From rforno at infowarrior.org Mon Apr 2 13:02:12 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 02 Apr 2007 09:02:12 -0400 Subject: [Infowarrior] - EMI, Apple partner on DRM-free premium music Message-ID: EMI, Apple partner on DRM-free premium music By Caroline McCarthy http://news.com.com/EMI%2C+Apple+partner+on+DRM-free+premium+music/2100-1027 _3-6172398.html Story last modified Mon Apr 02 06:00:11 PDT 2007 EMI Group will soon sell digital music with better sound quality and no digital rights management restrictions through Apple's iTunes Store. iTunes will begin offering EMI's entire music catalog in premium DRM-free form in May, the music label said at a press conference Monday. The higher-quality, DRM-free music, which can be played on any computer and any digital-audio player, will not replace the copy-protected downloads on iTunes. Rather, it will complement the standard music for download through iTunes and will be sold at a premium: $1.29 per song instead of Apple's standard 99 cents. Consumers who have already purchased EMI tracks with Apple's DRM will be able to upgrade them to the premium version for 30 cents, EMI said. Full albums in DRM-free form can be bought at the same price as standard iTunes albums. "We are committed to embracing change and to developing products and services that consumers really want to buy," said Eric Nicoli, CEO of EMI Group. After initially selling the premium DRM-free music through Apple, EMI plans to expand the program to other music outlets. Retailers partnering with EMI, which also plans to remove DRM from its video downloads, will be able to choose from a variety of levels of sound quality. They will also be able to choose between selling files in the MP3, WMA and AAC formats. In iTunes, music will be sold in a 256 kilobits-per-second AAC format, the company said. The packed press conference at EMI's London headquarters featured a performance by EMI recording artist The Good, The Bad, and The Queen, as well as a guest appearance by Apple CEO Steve Jobs. Jobs, who stressed the need for higher-quality music with the rise of high-fidelity home speaker systems, called EMI's move "the next big step forward in the digital-music revolution--the movement to completely interoperable DRM-free music." He added that "Apple will reach out to all the major and independent labels to give them the same opportunity" and suggested that half of iTunes' music tracks will be available in both DRM-loaded and DRM-free form by the end of 2007. In February, Jobs released an open letter to record companies, encouraging them to abandon DRM restrictions and claiming that Apple had only implemented the controversial system in the first place because the four major record labels would not have otherwise signed up with iTunes. In the recent past, EMI has put forth some initiatives in digital-music distribution that could be considered somewhat experimental, most notably offering its music catalog to peer-to-peer services like Mashboxx and iMesh. But until this point, DRM-free music had been largely the domain of services like eMusic, with offerings limited to independent labels. Last year, iTunes rival Yahoo Music tested the DRM-free waters by offering a Jesse McCartney album and a Jessica Simpson single for sale with no copy protection. A reporter at the press conference asked whether iTunes would soon be selling songs by The Beatles, whose music has been distributed by EMI since 1962 and is currently not available for legal digital download anywhere on the Internet. "I want to know that, too," Jobs replied. Nicoli stressed that "we're working on it." Copyright ?1995-2007 CNET Networks, Inc. All rights reserved. From rforno at infowarrior.org Mon Apr 2 13:03:13 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 02 Apr 2007 09:03:13 -0400 Subject: [Infowarrior] - The feds weigh in on Windows security Message-ID: The feds weigh in on Windows security By Joris Evers http://news.com.com/The+feds+weigh+in+on+Windows+security/2100-7348_3-617215 8.html Story last modified Mon Apr 02 04:00:03 PDT 2007 Will the White House make a difference in computer security? The President's Office of Management and Budget recently sent out a directive to federal chief information officers to secure their Windows PCs. In what some said could have ripple effects well beyond Washington, the White House sent out a memorandum on March 22 that instructed all federal agencies (PDF) to adopt standard security configurations for Windows XP and Windows Vista by February 1. "If the government states that it is only going to buy systems that are more secure, that sends a terrific signal," said Larry Clinton, president of the Internet Security Alliance, a group that represents large corporate technology users. "It is a significant step. All the technology providers will now have to adapt their products to meet those standards." Under the directive, technology providers who want to sell to the government will have to certify that their products work with specially-configured systems. "Common security configurations provide a baseline level of security, reduce risk from security threats and vulnerabilities, and save time and resources," Karen Evans, an OMB administrator, wrote in a memo to federal CIOs on March 20. According to Evans' memo, by adopting the standard configurations, federal agencies can improve system performance, decrease operating costs, and ensure public confidence in the confidentiality, integrity and availability of government information. But at least one analyst described the move as just a minor development. "On the one hand, every little thing matters; on the other hand, this is a little thing," said Pete Lindstrom, a Burton Group analyst. "Standard configurations are pretty obviously useful; global 2000 companies have been doing this for about 10 to 15 years now." The Sans Institute, which specializes in computer security training, disagreed and instead applauded the government's move. The $65 billion that the U.S. government is putting into IT purchasing each year will be an enormous incentive for technology providers to deliver products that work on secured systems, which will also benefit users outside the government, Alan Paller, director of research at Sans, wrote on the organization's Web site. "The benefits of this move are enormous: Common, secure configurations can help slow botnet spreading, can radically reduce delays in patching, can stop many attacks directly, and organizations that have made the move report that it actually saves money rather than costs money," Paller wrote. The announcement arrives just as many developers are building applications for Vista, which means software companies can immediately work the requirements into their products, Sans said. To help technology vendors achieve this, the government plans in late April to make available copies of Windows installations based on the secure configurations. Configurations for security installation have been developed by the National Institute of Standards and Technology, the Department of Defense, the Department of Homeland Security, Microsoft and others. The U.S. Air Force has been a guinea pig in a "comply or don't connect" program with about 575,000 computers. Microsoft first published its Windows Vista Security Guide in November, on the same day it wrapped up work on Vista. A new version of the document was published in January after an error was discovered in the earlier release. The error could cause some of the group policy objects not to be created correctly, Microsoft has said. A security guide for Windows XP has been available since late 2005. The recommendations in the guide include running PCs without administrator privileges, not installing peer-to-peer or instant-message applications, and preventing automatic execution of applications common on Web sites such as Java, JavaScript and ActiveX. The guide for Vista similarly provides instructions and recommendations designed to help strengthen the security of desktop and laptop computers running the latest Microsoft operating system, which is the most secure version to date, according to the software giant. About two-thirds of successful attacks take advantage of misconfigured PCs and servers, according to research firm Gartner. The use of secure configurations out of the box has proven to be very effective, said John Pescatore, a Gartner analyst. "This guidance by OMB is a very good idea," Pescatore said, noting that he reviewed and similarly commented on an early version of the directive. But Burton Group's Lindstrom reiterated that the White House move will not exactly be a boon to security in general. He cautioned that rethinking security configuration is not a panacea. "Presumably, there were a lot of reasons to have 'insecure' desktops in the past, so you don't just wave a magic wand and make it go away," he said. But Sans is not deterred by such skepticism. The White House directive "reflects heroic leadership in starting to fight back against cybercrime," Paller wrote. From rforno at infowarrior.org Mon Apr 2 15:24:00 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 02 Apr 2007 11:24:00 -0400 Subject: [Infowarrior] - Microsoft readies emergency ANI patch Message-ID: Microsoft readies emergency ANI patch Published: 2007-04-02 http://www.securityfocus.com/brief/474?ref=rss Microsoft shifted gears over the weekend, announcing plans on Sunday to release an emergency patch for a vulnerability that the company has known about for more than three months. The flaw, which occurs in the way that Windows handles animated cursor (.ANI) files, came to light last week, after attackers started using the vulnerability to compromise victims through Web and e-mail attacks. Security firm Determina had notified Microsoft of the vulnerability in December 2006, and the software giant planned to fix the issue in its regularly scheduled April patch, the company said. Now, Microsoft will release the patch a week early. "From our ongoing monitoring of the situation, we can say that over this weekend attacks against this vulnerability have increased somewhat--additionally, we are aware of public disclosure of proof-of-concept code," Christopher Budd, security program manager for Microsoft Security Response Center, said in a statement posted to the group's blog. "In light of these points, and based on customer feedback, we have been working around the clock to test this update and are currently planning to release the security update that addresses this issue on Tuesday April 3, 2007." Reports of attacks and public exploits using the flaw in the way Windows handles animated-cursor (.ANI) files increased toward the end of last week. A group that uses compromised Web sites to redirect visitors to a number of Chinese sites hosting malicious content has begun to exploit the flaw to compromise victims' systems. Security Web site milw0rm.com is currently hosting two different exploits for the vulnerability. Both Immunity and the Metasploit Project have incorporated exploits for the issue into their security-checking software. The flaw affects all versions of Windows, including Windows Vista, and can be exploited through Internet Explorer 6 and 7 as well as e-mail. Microsoft stated that the company will continue testing the patch up until release and an issue could be found that delays the release of the update. From rforno at infowarrior.org Mon Apr 2 15:35:46 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 02 Apr 2007 11:35:46 -0400 Subject: [Infowarrior] - MPAA names its Top 25 movie piracy schools Message-ID: MPAA names its Top 25 movie piracy schools By Ken Fisher | Published: April 02, 2007 - 01:05AM CT http://arstechnica.com/news.ars/post/20070402-mpaa-names-its-top-25-movie-pi racy-schools.html The MPAA may be gearing up for an RIAA-inspired assault on US colleges and universities. Last week the group announced its support for the "Curb Illegal Downloading on College Campuses Act (2007)," and MPAA head Dan Glickman said that his organization would work with school administrators to put an end to movie piracy on campuses, which Glickman says costs the industry $500 million annually. Most telling, the group has heard the call of Representative Howard Berman and has compiled a list of the most piracy-ridden schools in higher education. This is a page straight out of the RIAA playbook. Here they are, the schools that made the MPAA's "dishonor roll" and the number of students identified as making unauthorized use of copyrighted materials: 1. Columbia University - 1,198 2. University of Pennsylvania - 934 3. Boston University - 891 4. University of California at Los Angeles - 889 5. Purdue University - 873 6. Vanderbilt University - 860 7. Duke University - 813 8. Rochester Institute of Technology - 792 9. University of Massachusetts - 765 10. University of Michigan - 740 11. University of California at Santa Cruz - 714 12. University of Southern California - 704 13. University of Nebraska at Lincoln - 637 14. North Carolina State University - 636 15. Iowa State University - 586 16. University of Chicago - 575 17. University of Rochester - 562 18. Ohio University - 550 19. University of Tennessee - 527 20. Michigan State University - 506 21. Virginia Polytechnic Institute - 457 22. Drexel University - 455 23. University of South Florida - 447 24. Stanford University - 405 25. University of California at Berkeley - 398 A number of schools have the dubious distinction of being on both the MPAA and the RIAA list. The overachievers are: Ohio University (#1 RIAA/#18 MPAA), Purdue University (#2, #5), University of Nebraska at Lincoln (#3/#13), UMASS (#6/#9), Michigan State (#7/#20), North Carolina State (#9/#14), University of South Florida (#11/#23), Boston University (#15/#3), and the University of Michigan (#18/#10). In all, 10 schools appear on both lists, and Purdue University wins the Gold Medal for highest overall ranking between the two combined. Whether or not the MPAA will get into the trenches and follow the RIAA's pre-litigation strategy is not yet clear, and historically the MPAA has been less eager to wage a public campaign against file sharing. But like Santa, the MPAA is making a list and checking it twice... the question is, are they merely humoring Representative Berman or planning something more aggressive? From rforno at infowarrior.org Mon Apr 2 17:13:11 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 02 Apr 2007 13:13:11 -0400 Subject: [Infowarrior] - MS previews Office 2008 for Mac (no ribbon, thank gods!) Message-ID: Office 2008 for Mac hits beta: lush ?Escher? graphics engine revealed * 30th March 2007 * David Flynn * Mac Office 2008 for Mac has gingerly stepped out of the alpha phase of its development as Microsoft works towards a late 2007 release of its overhauled Macintosh suite. "We're in private betas right now" confirmed Sheridan Jones, Lead Marketing Manager for Microsoft's Mac Business Unit (MacBU), during an exclusive interview with APC magazine. While Jones was unable to speculate on the timetable for any public beta or the targets for RTM (release to manufacture), a demo of an alpha build showed the revised user interface is moving in a very appealing and Mac-like direction. It's a move sure to please the thousands of Office for Mac users who became nervous after APC reported last year that the suite's UI would be overhauled and borrow ideas from the work done in Office 2007 for Windows, which saw the menus and toolbars replaced with a single ?ribbon'. At that time the Mac developers had already had one radical redesign tested and rejected after user feedback, said MacBU group product manager Mary Starman. "We had what we thought was going to be this perfect UI solution, and the first time we put it in the labs, no-one understood it! It was so different they were completely confused!" Happily, the latest version of the UI is heading in a much better direction. Our peek at the alpha build, which Jones cautioned was still in the very earliest of stages of both the UI and backend development, showed hints of a streamlined look with a modern black sheen, at times similar to the elements in recent Apple applications such as iTunes 7 and iLife 06. Rest easy, Mac-fans -- this is not Office for Windows. < - > http://www.apcmag.com/5780/office_2008_for_mac_hits_beta_shows_slick_ui_and_ draws_on_escher From rforno at infowarrior.org Mon Apr 2 17:17:47 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 02 Apr 2007 13:17:47 -0400 Subject: [Infowarrior] - Google updates maps after Katrina 'airbrushing' incident Message-ID: Google updates maps after Katrina 'airbrushing' incident By Anne Broache http://news.com.com/Google+updates+maps+after+Katrina+airbrushing+incident/2 100-1028_3-6172491.html Story last modified Mon Apr 02 09:38:17 PDT 2007 Accused by a Democrat in the U.S. Congress of "airbrushing history," Google said it has now replaced pre-Hurricane Katrina satellite images of the Gulf Coast region with more recent aerial photographs. The search giant came under fire late last week after the Associated Press reported the company had traded imagery documenting the August 2005 storm's devastating effects in its mapping services for higher-resolution images depicting pre-hurricane calm. Google on Sunday said it had no intention of "rewriting history" but nonetheless was able to "expedite" the processing of 2006 aerial photography data for New Orleans that is of equally high quality. That update went up on Sunday evening, the company said. The initial news attracted concerns from Rep. Brad Miller (D-N.C.), chairman of a House of Representatives science oversight subcommittee. On Friday, he sent a letter (PDF) demanding an explanation for the changes from CEO Eric Schmidt. Miller was unavailable for comment on Monday, as he is currently visiting the Darfur region as part of Congress' spring recess. Despite a recent Google blog post that attempts to clarify the situation, the subcommittee still expects responses to Miller's letter, said Luann Canipe, communications director for the congressman. "The congressman's concern is that it was fundamentally dishonest," Canipe said in a telephone interview. "Certainly the most basic question is, did someone ask you to change the maps and if so who was it?" Google said it planned to send a response to the congressman's queries on Monday. The company confirmed it had swapped out the post-Katrina images in September, but it maintained that decision hinged on its interest in providing its users with high-quality images. The changes were part of a broader update that "substantially improved the imagery detail for dozens of cities around the world, including New Orleans," a representative said in a statement e-mailed to CNET News.com on Monday. Even after it replaced the post-Katrina images, users could continue to view Katrina imagery captured by the National Oceanic and Atmospheric Administration--along with map overlays such as damage assessments and Red Cross shelters--at a dedicated site, said John Hanke, director of Google Earth and Maps. In his Sunday morning entry on the official corporate blog, Hanke said Google found the recent comments a bit surprising. "Our goal throughout has been to produce a global earth database of the best quality," he wrote, "accounting for timeliness, resolution, cloud cover, light conditions, and color balancing." Copyright ?1995-2007 CNET Networks, Inc. All rights reserved. From rforno at infowarrior.org Tue Apr 3 02:19:37 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 02 Apr 2007 22:19:37 -0400 Subject: [Infowarrior] - FCC adopts new phone privacy rules Message-ID: http://www.theolympian.com/131/story/75518.html FCC adopts new phone privacy rules JOHN DUNBAR Associated Press Writer You'll have to provide a password if you want to get your account information from your telephone company under new privacy rules approved Monday by the Federal Communications Commission. The rules were created to safeguard against pretexting, the practice of impersonating a phone customer to gain access to his phone records. Pretexting entered the national vocabulary last year when executives of the Hewlett-Packard Co. were charged with hiring private detectives who used the technique to investigate board members. FCC Chairman Kevin Martin said in a written statement that the new order "takes a strong approach to protecting consumer privacy." In addition to the password protection, the rules also require carriers to ask for customers' permission when sharing private account information with business partners and independent contractors. Phone companies have contended that such an "opt-in" requirement violates their First Amendment right to communicate with customers - a position that was backed by a federal court in 1999. The new safeguards also require that consumers be notified immediately when there are changes made to their passwords, addresses or online accounts. The FCC has been working on phone privacy rules since the issue was raised by the Electronic Privacy Information Center, a nonprofit privacy rights group, in 2005. Marc Rotenberg, executive director of the organization, praised the agency's action. "I think these are important rules that will help safeguard the privacy of telephone customers' information," he said. "There's more work to be done in this area but this is certainly an excellent first step." The rules included one provision that Rotenberg and both Democrats on the commission strongly oppose, however. The provision requires that law enforcement agencies like the FBI and the Secret Service be informed of a privacy breach before consumers are. The delay would be seven days or perhaps indefinite, depending on the circumstances. "As some have described it, it is akin to not telling victims of a burglary that their home has been broken into because law enforcement needs to continue dusting for fingerprints," commented Commissioner Michael Copps. In filings, the Justice Department said it needed the provision to keep from tipping off investigative targets. Earlier this year, President Bush signed a law criminalizing pretexting and imposing penalties, including up to 10 years in prison. The new law gives police a weapon to punish perpetrators but leaves out requirements on how phone companies should protect their customers' private data. Law enforcement agencies were explicitly exempted from that law. From rforno at infowarrior.org Tue Apr 3 02:24:51 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 02 Apr 2007 22:24:51 -0400 Subject: [Infowarrior] - Second Annual Movie-Plot Threat Contest Message-ID: Announcing: Second Annual Movie-Plot Threat Contest The first Movie-Plot Threat Contest asked you to invent a horrific and completely ridiculous, but plausible, terrorist plot. All the entrants were worth reading, but Tom Grant won with his idea to crash an explosive-filled plane into the Grand Coulee Dam. This year the contest is a little different. We all know that a good plot to blow up an airplane will cause the banning, or at least screening, of something innocuous. If you stop and think about it, it's a stupid response. We screened for guns and bombs, so the terrorists used box cutters. We took away box cutters and small knives, so they hid explosives in their shoes. We started screening shoes, so they planned to use liquids. We now confiscate liquids (even though experts agree the plot was implausible)...and they're going to do something else. We can't win this game, so why are we playing? Well, we are playing. And now you can, too. Your goal: invent a terrorist plot to hijack or blow up an airplane with a commonly carried item as a key component. The component should be so critical to the plot that the TSA will have no choice but to ban the item once the plot is uncovered. I want to see a plot horrific and ridiculous, but just plausible enough to take seriously. < - > http://www.schneier.com/blog/archives/2007/04/announcing_seco.html From rforno at infowarrior.org Tue Apr 3 12:17:03 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 03 Apr 2007 08:17:03 -0400 Subject: [Infowarrior] - Telnet, Dead at 35. Happy Birthday and RIP Message-ID: For all the bells and whistle added to Microsoft's Vista, the OS is the first internet-age Windows release to omit an important vestige of networking history -- Telnet, which turns 35 tomorrow. It was April 3rd, 1972 that Jon Postel published RFC 318, a svelte 4,600 word document describing a "standard method of interfacing terminal devices at one site to processes at another site." Devised in a simpler time, Telnet has no encryption and doesn't come close to meeting modern security standards for logging onto a remote machine. It's gone virtually unused for years (geeks still use the client to debug TCP services, but only because it's there). Yet somehow the Telnet client has always managed to stick around in Windows, Linux and Mac OS releases like the gill slits in human embryos. Until now. If you're a Vista user, you can celebrate Telnet Day tomorrow by defiantly reinstalling the deleted Telnet client. Microsoft's instructions are here. There's also this history of Telnet, the original RFC 318, and a super cool list of still-operating public Telnet sites, including the U.S. Library of Congress. < - > http://blog.wired.com/27bstroke6/2007/04/telnet_dead_at_.html From rforno at infowarrior.org Tue Apr 3 12:42:34 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 03 Apr 2007 08:42:34 -0400 Subject: [Infowarrior] - Quick comment on current Iraq statements Message-ID: Dear Politicians and Lobbyists -- The phrase "we need to fight the terrorists 'there' so we don't fight them 'here'" (or variants thereof) is based on a rosy wish that terrorism can be contained to a specific part of the world. It can't. We could 'win' Iraq and make it a glowing beacon of Western democracy and still see a terrorist attack 'here' down the road. So you're basing your statement on an analytical non-sequitor and fractured logic. Similarly, when you say that "setting a timetable for Iraq withdrawl" will "telegraph our intentions to the bad guys and embolden them" you forget one small item: when the bad guys see fewer and fewer American troops around town over a period of time, guess what? They'll pretty-much know we're leaving or gone, and continue their activities once they feel confident in their ability to avoid capture. You're basing your statement here on a failure to understand that animals and human beings alike can notice things in their environment and only act when they feel confident and safe. So kindly refrain from using such warped logic in your statements. Grrrr, -Rick From rforno at infowarrior.org Tue Apr 3 13:10:17 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 03 Apr 2007 09:10:17 -0400 Subject: [Infowarrior] - New Movie: "Snakes on a Search Engine" Message-ID: Calling Samuel L. Jackson..... :) NEW YORK (CNNMoney.com) -- The latest search at Google has nothing to do with the Internet or lucrative ads. It has to do with a three-foot python that's loose in its New York offices. Published reports say the snake, named Kaiser, got loose Sunday in the company's office in the Chelsea neighborhood of New York. < - > http://money.cnn.com/2007/04/03/news/funny/google_snake/?postversion=2007040 308 From rforno at infowarrior.org Wed Apr 4 14:23:41 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 04 Apr 2007 10:23:41 -0400 Subject: [Infowarrior] - Apple adds 8-core option to Mac Pro Message-ID: Apple adds 8-core option to Mac Pro Apple on Wednesday added a new eight-core option to the Mac Pro. Buyers of the new professional workstation can now choose two of Intel's 3GHz quad-core Xeons, nicknamed "Clovertown," alongside the 2GHz, 2.66GHz, and 3GHz dual-core "Woodcrest" processors currently offered by Apple in its systems. Other features of the desktop are unchanged and include a base 1GB of memory expandable to 16GB, 250GB of storage (up to 3TB), and a choice of video cards ranging from a 256MB GeForce 7300 GT to the 512MB Quadro FX 4500 for professional 3D modeling and stereo imaging. Customizing the Mac Pro with the 3GHz eight-core option adds $1,498 to the base $2,499 price and ships within three to five days from the online Apple Store. http://www.macnn.com/ From rforno at infowarrior.org Wed Apr 4 14:29:30 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 04 Apr 2007 10:29:30 -0400 Subject: [Infowarrior] - Statement of Josh Wolf, Journalist, on his Freedom from Jail Message-ID: Statement of Josh Wolf, Journalist, on his Freedom from Jail Submitted by John Stauber on Tue, 04/03/2007 - 15:48. http://www.prwatch.org/node/5922 Josh Wolf, the video blogger and journalist, is going to be freed. Wolf was jailed on August 1, 2006 when he refused to testify or turn over unpublished video out-takes to a federal grand jury investigating a July, 2005 anti-capitalist demonstration. The statement below was provided on Josh's behalf to the Center for Media and Democracy by Lisa Cohen. For more information contact Lisa Cohen at: lisa.cohen32 AT verizon.net Statement from Josh Wolf: "It took 226 days, but it was worth every second to get what I wanted from day one, which is that I will not have to testify before the grand jury about the events at the protest or the identities of participants. The demand for my testimony before the grand jury was the true assault on my code of ethics and, as I have stated previously, there will be, and has been no compromise to this resolute principle. "Today, I posted the video footage to my web site www.joshwolf.net/ so that the public will have the opportunity to see that there is nothing of value in this unpublished footage. As there is no sensitive material on the tape, there was no reason to remain in prison, given the fact that I got what I wanted from day one - the right to protect journalists from having to testify before a grand jury. "Until now, I had no assurances that publishing the video would lead to my release and furthermore had every indication that it would have the opposite result and indicate to the judge that the so-called coercive effect was working. That has changed. "I do feel that my unpublished materials should be protected by a Federal Shield and moving forward, that is where I will focus my efforts. Journalist should have the right to be protected from testifying before a grand jury and I will not stop fighting until there is a law that protects us." STATEMENT FROM DAVID GREENE, attorney: Today, Josh got what he wanted from day one -- he will not have to testify before the grand jury about the events at the protest or the identities of participants. From rforno at infowarrior.org Wed Apr 4 19:25:35 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 04 Apr 2007 15:25:35 -0400 Subject: [Infowarrior] - Judge: Americans need background checks to date internationally Message-ID: US Judge Affirms IMBRA: Americans Must Have Criminal Checks Before Contacting Foreigners on Internet http://www.prweb.com/releases/2007/4/prweb515227.htm A new federal law that makes it a crime for Americans to communicate with foreigners on dating websites without criminal background checks is upheld by a federal judge. Washington, DC (PRWEB) April 2, 2007 -- On March 26, 2007, a new federal law restricting Americans from contacting foreigners through internet dating sites was upheld by a federal court after a Constitutional challenge by an internet dating company. In European Connections v. Alberto Gonzales, 1:06-CV-0426-CC, Judge Clarence Cooper of the US District Court for the Northern District of Georgia dismissed a lawsuit by European Connections which claimed that the law violated the right to freedom of speech contained in the First Amendment to the United States Constitution. The plaintiff had failed to challenge the law based on the First Amendment right to assemble. According to Tristan Laurent, President of the advocacy group Online Dating Rights, "We will now have to take legal action from the point of view of the users of online dating sites. The whole idea that it is now a crime for American men to send emails to women in other countries is so preposterous it is beyond belief. The judge's ruling that there is no Constitutional violation in forcing Americans to divulge all sorts of highly personal information to a complete stranger or scammer abroad before the American can even say hello or know to whom he is writing is only exceeded in foolishness by Congress in making the law." The law was originally called the International Matchmaker Regulation Act, but it did not pass Congress in previous years by that name and it was later named the International Marriage Broker Regulation Act (IMBRA) before it passed on December 17th, 2005. The law, which was attached to the reauthorization of the Violence Against Women Act (VAWA) was apparently not debated in public and Mr. Laurent says that no dating company or dating site user was invited to a closed-door Senate hearing in July 2004. IMBRA makes it a felony for an internet dating company, that primarily focuses on introducing Americans to foreigners, to allow any American to communicate with any person of foreign nationality without first subjecting that American to a criminal background check, a sex offender check and without first having the American certify any previous convictions or arrests, any previous marriages or divorces any children and all states of residence since 18. Match.com is excluded from the law, and the judge found that this exception posed no challenge to the Fifth Amendment equal protection clause because American women are supposedly not abused by American men that they meet on the internet, and thus are not in need of protection. The law was sponsored by Sen. Sam Brownback, R-KS and Sen. Maria Cantwell, D-WA and was championed by key women's groups. The law was passed after these groups made claims that foreign women who marry American men are subjected to higher rates of abuse than are American women. However, the only study that addresses this issue was done by the INS in 1999 and it found that the rate of abuse in such international marriages is one-seventh the rate of abuse in domestic marriages. See http://www.online-dating-rights.com/index.php?ind=downloads&op=entry_view&id en=24 Online Dating Rights Director of Public Relations Jim Peterson said of the judge's ruling: "It is a sad day for freedom in our country when an American has to have a criminal background check before he can say 'Hello" to a foreigner through the internet." He also said that "America is the only country in the world that regulates communication between two consenting adults seeking to communicate via internet, with the possible exceptions of China and North Korea. Without new email technology, IMBRA could not have been even feasible because people generally sent paper letters to each other's home addresses just a few years ago. Is it right for the US government to make a form of communication illegal when it was the only form of communication possible just a few years ago?" The law has been attacked in a bipartisan fashion by prominent feminist Wendy McElroy http://www.ifeminists.net/introduction/editorials/2006/0111.html and by men's rights supporter David Usher http://capitolhillcoffeehouse.com/more.php?id=2444_0_1_0_M and by immigration attorney Gary Bala http://www.online-dating-rights.com/index.php?ind=downloads&op=entry_view&id en=21 Mr. Laurent says that his organization has undertaken a fundraising drive to raise $100,000 for a class-action suit against the government on behalf of all the men who can no longer contact women in Canada, England, Germany, Russia and the Philippines due to this law. Contributors are asked to visit the website at www.online-dating-rights.com. Both Mr. Laurent and Mr. Peterson are available for media interviews but since both have to work for a living and do not receive federal taxpayer funding, arrangements for telephone interviews should be made by email if possible. Contact Mr. Laurent at onlinedatingrights @ yahoo.com and Mr. Peterson at veterans @ veteransabroad.com From rforno at infowarrior.org Wed Apr 4 19:37:52 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 04 Apr 2007 15:37:52 -0400 Subject: [Infowarrior] - Baseball Disses National Security Message-ID: Baseball Disses National Security http://blog.washingtonpost.com/earlywarning/2007/04/baseball_disses_national _secur.html Despite two years of efforts and a major annual drive, the Department of Homeland Security has failed to enlist over two-thirds of the nation's Minor League Baseball teams in its patriotic program to "to educate and empower Americans to prepare for and respond to emergencies including natural disasters and potential terrorist attacks." The Minor League Baseball "Ready Campaign" includes specially-themed banners and public service announcements, a duct tape race between innings, and even Rex, the Office of Emergency Management mascot. So what's wrong with the Arkansas Travelers, the Charleston Riverdogs, the Hudson Valley Renegades, the Pawtucket Red Sox, and the Tampa Yankees, just to name a few recalcitrants? Why don't they go to bat for America? Are they Al Qaeda sympathizers? And what about the new Rockhounds team in Midland, Texas, which has so far failed to support home team America? Maybe first lady Laura Bush needs to give them a call. For over five years, the government of the United States of America has been courting Minor League Baseball teams to join its "Ready Campaign," a national public service advertising effort to promote emergency preparedness to deal with a terrorist attack. "Ready," as the DHS calls the campaign, has also enlisted the Boy Scouts of America to push for families to put together an emergency supply kit, make a family communications plan, and educate themselves about potential emergencies and "appropriate responses." "As we all know, going to the ballpark is a family event and an American tradition," the DHS wrote to teams last month, kicking off the 2007 campaign. "This makes a baseball game the perfect place to share the Ready Campaign's emergency preparedness message with our nation's families." And what is that message? It is simply, simple, that everyone "should have a plan." A government-produced "fun and easy" toolkit sent to teams at no charge includes suggested English and Spanish language banners, public service advertisements, JumboTron announcements, brochures, potential events and activities to hold during games. And of course there is the Emergency Preparedness merit badge to award. During the 2005 season, the Department of Homeland Security proudly announced that 48 Minor League baseball teams had signed on to promote the Ready Campaign in their ballparks. Last year, 45 teams signed on. This year, according to an internal DHS Minor League spreadsheet (thanks K!), only 41 of 145 Minor League Teams have signed on for the 2007 season. I smell declining interest, perhaps even readiness, on the part of the custodians of America's pastime. Or growing wisdom: wisdom that despite government calls and kits, the effort is sophomoric and wasteful. I have no idea how much the Department of Homeland Security and its public relations firm, the Neiman Group, spends on this effort. As a local emergency official wrote me, "with high profile campaigns like this, we shall all be prepared . . . for sunburn, hot dogs and overpriced beer." The ongoing Ready effort is seemingly harmless, and the DHS has even managed to repackage the ham-fisted terrorism focus since hurricane Katrina to fold in natural disasters. But the truth is that this government effort only began after Sept. 11 and is emblematic of Homeland Security's continued unfocused and confused state. Should there even be a federal government civilian readiness program, particularly one like this that is so simplistic? I say the answer is no, because not only are all those federal employees wasting their time on their fun and easy toolkits not doing something more focused and useful - or sucking off someone else's payroll - but also because they are foot soldiers in the government's national brainwashing efforts. Today's mechanisms of government "advertising" are merely tomorrow's politically motivated color-coded fear-mongering manipulations of public opinion. At least at 104 Minor League ballparks, people will be able to enjoy the game without having the government - the government! - remind them that they also need at the same time to be fearful of the world, even in their home town. It is a government message with only one "appropriate response:" worship at the altar of national security and war. From rforno at infowarrior.org Wed Apr 4 19:39:40 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 04 Apr 2007 15:39:40 -0400 Subject: [Infowarrior] - Microsoft sued over Windows Vista marketing Message-ID: Tuesday, April 3, 2007 ? Last updated 7:48 a.m. PT Microsoft sued over Windows Vista marketing By TODD BISHOP P-I REPORTER A lawsuit alleges that Microsoft Corp. engaged in deceptive practices by letting PC makers promote computers as "Windows Vista Capable" even if they couldn't run the new operating system's "signature" features. http://seattlepi.nwsource.com/business/310004_msftsued03.html The proposed class action, which Microsoft disputes, was filed on behalf of personal-computer buyer Dianne Kelley of Camano Island. It focuses on efforts by Microsoft and computer makers to avoid a lull in PC sales by assuring consumers that the machines they were buying last year could run the delayed operating system upon its January release. Machines carrying "Windows Vista Capable" stickers included those that only met the requirements for Windows Vista Home Basic -- which lacks the "Aero" on-screen appearance, Media Center PC interface, Flip 3D window-switching and other features available in advanced Windows Vista versions. "All the 'wow' stuff that Microsoft is selling and marketing is present in (Windows Vista Home) Premium, but it's not present in Basic," said Michael Rosenberger, one of the lawyers representing Kelley in the case. Microsoft said Monday that the suit wrongly overlooks its efforts to make clear the differences between the different versions. The company "conducted a very broad and unprecedented effort" to help PC makers, retailers and consumers "understand the hardware requirements to run the various flavors of the Windows Vista operating system," said Linda Norman, a Microsoft associate general counsel. "We feel as a company we went beyond what we've ever done to try to educate people so that they understood and could make the right purchase decision," she said. Among other things, Microsoft created the additional designation of Windows Vista "Premium Ready" to indicate that a machine was capable of running the operating system's advanced features, meeting premium hardware requirements including a full gigabyte of system memory. That "premium" designation was made available for PC makers and retailers to use in places such as computer boxes and in-store marketing materials, said Mike Burk, a Windows product manager. Microsoft also detailed the hardware requirements for the various Windows Vista versions in places including its own Web site. However, the distinction wasn't made in the general "Windows Vista Capable" stickers. The suit alleges that it was deceptive to include that logo on machines not capable of running all the features Microsoft was touting as capabilities of Windows Vista in general. "In sum, Microsoft engaged in bait and switch -- assuring consumers they were purchasing 'Vista Capable' machines when, in fact, they could obtain only a stripped-down operating system lacking the functionality and features that Microsoft advertised as 'Vista,' " the complaint says. As a result, the suit said, people were buying machines that couldn't run "the real Vista." The suit also alleges that Microsoft Chairman Bill Gates contributed to the company's "deceptive marketing" during a Jan. 29 appearance on the "Today" show, when he said that PC users could upgrade to Windows Vista for less than $100. "In fact, one can only 'upgrade' to Home Basic for that price, which Mr. Gates and Microsoft know is a product that lacks the features marketed by Microsoft as being Vista," the suit said. The suit alleges that Gates' statement "furthered Microsoft's unfair and deceptive conduct." Norman disputed the notion that Windows Vista Home Basic isn't a true Vista version. "Anybody who purchased a PC that had the Windows Vista Capable logo got the core experience of Windows Vista," she said. "We have different versions, and they do offer different features. ... The Windows (Vista) core experience is a huge advance over Windows XP, we believe, and provides some great features, particularly in the area of security and reliability, and just general ease of use." The complaint, filed last week, seeks class certification and unspecified damages. P-I reporter Todd Bishop can be reached at 206-448-8221 or toddbishop at seattlepi.com. From rforno at infowarrior.org Wed Apr 4 19:40:35 