Friday, March 16, 2007

Governor Announces Florida First in Nation to Access National Crime Database. Governor Announces Florida First in Nation to Access National Crime Database. "This powerful tool will help protect both the victims of child abuse and neglect and the public servants charged with protecting them." [GT: Security and Privacy] 3:50:03 PM  PermaLink   / trackback []

Injunction Against Companies Allegedly Engaged in ID Theft. Injunction Against Companies Allegedly Engaged in ID Theft. "Combating identity theft is one of my top priorities in the consumer protection arena." [GT: Security and Privacy] 3:48:47 PM  PermaLink   / trackback []

Antispyware advocates try, try again in Congress. Antispyware advocates try, try again in Congress. A U.S. House subcommittee heard repeated praise today for an antispyware proposal similar to two previous bills that won passage in the House -- only to fail when they got to the Senate. [Computerworld Privacy News] 3:46:19 PM  PermaLink   / trackback []

Careful What You Search For..... LIVE WEBCAST Careful What You Search For..... LIVE WEBCAST (Source: Oracle) Security is the greatest single issue for IT groups today. IT must balance how to enable people to find the information they need to do their work, and at the same time protect the information they should not access. See how Oracle Secure Enterprise Search enables two organizations to deliver secure, low-cost, and easy-to-deploy search solutions that eliminate information overload, and are as easy to use as popular Internet search engines. [Computerworld Privacy News] 3:43:39 PM  PermaLink   / trackback []

Botnets Fueling Unprecedented Attacks. Botnets Fueling Unprecedented Attacks. Spam Levels and Associated Costs Are the Highest in History [GT: Security and Privacy] 3:41:59 PM  PermaLink   / trackback []

Visa Chief: Customer Data Theft Neither Random Nor Unavoidable - Software Technology News by InformationWeek Although the use of the Internet to buy and sell online has introduced a slew of security concerns within the payment services industry, Visa USA president and CEO John Philip Coghlan insists that technology is the solution to combating fraud -- not the cause of it. Coghlan also pointed out during Visa's security summit in Washington, D.C., Thursday that data breaches are neither random nor inevitable if proper security measures are taken. The TJX data breach "was a stark reminder to all of us that such events can have vast reach and consequences," Coghlan said. Such breaches create mistrust and can undermine efforts make to build a good brand image. But, he made clear, "the majority of compromises come from storage of prohibited data and using vulnerable systems to process data." TJX, the parent company of retailers T.J. Maxx, Marshalls, HomeGoods, and others, made headlines in February when it revealed an attack on its systems had resulted in the theft of customer information. Just as the headlines were threatening to die down, TJX announced a few weeks later that intrusions into its system actually began as early as July 2005, rather than beginning in May 2006 as the company had originally reported. While the exact nature of the TJX data breach has not yet been revealed, in general, financial information is stolen in a number of ways, including the physical theft of a wallet, checkbook, or credit card; theft of information from one's home from friends, relatives, or in-home employees; phishing messages that trick people into divulging information to fraudsters; hacks, viruses, and spyware on a PC or ATM machine; and a corrupt business employee with access to your records. But data theft is not random. Instead, it's perpetrated against businesses with the weakest security and the most valuable information, Coughlin said Thursday, adding, "More than 80% of all dollars lost come from 20% of fraudulent transactions." 3:39:19 PM  PermaLink   / trackback []

Security Watch - Visa - customer data theft neither random nor unavoidable Very revealing speech last week by John Coughlan, Visa USA's CEO, who insists that the technology is available to prevent cardholder data falling into the wrong hands. In a speech at Visa's security summit in Washington late last week, Coughlan said that cardholder data breaches are neither random nor inevitable if proper security measures are taken. The TJX (TJ Maxx) data hack, he said, "was a stark reminder to all of us that such events can have vast reach and consequences." According to Coughlan, such hacks can create mistrust and undermine efforts to build a positive brand image. But, he said, the majority of system compromises result from the storage of prohibited data and using vulnerable systems to process data. 3:36:34 PM  PermaLink   / trackback []

