From rforno at infowarrior.org Fri Sep 1 09:30:14 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 01 Sep 2006 09:30:14 -0400 Subject: [Infowarrior] - Education Dept. Shared Student Data With F.B.I. Message-ID: Education Dept. Shared Student Data With F.B.I. By JONATHAN D. GLATER http://www.nytimes.com/2006/09/01/washington/01educ.html?_r=1&oref=slogin&re f=us&pagewanted=print The Federal Education Department shared personal information on hundreds of student loan applicants with the Federal Bureau of Investigation across a five-year period that began after the Sept. 11 terror attacks, the agencies said yesterday. Under the program, called Project Strikeback, the Education Department received names from the F.B.I. and checked them against its student aid database, forwarding information. Each year, the Education Department collects information from 14 million applications for federal student aid. Neither agency would say whether any investigations resulted. The agencies said the program had been closed. The effort was reported yesterday by a graduate student, Laura McGann, at the Medill School of Journalism at Northwestern University, as part of a reporting project that focused on national security and civil liberties. In a statement, Mary Mitchelson, counsel to the inspector general of the Education Department, said, ?Using names provided by the bureau, we examined the Department of Education?s student financial aid databases to determine if the individuals received or applied for federal student financial assistance.? Information collected on federal financial aid applications includes names, addresses, Social Security numbers, incomes and, for some students, information on parents? incomes and educational backgrounds. Generally, only United States citizens and permanent residents are eligible to apply for federal student financial aid. An assistant director of the F.B.I., John Miller, said in a statement: ?During the 9/11 investigation and continually since, much of the intelligence has indicated terrorists have exploited programs involving student visas and financial aid. In some student loan frauds, identity theft has been a factor.?? Mr. Miller said the Education Department was asked to ?run names of subjects already material to counterterrorism investigations? to look for evidence of student loan fraud or identity theft. ?No records of people other than those already under investigation were called for,? he said. ?This was not a sweeping program, in that it involved only a few hundred names. This is part of our mission, which is to take the leads we have and investigate them.? Mr. Miller said that the effort was not concealed and that it was referred to publicly in briefings to Congress and the Government Accountability Office. A spokeswoman for the bureau, Cathy Milhoan, said the Education Department had provided financial aid information on fewer than 1,000 names in connection with terrorism investigations. The information sharing was disclosed as the Education Department examines a proposal by the Commission on the Future of Higher Education, established last year by Education Secretary Margaret Spellings, to create a national student database that would follow individual students? progress as a way of holding colleges accountable for students? success. ?This operation Strikeback confirms our worst fears about the uses to which these databases can be put,? said David L. Warren, president of the National Association of Independent Colleges and Universities, which represents 900 institutions. ?The concentration of all this data absolutely invites use by other agencies of data that had been gathered for very specific and narrow purposes, namely the granting of student aid to needy kids.? The Federal Bureau of Investigation would not discuss the specific criteria it used in seeking information on students but said the program was narrowly focused. ?People are trying to turn this into something that it wasn?t,? Ms. Milhoan said. ?We are not out there arbitrarily running student records for the sake of running them.? Ms. Mitchelson of the Education Department said a review of the files of the people named by the F.B.I. had not led to any cases that charged student loan fraud. Ms. Mitchelson said the information sharing was possible under a law that permits a federal agency to release personal information to another agency ?for a civil or criminal law enforcement activity.? She said the department had spent fewer than 600 hours on the program, including 50 hours over the last four years. Ms. McGann, the journalism student who reported on the program, said she saw data sharing mentioned, but not described, in a report by the Government Accountability Office that she reviewed in the spring as part of a research project after a seminar on investigative reporting. ?I thought that was pretty unexpected for the Department of Education,? said Ms. McGann, 24, who graduated this year from Medill. ?So I decided I would try to look into that a little more.? She said she found another mention of the program in a report from the inspector general?s office in the department. In June, Ms. McGann went directly to the Education Department. ?Eventually, I did an on-camera interview with a deputy inspector general there who did comment on the program,? she said. She said his name was Michael Deshields. ?After that,?? Ms. McGann added, ?I decided I should file a Freedom of Information Act request.? Last month, she received documents in response to her request that were heavily redacted, she said. Among them were Education Department memorandums describing F.B.I. requests for information on specific people whose names were blocked out and an internal memorandum dated June 16, 10 days after her interview, stating that the data sharing program had terminated. The name of the author of that memorandum was also redacted, she added. ?I learned that getting information from a federal agency you need to be persistent,? Ms. McGann said. ?And I learned that public documents are really a wealth of stories.? She said she had accepted a position at Dow Jones Newswires in Washington. Eric Lichtblau contributed reporting from Washington for this article. From rforno at infowarrior.org Fri Sep 1 09:34:30 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 01 Sep 2006 09:34:30 -0400 Subject: [Infowarrior] - DHS Cybersecurity: Learning the lessons of 9/11 for real Message-ID: Learning the lessons of 9/11 for real By Charles Cooper http://news.com.com/Learning+the+lessons+of+911+for+real/2010-7348_3-6111571 .html Story last modified Fri Sep 01 04:29:15 PDT 2006 President Bush and his senior advisers rarely miss an occasion to remind the nation not to forget the "lessons of Sept. 11." But less than two weeks before the fifth anniversary of the attacks, the question of who should coordinate cybersecurity remains an afterthought. After the resignation of the first three so-called cyberczars, Congress said the answer was to give someone real authority within the Department of Homeland Security and let him or her direct cybersecurity policy. So it was that in July 2005, DHS Secretary Michael Chertoff agreed to create the post of assistant secretary for cybersecurity and telecommunications. Good idea, but one year later, why does the post remain unfilled? A spokeswoman claims the department is "moving diligently" to narrow its choices. But so far, she says, the department hasn't found a candidate with the necessary technical and operational experience to lead the new division. If so, then we're in big trouble, as this would testify to a lousy bench of recruits available to Uncle Sam in times of emergency. Maybe the Department of Homeland Security wasn't speaking with the right candidates. So as a public service, I decided to browse through my little black book and see what could be done. I dialed up a technology heavyweight I've known for years. This person had spent years navigating the corridors of power at the White House and possessed all the technical chops you would want from a dream candidate. I asked if this person was interested in another tour of duty. No problem. All the government needed to do was ask. But can the government pay enough to attract our best and brightest? Even if an all-star walked through the doors for an interview, DHS told me Silicon Valley offers financial inducements that are in another league. In a narrow sense, that is true. So how about pointing to the Stars and Stripes when the job interview begins? I've griped about the unalloyed selfishness on display in many corporate boardrooms. But the greed-is-good crowd constitutes the minority. I'm always struck by the number of generous and highly talented people working in the technology field. A lot of these folks are filthy rich, but they aren't only motivated by money. Many freely give back to society because they believe it's their duty as citizens. If the government still can't locate a fitting candidate, Chertoff should give me a call sometime. I could provide a list of the truly qualified. "I don't buy the argument that there are all these stock options out there and so it's hard to get people to work for government," said Paul Kurtz, a technology expert who helped put in place the initial strategy to address cybersecurity when he worked for the Bush White House. "There are a lot of people in government who could make a lot more money and yet they choose to work in public service." What with al-Qaida still in business, the administration's defenders argue that the government's attention is occupied by more pressing matters. That's just the trouble. The government has invested a lot of effort into combating terrorism, improving airline security and finding more appropriate ways respond to hurricanes. But that doesn't help when dealing with the unknown. "The government's very comfortable fighting the last war but not so comfortable planning for the unexpected," said Kurtz, who nowadays heads the Cyber Security Industry Alliance. "You've got tunnel vision at DHS and in the administration, where they're focused on the aftermath of Sept. 11 and Katrina and don't necessarily have their heads up to the fact that there are these other problems out there--and one of them is our dependence on the information infrastructure and the fact that it's increasingly under attack." The Homeland Security Department was created to make sure the nation can rapidly reconstitute itself after there's a massive rupture in our infrastructure. We learned from Hurricane Katrina that if people can't communicate, the effects of a disaster--manmade or natural--get compounded. The growing fear is that the upper echelons of the government don't have the foggiest idea about what might happen if the nation's information infrastructure gets paralyzed. Diffidence comes at a price. From rforno at infowarrior.org Fri Sep 1 10:24:14 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 01 Sep 2006 10:24:14 -0400 Subject: [Infowarrior] - Walt Disney World: The Government's Tomorrowland? Message-ID: Walt Disney World: The Government's Tomorrowland? By Karen Harmel, Laura Spadanuta, August 14, 2006 Walt Disney World, which bills itself as one of the happiest and most magical places anywhere, also may be one of the most closely watched and secure. Walt Disney World, which bills itself as one of the happiest and most magical places anywhere, also may be one of the most closely watched and secure. And control over park entrances is getting even tighter: the nation's most popular tourist attraction now is beginning to scan visitor fingerprint information. For years, Disney has recorded onto tickets the geometry and shape of visitors? fingers to prevent ticket fraud or resale, as an alternative to time-consuming photo identification checks. By the end of September, all of the geometry readers at Disney?s four Orlando theme parks, which attract tens of millions of visitors each year, will be replaced with machines that scan fingerprint information, according to industry experts familiar with the technology. < - > http://newsinitiative.org/story/2006/08/14/walt_disney_world_the_governments From rforno at infowarrior.org Fri Sep 1 13:25:51 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 01 Sep 2006 13:25:51 -0400 Subject: [Infowarrior] - Apple Recall items of interest Message-ID: The Apple battery recall has been in the news for what -- at least a week or more....yet JUST this morning I received an e-mail recall notice from them. (Item #1) Included was a URL for their tech support site to begin the exchange process. While the email appears to be a legit one from the company, it was sent not only in HTML (ugh!) but without any form of digital signature to help verify its authenticity. (Item #2) Is it me or does this seem like a slow response time to get an e-mail out to its customers warning them that their laptops might ignite -- especially when it's been in a huge story in the mainstream media for a while anyway? And more disturbing, why is Apple sending official notes out to folks telling them to "visit a URL" but not digitally-signing them? That looks to me like a perfect opportunity for a phishing scam ripe for the taking if someone wanted to mess with folks. Tsk, tsk, Apple. -rf From rforno at infowarrior.org Fri Sep 1 13:43:29 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 01 Sep 2006 13:43:29 -0400 Subject: [Infowarrior] - DHS Procedures for Handling Critical Infrastructure Information; Final Rule Message-ID: DEPARTMENT OF HOMELAND SECURITY Office of the Secretary 6 CFR Part 29 RIN 1601-AA14 Procedures for Handling Critical Infrastructure Information AGENCY: Office of the Secretary, DHS. ACTION: Final rule. http://cryptome.org/dhs090106.htm From rforno at infowarrior.org Fri Sep 1 22:40:32 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 01 Sep 2006 22:40:32 -0400 Subject: [Infowarrior] - Heightened Airport Insecurity Message-ID: Heightened Airport Insecurity Since British Arrests, Delays, Diversions and False Alarms http://www.washingtonpost.com/wp-dyn/content/article/2006/09/01/AR2006090101 529_pf.html By Del Quentin Wilber Washington Post Staff Writer Saturday, September 2, 2006; D01 A suspicious bottle of water, a child overheard saying he had a bomb, a telephoned threat, locked lavatory doors. Since British officials said they foiled a terrorist plot to blow up planes over the Atlantic Ocean, hyper-vigilance aboard U.S. airliners has prompted a rash of emergency landings based on threats that turned out to pose no danger. The incidents suggest that pilots, flight attendants and passengers are ready to err on the side of extreme caution in a period of heightened anxiety in air travel. With Labor Day travel this weekend and the anniversary of the Sept. 11, 2001, terrorist attacks around the corner, security consultants and psychologists said passengers should expect more airline diversions, delays and airport evacuations. The hair-trigger responses to perceived threats are an unavoidable condition of the times, they said. "If you are looking for suspicious behavior, you are going to notice things and classify them as suspicious that otherwise you wouldn't be paying attention to if you weren't on alert," said David Carbonell, a psychologist in the Chicago area who works with people who are afraid to fly. "We have the whole population of civilian fliers sort of on a war footing, the way we expect soldiers on the front to be in. That is not generally a healthy thing." The anxiety began before dawn on Aug. 10, when Transportation Security Administration officials prohibited many common items from carry-on baggage. They banned all liquids and gels -- meaning no more bottles of water, hair gel, lip gloss, toothpaste or gel shoe inserts. Officials said such things could be used to disguise explosives. At the time, authorities said they had to hurriedly prohibit such substances because British authorities said plotters had planned to blow up transatlantic flights with liquid explosives hidden in sports-drink bottles. At news conferences, U.S. officials said they enacted the security measures because some plotters could slip through dragnets or copycats might suddenly pop up on a flight. Three weeks later, the nation's top aviation security official said the threat remains. "This continues to be a very serious threat and we are taking no chances on the security of our aviation system," said Edmund S. "Kip" Hawley, head of the Transportation Security Administration. "It would be a mistake to conclude that because of the arrests in the United Kingdom that we can lower our security posture." Hawley said he wants travelers to look for suspicious activity. "Americans are refocusing on what people in the government who work on this every day know: There are terrorists out there who are trying to attack the United States, and many are planning to do it through the aviation system," Hawley said. "A calm, alert traveler is one of our best security assets." In the days after the TSA increased security, more than 10 flights were diverted or searched, and at least one airport was shut down. On Aug. 16, a flight from London to Washington Dulles International Airport made an emergency landing in Boston because an unruly passenger acted up in the cabin. The woman made references to the Sept. 11, 2001, attacks, told crew members that she had visited Pakistan and urinated on the cabin's floor, according to an FBI affidavit. The woman, who is under evaluation for mental illness, is being held on federal charges of interfering with a flight crew. She had no connection to terrorism, officials have said. More security incidents followed. A Delta Air Lines jet was searched after a flight attendant became suspicious of a passenger who spent too much time in the restroom and may have tampered with a smoke detector. An American Airlines jet made an emergency landing in Tampa and was searched after the crew found that both lavatories were locked. An airport in West Virginia was evacuated after a woman's glass water bottle and a container of face cleanser tested positive for explosive residue. The FBI later determined that the woman had no explosives. The next week, a Northwest Airlines flight returned to Amsterdam shortly after takeoff when an U.S. air marshal became suspicious of 12 passengers who passed around cellphones and ignored orders to keep their seat belts on. The 12 were detained but released by Dutch authorities, who also said there was no connection to terrorism. Then came a series of emergency landings, searches and diverted flights on Aug. 25. A plane was extensively inspected after screeners at Houston's international airport found a stick of dynamite in a bag that a student bought in South America. The flight continued to Newark -- without the student or his bags -- and was searched again. An Air Lingus flight from New York to Dublin was evacuated at an airport in western Ireland after a bomb threat was phoned in. And a Continental Airlines flight was diverted to El Paso after the flight crew saw that a lavatory panel was missing. On Monday, a commuter jet was diverted after someone found a threatening note on board the aircraft. The news media covered all the incidents extensively. Security experts said that they were not surprised by the diversions or the evacuation of the West Virginia airport and that they expect more such incidents. They blamed television coverage of the coming anniversary of the Sept. 11 attacks and a surge of inexperienced leisure travelers who might be nervous. They also worry about people who call in fake bomb threats so they can watch the chaos they created on television. "Everybody is going to be watching television about 9/11 and seeing pictures of the buildings and people jumping from them," said Mike Boyd, a security consultant. "More and more, they're going to be thinking that they're no safer than they were, and that is going to make people jumpy." Boyd and other security experts blamed the public's anxiety partly on the response to the threat by authorities. Because the passenger screening system is geared toward finding illicit items, not on identifying suspicious people, authorities had no choice but to ban all liquids and gels from passenger cabins, several security experts said. "We've educated the public to be afraid of things," said Bob Hesselbein, an airline pilot and chairman of the Air Line Pilots Association's national security committee. "Let's hope they never find a way to weave explosives into clothing because it's going to be pretty darned embarrassing on an airplane. . . . We are treating everybody as a potential terrorist, and that breeds more fear." ? 2006 The Washington Post Company From rforno at infowarrior.org Sat Sep 2 11:42:11 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 02 Sep 2006 11:42:11 -0400 Subject: [Infowarrior] - Website for TSA Screeners: Bomb Or Not? Message-ID: As the site's FAQ says, " This site helps you improve your bomb detection skills, so that you can become a better inconvenience to travelers." C/O BoingBoing -- > Since the TSA can't seem to tell the difference between gatorade and high > explosives, it's timely that someone's created "Bomb or Not," a hot-or-not > style site that challenges visitors to correctly class various objects as > bombs or not: kittens, ice cream, deodorant, > > http://www.bombornot.com/ From rforno at infowarrior.org Sat Sep 2 13:32:23 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 02 Sep 2006 13:32:23 -0400 Subject: [Infowarrior] - Holmdel Bell Labs facility update: it stays! Message-ID: Holmdel Bell Labs facility update: it stays! Posted Sep 1st 2006 7:16PM by Ryan Block http://announcements.engadget.com/ Well here's a good bit of news to kick your weekend off with. Remember that piece we did profiling the Bell Labs Holmdel Facility that was looking like it was about to be razed by a real estate development firm which recently purchased the property? Well, after the public outcry that followed in the blogosphere and abroad (which apparently resulted in a deluge of calls, letters, and emails), it looks like the development firm, PREI, isn't only going to keep a huge portion of the site, they're going to do more to further its historic value. At a Holmdel Community Center meeting attended by Joe Ferrara (who originally tipped us off to the situation), PREI announced that the landscape, oval, tower and two of the original Phase I Eero Saarinen-designed buildings will remain (including the 80-foot tall center lobby), in addition to developing a historic library to highlight Bell Labs' artifacts and paraphernalia related to the facility. Also being built are five new adjacent buildings (in orange, above), though two of the original Phase II buildings (and two wings that were added later) will be demolished. Kinda sucks the facility couldn't be left entirely intact, but they're keeping the core of the Labs and Saarinen's work -- which is really all we can ask for -- and are adding to the office space without taking away from the pastoral surroundings. Apparently the new tenants are expected by 2009, and we can only hope they'll appreciate their digs and live up to the Holmdel legacy of innovation. P.S. -To anyone who wrote, called, or TPed PREI, we thank you, and technology history thanks you. Have a nice Labor Day! From rforno at infowarrior.org Sat Sep 2 21:31:41 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 02 Sep 2006 21:31:41 -0400 Subject: [Infowarrior] - Google to Give Data To Brazilian Court Message-ID: Google to Give Data To Brazilian Court Request Differs From U.S.'s, It Says http://www.washingtonpost.com/wp-dyn/content/article/2006/09/01/AR2006090100 608_pf.html By Ellen Nakashima Washington Post Staff Writer Saturday, September 2, 2006; D03 Google Inc., which refused in the past year to hand over user search data to U.S. authorities fighting children's access to pornography, said yesterday that it was complying with a Brazilian court's orders to turn over data that could help identify users accused of taking part in online communities that encourage racism, pedophilia and homophobia. The difference, it says, is scale and purpose. The Justice Department wanted Google's entire search index, billions of pages and two months' worth of queries, for a broad civil case. Brazil, by contrast, is looking for information in specific cases involving Google's social networking site, Orkut. "What they're asking for is not billions of pages," said Nicole Wong, Google associate general counsel. "In most cases, it's relatively discrete -- small and narrow." Google released a statement yesterday saying it was complying with the Brazilian court orders following a ruling Thursday by a Brazilian judge that threatened Google with a fine of $23,000 a day for noncompliance. According to Google, the judge mistakenly thought the company was resisting because court orders had been sent to Google's Brazilian subsidiary, Google Brazil, instead of to Google Inc. headquarters in the United States. So far, has complied with 26 court orders that have been redirected to Google Inc., Wong said. Google has stored information relating to at least 70 more cases in anticipation of a court order, she said. The Brazilian authorities are particularly interested in Internet protocol addresses with time and date stamps that can help trace a specific user. Registration information Google could provide includes names and e-mail addresses. Orkut pulls objectionable words and pictures from user sites, but Google stores content it feels could be useful in a lawsuit. Orkut is especially popular in Brazil, which accounts for 75 percent of its 17 million users. Legal and privacy experts said that Google had no choice but to comply with the court order. "From the law enforcement perspective, if the records are in the possession of the business, the business can be compelled to produce them," said Marc Rotenberg, executive director of the Washington-based Electronic Privacy Information Center. The larger point, civil libertarians said, is that as long as Internet companies retain data that can identify people, which they use for marketing purposes, they will become targets of law enforcement. That can raise dilemmas for the companies, they said. "Suppose the Chinese government sought the identities of people who visited dissident Web sites? Or the Iranian regime wanted to identify those who posted material critical of Islam? " said David Sobel, senior counsel for the Electronic Frontier Foundation in Washington. Last year, Yahoo Inc. confirmed that it had given Chinese authorities information later used to convict a Chinese journalist imprisoned for leaking state secrets. "It's almost a defining moment for the industry," Rotenberg said. "They need to decide if they want to become a one-stop shop for government prosecutors." European and Latin American laws permit prosecution for hate speech -- an approach the U.S. Constitution does not allow, though hate crimes can be prosecuted. Google, in its statement, said "it is and always has been our intention to be as cooperative in the investigation and prosecution of crimes as we possibly can, while being careful to balance the interests of our users and the request from the authorities." Research assistant Alice Crites contributed to this report. ? 2006 The Washington Post Company From rforno at infowarrior.org Sun Sep 3 08:58:15 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 03 Sep 2006 08:58:15 -0400 Subject: [Infowarrior] - Paper: SWAT Abuses Message-ID: http://www.cato.org/pubs/wtpapers/balko_whitepaper_2006.pdf Americans have long maintained that a man?s home is his castle and that he has the right to defend it from unlawful intruders. Unfortun- ately, that right may be disappearing. Over the last 25 years, America has seen a disturbing mili- tarization of its civilian law enforcement, along with a dramatic and unsettling rise in the use of paramilitary police units (most commonly called Special Weapons and Tactics, or SWAT) for rou- tine police work. The most common use of SWAT teams today is to serve narcotics warrants, usual- ly with forced, unannounced entry into the home. These increasingly frequent raids, 40,000 per year by one estimate, are needlessly subjecting nonviolent drug offenders, bystanders, and wrongly targeted civilians to the terror of having their homes invaded while they?re sleeping, usu- ally by teams of heavily armed paramilitary units dressed not as police officers but as soldiers. These raids bring unnecessary violence and provocation to nonviolent drug offenders, many of whom were guilty of only misdemeanors. The raids terrorize innocents when police mistakenly target the wrong residence. And they have result- ed in dozens of needless deaths and injuries, not only of drug offenders, but also of police officers, children, bystanders, and innocent suspects. This paper presents a history and overview of the issue of paramilitary drug raids, provides an extensive catalogue of abuses and mistaken raids, and offers recommendations for reform. < - > http://www.cato.org/pubs/wtpapers/balko_whitepaper_2006.pdf From rforno at infowarrior.org Sun Sep 3 12:08:48 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 03 Sep 2006 12:08:48 -0400 Subject: [Infowarrior] - Earthlink rolls out "Sitefinder" service on dead domains Message-ID: Today, if you use EarthLink internet access, when you mis-type the URL of the web site you were trying to find, or if the site no longer exists, one of several things happens: * (a) The site you wanted also owns the misspelling and redirects you. You typed "Goooogle.com" but you get to google.com anyway. * (b) Someone unrelated to the site you wanted owns the misspelling and serves you their own page. Often it's a page filled with useless nonsense text and affiliate links, or it's a prankster. * (c) The misspelled domain is not owned by anyone, or no longer exists. Your browser (often Internet Explorer) or an add-on toolbar you may have displays a suggestion for what you were looking for, or sends you to the site it thinks you wanted. * (d) The misspelled domain is not owned by anyone, or no longer exists, and you get an error page with very little information on it that you've come to understand is the equivalent of "Try Again." In Safari, Last week EarthLink started rolling out a new system for handling certain specific types of browser errors on our network. You'll only see it in the fourth case listed above. It serves you a page with suggestions for what site you might have been looking for, along with the ability to search using Yahoo. It also has an ad on it. We think that for the vast majority of users who end up in bucket "d", this is a better experience because it helps them to get where they are going quicker, and doesn't leave them with a dead end. In addition, EarthLink will generate revenue from the page. < - > http://blogs.earthlink.net/2006/08/handling_dead_domains_1.php From rforno at infowarrior.org Sun Sep 3 15:34:27 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 03 Sep 2006 15:34:27 -0400 Subject: [Infowarrior] - Sorry, you can't have the internet... you're over 70 Message-ID: Sorry, you can't have the internet... you're over 70 By HEIDI DORE Last updated at 22:00pm on 2nd September 2006 http://www.dailymail.co.uk/pages/live/articles/news/news.html?in_article_id= 403333&in_page_id=1770 After walking the Great Wall of China and making plans for a trip to Russia, Shirley Greening-Jackson thought signing up for a new internet service would be a doddle. But the young man behind the counter had other ideas. He said she was barred - because she was too old. The 75-year-old would only be allowed to sign the forms for the Carphone Warehouse's TalkTalk phone and broadband package if she was accompanied by a younger member of her family who could explain the small print to her. Mrs Greening-Jackson, who sits on the board of several charities, said: "I was absolutely furious. The young man said, 'Sorry, you're over 70. It's company policy. We don't sign anyone up who is over 70.' "Later a young lady said company policy is that anyone over 70 might not understand the contract. She said, 'If you would be prepared to go to the shop in town and take a younger member of your family we might give you a contract.' "I have just completed a visa form to go to Russia. Last year we did one for walking the Wall in China and here is this person saying I would not be able to understand a basic form - and it was basic. It is pure ageism. "Somebody has decided when you turn 70 you lose a lot of your mind. I find this is ridiculous." When her case came to light on Radio 4's You And Yours last week, Carphone Warehouse admitted it had adopted an over-70 rule. But the firm insisted it was not a blanket policy and claimed the guidance was to protect the elderly. A spokeswoman said: "It is not our policy to refuse business from adult customers of any age group. However, we do ask our agents to use their discretion when dealing with older customers." She added that the discretionary rule had been introduced in response to complaints that staff had mis-sold products last year. Liberal Democrat MP Paul Burstow, who chairs the all-party parliamentary group on older people, described the practice as 'deeply offensive'. He said: "It is nonsense to assume those over the age of 70 cannot understand this sort of package, especially with the huge explosion of 'silver surfers' using the net." New laws next month will outlaw ageism in the workplace. But Help the Aged wants the rules extended to protect consumers. "We see companies putting in place arbitrary age rules all the time,' a spokeswoman said. "To deny people services because of their age is just crazy. There needs to be legislation to address this." From rforno at infowarrior.org Sun Sep 3 21:16:03 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 03 Sep 2006 21:16:03 -0400 Subject: [Infowarrior] - RFI - New televisions Message-ID: Taking any suggestions/guidance on new TVs to replace my slowly-dying Sony WEGA CRT model. DLP or LCD? Must-have features? Should-have niceties? What's not going to be technologically-dead in 3-5 years? Plasma is too expensive, and I cannot use projection-type models due to uncontrollable ambient light issues in my place....and I don't plan to keep the drapes closed 24x7. :) Inquiring minds want to know....thx -rf From rforno at infowarrior.org Mon Sep 4 10:30:38 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 04 Sep 2006 10:30:38 -0400 Subject: [Infowarrior] - Crocodile Hunter Steve Irwin dead Message-ID: Crocodile Hunter Steve Irwin dead By staff writers September 04, 2006 02:14pm Article from: Font size: + - THE Crocodile Hunter, Steve Irwin, is dead. He was killed in a freak accident in Cairns, police sources said today. It is understood he was killed by a stingray barb that went through his chest and reportedly into his heart . He was swimming off the Low Isles at Port Douglas filming an underwater documentary when the tragedy occured. The Queensland Ambulance Service (QAS) was called about 11am (AEST) and an emergency services helicopter was flown to the crew's boat on Batt Reef, off the coast near Cairns, with a doctor and emergency services paramedic on board. Irwin had a puncture wound to the left side of his chest and was pronounced dead at the scene. Irwin's body is being flown to Cairns. It is believed his American-born wife Terri is trekking on Cradle Mountain in Tasmania and is yet to be told of her husband's death. The Irwins have two children - a daughter, Bindi Sue Irwin, eight, and a three-year-old son, Robert (Bob) Clarence Irwin. Steve Irwin - known worldwide as the Crocodile Hunter - is famous for his enthusiasm for wildlife and his catchcry "Crikey!". In an sad twist, it has been reported that his new documentary was aimed at demystifying the stingray. Irwin's Crocodile Hunter program was first broadcast in 1992 and has been shown around the world on cable network Discovery. He has also starred in movies and has developed the Australia Zoo wildlife park, north of Brisbane, which was started by his parents Bob and Lyn Irwin. Tributes have already started pouring in for the larger-than-life character. Foreign Minister Alexander Downer, who used a photograph of his family at Australia Zoo for his official Christmas card last year, hailed Mr Irwin for his work in promoting Australia. Irwin was heavily involved in last year's "G'Day LA" campaign. "The minister knew him, was fond of him and was very, very appreciative of all the work he'd done to promote Australia overseas," a spokesman said. A Tourism Queensland spokeswoman said the death was shocking and paid tribute to Irwin's "enormous contribution" to his adopted state. Louise Yates said it was impossible to quantify how much Mr Irwin had meant to the Queensland tourism industry. "I don't think we could even estimate how much he brought us through his personality and his profile and his enthusiasm about Queensland," she said. "It would be difficult to estimate how much he was worth. And it would be difficult to underestimate." She said Irwin had been a larger-than-life ambassador. "It's not just what he brought but what he took with him when he travelled, his passion." Australia Zoo, on southeast Queensland's Sunshine Coast, employs more than 500 people and attracts thousands of visitors every day. But Ms Yates said it would be "unfair and unjust" to put a dollar value on Irwin's worth to the state, because of how much he had given. With The Courier Mail and AAP From rforno at infowarrior.org Tue Sep 5 08:55:00 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 05 Sep 2006 08:55:00 -0400 Subject: [Infowarrior] - Criminal Terrorism Enforcement in the US since 9/11 Message-ID: Criminal Terrorism Enforcement in the United States During the Five Years Since the 9/11/01 Attacks A comprehensive and sometimes surprising portrait of the handling of criminal cases in the United States against individuals identified as international terrorists during the five years after 9/11/01 has emerged from an analysis of hundreds of thousands Justice Department records by the Transactional Records Access Clearinghouse (TRAC). TRAC, a data research organization connected to Syracuse University, has been studying a wide range of federal agencies and programs for more than 15 years. < - > http://trac.syr.edu/tracreports/terrorism/169/ From rforno at infowarrior.org Tue Sep 5 10:22:18 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 05 Sep 2006 10:22:18 -0400 Subject: [Infowarrior] - 9/06 National Strategy for Combating Terrorism (PDF) Message-ID: National Strategy for Combating Terrorism September 2006 http://www.whitehouse.gov/nsc/nsct/2006/index.html Link to Full PDF Document Full PDF Document (1.64 MB) 1. Overview of America?s National Strategy for Combating Terrorism 2. Today?s Realities in the War on Terror * Successes * Challenges 3. Today?s Terrorist Enemy 4. Strategic Vision for the War on Terror 5. Strategy for Winning the War on Terror * Long-term approach: Advancing effective democracy * Over the short term: Four priorities of action o Prevent attacks by terrorist networks o Deny WMD to rogue states and terrorist allies who seek to use them o Deny terrorists the support and sanctuary of rogue states o Deny terrorists control of any nation they would use as a base and launching pad for terror 6. Institutionalizing Our Strategy for Long-term Success 7. Conclusion From rforno at infowarrior.org Tue Sep 5 10:30:53 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 05 Sep 2006 10:30:53 -0400 Subject: [Infowarrior] - NZ draws line on DRM and trusted computing Message-ID: NZ draws line on DRM and trusted computing Rob O'Neill, ZDNet Australia September 05, 2006 URL: http://www.zdnet.com.au/news/software/soa/NZ_draws_line_on_DRM_and_trusted_c omputing/0,130061733,339270846,00.htm New Zealand?s lead state-sector authority has drawn a line in the sand to ensure government information security is not compromised by new "trusted computing" and digital rights management (DRM) technologies. The policies, released by the New Zealand State Services Commission (SSC) today, are an acknowledgement of the risks posed by the trusted computing and DRM initiatives being driven by international IT vendors and media organisations. They also call for new standards and features to be developed and included in trusted computing and DRM systems to meet the needs of international governments. The policies are designed, the SSC says, "to ensure that the use of trusted computing and digital rights management technologies does not adversely affect the integrity (including availability and confidentiality) of government-held information or related government systems." The policies are not New Zealand-specific, the SSC says, and other governments are invited to make use of and contribute to them. "We believe that collaboration between governments is vital to ensure that these technologies develop in a way consistent with government requirements. By agreeing on a common set of principles and policies that reflect their requirements, governments can more effectively influence ICT product vendors to develop standards and features that will meet these requirements, for example a standard for disclosing the DRM restrictions associated with a computer file." The policies outline basic principles that oppose externally imposed restrictions on access to government information except where government has given informed consent. Government must also have full control of any DRM encumbrance over the master copy of any information it owns. They also call for a common set of rights definitions and proscribe the use of hardware or software that could modify or hinder access to information held by government. Such systems also cannot compromise information privacy. Agencies must have knowledge about the information flows into and out of such systems. Trusted computing systems can, broadly, restrict access to information if the client system is not operating properly while DRM restricts access to protect intellectual property. The SSC is inviting other government, vendors and interest groups wishing to collaborate on the project to visit its Web site. The "Trusted Computing and Digital Rights Management Principles and Policies" have been developed over the last year by officials from central and local government with input from vendors such as IBM, Hewlett-Packard and Microsoft. Copyright ? 