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 04 Apr 2007 15:40:35 -0400 Subject: [Infowarrior] - Researchers unpick Vista kernel protection Message-ID: Researchers unpick Vista kernel protection >From boot kit to 'root kit' By John Leyden ? More by this author Published Wednesday 4th April 2007 19:01 GMT http://www.theregister.co.uk/2007/04/04/vbootkit/ Security researchers have found a way to subvert the load-up procedure for Windows Vista and bypass its code-signing security checks. Indian researchers Nitin and Vipin Kumar of NV labs have developed a tool called VBoot kit, a custom boot sector loader, which launches from a CD. Once loaded, the tool allows hackers to make system changes on pre-release versions of Vista, something that only Microsoft-signed code is supposed to be able to do. Vista's booting process fails to check that every previously loaded component is kosher. The Kumar brothers exploited this design "feature" to craft their proof-of-concept code. VBoot kit can copy itself to a section of memory before Vista boots, so bypassing restrictions that should prevent unsigned code running with system (kernel) privileges. The code, developed on a beta version of Vista, was demonstrated during a presentation at last week's Black Hat conference in Amsterdam. Heise Security reports that a complex debugging process, involving finding the memory areas vBoot kit needed to load onto, was needed to get the exploit to work. Adapting the code to work on later versions of Vista would involve a similar, time-consuming process. The attack does not lend itself immediately toward the creation of root kits that work on the final Vista build. Even so, the Kumars' work illustrates fundamental design weaknesses the researchers reckon can only be fully addressed by using TPM (Trusted Platform Module) hardware to stop unsigned program code from being executed. ? From rforno at infowarrior.org Sat Apr 7 13:24:12 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 07 Apr 2007 09:24:12 -0400 Subject: [Infowarrior] - Chertoff: Brits could attack the US Message-ID: Michael Chertoff speaks to Sky 'Britons Could Attack Us' Updated: 11:38, Friday April 06, 2007 http://news.sky.com/skynews/article/0,,30000-1259477,00.html The man charged with protecting Americans from terrorist attack has told Sky News he is worried radicalised Britons could try to mount an assault on his country. Michael Chertoff, the Head of Homeland Security, said the US needed further protection from so-called "clean skins" in Britain or Europe. That is the name given by the intelligence community to those people who feel alienated but have not come to the attention of the authorities. Mr Chertoff confirmed America had foiled some terrorist attacks but warned his countrymen not to become complacent. The interview on Sky News came on the eve of the politician's first meeting with Home Secretary John Reid. Mr Chertoff spoke to presenter Anna Botting about the threat of terrorism, the foreign policy of the West and the contentious Passenger Name Records system. He said the US was "not hysterical but not complacent" about the terror threat and claimed the enemy was "focused". The anti-terror chief also defended plans to check all 10 fingerprints of visitors to the US. He said it was the "best tool" against terrorism and denied it was next step to taking DNA from passengers. From rforno at infowarrior.org Sat Apr 7 13:27:34 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 07 Apr 2007 09:27:34 -0400 Subject: [Infowarrior] - VeriSign jacks up domain name prices Message-ID: VeriSign jacks up domain name prices By Eric Bangeman | Published: April 06, 2007 - 02:18PM CT http://arstechnica.com/news.ars/post/20070406-verisign-jacks-up-domain-name- prices.html VeriSign has decided to raise wholesale prices on .com and .net domains beginning in October. Saying that the price increases will be used for infrastructure improvements, the company announced that the wholesale price for a .com domain will rise to $6.42 from $6.00, while .net will jump to $3.85 from $3.50. In December of last year, ICANN and VeriSign inked an agreement allowing the company to keep control of the .com top-level domain through 2012. (VeriSign first gained control of .com in 1999 after it was awarded a no-bid contract). The agreement provides some control over price hikes, as it limits them to a maximum of seven percent in four out of the contract's six years. VeriSign must provide notice of the rate hikes at least six months prior to their going into effect. There may still be additional rate increases, however. VeriSign's contract with ICANN also allows for increases due to ICANN policy shifts or for security reasons during the two years when the regular price hikes are not allowed. ICANN's agreement with VeriSign was the subject of criticism from some areas. Network Solutions called it a "perpetual de facto monopoly," saying that it failed to provide sufficient checks and balances. Network Solutions also said the agreement was "fundamentally flawed" from a cybersecurity point of view. As mentioned above, VeriSign is using the security angle to justify the increase. Revenues from the rate hike will go towards Project Titan, which is its initiative to expand the global capacity of its infrastructure ten-fold by 2010. DNS query capacity will increase to 4 trillion queries per day. VeriSign claims that it has seen security exploits grow by over 700 percent since 2000 and it projects those to increase by 50 percent in 2007 and 2008, which it believes justifies the infrastructure investment and price increase. The degree to which the price hikes will be passed on to domain owners remains to be seen. Registrars are free to set their own prices once they have paid VeriSign, but it's hard to envision many of them choosing to swallow the seven percent increase themselves. So prepare yourself for a larger bill from your registrar when your domain is about to expire. From rforno at infowarrior.org Sat Apr 7 13:28:54 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 07 Apr 2007 09:28:54 -0400 Subject: [Infowarrior] - Coke takes branding protection a bit far.... Message-ID: Coke halts Jesus pic Distrib pulls 'Jerusalem' By NICK VIVARELLI http://www.variety.com/article/VR1117962553.html?categoryid=19&cs=1 ROME ? The Coca Cola Company has taken legal action against producers of a spirituality themed Italian film set in present day Israel in which Jesus drinks a can of Coke in the desert. Titled "7 Km da Gerusalemme" (Seven Kilometers From Jerusalem) pic centers around a Milanese ad exec having a midlife crisis who makes a pilgrimage to the Holy Land. In the desert, near the biblical Emmaus, the Italo ad man gives Jesus a ride on his Jeep, hands him a Coke, and, while Jesus is quenching his thirst, says: "My God, what a testimonial!" Coca Cola in a letter complained to producers Graziano Prota and Angelo Sconda demanding that the scene be cut because it is likely to give Coca Cola a negative image and complaining that use of their brand was unauthorized. "We are not interested in this kind of product placement," a Coca Cola Italia spokeswoman said. Due to be released on April 6, Good Friday, "Seven Kilometers From Jerusalem" has now been pulled by distribbery Mediafilm, which was planning to capitalize on the Easter spirit. Artika said in a statement that unless they are able to convince Coca Cola's lawyers to change their position they will have to re-edit the film, which "means it will be released by the end of April." Pic is co-produced by Artika and RAI Cinema. Based on an eponymous best-selling Italo book, "Seven Kilometers" has drawn mixed reviews from Italo crix, but was reportedly well-received by the Vatican. A jury headed by Polish helmer Krystov Zanussi, known to be close to Vatican circles, recently gave it the top nod at the Busto Arsizio Film Fest. Cast, toplined by Italo soap star Luca Ward, includes Rosalinda Celentano who played Satan in "The Passion of the Christ." From rforno at infowarrior.org Sun Apr 8 00:57:19 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 07 Apr 2007 20:57:19 -0400 Subject: [Infowarrior] - Microsoft changes tune on selling DRM-free songs Message-ID: Microsoft changes tune on selling DRM-free songs Company's been talking with record labels for 'some time' Elizabeth Montalbano http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxo nomyName=mobile_devices&articleId=9015898&taxonomyId=75 April 06, 2007 (IDG News Service) -- Following digital music pioneer Apple Inc.'s lead, Microsoft Corp. said it will soon sell digital music online without digital rights management (DRM) protection. Microsoft's apparent change of heart on selling DRM-free music came in response to Apple's deal earlier in the week to sell unprotected content from recording company EMI Group PLC. The company previously claimed that DRM was necessary for current and emerging digital media business models. "The EMI announcement on Monday was not exclusive to Apple," said Katy Asher, a Microsoft spokeswoman on the Zune team, in an e-mail to the IDG News Service today. She said Microsoft has been talking with EMI and other record labels "for some time now" about offering unprotected music on its Zune players in an effort to meet the needs of its customers. "Consumers have made it clear that unprotected music is something they want," Asher said. "We plan on offering it to them as soon as our label partners are comfortable with it." In February, Apple CEO and founder Steve Jobs stirred up controversy when he called for an end to DRM in an open letter to the industry published on Apple's Web site. At the time, Microsoft responded harshly to Jobs' statement -- a Zune spokesman called it naive and irresponsible -- but now the company seems to have literally changed its tune. Microsoft released Zune and its corresponding Zune Marketplace last November as a competitor to iPod and iTunes. Early reports on sales of the device show it has done little to cut into iPod's market share, but Microsoft executives have maintained that the company's investment in Zune is long term and the product was not expected to overtake the iPod immediately. From rforno at infowarrior.org Mon Apr 9 14:25:43 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 09 Apr 2007 10:25:43 -0400 Subject: [Infowarrior] - OT: 'B.C.' and 'Wizard of Id' Cartoonist Johnny Hart, 76 Message-ID: (I loved these series......they were both brilliant and funny!) 'B.C.' and 'Wizard of Id' Cartoonist Johnny Hart, 76 By Adam Bernstein Washington Post Staff Writer Monday, April 9, 2007; B05 http://www.washingtonpost.com/wp-dyn/content/article/2007/04/08/AR2007040800 746_pf.html Johnny Hart, 76, whose comic strips "B.C." and "The Wizard of Id" used wisecracking cave men and henpecked sorcerers to comment on modern life, and who attracted controversy when he introduced Christianity into his work, died April 7 at his home in Nineveh, N.Y., near Binghamton. Mr. Hart recently completed treatment for non-Hodgkin's lymphoma and died at his drawing table after a stroke, said his wife of 55 years, Bobby Hatcher Hart. Mr. Hart became one of the most popular cartoonists of his era, with a readership estimated at 100 million since starting "B.C." in 1958 and "The Wizard of Id" in 1964 (with artist Brant Parker). Creators Syndicate distributed both strips, each of which appeared in more than 1,300 newspapers, including The Washington Post. "B.C." refers to the age "Before Christ" and also is the name of Mr. Hart's naive cave-dwelling protagonist, but for years there was little overt religious plotting in the strip. Among the characters were the one-legged cave man poet, Wiley, and a menagerie of talking animals, including an ant, a clam and a lovelorn dinosaur named Gronk. The female characters were Cute Chick and Fat Broad, names that were anatomically, if not politically, correct. For a strip whose tone was lighthearted, "B.C" suddenly became controversial in the 1990s when Mr. Hart included themes influenced by his fundamental Christianity and literal interpretation of the Bible. He did so sparingly, often around holy days, but its inclusion was perceived by many readers as making him far more frank about Christianity than any of his mainstream contemporaries. Some newspapers canceled the strip. Others, including The Post, pulled it selectively. On at least one occasion, the Los Angeles Times relocated it to the religion page. The Times initially canceled the strip -- scheduled to run on Palm Sunday 1996 -- showing Wiley drafting a poem about Jesus's suffering on the cross. Christian Coalition founder Pat Robertson told viewers of his "700 Club" show to protest, especially as political cartoons often criticized religion. The uproar that followed led the paper to run the "B.C." strip on the religion page. Other work by Mr. Hart brought criticism from Jewish and Muslim groups for what they called insensitive and at times offensive themes. One Easter "B.C." strip showed a menorah's candles being extinguished as the candelabra morphs into a cross; the final frame included the words, "It is finished." To his critics, this symbolized a triumph of Christianity over Judaism, but Mr. Hart said it was meant to "pay tribute to both" religions. Muslims were enraged by another "B.C." strip that ran during the Muslim holy month of Ramadan. It featured an outhouse with multiple crescents -- a symbol associated with Islam -- and showed a cave man saying from inside the makeshift bathroom, "Is it just me, or does it stink in here?" Mr. Hart told The Post he intended the cartoon to be a "silly" bathroom joke, adding, "It would be contradictory to my own faith as a Christian to insult other people's beliefs." John Lewis Hart, a firefighter's son, was born Feb. 18, 1931, in Endicott, N.Y. As a child, he said he drew "funny pictures, which got me in or out of trouble depending on the circumstances." After high school, he served in the Air Force in Korea and produced cartoons for Pacific Stars and Stripes. The Saturday Evening Post, Colliers and True magazines later published his freelance cartoon submissions while Mr. Hart worked in the art department at General Electric in Johnson City, N.Y. While at GE, he created "B.C." and based many of the characters and their quirks on his friends and family. "I tried to reduce my cartoons to the fewest words and the least clutter in the drawing," he said in 1997. "The simpler you do things, the more genius is required to do it. I used to take ideas as far back as I could take them -- back to their origin. So cave men became my favorite thing to do because they are a combination of simplicity and the origin of ideas." He told an interviewer for a Milwaukee newspaper that he and Parker, an artist he had long known, started "Wizard of Id" because "I felt I couldn't get satirical enough as there's no society to work with in 'B.C.' It deals with the basics, man's foibles and follies. So it was an obvious transition for me from cave man to medieval times where there is a set society." Among the recurring characters in "Wizard of Id" were a despotic king and a drunken court jester. In a 1999 profile of Mr. Hart, The Post reported that the artist's own drinking "got out of hand" over the years before he found solace in religion. Mr. Hart said he was not from a devout family and "got mad at God" after his mother died of cancer at 52. He said he struggled with varieties of faith, including a belief in reincarnation, all the while enjoying the material success of his strips. He settled on a 150-acre property with a big lake and a private road. One day, a father and son team of workers came to install cable television. They were born-again Christians and kept the television tuned to religious broadcasts, which Mr. Hart said "hooked" him. "B.C." soon became a prominent outlet for his interpretations of faith. "I get incredible response on the positive side," Mr. Hart told the Dallas Morning News in 1999. "I don't know if it's the liberalization of this country or whatever [that] has taken prayer out of schools and pulled the Ten Commandments off the walls of courts, and we've become a nation of heathens. "The Christians are still out there, but they're hiding," he said. "They're afraid because every time somebody tries to make a move, somebody steps on them and pushes them back or locks them out. So they think that I'm a hero, and I'm not. . . . That's probably the most pathetic thing of all, that they admire me and think that I'm courageous and brave to mention God's name." Besides his wife, survivors include two daughters; a brother; a sister; and two grandsons. From rforno at infowarrior.org Mon Apr 9 17:00:09 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 09 Apr 2007 13:00:09 -0400 Subject: [Infowarrior] - Music stores blame RIAA for industry woes Message-ID: Spinning Into Oblivion By TONY SACHS and SAL NUNZIATO Published: April 5, 2007 http://www.nytimes.com/2007/04/05/opinion/05sachsnunziato.html?ei=5090&en=4e 2f9295623fb736&ex=1333425600&partner=rssuserland&emc=rss&pagewanted=all DESPITE the major record labels? best efforts to kill it, the single, according to recent reports, is back. Sort of. You?ll still have a hard time finding vinyl 45s or their modern counterpart, CD singles, in record stores. For that matter, you?ll have a tough time finding record stores. Today?s single is an individual track downloaded online from legal sites like iTunes or eMusic, or the multiple illegal sites that cater to less scrupulous music lovers. The album, or collection of songs ? the de facto way to buy pop music for the last 40 years ? is suddenly looking old-fashioned. And the record store itself is going the way of the shoehorn. This is a far cry from the musical landscape that existed when we opened an independent CD shop on the Upper West Side of Manhattan in 1993. At the time, we figured that as far as business ventures went, ours was relatively safe. People would always go to stores to buy music. Right? Of course, back then there were also only two ringtones to choose from ? ?riiiiinnng? and ?ring-ring.? Our intention was to offer a haven for all kinds of music lovers and obsessives, a shop that catered not only to the casual record buyer (?Do you have the new Sarah McLachlan and ... uh ... is there a Beatles greatest hits CD??) but to the fan and oft-maligned serious collector (?Can you get the Japanese pressing of ?Kinda Kinks?? I believe they used the rare mono mixes?). Fourteen years later, it?s clear just how wrong our assumptions were. Our little shop closed its doors at the end of 2005. The sad thing is that CDs and downloads could have coexisted peacefully and profitably. The current state of affairs is largely the result of shortsightedness and boneheadedness by the major record labels and the Recording Industry Association of America, who managed to achieve the opposite of everything they wanted in trying to keep the music business prospering. The association is like a gardener who tried to rid his lawn of weeds and wound up killing the trees instead. In the late ?90s, our business, and the music retail business in general, was booming. Enter Napster, the granddaddy of illegal download sites. How did the major record labels react? By continuing their campaign to eliminate the comparatively unprofitable CD single, raising list prices on album-length CDs to $18 or $19 and promoting artists like the Backstreet Boys and Britney Spears ? whose strength was single songs, not albums. The result was a lot of unhappy customers, who blamed retailers like us for the dearth of singles and the high prices. The recording industry association saw the threat that illegal downloads would pose to CD sales. But rather than working with Napster, it tried to sue the company out of existence ? which was like thinking you?ve killed all the roaches in your apartment because you squashed the one you saw in the kitchen. More illegal download sites cropped up faster than the association?s lawyers could say ?cease and desist.? By 2002, it was clear that downloading was affecting music retail stores like ours. Our regulars weren?t coming in as often, and when they did, they weren?t buying as much. Our impulse-buy weekend customers were staying away altogether. And it wasn?t just the independent stores; even big chains like Tower and Musicland were struggling. Something had to be done to save the record store, a place where hard-core music fans worked, shopped and kibitzed ? and, not incidentally, kept the music business?s engine chugging in good times and in lean. Who but these loyalists was going to buy the umpteenth Elton John hits compilation that the major labels were foisting upon them? But instead, those labels delivered the death blow to the record store as we know it by getting in bed with soulless chain stores like Best Buy and Wal-Mart. These ?big boxes? were given exclusive tracks to put on new CDs and, to add insult to injury, they could sell them for less than our wholesale cost. They didn?t care if they didn?t make any money on CD sales. Because, ideally, the person who came in to get the new Eagles release with exclusive bonus material would also decide to pick up a high-speed blender that frapp?ed. The jig was up. It didn?t matter that even a store as small as ours carried hundreds of titles you?d never see at Best Buy and was staffed by people who actually knew who Van Morrison was, or that Tower Records had the entire history of recorded music under one roof while Costco didn?t carry much more than the current hits. A year after our shop closed, Tower went out of business ? something that would have been unthinkable just a few years earlier. The customers who had grudgingly come to trust our opinions made the move to online shopping or lost interest in buying music altogether. Some of the most loyal fans had been soured into denying themselves the music they loved. Meanwhile, the recording industry association continues to give the impression that it?s doing something by occasionally threatening to sue college students who share their record collections online. But apart from scaring the dickens out of a few dozen kids, that?s just an amusing sideshow. They?re not fighting a war any more than the folks who put on Civil War regalia and re-enact the Battle of Gettysburg are. The major labels wanted to kill the single. Instead they killed the album. The association wanted to kill Napster. Instead it killed the compact disc. And today it?s not just record stores that are in trouble, but the labels themselves, now belatedly embracing the Internet