Privacy Digest

Day Trading For Hackers - Via StopBadware Blog:

Brian Krebs at the Washington Post has this nifty piece about a website that appears to be set up to allow malicious hackers to buy and sell traffic to/from particular websites. As the post explains:

Set up a free account at Robotraff and you’re ready to buy or sell Web traffic. Got 30,000 hacked personal computers under your thumb? Super! Now you can use those systems to generate a steady income just by pointing them at Web sites requested by a buyer.

 read more »

House Passes Controversial PRO IP Act - Via EFF: Deep Links:

Today, the House passed the controversial PRO IP Act (H.R. 4279) 410 to 11, with 12 representatives not voting.

While Public Knowledge and other groups successfully persuaded the House to remove the most damaging provision in the bill (seemingly written solely to increase damages in the RIAA's file-sharing lawsuit campaign), the bill would nonetheless significantly expand federal enforcement of copyright law.  read more »

Gag Lifted, Brewster Speaks! - Via ACLU Blog - Government Spying:

The FBI has withdrawn an unconstitutional national security letter issued to the Internet Archive after a legal challenge from the ACLU and the Electronic Frontier Foundation. As the result of a settlement agreement, the FBI withdrew the NSL, agreed to the unsealing of the case, and lifted a gag order — finally allowing the Archive’s founder, Brewster Kahle, to speak out for the first time about his battle against the record demand. Check out this video for Kahle's story in his own words.  read more »

Ominous Signs of a Forthcoming "Compromise" on Telco Immunity - Tell the House To Stand Firm - Via EFF: Deep Links:

This morning, CongressDaily reported that Senator Jay Rockefeller is now privately circulating a new "compromise" proposal on surveillance legislation, only a day after it was reported that the telecoms themselves have begun shopping their own "compromise" proposals around the Hill. You may remember Sen. Rockefeller as the force behind the surveillance bill passed by the Senate in February, which included blanket retroactive immunity for phone companies like AT&T that are alleged to have participated in the National Security Agency's illegal warrantless wiretapping program.

Although the details of the Rockefeller proposal are still unclear, indications are that the so-called "compromise" on telco immunity may well be nearly identical to the original Senate immunity provision, with only a few cosmetic changes.  read more »

Chief RIAA Litigator Named Colorado Judge -- UPDATE - Via Threat Level:

Colorado Gov. Bill Ritter is appointing the Recording Industry Association of America's top litigator to the Colorado Court of Appeals.

Richard Gabriel, who prosecuted the Jammie Thomas case, is a partner in the Colorado office of Holme Roberts & Owens. Gabriel, who assumes the $124,000 annual post July 1, was a convincing litigator in the Thomas case, the nation's first RIAA lawsuit against an individual for file-sharing that went to trial.  read more »

Firefox Infects Vietnamese Users With Trojan Code - Via Threat Level:

Mozilla, the maker of the open source Firefox browser, is redoubling its efforts to check user created add-ons for viruses and Trojans after it discovered that a language pack on its official add-on page had been infected for months with rogue code, the organization reported Wednesday.

Starting in mid-Feburary,  Vietnamese users of Mozilla's open source Firefox browser were at risk of infection from malicious Trojan Horse code seemingly accidentally embedded in a language pack available on its Add-ons site.

The virus's signature was unknown at the time, and thus passed Mozilla's testing of add-ons.  read more »

oCERT.org - Open Source CERT:

The oCERT project is a public effort providing security handling support to Open Source projects affected by security incidents or vulnerabilities, just like national CERTs offer services for their respective countries.

The service aims to help both large infrastructures, like major distributions, and smaller projects that can't afford a full-blown security team and/or security resources. This means aiding coordination between distributions and small project contacts. The goal is to reduce the impact of compromises on small projects with little or no infrastructure security, avoiding the ripple effect of badly communicated or handled compromises, which can currently result in distributions shipping code which has been tampered with.

oCERT also provides security vulnerability mediation for the security community, having reliable security contacts between registered projects and reporters that need to get in touch with a specific project regarding infrastructure security issues.

Last but not least oCERT provides aid with security vulnerability research and assessment.

(Read Original Article .)

FBI Targets Internet Archive With Secret 'National Security Letter', Loses - Via Threat Level:

The Internet Archive, a project to create a digital library of the web for posterity, successfully fought a secret government Patriot Act order for records about one of its patrons and won the right to make the order public, civil liberties groups announced Wednesday morning.

On November 26, 2007, the FBI served a controversial National Security Letter on the Internet Archive, asking for records about one of the library's registered users, asking for the user's name, address.

The Electronic Frontier Foundation, the Internet Archive's lawyers, fought the NSL, challenging its constitutionality in a December 14 complaint (.pdf) to a federal court in San Francisco.  read more »

Court Ruling on Voter ID Law May Encourage Tighter State Regulation - Via NewsHour with Jim Lehrer Podcast | PBS:

The Supreme Court voted 6 to 3 Monday to uphold an Indiana law requiring voters to show photo identification at polling stations. The National Law Journal's Marcia Coyle examines the impact of the Supreme Court decisions on voters and state regulations.