2006 CNET Networks, Inc. All Rights Reserved. From rforno at infowarrior.org Tue Sep 5 11:48:53 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 05 Sep 2006 11:48:53 -0400 Subject: [Infowarrior] - The second coming: Tonight at 6:30PM ET Message-ID: Kaite here, Katie there. OMFG Katie starts on CBS tonight. I agree she's talented, probably a great person, and I sincerely wish her luck in her broadcasting career at CBS News. Still, you'd think there would be more important things in the world to fawn over today than these paparazzi-esque hour-by-hour countdowns of "All Things Katie." (You'd think it was the rapture or something, the way folks are carrying on today...what will she wear, what kind of music they will play, where she will sit, etc, etc, etc. Sheesh. I bet it'll be the most Tivo'd evening news program in history.) That said --- OMFG, it's Katie!!!! *gush* ...sorry, I couldn't resist. :) -rf From rforno at infowarrior.org Tue Sep 5 13:57:41 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 05 Sep 2006 13:57:41 -0400 Subject: [Infowarrior] - Secrecy Report Card 2006: Indicators of Secrecy in the Federal Government Message-ID: (c/o Secrecy News) "Secrecy Report Card 2006: Indicators of Secrecy in the Federal Government" http://www.openthegovernment.org/otg/SRC2006.pdf From rforno at infowarrior.org Tue Sep 5 19:20:55 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 05 Sep 2006 19:20:55 -0400 Subject: [Infowarrior] - Verizon incorrectly filtering folks? Message-ID: So is anyone else finding themselves suddenly blacklisted from sending to Verizon customers? Tried this with 4 different people and none received a test message.....IIRC this was a problem for them a few months back, too? -rf >>> MAIL From: SIZE=615 <<< 550 You are not allowed to send mail:sv20pub.verizon.net 554 5.0.0 Service unavailable From rforno at infowarrior.org Tue Sep 5 19:42:56 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 05 Sep 2006 19:42:56 -0400 Subject: [Infowarrior] - Heading Off a Headache: Have Bags Shipped Message-ID: September 3, 2006 Practical Traveler Heading Off a Headache: Have Bags Shipped By MICHELLE HIGGINS http://www.nytimes.com/2006/09/03/travel/03pracbags.html?_r=1&oref=slogin&re f=travel?8dpc&pagewanted=print AS travelers adapt to the inconvenience of climbing into airplane cabins without their makeup, toothpaste and mocha lattes close at hand, they are also discovering another consequence of the new security rules: more time lost to the rituals of checked bags. Not only are people who once took pride in packing everything for a trip into a single carry-on suddenly waiting at baggage carousels, but also, because of the increased number of bags being checked, airline luggage-handling systems are being stretched to their limits. To comply with the ban against carrying liquids and gels on board, Steve Mandel of Parsippany, N.J., packed his toiletries in his bag for a recent Continental flight from Newark to Dayton, Ohio, and checked it. Waiting for his little bag to arrive at the luggage carousel added about 30 minutes on the way out and nearly 40 minutes on the way back for a flight of two hours or so. And that was in addition to the time spent checking the bag before takeoff. ?All because I had toothpaste, after-shave lotion and shaving cream,? said Mr. Mandel, who flies often for business. Those extra minutes were enough so that he is now considering avoiding air travel altogether when he can. ?I can drive to Boston in five hours,? he said, citing one of his business destinations. If he flies, ?It?s four hours by the time I get there and get everything, and I?d still have to rent a car and drive someplace.? Although security lines have mostly shrunk back to normal levels, lines at airport check-in counters have lengthened. And though the coming of fall means fewer leisure travelers checking luggage, business travelers are making up for that by checking what would normally be carry-on bags rather than leaving toiletries behind. Airlines and airports continue to report anywhere from 10 to 30 percent increases in checked luggage, though the immediate surge in checked bags has subsided from 50 percent increases in the days just after the new carry-on restrictions were put into effect. After years of staffing cutbacks, the airlines appear ill prepared to handle the influx of bags. The International Association of Machinists and Aerospace Workers, which represents bag handlers, ground workers and other airline employees, said it had lost about 43,000 members because of airline cutbacks since Sept. 11, 2001. So far, some airlines are having baggage handlers work overtime or are asking other employees like gate agents and ramp workers to pitch in. But if the amount of checked luggage doesn?t subside, they will have to consider hiring extra workers. Besides greater capacity, there?s the continuing problem of making sure all those bags get where they are supposed to go. ?Now is the worst time to check a bag,? said Joe Brancatelli, the publisher of the subscription travel Web site www.Joesentme.com. ?The system was breaking down before. Mishandled baggage numbers have been spiking.? The longer wait times to check in and retrieve bags are the latest addition to increasing inconveniences and reduced services on commercial flights in recent years ? some attributable to increased security, but many others to cost cuts in an era of cutthroat competition. For most travelers, the tipping point that makes air travel something to be avoided altogether is probably far off. But inevitably, people will look for ways to escape the extra wait. For those who don?t mind paying for convenience, companies with names like Luggage Forward and Virtual Bellhop will pick up and deliver bags to a destination, bypassing the airline baggage system altogether. Prices vary depending on a bag?s weight, destination and shipping time. Luggage Forward charges $103, for example, to ship a medium-size bag weighing up to 40 pounds from New York to Los Angeles in five days. Overnight delivery costs $201. Other companies let customers drop off their suitcases at check-in centers far from the airport. Baggage Airline Guest Services in Orlando, or Bags Inc. for short, has agreements with the major airlines to allow passengers to print boarding passes, check in and drop off their luggage for domestic flights at a variety of locations including the Disney resorts and hotels in Orlando. The price is $10 a person, and the service cuts time only on the trip out. Go to www.aa.com/aadvanceBagCheck for a list of participating hotels and cruise lines. HYATT Hotels is working with Bags Inc. to establish drop-off stations in its hotels in Denver, Seattle, San Diego, Boston, Miami, Orlando and Tampa by the end of the year. Fliers don?t have to be staying at one of the hotels to use the service. Bags Inc. said using its service won?t increase the odds that a bag would be lost, even though more people may be handling it, because the company has direct access to airline reservation systems and typically delivers bags to airports at times when crowds are diminished. Then there?s the option of not taking toiletries at all. Travelers who decide to pick up their cologne or nail polish after landing can log onto www2.bcbsmo.com/pharmacy_finder/PharmacyFinder.asp to find stores by zip code. And many hotels, including the Omni chain and Wyndham, have begun stocking extra toiletries for customers who arrive without supplies. The Ritz-Carlton Hotel Company has reinstituted its Luggageless Travel program, a laundry and storage service for guests staying at the same hotel four or more times a month. For passengers whose major concern is avoiding lost bags, picking up a sample-size tube of Colgate at the destination is likely to be far more attractive than checking a bag. In London, in the days following the strict new security rules amid the chaos of canceled flights and stranded passengers, tens of thousands of bags were reportedly misplaced. In the United States, mishandled baggage complaints were growing before the latest terror threat emerged, increasing to 6.04 for every 1,000 passengers last year from 4.91 in 2004, according to the Department of Transportation. After her suitcase didn?t arrive on a trip from her home city, Houston, to Fort Myers, Fla., last month, Ava Jean Mears, 79, had to borrow something to sleep in from a friend she was visiting. ?I saw them load my suitcase onto the flight,? said Ms. Mears, who spotted her bright blue bag as she watched the baggage handlers from her window seat on AirTran. ?I knew it was going somewhere. I don?t know what happened to it.? Fortunately, AirTran quickly corrected its mistake. Ms. Mears?s bag was found and delivered to her friend?s doorstep in Naples, Fla., the next morning. And she returned the borrowed nightie. From rforno at infowarrior.org Tue Sep 5 21:14:51 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 05 Sep 2006 21:14:51 -0400 Subject: [Infowarrior] - DMCA 'Terror' Case Dismissed Message-ID: DMCA 'Terror' Case Dismissed http://blog.wired.com/27BStroke6/index.blog?entry_id=1551352 A federal magistrate today dismissed with prejudice a disgraceful DMCA prosecution against three young Texas men who bought a lot of cell phones while looking Arab. Adham Othman, 21, his brother Louai Othman, 23, and their cousin Maruan Muhareb, 18, were cleared of money laundering and conspiracy charges after a day-long preliminary hearing. The three were rousted by local law enforcement in Michigan last month after they were spotted driving from Wal-Mart to Wal-Mart buying as many low-cost pre-paid cell phones as they could get their hands on. Tuscola County authorities arrested them as suspected terrorists and made a lot of noise. Then when the case didn't pan out the feds stepped in with charges that the men conspired to violate the DMCA. After hearing the evidence today, Michigan U.S. District Court Magistrate Charles Binder threw out the case. "I think (law enforcement) dug themselves a hole and they tried to dig themselves out," defense attorney Nabih Ayad told me. "The government had no evidence whatsoever that the phones and been modified or tampered with ? And they didn't show that there was a third party they were conspiring with." According to the FBI, the men admitted to buying hundreds of phones with the intention of digitally unlocking them so they could be used with other carriers, then reselling them at a small markup. In the complaint (.pdf), the FBI called this a "fraud scheme" in violation of the DMCA's anti-circumvention provisions, and said it injured consumers, TracFone, and the brand equity of Nokia, "the eighth most valuable brand in the world!" (exclamation mark added). It's hard to imagine anything creepier than the FBI merging homeland security hysteria with corporate IP extremism. The case was apparently dismissed for lack of evidence, which ducks the more interesting question of how unlocking a cell phone constitutes circumvention of a copy protection scheme. Similar arguments have been floated in civil court over garage door openers and printer cartridges, and failed miserably. That's why the feds normally wait for legal controversies like this to be decided civilly before taking sides with a criminal prosecution. In this case, their eagerness to fabricate a face-saving prosecution overcame their good sense, and today they got the black eye they deserve. (BTW, props to Carlo at Techdirt who called bullsh-t on this case when it was filed.) From rforno at infowarrior.org Tue Sep 5 21:24:03 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 05 Sep 2006 21:24:03 -0400 Subject: [Infowarrior] - Copyright treaty draws tech industry criticism Message-ID: Copyright treaty draws tech industry criticism By Anne Broache http://news.com.com/Copyright+treaty+draws+tech+industry+criticism/2100-1028 _3-6112532.html Story last modified Tue Sep 05 17:34:57 PDT 2006 ALEXANDRIA, Va.--An online culture built around user-generated content on Web sites like YouTube and MySpace would be imperiled by a new treaty, public interest groups and some technology companies said Tuesday. At issue is a treaty called "Protection of the Rights of Broadcasting Organizations," which proponents say is necessary to ensure that TV and cable broadcasters--and now, their Web-based counterparts--have the tools to combat unauthorized retransmission of their signals. The World Intellectual Property Organization, or WIPO, a specialized arm of the United Nations, gave the go-ahead in 2003 to begin drafting the treaty, but a final version is still pending. Opponents say the treaty would go far beyond targeting so-called "signal piracy." They warn that it would give broadcasters and Webcasters exclusive, 50-year rights to authorize rebroadcasting of their signals, would create additional legal hoops for the average Internet user to jump through, and could shrink existing protections in U.S. law for public domain works and other instances of fair use. With the latest draft of the document (click for PDF) scheduled for consideration at a meeting in Geneva next week, the U.S. Patent and Trademark Office hosted a roundtable discussion here in Alexandria, Va., to allow for public comment. A loose coalition of 35 companies and organizations, which are often at odds with each other on other topics, joined together to sign a statement of opposition (click for PDF), which was distributed at the two-hour event. The signatories included Dell, Hewlett Packard, Intel, AT&T, Verizon Communications, Sony, and TiVo, as well as the American Library Association, the Broadband Service Providers Association, the Home Recording Rights Coalition, and the Electronic Frontier Foundation. Although their individual positions varied, the document's signers generally argued that the broadcast and Webcast lobby--backed by Yahoo and other members of the Digital Media Association--have not made a strong enough case for the new treaty. If theft of signals is truly the primary worry, they said, then existing U.S. laws likely offer sufficient protections, or a more narrowly tailored proposal could be drafted. But as it stands, the proposal would trample on the legal rights consumers currently enjoy, such as recording TV broadcasts for later viewing and playing them back within their homes, some opponents argued. The proposal also embraces the legality of technological protection measures, which means there would be nothing to stop controversial copy-prevention regimes like the broadcast flag, designed to prevent digital TV piracy, from being implemented, said Electronic Frontier Foundation International Affairs Director Gwen Hinze. Such mandates "increase design costs, which are passed on to consumers, and reduce the feature set available to consumers," Hinze said. The proposal "would enable 'casters to gain very unprecedented control in the home and personal network environment, which would interfere with the rollout of broadband and home networking services (and) new and innovative devices that allow users to use content in new and flexible ways," said Michael Petricone, senior vice president for government affairs for the Consumer Electronics Association. Seth Greenstein, a partner at the Washington D.C. law office of Constantine Cannon who serves as outside counsel to the Digital Media Association, said that's not the intention of treaty supporters. "What we have always intended to be the scope of coverage is Internet Webcasting that is like broadcasting, not individual files, songs, audio or video clips made on individual Web sites, but rather programming that is scheduled," Greenstein said. He said he believed that the latest U.S.-offered definition of Netcasting (click for PDF) satisfies that aim. Jule Sigall, the U.S. Copyright Office official who led the roundtable, said the most recent language, released earlier this summer, is "very much a step towards something else" and that next week's meetings of WIPO's Standing Committee on Copyright and Related Rights will present "a very fluid situation" in which much could change. Copyright ?1995-2006 CNET Networks, Inc. All rights reserved. From rforno at infowarrior.org Tue Sep 5 23:26:26 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 05 Sep 2006 23:26:26 -0400 Subject: [Infowarrior] - Individuals, Small Groups Cited as Terrorist Threats Message-ID: Individuals, Small Groups Cited as Terrorist Threats U.S. Strategy Calls Democracy a Weapon http://www.washingtonpost.com/wp-dyn/content/article/2006/09/05/AR2006090501 399_pf.html By Karen DeYoung Washington Post Staff Writer Wednesday, September 6, 2006; A04 A new counterterrorism strategy released yesterday by the White House describes al-Qaeda as a significantly degraded organization, but outlines potent threats from smaller networks and individuals motivated by al-Qaeda ideology, a lack of freedom and "twisted" propaganda about U.S. policy in the Middle East. The National Strategy for Combating Terrorism reflects the intelligence community's latest analysis of the evolving nature of the threats from widely dispersed Islamic extremists who are often isolated and linked by little more than the Internet. It describes President Bush's "freedom agenda" of promoting democracy as the leading long-term weapon against them. Attacking terrorist organizations, controlling weapons of mass destruction and protecting the homeland remain U.S. priorities, the document says. But the strategy places new emphasis on the need for training experts in languages and Islamic culture, for enhanced partnerships abroad and with the American Muslim community, and for better information-sharing among domestic counterterrorism agencies. What today's extremists have in common, it says, is "that they exploit Islam and use terrorism for ideological ends." But "although al-Qaeda functions as the movement's vanguard . . . the movement is not controlled by any single individual, group or state." The document's release came as Bush delivered one of a series of preelection speeches on national security and terrorism. But his address, in contrast to the strategy document, focused heavily on al-Qaeda and the public threats made by its two top leaders, Osama bin Laden and Ayman al-Zawahiri, both of whom have evaded capture. "It's not an either-or phenomenon," said terrorism expert and Georgetown University professor Bruce Hoffman. "There are two processes moving on parallel tracks. You can see the attraction of saying . . . we have weakened al-Qaeda. But that also flies in the face of increasing evidence over the last couple of years that al-Qaeda is still directing and plotting attacks on a grand scale and seems undeterred." In a Justice Department briefing, Attorney General Alberto R. Gonzales said the changing nature of the enemy reflects victories against al-Qaeda and is "a sign of our success, not our failure." Critics of administration policy said the new strategy is an admission that previous policies have failed. It "seems to adopt many of the critiques Democrats made of the old one," Sen. Joseph R. Biden Jr. (D-Del.) said in a statement. "I hope today's change in rhetoric represents a real change in course." Several aspects of the new strategy differ sharply from an earlier version, published in February 2003, just before the U.S. invasion of Iraq. That document depicted a structured pyramid with al-Qaeda at the top, directing widespread terrorist cells and worldwide operations with help from sympathetic state sponsors. Its military emphasis called for U.S.-led "direct and continuous action" and warned that "we will not hesitate to act alone . . . including acting preemptively against terrorists." It also declared that "finding a solution to the Israeli-Palestinian conflict is a critical component to winning the war of ideas," and said that "no other issue has so colored the perception of the United States in the Muslim world." The new strategy emphasizes that al-Qaeda has been severely disrupted, with many of its leaders killed or captured, and its operations made "harder, costlier and riskier." It describes the influence of U.S. policy in the Middle East as minimal, portraying the Iraq war and the renewed Arab-Israeli strife as sources of deceptive propaganda for terrorist ideologues. Terrorism, it says, "is not simply a result of hostility to U.S. policy in Iraq . . . Israeli-Palestinian issues . . . [or] our efforts to prevent terror attacks." "The terrorism we confront today" springs from several sources, including an "ideology that justifies murder" and that blames "perceived injustices from the recent or sometimes distant past," the strategy says. That ideology, it says, preys upon populations that "see no legitimate way to promote change in their own country" and whose "information about the world is contaminated by falsehoods and corrupted by conspiracy theories." "Democracy," the strategy declares, "is the antithesis of terrorist tyranny, which is why the terrorists denounce it and are willing to kill the innocent to stop it." The document refers indirectly to "homegrown terrorists," such as the two dozen British citizens arrested in this summer's alleged plot to blow up commercial aircraft. Even in democracies, it says, "some ethnic or religious groups are unable or unwilling to grasp the benefits of freedom otherwise available in the society. . . . Even in these cases, the long-term solution remains deepening the reach of democracy so that all citizens enjoy its benefits." "We will continue to guard against the emergence of homegrown terrorists within our own Homeland as well," the strategy says. "Through outreach programs and public diplomacy we will reveal the terrorists' violent extremist ideology for what it is -- a form of totalitarianism following in the path of fascism and Nazism." The new strategy mirrors a blueprint written at the National Counterterrorism Center and presented to Bush in June. That classified, 160-page plan proposed a more equitable balance between the military effort emphasized in the 2003 strategy and what it termed the "war of ideas." Staff writers Michael A. Fletcher and Dan Eggen contributed to this report. ? 2006 The Washington Post Company From rforno at infowarrior.org Wed Sep 6 20:26:30 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 06 Sep 2006 20:26:30 -0400 Subject: [Infowarrior] - Wanted: Graduate Assistant to Professor S W Hawking Message-ID: Graduate Assistant to Professor S W Hawking Department of Applied Mathematics and Theoretical Physics Vacancy Reference No: LE00670 Salary: ?20,842-?23,457 http://www.admin.cam.ac.uk/offices/personnel/jobs/vacancies.cgi?job=670 Limit of tenure applies* The Relativity Group in the Department of Applied Mathematics and Theoretical Physics of the University of Cambridge is looking for a recent graduate to fill an assistant position from December 2006. The Head of the Group is Professor Stephen Hawking who is disabled and communicates using a computer system and speech synthesiser. If you were accepted for the post you would be responsible for maintaining and improving this computer system as well as other pieces of support equipment. You would help him to prepare and deliver seminars and public lectures and assist with scientific papers. You would also accompany Professor Hawking on his many travels and assist other members of the group. Flexibility, stamina and a confident and caring personality, together with a valid driving licence, are essential for this demanding job. Applicants should send a covering letter, full CV and completed PD18 form and the names of two referees who can be contacted immediately. This information should be sent to Ms Judith Croasdell, DAMTP, Centre for Mathematical Sciences, Wilberforce Road, Cambridge CB3 0WA, e-mail: J.Croasdell at damtp.cam.ac.uk. * The funds for this post are available for twelve months in the first instance. Closing date: 22 September 2006. Interview date: 18 October 2006. From rforno at infowarrior.org Thu Sep 7 08:19:07 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 07 Sep 2006 08:19:07 -0400 Subject: [Infowarrior] - FW: Researchers Challenge DOS Attack Data In-Reply-To: <3.0.5.32.20060907003542.12133970@pop.fuse.net> Message-ID: (c/o DK) http://www.darkreading.com/document.asp?doc_id=103049&f_src=darkreading_sect ion_296 Researchers Challenge DOS Attack Data SEPTEMBER 6, 2006 | Conventional wisdom about the sources and causes of denial-of-service (DOS) attacks -- and the best methods for preventing them -- could be completely wrong, a group of researchers said this week. Researchers at the University of Michigan, Carnegie Mellon University, and AT&T Labs-Research said they have completed a study that debunks the widely-held belief that DOS attack traffic is usually generated by a large number of attack sources disguised by spoofed IP addresses. In its study, the group found that 70 percent of DOS attacks are generated by less than 50 sources, and a relatively small number of attack sources account for nearly 72 percent of total attack volume. IP spoofing, long thought to be the most popular vector for launching a DOS attack, was found in only a few instances, the researchers said. In the past, sources of DOS attacks were tracked by measuring "backscatter," the amount of unwanted traffic sent to unused address blocks, the researchers observed. Examining this type of traffic helps expose conversations generated between spoofed IP addresses and unknown recipients. But because this measurement technique assumes the DOS attack was launched through spoofed IP addresses, it doesn't account for DOS attacks launched via botnets, which have become a much more attractive vector for attackers, the research team said. The new study combines traditional indirect measurement of backscatter with direct measurement of Netflow and alarms from a commercial DOS detection system. The resulting data suggests the vast majority of DOS traffic is coming not from hundreds of sources across the Web, but from a few sources that can be pinpointed and eliminated from everyday traffic flows, significantly reducing the impact of DOS traffic on a network or server. The new data also suggests that current methods of preventing DOS, which assume large numbers of sources using IP spoofing, need some rethinking. "Less than 1 percent of the directly measured attacks produced backscatter," according to the paper. "Most attacks (83 percent) consist only of packets smaller than 100 bytes." The directly measured attack volume was highly predictable and often came from the same sources, which suggests that enterprises and service providers could solve a big chunk of the DOS problem simply by blocking traffic from those sources. Enterprises and service providers "can reduce a substantial volume of malicious traffic with targeted deployment of DOS defenses," the group said. Makers of DOS defense tools said they could not comment until they had a chance to review the research. ? Tim Wilson, Site Editor, Dark Reading ------ End of Forwarded Message From rforno at infowarrior.org Thu Sep 7 08:23:47 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 07 Sep 2006 08:23:47 -0400 Subject: [Infowarrior] - A report card on anti-terror technology Message-ID: A report card on anti-terror technology By Declan McCullagh http://news.com.com/A+report+card+on+anti-terror+technology/2100-1028_3-6113 064.html Story last modified Thu Sep 07 05:10:36 PDT 2006 advertisement Five years after the Sept. 11 attacks on the World Trade Center and the Pentagon, the federal government's record of adopting anti-terrorism technologies has been mixed. Puffers, chemical scanners and biometrics devices are appearing in airports. Radio-frequency chips are being inserted in U.S. passports. The U.S. Army has developed machine-gun toting robots for deployment in Iraq. But the FBI is still struggling with computer systems that are at least half a decade out of date, Homeland Security is having similar problems with inspections of shipping containers, and it's hardly clear that RFID-equipped passports are any safer from duplication by an identity thief or enterprising member of al-Qaida. CNET News.com has compiled a list of 10 technologies, five that should be adopted more speedily to help in homeland security efforts--and five that raise at least some privacy and security concerns. Read on for the details. In need of support 1. Going wireless: Ever since cameras on cell phones became popular a few years ago, millions of Americans have zapped grainy snapshots back and forth wirelessly. Now the chronologically backward folks at the FBI finally are entering the 21st century too. An FBI pilot program launched last month in Washington, D.C., and New York City is designed to outfit field agents with wireless technology. They'll be able to take digital photos of a suspect, upload the images to a broadband wireless-enabled laptop, and e-mail it off to other on-the-go agents. They, in turn, can view the suspect's image--complete with that day's garb and haircut length--on a BlackBerry handheld device. This is hardly a novel idea, of course. But it's still a useful upgrade to the FBI's existing technology, says Frederick Brink, who's in charge of the special operations division at the FBI's New York City field office. For the hundreds of agents now trying out the mobile technology, "they don't necessarily have to use a telephone or call in, they can access this information directly in the course of their normal duties," Brink said. The FBI's central information technology outfit would like to expand the so-called "mobility pilot program" to every FBI field office, but it has not set a timetable. As for success stories from the unwired FBI set, Brink said to check back in a month or two. But for now, he said, "the feedback is already very, very positive. In general terms, the agents love this capability." 2. Better search technology: The private sector has been years ahead of the FBI not just in wireless technology, but also in search. Internet search engines have been around since Archie in 1990, followed by the original Wandex, a Web search tool developed in 1993 at MIT. The FBI finally got a rudimentary Web-based search tool in 2004 in the form of its Investigative Data Warehouse, or IDW. It lets users (more than 13,000 people have been approved so far) to use a single Web-based front end to comb about 650 million records--ranging from intelligence wires to terrorist watch lists to no-fly lists--across multiple government agencies, including the State Department and Homeland Security. Agents say it acts as a "one-stop shop" for wide-ranging information that takes an average of three seconds to five seconds to return results. Unfortunately, the IDW's records aren't updated in real time. Instead, the system relies on copies of documents that must be "affirmatively uploaded into the warehouse" by participating agencies, according to an 2005 auditor's report. Depending on who's in control of the data, that can happen anywhere from daily to weekly to monthly to quarterly--although in an emergency situation, updates can be sped up to hourly, FBI Chief Information Officer Zal Azmi told reporters last week. "Right now, we don't have that Google-like search capacity to go (directly) into databases of different agencies," Azmi acknowledged. Because "timeliness of the data is critical to us in our mission," he added, a real-time "portal" is the goal, but it is "a long way from being completed...at least a couple more years." 3. Inspecting cargo containers: Could terrorists smuggle a nuclear, biological or radiological explosive device into the U.S. by hiding it in a cargo container? There's reason to think so: 11 million cargo containers arrive at U.S. seaports each year, and only a small percentage are physically inspected by Homeland Security agents (click for PDF). U.S. Customs and Border Protection, part of Homeland Security, does have a computerized modeling system that's supposed to help identify which cargo containers should be inspected based on intelligence from sources including the CIA. It's called the Automated Targeting System, or ATS, and has been deemed a failure by government auditors in a report this year (click for PDF). They concluded that Homeland Security "has not yet put key controls in place to provide reasonable assurance that ATS is effective at targeting oceangoing cargo containers with the highest risk of containing smuggled weapons of mass destruction." Fixing ATS would be a good first step. So would making greater use of noninvasive methods of scanning containers and preventing unions from derailing security methods. The West Coast longshoreman's union prohibits its members from driving through gamma ray scanners, even though Homeland Security officers do it routinely and the Nuclear Regulatory Commission has approved the low exposure level. Union leaders won't allow union members to drive through even more promising systems using neutron-based detectors either. 4. Smarter translation software: Intelligence agencies around the world continue to face a shortage of speakers of Arabic and other languages often associated with terrorist groups. Translation can also be time-consuming. To this end, Language Weaver has developed machine translation tools that can dynamically translate Arabic, Russian, Chinese and 10 other languages into English. In its sales presentations, the company has its software produce an English transcript of an Al-Jazeera broadcast while the broadcast is airing. "It used to be finding a needle in a haystack; now it's trying to find a needle in a haystack in a field of haystacks," Language Weaver CEO Bryce Benjamin told CNET News.com in an earlier interview. "There is a lot of focus on getting automated tools." Language Weaver has received funding from the CIA-funded venture capital firm In-Q-Tel. But more obscure languages like Pashtu and Somali are still unavailable for automated translations, which is why the federal government is working on its own internal projects. One of those the Defense Department's Language and Speech Exploitation Resources program, or LASER. It's designed to provide intelligence analysts and the military with speech transcription and translation capabilities. (Similar government-funded efforts are called Babylon, a portable device, and the Effective, Affordable, Reusable Speech-to-Text project.) 5. Faster chemical detection: The possibility of chemical attacks by terrorists has federal officials running scared, with some justification. The Aum Shinrikyo attack on the Tokyo subway system in 1995 using sarin gas--which killed 12 people and injured more than 5,000 people--showed that it's possible. The attack would have been deadlier if the group had been more skilled. In open-air environments like city streets, the threat of a chemical attack is not as severe. Winds are unpredictable and, coupled with rising air currents, can quickly disperse a chemical agent unless a larger quantity is used. But in subways, train stations and airports, the threat of a chemical attack is higher. In an article published in Time magazine in June, author Run Suskind reported that a terrorist cell had planned a hydrogen cyanide attack on New York City subways but inexplicably called it off with just a few weeks to go. Hazmat teams at local police departments historically have used colorimetric tubes, which are designed to detect specific gases such as ammonia or chlorine. A pump is used to draw air samples through the tubes. The problem, though, is that many chemicals can be used as weapons, and standard-issue colorimetric tubes will detect relatively few. "Many modern detection devices used by Hazmat teams have not been thoroughly tested for their utility and reliability to detect" chemical weapons, a panel organized under the National Research Council concluded. Detection technology, however, is advancing. The SAFESITE detector, for instance, can electronically detect the difference between nerve agents, blister agents, and toxic gases such as chlorine, hydrogen cyanide, and hydrogen chloride. And an article this year in the journal Analytical Chemistry describes how to use photoionization mass spectrometry to detect chemical warfare agents. That takes about 45 seconds--far speedier than the traditional way of performing mass spectrometry that can take an hour or more. Raising privacy concerns 1. Omnipresent cameras: Soon after the Sept. 11 attacks, surveillance cameras began growing even faster than the Department of Homeland Security's budget. In one of their more "alarming cases" in 2004, volunteers from the New York Civil Liberties Union counted 600 cameras in Manhattan's Chinatown alone--up from 13 in 1998. Police claim say they're useful for fighting, if not preventing, terrorism--footage from London's extensive closed-circuit surveillance system helped to identify suspects from the July 2005 bombings on its subway system. Another argument is that cameras do double duty when nabbing drug dealers and thieves. Yet evidence suggests that surveillance cameras have limited use in crime prevention. For one thing, they seem to cause crime to shift to locations not near cameras: violent crime in Britain has risen as cameras have multiplied. Police may use controllable cameras to ogle attractive women. And if face-recognition software is linked to the cameras, police can effectively compile dossiers on Americans' movements whenever they're in public places. In Washington, D.C., the City Council handed more than $2.3 million last month for installation of four dozen new surveillance cameras to the city's existing CCTV network after a spate of 14 homicides in a two-week span in July. It hasn't been uniformly applauded. "This is like a modern-day jail now," one resident of a newly surveilled apartment complex told the Washington City Paper, a local alternative newsweekly. 2. Registered traveler: Air travelers are gradually separating into a two-class hierarchy, at least for people who haven't opted out of the system in favor of flying to their destination in a small plane. The masses sit through irksome lines at security checkpoints. But people who pay $80 a year and submit a wealth of personal information (including fingerprint and iris scans) to the government, and clear a background check conducted by the Transportation Security Administration, can sail through airport security. It's run by a private company called Verified Identity Pass and has been operational since July 2005 at some airports. Last week, the company announced it would expand its registered traveler program to British Airways Terminal 7 at John F. Kennedy International Airport this fall. Melissa Ngo, an attorney at the Electronic Privacy Information Center in Washington, D.C., says: "Bad guys who don't have previous ties to terrorism can pass the background check and then fast-track through airport security. If certain security procedures work to reduce crime, then they should be applied to everyone, not just to those who can't or won't pay $80 per year for travel convenience." 3. Backscatter X-rays: Comic books in the 1950s promised to sell "X-Ray" specs that could see through clothing. Now that not-terribly accurate promise is approaching reality, thanks to a technology called backscatter X-rays. Its proponents say it's better at detecting weapons in carry-on luggage. But privacy advocates say it can show body contours that are so exact it amounts to a "virtual strip search." It's already being used in some airports. "Keeping the radiation dose low enough to skim the skin's surface means that backscatter cannot detect weapons hidden in body folds, which would be found during a physical inspection," says Ngo of EPIC. "It's unfortunate that Homeland Security money is being spent on backscatter even though the government complains it doesn't have enough money to screen all carry-on and checked baggage and air cargo." The best way might be to let passengers decide: Some airlines could use backscatter X-ray technology if they chose, and some would use pat-down techniques. But instead, the TSA and local governments tend to set one-size-fits-all rules. (For its part, the TSA says backscatter technology is being used with a privacy algorithm to "eliminate much of the detail shown in the images of the individual while still being effective.") 