revolution without having quite figured out how to make it pay. At this point, it may be too late to win back disgruntled music lovers no matter what they do. As one music industry lawyer, Ken Hertz, said recently, ?The consumer?s conscience, which is all we had left, that?s gone, too.? It?s tempting for us to gloat. By worrying more about quarterly profits than the bigger picture, by protecting their short-term interests without thinking about how to survive and prosper in the long run, record-industry bigwigs have got what was coming to them. It?s a disaster they brought upon themselves. We would be gloating, but for the fact that the occupation we planned on spending our working lives at is rapidly becoming obsolete. And that loss hits us hard ? not just as music retailers, but as music fans. Tony Sachs and Sal Nunziato own an online music retail business From rforno at infowarrior.org Mon Apr 9 17:01:26 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 09 Apr 2007 13:01:26 -0400 Subject: [Infowarrior] - Mossberg: Cut the Craplets on new PCs Message-ID: Using Even New PCs Is Ruined by a Tangle Of Trial Programs, Ads By Walter S. Mossberg http://ptech.wsj.com/archive/ptech-20070405.html When you buy a gleaming, new personal computer, the first thing you want to do is to try out its cool new features and make it your own. You want to savor how quickly it starts up and runs, and arrange the desktop icons to suit your tastes and habits. But as I rediscovered recently, often what you're forced to do instead is to spend hours as a digital maintenance man wading through annoying and confusing chores. I have set up many computers over the years, so I wasn't shocked that the out-of-box experience was less than ideal. Still, I was struck by just how irritating it was to get going with the new Sony Vaio SZ laptop I bought about 10 days ago. It was the first new Windows machine I'd bought in a few years, because I had been waiting for Microsoft's new Windows Vista operating system. I was amazed that the initial experience is still a big hassle. I'm not even referring to the most time-consuming setup processes -- transferring all your files and settings, reinstalling your favorite programs and learning the new features. Vista has actually made moving files and settings easier, and it isn't different enough from Windows XP to make for a steep learning curve. Instead, I'm talking about two main problems. One is the plethora of teaser software and advertisements for products that must be cleared and uninstalled to make way for your own stuff. The second is the confusing welter of security programs you have to master and update, even on a virgin machine. I'm also referring to how slowly a new Windows Vista machine starts and restarts, even if you haven't yet loaded or launched any of your own software. I am not singling out Sony here. I would have had a similar experience if I had chosen, say, a Hewlett-Packard laptop. Most major PC makers feature the security programs and trial software and offers I encountered on my new Sony. They are not part of Vista itself. The problem is a lack of respect for the consumer. The manufacturers don't act as if the computer belongs to you. They act as if it is a billboard for restricted trial versions of software and ads for Web sites and services that they can sell to third-party companies who want you to buy these products. I'm distinguishing these programs, sometimes called "craplets," from the full-featured, built-in Sony software meant to enhance the computer, or from entire, useful programs Microsoft builds into Windows, such as music and photo organizers. On my new Sony, there were two dozen trial programs and free offers. The desktop alone contained four icons representing come-ons for various America Online services, and two for Microsoft. The start menu and program menu had more items that I neither chose nor wanted. Napster, a music service I don't use, was lodged at the lower right of the screen. The worst was a desktop icon called "Watch Hit Movies Now!" This turned out to be four full-length films from Sony's movie studios, which the company had preloaded onto my computer at the cost of more than four gigabytes of precious hard-disk space. But they aren't a gift. If you want to play them, you have to pay Sony. Then there was the security-software mess. I signed up for a 60-day free trial of Symantec software that Sony offered. This required multiple rounds of scary warnings, scans and updates -- on the first day of using a new machine. Plus, when I tried to use a feature that stopped some unwanted programs from loading, I was forced to launch a second, somewhat redundant, security program from Microsoft. On top of this, Sony informed me it had 21 different software updates available for my brand new laptop. I also was shocked at how long this machine took to restart and to do a cold start after being completely shut down. Restarting took over three minutes, and a cold start took more than two minutes. That suggests the computer is loading a bunch of stuff I neither know about nor want. By contrast, a brand new Apple MacBook laptop, under the same test conditions, restarted in 34 seconds and did a cold start in 29 seconds. I asked Sony about all this, and the company, while acknowledging it is paid to bundle the trial programs, said the programs are carefully selected and "provide benefits to many consumers," up to 30% of whom act on the offers. Sony said the preloaded movies are "a key differentiator for our products in the marketplace, which we have found that many VAIO customers greatly appreciate." Sony also said the boot-up times I recorded are "not at all uncommon with Vista-loaded PCs" and are faster than on some competing computer brands. It defended the 21 updates on the grounds that Vista is so new that, in many cases, compatible software wasn't available when the computer shipped. Still, I wish computer makers would stop loading all these trial programs and offers on computers and that security precautions could be much less disruptive and more automatic. The first day of owning an expensive new gadget should be a pleasure, not a hassle. ? Email me at mossberg at wsj.com. See video versions of my reviews at wsj.com/mossbergvideo. Return to top of page | Format for printing Copyright 2007 Dow Jones & Company, Inc. All Rights Reserved. From rforno at infowarrior.org Tue Apr 10 19:50:55 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 10 Apr 2007 15:50:55 -0400 Subject: [Infowarrior] - RIAA case dismissed w/prejudice Message-ID: Defendant prevails in another RIAA file-sharing case By Eric Bangeman | Published: April 10, 2007 - 12:58PM CT http://arstechnica.com/news.ars/post/20070410-defendant-prevails-in-another- riaa-file-sharing-case.html A federal judge has dismissed Elektra v. Santangelo with prejudice, leaving the door open for defendant Patti Santangelo to recover attorneys' fees from the RIAA. Last month, Judge Colleen McMahon denied the RIAA's motion to dismiss the case without prejudice, ruling that the case should either be dismissed with prejudice or proceed to trial so that Santangelo could have a shot at being exonerated of the RIAA's accusations of file-sharing and copyright infringement. A stipulation of discontinuance with prejudice was entered yesterday by both the plaintiffs and defendants, which means that Santangelo is the prevailing party and therefore eligible to file a motion to recover attorneys' fees. It is anticipated that the RIAA will strongly oppose any such award of fees, as they have in Capitol v. Foster. Patti Santangelo was targeted by the RIAA in 2005 as part of its crackdown against suspected file-sharing. The divorced mother of five denied engaging in file sharing herself or having any knowledge of its happening in her house. The RIAA subsequently sued two of her children, Michelle and Robert, who were 15 and 11 years old when the alleged infringement took place. The dismissal strikes another blow against the music industry's doctrine of secondary infringement. It's an argument that the record labels have consistently made in their lawsuits: if a defendant has "a reason to know" of any infringing activity, he or she should therefore be liable for any and all infringement?even if the defendant was not aware of it. So far, the courts have not found the argument convincing, which could lead to still more dismissals. Ruling in Capitol v. Foster, Judge Lee R. West called the record labels' secondary infringement claims "untested and marginal." This is a scenario the RIAA has been anxious to avoid. Although the record industry has been eager to file lawsuits, it never wants to see the defendants exonerated, even when it's a clear case of mistaken identity. Instead, it would rather just quietly drop unwinnable cases and walk away, leaving defendants to deal with the legal bills from defending against a case that should never have been brought. For at least the second time, a judge has prevented the RIAA from doing exactly that. If the trend continues, the music industry's legal strategy could end up being far more expensive than it anticipated. From rforno at infowarrior.org Tue Apr 10 19:52:49 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 10 Apr 2007 15:52:49 -0400 Subject: [Infowarrior] - MPAA, RIAA Want to Use Pretexting During Investigations Message-ID: MPAA, RIAA Want to Use Pretexting During Investigations Michael Hoffman (Blog) - April 10, 2007 2:01 PM http://www.dailytech.com/article.aspx?newsid=6856 The RIAA and MPAA want to use pretexting to be able to gain information and make cases against pirates The Motion Picture Association of America (MPAA) and Recording Industry Association of America (RIAA) are working together to lobby state legislators to sign a proposed amendment to a California bill that deals with pretexting. The amendment would allow the trade organizations to use pretexting to enforce copyright laws. In letters sent to Sen. Ellen Corbett, both trade groups said that the legislation would undermine their anti-piracy efforts -- investigators must be able to pose as a regular person to be able to acquire pirated material. Both the MPAA and RIAA claim they need to use deceptive practices to help monitor and catch bootleggers on the Internet. The RIAA and MPAA both said they would not assume a person's identity to get personal information during an investigation. However, both entities want to make sure they legally are able to hide any type of industry connection when pursuing leads into the black market. "Basically we want criminals to feel comfortable that who they're dealing with is probably some other criminal and let us in on what's going on," said Brad Buckles, RIAA executive vice president for anti-piracy. Pretexting was brought into the spotlight after a pretexting scandal rocked Hewlett-Packard late last year. Investigators hired by HP used pretexting to get personal records of journalists and employees of the company, a move that led to a boardroom shakeup. Late last year, President Bush signed the Telephone Records and Privacy Protection Act of 2006; the U.S. federal anti-pretexting bill. The law makes it illegal for people to "knowingly and intentionally" obtain phone records by any type of deception. In addition, the FCC just set its regulations for pretexting over voice communication devices. These regulations include contacting customers and the FBI during breaches of customer privacy, as well as holding phone companies responsible for pretexting incidents. Neither associations have a loophole in the new FCC regulation or Telephone Records and Privacy Protection Act, but the MPAA has successfully lobbied similar legislation in the past. Last year, the proposed California bill to ban pretexting was shot down by a 33-27 vote in the California House. Three months prior, the California State Senate voted unamiously in favor of the bill. From rforno at infowarrior.org Wed Apr 11 02:58:23 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 10 Apr 2007 22:58:23 -0400 Subject: [Infowarrior] - Putin Tightens Internet Controls Before Presidential Election Message-ID: Putin Tightens Internet Controls Before Presidential Election By Henry Meyer http://www.bloomberg.com/apps/news?pid=20601109&sid=a2Zf7wMQnNQ4&refer=home April 10 (Bloomberg) -- President Vladimir Putin has already brought Russian newspapers and television to heel. Now he's turning his attention to the Internet. As the Kremlin gears up for the election of Putin's successor next March, Soviet-style controls are being extended to online news after a presidential decree last month set up a new agency to supervise both mass media and the Web. ``It's worrying that this happened ahead of the presidential campaign,'' Roman Bodanin, political editor of Gazeta.ru, Russia's most prominent online news site, said in a telephone interview. ``The Internet is the freest medium of communication today because TV is almost totally under government control, and print media largely so.'' All three national TV stations are state-controlled, and the state gas monopoly, OAO Gazprom, has been taking over major newspapers; self-censorship is routine. That has left the Internet as the main remaining platform for political debate, and Web sites that test the boundaries of free speech are already coming under pressure. In December, a court in the Siberian region of Khakassia shut down the Internet news site Novy Fokus for not registering as a media outlet. The site, known for its critical reporting, reopened in late March after it agreed to register and accept stricter supervision. Plug Pulled Anticompromat.ru, which wrote about Putin's pre-presidential business interests, had to find a U.S. Web server after a Russian service provider pulled the plug March 28, saying it had been warned by officials to stop hosting the site. Last year, the authorities shut down a Web site called Kursiv in the city of Ivanovo, northeast of Moscow, that lampooned Putin as a ``phallic symbol of Russia'' for his drive to boost the birthrate. Putin's spokesman, Dmitry Peskov, said Russia isn't restricting media freedom and that the new agency isn't aimed at policing the Web. ``If you watch TV, even federal TV channels, you'll hear lots of criticism of the government,'' Peskov said in an interview. ``This new agency will be in charge of licensing. It's not about controlling the Internet.'' Putin, 54, isn't allowed to run for re-election in 2008 under Russia's two-term constitutional limit. Instead, he is promoting two potential successors: First Deputy Prime Minister Dmitry Medvedev, a 41-year-old lawyer, and Sergei Ivanov, 54, a KGB colleague of Putin who oversees much of Russian industry, including transport and nuclear power. The two, who both come from Putin's hometown of St. Petersburg, have become fixtures on state-controlled television. Gorbachev's Complaint Former Soviet leader Mikhail Gorbachev, whose policy of glasnost, or openness, ushered in media freedom in the late 1980s after decades of Soviet censorship, has condemned the state propaganda on the airwaves. ``The one thing I can say is that it's pointless today to watch television,'' Gorbachev, 76, said on the 20th anniversary of the launch of ``perestroika,'' his drive to allow more political and economic freedom that led to the collapse of the Soviet Union. While most Russians rely on television for news, increasing numbers are turning to the Internet. Around a quarter of the adult population -- 28 million people -- are regular Internet users, according to the Public Opinion Foundation, a Moscow-based research organization. In 2002, only 8 percent fell into that category. A Mass Medium ``When the Internet becomes more of a mass medium, then governments start getting worried, and they start treating it like the mass media,'' said Esther Dyson, who helped establish the Internet's system of domain names and addresses, and has consulted extensively in Russia. ``You can't control the Internet, but you can control people,'' she said in a telephone interview during a visit to Moscow. Oleg Panfilov, head of the Center for Journalism in Extreme Situations in Moscow, predicted in a telephone interview that ``pressure on the media is going to worsen'' as the presidential succession draws nearer. Reporters who write critically about government policies are subjected to intimidation, arrests, attacks and other forms of pressure, the Vienna-based International Helsinki Federation for Human Rights said March 27 in its annual report. Facing Prison Viktor Shmakov, editor of the newspaper Provintsialny Vesti in the oil-rich Bashkortostan republic, is facing up to 10 years in prison. Prosecutors charged him with inciting mass disturbances after his weekly urged readers to attend an opposition rally last year. Russia is the second most dangerous country for journalists after Iraq, with 88 killed in the past 10 years, according to the Brussels-based International News Safety Institute. Last October, Anna Politkovskaya, a prominent reporter and Kremlin critic who uncovered human-rights abuses by security forces in the southern Russian republic of Chechnya, was shot dead in the elevator of her apartment building in Moscow. A journalist for the Kommersant daily, Ivan Safronov, who was investigating Russian weapons sales to Iran and Syria, fell to his death from a window in his Moscow apartment March 2. The government, meanwhile, has been expanding Gazprom's media role. The company already took control of independent channel NTV in 2001 and bought long-established Russian daily Izvestia in 2005. Last year, Kommersant, once owned by tycoon and exiled Kremlin critic Boris Berezovsky, was sold to Alisher Usmanov, a steel magnate who is head of a Gazprom subsidiary. And Gazprom said in November it will acquire Russia's biggest-selling daily, Komsomolskaya Pravda, which has a circulation of 800,000. Vladimir Rakhmankov, editor of the Web site that lost its Russian server after mocking Putin, said the Web crackdown is part of the final phase of a campaign to stifle free speech. ``Thank God the Internet is difficult to close down, but I think they will go after journalists who write things they don't like,'' he said. To contact the reporter on this story: Henry Meyer in Moscow at hmeyer4 at bloomberg.net . Last Updated: April 9, 2007 16:00 EDT From rforno at infowarrior.org Wed Apr 11 04:42:11 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 Apr 2007 00:42:11 -0400 Subject: [Infowarrior] - Spy Chief Seeks to Expand Power Message-ID: Spy Chief Seeks to Expand Power http://blog.wired.com/27bstroke6/2007/04/spy_chief_seeks.html The new director of national intelligence is seeking to expand the government's ability to conduct black bag searches, allow the National Security Agency to spy on foreigners inside the United States without a warrant, kill off lawsuits against telecoms for helping the government spy on American's phone calls, and make it easier for the government to get phone and email records, even as the FBI remains mired in a scandal over its illegal and widespread use of a Patriot Act power, according to the Associated Press. The draft bill being circulated by spy chief Mitch McConnell would, according to the AP: * Give the NSA the power to monitor foreigners without seeking FISA court approval, even if the surveillance is conducted by tapping phones and e-mail accounts in the United States.[...] * Clarify the standards the FBI and NSA must use to get court orders for basic information about calls and e-mails ? such as the number dialed, e-mail address, or time and date of the communications. Civil liberties advocates contend the change will make it too easy for the government to access this information. * Triple the life span of a FISA [Foreign Intelligence Surveillance Act] warrant for a non-U.S. citizen from 120 days to one year, allowing the government to monitor much longer without checking back in with a judge. * Give telecommunications companies immunity from civil liability for their cooperation with Bush's terrorist surveillance program. Pending lawsuits against companies including Verizon and AT&T allege they violated privacy laws by giving phone records to the NSA for the program. * Extend from 72 hours to one week the amount of time the government can conduct surveillance without a court order in emergencies. The bill would be yet another attempt to update FISA, a bill that seems to always be not up to the task. It was last updated in 2005. Shortly thereafter, the government's warrantless wiretapping program and a related program in which phone companies dumped their phone call databases to the NSA were revealed, giving lie to campaign assurances from President Bush that all wiretaps had court approval. The provision to include what can only be retroactive immunity for telcos is very interesting in that this provision has been widely rumored in many bills floating around Congress, but has never been inserted in a publicly introduced bill. It's evidence that the telcos remain afraid that they could be found liable for billions of dollars in fines if a court finds they indeed helped the government spy on Americans without requiring valid legal process. McConnell is going to have a tough road ahead of him, given the bill needs the blessing of the Senate Judiciary Committee, which these days is talking about rolling back Patriot Act powers, not increasing them. From rforno at infowarrior.org Wed Apr 11 12:02:53 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 Apr 2007 08:02:53 -0400 Subject: [Infowarrior] - DVD Security Group Says It Fixed Flaws Message-ID: ...and this improved version will be cracked in how many days??? -rf DVD Security Group Says It Fixed Flaws By Gary Gentile Font Scale: Posted 09 April 2007 @ 05:20 pm EST http://ibtimes.com/articles/20070409/dvd-security.htm The group behind security measures for next-generation DVDs said Monday it has fixed a leak that allowed hackers to discover the keys for unlocking movies on HD DVD and Blu-ray discs. Makers of software for playing the discs on computers will offer patches containing new keys and closing the hole that allowed observant hackers to discover ways to strip high-def DVDs of their protection. Digital rights management protection, or DRM, is intended to prevent copying of the movies. Hackers working late last year and early this year were able to observe computer code found on the PC-based DVD players and discover keys that unlock protections on all high-def discs, so copies could be made. On Monday, the group that developed the Advanced Access Content System said it had worked with device makers to deactivate those keys and refresh them with a new set. Companies such as Corel Corp., which owns InterVideo, makers of a popular PC-based playback software, will also distribute more secure versions, said Michael Ayers, chairman of the AACS License Administrator. "The device keys associated with the InterVideo player are being deactivated and InterVideo has updated its player," Ayers said. "They are taking steps that block off access to the inner workings of the application." New high-def DVDs will include updated keys and instructions for older versions of the PC-playback software not to play discs until the software patch has been installed. Corel has told users of its software that failure to download the free patch will disable the ability to play high-def DVDs. Stand-alone DVD players, such as the Toshiba HD DVD player and the Sony Blu-ray player, are not affected by Monday's announcement. So far, no problems have been found with their security. Ayers said future assaults by hackers can be similarly fixed by replacing compromised keys with new ones. "AACS is a high-profile technology and is protecting high-profile content, so we fully expect there will be future attempts," Ayers said. From rforno at infowarrior.org Wed Apr 11 16:32:58 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 Apr 2007 12:32:58 -0400 Subject: [Infowarrior] - The FBI's terrorism trade-off In-Reply-To: Message-ID: Wednesday, April 11, 2007 ? Last updated 1:13 a.m. PT The FBI's terrorism trade-off Focus on national security after 9/11 means that the agency has turned its back on thousands of white-collar crimes By PAUL SHUKOVSKY, TRACY JOHNSON AND DANIEL LATHROP P-I REPORTERS ? 