More Than 100 Security Breaches Reported Under Law to Thwart ID Thieves. More Than 100 Security Breaches Reported Under Law to Thwart ID Thieves. "Consumers who get notice can act fast to protect their good names." [GT: Security and Privacy] 3:31:47 PM  PermaLink   / trackback []

FT.com - Web censorship spreading globally Internet censorship is spreading rapidly, being practised by about two dozen countries and applied to a far wider range of online information and applications, according to research by a transatlantic group of academics. The warning comes a week after a Turkish court ordered the blocking of YouTube to silence offensive comments about Mustafa Kemal Ataturk, the founder of modern Turkey, marking the most visible attack yet on a website that has been widely adopted around the world. A recent six-month investigation into whether 40 countries use censorship shows the practice is spreading, with new countries learning from experienced practitioners such as China and benefiting from technological improvements. OpenNet Initiative, a project by Harvard Law School and the universities of Toronto, Cambridge and Oxford, repeatedly tried to call up specific websites from 1,000 international news and other sites in the countries concerned, and a selection of local-language sites. The research found a trend towards censorship or, as John Palfrey, executive director of Harvard Law School's Berkman Center for Internet and Society, said, "a big trend in the reverse direction", with many countries recently starting to adopt forms of online censorship. Ronald Deibert, associate professor of political science at the University of Toronto, said 10 countries had become "pervasive blockers", regularly preventing their citizens seeing a range of online material. These included China, Iran, Saudi Arabia, Tunisia, Burma and Uzbekistan. New censorship techniques include the periodic barring of complete applications, such as China's block on Wikipedia or Pakistan's ban on Google's blogging service, and the use of more advanced technologies such as "keyword filtering", which is used to track down material by identifying sensitive words. Methods such as these are being copied as countries new to censorship learn from those with more experience. "There's a growing awareness of best practice - or rather, worst practice," Mr Deibert said. 3:14:16 PM  PermaLink   / trackback []

Web Censorship on the Increase. Web Censorship on the Increase.  mid-devonian writes "Close on the heels of the temporary blocking of YouTube by a Turkish judge, a group of academics has published research showing that Web censorship is on the increase worldwide. As many as two dozen countries are blocking content using a variety of techniques. Distressingly, the most censor-heavy countries (which includes China, Iran, Saudi Arabia, Tunisia, Burma and Uzbekistan) seem to be passing on their technologically sophisticated techniques to other areas of the world. 'New censorship techniques include the periodic barring of complete applications, such as China's block on Wikipedia or Pakistan's ban on Google's blogging service, and the use of more advanced technologies such as 'keyword filtering', which is used to track down material by identifying sensitive words.'"   [Slashdot: Your Rights Online] 3:10:15 PM  PermaLink   / trackback []

RIAA Has to Disclose Attorneys Fees In Foster Case. RIAA Has to Disclose Attorneys Fees In Foster Case.   NewYorkCountryLawyer writes  "The RIAA has been ordered to turn over its attorneys' billing records by March 26, 2007, in Capitol v. Foster in Oklahoma. The 4- page decision and order, issued in connection with the determination of the reasonableness of Ms. Foster's attorneys fees, requires the RIAA to produce the attorneys' time sheets, billing statements, billing records, and costs and expense records. The Court reviewed authorities holding that an opponent's attorneys fees are a relevant factor in determining the reasonableness of attorneys fees, quoting a United States Supreme Court case which held that 'a party cannot litigate tenaciously and then be heard to complain about the time necessarily spent by his opponent in response' (footnote 11 to City of Riverside v. Rivera)." [Slashdot: Your Rights Online] 3:02:44 PM  PermaLink   / trackback []