4. "Brain fingerprinting": Lawrence Farwell invented what he calls "brain fingerprinting," which tries to measure whether the mind recognizes familiar stimuli such as words or photographs. It relies on the discovery that an electrical signal known as P300 tends to be emitted from a brain about three-tenths of a second after it recognizes a familiar stimulus. The idea is that a murderer's brain will emit P300 if he's shown the victim's face or the crime scene. (The CIA gave Farwell about $1 million in research expenses.) Farwell created a company called Brain Fingerprinting Laboratories to commercialize the case, and has met with some success in law enforcement circles. An article this year on Officer.com says the "technology has the potential to be applicable in an overwhelming number of cases." One judge in Iowa has ruled that the technique is admissible. The Iowa Supreme Court subsequently said in 2003 that Farwell's testing of the brain of Terry Harrington, a convicted murderer, showed "that Harrington's brain did not contain information about (the) murder. On the other hand, Dr. Farwell testified, testing did confirm that (the murderer's) brain contained information consistent with his alibi." The Supreme Court granted Harrington a new trial--but based on the fact that the police withheld evidence, not because of the brain fingerprinting. Does it really work? FBI agents who worked with Farwell think so. At least one judge was sufficiently credulous. But a government report includes an important caution from J. Peter Rosenfeld of Northwestern University's psychology department who has done extensive research into P300. First, Rosenfeld says, there has been a lack of peer-reviewed studies. The report adds: "Rosenfeld does not believe that the developer had done the extensive validation of the test items for field use...Rosenfeld questioned the developer's claim of a 100 percent accuracy rate. For example, he raised concerns regarding whether the developer omitted inconclusive results from the totals." 5. DNA dragnets: In the last few years, as DNA testing kits have become cheaper, police have begun to engage in widescale testing of criminal suspects. In one case scheduled to be heard by the 5th U.S. Circuit Court of Appeals on Thursday, police in Baton Rouge, La., demanded that 1,200 men provide DNA samples without seeking a court order. Shannon Kohler refused to provide a DNA sample. Police retaliated by naming Kohler as a suspect in a rape-murder case and sought a search warrant. He was eventually cleared. Kohler is not alone. When a DNA dragnet is set up, police tend to view anyone who won't voluntarily participate as a suspect. It's also not clear what happens to the DNA sample--will it be destroyed when the investigation is over, or kept on file forever? DNA dragnets have nabbed the wrong suspects before. In Miami, a man was incorrectly charged with rape. In Kansas, the "BTK Killer" was located through traditional police work--even though 1,300 men were tested in the DNA dragnet. Their DNA samples were kept on file. CNET News.com's Anne Broache and Michael Kanellos contributed to this report. Copyright ?1995-2006 CNET Networks, Inc. All rights reserved. From rforno at infowarrior.org Thu Sep 7 11:39:02 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 07 Sep 2006 11:39:02 -0400 Subject: [Infowarrior] - Schneier: Quickest Patch Ever Message-ID: (this speaks volumes.....rf) Quickest Patch Ever http://www.wired.com/news/columns/0,71738-0.html By Bruce Schneier| Also by this reporter 02:00 AM Sep, 07, 2006 If you really want to see Microsoft scramble to patch a hole in its software, don't look to vulnerabilities that impact countless Internet Explorer users or give intruders control of thousands of Windows machines. Just crack Redmond's DRM. Security patches used to be rare. Software vendors were happy to pretend that vulnerabilities in their products were illusory -- and then quietly fix the problem in the next software release. That changed with the full disclosure movement. Independent security researchers started going public with the holes they found, making vulnerabilities impossible for vendors to ignore. Then worms became more common; patching -- and patching quickly -- became the norm. But even now, no software vendor likes to issue patches. Every patch is a public admission that the company made a mistake. Moreover, the process diverts engineering resources from new development. Patches annoy users by making them update their software, and piss them off even more if the update doesn't work properly. For the vendor, there's an economic balancing act: how much more will your users be annoyed by unpatched software than they will be by the patch, and is that reduction in annoyance worth the cost of patching? Since 2003, Microsoft's strategy to balance these costs and benefits has been to batch patches: instead of issuing them one at a time, it's been issuing them all together on the second Tuesday of each month. This decreases Microsoft's development costs and increases the reliability of its patches. The user pays for this strategy by remaining open to known vulnerabilities for up to a month. On the other hand, users benefit from a predictable schedule: Microsoft can test all the patches that are going out at the same time, which means that patches are more reliable and users are able to install them faster with more confidence. In the absence of regulation, software liability, or some other mechanism to make unpatched software costly for the vendor, "Patch Tuesday" is the best users are likely to get. Why? Because it makes near-term financial sense to Microsoft. The company is not a public charity, and if the internet suffers, or if computers are compromised en masse, the economic impact on Microsoft is still minimal. Microsoft is in the business of making money, and keeping users secure by patching its software is only incidental to that goal. There's no better example of this of this principle in action than Microsoft's behavior around the vulnerability in its digital rights management software PlaysForSure. Last week, a hacker developed an application called FairUse4WM that strips the copy protection from Windows Media DRM 10 and 11 files. Now, this isn't a "vulnerability" in the normal sense of the word: digital rights management is not a feature that users want. Being able to remove copy protection is a good thing for some users, and completely irrelevant for everyone else. No user is ever going to say: "Oh no. I can now play the music I bought for my PC on my Mac. I must install a patch so I can't do that anymore." But to Microsoft, this vulnerability is a big deal. It affects the company's relationship with major record labels. It affects the company's product offerings. It affects the company's bottom line. Fixing this "vulnerability" is in the company's best interest; never mind the customer. So Microsoft wasted no time; it issued a patch three days after learning about the hack. There's no month-long wait for copyright holders who rely on Microsoft's DRM. This clearly demonstrates that economics is a much more powerful motivator than security. It should surprise no one that the system didn't stay patched for long. FairUse4WM 1.2 gets around Microsoft's patch, and also circumvents the copy protection in Windows Media DRM 9 and 11beta2 files. That was Saturday. Any guess on how long it will take Microsoft to patch Media Player once again? And then how long before the FairUse4WM people update their own software? Certainly much less time than it will take Microsoft and the recording industry to realize they're playing a losing game, and that trying to make digital files uncopyable is like trying to make water not wet. If Microsoft abandoned this Sisyphean effort and put the same development effort into building a fast and reliable patching system, the entire internet would benefit. But simple economics says it probably never will. --- Bruce Schneier is the CTO of Counterpane Internet Security and the author of Beyond Fear: Thinking Sensibly About Security in an Uncertain World. You can contact him through his website. From rforno at infowarrior.org Fri Sep 8 18:44:27 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 08 Sep 2006 18:44:27 -0400 Subject: [Infowarrior] - A quick commemoration... Message-ID: Happy 40th Anniversary to the concept and universe that is all things Star Trek. :) 9/8/66 -- 9/8/06 Live Long And Prosper! *ducks* -rf From rforno at infowarrior.org Mon Sep 11 00:00:12 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Sep 2006 00:00:12 -0400 Subject: [Infowarrior] - Post-9/11 privacy and secrecy: A report card Message-ID: Post-9/11 privacy and secrecy: A report card By Declan McCullagh http://news.com.com/Post-911+privacy+and+secrecy+A+report+card/2100-1028_3-6 113518.html Story last modified Fri Sep 08 05:45:40 PDT 2006 This is the second in a two-part series that looks back at the five years since Sept. 11, 2001. The first installment, published on Thursday, reviews the government's mixed record using technology against terrorism. news analysis In January, the U.S. government convened a public meeting at the Marriott Hotel in Dulles, Va. The purpose was to ask area residents, business owners and pilots what they thought about airspace security restrictions near the nation's capital. The extensive and complicated restrictions--imposed after the Sept. 11, 2001, terrorist attacks, supposedly as a temporary measure--drew an overwhelmingly negative response. Lt. Cmdr. Tom Bush, for instance, a U.S. Navy F-18 Hornet pilot who also flies a small general aviation plane, dubbed them simply irrational. Soon afterward, the Defense Department's North American Aerospace Defense Command abruptly demanded that the meeting's transcript be yanked from a government Web site--a move that some attendees attributed to the harsh public criticism. After CNET News.com reported on the deletion in March, the transcript was restored. That incident highlights what has become an unmistakable trend in the five years since the attacks on the World Trade Center and the Pentagon: The federal government is concealing more information about its own activities, while engaging in more surveillance of Americans' private lives. "Controls on information are growing significantly, and official efforts to exploit personal data are also on the rise," said Steven Aftergood, director of the Project on Government Secrecy at the Federation of American Scientists, or FAS. The change has been dramatic. In the 1997 fiscal year, the federal government spent $3.4 billion on securing classified information, a figure that rose to $7.7 billion for 2005. Similarly, the government declassified 204 million pages of documents in 1997 but a mere 29.6 million in 2005. (Those numbers come from calculations by OpenTheGovernment.org, an umbrella group that includes FAS, the Reporters Committee for Freedom of the Press, the Electronic Frontier Foundation, and the Society of Professional Journalists.) At the same time, surveillance of Americans by the federal government has steadily increased. President Bush has acknowledged bypassing the checks and balances of the courts when enlisting the National Security Agency in an extensive surveillance program. Congress is discussing whether to rewrite that law. A lawsuit pending in San Francisco has yielded allegations of far more extensive NSA surveillance. Former AT&T employee Mark Klein released documents alleging the company spliced its fiber optic cables and ran a duplicate set for the NSA to Room 641A at its 611 Folsom St. building in San Francisco. Redacted documents show that AT&T has tried to offer benign reasons for the existence of such a room. (AT&T refuses to comment.) Listening in The Bush administration has been especially secretive about the extent of the NSA program and how it works. But even the far smaller number of known wiretaps performed under court order has grown since 2001, government statistics show. Not only has eavesdropping on criminal activities increased, but Internet and telephone wiretaps performed under the Foreign Intelligence Surveillance Act have roughly doubled from 2001 to 2005. That has happened as executive branch agencies have become far more resistant to Freedom of Information Act requests. "The very fabric of our democracy is undergoing a kind of a mutation, in which access to information is no longer a given," said FAS's Aftergood. "It's something that you increasingly have to struggle for or make a conscious effort to obtain." In addition, new justifications for not releasing unclassified government documents to the public are proliferating. In the last few years, especially, terms like "For Official Use Only," "Controlled But Unclassified," "DEA Sensitive," "Confidential Business Information" have appeared on more and more documents--even though, in almost all cases, there's no legal justification for them. "Such unchecked secrecy threatens accountability in governments and promotes conflicts of interest by allowing those with an interest in disclosure or concealment to decide between openness or secrecy," a recent report by OpenTheGovernment.org states. In addition, some expansions of government secrecy--perhaps including NORAD's deletion of the transcript--appear to be driven by fear of public criticism. In 2003, the U.S. Army surreptitiously pulled the plug on one of its more popular Web sites after a report embarrassing to the military appeared on it. In another example, the names of the members of the Defense Science Board--an obscure but influential advisory body that influences military policy and had a budget of $3.6 million a year--have vanished from the group's public Web site. That also happened in 2002 when the Defense Department tried to quell public concern about the now-defunct Total Information Awareness project by deleting files from the Web. First, biographical information about TIA project leaders, including retired Adm. John Poindexter, disappeared. Then the TIA site shrank even more, with the slogan and logo for the TIA project--a Masonic pyramid that eyeballs the globe--vanishing, a highly unusual move for any government agency. Finally, a few weeks later, a diagram that explained the TIA project was erased. For their part, the Bush administration and its allies argue that critics are blind to the fact that the United States is embroiled in a war on terror that could last for many more years. Critics of such programs "seem surprised that we wouldn't tell the targets, that we would keep surveillance secret," said Todd Gaziano, director of the Center for Legal and Judicial Studies at the Heritage Foundation, a conservative Washington, D.C., think tank, referring to the NSA program. "It would be kind of laughable in any other era, and I don't know why it's not laughable now." Gaziano, who likened the Sept. 11 attacks to those on Pearl Harbor, said he found it "absurd" that anyone would argue surveillance and secrecy have been hallmarks of the Bush administration. Anyone who's read up on American history should know that Woodrow Wilson and Franklin Delano Roosevelt conducted far more sweeping interceptions during World Wars I and II, he said. "My theory is that we are not doing enough surveillance," Gaziano said. "If Osama bin Laden calls up the next Mohammad Atta and says, 'Start Operation Anthrax.' And then Mohammad Atta starts calling around to a company inquiring about helicopter rides or about machinery that's useful in milling anthrax, it doesn't matter whether the caller on the other side is a legitimate, innocent American," he added. "We ought to know every plan." Heather Mac Donald, a senior fellow at the conservative-oriented Manhattan Institute for Policy Research, said she's unconvinced that any "significant incursions" on civil liberties have occurred since Sept. 11. "This has been one of the most law-abiding wars, overseen by lawyers at every step," she said. The Patriot Act's expansion of government powers, for instance, is "shot through with checks and balances," she said. "There's hardly a power in it that doesn't require some sort of judicial oversight. The government simply doesn't have the resources available to be engaged in completely groundless fishing expeditions or spying for the sake of spying." And allegations of heightened government secrecy are just "preposterous," she added. Take, for instance, a Patriot Act provision that allows delayed search warrants, permitting police to secretly enter a home and notify the targeted person after the fact. "People thought that was improper, that there should be full sunshine disclosure of terrorism investigations," Mac Donald said. "Well, that's absolutely absurd." Mac Donald acknowledged that she hadn't been persuaded by the Bush administration's assertions that it had the power to ignore the Foreign Intelligence Surveillance Act when authorizing the NSA to engage in widespread surveillance of communications involving suspected terrorists. But that's no reason to shut down the program, she said. The administration could have resolved those concerns by simply asking for changes to FISA, whose requirements of probable cause don't make sense "when you're initially looking at computers working with large amounts of data." "I think the NSA program is a good program and an essential program," she added. "I don't think it has been used abusively to violate anybody's privacy." The level of surveillance conducted by the United States also pales in comparison with other countries, particularly in Europe, said Gary Schmitt, a resident scholar at the conservative-leaning American Enterprise Institute. "Even though we're far less intrusive than many people would suspect, the intrusive capabilities we have are probably about right given the threat that we face," Schmitt said. "I think we've probably got pretty much the right balance." Copyright ?1995-2006 CNET Networks, Inc. All rights reserved. From rforno at infowarrior.org Mon Sep 11 00:02:07 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Sep 2006 00:02:07 -0400 Subject: [Infowarrior] - WoW: Living a Virtual Life Message-ID: Living a Virtual Life Is World of Warcraft a game, or is it a harbinger of virtual realities that we all might inhabit? Only a Night Elf knows for sure. By Steven Levy Newsweek http://www.msnbc.msn.com/id/14757769/site/newsweek/ Sept. 18, 2006 issue - Two years into the history of World of Warcraft?an online game that accommodates 7 million players around the world?no one had successfully ventured into the dungeon to slay a group of computer-generated villains known as the Four Horsemen. But four experienced "guilds" of players?one in Europe, two in America and one in China?were coming close, posting updates on separate Web sites they maintained. Finally, a 40-person contingent from a U.S. guild conquered the last beast?and its members became instant international celebrities in a massive community where dragons and Druids are as real as dirt. In the physical world we vainly scrounge for glory. Bin Laden still taunts us, the bus doors close before we reach them and leave us standing in the rain. But in the fantasy realm of Azeroth, the virtual geography of World of Warcraft, the physical pain comes only from hitting a keyboard too hard, camaraderie is the norm and heroism is never far away. In simple terms, Warcraft is the most advanced and popular entry in a genre called Massively Multiplayer Online Role-Playing Games, or MMO. "I call it the Technicolor, Americanized version of 'Lord of the Rings'," says Chris Metzen, VP of creative development for the game's maker, Blizzard Software. But for millions it is more than a game?it's an escape, an obsession and a home. Engaging in this orgy of sword-swiping, spell-casting and monster-slaying generally involves a $50 purchase of the software and a monthly $15 fee thereafter to play online. Players in Asia?a clear majority of the WOW population, despite the fact that the game was created by digital dudes in Irvine, Calif.?buy cards that allow them WOW time for a few cents an hour. Then there's the merchandising: T shirts, jackets, hats, a nondigital (!) board game. In China, 600 million Coke cans were festooned with WOW figures. There are seven novels based on Warcraft lore. And Blizzard recently inked a movie deal with the studio that produced "Superman Returns." Games-industry analyst David Cole estimates that Blizzard (part of Vivendi) has made more than $300 million from the game so far. Blizzard COO Paul Sams says only, "We are an incredibly profitable company." What distinguishes Warcraft from previous blockbuster games is its immersive nature and compelling social dynamics. It's a rich, persistent alternative world, a medieval Matrix with lush graphics and even a seductive soundtrack (Blizzard has two full-time in-house composers). Blizzard improved on previous MMOs like Sony's Everquest by cleverly crafting its game so that newbies could build up characters at their own pace, shielded from predators who would casually "gank" them?while experienced players continually face more and more daunting challenges. The company mantra, says lead designer Rob Pardo, is "easy to learn, difficult to master." After months of play, when you reach the ultimate level (60), you join with other players for intricately planned raids on dungeons, or engage in massive rumbles against other guilds. "Ninety percent of what I do is never finished?parenting, teaching, doing the laundry," says Elizabeth Lawley (Level 60, Troll Priest), a Rochester, N.Y., college professor. "In WOW, I can cross things off a list?I've finished a quest, I've reached a new level." Like many WOW players, Lawley is active in a guild. Some of the high-ranking guilds, like the one formed by noted Japanese venture capitalist Joi Ito (Level 60, Gnome Mage), are mini-societies with their own Web sites, online forums and private lore. First Ito invited people he knew professionally, like Ross Mayfield (Level 60, Human Palladin), CEO of an Internet company on whose board Ito sits. "Warcraft is the new golf," says Mayfield. "I actually closed a deal with a company I met through WOW." But as Ito met others in WOW, the roster diversified. There is a priest whose character is ... a priest. There are soldiers, bartenders, truckdrivers, lawyers and Goggle engineers. The guild's "raid leader"?who organizes the twice-weekly ventures into the feared Molten Core to slay the powerful "boss mob" monsters?is Jamie Ray (Level 60, Night Elf Druid), a night-shift nurse in Parkersburg, W.Va. Though WOW is a fantasy world, the interaction between guilds and individuals relies on human choices and morals. The first thing one does when joining the game is to choose an avatar from one of eight "races," split between two factions: the human-looking Alliance and the more bestial Horde. Edward Castronova (Level 42, Priest), an Indiana U professor and author of "Synthetic Worlds," once roiled the WOW community by a blog posting entitled "The Horde Is Evil," in which he charged that only the antisocial at heart would pick that darker side. Castronova believes that if someone behaves badly in the game?an example would be the WOW equivalent of spree killing, where someone ganks a character of a much lower level, just for the hell of it?that person should be judged harshly in the real world as well. Another example of questionable behavior is viewable in a video that more than 80,000 people have accessed on YouTube. When one guild member died (in real life, not Azeroth), his grieving friends decided to hold a funeral for him inside the game. The solemn affair was disrupted when a rival guild burst upon the unarmed mourners and slaughtered them mercilessly. "It's unfortunate that someone would do that to people trying to honor one of their guild members," says Mike Morhaime, Blizzard's president. Another event that bothered Blizzard's management was an in-game protest march, when hundreds of naked Gnomes gathered to call for more powers. Generally, though, players of the game enjoy a form of com-ity rarely seen in the real world; higher-level players go out of their way to tutor newbies and accompany them on quests. Deep friendships are forged. Relationships begin that flower into marriage, with Tauren brides and Undead grooms tying the knot in some virtual tavern in Thunder Bluff. Warcraft even has its own economy, as the gold and exotic armor and weaponry that players accumulate are much coveted in trade. Despite the opposition of Blizzard (which thinks that using real money to gain an edge in the game violates WOW's egalitarian spirit), a thriving industry makes tons of real dollars by "gold farming" (accumulating in-game currency and selling it) or "power leveling" (borrowing someone's avatar and grinding through the game to gain experience). Most of the manpower is supplied by Chinese workers like Zhang Hanbin (Level 60, Rogue), a 24-year-old dropout who works in a grim apartment-cum-sweatshop in the provincial town of Wuxue. An eight-hour day collecting game loot can yield 100 gold pieces, worth about $30 on the black market. Are you getting the idea that "Warcrack" (as some call it) eats up a lot of time? "Of all the games that my [addictive] clients are involved with, World of Warcraft is the most popular," says clinical psychologist Kimberly Young. Mostly, trouble comes in the form of kids who fall asleep in class, and furious spouses. "My girlfriend?who actually bought me the game?was ready to kill me," says Alex Rascovar (Level 60, Gnome Mage), a New York City actor who often binged with eight-hour sessions before he went cold turkey a few months ago. There are parental controls available, but most parents haven't a clue. (Only when embarking on this story did yours truly learn that his son [Level 60, Troll Shaman] had hit the level cap in WOW.) In China, a competitive society where real life is becoming as freaky as anything you'd find in Azeroth, players seem even more prone to go overboard. According to the Xinhua News Agency, one girl died of exhaustion after playing WOW for several days without a break. Even those who dropped out will be tempted to return later this year when Blizzard releases its long-awaited update The Burning Crusade. The key features include two new races, a new continent to explore and an increase in the level cap from 60 to 70. Hundreds of thousands will jam the WOW servers until they once again reach the peak. Edward Castronova sees all this as an early indicator of what will become a vast participation in synthetic worlds, with fuzzier and fuzzier lines between virtual and physical realms. "In 20 or 30 years the technology will be here to create incredibly more realistic and immersive worlds," he says. "There will be a world that fits the fantasy of any life you want to lead." Those deep into WOW, of course, are already living that future. "Yes, it's just a game," says Joi Ito. "The way that the real world is a game." With Melinda Liu in China and N'gai Croal and Peg Tyre in New York URL: http://www.msnbc.msn.com/id/14757769/site/newsweek/ ? 2006 MSNBC.com From rforno at infowarrior.org Mon Sep 11 10:38:09 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Sep 2006 10:38:09 -0400 Subject: [Infowarrior] - How US merchants of fear sparked a $130bn bonanza Message-ID: How US merchants of fear sparked a $130bn bonanza http://www.guardian.co.uk/september11/story/0,,1868963,00.html The homeland security market has an army of lobbyists working for its interests in Washington Paul Harris in New York Sunday September 10, 2006 The Observer Brian Lehman's farm lies down a gravel road, between two fields of swaying corn as tall as a man. It is in the middle of Indiana's rural heartland in a landscape populated mostly by bearded Amish farmers and their wives. Horse-drawn buggies are more common than cars, roads are littered with horse manure and fields are worked by hand. It feels distant in time and place from big cities such as New York or Washington, or even Indianapolis, two hours' drive south. Yet Lehman's farm, from which he runs a small popcorn business, was recently declared a target for terrorists. State security officials included it in a list of assets considered potential victims of attack, most likely by Islamic fanatics. That was a surprise to Lehman, who had previously never considered Amish Country Popcorn on the front line in the war on terror. But he reckons he knows why he was chosen: 'It's the money.' Five years after the World Trade Centre fell, a highly lucrative industry has been born in America - homeland security. There has been a goldrush as companies scoop up government contracts and peddle products that they say are designed to make America safe. The figures are stunning. Seven years ago there were nine companies with federal homeland security contracts. By 2003 it was 3,512. Now there are 33,890. The money is huge. Since 2000, $130bn (?70bn) of contracts have been dished out. By 2015 annual federal spending on the industry could be $170bn. But state officials want in on the government handouts too. That is why Indiana ended up identifying 8,591 potential terrorism targets (including Lehman's farm) inside its Midwestern borders. But they went too far. Indiana's total was the most of any state - twice as many as California and 30 per cent more than New York. The reason is simple. With so much money on offer and such riches being made, there is a powerful economic incentive to exploit the threat to America. The homeland security industry has an army of lobbyists working for its interests in Washington. It grows bigger each year and they want to keep the money flowing. America is in the grip of a business based on fear. Inside a fancy office block in downtown Washington DC lie the offices of the Ashcroft Group. It is six blocks from the imposing buildings of the Department of Justice where the head of the firm, John Ashcroft, used to be President George W. Bush's Attorney General. As Attorney General, Ashcroft controversially extended the surveillance powers of the state in order to fight terrorism. Now he lobbies and consults on behalf of technology companies seeking to capitalise on the new powers. His clients include firms such as ChoicePoint, which gathers data on individuals and sells it, and Innova, which makes software for surveillance drones and robots. In turning from powerful official to powerful lobbyist, Ashcroft is a brazen example of what critics call Washington's 'revolving door' - a process whereby officials leave public service for the private sector, exploiting their old contacts for commerce. 'It's become the norm that senior officials open up their own shops in their old sectors. It can be incredibly lucrative for them,' said Alex Knott, project manager for Lobby Watch, part of the Centre for Public Integrity. In the new anti-terrorism industry, centred on the sprawling Department of Homeland Security, the door is revolving faster and faster. Though the department was created only three years ago, 90 of its former officials have already left to make money in lobbying and consulting. They include Tom Ridge, the first head of the department, who - like Ashcroft - now runs his own company. It is a crowded field. In 2001 only two lobbying firms registered as homeland security consultants. By the end of 2005 there were 543. Rules limit the ability of officials to enter the private sector in their old field for at least a year, but they are easily circumvented. They do not apply to those earning less than $140,000 a year and top-ranking officials often get around that by working in the 'background' at their new firms. In effect there has been a huge privatisation of the homeland security industry in the US. It extends from surveillance issues to developing technology to working in war zones such as Iraq and Afghanistan, where many jobs once carried out by the military are now done by private contractors. At government hearings last year ChoicePoint said it considers itself a private intelligence agency doing the government's spying. 'After 9/11 we have seen the rise of the security-industrial complex,' said Peter Swire, a law professor at Ohio State University and former Clinton adviser. Some aspects of this new industry and its relationship with American citizens sound like science fiction. Dulles Research, another Ashcroft client, claims its software can detect terrorists by monitoring everyday behaviour such as travel schedules, credit card usage and bank transfers. It is bidding for a government contract to monitor millions of people for suspicious patterns. That is the tip of an iceberg. The industry has the feel of a boom town where the outlandish and the mundane compete for attention. Four years ago there had not been a single business conference for homeland security firms. Now there have been 50. There is an industry newspaper, Government Security News, once a quarterly, now bi-weekly. Venture capital firms exist solely to invest in new and upcoming national security companies. Across America, universities offer courses in homeland security. 'All this money in the industry is just up for grabs. It's like a goldrush,' said Knott. Of course, there is a real terrorist threat to America. There are many areas of the country, especially its ports and airports, where money needs to be spent to improve security and prevent a tragedy on the scale of 11 September from happening again. Private firms have a vital role to play in this. But there are grave concerns as to whether the industry has properly addressed these issues. Instead, critics argue, it has trampled citizens' rights by invading their privacy, created an atmosphere of fear and done little to prevent a future attack. There have been many stories on the mis-spending of huge amounts of government money, from bullet-proof vests for dogs in Ohio to puppet shows in Iowa. At the same time US container ports still monitor little of what is imported through them, and a multi-million-dollar scheme for all transport workers to get a tamper-proof ID is two years late, has cost millions and still does not work. States have also fought over who should get the biggest security grants from the federal government. Midwestern states claim they are ignored and more obvious targets, such as New York, say not enough is being spent on them. All of which adds an economic incentive to play up an area's vulnerability. This explains why Brian Lehman and his popcorn suddenly appeared on a terrorism target list. Lehman reacted with good humour. 'We've really had a lot of fun with it,' he said. It spurred a wave of interest in the company and - far from hiding away from the 'terror threat' - Lehman put up a new sign to help people find the isolated place. In the annual parade last month in Berne, the local town, his truck was painted with a target on the side as a joke. In a bizarre way, Lehman is hoping that he too can reap a bit of extra money from the boom in homeland security. From rforno at infowarrior.org Mon Sep 11 12:58:42 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Sep 2006 12:58:42 -0400 Subject: [Infowarrior] - (Yet another) T-shirt a risk to air security Message-ID: T-shirt a risk to air security http://www.thesun.co.uk/article/0,,2-2006420095,00.html By ANDREW PARKER September 11, 2006 A TOURIST was told to turn his T-shirt inside-out at an airport ? as a picture of two guns on it was deemed a SECURITY RISK. Dave Osborne, 21, was bound for Newark, New Jersey, when guards hauled him out of the queue for his Guns N Rollers T-shirt. They told him the two pistols on the front could constitute a security risk and upset passengers. He was ordered to turn his top inside out before boarding. The design engineer from Lichfield, Staffs, said: ?I am all for extra security but this was just plain stupid.? Last night bosses at Birmingham International Airport apologised and said security guards ?over-reacted?. From rforno at infowarrior.org Mon Sep 11 15:09:49 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Sep 2006 15:09:49 -0400 Subject: [Infowarrior] - How 9-11 Changed the News Message-ID: How 9-11 Changed the News Topics: journalism | war/peace | terrorism Source: Project for Excellence in Journalism (U.S.), September 11, 2006 "How did 9-11 change the news?" asks the Project for Excellence in Journalism (PEJ). To answer the question, ADT Research's Tyndall Report analyzed network evening news shows, comparing "the four years of network newscasts prior to 2001" with "the four years since." The study reveals "increased coverage of foreign policy and global conflict ... but less coverage of domestic issues." PEJ writes, "A rise in foreign coverage may not surprise anyone. U.S. troops are currently fighting and dying in Iraq and Afghanistan. The issue of global terrorism is the new question of our times." Yet, "the balance between reporting-driven 'hard news' and softer features, interviews and commentaries remained virtually unchanged after 9-11." The topics with the steepest decline in U.S. network news coverage since 9-11 are drugs, alcohol and tobacco; space, science and technology; and crime, penal policy and law enforcement. < - > http://www.prwatch.org/node/5165 From rforno at infowarrior.org Mon Sep 11 21:30:43 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Sep 2006 21:30:43 -0400 Subject: [Infowarrior] - Palast Charged with Journalism in the First Degree Message-ID: Palast Charged with Journalism in the First Degree Published by Greg Palast September 11th, 2006 in Articles September 11, 2006 by Greg Palast It?s true. It?s weird. It?s nuts. The Department of Homeland Security, after a five-year hunt for Osama, has finally brought charges against? Greg Palast. I kid you not. Send your cakes with files to the Air America wing at Guantanamo. Though not just yet. Fatherland Security has informed me that television producer Matt Pascarella and I have been charged with unauthorized filming of a ?critical national security structure? in Louisiana. On August 22, for LinkTV and Democracy Now! we videotaped the thousands of Katrina evacuees still held behind a barbed wire in a trailer park encampment a hundred miles from New Orleans. It?s been a year since the hurricane and 73,000 POW?s (Prisoners of W) are still in this aluminum ghetto in the middle of nowhere. One resident, Pamela Lewis said, ?It is a prison set-up? ? except there are no home furloughs for these inmates because they no longer have homes. To give a sense of the full flavor and smell of the place, we wanted to show that this human parking lot, with kids and elderly, is nearly adjacent to the Exxon Oil refinery, the nation?s second largest, a chemical-belching behemoth. So we filmed it. Without Big Brother?s authorization. Uh, oh. Apparently, the broadcast of these stinking smokestacks tipped off Osama that, if his assassins pose as poor Black folk, they can get a cramped Airstream right next to a ?critical infrastructure? asset. So now Matt and I have a ?criminal complaint? lodged against us with the feds. The positive side for me as a journalist is that I get to see our terror-busters in action. I should note that it took the Maxwell Smarts at Homeland Security a full two weeks to hunt us down. < - > http://www.gregpalast.com/palast-charged-with-journalism-in-the-first-degree From rforno at infowarrior.org Mon Sep 11 21:33:51 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Sep 2006 21:33:51 -0400 Subject: [Infowarrior] - Olbermann: Special Comment for Sept 11 Message-ID: Brilliant comment by Keith.....which I agree with 100% -rf Sept. 11, 2006 | 8:32 p.m. ET http://www.msnbc.msn.com/id/6210240/#060911b This hole in the ground Half a lifetime ago, I worked in this now-empty space. And for 40 days after the attacks, I worked here again, trying to make sense of what happened, and was yet to happen, as a reporter. All the time, I knew that the very air I breathed contained the remains of thousands of people, including four of my friends, two in the planes and -- as I discovered from those "missing posters" seared still into my soul -- two more in the Towers. And I knew too, that this was the pyre for hundreds of New York policemen and firemen, of whom my family can claim half a dozen or more, as our ancestors. I belabor this to emphasize that, for me this was, and is, and always shall be, personal. And anyone who claims that I and others like me are "soft,"or have "forgotten" the lessons of what happened here is at best a grasping, opportunistic, dilettante and at worst, an idiot whether he is a commentator, or a Vice President, or a President. However, of all the things those of us who were here five years ago could have forecast -- of all the nightmares that unfolded before our eyes, and the others that unfolded only in our minds -- none of us could have predicted this. Five years later this space is still empty. Five years later there is no memorial to the dead. Five years later there is no building rising to show with proud defiance that we would not have our America wrung from us, by cowards and criminals. Five years later this country's wound is still open. Five years later this country's mass grave is still unmarked. Five years later this is still just a background for a photo-op. It is beyond shameful. At the dedication of the Gettysburg Memorial -- barely four months after the last soldier staggered from another Pennsylvania field -- Mr. Lincoln said, "we cannot dedicate, we cannot consecrate, we cannot hallow this ground. The brave men, living and dead, who struggled here, have consecrated it, far above our poor power to add or detract." Lincoln used those words to immortalize their sacrifice. Today our leaders could use those same words to rationalize their reprehensible inaction. "We cannot dedicate, we can not consecrate, we can not hallow this ground." So we won't. Instead they bicker and buck pass. They thwart private efforts, and jostle to claim credit for initiatives that go nowhere. They spend the money on irrelevant wars, and elaborate self-congratulations, and buying off columnists to write how good a job they're doing instead of doing any job at all. Five years later, Mr. Bush, we are still fighting the terrorists on these