2007 Seattle Post-Intelligencer Thousands of white-collar criminals across the country are no longer being prosecuted in federal court -- and, in many cases, not at all -- leaving a trail of frustrated victims and potentially billions of dollars in fraud and theft losses. It is the untold story of the Bush administration's massive restructuring of the FBI after the terrorism attacks of 9/11. Five-and-a-half years later, the White House and the Justice Department have failed to replace at least 2,400 agents transferred to counterterrorism squads, leaving far fewer agents on the trail of identity thieves, con artists, hatemongers and other criminals. Two successive attorneys general have rejected the FBI's pleas for reinforcements behind closed doors. While there hasn't been a terrorism strike on American soil since the realignment, few are aware of the hidden cost: a dramatic plunge in FBI investigations and case referrals in many of the crimes that the bureau has traditionally fought, including sophisticated fraud, embezzlement schemes and civil rights violations. "Politically, this trade-off has been accepted," said Charles Mandigo, a former FBI congressional liaison who retired four years ago as special agent in charge in Seattle. "But do the American people know this trade-off has been made?" Among the findings of a six-month Seattle P-I investigation, analyzing more than a quarter-million cases touched by FBI agents and federal prosecutors before and after 9/11: # Overall, the number of criminal cases investigated by the FBI nationally has steadily declined. In 2005, the bureau brought slightly more than 20,000 cases to federal prosecutors, compared with about 31,000 in 2000 -- a 34 percent drop. # White-collar crime investigations by the bureau have plummeted in recent years. In 2005, the FBI sent prosecutors 3,500 cases -- a fraction of the more than 10,000 cases assigned to agents in 2000. In Western Washington, the drop has been even more dramatic. Records show that the FBI sent 28 white-collar cases to prosecutors in 2005, down 90 percent from five years earlier. # Civil rights investigations, which include hate crimes and police abuse, have continued a steady decline since the late 1990s. FBI agents pursued 65 percent fewer cases in 2005 than they did in 2000. # Already hit hard by the shift of agents to terrorism duties, Washington state's FBI offices suffer from staffing levels that are significantly below the national average. While other federal agencies have stepped in to pick up more of the load in drug enforcement, and the FBI has worked to keep agents on Indian reservations, the gaps created by the Bush administration's war on terrorism are troubling to criminal justice experts, police chiefs -- even many current and former FBI officials and agents. "There's a niche of fraudsters that are floating around unprosecuted," said one recently retired top FBI official, who spoke on condition of anonymity. "They are not going to jail. There is no law enforcement solution in sight." In most cases, local law enforcement agencies haven't been able to take up the slack. Seattle police Chief Gil Kerlikowske said his department isn't as equipped to handle complex white-collar investigations -- particularly when officers must also join anti-terrorism efforts and when federal funding for local police departments has shrunk. Whether the solution is to hire more FBI agents or shift some away from the counterterrorism effort, he said, more resources should be devoted to solving white-collar crime. "This is like the perfect storm," Kerlikowske said. "It's now five years later. We should be rethinking our priorities." A solution can't come soon enough for a growing number of discouraged fraud victims: A 75-year-old Issaquah woman who was allegedly swindled out of more than $1 million. A cancer patient whose identity was stolen from a Seattle hospital. People who fell victim to a nationwide investment scam worth about $70 million. They all sought the FBI's help. They got little or none. "As far as I'm concerned, the FBI has no interest in protecting people from these kinds of crimes," said Lloyd Martindale Jr., a Bellingham man who put $500,000 into an investment con and is still fighting to get some of it back. "They were not responsive to this at all." If the FBI had continued investigating financial crimes at the same rate as it had before the World Trade Center came down, about 2,000 more white-collar criminals would be behind bars, according to the P-I analysis, which was based on Justice Department data from 1996 through June 2006. Since 9/11, the number of white-collar convictions in federal courts has dropped about 30 percent. White-collar crimes often affect the people least able to afford it -- lower-income and elderly people, according to Peter Henning, a former Justice prosecutor who teaches law at Wayne State University in Detroit. "If you keep it small, and act quickly and get out of the jurisdiction, you can avoid being prosecuted," he said. "Scam artists know that." Large numbers of FBI agents also were transferred out of violent-crime programs because bureau officials knew that local police -- who have overlapping jurisdiction in violent crimes -- would have to help. The retired FBI official said the Bush administration is forcing the bureau to "cannibalize" its traditional crime-fighting units in the name of fighting terrorism. "The administration is starving the criminal program," the former official said. (story continues) From rforno at infowarrior.org Wed Apr 11 21:59:07 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 Apr 2007 17:59:07 -0400 Subject: [Infowarrior] - USAF to begin "bluespamming" Message-ID: (Yet another reason not to have Bluetooth enabled on your cellphone except when routinely sync'ing it......if they're doing it, you know companies --- and miscreants -- will, too...rf) The Air Force is marketing through cellphones to push enlistments. http://www.rcrnews.com/apps/pbcs.dll/article?AID=/20070411/FREE/70411001/101 2/rss01 Air Force turns to mobile marketing to up recruitment By Brooke Capps Story posted: April 11, 2007 - 11:30 am EDT Advertisement Click Here for More Information! On Friday, fans wandering around the sidelines of the Texas Motor Speedway in Dallas will be the first to experience the mobile arm of GSD&M's "Do Something Amazing" campaign for the United States Air Force. The Air Force said it has hit all its recruitment goals since hiring the Omnicom Group agency, and with 81 percent of the Air Force's target audience toting cellphones, mobile was an obvious next step. "More kids are going to have more access to this technology," said the Air Force's interactive account executive, Master Sgt. Deshaun Woods. "If we get involved now, we are going to be well-established when the market becomes more saturated." "We're a technology brand," said Travis Scoggins, the Air Force's account supervisor at GSD&M, "and we are looking for those people who are tech savvy." The tease? As part of the Air Force's "Do Something Amazing" tour, which makes stops at motocross, Nascar and other sporting events around the country, Bluetooth transmitters will be set up in areas around the tracks and stadiums. The transmitters ping any mobile device set to accept messages sent via Bluetooth, sending consumers invitations to stop by the tour and "check out what it's like to do something amazing." Once inside the event space, consumers will find pods dedicated to each of the career paths the Air Force has to offer. Users will be able to download documentary-style videos to their phones about Air Force careers. "Event marketing is a great place to engage people, but there's a lag time between when we engage with them at the tour and when they get home and explore on their computer. This eliminates that gap. They immediately walk away with a video they like, a ringtone they heard, a wallpaper they thought was cool," Scoggins said. The offering will also work through text messaging. Woods hopes the campaign will put information about the Air Force into the target's hand. He envisions high-school students talking to each other about the Air Force and one of them pulling out his or her cellphone to share career options and pay possibilities. "All the information will be right there," he said. "They will be able to carry it with them." Brooke Capps is a reporter with Advertising Age, a sister publication to RCR Wireless News. Both publications are owned by Crain communications Inc. From rforno at infowarrior.org Thu Apr 12 01:56:31 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 Apr 2007 21:56:31 -0400 Subject: [Infowarrior] - Uncle Sam Earns "C-Minus" in Computer Security Message-ID: Uncle Sam Earns "C-Minus" in Computer Security http://blog.washingtonpost.com/securityfix/?hpid=news-col-blogs The federal government earned an overall grade of "C-minus" last year for securing its computer systems and networks from hackers, malicious insiders and viruses, a slight improvement from scores awarded to agencies in 2005, Security Fix has learned. Last year, 24 federal agencies earned a government-wide grade of D-minus in meeting computer and network security requirements. Security Fix will have more details on the individual agency grades late Thursday morning, but according to sources familiar with the process, this year's results are a mixed bag. Many agencies that won high marks this year turned in worse performances in 2005 and vice versa. The grades will be released at an event Thursday at the Center for Innovative Technology in Herndon, Va., by Rep. Tom Davis, the Virginia Republican who authored the law mandating these grading requirements. Davis is the ranking member of the House Committee on Oversight and Government Reform. When I received a tip that the report cards were going to be released this week, I contacted the majority office to follow up on the rumor, as the Democrats of course now control Congress. When I contacted the majority office on Tuesday, I was told privately that my source was probably misinformed, as the committee wasn't slated to release the grades until May, when it planned to hold a hearing on them. Less than 24 hours later, Davis's office issued a press release saying the grades would be released Thursday. Democrats on the committee's majority staff said they were caught off-guard by the announcement. Davis staff director Dave Marin said this is the first time panel Democrats have expressed interest in the annual reports. "We've done this every year, and each time the Democrats have shown no interest whatsoever," Marin said. "It's not a committee function, and there's nothing in the law or [regulations] that says the committee has ownership of the grades. That said, we welcome participation and feedback from any Democrats who are interested." For the past several years, I attended the hearings where the grades were released. Almost without exception, the sole lawmaker in attendance was former Rep. Stephen Horn, the droll Republican from California who headed one of the Government Reform subcommittees. The grades are based on the agencies' internal assessments and information they are required to submit annually to the White House Office of Management and Budget. The letter grades depended on how well agencies met the requirements detailed in the Federal Information Security Management Act. The 2003 law, known as FISMA, requires agencies to meet a wide variety of computer security standards, ranging from operational details -- such as ensuring proper password management by workers and restricting employee access to sensitive networks and documents -- to creating procedures for reporting security problems. From rforno at infowarrior.org Thu Apr 12 02:05:17 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 Apr 2007 22:05:17 -0400 Subject: [Infowarrior] - Turbotax Vulnerability Message-ID: Glitch Gives Woman Access To Others' Turbo Tax Information Flaw Could Lead To Identity Theft POSTED: 11:00 am EDT April 9, 2007 UPDATED: 12:04 pm EDT April 9, 2007 http://www.nbc4.com/money/11588165/detail.html WASHINGTON -- Many people use Turbo Tax to help them file their taxes, but one woman discovered an error in the program that could cost users thousands of dollars and their identities. The woman discovered a key to the backdoor of some tax returns filed online through Turbo Tax. "I knew immediately how big this was," she said. "This is very, very bad." A Turbo Tax customer herself, the woman attempted to access some past filings and the route she took online opened returns for several others with the same last name but different first initials. "For a bad guy to get this information would mean they could retire rich and happy," the woman said. She was able to access tax returns for Turbo Tax customers she never met in different parts of the country. On her screen, she found everything needed for electronic filing from bank account to routing digits and Social Security numbers. "It's clear that she was able to access information that she shouldn't have been able to," said Gordon Whitten of Turbo Tax. An Omaha-based official with the Turbo Tax parent company said the inadvertent access to some tax files came as a shock. "We think it was a quirk, an individual circumstance as far as we know," Whitten said. "So what we did is we took that link down in the product for now until we can fully investigate to make sure the issue won't happen again to anybody else." The flaw does not involve the Turbo Tax software, only the Web site that allows taxpayers to create an account and do their taxes. For security reasons, the common last name or how the woman inadvertently gained access to three other Turbo Tax accounts were not revealed. From rforno at infowarrior.org Thu Apr 12 12:02:35 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 Apr 2007 08:02:35 -0400 Subject: [Infowarrior] - RIP, Kurt Vonnegut Message-ID: Kurt Vonnegut, Novelist Who Caught the Imagination of His Age, Is Dead at 84 By DINITIA SMITH Kurt Vonnegut, whose dark comic talent and urgent moral vision in novels like ?Slaughterhouse-Five,? ?Cat?s Cradle? and ?God Bless You, Mr. Rosewater? caught the temper of his times and the imagination of a generation, died last night in Manhattan. He was 84 and had homes in Manhattan and in Sagaponack on Long Island. Mr. Vonnegut suffered irreversible brain injuries as a result of a fall several weeks ago, according to his wife, Jill Krementz. Mr. Vonnegut wrote plays, essays and short fiction. But it was his novels that became classics of the American counterculture, making him a literary idol, particularly to students in the 1960s and ?70s. Dog-eared paperback copies of his books could be found in the back pockets of blue jeans and in dorm rooms on campuses throughout the United States. Like Mark Twain, Mr. Vonnegut used humor to tackle the basic questions of human existence: Why are we in this world? Is there a presiding figure to make sense of all this, a god who in the end, despite making people suffer, wishes them well? He also shared with Twain a profound pessimism. ?Mark Twain,? Mr. Vonnegut wrote in his 1991 book, ?Fates Worse Than Death: An Autobiographical Collage,? ?finally stopped laughing at his own agony and that of those around him. He denounced life on this planet as a crock. He died.? Not all Mr. Vonnegut?s themes were metaphysical. With a blend of vernacular writing, science fiction, jokes and philosophy, he also wrote about the banalities of consumer culture, for example, or the destruction of the environment. His novels ? 14 in all ? were alternate universes, filled with topsy-turvy images and populated by races of his own creation, like the Tralfamadorians and the Mercurian Harmoniums. He invented phenomena like chrono-synclastic infundibula (places in the universe where all truths fit neatly together) as well as religions, like the Church of God the Utterly Indifferent and Bokononism (based on the books of a black British Episcopalian from Tobago ?filled with bittersweet lies,? a narrator says). The defining moment of Mr. Vonnegut?s life was the firebombing of Dresden, Germany, by Allied forces in 1945, an event he witnessed firsthand as a young prisoner of war. Thousands of civilians were killed in the raids, many of them burned to death or asphyxiated. ?The firebombing of Dresden,? Mr. Vonnegut wrote, ?was a work of art.? It was, he added, ?a tower of smoke and flame to commemorate the rage and heartbreak of so many who had had their lives warped or ruined by the indescribable greed and vanity and cruelty of Germany.? His experience in Dresden was the basis of ?Slaughterhouse-Five,? which was published in 1969 against the backdrop of war in Vietnam, racial unrest and cultural and social upheaval. The novel, wrote the critic Jerome Klinkowitz, ?so perfectly caught America?s transformative mood that its story and structure became best-selling metaphors for the new age.? To Mr. Vonnegut, the only possible redemption for the madness and apparent meaninglessness of existence was human kindness. The title character in his 1965 novel, ?God Bless You, Mr. Rosewater,? summed up his philosophy: < - > http://www.nytimes.com/2007/04/12/books/12vonnegut.html?_r=1&hp=&oref=slogin &pagewanted=print From rforno at infowarrior.org Thu Apr 12 14:09:05 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 Apr 2007 10:09:05 -0400 Subject: [Infowarrior] - The Army's looking for a few good online gamers Message-ID: The Army's looking for a few good online gamers By Theresa Howard, USA TODAY Thu Apr 12, 6:52 AM ET http://news.yahoo.com/s/usatoday/20070412/tc_usatoday/thearmyslookingforafew goodonlinegamers NEW YORK - The U.S. Army is about to invade the online gaming community with an estimated $2 million sponsorship deal with the Global Gaming League website. Starting in June, the Army will sponsor a "national gaming" area as a way to tap into the site's 9.2 million players per month of everything from shooter games to pro baseball. It hopes to find candidates for recruitment among the 17- to 24-year-old males who are 80% of the gamers on the site - young men hard to reach with advertising. "The consumer model for traditional media is changing," says Gary Bishop, who oversees Army marketing and advertising. "We're grappling with the challenge of how do we better use new media to tell the Army story. Online is probably the best way." GGL is a gaming community site that blends game news and play. Founder Ted Owen describes it as "ESPN meets MySpace for gamers. Video gaming is a culture. The Army has been a very forward thinker. They get it." It joins other advertisers who increasingly see gaming - sites and in-game product placement - as a cost-effective medium. In-game ad revenue was projected to reach $164 million in the USA last year and is expected to top $732 million by 2009, according to consumer tech researcher The Yankee Group. Players in the national gaming area can compete for prizes and rankings in 15 games. They then can move into the top rung of competition with the service's America's Army video game, introduced in 2002. Top players will face off in a monthly Elite Forces tournament. Besides winning video games, top players may win a chance to try out the Army's sophisticated computer simulations of real combat situations. "We're taking the idea of military gaming and having the Army leverage an existing environment to find potential candidates for recruits," says Reuben Hendell, CEO of MRM Worldwide, the agency that will create the specialized games section. Players can opt-in to receive Army information when they register for the games. "Once their hand is raised, we'll pursue it," says Anders Ekman, an executive vice president with MRM. "There's a pretty hefty (goal for leads) associated with this." While the Army has met its monthly recruitment goals through traditional media during the Iraq war, Bishop says the gaming deal presents an opportunity "to tell the Army story. It's not all about combat. Being in the Army is about driving trucks, welding, nurses and computers. If we have an opportunity to tell the Army story, we may have better influence." From rforno at infowarrior.org Thu Apr 12 16:34:49 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 Apr 2007 12:34:49 -0400 Subject: [Infowarrior] - Content in lockdown Message-ID: Content in lockdown An unbreakable link between media and its delivery end point is near http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&A=/article/07/0 3/28/14OPcurve_1.html By Tom Yager March 28, 2007 I?m increasingly aghast at the erosion of the traditional freedom we?ve enjoyed to do whatever we please with our personal computers -- but intrigued by the science behind it. My latest revelation came during a recent visit to AMD for a day of briefings, mostly about the