NPR Takes First Step To Fight Internet Royalties. NPR Takes First Step To Fight Internet Royalties. jmcharry sent in an article that opens, "After the Copyright Royalty Board (CRB) decided to drastically increase the royalties paid to musicians and record labels for streaming songs online, National Public Radio (NPR) will begin fighting the decision on Friday, March 16 by filing a petition for reconsideration with the CRB panel." [Slashdot: Your Rights Online] 2:57:50 PM  PermaLink   / trackback []

Groklaw - Transcript of the March 7 Hearing in SCO v IBM Here is the transcript of the March 7th hearing in SCO v IBM, the last of the summary judgment hearings transcripts. Thanks yet again to Chris Brown for arranging to obtain the transcripts. On this day, Kimball was quite busy. He heard several motions, all the ones left over from the first two hearings on March 1 and March 5: IBM's Motion for Summary Judgment on its Claim for Declaratory Judgment of Non-Infringement (Tenth Counterclaim) (PDF) -- asking for a judgment that the Linux kernel does not infringe copyrights owned by SCO IBM's Motion for Summary Judgment on its Claim of Copyright Infringment (Eighth Counterclaim) -- IBM's counterclaim regarding SCO's violation of the GPL and consequent copyright infringment -- (PDF) SCO's cross motion in which it tries to say it never violated the GPL (if you spin the wording their way) (PDF) and SCO's motion for Summary Judgment on IBM's Second, Third, Fourth, and Fifth Counterclaims (PDF) -- SCO's motion trying to get SCO off the hook for all the trash talk in the media. On this day, we learn from IBM's attorney, David Marriott that the "mountain of code" SCO's CEO Darl McBride told the world about from 2003 onward ends up being a measly 326 lines of noncopyrightable code that IBM didn't put in Linux anyway. On the other hand, SCO has infringed all 700,000 lines of IBM's GPL'd code in the Linux kernel. SCO's GPL defense is of the lip-curling variety and quite funny. And it's also quite amusing to watch SCO try to wriggle out of responsibility for all the trash talk its executives treated us to in its PR campaign. 2:55:03 PM  PermaLink   / trackback []

The Score is IBM - 700,000 / SCO - 326. The Score is IBM - 700,000 / SCO - 326.  The Peanut Gallery writes  "After years of litigation to discover what, exactly, SCO was suing about, IBM has finally discovered that SCO's 'mountain of code' is only 326 scattered lines. Worse, most of what is allegedly infringing are comments and simple header files (like errno.h). These probably aren't copyrightable for being unoriginal and dictated by externalities and aren't owned by SCO in any event. Above and beyond that, IBM has at least five separate licenses for these elements, including the GPL, even if SCO actually owned those lines of code. In contrast IBM is able to point out 700,000 lines of code, which they have properly registered copyrights for, which SCO is infringing upon if the Court rules that it repudiated the GPL."  [Slashdot: Your Rights Online] 2:52:31 PM  PermaLink   / trackback []

CDT Applauds House Passage of Open Government Bill. CDT Applauds House Passage of Open Government Bill. The House on Wednesday voted overwhelmingly to approve legislation that strengthens the Freedom of Information Act (FOIA). CDT applauded the House vote and in a letter Tuesday thanked the House Committee on Oversight and Government Reform for its leadership on the measure. H.R. 1309 -- sponsored by Committee Chairman Henry Waxman (D-Calif.), Rep. William Lacy Clay (D-Mo.) and Rep. Todd Platts (R-Pa.) -- makes improvements to FOIA that have been long sought by the open government community. [Center for Democracy and Technology] 2:48:11 PM  PermaLink   / trackback []

Biometrics, What and How. Biometrics, What and How. Moustafa Kamal submits this article that attempts to cover all of the characteristics that are used in Biometrics, how they are used, and what are the disadvantages of using them. By Moustafa Kamal. [Infosec Writers Latest Security Papers] 2:46:52 PM  PermaLink   / trackback []