streets. And look carefully, sir, on these 16 empty acres. The terrorists are clearly, still winning. And, in a crime against every victim here and every patriotic sentiment you mouthed but did not enact, you have done nothing about it. And there is something worse still than this vast gaping hole in this city, and in the fabric of our nation. There is its symbolism of the promise unfulfilled, the urgent oath, reduced to lazy execution. The only positive on 9/11 and the days and weeks that so slowly and painfully followed it was the unanimous humanity, here, and throughout the country. The government, the President in particular, was given every possible measure of support. Those who did not belong to his party -- tabled that. Those who doubted the mechanics of his election -- ignored that. Those who wondered of his qualifications -- forgot that. History teaches us that nearly unanimous support of a government cannot be taken away from that government by its critics. It can only be squandered by those who use it not to heal a nation's wounds, but to take political advantage. Terrorists did not come and steal our newly-regained sense of being American first, and political, fiftieth. Nor did the Democrats. Nor did the media. Nor did the people. The President -- and those around him -- did that. They promised bi-partisanship, and then showed that to them, "bi-partisanship" meant that their party would rule and the rest would have to follow, or be branded, with ever-escalating hysteria, as morally or intellectually confused, as appeasers, as those who, in the Vice President's words yesterday, "validate the strategy of the terrorists." They promised protection, and then showed that to them "protection" meant going to war against a despot whose hand they had once shaken, a despot who we now learn from our own Senate Intelligence Committee, hated al-Qaida as much as we did. The polite phrase for how so many of us were duped into supporting a war, on the false premise that it had 'something to do' with 9/11 is "lying by implication." The impolite phrase is "impeachable offense." Not once in now five years has this President ever offered to assume responsibility for the failures that led to this empty space, and to this, the current, curdled, version of our beloved country. Still, there is a last snapping flame from a final candle of respect and fairness: even his most virulent critics have never suggested he alone bears the full brunt of the blame for 9/11. Half the time, in fact, this President has been so gently treated, that he has seemed not even to be the man most responsible for anything in his own administration. Yet what is happening this very night? A mini-series, created, influenced -- possibly financed by -- the most radical and cold of domestic political Machiavellis, continues to be televised into our homes. The documented truths of the last fifteen years are replaced by bald-faced lies; the talking points of the current regime parroted; the whole sorry story blurred, by spin, to make the party out of office seem vacillating and impotent, and the party in office, seem like the only option. How dare you, Mr. President, after taking cynical advantage of the unanimity and love, and transmuting it into fraudulent war and needless death, after monstrously transforming it into fear and suspicion and turning that fear into the campaign slogan of three elections? How dare you -- or those around you -- ever "spin" 9/11? Just as the terrorists have succeeded -- are still succeeding -- as long as there is no memorial and no construction here at Ground Zero. So, too, have they succeeded, and are still succeeding as long as this government uses 9/11 as a wedge to pit Americans against Americans. This is an odd point to cite a television program, especially one from March of 1960. But as Disney's continuing sell-out of the truth (and this country) suggests, even television programs can be powerful things. And long ago, a series called "The Twilight Zone" broadcast a riveting episode entitled "The Monsters Are Due On Maple Street." In brief: a meteor sparks rumors of an invasion by extra-terrestrials disguised as humans. The electricity goes out. A neighbor pleads for calm. Suddenly his car -- and only his car -- starts. Someone suggests he must be the alien. Then another man's lights go on. As charges and suspicion and panic overtake the street, guns are inevitably produced. An "alien" is shot -- but he turns out to be just another neighbor, returning from going for help. The camera pulls back to a near-by hill, where two extra-terrestrials are seen manipulating a small device that can jam electricity. The veteran tells his novice that there's no need to actually attack, that you just turn off a few of the human machines and then, "they pick the most dangerous enemy they can find, and it's themselves." And then, in perhaps his finest piece of writing, Rod Serling sums it up with words of remarkable prescience, given where we find ourselves tonight: "The tools of conquest do not necessarily come with bombs and explosions and fallout. There are weapons that are simply thoughts, attitudes, prejudices, to be found only in the minds of men. "For the record, prejudices can kill and suspicion can destroy, and a thoughtless, frightened search for a scapegoat has a fallout all its own -- for the children, and the children yet unborn." When those who dissent are told time and time again -- as we will be, if not tonight by the President, then tomorrow by his portable public chorus -- that he is preserving our freedom, but that if we use any of it, we are somehow un-American...When we are scolded, that if we merely question, we have "forgotten the lessons of 9/11"... look into this empty space behind me and the bi-partisanship upon which this administration also did not build, and tell me: Who has left this hole in the ground? We have not forgotten, Mr. President. You have. May this country forgive you. From rforno at infowarrior.org Mon Sep 11 21:38:18 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Sep 2006 21:38:18 -0400 Subject: [Infowarrior] - Court Declines To Hear Campus Wiretapping Challenge Message-ID: Court Declines To Hear Campus Wiretapping Challenge Posted by ryansingel at 6:07 PM PDT a room with computers and wiresThe D.C. Circuit Court of Appeals has declined to hear an appeal of a June decision holding that broadband service providers and college networks must re-configure their networks to make them easily tappable by law enforcement. < - > http://blog.wired.com/27BStroke6/index.blog?entry_id=1554897 From rforno at infowarrior.org Mon Sep 11 22:57:35 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Sep 2006 22:57:35 -0400 Subject: [Infowarrior] - More on...FW: Researchers Challenge DOS Attack Data In-Reply-To: <3.0.5.32.20060911225203.01a3bf60@pop.fuse.net> Message-ID: (c/o DK) ------ Forwarded Message The paper: http://www.eecs.umich.edu/~zmao/Papers/spoof.pdf (some journalists can't tell the difference between an IP and an AS) At 08:19 AM 9/7/2006 -0400, Richard Forno wrote: >(c/o DK) > >http://www.darkreading.com/document.asp?doc_id=103049&f_src=darkreading_sect >ion_296 > > > >Researchers Challenge DOS Attack Data > >SEPTEMBER 6, 2006 | Conventional wisdom about the sources and causes of >denial-of-service (DOS) attacks -- and the best methods for preventing them >-- could be completely wrong, a group of researchers said this week. > >Researchers at the University of Michigan, Carnegie Mellon University, and >AT&T Labs-Research said they have completed a study that debunks the >widely-held belief that DOS attack traffic is usually generated by a large >number of attack sources disguised by spoofed IP addresses. > From rforno at infowarrior.org Tue Sep 12 09:58:34 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Sep 2006 09:58:34 -0400 Subject: [Infowarrior] - DHS Sets Security Secrecy Message-ID: http://cryptome.org/dhs091206.htm ============================== [[Page 53609]] DEPARTMENT OF HOMELAND SECURITY Office of the Secretary 6 CFR Part 5 [Docket Number 2006-0027] Privacy Act of 1974: Implementation of Exemptions AGENCY: Office of Security, Department of Homeland Security. ACTION: Notice of proposed rulemaking. ----------------------------------------------------------------------- SUMMARY: The Department of Homeland Security is concurrently establishing a new system of records pursuant to the Privacy Act of 1974 for the Office of Security entitled the ``Office of Security File System.'' This system of records will support the administration of a program that provides security for the Department by safeguarding and protecting the Department's personnel, property, facilities and information. In this proposed rulemaking, the Department proposes to exempt portions of this system of records from one or more provisions of the Privacy Act because of criminal, civil and administrative enforcement requirements. DATES: Comments must be received on or before October 12, 2006. SUPPLEMENTARY INFORMATION: Background Elsewhere in the Federal Register, the Department of Homeland Security (DHS) is publishing a Privacy Act system of records notice describing records in the file system of its Office of Security. DHS established the Office of Security to protect and safeguard the Department's personnel, property, facilities, and information. The Office of Security develops, coordinates, implements, and oversees the Department's security policies, programs, and standards; delivers security training and education to DHS personnel; and provides security support to DHS components when necessary. In addition, the Office of Security coordinates and collaborates with the Intelligence Community on security issues and the protection of information. The Office of Security works to integrate security into every aspect of the Department's operations. The Office of Security File System consists of records relating to the management and operation of the DHS personnel security and suitability program, including but not limited to, completed standard form questionnaires issued by the Office of Personnel Management and other information related to an individual's eligibility for access to classified or sensitive information. This system contains records pertaining to numerous categories of individuals including DHS personnel who may be a subject of a counter- terrorism, or counter-espionage, or law enforcement investigation; senders of unsolicited communications that raise a security concern to the Department or its personnel; state and local government personnel and private-sector individuals who serve on an advisory committee and board sponsored by DHS; and state and local government personnel and private-sector individuals who are authorized by DHS to access sensitive or classified homeland security information, classified facilities, communications security equipment, and information technology systems that process national or homeland security classified information. The information in this system also relates to official Security investigations and law enforcement activities. Accordingly, DHS proposes to exempt this system, in part, from certain provisions of the Privacy Act and to add that exemption to Appendix C to Part 5, DHS Systems of Records Exempt from the Privacy Act. The DHS Office of Security needs this exemption in order to protect information relating to Security investigations from disclosure to subjects of investigations and others who could interfere with the Office of Security's investigatory and law enforcement activities. Specifically, the exemptions are required to preclude subjects of investigations from frustrating the investigative process; to avoid disclosure of investigative techniques; protect the identities and physical safety of confidential informants and of law enforcement personnel; ensure the Office of Security's ability to obtain information from third parties and other sources; protect the privacy of third parties; and safeguard classified information. Disclosure of information to the subject of the inquiry could also permit the subject to avoid detection or apprehension. In addition, because the Office of Security investigations arise out of DHS programs and activities, information in this system of records may pertain to national security and related law enforcement matters. In such cases, allowing access to such information could alert subjects of the Office of Security investigations into actual or potential criminal, civil, or regulatory violations, and could reveal in an untimely manner, the Office of Security's and other agencies' investigative interests in law enforcement efforts to preserve national security. The exemptions proposed here are standard law enforcement and national security exemptions exercised by a large number of Federal law enforcement and intelligence agencies. In appropriate circumstances, where compliance would not appear to interfere with or adversely affect the law enforcement purposes of this system and the overall law enforcement process, the applicable exemptions may be waived. < - > http://cryptome.org/dhs091206.htm From rforno at infowarrior.org Tue Sep 12 10:01:28 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Sep 2006 10:01:28 -0400 Subject: [Infowarrior] - EFF Project to Uncover Government Surveillance and Privacy Invasions Message-ID: EFF Project to Uncover Government Surveillance and Privacy Invasions Two Noted Attorneys Lead New FLAG Project in Washington, D.C. Washington, D.C. - The Electronic Frontier Foundation (EFF) today launched a project to shed light on government surveillance activities. The FLAG Project, based at EFF's new Washington, D.C. office, will use Freedom of Information Act (FOIA) requests and litigation to expose the government's expanding use of technologies that invade Americans' privacy. The Freedom of Information Act is a statute that compels the government to disclose details about its activities. EFF's FOIA requests will zero in on collection and use of information about Americans, the increasing cooperation between the government and the private sector, and federal agencies' development and use of new information technologies. The FLAG Project -- for FOIA Litigation for Accountable Government -- is spearheaded by two experienced Freedom of Information specialists: Senior Counsel David Sobel and Staff Attorney Marcia Hofmann. "National security and law enforcement demand some level of government secrecy, but too much can enable abuses of power," said Sobel, who will direct EFF's new project. "The NSA's illegal spying program and other recent revelations show that the government has radically expanded its surveillance of ordinary Americans, obtaining untold access to the details of our everyday lives." "While the government has increased its monitoring of its citizens, it's also stepped up efforts to block public scrutiny," said Hofmann. "The public deserves to know what the government is doing, so that it can keep abuses of power in check and challenge violations of privacy." In his 25-year career, Sobel has handled numerous cases seeking the disclosure of government documents on privacy policy, including electronic surveillance, encryption controls and airline passenger screening initiatives. He served as co-counsel in the challenge to government secrecy concerning post-September 11 detentions and participated in the submission of a civil liberties amicus brief in the first-ever proceeding of the Foreign Intelligence Surveillance Court of Review. In 1994, Sobel co-founded the Electronic Privacy Information Center (EPIC). Hofmann is the former Director of EPIC's Open Government Project, where she was lead counsel in several FOIA lawsuits. Documents made public though her work have been reported by the New York Times, Washington Post, National Public Radio, Fox News, and CNN, among others. "EFF is thrilled to be working with David and Marcia," said EFF Executive Director Shari Steele. "They have a peerless track record of uncovering and widely publicizing government activities that raise significant privacy and civil liberties issues, and they will enable EFF to have more of a Washington, D.C. presence. We're so happy they have joined our legal team." EFF will make significant FOIA disclosures available to the public, the media, and policymakers. EFF will also strategically litigate FOIA lawsuits against government agencies to develop precedents that will benefit all FOIA requesters. To reach the FLAG Project: Electronic Frontier Foundation 1875 Connecticut Ave., NW Suite 650 Washington, DC 20009 +1 202 797-9009 For more on the FLAG Project: http://www.eff.org/flag/ Contacts: David Sobel Senior Counsel Electronic Frontier Foundation sobel at eff.org Marcia Hofmann Staff Attorney Electronic Frontier Foundation marcia at eff.org Shari Steele Executive Director Electronic Frontier Foundation ssteele at eff.org From rforno at infowarrior.org Tue Sep 12 22:23:08 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Sep 2006 22:23:08 -0400 Subject: [Infowarrior] - Why We Love to Hate Our Cell Phone Company Message-ID: Why We Love to Hate Our Cell Phone Company Cell phone customers are unhappy with unexpected charges for everything from roadside assistance to new handsets--and they're calling their lawyers to complain. Tom Spring, PC World Tuesday, September 12, 2006 01:00 AM PDT http://www.pcworld.com/article/id,126939-pg,1-RSS,RSS/article.html Maybe it's a $3-a-month charge from Verizon Wireless for Roadside Assistance that you don't remember requesting. Maybe it's an $18 "upgrade fee" that Cingular Wireless neglected to mention when you bought that snazzy new Motorola Razr phone. Or maybe you're just peeved about dropped calls. Whatever the cause, if you've had it with your cell phone company, you're not alone. Consumers are mad, and the lawsuits are flying. Driving Discontent According to the Better Business Bureau, cell phone companies drew 30,483 consumer complaints last year to become the top-ranked industry for grievances. The most common complaints: inaccurate bills, inadequate customer service, and deceptive contract terms. Cell phone companies were the subject of more complaints than such perennially unpopular businesses as car dealerships, hotels, retail outlets, and insurance companies, BBB statistics show. Experts attribute the rise in customer dissatisfaction to fallout from mergers and acquisitions in the wireless industry, including the Cingular-AT&T Wireless and Sprint-Nextel mergers. Kirk Parsons, senior director of wireless services for J.D. Power and Associates, says a study by the famed market research firm found that consumer satisfaction with wireless phone service providers in 2005 was down 10 percent from 2004 levels. Below are details about some of the most common cell phone complaints, as lodged in recent lawsuits and filings to the Federal Communications Commission and the Better Business Bureau. Roadside Assistance Rage At least two federal class-action lawsuits have been filed over Roadside Assistance charges of $2 or $3 a month on Cingular and Verizon Wireless bills. In separate lawsuits, customers of both carriers say they never ordered the optional service, which Cingular and Verizon say will provide emergency service to auto drivers who get stranded on the side of the road. Cingular's Roadside Assistance is an emergency insurance program for motorists that Cingular markets on behalf of Asurion Insurance Services. Should a subscriber have a flat, get locked out of their car, or run out of gas, they can call a special number on their Cingular handset and someone will come to their assistance, free of charge. Michael Gellis sued Verizon in Oakland, California, Circuit Court, while Cingular Wireless customer Margaret Moffatt filed suit against the firm in Wayne County, Michigan, Circuit Court. Both customers say that for more than two years, without their consent, the carriers had added charges for Roadside Assistance to their monthly bills. Both suits allege violation of state consumer protection laws, breach of contract, and "unjust enrichment." Both suits were eventually transferred to U.S. District Court in Detroit, where attorney Peter Macuga of Macuga and Liddle is representing both plaintiffs. Cingular declined to comment on the two pending cases. However, its representatives said Cingular typically offers a free 60-day trial of the Roadside Assistance program to customers when they upgrade or change their plan. If the customer doesn't cancel the service after the trial period ends, Cingular begins adding the charges to their monthly bill. Cingular says it never initiates the free Roadside Assistance trial without the customer's consent, whether in writing at one of the carrier's stores, verbally over the phone, or by clicking to accept a terms-of-service agreement online. "If folks have had that on their bill, and they didn't order it, obviously there is a mistake somewhere and we can correct it," says Cingular spokesperson Mark Siegel. A Verizon Wireless press contact also said that the company doesn't add services to a customer's calling plan without consent, adding that Verizon would work to resolve disputes related to any charges. Verizon also declined to comment on the lawsuits. Singularly Aggravating Cingular is facing additional complaints stemming from its merger with AT&T Wireless in October 2004. One group of customers--people with older phones that use AT&T or Cingular analog or TDMA networks--is complaining about Cingular's announced intention to charge them $5 per month for continued service. Another group--former AT&T Wireless customers who still use that company's TDMA network--is angry about what they describe as deteriorating network quality in the wake of the merger. Both groups say Cingular is trying to force them to upgrade to more expensive phones and rate plans on the company's newer GSM/GPRS network. Cingular says the $5 monthly fee is needed to recoup costs associated with maintaining the older networks. Currently, 4.7 million subscribers, about 8 percent of Cingular's total, use Cingular's TDMA or analog networks, Siegel says. Cingular had no comment about the alleged deterioration of service on the old AT&T TDMA network. Forced to Switch Yet another group of angry Cingular customers are former AT&T Wireless customers who did switch to Cingular's GSM service following the merger--and found that they not only had to buy a new phone, but had to pay an $18 transfer fee that Cingular charged them simply for switching to Cingular's GSM network. Those customers also had to pay $18 for the SIM chip that contains the phone number and other user information that is required by GSM handsets. And switching wireless carriers to protest against Cingular was not an attractive option: People who tried to leave Cingular with time remaining on their AT&T contract were subject to an early-termination fee of $175. In response to these complaints, Cingular in July 2005 began waiving the transfer fee for former AT&T Wireless customers who migrate to a Cingular plan. Cingular subsequently also waived the charge for its own customers who buy new phones to switch from older networks to GSM service. However, these concessions came too late to pacify some customers. Several consumer advocacy groups headed by the Santa Monica, California-based Foundation for Taxpayer and Consumer Rights filed a federal suit in Seattle, alleging that following its acquisition of AT&T Wireless, Cingular intentionally degraded service on legacy AT&T networks in hopes of driving AT&T's customers to Cingular's GSM network. The suit also accuses Cingular of charging AT&T customers unfair fees to make the switch. One State's Fee Fine Meanwhile, Cingular's business practices in California have drawn the ire of state authorities. In July, a state appeals court upheld a $12.1 million fine imposed on the carrier in 2004 by the California Public Utilities Commission. The judges agreed with CPUC regulators who said Cingular knowingly signed up more customers than its network could handle, while at the same time charging early-termination fees--sometimes amounting to hundreds of dollars--to customers who cancelled their service. The CPUC also said Cingular failed to provide customers with an adequate trial period and ordered Cingular to refund early termination fees charged to customers who cancelled their contracts between January 2000 and May 2002, refunds that could cost the company millions of dollars. Cingular has since extended its trial period from 15 days to 30 days. Consumer organizations such as the U.S. Public Interest Research Group have applauded California's efforts to combat unreasonable early termination fees. "Early termination fees make it easy for companies to deliver bad service," says Ed Mierzwinski, USPIRG's consumer program director. Such fees give customers little recourse if service deteriorates midway through a contract, he explains. Fees for Phone Upgrades Cingular's transfer fees aren't the only ancillary charges frustrating wireless customers. Leading carriers routinely charge an upgrade fee simply for switching to a new phone. Sprint Nextel charges customers $18 when they upgrade to a different handset. Cingular charges a similar upgrade fee of $18. Verizon Wireless customers who buy new handsets within 22 months of signing up for service (or of a previous handset upgrade) are subject to an upgrade fee of $20. In posts on gripe sites such as My3Cents.com and Planet Feedback, some customers say they were never told about these fees at the time of purchase and were surprised to see them on their phone bill, typically two months after purchase. By then, the window for cancellation of the purchase without termination fees had expired. People are particularly aggravated to see the fee after purchasing a phone that the carrier had marketed as being "free" after rebate, or during an "instant savings" promotion that's supposed to refund the cost of the phone. These promotions are common with all the major carriers. Sprint and Cingular officials say these fees cover service and administrative costs associated with upgrading customers to a new handset. The officials also say their sales representatives and Web sites make all fees clear to customers when they purchase a new phone. The Biggest Gripe Wireless industry experts including J.D. Power and Associates' Parsons say that much of the frustration experienced by Cingular, AT&T Wireless, Sprint, and Nextel customers stems from the complexities involved in merging the technologies and billing processes of huge networks. Parsons adds that consumer expectations have risen as the cell phone industry has matured. "Today's cell phone users have zero tolerance for dropped calls," Parsons says. However, dropped calls don't top the list of cell phone gripes. Instead, billing issues account for three times as many complaints as service quality, according to the FCC's May 2006 Quarterly Report on Informal Consumer Inquiries and Complaints. Billing issues have prompted several state-level initiatives by consumer groups attempting to change the way wireless carriers do business. In New York state, the AARP and other consumer groups are backing legislation that would force cell phone companies to make their bills easier to understand and allow customers to cancel service contracts without penalties. Similar initiatives are in the works in California and Minnesota. Who Should Regulate? These state-level campaigns underscore a larger battle over whether the federal government or the states should have the authority to regulate the cell phone industry. Wireless carriers would rather be regulated by a single federal agency (the FCC) than by the states, which are trying to gain more control over cell phone services to their residents. In August, the cell phone industry suffered a setback when a federal court of appeals in Atlanta ruled that the FCC overstepped its authority by telling state regulators they couldn't require or prohibit line items on bills for wireless services. The ruling means that states will be able to dictate how cell phone bills are presented to customers. The CTIA, a wireless telecommunications industry trade association, has complained that the ruling will force wireless providers to establish a different process for each state. "Complying with disparate regulatory regimes will only increase consumer costs and slow innovation," CTIA president and chief executive Steve Largent said in a statement. But the U.S. Public Interest Group's Mierzwinski says the ruling is good news for consumers because it will give state regulators the muscle to ban deceptive cell phone billing practices. "The states are doing a much better job these days to protect consumers than the FCC [is]," Mierzwinski says. Nevertheless, for any cell phone customer, it pays to remember that your best strategy is not to depend on government agencies, but to police your own bill. Watch it like a hawk, read the fine print, and ask lots of questions. From rforno at infowarrior.org Tue Sep 12 22:35:27 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Sep 2006 22:35:27 -0400 Subject: [Infowarrior] - Air Force chief: Test weapons on testy U.S. Mobs Message-ID: Air Force chief: Test weapons on testy U.S. mobs http://www.cnn.com/2006/US/09/12/usaf.weapons.ap/index.html WASHINGTON (AP) -- Nonlethal weapons such as high-power microwave devices should be used on American citizens in crowd-control situations before being used on the battlefield, the Air Force secretary said Tuesday. The object is basically public relations. Domestic use would make it easier to avoid questions from others about possible safety considerations, said Secretary Michael Wynne. "If we're not willing to use it here against our fellow citizens, then we should not be willing to use it in a wartime situation," said Wynne. "(Because) if I hit somebody with a nonlethal weapon and they claim that it injured them in a way that was not intended, I think that I would be vilified in the world press." The Air Force has paid for research into nonlethal weapons, but he said the service is unlikely to spend more money on development until injury problems are reviewed by medical experts and resolved. Nonlethal weapons generally can weaken people if they are hit with the beam. Some of the weapons can emit short, intense energy pulses that also can be effective in disabling some electronic devices. On another subject, Wynne said he expects to choose a new contractor for the next generation aerial refueling tankers by next summer. He said a draft request for bids will be put out next month, and there are two qualified bidders: the Boeing Co. and a team of Northrop Grumman Corp. and European Aeronautic Defence and Space Co., the majority owner of European jet maker Airbus SAS. The contract is expected to be worth at least $20 billion (&euro15.75 billion). Chicago, Illinois-based Boeing lost the tanker deal in 2004 amid revelations that it had hired a top Air Force acquisitions official who had given the company preferential treatment. Wynne also said the Air Force, which is already chopping 40,000 active duty, civilian and reserves jobs, is now struggling to find new ways to slash about $1.8 billion (&euro1.4 billion) from its budget to cover costs from the latest round of base closings. He said he can't cut more people, and it would not be wise to take funding from military programs that are needed to protect the country. But he said he also incurs resistance when he tries to save money on operations and maintenance by retiring aging aircraft. "We're finding out that those are, unfortunately, prized possessions of some congressional districts," said Wynne, adding that the Air Force will have to "take some appetite suppressant pills." He said he has asked employees to look for efficiencies in their offices. The base closings initially were expected to create savings by reducing Air Force infrastructure by 24 percent. Copyright 2006 The Associated Press. All rights reserved.This material may not be published, broadcast, rewritten, or redistributed. From rforno at infowarrior.org Tue Sep 12 22:37:43 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Sep 2006 22:37:43 -0400 Subject: [Infowarrior] - Six Tips to Protect Your Online Search Privacy Message-ID: Six Tips to Protect Your Online Search Privacy Google, MSN Search, Yahoo!, AOL, and most other search engines collect and store records of your search queries. If these records are revealed to others, they can be embarrassing or even cause great harm. Would you want strangers to see searches that reference your online reading habits, medical history, finances, sexual orientation, or political affiliation? Recent events highlight the danger that search logs pose. In August 2006, AOL published 650,000 users' search histories on its website.1 Though each user's logs were only associated with a random ID number, several users' identities were readily discovered based on their search queries. For instance, the New York Times connected the logs of user No. 4417749 with 62 year-old Thelma Arnold. These records exposed, as she put it, her "whole personal life."2 Disclosures like AOL's are not the only threats to your privacy. Unfortunately, it may be all too easy for the government or individual litigants to subpoena your search provider and get access to your search history. For example, in January 2006, Yahoo!, AOL, and Microsoft reportedly cooperated with a broad Justice Department request for millions of search records. Although Google successfully challenged this request,3 the lack of clarity in current law leaves your online privacy at risk. Search companies should limit data retention and make their logging practices more transparent to the public,5 while Congress ought to clarify and strengthen privacy protections for search data. But you should also take matters into your own hands and adopt habits that will help protect your privacy. The Electronic Frontier Foundation has developed the following search privacy tips. They range from straightforward steps that offer a little protection to more complicated measures that offer near-complete safety. While we strongly urge users to follow all six tips, a lesser level of protection might be sufficient depending on your particular situation and willingness to accept risks to your privacy. < - > http://www.eff.org/Privacy/search/searchtips.php From rforno at infowarrior.org Tue Sep 12 22:49:43 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Sep 2006 22:49:43 -0400 Subject: [Infowarrior] - =?iso-8859-1?q?Well=2C_It_Turns_Out_That_Lonelygi?= =?iso-8859-1?q?rl_Really_Wasn_=B9__t?= Message-ID: September 13, 2006 Well, It Turns Out That Lonelygirl Really Wasn?t By VIRGINIA HEFFERNAN and TOM ZELLER Jr. A nearly four-month-old Internet drama in which the cryptic video musings of a fresh-faced teenager became the obsession of millions of devotees ? themselves divided over the very authenticity of the videos, or who was behind them or why ? appears to be in its final act. The woman who plays Lonelygirl15 on the video-sharing site YouTube.com has been identified as Jessica Rose, a 20-ish resident of New Zealand and Los Angeles and a graduate of the New York Film Academy. And the whole project appears to be the early serialized version of what eventually will become a movie. Matt Foremski, the 18-year-old son of Tom Foremski, a reporter for the blog Silicon Valley Watcher, was the first to disinter a trove of photographs of the familiar-looking actress, who portrayed the character named Bree in the videos. The episodes suggested Bree was the home-schooled daughter of strictly religious parents who improbably stole time to upload video blogs of her innermost thoughts. The discovery and the swift and subsequent revelation of other details surrounding the perpetrators of the videos and the fake fan site that accompanied it are bringing to an end one of the Internet?s more elaborately constructed mysteries. The fans? disbelief in Lonelygirl15 was not willingly suspended, but rather teased and toyed with. Whether they will embrace the project as a new narrative form, condemn it or simply walk away remains to be seen. The masterminds of the Lonelygirl15 videos are Ramesh Flinders, a screenwriter and filmmaker from Marin County, Calif., and Miles Beckett, a doctor turned filmmaker. The high quality of the videos caused many users to suspect a script and production crew, but Bree?s bedroom scenes were shot in Mr. Flinders?s home, in his actual bedroom, typically using nothing more than a Logitech QuickCam, a Web camera that retails for about $150. Together with Grant Steinfeld, a software engineer in San Francisco, Mr. Flinders contrived to produce and distribute the videos to pique maximum curiosity about them. < - > http://www.nytimes.com/2006/09/13/technology/13lonely.html?ei=5094&en=aacd1a 4816afd3ab&hp=&ex=1158120000&partner=homepage&pagewanted=print From rforno at infowarrior.org Wed Sep 13 09:24:02 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Sep 2006 09:24:02 -0400 Subject: [Infowarrior] - Information Feeds to the War on Terror In-Reply-To: <49C55B27AA8FD411A30300508BCF7B701461DCE9@catalina.unn.ac.uk> Message-ID: Tell Us What's Going to Happen Information Feeds to the War on Terror Samuel Nunn We want to know things before they occur. Anticipate, react, prevent. This idea is embedded not only in counter-terrorism policy, but in the cultural narratives produced by television and cinema. Television programs such as 24 or CSI, and movies such as The Conversation, The End of Violence, Minority Report, and The Siege are self reflexive mirrors of the U.S. war on terror. Through tricky technology systems like the Multi-State Anti-Terrorism Information Exchange (MATRIX) and Terrorism Information Awareness (TIA) and Regional Information Sharing Systems (RISS) and TIPOFF and AFIS and VICAP, America seeks policies and programs -- read this as machines and software -- that will anticipate terrorist attacks in order to stop them before they can occur.[1] The desired outcome is complete deterrence. If this outcome was achieved, it would be the most mighty feat of prognostication and prevention ever conceived. The reason? Doing so would require the real time synthesis and analysis of volumes of data equal to something like the number of stars in the universe. Criminal justice technology systems produce voluminous information flows. Billions of bytes of data are constantly on the move among police agencies describing individuals, their criminal histories, assets, debt, locations at particular times, purchase patterns, biometric identifiers (fingerprints, photographs, DNA samples) and other aspects of the people or the activities they are thought to have performed. At any given moment, thousands of inquiries are sent through dozens of regional, national, and international systems seeking answers to questions about people's identity, where they are, what they have done, or what more other agencies and agents know about these individuals. In 2005 the FBI's National Crime Information Center (NCIC) averaged 4.5 million inquiries per day. Within this storm of data, terrorism is the boogeyman of the 21st century. And there is only one way to assuage our fears of sudden, brutal terrorist attacks: convince us that we will always uncover the conspiracies before the explosion, always know who the perpetrators are before they act, always stay one step ahead of them, always arrest them before the carnage. It is a process identified by Richard Grusin as premediation: a shift of focus to controlling the future and stopping attacks before they occur or, more simply, profiling the future.[2] It is the premediation of the future, an advance word about what is going to happen. This model helps us accept 9/11 as an interruption or aberration. Looking back, we had the pieces if only someone had put them together: the plot was within our grasp. Heroic FBI agents wrote memos, villainous or incompetent supervisors ignored them or, worse, destroyed them.