Barcelona quad-core Opteron and the Torrenza direct-connect coprocessor interface. During that visit, I got the briefest of updates on ATI?s new GPU (graphics processing unit) technology. It will ship with software that plays movies on Blu-ray discs. The AMD rep spelled it out in words that would have been undiplomatic coming from me: He said that the new chips will ?block unauthorized access to the frame buffer.? In short, that means an unauthorized party can?t save the contents of the display to a file on disk unless the content owner approves it. There is a short list of parties who will be unauthorized to access your frame buffer: You. There is a long list of parties who are authorized to access your frame buffer, and that list includes Microsoft, Apple, AMD, Intel, ATI, NVidia, Sony Pictures, Paramount, HBO, CBS, Macrovision, and all other content owners and enablers that want your machine to themselves whenever you?re watching, listening to, reading, or shooting monsters with their products. Video, audio, and software will all drive a similar road, that being a single, unmodifiable path from the original encoded, licensed source to rendering, and on to delivery (display, headphones, portable device, printer, or memory for execution of software). This bit of progress seems to have little relevance to IT until you expand the meaning of the word ?content? to encompass that which you create that is consumed by human eyes and ears. As people working the IT side of business, academia, and government, we know all too well that personal and customer information, trade secrets, and other varieties of confidential data can be intercepted using tricks similar to those that are used to swipe movies and music. IT content needs that direct path from source media to delivery, too, so that possession of encoded media -- say, a Blu-ray disc -- is critical to viewing, listening, or executing. For example, right now there is no unbreakable way to arrange that a PDF or other sort of viewable document can?t be copied or at least stored as a snapshot of the display. The audio portion of a classified presentation can be recorded as easily as hooking an analog or digital recorder into the headphone output. HTML would be a much more viable means of rendering rich content if it could be protected. Rich document and multimedia rendering engines would know if they were talking to delivery devices that were specifically matched with physically secure equipment. If a renderer couldn?t verify that a display or headset that it trusts was the sole source of delivery, nothing would appear or be heard. It?s easy to write off entertainment content owners and distributors as a money-grubbing cartel; for the most part, they are. But the technical work they do to protect what they own matters, even that work which we find distasteful given needless extremes of use such as pay-per-single-view. They?ve got the money to drive the science of data and content protection. If they perfect that unbreakable link between the media and the delivery end point, if there?s never another DVD image splattered all over the Internet, then IT will be able to make a promise that, to date, it couldn?t: Nobody can view or copy your data without authorization. From rforno at infowarrior.org Thu Apr 12 16:39:20 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 Apr 2007 12:39:20 -0400 Subject: [Infowarrior] - Hackers offer subscription, support for their malware Message-ID: Hackers offer subscription, support for their malware Organised hacking gangs set up malware subscription sites Jaikumar Vijayan 05/04/2007 08:17:16 http://www.computerworld.com.au/index.php/id;838771320;fp;16;fpid;0;pf;1 Like many just-launched e-commerce sites in the world, this unnamed Web site has a fairly functional, if somewhat rudimentary, home page. A list of options at top of the home page allows visitors to transact business in Russian or in English, offers an FAQ section, spells out the terms and conditions for software use and provides details on payment forms that are supported. But contact details are, shall we say, sparse. That's because the merchandise being hawked on the site -- no we're not going to say what it is -- aren't exactly legitimate. The site offers malicious code that webmasters with criminal intent can use to infect visitors to their sites with a spyware Trojan. In return for downloading the malware to their sites, Web site owners are promised at least 50 Euros -- about US$66 -- every Monday, with the potential for even more for "clean installs" of the malicious code on end user systems. "If your traffic is good, we will change rates for you and make payout with new rates," the site promises. As organized gangs increasingly turn to cybercrime, sites like the one described are coming to represent the new face of malware development and distribution, according to security researchers. Unlike malicious code writers of the past who tended to distribute their code to a tight group of insiders or in underground newsgroups, the new breed is far more professional about how it hawks, plies and prices its wares, they said. "We've been seeing a growth of highly organized managed exploit providers in non-extradition countries" over the past year or so, said Gunter Ollmann, director of security strategies at IBM's ISS X-Force team. For subscriptions starting as low as $20 per month, such enterprises sell "fully managed exploit engines" that spyware distributors and spammers can use to infiltrate systems worldwide, he said. The exploit code is usually encrypted and uses a range of morphing techniques to evade detection by security software. It is designed to use various vulnerabilities to try and infect a target system. And many exploit providers simply wait for Microsoft's monthly patches, which they then reverse engineer to develop new exploit code against the disclosed vulnerabilities, Ollmann said. "All you've got to do is just subscribe to them on a monthly basis," Ollmann said. "The going rate is about $20." One such site was discovered by Don Jackson, a security researcher at SecureWorks, an Atlanta-based managed security service provider. While investigating a Trojan named Gozi recently, Jackson discovered that it was designed to steal data from encrypted SSL streams and send it to a server based in St. Petersburg, Russia. The Trojan took advantage of a vulnerability in the iFrame tags of Microsoft's Internet Explorer and had apparently been planted on several hosted Web sites, community forums, social networking sites and sites belonging to small businesses. The server to which the stolen information was sent to held more than 10,000 records containing confidential information belonging to about 5,200 home users. It was maintained by a group called 76Service and contained server-side code for stealing data from systems -- as well as code for an administrator interface and a customer interface for data mining, Jackson said. The front end allowed subscribers to login to individual accounts, view indexed data and get results from queries based on certain fields such as IP addresses and URLs. Each customer-generated query had a price associated with it, Jackson said. The currency unit used on the site was WMZ, a WebMoney unit roughly equivalent to the U.S. dollar, Jackson said. A customer query returning three passwords for a small retailer might cost 100 WMZ, while a query for 10 passwords for an international bank might fetch 2,500 WMZ or more. Customers could also choose how they wanted their search results delivered -- as compressed files in e-mails or via FTP. The actual Gozi Trojan code itself appears to have been purchased by 76Service from a Russian hacking group called the HangUp Team. Such code typically costs about $1,000 to $2,000, depending on its sophistication, Jackson said. In addition to the original Trojan, the server also hosted two ready-to-deploy variants in a separate staging area. The malicious code included a downloader and a stored password stealer and appeared to be have been made to order for 76Service. Often, groups such as the HangUp Team also offer a detection monitoring service with which they keep an eye on anti-virus vendors to know exactly when signatures are available that can detect their malware. Customers who can afford the service are then told to start releasing variants to evade detection. And customers willing to pay for premium service can get hundreds of such ready-to-use variants bundled with their initial malware code purchase. "When the first variant is detected by many AV vendors and data from new infections starts to slow, the person providing the executable code is to spot that and release a new variant," Jackson said. The actual server hardware that the 76Service used was being managed by another entity called Russian Business Network (RBN), which provided SNMP-based management and back-up services. "This ensured a level of service [comparable to] a hosting provider," Jackson said. "We are not talking about kids doing it for kicks over the weekend anymore," said Yuval Ben-Itzhak,, chief technology officer of Finjan a Californian-based security vendor. "This is real cash, real money that's involved here." A report released last June by Finjan, had already noted a trend towards the commercialization of malicious code, Ben-Itzhak said. That report noted that cybercriminals hold "vulnerability auctions" at they sell information on freshly discovered software flaws to the highest bidder. Another trend spotted was the packaging of exploits into professional, off-the-shelf tool kits that can be used to create malicious Web sites. One such tool kit -- Web Attacker -- cost just $300 from a Russian Web site. "Just like any other legitimate software company, the Russian Web site even solicited support and update service, and provided detailed reporting capabilities that could outline the number of people infected per exploit and per operating system," the Finjan report noted. "The level of investment in this particular software indicates that there is substantial demand for such products." From rforno at infowarrior.org Thu Apr 12 19:58:43 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 Apr 2007 15:58:43 -0400 Subject: [Infowarrior] - Vista DRM could hide malware Message-ID: Vista DRM could hide malware 11 Apr 2007 17:05 Security researcher releases proof-of-concept program that hackers could exploit to target Microsoft Vista systems A security researcher has released a proof-of-concept program that hackers could use to exploit Windows Vista digital rights management processes to hide malware. Alex Ionescu claims to have developed the program ? D-Pin Purr v1.0 ? that will arbitrarily enable and disable protected processes in Vista, Microsoft's latest operating system. Screenshots on Ionescu's blog suggest the program can be run successfully. Ionescu included stack information related to one of the processes that is by default protected on Vista. Try to retrieve that information using Process Explorer and you get an error message. In Ionescu's screenshot, taken after allegedly removing the protection, the information is visible. The binary for the program, which is available for download, is currently being tested by security experts. Fraser Howard, a principal virus researcher at security vendor Sophos, told ZDNet UK that the program looks feasible. At the time of writing Howard had managed to get it running, but had not managed to successfully protect and unprotect processes on his machine. "I have not confirmed it, but I have little doubt it will work as intended [to remove protection]," said Howard. "This should mean it is perfectly possible to add protection to processes as well." The source code for the program is not available. Should the source code of the program become available to hackers, this could mean that other processes would not be able to properly "inspect" the hacked protected process, according to Howard. "The fact that the DRM within Vista presents a mechanism through which code may attempt to restrict what other processes ? including security applications ? are able to do, is a problem in itself. The presence of that problem creates a hive of activity with people trying to hijack the mechanism, either as a proof of concept, or as a malicious attack," Howard said. "In this case, the source code has not been released, just a binary which can be used to demonstrate the issue. Had there been source code, I am sure we would see malware authors trying to add that functionality to malware. As it is, supposing the claims are valid, there will no doubt be authors looking to include such functionality themselves into their malware." With no release of any source code or details, Howard was unable to comment on how Ionescu had managed to develop D-Pin Purr v1.0. "The binary deliberately uses obfuscation to limit the number of people who could reverse engineer and misuse that knowledge," said Howard. "But it does use a driver ? Microsoft states in its documentation that people should not use a driver to bypass the protection mechanism." Howard said that to run the binary to add and remove protection, users need to be running the code with elevated privileges. Microsoft could offer no comment at the time of writing. Story URL: http://news.zdnet.co.uk/security/0,1000000189,39286677,00.htm Copyright ? 1995-2006 CNET Networks, Inc. All rights reserved ZDNET is a registered service mark of CNET NEtworks, Inc. ZDNET Logo is a service mark of CNET Networks, Inc. From rforno at infowarrior.org Thu Apr 12 22:12:48 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 Apr 2007 18:12:48 -0400 Subject: [Infowarrior] - Thanks a Lot, Apple Message-ID: http://www.apple.com/hotnews/ > iPhone has already passed several of its required certification tests and is > on schedule to ship in late June as planned. We can?t wait until customers get > their hands (and fingers) on it and experience what a revolutionary and > magical product it is. However, iPhone contains the most sophisticated > software ever shipped on a mobile device, and finishing it on time has not > come without a price ? we had to borrow some key software engineering and QA > resources from our Mac OS X team, and as a result we will not be able to > release Leopard at our Worldwide Developers Conference in early June as > planned. While Leopard's features will be complete by then, we cannot deliver > the quality release that we and our customers expect from us. We now plan to > show our developers a near final version of Leopard at the conference, give > them a beta copy to take home so they can do their final testing, and ship > Leopard in October. We think it will be well worth the wait. Life often > presents tradeoffs, and in this case we're sure we've made the right ones. > [Apr 12, 2007] I don't even WANT an iPhone......but I do want Leopard..... -rf From rforno at infowarrior.org Fri Apr 13 01:11:43 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 Apr 2007 21:11:43 -0400 Subject: [Infowarrior] - Librarian Who Resisted FBI Says Patriot Act Invades Privacy Message-ID: Librarian Who Resisted FBI Says Patriot Act Invades Privacy By Andrew Miga Associated Press Thursday, April 12, 2007; A12 http://www.washingtonpost.com/wp-dyn/content/article/2007/04/11/AR2007041102 041_pf.html A librarian who fended off an FBI demand for computer records on patrons said Wednesday that secret anti-terrorism investigations strip away personal freedoms. "Terrorists win when the fear of them induces us to destroy the rights that make us free," said George Christian, executive director of Library Connection, a consortium of 27 libraries in the Hartford, Conn., area. In prepared testimony for a Senate panel, Christian said his experience "should raise a big patriotic American flag of caution" about the strain that the government's pursuit of would-be terrorists puts on civil liberties. He said the government uses the USA Patriot Act and other laws to learn, without proper judicial oversight or any after-the-fact review, what citizens are researching in libraries. A recent report by the Justice Department's inspector general found 48 violations of law or rules in the FBI's use of national security letters from 2003 through 2005. Some congressional critics want to tighten legal safeguards on the letters. " 'Trust us' doesn't cut it when it comes to the government's power to obtain Americans' sensitive business records without a court order and without any suspicion that they are tied to terrorism or espionage," said Sen. Russell Feingold (D-Wis.), the chairman of the Senate Judiciary subcommittee on civil rights. Under the Patriot Act, the FBI can use the letters to acquire telephone, e-mail, travel and financial records without a judge's approval. Letter recipients are not allowed to disclose their involvement in a request. Prosecutors have said secrecy is needed to avoid alerting suspects. In July 2005, the FBI issued a national security letter to Christian and three other Connecticut librarians. The letter sought computer subscriber data for a 45-minute period on Feb. 15, 2005, during which a terrorist threat was thought to have been transmitted. A gag order prevented the librarians from talking about the letter. The librarians refused to comply with the FBI's request. The American Civil Liberties Union filed a legal challenge on behalf of the librarians but did not name them. A judge ruled that the gag order should be lifted, saying it unfairly prevented the librarians from participating in debate over how the Patriot Act should be rewritten. Prosecutors appealed, but in April 2006 they said they would no longer seek to enforce a gag order. Last year, authorities dropped their demand for the records, saying they had discounted the potential threat that led to the request. From rforno at infowarrior.org Fri Apr 13 11:22:15 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Apr 2007 07:22:15 -0400 Subject: [Infowarrior] - Accused Pentagon hacker prosecution could backfire Message-ID: Original URL: http://www.theregister.co.uk/2007/04/13/mckinnon_extradition_appeal_analysis / Accused Pentagon hacker prosecution could backfire By John Leyden Published Friday 13th April 2007 10:06 GMT Analysis Accused Pentagon hacker Gary McKinnon is continuing to fight against extradition to the US after losing an appeal last week. Only the Law Lords now stand between the Scot and a US trial for allegedly breaking into and damaging 97 US government computers between 2001 and 2002 and causing $700,000 worth of damage, in what US authorities have described as the "biggest military" computer hack ever. He allegedly infiltrated networks run by the US Army, US Navy, US Air Force, Department of Defense and NASA. US authorities described McKinnon as an uber-hacker who posed a threat to national security in the aftermath of the 9/11 attack. McKinnon (AKA Solo) admits he infiltrated computer systems without permission. The 41-year-old former sysadmin said he gained access to military networks - using a Perl script to search for default passwords - but describes himself as a bumbling amateur motivated by curiosity about evidence of UFOs. He said numerous other hackers had access to the resources he was using and questions why the US authorities have singled him out for extradition. Any damage he did was purely accidental, McKinnon claims. If convicted, following extradition and a US trial, McKinnon faces a jail term of up to 45 years' imprisonment. Scapegoat According to a reformed computer hacker accused of similar crimes 10 years ago, McKinnon is been made a scapegoat for the shortcomings of US military security. Mathew Bevan, whose hacker handle is Kuji, was accused of breaking into US military computer systems but his 1997 case at Woolwich Crown Court was dropped after a legal battle lasting around 18 months. No attempt was made to extradite Bevan. After the case, Bevan became an ethical hacker and security consultant, first with Tiger Computer Security, and later on a freelance basis with his firm the Kuji Media Corporation. "Both Gary and I were accused of similar offences. The difference is his alleged crimes were committed in a different political climate, post 9-11. The decision to push extradition in Gary's case is political," Bevan told El Reg. Bevan, like McKinnon, has an interest in free energy and evidence of UFOs. The similarities in the case go further. The crimes Bevan is alleged to have committed were cited as evidence of cyberterrorism in US senate hearings in 1996. "They haven't found a cyberterrorist or 'bad boy' for a while and it looks like they are trying to make an example in Gary's case," he said. McKinnon should have been allowed to plead guilty in his own country and not be faced with the prospect of a long prison term in a US prison with "inhumane" conditions, Bevan argues. He says the military systems McKinnon is accused of hacking remain vulnerable to attack. "I'm sure there are a lot of people on these machines, some of who the US authorities allow to get in." "The prosecution against Gary is about saving face for security lapses by the US military that remain as bad as they were 10 years ago," Bevan said. "If this had happened with a corporation someone would have been sacked." He added that US authorities are keen to talk up the cyberterrorism threat in order to protect information security budgets. McKinnon, unlike a US citizen who faced similar charges, is in a particularly bad situation. "The authorities are trying to rip him away from his family and ruin his life. Gary committed his alleged offences in the UK, and according to the Computer Misuse Act, jurisdiction lies here. "Gary has suffered trial by media over the last five years, with everything weighed against him. In the UK the prosecution has to establish a trail of evidence. Unlike the US, hearsay evidence isn't allowed in Britain," Bevan said. Despite everything that's happened to McKinnon, he reckons the case will fail to act as much of a deterrent to other would-be hackers. "Has it scared anyone? I shouldn't think so," Bevan said. Final appeal Lawyers for McKinnon are petitioning for leave to appeal to the House of Lords on grounds including the use of "deliberately coercive plea bargaining" tactics by US authorities during the course of the long running case. His lawyers argued that he had been subjected to "improper threats" that he would receive a much harsher sentence and be denied the opportunity to serve out the back-end of his jail term in the UK unless he played ball. Appeal court judges