PATRIOT Act Apologist Site Didn't Get the Memo. PATRIOT Act Apologist Site Didn't Get the Memo. Last week, the Department of Justice Inspector General's office released a damning report documenting the FBI abusing its powers under the PATRIOT Act and violating the law to collect Americans' telephone, Internet, financial, credit, and other personal records about Americans without judicial approval. It appears that not everyone at the DOJ got the memo. The DOJ's Life and Liberty website, a site dedicated to defending the honor of the PATRIOT Act during the re-authorization process last spring, still reads as if nothing has changed. Particularly in the light of the newly revealed truth, many of the quotes now seem (at best) naive. Under the headline of "Examining the Facts", the DOJ asserts that PATRIOT has "four-year track record with no verified civil liberties abuses." The site quotes an op-ed by former House Judiciary Committee Chairman James Sensenbrenner: Zero. That's the number of substantiated USA PATRIOT Act civil liberties violations. Extensive congressional oversight found no violations. Six reports by the Justice Department's independent Inspector General, who is required to solicit and investigate any allegations of abuse, found no violations. Wow, that sure sounds good. Unfortunately, the new report reveals that is is simply not true: the inspector general identifies dozens of instances in which extra-judicial demands for personal information -- known as National Security Letters -- may have violated laws and agency regulations. In the Archive section, the site includes quotes from an op-ed by Senator Pat Roberts responding to critics like ourselves: I regret to say it, but the rhetoric of those opposed to permanently authorizing the act has no substance and borders on paranoia. Opponents have criticized the act for years but can cite only hypothetical abuses. Facts are stubborn things. The actual record is quite clear - there have been no substantiated allegations of abuse of Patriot Act authorities, period. Critics could only point to hypothetical abuses because the fox was guarding the hen house. Senator Roberts also opined that: Through aggressive congressional oversight, we know the FBI uses Patriot Act authorities within the law. It's now clearer than ever that the oversight was not aggressive enough, with the report documenting that the FBI decieved Congress about its use of the letters. The report is likely only the tip of the iceberg. Immediate and thorough oversight hearings are necessary to uncover the truth and hold the Administration accountable. Tell Congress to defend your privacy now. [EFF: Deep Links] 2:45:28 PM  PermaLink   / trackback []

RIAA to Universities: Help Us Threaten Your Students. RIAA to Universities: Help Us Threaten Your Students. Not content with wasting universities' resources via their usual tactics--i.e., flooding them with machine-generated complaints about file sharing--the major record labels are now demanding that universities help them shake down students. The RIAA has asked universities and colleges to forward "pre-lawsuit" letters to alleged filesharers that promise a "discounted" settlement price if the student agrees to pay up immediately. Forwarding the letters saves the RIAA the trouble and expense of filing a lawsuit to obtain students' contact information--a savings that may be redirected to more lawsuits. To add insult to injury, the letters advise students to contact the RIAA if they have any questions. It's safe to say that the RIAA is unlikely to give students the full picture. For example, will the RIAA tell students that parents are generally not liable for infringements committed by their kids, or that the record labels sometimes sue the wrong people? Probably not. We think students should seek out less biased sources of information--and their institutions should assist in that process. Toward that end, we've put together a short FAQ to help students learn more about their options; we hope colleges and universities that forward the RIAA's threat letter will take the additional step of directing students to this FAQ as well as other neutral information sources. Of course, the RIAA should not be putting universities in this perverse position in the first place. If you'd like to help academic institutions get back to their real mission--educating students, not helping to threaten them--Take action now to help stop the lawsuit campaign. [EFF: Deep Links] 2:43:13 PM  PermaLink   / trackback []

Beeb shuts down Jam education website. Beeb shuts down Jam education website. Internet no place for free stuff, says EC The BBC has suspended its free online education website after complaints from commercial providers. [The Register - Music and Media] 2:40:35 PM  PermaLink   / trackback []