[3] Mohammed Atta is on the surveillance tapes; why didn't someone see him? Ziad Jarrah, pilot of UA flight 93 (destined for a Pennsylvania farm field, and now the subject of an A&E made-for-cable movie, Flight 93 and Hollywood's United 93), gets a speeding ticket in Maryland on September 9th; why didn't someone stop him? Someone always knows. The truth is out there. < - > http://www.ctheory.net/printer.aspx?id=518 From rforno at infowarrior.org Wed Sep 13 15:15:18 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Sep 2006 15:15:18 -0400 Subject: [Infowarrior] - Academic Paper: Diebold AccuVote-TS Voting Machine In-Reply-To: <20060913180043.GA8409@gsp.org> Message-ID: (c/o RK) Security Analysis of the Diebold AccuVote-TS Voting Machine Ariel J. Feldman, J. Alex Halderman, and Edward W. Felten http://itpolicy.princeton.edu/voting/ Abstract: This paper presents a fully independent security study of a Diebold AccuVote-TS voting machine, including its hardware and software. We obtained the machine from a private party. Analysis of the machine, in light of real election procedures, shows that it is vulnerable to extremely serious attacks. For example, an attacker who gets physical access to a machine or its removable memory card for as little as one minute could install malicious code; malicious code on a machine could steal votes undetectably, modifying all records, logs, and counters to be consistent with the fraudulent vote count it creates. An attacker could also create malicious code that spreads automatically and silently from machine to machine during normal election activities --- a voting-machine virus. We have constructed working demonstrations of these attacks in our lab. Mitigating these threats will require changes to the voting machine's hardware and software and the adoption of more rigorous election procedures. ---Rsk From rforno at infowarrior.org Wed Sep 13 15:42:28 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Sep 2006 15:42:28 -0400 Subject: [Infowarrior] - FW: Call for Participation: ACM QoP 2006 In-Reply-To: <20060913164517.GA17033@homeport.org> Message-ID: CALL FOR PARTICIPATION QoP 2006 2nd Workshop on Quality of Protection Security Measurements and Metrics URL: http://dit.unitn.it/~qop/ To be held in conjunction with CCS-2006 (13th ACM Conference on Computer and Communication Security) October 30, 2006 Alexandria, VA USA _____________________________________________________________ GENERAL DESCRIPTION This year's QoP'06 (Quality of Protection Workshop - Security Measurements and Metrics) workshop continues a roadmap towards the establishment of scientific and technical methods for the quantitative evaluation of a variety of security services, solutions and patterns. The objective is to provide for Security Engineering the same set of tools and techniques that are available in empirical Software Engineering, Communication Engineering and other sister disciplines and that mark the shift from arts to engineering. The workshop called for original research results and industrial experience reports on leading edge issues in security measurements and metrics, including models, systems, applications, and theory. QoP'06 gives to academia and industry a unique opportunity to share their perspectives with others interested in the various aspects of security measurements and metrics. ______________________________________________________________ The preliminary Advance Program is below. ADVANCE PROGRAM Opening ------- Fabio Massacci (chair) Guenter Karjoth (chair) INVITED TALK: ------------- - Quality of Protection: Measuring the Unmeasurable? John McHugh SESSION 1: Software security metrics ------------------------------------ - Measuring the Attack Surfaces of Two FTP Daemons Pratyusa K. Manadhata, Jeannette M. Wing, Mark A. Flynn and Miles A. McQueen - Using model-based security assessment in component-oriented system development. A case-based evaluation Gyrd Braendeland and Ketil Stolen - Contracting over the Quality aspect of Security in Software Product Markets Jari Raman - Towards a measuring framework for security properties of software (Short) Riccardo Scandariato, Bart De Win and Wouter Joosen SESSION 2: Network security metrics ----------------------------------- - Measuring Denial of Service Jelena Mirkovic, Peter Reiher, Sonia Fahmy, Roshan Thomas, Alefiya Hussain, Stephen Schwab and Calvin Ko - A Weakest-Adversary Security Metric for Network Configuration Security Analysis Joseph Pamula, Paul Ammann, Sushil Jajodia and Vipin Swarup - Framework for Malware Resistance Metrics Hanno Langweg - Modelling the Relative Strength of Security Protocols (short) Ho Chung and Clifford Neuman - Vulnerability Analysis For Evaluating Quality of Protection of Security Policies (short) Muhammad Abedin, Syeda Nessa, Ehab Al-Shaer and Latifur Khan PANEL SESSION: -------------- Is risk analysis a good system security metric? O. Sami Saydjari (moderator) Virgil D. Gligor Deb Bodeau Alessandro Acquisti Roy Maxion _______________________________________________________________ PC CHAIRS: Fabio Massacci - Univ. di Trento (IT) Guenter Karjoth - IBM Research (CH) PROGRAM COMMITTEE: Alessandro Acquisti - Carnegie Mellon University (USA) Guenter Bitz - SAP (DE) Yves Deswarte - LAAS-CNRS (FR) Dieter Gollmann - TU Hamburg-Harburg (DE) Virgil D. Gligor - University of Maryland (USA) Judith N. Froscher - Naval Research Laboratory (USA) Erland Jonsson - Chalmers University of Technology (SW) Svein Johan Knapskog - The Norwegian University of Science and Technology (NOR) Helmut Kurth - ATSEC (DE) Bev Littlewood - City University, London (UK) Volkmar Lotz - SAP (DE) Roy Maxion - Carnegie Mellon University (USA) David M. Nicol - University of Illinois (USA) Mario Piattini - University of Castilla-La Mancha (SP) Anand R. Prasad - DoCoMo Communications Laboratories Europe (DE) Tomas Sander - HP Labs (USA) Shrivastava Santosh - University of Newcastle upon Tyne (UK) Ketil Stolen - SINTEF (NO) & Univ. of Oslo (NO) Vipin Swarup - The MITRE Corporation (USA) Nicola Zannone - University of Trento (IT) Marvin Zelkowitz - University of Maryland (USA) ___________________________________________________ REGISTRATION Online registration is available on the CCS-2006 web page (online registration for QoP Workshop will be added soon): http://www.acm.org/sigs/sigsac/ccs/CCS2006/ From rforno at infowarrior.org Wed Sep 13 15:53:30 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Sep 2006 15:53:30 -0400 Subject: [Infowarrior] - Has the FBI ever heard of Google? Message-ID: Has the FBI ever heard of Google? By Eric J. Sinrod http://news.com.com/Has+the+FBI+ever+heard+of+Google/2010-1028_3-6115295.htm l Story last modified Wed Sep 13 11:22:10 PDT 2006 When it comes to the federal government's rationale for not producing information to answer inquiries citing the Freedom of Information Act, the recent case of Davis v. Department of Justice falls under the "you gotta be kidding" category. So, let's dig in a bit. The case centered around four audiotapes recorded more than 25 years ago as part of an FBI investigation in Louisiana. An author, who is the plaintiff in the case, sought release of the tapes under the Freedom of Information Act, or FOIA, as it's more generally known. There were two apparent speakers on the tapes. One was a "prominent individual" who was the subject of the FBI investigation. The other was an undercover informant. The Freedom of Information Act requires the federal government to produce information upon request with respect to its activities unless the requested information falls within one or more exemptions explicitly provided in the statute. The agency also took the position that it could not conclude whether the speakers were alive or dead by referencing a Social Security database. One exemption allows law enforcement to refuse to release records if that could reasonably be expected to constitute an unwarranted invasion of personal privacy. Under relevant case law, an agency deciding whether a particular release of information constitutes an unwarranted invasion of privacy must balance the privacy interest at stake against the public interest in disclosure. The FBI withheld production of the requested tapes, arguing that it had not been able to determine whether the speakers on the tapes were still living, and thus were entitled to have their privacy protected. FOIA case law holds that a person no longer has the same privacy rights upon his or her death. In its judgment, the federal appellate court in Washington, D.C., determined that the sole issue on appeal in the case was whether the FBI had undertaken "reasonable steps" to determine whether the speakers are now dead. In that case, the court said, even the privacy interests weighing against release would be diminished. The FBI could not figure out whether the speakers were over 100 years old--and thus presumed dead under FBI practice--because neither had mentioned their birth dates during conversations that were recorded surreptitiously. The agency also took the position that it could not conclude whether the speakers were alive or dead by referencing a Social Security database. The reason? The speakers did not state their Social Security numbers during the recorded conversations. Furthermore, the FBI failed to search its own files for the speakers' birth dates or Social Security numbers, simply because that is not its standard practice. Finally, the FBI did not try any other methods of finding out if the speakers were alive or dead, such as conducting Google searches. The appellate court not surprisingly determined that the FBI had not made reasonable efforts to ascertain whether the two speakers, on whose behalf it invoked a FOIA privacy exemption, were alive. What's more, the court said it had serious questions as to whether the FBI provided a reasonable response to the request. The case was remanded back to the trial court. The government bears the burden of invoking exemptions when refusing to produce information pursuant to FOIA requests. Hopefully the trial court will order the FBI to do proper due diligence in this case, consistent with the appellate court ruling. The words of the appellate court ring oh so true: "Why, in short, doesn't the FBI just Google the two names? Surely, in the Internet age, a 'reasonable alternative' for finding out whether a prominent person is dead is to use Google (or any other search engine), to find a report of that person's death." Copyright ?1995-2006 CNET Networks, Inc. All rights reserved From rforno at infowarrior.org Wed Sep 13 21:16:52 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Sep 2006 21:16:52 -0400 Subject: [Infowarrior] - Doublespeak and the War on Terrorism Message-ID: Doublespeak and the War on Terrorism http://www.cato.org/pub_display.php?pub_id=6654 by Timothy Lynch Timothy Lynch is director of the Cato Institute's Project on Criminal Justice and coauthor of "Power Surge: The Constitutional Record of George W. Bush," (2006). Five years have passed since the catastrophic terrorist attacks of September 11, 2001. Those attacks ushered in the war on terror. Since some high-ranking government officials and pundits are now referring to the war on terror as the "Long War" or "World War III," because its duration is not clear, now is an appropriate time to take a few steps back and examine the disturbing new vocabulary that has emerged from this conflict. One of the central insights of George Orwell's classic novel Nineteen Eighty-Four concerned the manipulative use of language, which he called "newspeak" and "doublethink," and which we now call "doublespeak" and "Orwellian." Orwell was alarmed by government propaganda and the seemingly rampant use of euphemisms and halftruths? and he conveyed his discomfort with such tactics to generations of readers by using vivid examples in his novel. Despite our general awareness of the tactic, government officials routinely use doublespeak to expand, or at least maintain, their power. The purpose of this paper is not to criticize any particular policy initiative. Reasonable people can honestly disagree about what needs to be done to combat the terrorists who are bent on killing Americans. However, a conscientious discussion of our policy options must begin with a clear understanding of what our government is actually doing and what it is really proposing to do next. The aim here is to enhance the understanding of both policymakers and the interested lay public by exposing doublespeak. < - > http://www.cato.org/pub_display.php?pub_id=6654 From rforno at infowarrior.org Wed Sep 13 21:19:56 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Sep 2006 21:19:56 -0400 Subject: [Infowarrior] - DHS releases Cyber Storm report Message-ID: INFOWORLD TECH WATCH http://weblog.infoworld.com/techwatch/archives/007886.html September 13, 2006 DHS releases Cyber Storm report The U.S. Department of Homeland Security (DHS) released its public findings from Operation Cyber Storm, a large-scale tabletop simulation of a coordinated cyber attack on the government and critical infrastructure that was held in February, 2006. The exercise involved US-CERT, the Homeland Security Operation center as well as the National Cyber Response Coordination Group (NCRCG) and the Intragency Incident Mnagement Group (IIMG), various ISACs from the transportation, energy, IT and telecommunications sectors, and 100 private sector companies including Microsoft and VeriSign. The report, released by DHS's National Cyber Security Division (NCSD)Wednesday and while no performance "grade" was assigned, read between the lines of the public report and the term "Needs Improvement" comes to mind. The exercise simulated a large-scale cyber campaign that disrupts multiple critical infrastructure, as well as simulated "physical demonstrations and distrubances" to test the ability of government to respond to multiple incidents simultaneously, even when its not clear that the events are related (read: 9/11). So how'd our government do? Not so well. Among other things, the report found that the NCRCG did not have sufficient technical experts on staff to respond to the volume of incidents. "As a result, development of an accurate situational picture was challenging, albeit in part due to the difficulty of the scenario." That's kind of like saying "If the test was just easier, I would have done better!" In fact, some aspects of the report eerily recall the Government's flawed response to Katrina -- a disaster that actually postponed the Cyber Storm Exercise by months. According to DHS, "observers noted that players had difficulty ascertaining what organizations and whom within those organizations to contact when there was no previously established relationship or pre-determined plans for response coordination and risk assessments/mitigation. There was a general recognition of the difficulties organizations faced when attempting to establish trust with unfamiliar organizations during time of crisis." Or how about this one: "Contingency planning for backup or resilient communications methods is a critical need. While only tested for a few players during the exercise, many players noted a high reliance of cyber incident response activities on communication systems that can be, themselves, vulnerable to attack or failure." So if Cyber Storm was designed to assess the U.S. government's readiness to respond to a coordinated physical and cyber attack on critical infrastructure, the conclusion of this report may be that such an attack, if launched, may well succeed. From the report: "Exercise participants noted the overwhelming effects that multiple, simultaneous, and coordinated incidents had on their response activities." and... "The majority of players reported difficulty in identifying accurate and up-to-date sources of information. Multiple alerts on a single issue created confusion among players, making it difficult to establish a single coordinated response. Players noted that the concept of a single point for information would enable a common framework for all to work from and likely increase effective response." To be fair, the exercise wasn't a total wash. As DHS points out, just by carrying off such a large scale private-public and multinational exercise creates allows the government to test policies, procedures and communications should an actual attack occur. It also created vital contacts within the federal government and between private and public sector participants. However, the larger message is that the Federal Government and DHS in particular are still woefully unprepared for a real "Cyber Storm," should it ever come. Most of the "key achievements" listed in the report seem to relate to the planning and carrying out of the exercise itself, not in the government's actual performance during the test. That's like Derek Jeter claiming his key achievement in last night's game was putting his uniform and cleats on and making it to the ballpark. I don't think so. At the very least, the government needs to find a central body to coordinate response. Right now, it looks like they've got two in name: National Cyber Response Coordination Group (NCRCG) and the Intragency Incident Management Group (IIMG). The reality on the ground may be different still. The feds also need more technical staff, and a scaled up capability to do triage on emerging incidents. Or, as DHS says: "Clarifying roles and responsibilities across government, and clearly articulating expectations between public and private sectors will enable the advancement of processes and communications architecture to support the development and maintenance of situational awareness across sectors." Huh?? From rforno at infowarrior.org Wed Sep 13 21:23:26 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Sep 2006 21:23:26 -0400 Subject: [Infowarrior] - Piracy lectures to kids: Your Tax Dollars At Work Message-ID: Feds take a nip-it-in-the-bud approach to Internet piracy http://www.startribune.com/462/story/673092.html The top official in the U.S. Patent Office took his message to a Bloomington elementary school to talk to the next generation of potential offenders. John Reinan, Star Tribune Wearing a blue suit and a tight smile, the fed faced his audience. This wasn't just any Washington bureaucrat. This was the director of the U.S. Patent and Trademark Office, a high-powered attorney who reports to President Bush and calls senators by their first names. And this wasn't just any audience. It consisted of 300 potential offenders, rounded up on Tuesday so Jon Dudas could lay down the law to them. They sat in rows on a gymnasium floor, twirling their pigtails and tugging their Pokeman sweatshirts as Dudas warned them not to steal music on the Internet. The crowd of second- through fifth-graders at Westwood Elementary School in Bloomington was well-prepared for the visit, having earlier watched an anti-piracy video provided by the U.S. Department of Commerce. Theft of intellectual property, on the Internet and elsewhere, costs U.S. businesses as much as $250 billion a year, Dudas said. "You wouldn't take a CD off the shelf without paying for it," Dudas said, pretending to hide a CD inside his suit coat. "And you shouldn't get music on the Internet without paying for it." As he explained the fine points of copyright law and intellectual property, the kids fired off questions about inventions, patents and the ethics of music downloads. Dudas visited Westwood after speaking at a small-business conference in Minneapolis earlier in the day. He chose the school because of its connection with Camp Invention, an enrichment program sponsored by the National Inventors Hall of Fame Foundation. With more than half of all students in grades one through five using the Internet, according to the U.S. Department of Education, schools have begun teaching about piracy and plagiarism earlier than ever. In Bloomington, kids start learning about the ethics of technology and the Internet in kindergarten, said district spokesman Richard Cash. The message is getting through, said Westwood second-graders Griffin Lindahl and Mikayla Snyder. "No taking other people's stuff!" Griffin said. Added Mikayla: "Don't copy other people's ideas or you'll get in trouble." John Reinan ? 612-673-7402 ? jreinan at startribune.com ?2006 Star Tribune. All rights reserved. From rforno at infowarrior.org Wed Sep 13 21:24:37 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Sep 2006 21:24:37 -0400 Subject: [Infowarrior] - Congress slams Homeland Security's tech efforts Message-ID: Congress slams Homeland Security's tech efforts By Anne Broache http://news.com.com/Congress+slams+Homeland+Securitys+tech+efforts/2100-1028 _3-6115434.html Story last modified Wed Sep 13 15:33:03 PDT 2006 WASHINGTON--The U.S. Department of Homeland Security on Wednesday sustained more bashing of its cybersecurity efforts from politicians and government auditors. In what has become a familiar refrain, a chorus of Republicans and Democrats--all from the U.S. House of Representatives panel on telecommunications and the Internet--urged the agency to get its act together and appoint a long-awaited cybersecurity czar. Then, at a sparsely attended afternoon hearing here, members of the House of Representatives' Homeland Security panel grilled department officials about shortcomings in the Homeland Security Information Network, which was intended to ease sharing of counterterrorism information among federal, state and local investigators. During the morning hearing, politicians voiced dismay at the unsurprising findings of a Government Accountability Office report (click for PDF) that was released Wednesday and that had been prepared at the committee's request. "Both government and the private sector are poorly prepared to effectively respond to cyberevents," David Powner, the GAO's director of information technology management issues, told the politicians. "Although DHS has various initiatives under way, these need to be better coordinated and driven to closure." The Department of Homeland Security, which is chiefly responsible for coordinating responses to cyberattacks, also has no concrete plan for responding to cyberdisasters in partnership with the private sector, Powner said. The department's Under Secretary for Preparedness George Foresman adopted a defensive posture throughout the two-hour hearing, which also included testimony from the Federal Communications Commission and private sector representatives. A similar slate of witnesses, including Foresman, was scheduled to testify on the subject before a House Homeland Security panel on Wednesday afternoon. Foresman emphasized that finding someone to fill the post of assistant secretary for cybersecurity and telecommunications remains a "top priority" for the department. The post has been vacant since its creation in July 2005, a situation that has drawn a rash of criticism inside and outside the government. "We are in the final stages of a security process review for a candidate we feel is very well-qualified," he said. "We look forward to announcing this candidate with Congress very soon." For a number of politicians, that assurance wasn't good enough. "To have gone this long without any attention to this or without having someone direct this part of the orchestra is dangerous for this country, I think, in plain English," said Rep. Anna Eshoo, a California Democrat. "I'm not one to try to hype up fear and all that, but we've placed outselves in a real ditch here by not having the administration name someone." Foresman said he would "strenuously object" to the insinuation that department has been sitting idle while the post has remained vacant. "Had we been in neutral the entire time, I think there would be a grave concern, but I think we have been in overdrive all the time," he said. One example of an action the department has taken was a weeklong mock attack called Cyber Storm, he said. The agency on Wednesday released a 17-page "after-action report" assessing the results of the February exercise, which involved more than 100 public and private agencies, associations, and corporations from more than 60 locations across five countries. Among the challenges experienced during the exercise, according to the report, are an insufficient number of "technical experts" on board to "fully leverage the large volume of incident information that was being provided;" difficulty figuring who to call within organizations to seek help during crises; and lack of a rapid means to assess and prioritize--or "triage"--cyber incidents. Terrorist cyber-attacks? Fresh off commemorations of the fifth anniversary of the Sept. 11 attacks earlier this week, some members at the morning hearing seemed particularly alarmed by the specter of terrorist-driven cyberincidents. "Certainly cyberterrorism is something that is likely to be in al-Qaida's playbook, and we should be vigilant against such threats," said Rep. Edward Markey, a Massachusetts Democrat who serves as co-chairman of the panel. "Some people probably think they're exempt from the impact of the Internet, but you'd almost have to live in a cave to be truly unaffected," added Texas Republican Joe Barton, who serves as chairman of the influential House Energy and Commerce Committee. A widespread disruption on that front, he quipped, "is exactly the outcome envisioned by a man who does live in a cave: Osama bin Laden." That theme continued in the afternoon hearing, convened by a House panel on intelligence, information-sharing and terrorism risk assessment. "If we are not successful in our information-sharing efforts, then we are not going to be successful in connecting the dots to protect our people and our nation from the possibility of additional attacks," said Connecticut Republican Rob Simmons, the panel's chairman. The focus of concern was a June 2006 report (click for PDF) from the department's Inspector General's Office that found the agency's information-sharing network was not performing as intended. The Department of Homeland Security's Assistant Inspector General Frank Deffer outlined a number of those flaws. They included an overly rushed schedule for rolling out and expanding the system after DHS inherited control of it in 2003; inadequate training and guidance for users on how to use it; general mistrust for the secrecy of information shared through the portals; and lack of availability of real-time information about situations. During the 2005 London Underground bombings, for instance, "users were able to get better information faster by calling personal contacts at law enforcement agencies with connections to the London police than by using the system," Deffer said. As a result, the system has very few active users, he said. "Taxpayers really should be outraged by what's happened here," Rep. Zoe Lofgren, a California Democrat, said of the $50 million undertaking. "The program is not only a model of haste and waste, but it's a missed opportunity to do things right." Copyright ?1995-2006 CNET Networks, Inc. All rights reserved. From rforno at infowarrior.org Wed Sep 13 21:37:49 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Sep 2006 21:37:49 -0400 Subject: [Infowarrior] - UK relaxes passenger carryon rules In-Reply-To: Message-ID: ...anyone want to bet how long before the US follows suit and ends this carryon madness? -rf Air baggage rules to be relaxed Aircraft hand baggage restrictions imposed after an alleged terrorist plot to attack airliners are likely to be eased next week, the BBC has learned. Larger bags will be allowed on board, and passengers will be able to take some liquids through security from Tuesday, ministers are set to say. The government's transport security division is holding talks with the aviation industry on Monday. The new measures should take effect next weekend. < - > http://news.bbc.co.uk/go/pr/fr/-/2/hi/uk_news/5343018.stm From rforno at infowarrior.org Wed Sep 13 21:40:43 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Sep 2006 21:40:43 -0400 Subject: [Infowarrior] - NSA Bill "Major Disaster, " Mainstream Civil Lib Group Message-ID: NSA Bill "Major Disaster," Mainstream Civil Lib Group Posted by ryansingel at 12:07 PM PDT http://blog.wired.com/27BStroke6/index.blog?entry_id=1556069 Center for Democracy and Technology's policy director Jim Dempsey, a longtime expert on national security law who testified to the Judiciary Committee on Senator Arlen Specter's NSA bill, described the bill's passage out of committee a "major disaster." Specter's bill was drafted in concert with the Vice President's office, and Specter has championed the bill because the administration promised him that it would submit its warrantless wiretapping program to a secret court for review, though the bill makes that optional, and arguably makes the program legal, due to changes to the law governing surveillance. What started out as Senator Specter wanting to rein in the president's program has turned on its head and is now not just a legislative ratification of the program, but an expansion of warrantless wiretapping of Americans. It would allow the NSA to turn its vacuum cleaners on even domestic phone calls and emails of citizens. And -- they do all of this in Alice-in-Wonderland fashion by defining all kinds of categories of surveillance to be not surveillance. The bill is basically saying that any time you are targeting a foreigner, even if you are collecting calls to us citizens, that's not surveillance. And anytime you are targeting nobody, but scooping up vast quantities of calls, that's not surveillance. This bill goes light years or miles beyond the Patriot Act. The Foreign Intelligence Surveillance Act is such a complicated statute and so much of the weight of it is borne by the definitions, that I'm not sure the sponsors of these bills appreciate what they are doing. The people who drafted this bill knew what they were doing, and it's been a very clever sell job. From rforno at infowarrior.org Wed Sep 13 22:42:24 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Sep 2006 22:42:24 -0400 Subject: [Infowarrior] - Macs and Grant Site Just Don't Click Message-ID: Macs and Grant Site Just Don't Click http://www.washingtonpost.com/wp-dyn/content/article/2006/09/12/AR2006091201 445_pf.html By Rick Weiss Washington Post Staff Writer Wednesday, September 13, 2006; A15 Scientists, scholars and others planning to use their Macintosh computers to submit grant proposals to the federal government in the months ahead should be prepared for a rocky, or at least error-message-littered, road ahead. Luckily, Mac users are used to it. Ever since its inception several years ago, the government's electronic grant submission system has been compatible only with Windows-based computers. That has forced Mac users to go with paper submissions or use clumsy patchwork programs -- or "workarounds" -- that government officials have conceded are "not ideal" and Mac users have called, well, insert your favorite PC expletive here. Earlier this year, the Department of Health and Human Services -- a central manager of the Grants.gov system -- promised that by November the system would be compatible with Macs, which are popular among scientists and academics. That was based on promises from Northrop Grumman Corp., which has been paid tens of millions of dollars to run Grants.gov for the government. But a new twist emerged this week when HHS announced that Grumman had lost its bid to win a renewal of its contract and will be moving on as of Nov. 1. So will Grumman deliver the goods as promised before it leaves? "That's a question we have," said Grants.gov program manager John Etcheverry. Just last week, Etcheverry said, Grumman delivered to HHS its first shot at a Mac-compatible version of its IBM-based grant application software for an initial round of testing by government experts. Asked how it worked, Etcheverry said hesitantly: "It's, to quote one of our testers, 'It's early.' But it seems to be working." Despite repeated inquiries from The Post, Grumman spokeswoman Juli Ballesteros did not provide anyone to address the company's commitment to making Grants.gov Mac-compatible before the company leaves. With that rollout uncertain, responsibility will fall to the new winner of the Grants.gov contract, Fairfax-based General Dynamics Information Technology. Under the terms of its contract, worth up to $18.9 million over five years, the company will create a new system by March 31 that will be compatible with Windows-based and Macintosh computers as well as Unix and Linux systems, which are popular in some science labs and research institutions. The company's vice president overseeing the Grants.gov project, Mary Biear, said the company will start with a platform-independent, off-the-shelf Adobe product, which it will modify in minor ways to fit the requirements of the government's grant-application system. She said her company would also maintain key systems left behind by Grumman -- including, if it works, the new Mac-compatible system. "The first question for our team is . . . if users can use it," said Biear, who said she has seen the nascent product because the companies have begun a seven-week overlapping transition period. "If it's working appropriately, [we] will maintain it and roll it out. If not, we would push it back." In that case, Mac users will have to wait until the new system comes out at the end of March. Not everyone is optimistic that even that deadline will be met. David Cassidy, a vice president at the District-based Turner Consulting Group, which was part of a consortium that lost its bid to take over the Grants.gov contract from Grumman, said he can't see how General Dynamics can fulfill the contract's requirements for the price it promised unless the company "has some incredible 'special sauce' that will enable them to meet these budget, functionality and schedule constraints." But even if the company succeeds on schedule, it will be too late for the thousands of applicants who face a Feb. 1 deadline for the National Institutes of Health's most popular "R01" research grants. NIH has announced that it wants all those applications to be filed electronically. "The big NIH deadline is Feb. 1, 2007," said John S. Massa, associate director of the University of Iowa's division of sponsored programs, in an e-mail. So a March release "isn't going to help much." Norka Ruiz Bravo, NIH's deputy director for extramural research, conceded the timing was awkward. Will the agency consider pushing back its deadline for an all-electronic submission process? "That is something we may want to think about," she said. ? 2006 The Washington Post Company From rforno at infowarrior.org Thu Sep 14 09:41:52 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Sep 2006 09:41:52 -0400 Subject: [Infowarrior] - NSA Bill Performs a Patriot Act Message-ID: NSA Bill Performs a Patriot Act http://www.wired.com/news/technology/1,71778-0.html By Ryan Singel| Also by this reporter 15:30 PM Sep, 13, 2006 A bill radically redefining and expanding the government's ability to eavesdrop and search the houses of U.S. citizens without court approval passed a key Senate committee Wednesday, and may be voted on by the full Senate as early as next week. By a 10-8 vote, the Senate Judiciary Committee approved SB2453, the National Security Surveillance Act (.pdf), which was co-written by committee's chairman Sen. Arlen Specter (R-Pennsylvania) in concert with the White House. The committee also passed two other surveillance measures, including one from Sen. Dianne Feinstein (D-California), one of the few senators to be briefed on the National Security Agency program. Feinstein's bill, which Specter co-sponsored before submitting another bill, rebuffs the administration's legal arguments and all but declares the warrantless wiretapping illegal. In contrast, Specter's bill concedes the government's right to wiretap Americans without warrants, and allows the U.S. Attorney General to authorize, on his own, dragnet surveillance of Americans so long as the stated purpose of the surveillance is to monitor suspected terrorists or spies. Lisa Graves, senior legislative counsel for the American Civil Liberties Union, called the bill "stunning." "The administration has taken their illegal conduct in wiretapping Americans without court orders, in violation of the Foreign Intelligence Surveillance Act and the Constitution, and used it as springboard to not only get FISA changed to allow the Terrorist Surveillance Program, but to actually, going forward, not give protections to Americans' privacy rights," Graves said. Jim Dempsey, the policy director for the more moderate Center for Democracy and Technology, described the bill's passage out of committee as "light years or miles beyond the Patriot Act." "What started out as Sen. Specter wanting to rein in the president's program has turned on its head and is now not just a legislative ratification of the program, but an expansion of warrantless wiretapping of Americans," Dempsey said. "It would allow the NSA to turn its vacuum cleaners on even domestic phone calls and e-mails of citizens. "They do all of this in Alice in Wonderland fashion by defining all kinds of categories of surveillance to be not surveillance," said Dempsey. Specter, who called NSA's warrantless surveillance a "festering sore on our body politic," champions his bill, since it allows, but does nor require, the administration to submit the whole surveillance program to review by a secretive court. Specter says President Bush promised to submit the NSA program to the court, if the bill passes. The bill also strikes from U.S. law a requirement that all surveillance of suspected spies and terrorists be done in accordance with FISA. But an aide for Specter disputes that this radically changes FISA or the balance of powers: Specter considers this to be an update to FISA that moves the law toward where technology is now, according to the aide, who spoke on background. Bush has acknowledged the NSA program monitors Americans' international phone calls and e-mails without court authorization, but says the program only targets communications where one side or the other has suspected terrorist connections. Feinstein says her briefings lead her to believe the current system needs only minor changes, such as increasing the number of judges that issue warrants. "I have been briefed on the terrorist-surveillance program, and I have come to believe that this surveillance can be done, without sacrifice to our national security, through court-issued individualized warrants for content collection on U.S. persons under the FISA process," Feinstein said Wednesday in a press release. That program has recently been declared unconstitutional by a federal judge in Detroit, and is being challenged by more than 20 lawsuits across the country. The bill: * Redefines surveillance so that only programs that catch the substance of a communication need oversight. Any government surveillance that captures, analyzes and stores patterns of communications such as phone records, or e-mail and website addresses, is no longer considered surveillance. * Expands the section of law that allows the attorney general to authorize spying on foreign embassies, so long as there's no "substantial likelihood" that an American's communication would be captured. * Repeals the provision of federal law that allows the government unfettered wiretapping and physical searches without warrants or notification for 15 days after a declaration of war. The lack of any congressional restraint on the president's wartime powers arguably puts the president at the height, rather than the ebb, of his powers in any time of war, even an undeclared one. * Repeals the provision of federal law that limits the government's wartime powers to conduct warrantless wiretapping and physical searches to a period of 15 days after a declaration of war. * Repeals the provision of federal law that puts a time limit on the government's wartime powers to conduct warrantless wiretapping and physical searches against Americans. Under current law, the president has that power for only 15 days following a declaration of war. * Allows the attorney general, or anyone he or she designates, to authorize widespread domestic spying, such as monitoring all instant-messaging systems in the country, so long as the government promises to delete anything not terrorism-related. * Moves all court challenges to the NSA surveillance program to a secretive court in Washington, D.C., comprised of judges appointed by the Chief Justice of the Supreme Court. Only government lawyers would be allowed in the courtroom. * Allows the government to get warrants for surveillance programs as a whole, instead of having to describe to a judge the particular persons to be monitored and the methods to be used. A markup of the corresponding House bill, sponsored by Rep. Heather Wilson (R-New Mexico) was scheduled for Wednesday, but was canceled. Specter has moved to have his bill voted upon next week by voice vote, called a unanimous consent motion, according to the ACLU's Graves. Such a procedure would leave no record of who voted for or against the bill. From rforno at infowarrior.org Thu Sep 14 09:55:18 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Sep 2006 09:55:18 -0400 Subject: [Infowarrior] - Itunes note.... Message-ID: I am still using iTunes 4.7.1 from late 2004. Apple just released iTunes 7. Given that I don't see any compelling need/reason to upgrade my software yet, does that mean I need to cash in one of my last remaining geek cards? :) -rf From rforno at infowarrior.org Thu Sep 14 18:50:58 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Sep 2006 18:50:58 -0400 Subject: [Infowarrior] - A Truthful Pre-Flight Announcement Message-ID: Welcome aboard Sep 7th 2006 >From The Economist print edition In-flight announcements are not entirely truthful. What might an honest one sound like? http://www.economist.com/opinion/displaystory.cfm?story_id=7884654 ?GOOD morning, ladies and gentlemen. We are delighted to welcome you aboard Veritas Airways, the airline that tells it like it is. Please ensure that your seat belt is fastened, your seat back is upright and your tray-table is stowed. At Veritas Airways, your safety is our first priority. Actually, that is not quite true: if it were, our seats would be rear-facing, like those in military aircraft, since they are safer in the event of an emergency landing. But then hardly anybody would buy our tickets and we would go bust. The flight attendants are now pointing out the emergency exits. This is the part of the announcement that you might want to pay attention to. So stop your sudoku for a minute and listen: knowing in advance where the exits are makes a dramatic difference to your chances of survival if we have to evacuate the aircraft. Also, please keep your seat belt fastened when seated, even if the seat-belt light is not illuminated. This is to protect you from the risk of clear-air turbulence, a rare but extremely nasty form of disturbance that can cause severe injury. Imagine the heavy food trolleys jumping into the air and bashing into the overhead lockers, and you will have some idea of how nasty it can be. We don't want to scare you. Still, keep that seat belt fastened all the same. Your life-jacket can be found under your seat, but please do not remove it now. In fact, do not bother to look for it at all. In the event of a landing on water, an unprecedented miracle will have occurred, because in the history of aviation the number of wide-bodied aircraft that have made successful landings on water is zero. This aircraft is equipped with inflatable slides that detach to form life rafts, not that it makes any difference. Please remove high-heeled shoes before using the slides. We might as well add that space helmets and anti-gravity belts should also be removed, since even to mention the use of the slides as rafts is to enter the realm of science fiction. Please switch off all mobile phones, since they can interfere with the aircraft's navigation systems. At least, that's what you've always been told. The real reason to switch them off is because they interfere with mobile networks on the ground, but somehow that doesn't sound quite so good. On most flights a few mobile phones are left on by mistake, so if they were really dangerous we would not allow them on board at all, if you think about it. We will have to come clean about this next year, when we introduce in-flight calling across the Veritas fleet. At that point the prospect of taking a cut of the sky-high calling charges will miraculously cause our safety concerns about mobile phones to evaporate. On channel 11 of our in-flight entertainment system you will find a video consisting of abstract imagery and a new-age soundtrack, with a voice-over explaining some exercises you can do to reduce the risk of deep-vein thrombosis. We are aware that this video is tedious, but it is not meant to be fun. It is meant to limit our liability in the event of lawsuits. Once we have reached cruising altitude you will be offered a light meal and a choice of beverages?a word that sounds so much better than just saying ?drinks?, don't you think? The purpose of these refreshments is partly to keep you in your seats where you cannot do yourselves or anyone else any harm. Please consume alcohol in moderate quantities so that you become mildly sedated but not rowdy. That said, we can always turn the cabin air-quality down a notch or two to help ensure that you are sufficiently drowsy. After take-off, the most dangerous part of the flight, the captain will say a few words that will either be so quiet that you will not be able to hear them, or so loud that they could wake the dead. So please sit back, relax and enjoy the flight. We appreciate that you have a choice of airlines and we thank you for choosing Veritas, a member of an incomprehensible alliance of obscure foreign outfits, most of which you have never heard of. Cabin crew, please make sure we have remembered to close the doors. Sorry, I mean: ?Doors to automatic and cross-check?. Thank you for flying Veritas.? From rforno at infowarrior.org Thu Sep 14 18:54:04 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Sep 2006 18:54:04 -0400 Subject: [Infowarrior] - Universal Music pressuring YouTube, MySpace Message-ID: Universal Music pressuring YouTube, MySpace http://news.yahoo.com/s/nm/20060914/wr_nm/media_universalmusic_youtube_dc_1 By Yinka Adegoke Wed Sep 13, 9:22 PM ET NEW YORK (Reuters) - Universal Music Group, the world's biggest record company, is stepping up pressure against popular online sites YouTube and MySpace, accusing them of infringing the copyrights of its artists' music videos. Universal chief executive Doug Morris described video site YouTube and News Corp.'s social networking site MySpace as "copyright infringers" during a Merrill Lynch investors' conference speech on Tuesday that was closed to the press. "The poster child for (user-generated media) sites are MySpace and YouTube," said Morris, according to a transcript obtained by Reuters. "We believe these new businesses are copyright infringers and owe us tens of millions of dollars." He added, "How we deal with these companies will be revealed shortly." "His remarks strongly suggested the company was planning to take legal action in the near-term to either prevent the illegal use of their content on these Web sites or to ensure the company is compensated for the use of its content," Jessica Reif Cohen, analyst at Merrill Lynch, wrote in a note on Wednesday. "This could be the first salvo from a content player against business models based on user-generated content, much of which relies on copyrighted material." Universal, owned by French media group Vivendi, has been in negotiations with both YouTube and MySpace to offer its artists' music legally for a fee. A spokeswoman for YouTube, a two-year-old start-up company that already boasts more than 100 million viewings of short videos uploaded by users, said, "It is our policy not to comment on our business negotiations." MySpace declined to comment. The runaway success of the free-to-view online video sites has raised the question of whether rights holders such as record companies and movie companies should be compensated, even if the clips are uploaded by the users. To date, YouTube has said it will take down any copyrighted material illegally posted on the site once it has been alerted by the rights holder. In February, YouTube was ordered by lawyers for General Electric Co.