Lord Justice Maurice Kay and Mr Justice Goldring criticised US prosecution tactics but said these didn't offer enough grounds for appeal against the Home Secretary's decision to confirm a 2006 ruling that McKinnon ought to be extradited to the US. The unemployed sysadmin has had these charges over his head since March 2002 when he was arrested by officers from the UK's National High Tech Crime Unit. The case against him lay dormant until July 2005 when extradition proceedings commenced. McKinnon has suffered ill health over recent months as a result of the stress caused by the case, according to his lawyers. McKinnon's supporters argue the case has wider political implications. "It is not just about Gary McKinnon, there are lots of other people, from computer hackers to legitimate businessmen, who will continue to fall foul of this sort of surrender of British sovereignty and obeisance before the extra- territorial demands of the US legal bureaucracy," Mark, a member of London 2600 who runs the Free Gary blog, told us. "However the same lack of a requirement to show prima facie evidence also applies to European Union countries under the European Arrest Warrant," he adds. McKinnon's lawyers chose not argue about whether he might be put on trial before a military tribunal but that this may well be argued in the House of Lords if leave to appeal (which is by no means guaranteed) is granted. "Basically the judges have said 'we have to trust the USA Government to act in good faith', until they show that they have broken their promises - which will by then, of course, be too late for Gary McKinnon. Unlike Babar Ahmad or even any of the British citizens who were held without trial at Guantanamo Bay, Gary is actually accused of directly 'attacking the US military' systems," Mark notes. "Even if Gary faces a civilian court in the USA, his chances of being found not guilty or of getting a lenient sentence appear to be slim, given the prosecutions recommendations as to length of sentence." But the whole effort to try McKinnon in the US might backfire on the US military by putting its security shortcomings under the spotlight. "If there is an actual trial in the USA, rather than a coerced or otherwise 'plea bargain', there are a large number of senior US military officers and civilian IT managers and auditors who are going to have to explain the incompetence or possible corruption or perhaps treason, which went on for years and months under their command, both before and after September 11," Mark claims. "Even if this is suppressed in court, it might lead to Congressional Committee hearings," he adds. ? From rforno at infowarrior.org Fri Apr 13 11:37:16 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Apr 2007 07:37:16 -0400 Subject: [Infowarrior] - OT: On this day in 1970..... Message-ID: http://www.wired.com/science/discoveries/news/2007/04/dayintech_0413 April 13, 1970: Apollo 13 Tells Houston, 'We've Got a Problem' Tony Long Email 04.13.07 | 2:00 AM 1970: Manned space flight has become so routine that it is easy to forget that it?s inherently dangerous to stuff astronauts inside a cramped capsule and blast them into the heavens on top of a Saturn V rocket. The Apollo 13 mission reminds us just how vulnerable we are. Apollo 13, with astronauts James Lovell Jr., John Swigert Jr. and Fred Haise Jr. aboard, was on its way to the moon to perform the third lunar landing in a planned series of seven when, about 56 hours into the mission, an oxygen tank blew up, knocking out the command module?s electricity, light and water supply. ?Hey, Houston, we?ve had a problem here,? Lovell told mission control, adding that some kind of gas was escaping outside the spacecraft. It was oxygen, and the mission quickly shifted from landing on the moon to getting the astronauts back alive. At the time, Apollo 13 was roughly 200,000 miles from Earth. The crew moved into the lunar module to escape the decreasing air pressure in the service module, then prepared to make the necessary swing around the moon in order to boomerang back to Earth. Debris from the explosion had knocked out the navigation system, so the crew used the sun to guide the crippled craft home. It took nearly four agonizing days after the explosion before they splashed down safely in the Pacific Ocean. (Source: NASA) From rforno at infowarrior.org Fri Apr 13 19:02:57 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Apr 2007 15:02:57 -0400 Subject: [Infowarrior] - DOD to launch orbital Internet router Message-ID: Net reaches out to final frontier A programme to kick-start the use of internet communications in space has been announced by the US government. The Department of Defense's Iris project will put an internet router in space by the start of 2009. It will allow voice, video and data communications for US troops using standards developed for the internet. Eventually Iris could extend the net into space, allowing data to flow directly between satellites, rather than sending it via ground stations. "Iris is to the future of satellite-based communications what Arpanet was to the creation of the internet in the 1960s," said Don Brown, of Intelsat General, one of the companies who will build the platform. Arpanet (Advanced Research Projects Agency Network), the predecessor of the internet, was developed by the United States Department of Defense. Remote access The Iris (Internet Router Protocol in Space) project has been given the go ahead after winning funding from the US Department of Defense, under its Joint Capability Technology Demonstration (JCTD) programme. The programme aims to develop advanced concepts and put "innovative concepts into the hands of war fighters in the field." The Iris project is one of seven that has been given funding this year. Others include development of smart sensors and counter camouflage technology. This is a logical extension of radio communication between satellites Paul Stephens Iris is a three year programme to develop a satellite platform and "space hardened router". A router is a piece of hardware that directs packets of information around a network. The specially designed equipment will be developed by network specialist Cisco while the geostationary satellite, IS-14, will be built by Intelsat. When launched in 2009 it will allow troops to communicate over the internet from the remotest regions from Europe Africa and the Americas. "Iris extends the internet into space, integrating satellite systems and the ground infrastructure for warfighters, first responders and others who need seamless and instant communications," said Bill Shernit, CEO of Intelsat general. After initial testing the satellite will be opened up for commercial use. Cyber space Launching Iris could also signal the beginning of the development of the internet in space. At the moment most satellites have to communicate with one another through ground stations or via radio signals to a relay satellite. Deploying routers on satellites would allow them to communicate directly with one another using common internet standards, known as internet protocol (IP). "The Iris architecture allows direct IP routing over satellite, eliminating the need for routing via a ground-based teleport," said Mr Brown. It also raises the possibility of routinely transferring data through the satellite network, rather than ground based cables. "This is a logical extension of radio communication between satellites," said Paul Stephens of DMC international imaging, a subsidiary of Surrey Satellites in the UK. Along with Cisco and US space agency Nasa, it put one of the first routers in space onboard the UK-DMC satellite, part of the Disaster Monitoring Constellation (DMC) used for observing the Earth for major disasters. The DMC router uses the latest IP networking standards to send critical images to ground stations for use by rescue workers. With IP becoming more prevalent for use in space, Nasa and internet pioneer Vint Cerf have also investigated the possibility of using internet technology across the solar system. Although some work has been carried out on the necessary standards and protocols, no definite schedule has been announced for this interplanetary internet. Story from BBC NEWS: http://news.bbc.co.uk/go/pr/fr/-/2/hi/technology/6551807.stm Published: 2007/04/13 13:06:09 GMT ? BBC MMVII From rforno at infowarrior.org Fri Apr 13 23:18:41 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Apr 2007 19:18:41 -0400 Subject: [Infowarrior] - MS: Word 2007 crashes aren't a bug, they're a feature Message-ID: Microsoft: Word 2007 crashes aren't a bug, they're a feature Gregg Keizer http://www.computerworld.com/action/article.do?command=viewArticleBasic&art icleId=9016401&pageNumber=1 April 12, 2007 (Computerworld) The Word 2007 bugs pegged as security vulnerabilities by an Israeli researcher are nothing of the sort, Microsoft Corp. said today. Instead, the application crashes reported as flaws are actually by design. The researcher who posted details earlier this week of the bugs reacted by offering screenshots of the Word crashes and wondering why Microsoft disputed his findings. On Monday, Mati Aharoni of Offensive Security warned of three new flaws in Word 2007 on the Milw0rm and SecurityVulns.com security sites, and posted malformed Word documents as proof-of-concepts. Microsoft, however, seemed unconcerned. Late yesterday, a company spokeswoman repeated the company's earlier contention that the Microsoft Security Response Center's (MSRC) investigation, "found that none of these claims demonstrate a vulnerability in Microsoft's Word 2007 or any part of the Microsoft Office System." When asked to clarify that statement, she acknowledged Microsoft won't classify the flaws as security problems. Rather, the behavior of Word 2007 is a feature, not a bug. "In fact, the behavior observed in Microsoft Word 2007 in this instance is a by-design behavior that improves security and stability by exiting Microsoft Word when it has run out of options to try and reliably display a malformed Word document," the spokeswoman said. She went on to suggest that it is no big deal if Word 2007 did crash under those circumstances, a scenario that could lead to the loss of any unsaved data. "The sample code in [Aharoni's] postings cause Microsoft Word to crash, and users can restart the application to resume normal operations." The stance was not out of character for the MSRC, which in the past has separated bugs that allow code execution or rights elevation from those that result in a denial-of-service-style situation. Previously, it has refused to label some crash-inducing problems as vulnerabilities, or patch them outside of a service pack. That's the same position taken by David LeBlanc, one of Microsoft's secure code gurus, and Michael Howard, the co-author of the just-released Writing Secure Code for Vista. "You may rightfully say that crashing is always bad, and having a server-class app background, I agree. Crashing means you made a mistake, bad programmer, no biscuit," said LeBlanc in an MSDN blog. "However, crashing may be the lesser of the evils in many places. The theory is that it is better to crash, at least with client apps, than it is to be running the bad guy's shell code." Office 2007 uses this strategy, said LeBlanc, who, like the MSRC, objected to classifying a denial-of-service-like result as an attack. "I really take issue with those who would characterize a client-side crash as a denial of service," he said. "If you can crash my app so that I can't restart it, or have to reboot my system, well, okay, that's a DoS. If you blew up my app, and I just don't load that document again, big deal." For his part, Aharoni was puzzled by media reports that claimed Microsoft contested the bugs themselves, not that the flaws weren't to be considered true vulnerabilities, and responded by posting screenshots of the Word 2007 crash. "I've recieved [sic] many mails from full disclosure members confirming the crash," he also said on his blog today. "I fully hope that Microsoft will find the resources to figure this out." The company said it will continue to investigate, in case earlier editions of the word processor, which don't include code that purposefully crashes the app, are found to vulnerable. "Our investigation into the possible impact of these claims on other versions of Microsoft Office is continuing," said the spokeswoman. From rforno at infowarrior.org Sat Apr 14 02:35:02 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Apr 2007 22:35:02 -0400 Subject: [Infowarrior] - Administration Seeks to Expand Surveillance Law Message-ID: Administration Seeks to Expand Surveillance Law http://www.washingtonpost.com/wp-dyn/content/article/2007/04/13/AR2007041301 932_pf.html By Walter Pincus Washington Post Staff Writer Saturday, April 14, 2007; A03 The Bush administration yesterday asked Congress to make more non-citizens subject to intelligence surveillance and to authorize the interception of foreign communications routed through the United States. Currently, under the 1978 Foreign Intelligence Surveillance Act, individuals have to be associated with a foreign terrorism suspect or a foreign power to fall under the auspices of the FISA court, which can grant the authority to institute federal surveillance. The White House proposes expanding potential targets to include non-citizens believed to possess, transmit or receive important foreign intelligence information, as well as those engaged in the United States in activities related to the purchase or development of weapons of mass destruction. The proposed revisions to FISA would also allow the government to keep information obtained "unintentionally," unrelated to the purpose of the surveillance, if it "contains significant foreign intelligence." Currently such information is destroyed unless it indicates threat of death or serious bodily harm. And they provide for compelling telecommunications companies and e-mail providers to cooperate with investigations while protecting them from being sued by their subscribers. The legal protection would be applied retroactively to those companies that cooperated with the government after the Sept. 11, 2001, attacks. The White House draft offered the first specifics of the proposal, which Director of National Intelligence Mike McConnell said Tuesday is needed to respond to "dramatic" changes in communications technology used by intelligence targets in this country. The proposed changes do not address the controversial intelligence program, initiated in October 2001 and first disclosed in December 2005, that monitors communications between people in the United States and other countries when one party is suspected of having terrorist connections, according to senior administration officials. The White House also threatened to veto a Senate version of the annual intelligence authorization bill, primarily over provisions that require a response within 15 days to Senate intelligence committee requests for particular documents, and reports to all committee members upon the initiation of extraordinarily sensitive activities, under threat of withholding funds. Under current practice, only committee chairmen and vice chairmen are told of such activities. The White House, in a "statement of administration policy" sent to the Senate on Thursday, questioned the 4 percent reduction in funding that the intelligence committee applied to national intelligence programs and its threat of prohibiting funding for several classified projects pending reports to the panel. Saying such provisions are "inconsistent with the need for the effective conduct of intelligence activities . . . and legislative-executive comity and cooperation," the policy document said Bush's "senior advisers would recommend he veto the bill" if it retains the provisions. From rforno at infowarrior.org Sat Apr 14 02:42:22 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Apr 2007 22:42:22 -0400 Subject: [Infowarrior] - ICANN board member berates 'woefully unprepared' DHS Message-ID: ICANN board member berates 'woefully unprepared' DHS New entity needed for cybersecurity, she argues By Burke Hansen in San Francisco ? More by this author Published Saturday 14th April 2007 00:53 GMT http://www.theregister.co.uk/2007/04/14/crawford_icann_security_ddos/ Amid the outcry over allegations that the Department of Homeland Security (DHS) wants the security keys to the DNSSEC encryption technology slowly ? very slowly ? being adopted by internet overlord ICANN, one ICANN board member, the refreshingly candid Susan Crawford, has recently taken her own swipe at security standards in place at the DHS. According to Crawford, the DHS is woefully unprepared for what lies ahead. She noted at a recent conference that ICANN?s major security concern after the Distributed Denial of Service (DDoS) attack on six of the internet?s root servers in February has been a repeat of the incident powerful enough to cause a is a massive virtual blackout. Although the alleged power grab by DHS has gotten all the headlines, the security keys - still are not actually in use - wouldn?t provide the DHS with any information it does not already have access to. How the DHS would respond to a massive DDoS attack that succeeded in shutting down large chunks of the internet is another matter entirely. According to Crawford the DHS has a long way to go. "From the outside, it looks as if [DHS] doesn't really know what it's doing," she said. "They're trying, but many of their efforts lack timeframes for completion." Other problems, such as a high turnover rate among senior officials at DHS, have had an impact, but there seems to be a general failure of imagination at the agency. Crawford has been advocating the creation of a new internet governance group to tackle the problem. As she stated in her blog last week, ?All of the internet governance models we have right now have strengths and weaknesses. For responses to problems like DDoS attacks, we'd need a forum for discussion that has (1) the non-mandatory merit-based processes of IETF, including real industry involvement leading to substantial market pressure, (2) the globalness of IGF, (3) the agility of a private group, and (4) the clear voice of leadership that can be provided by government involvement. And we'd need to avoid the problems that all of these fora have.? Sher went on, ?To prevent future attacks, we'll need to prevent machines from being turned into zombies that can be directed at targets. That's a big task that requires coordination among many hardware manufacturers and operating system designers. It can't be mandatory, this coordination, because that won't necessarily lead to the right set of solutions -- but it can be agile, global, and well-led.? With Greg Garcia, formerly vice president at the Information Technology Association of America, now cyber-security czar at the DHS, the time could be ripe for a change in focus at the lumbering agency. However, Crawford held out more hope for a new, more nimble group to take control. A new entity "with a new, friendly acronym" might be the best bet, she said. "None of the existing institutions will work." She has a point. The notoriously ineffectual ICANN seems an unlikely agent to do the job because of its fear of confrontation and a general disinterest in policing cyberspace ? even in a largely technical sphere that cuts to the core of ICANN?s mission, which is to protect the integrity and stability of the net itself. She wants an ICANN-style multi-stakeholder entity that is not the ICANN we currently know and love. Of course, that begs the question of whether or not two ICANNs are really better than one. ? From rforno at infowarrior.org Sat Apr 14 20:14:29 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 14 Apr 2007 16:14:29 -0400 Subject: [Infowarrior] - Search and Co-Opt Message-ID: Search and Co-Opt PodZinger has a way out of the Web-video conundrum: Make piracy pay. From: Issue 115 | May 2007 | Page 53 | By: Adam L. Penenberg http://www.fastcompany.com/magazine/115/open_next-tech_Printer_Friendly.html There are two ways to confront the pirating of copyrighted material on the Web. One, pioneered by the music industry and embraced now by Hollywood, throws lawyers in the path of digital progress. Every month, NBC Universal demands that YouTube remove snippets from some of the network's most popular shows. Likewise, Viacom, whose cable properties include MTV and Comedy Central, recently filed a $1 billion lawsuit against YouTube for "massive copyright infringement." That may keep the lawyers fat and happy, but it doesn't accomplish much else. The other approach, conceived by PodZinger, a video-search startup in Cambridge, Massachusetts, is this: Co-opt the pirates. Unleash them to spread your media virally, and let PodZinger track viewership--and kick back ad revenue. That makes "piracy" profitable to the copyright holder. At the core of PodZinger's proposed solution is video search, a problem it has largely cracked. (Other upstarts such as Blinkx have too, though they tackle it from different angles.) Harnessing 30 years' worth of government-funded R&D in speech recognition--the company is a spin-off of BBN Technologies, a high-tech military contractor that helped create ARPANET, forerunner of the Internet--PodZinger spiders the Web looking for videos and dissects RSS feeds for updates. When it finds a match, it uses voice recognition (juiced by algorithms known as "hidden Markov models" that bet on the probability of a word given its pronunciation and grammatical context) to create a rough transcript of the audio, then classifies the content by topic. That's vastly different from Google and Yahoo's approach. They simply scan a video's metatags, the words that describe a video file. Although PodZinger's transcripts are currently only 70% accurate, its approach has the potential to transform the search business. For users, PodZinger's Web site offers the ability--finally--to plug in a search term, then skim the results as they would text; click on a word, and they're taken to that exact place in the video. Of course, with billions of Web pages, PodZinger hasn't come close to ferreting out everywhere videos lurk, but its reach is growing: On YouTube alone, PodZinger transcribes some 20,000 new posts each day. For advertisers (there are only a few at this early stage), the company has copied a page out of Google's playbook, offering the video equivalent of keyword ads based on what users search for. But the real revolution might be for the copyright holder: PodZinger's