(Read Original Article - Via NewsHour with Jim Lehrer Podcast | PBS.)

Daily Kos: Another victory for the anti-Real ID rebels - Via ACLU's diary in Daily Kos:

By Larry Frankel, State Legislative Counsel, ACLU Washington Legislative Office

The anti-Real ID movement just took a big step forward, with the Arizona Senate’s 21-7 vote to bar implementation of Real ID in Arizona. The bill (H.B. 2677) still has to go back to the Arizona House for another vote and then on to Governor Janet Napolitano for her signature. But as of this writing, Arizona is poised to join the growing number of states who have recognized that Real ID is an expensive and unworkable invasion of our privacy.

The good work of a bipartisan group of Arizona legislators contrasts with what happened last week in Minnesota. Governor Tim Pawlenty vetoed a transportation bill that passed the Minnesota legislature with overwhelming bipartisan support because the members of the Minnesota legislature had the audacity to say no to the federal Real ID Act. The governor’s veto message reads like a set of talking points from the Department of Homeland Security.  read more »

Web firm sounds alert on criminal data trove - Via Reuters:

LONDON (Reuters) - A Web security firm said on Tuesday it had tipped off international banks and police after finding a huge trove of stolen business and personal data amassed on a server in the space of just three weeks.

Finjan Inc said it had notified the U.S. Federal Bureau of Investigation, police in various countries and more than 40 financial institutions in the United States, Europe and India about the discovery of the so-called "crimeserver".

"This server was running for about three weeks and within this period it managed to collect 1.4 gigabytes of data. It is indeed the largest treasure we've found in this very short time," Yuval Ben-Itzhak, chief technology officer of the California-based firm, said in a phone interview from Israel.

The stolen data consisted of 5,388 unique log files including 1,037 from Turkey, 621 from Germany, 571 from the United States, 322 from France, 308 from India and 232 from Britain.  read more »

"Crimeserver" Full of Personal/Business Data Found - Via Slashdot:

Presto Vivace sends news of a server found by security firm Finjin that contained a 1.4-GB cache of stolen data, accumulated over a period of less than a month from compromised PCs around the world. The "crimeserver," as Finjin dubs it, "provided command and control functions for malware attacks in addition to being a drop site for data harvested from compromised computers... The stolen data consisted of 5,388 unique log files including 1,037 from Turkey, 621 from Germany, 571 from the United States, 322 from France, 308 from India and 232 from Britain." Oddly enough, the data was stored in the open, with not even basic auth to protect it. Finjin notes in their press release that this huge trove of data gathered over a short period of time indicates that the crimeware problem is far larger than most observers have been assuming.

(Read Original Article - Via Slashdot.)

I just entered the promotion code h24870p43h8037 for the Cheerios Helping Hearts promotion that was inside the box of Cheerios that I had just finished. Then I figured that while I was at it I'd enter the promotion that was in the box I hadn't opened yet. Imagine my surprise when I opened the box flap and found the same promotion code h24870p43h8037.

At first I thought it was a printing mistake, but when I entered the code again. The site said that it was accepted and that a dollar was being donated. Hopefully that is what actually happened.

I wonder if its true for all the codes?

I was also happily surprised that no name and address information was required to activate the code.

ACLU Commends Net Neutrality Hearing - Via American Civil Liberties Union:

WASHINGTON – The American Civil Liberties Union commends Chairman Edward Markey (D-MA) of the Subcommittee on Telecommunications and the Internet for holding a hearing today on the Internet Freedom Preservation Act of 2008 (H.R. 5353), legislation designed to keep the Internet free for open discourse.

Caroline Fredrickson, director of the ACLU Washington Legislative office said, "This legislation is a good first step in protecting the Internet from blocking, censorship and discrimination by powerful phone and cable companies." Frederickson said the hearing and the legislation are "important measures to bring net neutrality the attention it needs." She added that the ACLU, which has been fighting for First Amendment freedoms for 87 years, encourages members of Congress and the FCC to take immediate action to safeguard free speech and innovation online.  read more »

Google backs open-source CERT group - Via Network World :

Google has thrown its weight behind a fledgling security reporting group for the open-source community.

The search engine giant, long a proponent of open-source software, is now one of three sponsors of oCERT, the Open Source Computer Emergency Response Team.

Launched in late March, oCERT aims to be a clearinghouse for data on security vulnerabilities in open-source products, keeping open-source distributors on top of flaws and helping small software projects ensure that users of their code are aware of any issues.  read more »

Backroom FISA Deal in the Making? - Via ACLU Blog - Government Spying:

There was chatter on the blogs last week that FISA compromise was in the works, but it wasn't until late Friday night that our lobbyists confirmed that House Majority Leader Steny Hoyer (D-Md.) is working on a compromise bill with Senator Jay Rockefeller (D-W.Va.) — yes, the same senator known for taking thousands of dollars of campaign contributions from the telecom companies he's angling to protect with immunity. Hoyer and Rockefeller may try to lock in a deal within the next few days.  read more »