-owned television network NBC to remove illegally posted clips of some of its television shows, though in June the companies agreed to feature some of NBC's shows legally on the site. Last month, YouTube told Reuters that it is in discussions with record companies to offer its users the ability to watch virtually every music video ever made, but had yet to settle on a business model to allow viewers to see the videos for free. YouTube also announced later that month it would be testing a new advertising model with Warner Music Group featuring celebrity hotel heiress Paris Hilton. Record companies are keen to avoid repeating the mistake they believe they made when Viacom Inc.'s MTV was set up 25 years ago -- allowing their artists' music to be aired for free. Morris in his remarks to investors on Tuesday said MTV "built a multibillion-dollar company on our (music) ... for virtually nothing. We learned a hard lesson." From rforno at infowarrior.org Thu Sep 14 20:55:06 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Sep 2006 20:55:06 -0400 Subject: [Infowarrior] - =?iso-8859-1?q?=8C_Where_=B9_s_My_Medication=3F_?= =?iso-8859-1?q?=B9?= Message-ID: ?Where?s My Medication?? Feds' crackdown on Rx drugs from Canada perplexes consumers. By Susan Q. Stranahan September 2006 http://www.aarp.org/bulletin/prescription/left_in_a_lurch.html?print=yes Last spring, Nancy Popkin was awaiting her regular mail delivery of Fosamax, an osteoporosis medication. Instead, she received a notice from the U.S. Department of Homeland Security that she was violating federal law. Popkin's shipment is one of more than 39,000 packages of prescription drugs ordered by Americans that federal authorities have seized since last fall. "I was horrified," says Popkin, a financial adviser in Salem, Mass. And then she got angry. "I saw the heading Department of Homeland Security and I thought, with everything that's going on in the world, they get up a case against senior citizens?" Last fall Homeland Security's Customs and Border Protection quietly stepped up its confiscation of prescription drugs bought from Canada. In recent years, Americans?many of them older?have spent between $500 million and $1 billion annually on medicines in Canada, where brand-name drugs, including those made by U.S. companies, are often significantly cheaper. Although the cross-border shipments are illegal, authorities did little to stop the practice?until Nov. 17. That's when seizures of prescription drug shipments to America intensified. Warning letters offered recipients the option of "voluntarily abandoning" their drugs to authorities for disposal or asking the U.S. Food and Drug Administration to determine if they "should be refused admission into the United States." Popkin, who has ordered Fosamax by mail for years, was out $115, the price of a three-month supply of the drug. Her local pharmacy charged her $76 for a one-month supply. Officials say the new enforcement policy is intended to protect consumers. "Some people weren't aware that [importing drugs] is illegal and that it's not safe," says Lynn Hollinger, a spokeswoman for Homeland Security. Others say safety is not a major issue, noting that Canada has strict quality controls. A 2004 Government Accountability Office study concluded that the composition of drugs from Canadian pharmacies was comparable to drugs bought in the United States. "And the fact is," says Florida Sen. Bill Nelson, D, who introduced a bill to stop the confiscations, "most drugs sold in Canada come from the same companies and same assembly lines as drugs sold in America." Nelson says he has heard from hundreds of angry constituents about the seizures. His legislation, cosponsored with Sen. David Vitter, R-La., would forbid Customs agents from using federal funds to seize drugs from Canada. The measure, which passed by a 68-32 vote in July, joins two similar bills passed by the House. AARP supports legal and safe importation of prescription drugs from abroad. The Nelson-Vitter bill's fate could be decided this fall by a conference committee hammering out Homeland Security appropriations. Jon Cooper, a health adviser to Nelson, says passage of the bills in the Senate and House is "a good indicator that the American public wants it." But other observers are less optimistic that the committee will act this year. The drug industry has criticized the legislation. Ken Johnson, vice president of the Pharmaceutical Research and Manufacturers of America, says it "undermines the government's ability to assure the American public that our drug supply is safe and secure." As drug costs have soared, some 2 million consumers began looking to Canada for lower prices. Several states and local governments directed residents to Canadian suppliers, led in 2003 by Illinois?but not before a study ordered by Gov. Rod Blagojevich, D, concluded that Canada's pricing and distribution system was less likely than America's to foster drug counterfeiting and low-quality products. A one-month supply of Xenical, a weight-loss drug, costs Linda Van Gundy, of Deer Creek, Ill., $200 in the United States but $99 from Canada. When she got a letter from Homeland Security instead of her medicine, she called the governor's office. She was told she was out of luck: federal law takes precedence over state programs. Van Gundy says she isn't sure what the government is up to. Maybe "they're just trying to look good and Big Brotherly, helping protect us from ourselves." Susan Q. Stranahan is a freelance writer in Philadelphia. From rforno at infowarrior.org Fri Sep 15 10:10:05 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 15 Sep 2006 10:10:05 -0400 Subject: [Infowarrior] - SCOTUS to Post Same-Day Transcripts Message-ID: High Court to Post Same-Day Transcripts By Charles Lane Washington Post Staff Writer. Friday, September 15, 2006; A08 http://www.washingtonpost.com/wp-dyn/content/article/2006/09/14/AR2006091401 543_pf.html The Supreme Court announced yesterday that it will make same-day transcripts of its oral arguments available free on its Web site, the quickest and most complete public access to its proceedings the court has ever offered. There is no sign that the court is about to yield to calls for live television coverage, which the justices have steadfastly refused. But, in the quiet, tradition-bound world of the Supreme Court, yesterday's decision was almost revolutionary, court analysts said. "It's a tremendous opening to the outside world," said Richard Lazarus, a professor of law at Georgetown University and co-director of the school's Supreme Court Institute. It was the biggest step the court has taken in the direction of greater public access since John G. Roberts Jr., himself a former Supreme Court oral advocate, took over as chief justice almost a year ago. Coupled with another recent innovation, the identification in the transcripts of which justice is asking a particular question, the court's new policy "creates the potential for more intelligent speculation by more people than just those who were in the courtroom about how a particular case is going to come out," Lazarus said. Previously, free transcripts were not posted on the court's site, http://www.supremecourtus.gov , until two weeks after oral argument. The only exceptions were certain recent high-profile cases, such as the 2000 presidential election cases, in which the court released same-day audiotapes of oral argument. There were just three such occasions in the 2005-2006 term. Anyone who wanted a same-day transcript had to pay hundreds of dollars to the court's transcription service, Washington-based Alderson Reporting. That effectively limited access to a handful of law firms. But recent progress in digital technology and a new arrangement with Alderson made it possible for the justices to adopt the new policy, which law professors, lawyers and reporters have been urging for years. Formerly, Alderson provided services to the court free and recovered its costs by selling the transcripts. Now, the court will pay Alderson and give away the transcripts on its Web site, court spokeswoman Kathy L. Arberg said. ? 2006 The Washington Post Company From rforno at infowarrior.org Fri Sep 15 10:43:37 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 15 Sep 2006 10:43:37 -0400 Subject: [Infowarrior] - Loony Geek QOTD Message-ID: http://dooooooom.blogspot.com/2006/09/more-crackpot-drm-ideas.html Ian Brown, a computer scientist/activist, speaking at a recent meeting of the British Literary and Artistic Copyright Association, says: "Only paedophiles use that [encryption] technology and we would all be better off if it was banned." ...where's the clue-by-four? -rf From rforno at infowarrior.org Fri Sep 15 14:52:04 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 15 Sep 2006 14:52:04 -0400 Subject: [Infowarrior] - Original 'Star Trek' returns to TV with digital facelift Message-ID: 'Star Trek' returns to TV with digital facelift By Reuters http://news.com.com/Star+Trek+returns+to+TV+with+digital+facelift/2100-1026_ 3-6116056.html Story last modified Fri Sep 15 06:21:06 PDT 2006 Four decades after Capt. Kirk and crew zoomed off at warp speed to "the final frontier," the iconic sci-fi series "Star Trek" returns to broadcast television this week with an extensive digital makeover. CBS Paramount Domestic Television, a unit of CBS, is digitally remastering all 79 episodes of the original series to enhance the show's 1960s-era visual effects with 21st-century computer-generated graphics. Digitally created images will replace the miniature-scale models used for exterior shots of the various spacecraft on the show, including Kirk's Starship Enterprise and the enemy war vessels of the alien Klingons and Romulans. Star Trek auction Shots of distant galaxies and planets also will be touched up with computer graphics to give them greater depth. The flat matte paintings used as backdrops on the surface of the strange new worlds visited by the Enterprise crew will be digitally enhanced to add texture, atmosphere and lighting. Moreover, the music and sound for the show's opening sequence have been rerecorded in state-of-the-art digital stereo, and William Shatner's classic 38-word introduction, beginning with "Space, the final frontier," has been digitally remastered. CBS Paramount says the makeover is intended to enhance the show's visual appeal while staying true to the original look and feel of the series. "Nothing really has changed except for the fact that it's just prettier to look at," John Nogawski, president of CBS Paramount Domestic Television, said in a recent conference call with reporters. "Right down to placement of stars, it is being resimulated to be exactly what was there in the first place." Visual effects producer David Rossi said one subtle change avid fans may notice in the opening sequence was in the flight of the Enterprise, recreated as a computer-generated graphic with measurements taken from the original model of the craft now on display at the Smithsonian Institution in Washington. In the original sequence, the ship's flight path seems to shift slightly to the left and right, a flaw in perspective caused by limitations in the physical length of the dolly track used for the camera shot. The digital rendering creates a more realistic perspective. "We smoothed out the motion of the Enterprise. It flies more dynamically now," Rossi said. "It occupies real space. It doesn't look like a model anymore." In honor of the series' 40th anniversary, the remastered episodes will begin airing on Saturday on more than 200 TV stations across the country. It will mark the first time in 16 years the original series will be seen in U.S. broadcast syndication, though it currently airs on the cable network G4TV and will begin running Nov. 17 on cable's TV Land channel. Conceived by author Gene Roddenberry, "Star Trek" debuted on Sept. 8, 1966, introducing TV viewers to a 23rd-century team of space explorers led by Shatner as Capt. James T. Kirk, the Enterprise commander and an interstellar Lothario. The series co-starred Leonard Nimoy as his stoically logical first officer, the half-human, half-Vulcan Mr. Spock, DeForest Kelley as the cranky ship's doctor Leonard "Bones" McCoy, and James Doohan as trusty chief engineer Scott. Running on NBC for three seasons, "Star Trek" was canceled in 1969 due to mediocre ratings. But it developed a strong cult following in reruns that helped establish the show as a pop culture staple. Shatner and Nimoy insist the series endures because its visual effects were secondary to transcendent themes dealing with social justice, race relations and even Cold War tensions. "Shows about explosions and special effects, go away," Nimoy said in a recent interview. "We didn't have a lot of production values. It all had to get into your head somehow and resonate somewhere. And I think that's why it survives." Shatner, who jokes he doesn't watch "Star Trek" reruns anymore because "the aging process is so painful," added that fans saw past the "cheesy costumes, and the bad sets and the ill-gotten special effects" because of the show's substance. "It's almost like theater of the mind." Story Copyright ? 2006 Reuters Limited. All rights reserved. From rforno at infowarrior.org Sat Sep 16 23:37:22 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 16 Sep 2006 23:37:22 -0400 Subject: [Infowarrior] - Schneier: Renew your passports now to avoid RFID headaches In-Reply-To: Message-ID: The ID Chip You Don't Want in Your Passport By Bruce Schneier Saturday, September 16, 2006; A21 http://www.washingtonpost.com/wp-dyn/content/article/2006/09/15/AR2006091500 923_pf.html If you have a passport, now is the time to renew it -- even if it's not set to expire anytime soon. If you don't have a passport and think you might need one, now is the time to get it. In many countries, including the United States, passports will soon be equipped with RFID chips. And you don't want one of these chips in your passport. RFID stands for "radio-frequency identification." Passports with RFID chips store an electronic copy of the passport information: your name, a digitized picture, etc. And in the future, the chip might store fingerprints or digital visas from various countries. By itself, this is no problem. But RFID chips don't have to be plugged in to a reader to operate. Like the chips used for automatic toll collection on roads or automatic fare collection on subways, these chips operate via proximity. The risk to you is the possibility of surreptitious access: Your passport information might be read without your knowledge or consent by a government trying to track your movements, a criminal trying to steal your identity or someone just curious about your citizenship. At first the State Department belittled those risks, but in response to criticism from experts it has implemented some security features. Passports will come with a shielded cover, making it much harder to read the chip when the passport is closed. And there are now access-control and encryption mechanisms, making it much harder for an unauthorized reader to collect, understand and alter the data. Although those measures help, they don't go far enough. The shielding does no good when the passport is open. Travel abroad and you'll notice how often you have to show your passport: at hotels, banks, Internet cafes. Anyone intent on harvesting passport data could set up a reader at one of those places. And although the State Department insists that the chip can be read only by a reader that is inches away, the chips have been read from many feet away. The other security mechanisms are also vulnerable, and several security researchers have already discovered flaws. One found that he could identify individual chips via unique characteristics of the radio transmissions. Another successfully cloned a chip. The State Department called this a "meaningless stunt," pointing out that the researcher could not read or change the data. But the researcher spent only two weeks trying; the security of your passport has to be strong enough to last 10 years. This is perhaps the greatest risk. The security mechanisms on your passport chip have to last the lifetime of your passport. It is as ridiculous to think that passport security will remain secure for that long as it would be to think that you won't see another security update for Microsoft Windows in that time. Improvements in antenna technology will certainly increase the distance at which they can be read and might even allow unauthorized readers to penetrate the shielding. Whatever happens, if you have a passport with an RFID chip, you're stuck. Although popping your passport in the microwave will disable the chip, the shielding will cause all kinds of sparking. And although the United States has said that a nonworking chip will not invalidate a passport, it is unclear if one with a deliberately damaged chip will be honored. The Colorado passport office is already issuing RFID passports, and the State Department expects all U.S. passport offices to be doing so by the end of the year. Many other countries are in the process of changing over. So get a passport before it's too late. With your new passport you can wait another 10 years for an RFID passport, when the technology will be more mature, when we will have a better understanding of the security risks and when there will be other technologies we can use to cut the risks. You don't want to be a guinea pig on this one. Bruce Schneier writes often on security subjects. ? 2006 The Washington Post Company From rforno at infowarrior.org Sun Sep 17 12:19:36 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 17 Sep 2006 12:19:36 -0400 Subject: [Infowarrior] - Constitution Day - 9/18/06 Message-ID: In honor of tomorrow being the official observance of Constitution Day in the United States, may I provide a link to: The Constitution of the United States Adopted by convention of States, September 17, 1787; Ratification completed, June 21, 1781 (Current Through 1995) http://www.law.emory.edu/FEDERAL/usconst.html -rick Infowarrior.org From rforno at infowarrior.org Sun Sep 17 23:05:27 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 17 Sep 2006 23:05:27 -0400 Subject: [Infowarrior] - U.S. holds AP photographer in Iraq 5 mos Message-ID: U.S. holds AP photographer in Iraq 5 mos By ROBERT TANNER, AP National WriterSun Sep 17, 7:45 PM ET The U.S. military in Iraq has imprisoned an Associated Press photographer for five months, accusing him of being a security threat but never filing charges or permitting a public hearing. Military officials said Bilal Hussein, an Iraqi citizen, was being held for "imperative reasons of security" under United Nations resolutions. AP executives said the news cooperative's review of Hussein's work did not find anything to indicate inappropriate contact with insurgents, and any evidence against him should be brought to the Iraqi criminal justice system. Hussein, 35, is a native of Fallujah who began work for the AP in September 2004. He photographed events in Fallujah and Ramadi until he was detained on April 12 of this year. "We want the rule of law to prevail. He either needs to be charged or released. Indefinite detention is not acceptable," said Tom Curley, AP's president and chief executive officer. "We've come to the conclusion that this is unacceptable under Iraqi law, or Geneva Conventions, or any military procedure." Hussein is one of an estimated 14,000 people detained by the U.S. military worldwide ? 13,000 of them in Iraq. They are held in limbo where few are ever charged with a specific crime or given a chance before any court or tribunal to argue for their freedom. In Hussein's case, the military has not provided any concrete evidence to back up the vague allegations they have raised about him, Curley and other AP executives said. < - > http://news.yahoo.com/s/ap/20060917/ap_on_re_mi_ea/photographer_detained&pri nter=1 From rforno at infowarrior.org Sun Sep 17 23:08:22 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 17 Sep 2006 23:08:22 -0400 Subject: [Infowarrior] - Profiting from the politics of fear Message-ID: Pittsburgh Tribune-Review Profiting from the politics of fear By Dateline D.C. Sunday, September 17, 2006 WASHINGTON http://www.pittsburghlive.com/x/pittsburghtrib/opinion/columnists/datelinedc /s_470709.html A fear among kids growing up in England was that if they did not respond to a challenge, their friends would turn on them, shouting an old street phrase: "Cowardly, cowardly custard -- couldn't cut the mustard." This past month, the "mustard" that remains uncut was generated by fears of terrorism, hurricanes, illegal immigrants, fire, bird flu, plane hijackings and many other probable or improbable disasters -- including obesity. So, how do we avoid the "yellow stripe" award? We adapt. We blend audacity into apathy and attempt to regulate the aberrant either with nonchalance or bravado. We travel by road, rail and the subway; we buy plane tickets, go back to New York City and ignore the well-thought-out system of terror alerts and climate change. Mostly our daily lives continue as before. We continue to queue, shoeless and without jackets, to pass airport bomb detectors; we will grumble when we miss a subway train because of search procedures. And when Aunt Martha's knitting needles are confiscated, the White House will be deluged with angry letters. Is all this necessary and are the alerts for real? Naturally, suspicion is roused when a well-timed change in the alert enables some politician to evade his responsibilities. Is the alert linked to a few Muslims in Buffalo living out fantasy lives, or to satisfying a lobbyist's greed from selling nearly useless airport bomb-detection equipment? Were there bureaucratic mistakes to be covered up, or has the Top 10 fiction list, with rogue agents running amok, finally become true? You don't have to be a coward to recognize fear -- the yellow stripe is awarded only to those who run from fear. Today, in 2006, a large yellow stripe should be awarded to those who profit from fear. Let's look at the facts. There are 33,890 companies with federal homeland security contracts. Seven years ago -- after some decades of terrorism kicked off with the Olympics in 1972 -- there were only nine. Since 2001, $130 billion worth of contracts have been handed out by the same thundering, blundering pen pushers who mismanaged the hurricanes Katrina and Rita to these merchants of fear. An industry that makes so much money has to have an army of lobbyists, with only one incentive: to increase the real fear of the threat to America and to our hearths, and augment fears for our mortality and eternity. Our recovering economy is based on fear of the unimaginable becoming the inevitable. The field is crowded today. There are now some 550 lobbying firms registered for homeland security, compared with two in 2001. One of the new leading consultants is former Attorney General John Ashcroft, who while in office said his department had unearthed more than 1,000 terrorist cells in the United States and warned in May 2004 that 90 percent of the arrangements for a major attack on our country had been made by al-Qaida. Today, he leads the Ashcroft Group. So, it was no surprise that this very senior civil servant should be a leader of the Gadarene-like rush of more than a hundred top officials, from government departments -- such as the FBI, the CIA, customs, immigration and so on -- to the private sector. Homeland security has rapidly become a major engine for private industry, extending from espionage in the Middle East to border protection, airport security and communications. Are we safer with Tom Ridge, the former boss of Homeland Security, now advising the government of Albania and Ashcroft becoming the Washington lobbyist for AT&T? As the commemorations of 9/11 were taking place this month, air traffic was again disrupted and flights diverted because a computer had been abandoned -- and found -- while the plane was in flight. In New York City, rail travel was disrupted due to a security alert at Penn Station. In fighting against amorphous threats such as are those of Islamic terrorists, brute force is not enough -- already the war against terrorism has lasted longer than World War I (1914-1918). Moderates from both the West and Islam have been radicalized, neutrality is impossible and the more terrorist heads are lopped off -- as with the fabled Hydra -- even more heads grow. Is it a lose-lose situation? No way! So many of us survived the Cold War that few of the of baby boomers even remember when it commenced. That so many of us survived foreign foes, the evil empire, our own bureaucrats and the theories of MAD (Mutually Assured Destruction) with so little loss of sleep should be reassuring. In the words of one patriotic American that applies to both bin Laden and fear -- "This too shall pass." Dateline D.C. is written by a Washington-based British journalist and political observer. Images and text copyright ? 2006 by The Tribune-Review Publishing Co. From rforno at infowarrior.org Mon Sep 18 21:52:56 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 18 Sep 2006 21:52:56 -0400 Subject: [Infowarrior] - Homeland Security fills top cybersecurity post Message-ID: Homeland Security fills top cybersecurity post By Declan McCullagh http://news.com.com/Homeland+Security+fills+top+cybersecurity+post/2100-7348 _3-6116975.html Story last modified Mon Sep 18 17:23:19 PDT 2006 More than a year after Homeland Security Secretary Michael Chertoff publicly promised to bring in a top cybersecurity specialist, he finally hired one. Chertoff said on Monday that Gregory Garcia, who has been working at a Washington-area trade association, would become the department's first assistant secretary for cybersecurity, with responsibility for advising agencies and the private sector. The announcement ends a vacancy at Homeland Security that lasted more than 14 months and a wait that drew criticism from members of Congress, who it said demonstrated that Chertoff has not taken the topic seriously. "Quite simply, our nation has been without adequate leadership on cybersecurity," Rep. Zoe Lofgren, a Democrat, wrote in an opinion article that CNET News.com published in July. Republicans have also recently criticized Homeland Security's cybersecurity efforts, and a series of government reports has painted a picture of bureaucratic ineptitude. Chertoff acknowledged last year that he had "initial concerns" about raising the profile of cybersecurity in a bureaucratic culture that had focused on physical threats since Sept. 11, 2001. It took a formal vote last May in the U.S. House of Representatives to create the position--and an expected one in the Senate--to prompt Chertoff to acquiesce two months later. Garcia, who prior to accepting his new position was a vice president at the Information Technology Association of America, will succeed Donald "Andy" Purdy Jr., a two-year contract employee on loan from Carnegie Mellon University. Purdy, who has been criticized for taking the job of running a department that awarded at least $19 million in contracts to his university employer this year, was the acting cybersecurity chief. It's not clear what took Homeland Security so long to fill the job, but some industry watchers have characterized it as having high-profile responsibility but little day-to-day authority over either the federal government or the private sector. (Johns Hopkins University Professor Avi Rubin said: "I sure wouldn't take that job--it only has a downside.") In an appearance before Congress, Chertoff said last year that the assistant secretary "should not sit at the center of all federal agencies and direct and control their policies on information sharing and cybersecurity." Washington veterans who know Garcia applauded Monday's announcement. It's "a year late but a positive development," said Shannon Kellogg, director of government and industry affairs for RSA, the security division of EMC. "To me, it's worth the wait. They really have someone who can get the job done." Previous cybersecurity "czars" have been, besides Purdy, Richard Clarke, a veteran of the Clinton and first Bush administrations who left the post with a lucrative book deal. Clarke effectively was succeeded in quick succession by Howard Schmidt, also known for testifying in favor of the Communications Decency Act, then Amit Yoran and Robert Liscouski. Garcia will join an already complicated and sprawling hierarchy at the Department of Homeland Security. There's also an undersecretary for management, an undersecretary for science and technology, an assistant secretary for policy, an undersecretary for preparedness, an assistant secretary for intelligence and analysis, and assistant secretary for legislative affairs, an assistant secretary for public affairs, an assistant secretary for transportation security, an assistant secretary for immigration and customs, and an undersecretary for FEMA. That's not counting a multitude of directors and commissioners (including the head of the U.S. Secret Service) who also report to Chertoff (click here for PDF of a departmental organizational chart). Copyright ?1995-2006 CNET Networks, Inc. All rights reserved. From rforno at infowarrior.org Tue Sep 19 12:02:46 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 Sep 2006 12:02:46 -0400 Subject: [Infowarrior] - EFF on Zune: Risk of DRM/DMCA checkmate no longer a risk. It's reality Message-ID: EFF on Zune: Risk of DRM/DMCA checkmate no longer a risk. It's reality Posted by David Berlind @ 6:58 am http://blogs.zdnet.com/BTL/?p=3626 By way of Cory Doctorow, comes a pointer to the Electronic Frontier Foundation's take on Microsoft's new Zune: a brand that has broken ranks with the Redmond-based company's previous digital rights management (DRM) strategy that attempted to establish an ecosystem of compatibility (under the name "PlaysForSure") between content merchants (ie: AOL, Yahoo, Amazon, etc.), the copy protection on the content they sold, and the software and devices that could play that content. Critics of DRM (including me) have long warned of the risks of strategy, policy, and technology shifts amongst the various DRM stakeholders (technology companies, entertainment companies, copyright holders, etc.): namely that consumers could wake up one morning to learn that the rules regarding legal playback of their content investments (audio, video, images, etc.) may have changed to the point that they'll probably have to, at some point,M re-buy their favorite music and video all over again. In the US, the Digital Millenium Copyright Act (DMCA) has, with few exceptions (none of which apply here), outlawed circumvention of content copy protection. So, with Microsoft's Zune, now comes proof that these were not Chicken Little warnings. Wrote the EFF's Derek Slater: Microsoft's Zune will not play protected Windows Media Audio and Video purchased or "rented" from Napster 2.0, Rhapsody, Yahoo! Unlimited, Movielink, Cinemanow, or any other online media service. That's right ? the media that Microsoft promised would Play For Sure doesn't even play on Microsoft's own device. Buried in footnote 4 of its press release, Microsoft clearly states that "Zune software can import audio files in unprotected WMA, MP3, AAC; photos in JPEG; and videos in WMV, MPEG-4, H.264" ? protected WMA and WMV (not to mention iTunes DRMed AAC) are conspicuously absent.?? ?..This is a stark example of DRM under the DMCA giving customers a raw deal. Buying DRMed media means you're locked into the limited array of devices that vendors say you can use. You have to rebuy your preexisting DRMed media collection if you want to use it on the Zune. And you'll have to do that over and over again whenever a new, incompatible device with innovative features blows existing players out of the water?. ?.The real culprit here is the DMCA ? but for that bad law, customers could legally convert DRMed files into whatever format they want, and tech creators would be free to reverse engineer the DRM to create compatible devices. Even though those acts have traditionally been and still are non-infringing, the DMCA makes them illegal and stifles fair use, innovation, and competition. ?.May this be a lesson to those who mistakenly laud certain DRM as "open" and offering customers "freedom of choice" simply because it is more widely-licensed than other formats. With DRM under the DMCA, nothing truly plays for sure, regardless of whether you're purchasing from Apple, Microsoft, or anyone else?. Doctorow drove straight to the irony of the situation when he wrote "Microsoft's iPod-killing Zune player won't play music that's locked up with Microsoft's own anti-copying software." Don't say you weren't warned. From rforno at infowarrior.org Tue Sep 19 16:04:44 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 Sep 2006 16:04:44 -0400 Subject: [Infowarrior] - Terrorism no excuse for privacy breaches, says EU regulator Message-ID: Original URL: http://www.theregister.co.uk/2006/09/19/terrorism_privacy_breaches/ Terrorism no excuse for privacy breaches, says EU regulator By OUT-LAW.com Published Tuesday 19th September 2006 17:22 GMT Terrorism and organised crime should not be used as excuses for passing laws which undermine people's privacy and data protection rights, according to the European Data Protection Supervisor (EDPS). Existing laws do not need changed, he said. In an update on data protection in Europe, EDPS Peter Hustinx said that security concerns were not an adequate reason to undermine data protection principles. "It is a misconception that protection of privacy and personal data holds back the fight against terrorism and organised crime," said Hustinx. "Current legislation does allow, for instance, law enforcement to check suspicious phone numbers found in a computer." The EDPS has recently advised EU bodies on controversial issues of data protection such as the disputed transfer of airline passenger data to the US, telecoms data retention and EU information technology systems. New laws and practices are being introduced in the aftermath of terrorist attacks in the US, Madrid and London which put security concerns and data protection in direct conflict. An EU deal cut with authorities in the US to transfer airline passenger data was opposed by the EU Parliament and struck down by the European Court of Justice on procedural grounds. Other legislation causing controversy are the laws introduced by member states to comply with the Data Retention Directive. The Directive calls for telephone, email and internet data to be kept for up to two years by telecoms firms and is being opposed by civil rights groups. One group, Digital Rights Ireland, is taking the Irish government to court over the Irish law based on the Directive and hopes to overturn the Directive itself. The Irish state is also taking a legal challenge against the Directive, but on procedural, not privacy, grounds. Hustinx said that the idea that a state must choose either good security or good data protection is flawed. "Good data protection actually goes hand in hand with legitimate crime fighting because it increases the quality of databases and at the same time makes sure that only the right people can access them," he said. Copyright ? 