   / trackback []

MySpace Sues 'Spam King'. MySpace Sues 'Spam King'. Richter's firm allegedly 'phished' community site in violation of state, federal law. [PC World: Latest Technology News] 6:34:41 PM  PermaLink   / trackback []

More Signs of Music Download DRM Fading. More Signs of Music Download DRM Fading. Apparently, this year's MIDEM conference, the music industry's international trade show, took place in a parallel universe where the major record labels may be willing to ditch music download DRM. And this parallel universe may be coming to an online store near you in 2007. According to the International Herald Tribune, "Executives of several technology companies meeting ... said ... that a move toward the sale of unrestricted digital files in the MP3 format from at least one of the four major record companies could come within months." That's not all -- while the RIAA's Mitch Bainwol pretended that fully interoperable DRM could exist, the article recounts many examples that demonstrate "a new appreciation in the [music] industry for unrestricted copies, which could be sold as singles or through subscription services or made freely available on advertising-supporting Internet sites." Finally. Nevertheless, it unfortunately remains clear that the record labels aren't ready to ditch DRM entirely. After all, they're already back in Congress pushing for a backdoor DRM mandate for satellite and digital radio as well as webcasting. The labels may finally be hearing your disdain for DRM at online music stores -- make your voice heard in Congress by opposing mandatory radio DRM now. [EFF: Deep Links] 6:31:35 PM  PermaLink   / trackback []

Top 10 Internet Scandals of All Time. Top 10 Internet Scandals of All Time. The Web is a great way to deliver information, but it's also a great way to expose, spread, or jump-start a scandal. [PC World: Latest Technology News] 6:27:29 PM  PermaLink   / trackback []