2006, OUT-LAW.com (http://www.out-law.com/) From rforno at infowarrior.org Tue Sep 19 23:09:15 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 Sep 2006 23:09:15 -0400 Subject: [Infowarrior] - NYT: White House Drops a Condition on Interrogation Bill Message-ID: September 20, 2006 White House Drops a Condition on Interrogation Bill By KATE ZERNIKE http://www.nytimes.com/2006/09/20/washington/20detain.html?ei=5094&en=466fd1 0d4bd27ba5&hp=&ex=1158724800&partner=homepage&pagewanted=print WASHINGTON, Sept. 19 ? Seeking a deal with Senate Republicans on the rules governing the interrogation of terrorism suspects, the White House has dropped its insistence on redefining the obligations of the United States under the Geneva Conventions, members of Congress and aides said Tuesday. The new White House position, sent to Capitol Hill on Monday night, set off intensified negotiations between administration officials and a small group of Republican senators. The senators have blocked President Bush?s original proposal for legislation to clarify which interrogation techniques are permissible and to establish trial procedures for terrorism suspects now in United States military custody. The two sides were said to be exchanging proposals and counterproposals late Tuesday in a showdown that could have substantial ramifications for national security policy and the political climate heading toward Election Day. The developments suggested that the White House had blinked first in its standoff with the senators, who include John W. Warner of Virginia, the chairman of the Armed Services Committee, and John McCain of Arizona. But few details were available, and it was not clear whether a compromise was imminent or whether the White House had shifted its stance significantly. Until this week, Mr. Bush had sought to address the issue through two channels. One was to clarify the limits on interrogation techniques under Common Article 3 of the Geneva Conventions by proposing legislation saying that the nation?s obligations under the article would be satisfied as long as it complied with the Detainee Treatment Act. That legislation was passed by Congress in December and bans ?cruel, inhuman or degrading treatment.? The other was to seek changes in the War Crimes Act, a step the administration had said was necessary to provide interrogators for the Central Intelligence Agency with protection from prosecution at home and abroad. The Republican group led by Mr. Warner favors addressing the issue through changes to the War Crimes Act but has resisted efforts to recast the nation?s obligations under the Geneva Conventions. Senator John Cornyn of Texas, a Republican on the Armed Services Committee who has supported the president?s legislation, said Tuesday morning that the White House had agreed to work within the War Crimes Act to refine the obligations under Common Article 3. ?There?s agreement on the goal,? Mr. Cornyn said, ?that is, that we continue to comply with our international treaty obligations and all of our domestic laws, but at the same time not tie the hands of our intelligence officials.? Senator Jeff Sessions of Alabama, another Republican on the committee who has backed the president?s approach, said: ?It?s an argument between people with strong wills. Sometimes you have to step back and re-evaluate; the president has done that. Apparently he?s said, O.K., let me look at this in a different way.? Mr. Warner declined to comment on specific proposals, saying only that he had ?great optimism? that an agreement could come soon. White House officials declined to discuss their offer and said they expected negotiations to continue for at least another day. ?We are continuing negotiations in good faith and remain cautiously optimistic about our ability to reach a resolution,? said Dana Perino, the deputy White House press secretary. Common Article 3 guarantees humane treatment to combatants seized during wartime. The two sides agree that the article?s language prohibiting ?outrages upon human dignity? is too vague and leaves military and C.I.A. personnel uncertain about what techniques they may use in interrogating detainees. The White House has argued that without more ?clarity,? it will have no choice but to shut down a C.I.A. program for interrogating top terrorism suspects. But Mr. Warner, Mr. McCain and Senator Lindsey Graham of South Carolina have argued against any changes in the language interpreting the article, saying such a change would invite other countries to reinterpret the Geneva Conventions as they saw fit, which in turn could endanger captured American troops. The senators propose to provide clearer guidelines for interrogators by amending the War Crimes Act to enumerate several ?grave breaches? that constitute violations of Common Article 3. Several issues appeared to remain in flux, among them whether the two sides could agree on language protecting C.I.A. officers from legal action for past interrogations and for any conducted in the future. Beyond the issue of interrogations, the two sides have also been at odds over the rights that should be granted to terrorism suspects during trials, in particular whether they should be able to see all evidence, including classified material, that a jury might use to convict them. Mr. Graham declined to discuss specifics of the talks but said, ?I am very pleased with the tone and the progress.? Mr. McCain said only that discussions continued. ?There has been no rejection of anything by anybody,? he said. In the House, where the Armed Services Committee backed a bill that looked much like the legislation originally proposed by the White House, leaders said they still supported the president?s bill. But they postponed a vote on the legislation until next week, while the Judiciary Committee examines it, and said they would look to the Senate for any signs of compromise. Representative John A. Boehner of Ohio, the majority leader, said, ?I think the president is on very firm ground here.? Sheryl Gay Stolberg contributed reporting. From rforno at infowarrior.org Wed Sep 20 09:25:52 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 20 Sep 2006 09:25:52 -0400 Subject: [Infowarrior] - TSA Screener Training Video posted Message-ID: Sure looks like it came from them. :) http://tinyurl.com/kqx36 From rforno at infowarrior.org Wed Sep 20 09:43:37 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 20 Sep 2006 09:43:37 -0400 Subject: [Infowarrior] - Attrition.org and PogoWasRight.org Collaborate on DataLoss Message-ID: Attrition.org and PogoWasRight.org Collaborate on DataLoss Mon Sep 18 18:10:33 EDT 2006 Attrition Staff http://attrition.org/dataloss/06-09-18.001.html Attrition.org and PogoWasRight.org would like to announce the beginning of a new collaborative effort that we feel will enhance the resources provided by both sites. Beginning on Saturday, September 16, 2006, Dissent and AnonAdmin from PogoWasRight.org are the new co-moderators of the Data Loss Mail List and the Data Loss Web Page. In return, Lyger and Jericho from attrition.org have created user accounts with PogoWasRight.org to provide news, commentary, and additional support and/or resources as needed. Both sites will continue to remain independent in content and focus. However, resources will be shared willingly, openly, and freely with no commercialization or compensation provided to either group (other than the ph4t sh3ll 4cc0un7z, y0). In addition, the Data Loss Database (Open Source) (DLDOS) will be continue to be available, free of charge, for any non-commercial entities. Our goal is to make DLDOS the world's most comprehensive database for breaches involving personally identifiable information. For more information on DLDOS, please visit here and make sure to read the disclaimer thingy at the bottom. In addition, we would like to thank Chris Walsh and Adam Shostack from Emergent Chaos, Beth Givens from Privacy Rights Clearinghouse, and the entire subscriber base of the Data Loss Mail List for their continued support of Attrition's data loss projects. From rforno at infowarrior.org Thu Sep 21 16:30:42 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Sep 2006 16:30:42 -0400 Subject: [Infowarrior] - Microsoft Media Player shreds your rights Message-ID: Microsoft Media Player shreds your rights http://www.theinquirer.net/default.aspx?article=34523 By Charlie Demerjian: Thursday 21 September 2006, 10:08 THINK DRM WAS bad already? Think I was joking when I said the plan was to start with barely tolerable incursions on your rights, then turn the thumbscrews? Welcome to Windows Media Player 11, and the rights get chipped away a lot more. Get used to the feeling, if you buy DRM infected media, you will only have this happen with increasing rapidity. One of the problems with WiMP11 is licensing and backing it up. If you buy media with DRM infections, you can't move the files from PC to PC, or at least you can't and have them play on the new box. If you want the grand privilege of moving that content, you need to get the approval of the content mafia, sign your life away, and use the tools they give you. If you want to do it in other ways, you are either a lawbreaker or following the advice of J Allard. Wait, same thing. So, in WiMP10, you just backed up your licenses, and stored them in a safe place. Buying DRM infections gets you a bunch of bits and a promise not to sue, but really nothing more. The content mafia will do anything in its power, from buying government to rootkitting you in order to protect those bits, and backing them up leaves a minor loophole while affording the user a whole lot of protection. Guess which one wins, minor loophole or major consumer rights? Yes, WiMP11 will no longer allow you the privilege of backing up your licenses, they are tied to a single device, and if you lose it, you are really SOL. Remember that feeling I mentioned earlier? This is nothing less than a civil rights coup, and most people are dumb enough to let it happen. Read the links, the entire page is scary as hell, but the licensing part takes the cake. "Windows Media Player 11 does not permit you to back up your media usage rights (previously known as licenses)", Wow, new terminology, old idea, you are a wallet with legs waiting to be raped. "The store might limit the number of times that you can restore your rights or limit the number of computers on which can use the songs or videos that you obtain from them. Some stores do not permit you to restore media usage rights at all." Translation, not our problem, and get bent, we got your cash. But it gets worse. If you rip your own CDs, WiMP11 will take your rights away too. If the 'Copy protect music' option is turned on, well, I can't top their 1984 wording. "If the file is a song you ripped from a CD with the Copy protect music option turned on, you might be able to restore your usage rights by playing the file. You will be prompted to connect to a Microsoft Web page that explains how to restore your rights a limited number of times." This says to me it will keep track of your ripping externally, and remove your rights whether or not you ask it to. Can you think of a reason you would need to connect to MS for permission to play the songs you ripped from you own CDs? How long do you think it will be before a service pack, masquerading as a 'critical security patch' takes away the optional part of the 'copy protection'? Now do you understand why they have been testing the waters on WiMP phoning home? Think their firewall will stop it even if you ask? Then when you go down on the page a bit, it goes on to show that it guts Tivo capabilities. After three days, it kills your recordings for you, how thoughtful of them. Going away for a week? Tough, your rights are inconvenient to their profits, so they have to go. "Recorded TV shows that are protected with media usage rights, such as some TV content recorded on premium channels, will not play back after 3 days when Windows Media Player 11 Beta 2 for Windows XP is installed on Windows XP Media Center Edition 2005. No known workaround to resolve this issue exists at this time." Workaround my *ss, this is wholesale rights removal by design. What WiMP11 represents is one of the biggest thefts of your rights that I can think of. MS planned this, pushed the various pieces slowly, and this is the first big hammer to drop. Your rights, the promises they made, and anything else that gets in the way of the content mafia making yet more money gets thrown out. Why? Greed. Your rights? History. You were dumb enough to let it happen, don't say I didn't warn you. ? From rforno at infowarrior.org Thu Sep 21 21:15:38 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Sep 2006 21:15:38 -0400 Subject: [Infowarrior] - Standards Suggested for Airline ID Card Message-ID: Standards Suggested for Airline ID Card http://www.salon.com/wire/ap/archive.html?wire=D8K9HBBG0.html - - - - - - - - - - - - September 21,2006 | WASHINGTON -- The Transportation Security Administration on Thursday announced standards for an ID card that frequent fliers can buy to get through security lines faster at airports. The announcement comes nearly five years after Congress first authorized the program, two years after the TSA first tested it and three months after it was supposed to start. The public has two weeks to comment on the standards, which are only in draft form. The program, called "Registered Traveler," would establish airport-security fast lanes for those who pay a fee, pass a government background check and submit 10 fingerprints. In addition to the annual membership fee, which is likely to be about $100, the TSA estimates a background check will cost another $100. The standards cover information security, enrollment, verification and privacy, the TSA said. A year ago, the TSA stopped testing the program except in Orlando, Fla. TSA chief Kip Hawley decided to turn the program over to the private sector. Airport participation is voluntary. Hawley has said the program isn't a top priority for the agency, but it has been important to private companies eager to profit from selling identification cards. Companies such as Verified Identity Pass, started by media entrepreneur Steven Brill, seek to install a system of private security passes at airports across the nation. --__ On the Net: Transportation Security Administration: http://www.tsa.gov From rforno at infowarrior.org Mon Sep 25 13:38:46 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 25 Sep 2006 13:38:46 -0400 Subject: [Infowarrior] - First duct tape, now baggies In-Reply-To: Message-ID: Time to invest in Glad and Ziploc, not to mention the new market of 3-oz toiletry item makers. -rf TSA site (with a picture): "Travelers may now carry through security checkpoints travel-size toiletries (3 ounces or less) that fit comfortably in ONE, QUART-SIZE, clear plastic, zip-top bag." http://www.tsa.gov/press/happenings/9-25_updated_passenger_guidance.shtm -rf From rforno at infowarrior.org Tue Sep 26 09:09:30 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 Sep 2006 09:09:30 -0400 Subject: [Infowarrior] - =?iso-8859-1?q?FCC_Fear_Cancels_PBS_Airing_of_=8C?= =?iso-8859-1?q?_Marie_Antoinette_=B9?= Message-ID: FCC Fear Cancels PBS Airing of ?Marie Antoinette? >From Denver Post, September 26, 2006 http://www.freepress.net/news/17917 Fear of fines from the Federal Communications Commission caused Rocky Mountain PBS to cancel tonight?s showing of the two-hour documentary ?Marie Antoinette.? Instead, the network, which includes KRMA-Channel 6 in Denver, will show ?The Naked Planet,? ?The Dead Sea? and ?The Grand Canyon,? beginning at 9 p.m. ?I took a look at it at 10 this morning,? said James Morgese, president and general manager of RMPBS. ?What I saw is nothing worse than what you see on TV elsewhere, but in this era of heightened sensitivity by the FCC, fines are pretty stiff.? Specifically, he said, the questionable scenes were 200-year-old pencil drawings of nude couples having sex and ?a very specific? discussion of Louis VXI?s apparent impotency. ?It?s a good show, historical and factual,? said Morgese, adding that the show will air at 10 p.m. on an undetermined date. ?After 10 p.m. and before 6 a.m. is considered ?safe harbor? where you can do these things and not get into trouble.? Some PBS outlets pulled the program entirely, others are moving to a later hour and some will show it at its schedule time. ?It will be interesting to see what happens,? said Morgese. The FCC has heavily fined some radio and television stations for language and scenes deemed to be obscene. This article is from Denver Post. If you found it informative and valuable, we strongly encourage you to visit their website and register an account to view all their articles on the web. Support quality journalism. From rforno at infowarrior.org Tue Sep 26 22:07:32 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 Sep 2006 22:07:32 -0400 Subject: [Infowarrior] - Cingular "bulletins" Message-ID: Anyone else peeved (to put it bluntly) about Cingular's new "bulletins" on their voicemail system -- and the fact you have to manually bypass them EACH time you check messages? Talk about finding ways to anger your customers and contribute to cellphone customer churn -- foisting this "speedbump" on users w/o giving them an option to auto-bypass. Thank gods I'm off-contract with them now; another week of this and I'm off to T-Mobile. -rf From rforno at infowarrior.org Tue Sep 26 22:08:22 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 Sep 2006 22:08:22 -0400 Subject: [Infowarrior] - Microsoft sues over source code theft Message-ID: Microsoft sues over source code theft By John Borland http://news.com.com/Microsoft+sues+over+source+code+theft/2100-1025_3-611989 2.html Story last modified Tue Sep 26 16:41:42 PDT 2006 Microsoft has filed a federal lawsuit against an alleged hacker who broke through its copy protection technology, charging that the mystery developer somehow gained access to its copyrighted source code. For more than a month, the Redmond, Wash., company has been combating a program released online called FairUse4WM, which successfully stripped anticopying guards from songs downloaded through subscription media services such as Napster or Yahoo Music. Microsoft has released two successive patches aimed at disabling the tool. The first worked--but the hacker, known only by the pseudonym "Viodentia," quickly found a way around the update, the company alleges. Now the company says this was because the hacker had apparently gained access to copyrighted source code unavailable to previous generations of would-be crackers. "Our own intellectual property was stolen from us and used to create this tool," said Bonnie MacNaughton, a senior attorney in Microsoft's legal and corporate affairs division. "They obviously had a leg up on any of the other hackers that might be creating circumvention tools from scratch." This latest round of copy-protection headaches comes at a delicate time for Microsoft. In a few months, the company plans to launch its own digital music subscription service, called "Zune," paired with an iPod device rival of the same name. The package will compete with services from Microsoft's traditional partners, such as Napster and Yahoo. The Zune service and device will use their own flavor of digital rights management, and this will not be directly compatible with Microsoft's partners' products, despite being based on the same Windows Media technology. The company is taking great pains to assure its partners that their PlaysForSure-branded products are still state of the art. Two-pronged approach At the moment, Microsoft is taking a two-pronged technical and legal approach to FairUse4WM that goes beyond the scope of its earlier DRM battles. On the technical side, it is pursuing much the same strategy as in the past: studying the hacker's tool and trying to update its Windows Media technology to block it. Indeed, the company's Windows Media copy protection technology was designed from the start to support swift updates that would address inevitable cracks. That has long been part of the technology's draw for record labels and movie studios, which are fearful that content protection flaws will lead to films and music being swapped freely online. Microsoft's copy protection has been cracked before and then quickly fixed. Company representatives said that the FairUse4WM tool, despite its developer's success in breaking through the company's first patch, is simply triggering the same kind of security review that has happened in the past. "This particular circumvention doesn't change that reality at all, or affect the underpinnings of the system," said Marcus Matthias, a senior product manager at Microsoft. "This is not quite as 'cat and mouse' as some people might have you believe." The crack's unusual longevity has caused ripples of worry inside the digital media community, however. One service provider, the British network BSkyB, even temporarily canceled movie downloads. Representatives from other services say Microsoft's previous rights-management security updates have been successful and expect this effort ultimately to be no different. "One of the great features of the Windows Media DRM is its renewability," said Bill Pence, chief technical officer at Napster. "When the DRM system is compromised, we can incorporate updates with minimal impact on users, and we expect to do the same with the current patch." Using courts to track a cracker However, the federal "John Doe" lawsuit, along with "dozens" of legal letters sent to Internet sites that are hosting the allegedly copyright-infringing tool, is a decidedly different tack for Microsoft. The copyright lawsuit was filed in Seattle federal court last Friday, without a name attached. Just as in the recording industry's many lawsuits against accused file swappers, it targets an unknown individual or individuals, whose true identity will be sought in the course of the case. For now, that means going to the Internet service providers for Web sites where the original FairUse4WM tool was released, in hopes of tracking down an IP address or other digital traces that might lead to the developer, MacNaughton said. Microsoft is also contacting other Web sites that have posted the FairUse4WM tool, asking them to remove the software, on the grounds that it contains copyrighted company code. Company representatives declined to speculate on exactly how "Viodentia" gained access to copyrighted source code. The code in question is part of a Windows Media software development kit, but is not easily accessible to anyone with a copy of that toolkit, Microsoft said. So far, little is known about the developer, who has used the pseudonym "Viodentia" in several online postings at a site called Doom9.org. "Viodentia" could not immediately be reached for comment. After spending an unaccustomed month of grappling with the problem, Microsoft representatives stopped short of promising their latest Windows Media update will be impregnable--although certainly, the hope is that a third patch won't be needed. "Any time we put out an update, it is our hope that it will be as efficacious as possible," Matthias said. "It is our hope that the technical mitigations that we've put in place will do something to impede this circumvention." Analysts say that "Viodentia" hasn't proved that Microsoft's DRM tools are fundamentally flawed, but has shown that the business of keeping it, or any rights management system, secure is increasingly becoming a full-time job. "Any DRM out there is going to be cracked," GartnerG2 analyst Michael McGuire said. "More important is how the technology service reacts. Someone has to be keeping an eye online all the time now, looking for the next time." Copyright ?1995-2006 CNET Networks, Inc. All rights reserved. From rforno at infowarrior.org Wed Sep 27 09:28:38 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Sep 2006 09:28:38 -0400 Subject: [Infowarrior] - TSA detains pax for writing opinion on baggie Message-ID: (c/o IP) http://www.flyertalk.com/forum/showthread.php?p=6440005&posted=1 Short version: He wrote "Kip Hawley is an Idiot" on his baggie and got detained for nearly 30 minutes by TSA who said he had no first amendment rights there. From rforno at infowarrior.org Wed Sep 27 09:38:09 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Sep 2006 09:38:09 -0400 Subject: [Infowarrior] - comment: More fun with the detainee bill.... Message-ID: This whole detainee mess (torture, habeus corpus, evidentiary rules, etc.) is making America's self-proclaimed "bastion of democratic examples" into an international mockery full of grandiose but totally-hypocritical rhetoric backed by an unwavering belief in unilaterial views and absolutist actions. Is it any wonder anti-American sentiment is growing in all parts of the world (and not just the Muslim regions?) I don't care what the "enemy" is -- soldier or terrorist or Barney the Dinosaur -- we as Americans need to not just talk the moral high road but walk it as well. Not just to protect our troops/people overseas but to retain our moral role as the planet's foremost democracy. Unless, of course, we're going to start calling it "American Democracy" instead....in which case, we can make things up as we go along. Like we are. Signed, a concerned citizen. -rf Detainee Bill in Final Stages White House Appears to Be Winning Wide Legal Latitude http://www.washingtonpost.com/wp-dyn/content/article/2006/09/26/AR2006092601 638_pf.html Letter From Intelligence and Military Professionals on Use of Torture http://www.truthout.org/docs_2006/092606S.shtml From rforno at infowarrior.org Wed Sep 27 09:41:10 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Sep 2006 09:41:10 -0400 Subject: [Infowarrior] - Northwestern Univ project on USG data mining Message-ID: Data Mines Who Are You? The government wants to know, and it has an astonishing number of ways of finding out. View them all in this attractive, easy-to-read animated guide to government data-mining programs, assembled by the students of the Medill School of Journalism of Northwestern University. < - > http://www.tompaine.com/articles/2006/09/27/data_mines.php From rforno at infowarrior.org Wed Sep 27 09:44:47 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Sep 2006 09:44:47 -0400 Subject: [Infowarrior] - Pew Internet Research: The Future of the Internet II Message-ID: Just released! The Future of the Internet II 9/24/2006 A survey of internet leaders, activists, and analysts shows that a majority agree with predictions that by 2020: http://www.pewinternet.org/PPF/r/188/report_display.asp From rforno at infowarrior.org Wed Sep 27 14:20:26 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Sep 2006 14:20:26 -0400 Subject: [Infowarrior] - Microsoft rushes out 'critical' fix Message-ID: Microsoft rushes out 'critical' fix By Joris Evers http://news.com.com/Microsoft+rushes+out+critical+fix/2100-1002_3-6119752.ht ml Story last modified Wed Sep 27 05:00:05 PDT 2006 Microsoft issued a "critical" security fix for Windows on Tuesday, two weeks before its scheduled release date. The company is breaking with its monthly patch cycle to fix a flaw that cybercrooks have been using to attack Windows PCs via Internet Explorer. Malicious software can be loaded, unbeknownst to the user, onto a vulnerable Windows PC when the user clicks on a malicious link on a Web site or in an e-mail message. "This was an excellent move on the part of Microsoft, and we're pleased to see them respond to the concerns of the security community," Alex Eckelberry, president of anti-spyware toolmaker Sunbelt Software, said in an e-mail interview. Sunbelt had been monitoring attacks that exploit the flaw, which it said have been increasing. The vulnerability, first reported last week, lies in a Windows component called "vgx.dll." This component is meant to support Vector Markup Language documents in the operating system. VML is used for high-quality vector graphics on the Web and is used for viewing pages in the IE browser that is part of Windows. Microsoft deems the flaw "critical," its highest severity rating. "An attacker could exploit the vulnerability by constructing a specially crafted Web page or HTML e-mail that could potentially allow remote code execution if a user visited the Web page or viewed the message," Microsoft said in security bulletin MS06-055. E-mail messages that use HTML, or HyperText Markup Language, look like a Web page. The vulnerability does not apply to IE 7, the upcoming version of IE that is available right now in a pre-release form, Microsoft said. Microsoft typically releases fixes each second Tuesday of the month, which has become known as Patch Tuesday. The last time the software maker rushed out a fix was in January, when another image-related flaw in IE was being used to compromise Windows PCs through malicious Web sites. Security experts had pushed Microsoft to rush out a fix for the VML flaw. A group of security professionals even crafted an unofficial fix for the problem, which was released on Friday. "Exploitation has already eclipsed that of the last out-of-cycle patch," said Ken Dunham, director of the rapid response team at VeriSign's iDefense. "It appears that there were several million domains that were redirecting to malicious VML sites." Microsoft's security update is being pushed out to Windows users via Automatic Updates and will also be available on Windows Update. Copyright ?1995-2006 CNET Networks, Inc. All rights reserved. From rforno at infowarrior.org Wed Sep 27 15:50:40 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Sep 2006 15:50:40 -0400 Subject: [Infowarrior] - New FairUse4WM released Message-ID: After yesterday's news that Microsoft was launching a lawsuit campaign against the John Does responsible for FairUse4WM, we weren't expecting the next volley to come so soon. So it's somewhat contrary to expectations that Viodentia has released the newest version of his software to counter Microsoft's latest PlaysForSure IBX update (dated 9/23, regarding the memo which we recently printed). < - > http://www.engadget.com/2006/09/27/viodentia-responds-to-microsoft-releases- fairuse4wm-1-3/ FairUse4WM forum link: http://forum.doom9.org/showthread.php?t=114916&page=14 From rforno at infowarrior.org Thu Sep 28 08:53:35 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 Sep 2006 08:53:35 -0400 Subject: [Infowarrior] - Judge rejects Ashcroft's immunity claim in computer terror case Message-ID: Judge rejects Ashcroft's immunity claim http://tinyurl.com/fmczc By REBECCA BOONE, Associated Press WriterWed Sep 27, 9:09 PM ET Former U.S. Attorney General John Ashcroft could be called to testify in a lawsuit that claims a student was wrongly imprisoned in a computer terrorism case, a federal judge ruled Wednesday. U.S. District Judge Edward Lodge rejected Ashcroft's argument to toss out the lawsuit because he was entitled to absolute immunity since his position at the Department of Justice was prosecutorial. Abdullah al-Kidd, who played football for the University of Idaho, claimed government wrongfully arrested him in the case against a fellow student, Sami Omar Al-Hussayen, in 2003. They both worked for the Islamic Assembly of North America, a Michigan-based charitable organization that federal investigators said funneled money to activities supporting terrorism and published material advocating suicide attacks on the United States. A jury acquitted Al-Hussayen of using his computer skills to foster terrorism and of three immigration violations after an eight-week federal trial. But Al-Hussayen ? who was only months from finishing his doctorate study at the University of Idaho ? was eventually deported to Saudi Arabia. Al-Kidd was never called to testify, but he spent two weeks in jail as a material witness and was later released to the custody of his wife with strict limitations on where he could travel. His lawsuit claimed Ashcroft was personally liable for violating his rights because after the terrorist attacks Ashcroft "created a national policy to improperly seek material witness warrants, oversaw the execution of such warrants, and failed to correct the constitutional violations of conducting such actions," according court documents. Al-Kidd said the investigation and detainment not only caused him to lose a scholarship to study in Saudi Arabia, but that it cost him employment opportunities. The ruling also means U.S. Attorney General Alberto Gonzalez and others in the Department of Homeland Security could be called to testify in the lawsuit. "We are literally reviewing it at this minute and no, we have not made any decisions at this time," Charles Miller, spokesman for the Justice Department's civil division, said of the ruling. Al-Kidd's attorney, Lee Gelernt with the ACLU's national headquarters in New York, called the ruling a "vindication" for al-Kidd. "It will hopefully deter the government from using the material witness statute in the future in the way they did after Sept. 11," Gelernt said. Al-Kidd is asking the judge to declare that the federal government's actions were unconstitutional, to order the FBI and other agencies to expunge any records relating to the unlawful detention of al-Kidd and others, and for unspecified damages. From rforno at infowarrior.org Thu Sep 28 09:18:19 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 Sep 2006 09:18:19 -0400 Subject: [Infowarrior] - Love the Leak, Hate the Leaker? Message-ID: Love the Leak, Hate the Leaker? http://www.wired.com/news/columns/1,71845-0.html By Jennifer Granick| 02:00 AM Sep, 27, 2006 Everywhere you look, leaks are in the news. San Francisco Chronicle reporters Lance Williams and Mark Fainaru-Wada obtained confidential grand jury transcripts from the BALCO professional sports steroid grand jury. Now, the two journalists face jail time for refusing to disclose the name of the leaker. California gubernatorial candidate Phil Angelides' campaign admitted giving audio recordings of Gov. Arnold Schwarzenegger making insensitive comments about a state legislator's race to the Los Angeles Times. The governor's office claims that someone illegally hacked private computer systems to get the recording, while the Angelides camp says that the audio was on an unsecured public web server. News reports say the California Highway Patrol is investigating. Vice President Dick Cheney's former chief of staff Lewis Libby will stand trial for allegedly lying to agents investigating who leaked CIA agent Valerie Plame's name to reporters. During the investigation, Time magazine reporter Matthew Cooper and former New York Times reporter Judith Miller initially refused to answer questions about the source for their stories on Plame and were held in contempt of court. Hewlett-Packard executives, confronted with news accounts containing details about internal meetings, hired an investigator to obtain board members' and journalists' phone records and other private information in order to probe the identity of the leaker. Now, federal and California prosecutors are pursuing criminal investigations of the company's tactics. France is investigating the leak of confidential documents from the DGSE (General Directorate for External Security) that contained unconfirmed reports that Osama bin Laden is dead. Leaking is nothing new. However, leaking is increasingly in the news. The information age means more data in more formats from more sources is more readily transmittable than ever before. Publishing is an activity available to anyone with a computer and an internet connection. Information is more valuable, a commodity itself. With a more amorphous and omniscient media we'll confront the question of what to do about leaking more often. How should the law protect sensitive information, and what should we do when someone leaks it? Solutions for dealing with the problem are somewhat schizophrenic. On one hand, Congress is considering tougher rules criminalizing leaks of classified information. On the other, Congress may soon pass a shield law to protect reporters who refuse to reveal their sources. This bifurcated approach stems from the fact that two somewhat contradictory principles are inarguably true. First, some secret information should remain so. Second, some secrets harm the public, and should be disclosed. In theory, it's easy to tell the difference. Troop movements must remain secret so as not to give the enemy an advantage in battle. The public should know that the tobacco industry deliberately worked to increase the addictiveness of cigarettes. But in practice, it's difficult to distinguish whether information is legitimately or illegitimately kept secret. Most often, some interests are in favor of retaining secrecy, and some interests favor public disclosure. How can we tell, and who should determine, which prevails? Historically, our practice has been to allow the press to publish as it sees fit, but to punish the leaker. In a seminal example, the Pentagon Papers case, former Department of State official Daniel Ellsberg leaked documents to The New York Times that showed that the Johnson administration had lied to the public about its plans to expand the Vietnam War. The Nixon White House sued to prevent the newspaper from publishing the documents. The U.S. Supreme Court ruled that the Times could publish the information without fear of legal reprisals, despite administration claims that the publication would cause irreparable injury to the defense interests of the United States. Ellsberg, the leaker, faced a lengthy prison sentence, though charges were eventually dropped after Nixon operatives broke into his psychiatrist's office looking for information with which to discredit him. The publication of the Pentagon Papers hastened the end of the war, and of the Nixon administration. The nation survived, perhaps much improved, though temporarily jaded about the reach of executive power. Today, this chaotic but operant system is under renewed pressure. We are again at war, both in Iraq and against the amorphous forces of terrorism. Now, any yahoo with a web page can expose sensitive information to the world. Information itself is more valued, and legally protected by a panoply of intellectual property and other laws that give secret-keepers an arsenal of tools against whistle-blowers. Wrongful disclosure of classified government information has long been a crime. Now private companies also are using copyright law, trade-secret law, and the computer trespass statutes to try to protect information that they prefer to remain secret. For example, Diebold Election Systems used copyright law to try to suppress an archive of internal e-mails showing security and accuracy problems with the company's electronic voting machines. At the Stanford Law School Center for Internet and Society and Cyberlaw Clinic, we sued Diebold on behalf of two college students who had posted the materials, and won a ruling that the fair-use doctrine protected the publication. In the case of Cisco v. Michael Lynn, the router company used trade-secret law to obtain a settlement that prohibited Lynn, my client, from further discussing security flaws he discovered in the company's router software. The California governor's office has cited the computer-trespass laws to challenge the propriety of information obtained by challenger Angelides. Diebold had tried that tactic as well, claiming that its electronic voting e-mails were obtained unlawfully by a hacker and therefore shouldn't be further disseminated. No matter how important to the public information may be, it's a crime to access a computer without authorization to obtain that information. While there are no new laws preventing the press from publishing secrets, prosecutors seeking to punish leakers have taken off the gloves normally used to handle reporters that rely on confidential sources. There has been a sharp increase in contempt claims brought against journalists in the past five years, including the high-profile Miller, Cooper, Fainaru-Wada and Williams cases, as well as several others. We're going to see more and more cases involving secrets, leakers, the press and the law. Congress will consider whether to increase punishment for improper disclosure, to protect reporters who use confidential sources, or both. Proponents of harsher laws will point to the threat of terrorism, to the proliferation of amateur bloggers unschooled in the ethics of professional reporters and to the commercial value of information in the modern age. All of these are legitimate and important concerns. Yet, a free press serves a vital role in any democracy, and the press depends on leakers to expose wrongdoing at every level. We must remember that deciding what should and should not be secret is a daunting task. Whatever rules we draft will be imperfect, protecting either too much or too little information. We will make mistakes, and because we know we will get it wrong, we should err in favor of the free press. We have never, and probably never should, prosecute a member of the press for revealing government secrets. We must also recognize that the disclosure of private secrets, like Cisco router flaws or Diebold election machine errors, may be vitally important for the public to know despite intellectual property claims. From the pamphleteers of the Revolution to the bloggers of today, we've taken an expansive view of who has a right to publish, and that view has been good for freedom and democracy. While messy and sometimes risky, this approach has worked throughout the history of our republic. In the end, a little schizophrenia may be the sanest approach to protecting both secrets and transparency in a free society. - - - Jennifer Granick is executive director of the Stanford Law School Center for Internet and Society, and teaches the Cyberlaw Clinic. From rforno at infowarrior.org Thu Sep 28 14:01:31 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 Sep 2006 14:01:31 -0400 Subject: [Infowarrior] - CRS Report on Security-Related Information Protection Message-ID: (c/o SecrecyNews) Classification is the predominant means of protecting national security information. But even when information is unclassified, there are a number of statutes that can be used to restrict its public availability on security-related grounds. Such statutory controls on unclassified security-related information are usefully cataloged in a new report from the Congressional Research Service. See "Protection of Security-Related Information," September 27, 2006: http://www.fas.org/sgp/crs/secrecy/RL33670.pdf From rforno at infowarrior.org Thu Sep 28 14:40:57 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 Sep 2006 14:40:57 -0400 Subject: [Infowarrior] - 7-Day Stay Granted in Surveillance Case Message-ID: 7-Day Stay Granted in Surveillance Case http://www.washingtonpost.com/wp-dyn/content/article/2006/09/28/AR2006092800 928_pf.html By SARAH KARUSH The Associated Press Thursday, September 28, 2006; 2:13 PM DETROIT -- The federal judge who struck down President Bush's warrantless surveillance program turned aside a government request for an indefinite stay Thursday but said the government could have a week to appeal. U.S. Judge Anna Diggs Taylor ruled on Aug. 17 that the program, which targets communications between people in this country and people overseas when a link to terrorism is suspected, violates the rights to free speech and privacy, as well as the separation of powers in the Constitution. The White House says the surveillance is a key tool in the fight against terrorism that already has helped prevent attacks. The Justice Department asked Taylor to allow the program to continue until the 6th U.S. Circuit Court of Appeals issues a final ruling on the legal issues, which could take months. Taylor denied that request, but gave the government a seven-day reprieve while it seeks a stay from the appeals court during the time the appeal is pending. The American Civil Liberties Union brought the suit in Detroit on behalf of journalists, scholars and lawyers who say the program has made it difficult for them to do their jobs because they believe many of their overseas contacts are likely targets. Many of them said they had been forced to take expensive and time-consuming overseas trips because their contacts were no longer willing to speak openly on the phone or because it would be unethical to ask them to do so when the confidentiality of those conversations could not be guaranteed. ? 2006 The Associated Press From rforno at infowarrior.org Thu Sep 28 20:57:19 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 Sep 2006 20:57:19 -0400 Subject: [Infowarrior] - How to Make a Freedom Bag Message-ID: (As the Wired folks note in their security blog, it took less than 24 hours for the domain to be registered....got to love it.....rf) How to Make a Freedom Bag http://www.kiphawleyisanidiot.com/ You'll need: ? a one quart-sized Ziploc? style bag ? a black indelible ink marker 1. Removing the cover of the magic market, write, "Kip Hawley Is An Idiot" on one side of the quart-sized bag. 2. Fill with toiletries of a size 3 ounces or less. 3. Congratulations, you're done! When you go through your next TSA checkpoint, place the bag in the gray security bin with the message side showing. You'll join the ranks of fine Americans like Ryan Bird, for whom the US Constitution is more than a piece of paper. From rforno at infowarrior.org Thu Sep 28 23:18:56 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 Sep 2006 23:18:56 -0400 Subject: [Infowarrior] - How HP bugged e-mail Message-ID: How HP bugged e-mail By Joris Evers http://news.com.com/How+HP+bugged+e-mail/2100-1029_3-6121048.html Story last modified Thu Sep 28 18:39:56 PDT 2006 Hewlett-Packard employed a commercial service that tracks e-mail paths to bug a file sent to a CNET News.com reporter, an HP investigator said Thursday. HP investigators used the services of ReadNotify.com to trace an e-mail sent to reporter Dawn Kawamoto in an attempt to uncover her source in a media link, Fred Adler, an HP security employee, said during testimony before a U.S. House of Representatives subcommittee. Adler's testimony, for the first time since the HP boardroom drama erupted, specified how the company bugged the e-mail it sent to Kawamoto. Moreover, Adler said that it's still company practice to use e-mail bugs in certain cases. "That was and still is current policy," he said. "It still is sanctioned by my management as an investigative tool, we have used it in the past for investigations, for determining the locations of stolen product and what-not, and we have also assisted law enforcement." The tracking mechanism provided by ReadNotify would allow investigators to see who opened the file attached to the e-mail, Adler said. The objective was to determine whether the journalist would forward the e-mail to her source, and to then determine the source of the leaks of HP confidential information. Through ReadNotify, investigators would see when the e-mail attachment was opened and the Internet Protocol, or IP, address of the computer it was opened on, Adler said. An IP address can disclose the geographic location of a user, as well as the Internet service provider used to connect to the Internet. "We suspected it would be Mr. Keyworth that would be the recipient," Adler said, referring to George Keyworth, the HP board member who has admitted he leaked information to the media. During a press conference at HP headquarters last week, Michael J. Holston, a lawyer hired by HP, said that bugging e-mail did not yield results in this case. ReadNotify, which operates as an online service, provides a free trial that lets anyone send 25 bugged e-mails, according to its Web site. Subscriptions are offered starting at $24 per year. A premium $36-a-year subscription is required to bug files such as Office and PDF documents. A similar service operates as MailTracking.com. ReadNotify's service makes bugging e-mail a matter of pointing and clicking. The ReadNotify Web page will generate a document with an image. This image, a green check mark, can simply be dragged and dropped into the document that needs to be traced. The check mark becomes transparent after being dropped. Users of the service register their e-mail addresses with ReadNotify, then simply append ".readnotify.com" to any e-mail address they send mail to if they want the message to be tracked. Recipients won't see this suffix, but could tell from the e-mail headers that the message was relayed. ReadNotify In the default ReadNotify setting, an e-mail recipient could discover something is awry because a return receipt message may pop up, but the service also has an "invisible tracking" setting, according to the Web site. ReadNotify offers a range of tracking options. Users can see the IP addresses of those who opened bugged e-mails or documents, including details on when the mail or file was opened. The service also shows some data on the PC and e-mail program. If the mail or file was forwarded, it shows the same data on that person. The ReadNotify service appears to use what's known as a Web bug, a technique also employed by some e-mail marketers. An e-mail or a document sent through ReadNotify includes hidden links to one or more files hosted by the service. When the message or the file is opened, the program retrieves the files and by doing so checks in with ReadNotify. A typical recipient will not notice this. The e-mail is crafted in HTML, or Hypertext Markup Language, and the tracer files are not visible. The actual links that retrieve the files will only show when viewing the source of the e-mail, for example through a program like Notepad. A firewall could alert the user of the Web traffic, however. A spokesman for ReadNotify, Chris Drake, reached via e-mail could not immediately comment for this story. During testimony before Congress on Thursday, the legality of including a bug in e-mail messages was questioned. "I think the law regarding that is not as clear as it should be," Larry Sonsini, HP's outside lawyer, said in response to questions from Rep. Jay Inslee, a Washington Democrat. "Depending on how it is used and the methodologies, it could very well implicate federal or state statutes," Sonsini said. In the terms of use posted on its Web site, ReadNotify stipulates that its services should be used for "lawful purposes only." The company goes on to say that its product should not be used to transmit "intentionally deceptive e-mail messages." Use of the e-mail bug is one of the possibly illegal methods used in HP's investigation into boardroom leaks. The Palo Alto, Calif., company is also facing heat over the use of "pretexting," which refers to the use of fraudulent means to obtain someone else's personal records. In testimony Thursday, CEO Mark Hurd said it is important for the company to lead, not follow when it comes to consumer privacy. "I am going to go back to that technology and look specifically at every use of that kind of send-receive technology and make sure there is absolute clarity," he said of the use of e-mail tracing. Adler's testimony was part of a full day of hearings into the HP spying scandal by an oversight and investigations subcommittee of the House of Representatives' Energy and Commerce Committee. Hurd and former Chairman Patricia Dunn also testified, but several other HP employees and contractors invoked their Fifth Amendment rights against self-incrimination. Copyright ?1995-2006 CNET Networks, Inc. All rights reserved. From rforno at infowarrior.org Fri Sep 29 08:46:51 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Sep 2006 08:46:51 -0400 Subject: [Infowarrior] - Suicide hackers? Message-ID: (c/o ISN) Sorry, but "jailed for 30 years" does not equal "dying for a cause" and doesn't bear similarities to physical suicide attackers. Under this logic, ANY "hacker" targetting a critical system could be viewed as a "suicide hacker" if they get caught. I wonder what group of wunderbrains are briefing the Aussies on this. :( -rf Army expects 'suicide hacker' attacks By Munir Kotadia ZDNet Australia 28 September 2006 Australia is preparing for cyber-terrorism attacks from "suicide hackers", who will aim to bring down critical infrastructure for a "cause" and not worry about facing 30 years in jail for their actions. < - > "While the risk will be high that they will be caught, they will accept that as a fact of life for 'the cause' and be prepared to go to prison for 30 years because they stopped a banking system working or a power grid taken down or took down the air traffic control system of a country for a period of time," Straughair told ZDNet Australia. < - > http://www.zdnet.com.au/news/security/soa/Army_expects_suicide_hacker_attack s/0,130061744,339271362,00.htm From rforno at infowarrior.org Fri Sep 29 08:52:17 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Sep 2006 08:52:17 -0400 Subject: [Infowarrior] - More Hollywood piracy FUD released Message-ID: http://www.washingtonpost.com/wp-dyn/content/article/2006/09/28/AR2006092801 640_pf.html Seeking another weapon in its war on piracy, the movie industry hopes to wow lawmakers today with a study that says the economic impact of illegal DVD and Internet film distribution may be as much as three times what was previously estimated. < - > The report being released today -- which was largely paid for by Armey's think tank with some funding from NBC Universal and the MPAA -- takes the previous study, conducted by consulting firm L.E.K., and applies a model used by the U.S. Bureau of Economic Analysis to calculate the potential ripple effect of those lost sales, factoring in lost jobs, worker earnings and tax revenue. Given those facts, the study says, movie piracy causes a total lost output for U.S. industries of $20.5 billion per year, thwarts the creation of about 140,000 jobs and accounts for more than $800 million in lost tax revenue. From rforno at infowarrior.org Fri Sep 29 09:29:39 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Sep 2006 09:29:39 -0400 Subject: [Infowarrior] - Clogging our courts? A warped perspective on things Message-ID: Interesting difference of what "clogging our courts" means these days: ``Detainees from Guantanamo have clogged our courts with more than 420 lawsuits challenging everything from their access to the Internet to the quality of their recreation facilities," her office said in a statement that called the lawsuits ``an abuse of our court system." http://www.boston.com/news/nation/washington/articles/2006/09/28/legal_resid ents_rights_curbed_in_detainee_bill?mode=PF) ..but it's obviously okay to "clog the courts" with lawsuits over music and movie downloading, and this isn't "abusing" our court system: "The Motion Picture Association of America (MPAA) announced that the major Hollywood motion picture studios would be filing hundreds of lawsuits against individuals using peer-to-peer (P2P) file-sharing software to access movies online. In so doing, Hollywood follows in the footsteps of the music industry, which has filed more than 6,000 lawsuits against file sharers since September 2003." http://www.eff.org/IP/P2P/MPAA_v_ThePeople/ Interesting. -rf From rforno at infowarrior.org Fri Sep 29 09:32:48 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Sep 2006 09:32:48 -0400 Subject: [Infowarrior] - Clogging our courts? A warped perspective on things In-Reply-To: Message-ID: I should add that I'm not endorsing luxuries for inmates at Gitmo, mind you -- just making a semantical observation here. -rf On 9/29/06 9:29 AM, "Richard Forno" wrote: > > Interesting difference of what "clogging our courts" means these days: > > ``Detainees from Guantanamo have clogged our courts with more than 420 > lawsuits challenging everything from their access to the Internet to the > quality of their recreation facilities," her office said in a statement that > called the lawsuits ``an abuse of our court system." > > http://www.boston.com/news/nation/washington/articles/2006/09/28/legal_resid > ents_rights_curbed_in_detainee_bill?mode=PF) > > ..but it's obviously okay to "clog the courts" with lawsuits over music and > movie downloading, and this isn't "abusing" our court system: > > "The Motion Picture Association of America (MPAA) announced that the major > Hollywood motion picture studios would be filing hundreds of lawsuits > against individuals using peer-to-peer (P2P) file-sharing software to access > movies online. In so doing, Hollywood follows in the footsteps of the music > industry, which has filed more than 6,000 lawsuits against file sharers > since September 2003." > http://www.eff.org/IP/P2P/MPAA_v_ThePeople/ > > Interesting. > > -rf > > > _______________________________________________ > Infowarrior mailing list > Infowarrior at attrition.org > https://attrition.org/mailman/listinfo/infowarrior From rforno at infowarrior.org Fri Sep 29 09:35:51 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Sep 2006 09:35:51 -0400 Subject: [Infowarrior] - US judge rules against Morpheus file-sharing Message-ID: US judge rules against Morpheus file-sharing September 28, 2006, 20:15 http://www.sabcnews.com/sci_tech/internet/0,2172,135677,00.html In a victory for the entertainment industry, a federal judge has ruled that the Morpheus file-sharing software encourages millions of users to share music, movies and other works without authorization. US District Judge Stephen Wilson ruled on Wednesday that StreamCast Networks, the distributor of Morpheus, had contributed to massive copyright infringement because it had constructed a business model that relied on massive copyright infringement and did not attempt to block the trading of copyrighted materials. The case, pitting Hollywood movie studios, record companies and music publishers against StreamCast and similar firms, dated back to 2001. Last year, the Supreme Court issued a landmark decision, ruling that some technology firms could be held liable for distributing software used to violate copyrights. StreamCast, based in Woodland Hills, California, said it was considering an appeal and maintained that it did not encourage users to infringe on copyrighted works and never intended to do so. StreamCast was the only file-sharing company that continued fighting after the Supreme Court ruling. - Reuters From rforno at infowarrior.org Fri Sep 29 12:59:24 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Sep 2006 12:59:24 -0400 Subject: [Infowarrior] - A guide to Creative Commons thinking Message-ID: Unbounded Freedom A guide to Creative Commons thinking for cultural organisations The growing popularity of cultural commons thinking sets new and provocative challenges for traditional copyright law. Changes are occurring in politics, the economy and law, but first and foremost in the domain of culture. One third of all internet users have now downloaded music, videos and information using P2P file sharing software. New attitudes to the accessibility and ownership of intellectual property have become a force for change that will transform communication in the information age. User-led innovation is reshaping cultural production so that it is trans-national, more egalitarian, less deferential, much more diverse and above all, self-authored. Creative industries face the challenge of keeping pace with this sharing economy, and any organisation wishing to work with them will need to understand the thinking, ethics and communicative conventions of rising generations. Written by Rosemary Bechler, this short book argues that we must look at the history of traditional copyright law in order to understand the current debates about ownership and availability. In doing so, it not only elucidates the development of intellectual property law, but also reveals a unique glimpse of existing principles and developing trends. Bechler argues that Creative Commons thinking enables cultural organisations to embark on mutual relationships of trust with huge new publics. Describing the transformative potential of new attitudes, she offers us a vision of the future in which ?unbounded freedom? is not simply a romantic notion. This is the first work from the British Council to be published under a Creative Commons licence. It has been designed specifically for you to download. To view the document use Adobe Reader, which can be downloaded for free. Download your free copy of Unbounded Freedom here http://www.counterpoint-online.org/cgi-bin/item.cgi?id=618 From rforno at infowarrior.org Fri Sep 29 13:00:32 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Sep 2006 13:00:32 -0400 Subject: [Infowarrior] - Police blotter: When can cops seize your computer? Message-ID: Police blotter: When can cops seize your computer? By Declan McCullagh http://news.com.com/Police+blotter+When+can+cops+seize+your+computer/2100-10 30_3-6121210.html Story last modified Fri Sep 29 09:47:47 PDT 2006 What: Police seize computer without a warrant after husband declines permission but then wife consents. When: 8th Circuit Court of Appeals rules on Aug. 25. Outcome: Court decides that computer seizure was illegal and sends case back to trial judge for further proceedings. What happened, according to court documents: In July 2002, the Missouri State Highway Patrol was investigating Handi-Rak Service as part of an investigation into large quantities of pseudoephedrine-based cold tablets being sold. They searched the company's offices and found, in CEO Roy Hudspeth's office, some hand-labeled CDs that appeared to contain child pornography. Missouri State Trooper Cpl. Daniel Nash asked for permission to search the computer at Hudspeth's home, but Hudspeth refused. Four police officers went to his home anyway and identified themselves to his wife, who was at home with the couple's children. Nash did not say that her husband refused permission for a search, and, after an unsuccessful attempt to contact her lawyer, the wife eventually granted permission for the police to seize the home computer. The wife later testified that she consented to police taking the home computer only because Nash "began to get upset" and she feared her children "might have a big fit." This is where the case becomes relevant to Police Blotter. It nicely frames the question: Can a spouse let police search (or take) a computer when the other has refused permission? The trial court sided with the police over the wife and ruled that her consent was voluntary, freely given, and not coerced--even though she was outnumbered four-to-one and the police officers threatened to stay there until a search warrant could be obtained. The appeals court agreed that she voluntarily gave consent. But then it analyzed whether the consent was legal, based on a long line of cases dealing with whether co-tenants can give permission for a search of a home when the other is opposed. A 2-1 majority of the 8th Circuit sided with the defendant, saying: "We believe that the Supreme Court has made it clear that the police must get a warrant when one co-occupant denies consent to search. In this case, that would not have been a significant burden. Therefore, we conclude that Mrs. Hudspeth's consent does not overrule Hudspeth's denial." But one judge, dissenting, said that the U.S. Supreme Court cases dealt with whether the tenants were physically present and that because Hudspeth was being held in police custody elsewhere, his refusal shouldn't matter. The dissenter said: "Hudspeth was not physically present and objecting when Mrs. Hudspeth gave her voluntary and noncoerced consent; therefore, (a recent Supreme Court decision) does not apply. Nor does any other decision by the Supreme Court or this circuit apply and make Mrs. Hudspeth's consent invalid simply because the officers knew Hudspeth earlier had refused consent." Hudspeth had entered a conditional guilty plea (meaning he can withdraw it) to possession of child pornography and had been sentenced to 60 months of imprisonment. By a 2-1 majority, the court ruled that the computer had been seized illegally and sent the case back to the trial court. Excerpts from the majority opinion: Even though Mrs. Hudspeth's consent was voluntary and not coerced, the consent to the seizure of the home computer was not valid because her consent cannot "overrule" Mr. Hudspeth's denial of consent. Our holding here flows from the Supreme Court's jurisprudence regarding co-tenants' ability to consent to searches, as seen in United States v. Matlock, and most recently in Georgia v. Randolph. The Supreme Court held in Matlock, "the consent of one who possesses common authority over premises or effects is valid against the absent, nonconsenting person with whom that authority is shared." In that case, officers arrested Matlock in the yard of his residence, detained him in a squad car nearby, and then obtained permission to search the house from one of Matlock's co-tenants. The officers in Matlock did not ask Matlock whether he would consent to a search... The Court stated: "In sum, there is no common understanding that one co-tenant generally has a right or authority to prevail over the express wishes of another, whether the issue is the color of the curtains or invitations to outsiders." Georgia v. Randolph does not directly address the situation present in this case, in which a co-tenant is not physically present at the search but expressly denied consent to search prior to the police seeking permission from the consenting co-tenant who is present on the property. Nevertheless, the same constitutional principles underlying the Supreme Court's concerns in Randolph apply regardless of whether the nonconsenting co-tenant is physically present at the residence, outside the residence in a car, or, as in our case, offsite at his place of employment... We believe that the Supreme Court has made it clear that the police must get a warrant when one co-occupant denies consent to search. In this case, that would not have been a significant burden. Therefore, we conclude that Mrs. Hudspeth's consent does not overrule Hudspeth's denial. From rforno at infowarrior.org Fri Sep 29 20:48:11 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Sep 2006 20:48:11 -0400 Subject: [Infowarrior] - Internet control 'nears autonomy' Message-ID: Internet control 'nears autonomy' The US government says it will maintain oversight of the internet but with far less hands-on involvement. Icann, the body which oversees the future of the net on behalf of the US, has been given more independence in a new agreement for the next three years. Dr Paul Twomey, ceo of Icann, said the deal was "a major step forward for Icann autonomy". The US government has pledged to cede control of the net to private sector hands at an unspecified future point. Icann, or the Internet Corporation for Assigned Names and Numbers, is a not-for-profit company formed in 1998. It is the guardian of the underlying architecture of the net, overseeing allocation of domain names such as .com or .net, and the addresseing system that links domain names to the numbers computers understand. It has always been intended that the net coordinator should eventually be a private organisation, but since it has been in existence Icann has been overseen by the US government. In the past, the government has been criticised for having a stranglehold over Icann. In May 2006, the organisation hit controversy when plans for a .xxx domain for sexually explicit sites were rejected, a move that some saw as politically motivated. Others believe that the oversight of the net should not be tied to one government, and several statements submitted to a hearing in July 2006 to discuss the future of Icann stated: "No single government should have a pre-eminent role in internet governance." 'Big difference' "The big difference is that we will no longer have our work prescribed by the Department of Commerce and no longer have to report to them every six months with lots of hurdles for us to jump," said Dr Twomey. He said critics of Icann and its relationship to the US should see this as a major step on the path to an international "multi-stake holder organisation". "The US has clearly stated that it wants full autonomy and that it is committed to that. It is talking the talk. "The US government has stated its policy of wanting the management of DNS to be in the hands of the private sector and that Icann is the organisation charged with managing it." Emily Taylor, director of legal and policy at Nominet, the UK internet name registry for domain names ending in .uk, said she was uncertain that Icann was really ready to stand alone. "The real feeling is that Icann is progressing, but it is not fully ready yet. "If the department of commerce withdrew its function at the moment, nobody has really articulated what Icann would look like. "What we would like to see in any renewed memorandum is for it to be looking towards transition to the private sector. What would the Icann look like that can be cut loose, what would the principles be, what would people trust?" Dr Twomey said issues around timing and transparency had to be resolved before Icann could be autonomous. "I think we are a transparent organisation but as someone said to me: 'Icann is transparent like a credit card agreement: it's all there but not understood by everyone'." Dr Twomey added: "Security and stability of the internet is one of our core responsibilities and must be paramount when the decision to cede contrl is made." The new agreement takes the relationship between the US government and Icann into the first year of a new administration (in 2009) and there is an 18 month review point in the new deal at which time discussions over autonomy could begin again. Icann has also been criticised for a lack of accountability; members are not allowed to join the organisation but must instead apply to sub-groups. A recent report by the London School of Economics, commissioned by Icann, recommended that the organisation allow direct membership. Story from BBC NEWS: http://news.bbc.co.uk/go/pr/fr/-/1/hi/technology/5388648.stm From rforno at infowarrior.org Fri Sep 29 22:11:10 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Sep 2006 22:11:10 -0400 Subject: [Infowarrior] - Gonzales Cautions Judges on Interfering Message-ID: Gonzales Cautions Judges on Interfering By MICHAEL J. SNIFFEN Associated Press Writer 9:18 AM PDT, September 29, 2006 WASHINGTON ? Attorney General Alberto Gonzales, who is defending President Bush's anti-terrorism tactics in multiple court battles, said Friday that federal judges should not substitute their personal views for the president's judgments in wartime. He said the Constitution makes the president commander in chief and the Supreme Court has long recognized the president's pre-eminent role in foreign affairs. "The Constitution, by contrast, provides the courts with relatively few tools to superintend military and foreign policy decisions, especially during wartime," the attorney general told a conference on the judiciary at Georgetown University Law Center. < - > http://www.latimes.com/news/nationworld/politics/wire/sns-ap-gonzales-judges ,1,137315,print.story?coll=sns-ap-politics-headlines From rforno at infowarrior.org Fri Sep 29 23:38:58 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Sep 2006 23:38:58 -0400 Subject: [Infowarrior] - U.S. Internet gambling bill gets last-minute push Message-ID: You know, I think Congress should be prohibited from using the clause "and for other purposes" in the official title of legislation -- eg, a bill for ITEM$ would only contain ITEM$-related provisions. But that would increase transparency and accountability and curtail how Congress works, so I guess this idea probably is a non-starter.....sigh...rf U.S. Internet gambling bill gets last-minute push By Peter Kaplan2 hours, 52 minutes ago Most forms of Internet gambling would be banned under a tentative agreement reached on Friday by U.S. congressional negotiators. Pending a review by other lawmakers, the measure could be brought up within hours for passage by the House of Representatives and Senate and then forwarded to President George W. Bush to sign into law. The measure would be attached to an unrelated measure to bolster port security. < - > http://tinyurl.com/qjotd From rforno at infowarrior.org Sat Sep 30 15:21:00 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 30 Sep 2006 15:21:00 -0400 Subject: [Infowarrior] - What a Terrorist Incident in Ancient Rome Teaches Us Today Message-ID: September 30, 2006 Op-Ed Contributor Pirates of the Mediterranean By ROBERT HARRIS http://www.nytimes.com/2006/09/30/opinion/30harris.html?pagewanted=print IN the autumn of 68 B.C. the world?s only military superpower was dealt a profound psychological blow by a daring terrorist attack on its very heart. Rome?s port at Ostia was set on fire, the consular war fleet destroyed, and two prominent senators, together with their bodyguards and staff, kidnapped. The incident, dramatic though it was, has not attracted much attention from modern historians. But history is mutable. An event that was merely a footnote five years ago has now, in our post-9/11 world, assumed a fresh and ominous significance. For in the panicky aftermath of the attack, the Roman people made decisions that set them on the path to the destruction of their Constitution, their democracy and their liberty. One cannot help wondering if history is repeating itself. Consider the parallels. The perpetrators of this spectacular assault were not in the pay of any foreign power: no nation would have dared to attack Rome so provocatively. They were, rather, the disaffected of the earth: ?The ruined men of all nations,? in the words of the great 19th-century German historian Theodor Mommsen, ?a piratical state with a peculiar esprit de corps.? Like Al Qaeda, these pirates were loosely organized, but able to spread a disproportionate amount of fear among citizens who had believed themselves immune from attack. To quote Mommsen again: ?The Latin husbandman, the traveler on the Appian highway, the genteel bathing visitor at the terrestrial paradise of Baiae were no longer secure of their property or their life for a single moment.? What was to be done? Over the preceding centuries, the Constitution of ancient Rome had developed an intricate series of checks and balances intended to prevent the concentration of power in the hands of a single individual. The consulship, elected annually, was jointly held by two men. Military commands were of limited duration and subject to regular renewal. Ordinary citizens were accustomed to a remarkable degree of liberty: the cry of ?Civis Romanus sum? ? ?I am a Roman citizen? ? was a guarantee of safety throughout the world. But such was the panic that ensued after Ostia that the people were willing to compromise these rights. The greatest soldier in Rome, the 38-year-old Gnaeus Pompeius Magnus (better known to posterity as Pompey the Great) arranged for a lieutenant of his, the tribune Aulus Gabinius, to rise in the Roman Forum and propose an astonishing new law. ?Pompey was to be given not only the supreme naval command but what amounted in fact to an absolute authority and uncontrolled power over everyone,? the Greek historian Plutarch wrote. ?There were not many places in the Roman world that were not included within these limits.? Pompey eventually received almost the entire contents of the Roman Treasury ? 144 million sesterces ? to pay for his ?war on terror,? which included building a fleet of 500 ships and raising an army of 120,000 infantry and 5,000 cavalry. Such an accumulation of power was unprecedented, and there was literally a riot in the Senate when the bill was debated. Nevertheless, at a tumultuous mass meeting in the center of Rome, Pompey?s opponents were cowed into submission, the Lex Gabinia passed (illegally), and he was given his power. In the end, once he put to sea, it took less than three months to sweep the pirates from the entire Mediterranean. Even allowing for Pompey?s genius as a military strategist, the suspicion arises that if the pirates could be defeated so swiftly, they could hardly have been such a grievous threat in the first place. But it was too late to raise such questions. By the oldest trick in the political book ? the whipping up of a panic, in which any dissenting voice could be dismissed as ?soft? or even ?traitorous? ? powers had been ceded by the people that would never be returned. Pompey stayed in the Middle East for six years, establishing puppet regimes throughout the region, and turning himself into the richest man in the empire. Those of us who are not Americans can only look on in wonder at the similar ease with which the ancient rights and liberties of the individual are being surrendered in the United States in the wake of 9/11. The vote by the Senate on Thursday to suspend the right of habeas corpus for terrorism detainees, denying them their right to challenge their detention in court; the careful wording about torture, which forbids only the inducement of ?serious? physical and mental suffering to obtain information; the admissibility of evidence obtained in the United States without a search warrant; the licensing of the president to declare a legal resident of the United States an enemy combatant ? all this represents an historic shift in the balance of power between the citizen and the executive. An intelligent, skeptical American would no doubt scoff at the thought that what has happened since 9/11 could presage the destruction of a centuries-old constitution; but then, I suppose, an intelligent, skeptical Roman in 68 B.C. might well have done the same. In truth, however, the Lex Gabinia was the beginning of the end of the Roman republic. It set a precedent. Less than a decade later, Julius Caesar ? the only man, according to Plutarch, who spoke out in favor of Pompey?s special command during the Senate debate ? was awarded similar, extended military sovereignty in Gaul. Previously, the state, through the Senate, largely had direction of its armed forces; now the armed forces began to assume direction of the state. It also brought a flood of money into an electoral system that had been designed for a simpler, non-imperial era. Caesar, like Pompey, with all the resources of Gaul at his disposal, became immensely wealthy, and used his treasure to fund his own political faction. Henceforth, the result of elections was determined largely by which candidate had the most money to bribe the electorate. In 49 B.C., the system collapsed completely, Caesar crossed the Rubicon ? and the rest, as they say, is ancient history. It may be that the Roman republic was doomed in any case. But the disproportionate reaction to the raid on Ostia unquestionably hastened the process, weakening the restraints on military adventurism and corrupting the political process. It was to be more than 1,800 years before anything remotely comparable to Rome?s democracy ? imperfect though it was ? rose again. The Lex Gabinia was a classic illustration of the law of unintended consequences: it fatally subverted the institution it was supposed to protect. Let us hope that vote in the United States Senate does not have the same result. Robert Harris is the author, most recently, of ?Imperium: A Novel of Ancient Rome.? From rforno at infowarrior.org Sat Sep 30 16:34:32 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 30 Sep 2006 16:34:32 -0400 Subject: [Infowarrior] - When "full disclosure" equals collusion, users are in danger Message-ID: Title When "full disclosure" equals collusion, users are in danger Date 2006.09.30 4:01 Author Joe Barr Topic http://software.newsforge.com/article.pl?sid=06/09/26/1828244 Gone are the days when "full disclosure" meant the immediate public release of information about vulnerabilities or exploits uncovered by security researchers. Whatever it means today is the result of a collaboration -- some might call it collusion -- between the researcher or firm finding the flaw and the vendor or project responsible for the code. Recent patches from Apple illustrate the dangers of this practice when proprietary software is involved. Last week, Apple announced three security patches for its wireless component across virtually its entire platform line. The first patch (CVE-2006-3507) is for two stack overflow vulnerabilities in Airport, Apple's wireless driver. The second patch (CVE-2006-3508) fixes a heap buffer overflow in Airport. The third patch (CVE-2006-3509) addresses an integer overflow in Airport code which handles third-party wireless card connections. All are ranked as "high" severity in the National Vulnerability Database. According to Apple, there are no known exploits for any of these vulnerabilities. Of course, this is the same firm that denied its customers were at risk from wireless vulnerabilities last month. One bad Apple spoils the barrel The problem is that Apple's claims that there are no known exploits are false. Not only have exploits been found, they've been demonstrated, explained, and widely publicized. They first surfaced at least as early as June, when presentations were booked to demonstrate them. They are, after all, the heart and soul of the "faux disclosure" controversy surrounding Maynor and Ellch's presentation at Black Hat and DEFCON last month. Nowadays, a vendor or project is typically told about a flaw privately, and given time to fix it before any public disclosure is made. Whether or not this new arrangement is better than the old practice of making a flaw public as soon as possible, and setting aside any debate about who it is allegedly better for, the vendor or their customers, it requires that both parties to the agreement bring a minimum amount of integrity to the table in order for it to work as designed. In theory, users are offered the optimum level of security when a company does not make their exposure more widely known until a patch is ready to close the hole. But when a vendor deliberately silences one side of the "collaboration" process through legal threats -- as Ellch hinted strongly that they did in an email to a security mailing list on September 3 and Washington Post writer Brian Krebs reported immediately following the Black Hat presentation -- that impose an involuntary "cone of silence" over the researchers, and at the same time issues public lies about the affair, the whole shoddy collaboration falls apart like a house of cards, and the users get the worst of both ends of the stick. In the Washington Post story linked to above where Apple denied the vulnerabilities, Krebs wrote, "Apple today issued a statement strongly refuting claims put forth by researchers at SecureWorks that Apple's Macbook computer contains a wireless-security flaw that could let attackers hijack the machines remotely." The NIST site claims all three patches are for "locally exploitable" vulnerabilities. It may be that Apple is playing on the definition of remote versus local exploit its claims. According to Donnie Werner of Zone-H.Org, all three patches are to close the door on remote, not local, exploits. He explained that local exploits usually require the rights of a local user of the machine being attacked, which is definitely not the case with these. The good news is that if you're using free/open source software, you're largely immune not only to the vulnerabilities with a lifespan as long as these, but to the depraved indifference of proprietary firms which value their ad campaigns above the security of their customers. The transparency of open source software makes the denial game impossible and long delays inexcusable. Links 1. "announced three security patches" - http://docs.info.apple.com/article.html?artnum=304420 2. "CVE-2006-3507" - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3507 3. "CVE-2006-3508" - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3508 4. "CVE-2006-3509" - http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3509 5. "denied" - http://blog.washingtonpost.com/securityfix/2006/08/update_on_the_apple_macbo ok_cl.html 6. "Maynor and Ellch's presentation" - http://software.newsforge.com/article.pl?sid=06/08/08/1351256&tid=78 7. "email" - http://lists.immunitysec.com/pipermail/dailydave/2006-September/003459.html 8. "reported" - http://blog.washingtonpost.com/securityfix/2006/08/followup_to_macbook_post. html 9. "Zone-H.Org" - http://www.zone-h.org/ ? Copyright 2006 - NewsForge, All Rights Reserved