spiders will in time be able to track down specific video content on command--a clip from last night's Daily Show, for example, or everything that belongs to Comedy Central--and insert an ad into each segment, no matter where it is playing. In other words, PodZinger could force each and every YouTuber to watch a short commercial if they want to see the clip they asked for, then tally the number of times it's played so the advertiser could pay the copyright holder directly. And what if the person posting the material doesn't want the ad? Tough luck; it's not his video. In essence, PodZinger wants to make allies of what are now two opposing parties. "Bootlegging is going to happen anyway," says Alex Laats, PodZinger's CEO. "Why not make money in a reasonable way? If people can get paid for their content, and you can track when it is viewed, and advertisements can deliver their brand message, then who cares?" As Laats sees it, this way, everyone stands to benefit from the video boom: The copyright holders, the pirates, the fans, and PodZinger, which would skim a few cents off the top. The man behind PodZinger's speech recognition is BBN chief scientist John Makhoul, who is originally from Lebanon and received a PhD in electrical engineering from MIT. Back in the 1970s, Makhoul and his team started with 50 words, mostly numbers. It took a decade before a computer could string these 50 words together, deciding that a word was, given its context and phonetic pronunciation, the mot juste. Now Makhoul has developed a tool that helps intelligence analysts scour foreign television broadcasts in Chinese, Arabic, and Spanish and translate them into English. The software can even identify a speaker's unique speech characteristics so that, for example, Osama bin Laden tapes aired on Al Jazeera can be instantly tagged. Of course, it's not perfect. Depending on the speaker's accent, "Iraq" can end up "a rock," "in person" can be rendered "in prison," and "how to light for portraiture" can become "how to light for torture." PodZinger says it's aiming for 90% accuracy in a few years. In the meantime, its basic plan "is a good one, an ingredient in an as-yet-unbaked economic cake," says John Battelle, author of The Search and chairman of Federated Media, a blog-publishing company based in California. "Everyone in the movie and television business wants an iTunes to happen but doesn't want Steve Jobs to control it." PodZinger offers "a new way to break-dance," Battelle says. PodZinger has not yet signed up a major entertainment industry content partner--a Universal or Viacom--to try out this scheme, although it has a number of lesser-known customers. Eventually, though, the studios and networks will have to confront the wildfire proliferation of Web video. More than 110 million U.S. Internet users streamed almost 7 billion videos in August 2006, according to comScore. It's exploding not just at YouTube and TMZ, but also on news sites such as MarketWatch and the online editions of The New York Times, The Washington Post, and The Wall Street Journal. Bloggers often double as "vloggers," MySpacers shoot and edit their own movie podcasts, and Dabble encourages its Dabblers to collect and organize their favorite flicks, which they can store online. No one's going to control all that. But we can make sense of it. And smart companies might just profit from it. Copyright ? 2007 Mansueto Ventures LLC. All rights reserved. Fast Company, 7 World Trade Center, New York, NY 10007-2195 From rforno at infowarrior.org Sun Apr 15 01:09:08 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 14 Apr 2007 21:09:08 -0400 Subject: [Infowarrior] - Vista on your Mac? Not so fast Message-ID: Vista on your Mac? Not so fast Headshot of Mathew Ingram MATHEW INGRAM http://www.theglobeandmail.com/servlet/story/LAC.20070412.TQ5MACMAC/TPStory/ / Now that Apple computers use Intel processors -- a change the company made last year -- Mac owners can run Windows and Apple's Mac OS X side by side. That's thanks to a technology called "virtualization," which allows users to switch from one operating system to the other without having to reboot their computer. So does that means Mac users will be able to run Microsoft Vista and have two state-of-the-art operating systems on one machine? Not so fast. Using virtualization software such as Parallels or VMWare, Mac users can theoretically have Vista and OS X running side by side. But they can't use the cheaper version of Vista designed for home users -- at least, not if they want to abide by the terms of the End User Licence Agreement, which software owners effectively agree to when they install a product. That's because the Microsoft agreement states that anyone running Parallels can't use the $199 basic or the $239 premium edition of Vista. Instead, they have to buy the $299 business version or the $399 ultimate version of the long-anticipated OS. MIcrosoft says the move was necessary because of security issues with virtualization technology. A security analyst showed last year that, in theory, the kind of virtualization that Intel and AMD processors allow could be used to run malicious software programs alongside another operating system, creating the potential for damage. The Globe and Mail AMD and Intel have both questioned whether the research is valid, however, and said there are no inherent security issues with virtualization. But Microsoft maintains that there's a chance such a problem could occur, and has therefore restricted the use of Vista to versions that it assumes are likely to be run either by corporations or by sophisticated users. Unfortunately for anyone who plans to use their copy of Vista to play music or watch videos while running a virtual PC on their Mac, the Vista end user agreement also prohibits virtualization programs from playing any content that's encrypted with Microsoft's digital-rights management software -- another security risk, according to Microsoft. If you're a Mac user, you can get around these restrictions by using Apple's Boot Camp software, which also allows you to run Windows Vista and OS X on the same machine. But it's not virtualization software -- which means that you'll have to reboot your computer in order to switch from one OS to another. From rforno at infowarrior.org Sun Apr 15 21:38:49 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 15 Apr 2007 17:38:49 -0400 Subject: [Infowarrior] - Economist: The iPhone may already be outdated Message-ID: Apple pipped Apr 13th 2007 >From Economist.com The iPhone may already be outdated http://www.economist.com/daily/columns/techview/displaystory.cfm?story_id=90 22169 THE mobile-phone industry?s recent jamboree in Florida was a brutal reminder of how fast innovations come and go these days. A bare three months ago we were drooling over Apple?s forthcoming iPhone, with its ingenious touch screen that responds to pinches, pokes and other pawings. But though not available until June, the $500 iPhone is as mouth-watering today as yesterday?s cold pizza. The phone that stole the show at CTIA Wireless 2007 was the ?Ocean? from Helio, a youth-oriented newcomer to the cellular business. In many ways Helio has out-Appled Apple. The start-up?launched less than a year ago as a joint venture between SK Telecom of South Korea and Earthlink, an American internet-service provider?caters to young trendsetters who appreciate ease of use and cutting-edge design. Whereas the iPhone encapsulated a ho-hum smart phone in an exquisite package, the $295 Helio Ocean has been winning plaudits for its ingenious user interface that neatly integrates all the disparate functions of a modern multi-media mobile, such as dialling phone calls, texting messages, listening to music, taking pictures, recording videos, playing games and surfing the web. To make a call, the Helio Ocean?s screen slides vertically to reveal a phone keypad. To type an e-mail, do some texting or send an instant message, turning the device horizontally and sliding the screen upwards reveals a full keyboard. With a separate microprocessor to run the media player, the Helio Ocean gets 15 hours of playing time from a single charge. Little wonder it was hailed as the rock star of the industry?s show. Apple/Helio But it is the Helio Ocean?s EV-DO (Evolution-Data Optimised) wireless technology that renders Apple?s iPhone an also-ran. Mobile experts have been mystified by Apple?s decision to use Cingular?s EDGE (Enhanced Data rates for GSM Evolution) network when far better wireless communications methods abound. EDGE is a marginally enhanced version of the old GSM (Global System for Mobile Communications) cellular technology introduced in Europe in the early 1990s. Cingular?s version of it provides data speeds of between 75 kilobits per second (kbps) and 135 kbps?not that much better than a dial-up internet connection, and often much worse. By contrast, the EV-DO networks used by Helio (as well as Verizon and Sprint in America and KDDI in Japan) offer 450 kbps to 800 kbps, rates similar to those of DSL broadband connections. EDGE?s slower data speeds mean that iPhone users must rely on Wi-Fi to do anything more than make phone calls or send the odd e-mail: the iPhone has a Wi-Fi radio embedded in its circuitry so users can access internet ?hotspots? using the popular 802.11 form of wireless broadband. Wi-Fi may be handy for networking wirelessly around the home or in hotel lobbies, coffee shops or airports. But it is hardly the most efficient way to download videos or play multi-user games?tricks that multi-media mobile phones are supposed to perform flawlessly. Mobile-phone companies have their own ideas about how to meet these new demands. Most are working feverishly on upgrades for their existing 3G (third-generation) networks. Qualcomm, the company behind the CDMA family of cellular technologies, has shown in trials that its EV-DO enhancements can deliver data rates of over three megabits per second (mbps). Cingular and other GSM-based networks are pushing a rival technology called High-Speed Downlink Packet Access (HSDPA) in a bid to close the performance gap. In real-world trials HSDPA has clocked speeds of up to 1 mbps. But even EV-DO, let alone the slower HSDPA, might prove too little too late. The mobile-phone companies are about to be overwhelmed by a tsunami called WiMAX, a souped-up successor of Wi-Fi with a range of 30 miles or more instead of 100 yards or less. Whereas 3G cellular networks might get 3 mbps and Wi-Fi around 30 mbps, mobile WiMAX is a 4G technology promising speeds of up to 100 mbps. Comparable 4G networks from the cellular industry, such as the proposed Ultra Mobile Broadband from the CDMA camp or the Long-Term Evolution effort among GSM?s descendants, are still in the laboratory. And that?s where they might well remain. WiMAX (or 802.16, its technical name) was conceived as a way to deliver broadband to remote areas beyond the reach of DSL or cable TV. The mobile version of this form of wireless networking was supposed to be a more advanced sibling called 802.20. But with Intel, Sprint and the European Union throwing their weight behind the interim 802.16 mobile solution, the WiMAX bandwagon has become unstoppable. In addition to being able to transfer at least twice the amount of data per second achieved by the best technologies of the cellular industry, mobile WiMAX is relatively cheap. During the spectrum auctions of the heady dotcom era, cell-phone companies scrambled to outbid one another for 3G frequency allocations, paying typically $5 per megahertz for every member of the population covered. In today?s more chastened times, mobile WiMAX licences can be had for less than one cent per megahertz per person?a whopping 500 times less. This has tipped the tables in mobile WiMAX?s favour. And with it, the writing on the wall is looming ever larger for most of the 3G phone operators. Why Apple should have hitched its wagon to so fading a star shows how quickly even the most talented of companies can be blinded by today?s blistering pace of wireless innovation. From rforno at infowarrior.org Mon Apr 16 17:14:54 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 16 Apr 2007 13:14:54 -0400 Subject: [Infowarrior] - DNS shows signs of stress from financial maneuverings Message-ID: Domain Name System shows signs of stress from financial maneuverings Patrick Thibodeau http://www.computerworld.com/action/article.do?command=viewArticleBasic&art icleId=289466 April 16, 2007 (Computerworld) Cybersquatting ? the practice of registering Internet domain names that poach well-known trademarks ? is profitable for just about everybody involved. Money is made off of registration fees and advertising, and even the regulator of the Domain Name System gets a piece of the action. But it?s not so lucrative for corporate officials like Lynn Goodendorf, who heads global privacy at InterContinental Hotels Group PLC. The Windsor, England-based company owns seven hotel chains, including Holiday Inn and Crowne Plaza, with more than 3,700 properties worldwide. Each day, Goodendorf gets about 100 e-mail alerts concerning potential trademark infringements from three different domain monitoring services. Goodendorf said that in most of those cases, she doesn?t know the identities of the potentially infringing domain holders. Their registrations often are private, and when identifying information is available, it may be inaccurate. Subpoenas are sometimes needed to uncover the identities of individuals, she said. Defensive measures, such as registering domain names that cybersquatters might target, can help, but only to a point. ?We have tried to register common misspellings or to have letters transposed,? Goodendorf said. But it?s impossible to anticipate every name combination, she added, citing the cybersquatting site capitolholidayinn.com as an example. Speculators Rule As Goodendorf?s experiences illustrate, the Domain Name System is showing signs of being out of control. Speculators now use automated software systems to re-register large batches of expired domain names. They?re also helped by a loophole in the registration process that lets domains be tested for their potential profitability as pay-per-click advertising sites during a free five-day ?tasting? period. The World Intellectual Property Organization warned in a report issued last month that those practices threaten the interests of trademark holders and are causing confusion among Internet users. Francis Gurry, deputy director general of the Geneva-based WIPO, said in a statement that the new methods ?risk turning the domain name system into a mostly speculative market.? Gurry added that instead of being used to identify specific businesses or other Internet users, ?many [domain] names nowadays are mere commodities? to be bought and sold. It?s already possible to make astonishing sums of money selling domain names. Domain Name Journal, an online magazine published by Internet Edge Inc. in Tampa, Fla., reported that diamond.com fetched $7.5 million from a buyer last year and that vodka.com sold for $3 million. What makes generic names such as those valuable is so-called type-in traffic from users who enter generic Web address names into their browsers to see what turns up, said Frank Schilling, a domain name investor and blogger who lives in the Cayman Islands. Schilling claims to own several hundred thousand domains, including generic ones such as antarctica.com. Domain investors such as Schilling draw a sharp distinction between what they do in registering legitimate generic names and the actions of cybersquatters who register domains that use or closely resemble real brand or company names, such as microsotf.com. That misspelled domain name was registered through EnCirca Inc., a registrar in Woburn, Mass. Private registration policies keep the domain owner?s name and contact information hidden from public view. EnCirca does provide a Web interface for e-mailing the owner of microsotf.com, but a note sent by Computerworld received no response. Citing the software advertising on microsotf.com, Tom Barrett, EnCirca?s president, said he would call the use of that domain name cybersquatting. But Barrett added that he doesn?t have the power to do anything about the name or the Web site without exposing himself to possible litigation. Asked about microsotf.com, a spokeswoman for Microsoft Corp. said the software vendor wouldn?t comment about a specific domain. But Microsoft announced last month that it had filed lawsuits against alleged cybersquatters in the U.S. and the U.K. The company also said that it had reclaimed more than 1,100 infringing domain names worldwide over the past six months. Frederick Feldman, chief marketing officer at MarkMonitor Inc., a company in San Francisco that registers corporate domains and offers a variety of brand protection services, said a recent audit of 25 leading brand names found nearly 45,000 pay-per-click ad sites that use one of those 25 brand names in some way. Fixing the domain name problems isn?t simple. For instance, private registrations protect domain holders from things such as identity theft. And trademarks aren?t always black and white. Domain name holders have complained of ?reverse cybersquatting,? in which a trademark holder attempts to gain control of a name that the domain owner considers to be a generic term. Jason H. Fisher, an attorney at Los Angeles law firm Buchalter Nemer Fields & Younger, said the biggest obstacles to fixing the Domain Name System are its international nature and the reluctance of the Internet Corporation for Assigned Names and Numbers to take action. Fisher said ICANN ?would rather do nothing than make waves.? From rforno at infowarrior.org Mon Apr 16 20:08:44 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 16 Apr 2007 16:08:44 -0400 Subject: [Infowarrior] - Gunman Kills 30 on Virginia Tech Campus Message-ID: Gunman Kills 30 on Virginia Tech Campus Apr 16 03:40 PM US/Eastern By SUE LINDSEY Associated Press Writer http://www.breitbart.com/print.php?id=D8OHT2T80&show_article=1 BLACKSBURG, Va. (AP) - A gunman opened fire in a Virginia Tech dorm and then, two hours later, in a classroom across campus Monday, killing at least 30 people in the deadliest shooting rampage in U.S. history, government officials told The Associated Press. The gunman was killed, bringing the death toll to 31. Students complained that the university did not warn them about the first deadly burst of gunfire until hours later. "Today the university was struck with a tragedy that we consider of monumental proportions," said Virginia Tech president Charles Steger. "The university is shocked and indeed horrified." It was not immediately clear whether the gunman was shot by police or took his own life. Investigators offered no motive for the attack. The gunman's name was not immediately released, and it was not known if he was a student. The shootings spread panic and confusion on campus. Witnesses reporting students jumping out the windows of a classroom building to escape the gunfire. SWAT team members with helmets, flak jackets and assault rifles swarmed over the campus. Students and faculty members carried out some of the wounded themselves, without waiting for ambulances to arrive. The massacre took place at opposite sides of the 2,600-acre campus, beginning at about 7:15 a.m. at West Ambler Johnston, a coed dormitory that houses 895 people, and continuing at least two hours later at Norris Hall, an engineering building about a half-mile away, authorities said. Police said they were still investigating the shooting at the dorm when they got word of gunfire at the classroom building. Some students bitterly questioned why the gunman was able to strike a second time, two hours after the bloodshed began. "What happened today this was ridiculous," student Jason Piatt told CNN. He said the first warning from the university of a shooting on campus came in an e-mail about two hours after the first deadly burst of gunfire. "While they're sending out that e-mail, 22 more people got killed," Piatt said. FBI spokesman Richard Kolko in Washington said there was no evidence to suggest it was a terrorist attack, "but all avenues will be explored." Government officials, speaking on condition of anonymity because they did not want to pre-empt an announcement by higher-ranking authorities, put the death toll at 31. At least 26 people were being treated at three area hospitals for gunshot wounds and other injuries, authorities said. Their exact conditions were not disclosed, but at least one was sent to a trauma center and six were in surgery, authorities said. Up until Monday, the deadliest mass shooting in U.S. history was in Killeen, Texas, in 1991, when George Hennard plowed his pickup truck into a Luby's Cafeteria and shot 23 people to death, then himself. The massacre Monday took place almost eight years to the day after the Columbine High bloodbath near Littleton, Colo. On April 20, 1999, two teenagers killed 12 fellow students and a teacher before taking their own lives. Previously, the deadliest campus shooting in U.S. history was a rampage that took place in 1966 at the University of Texas at Austin, where Charles Whitman climbed the clock tower and opened fire with a rifle from the 28th-floor observation deck. He killed 16 people before he was shot to death by police. Founded in 1872, Virginia Tech is nestled in the Blue Ridge Mountains of southwestern Virginia, about 160 miles west of Richmond. With more than 25,000 full-time students, it has the state's largest full-time student population. The school is best known for its engineering school and its powerhouse Hokies football team. The rampage took place on a brisk spring day, with snow flurries swirling around the campus. The campus is centered around the Drill Field, a grassy field where military cadets?who now represent a fraction of the student body?once practiced. The dorm and the classroom building are on opposites sides of the Drill Field. A gasp could be heard at a campus news conference when Virginia Tech Police Chief W.R. Flinchum said at least 20 people had been killed. Previously, only one person was thought to have been killed. Investigators from the federal Bureau of Alcohol, Tobacco, Firearms and Explosives began marking and recovering the large number of shell casings and will trace the weapon used, authorities said. A White House spokesman said President Bush was horrified by the rampage and offered his prayers to the victims and the people of Virginia. "The president believes that there is a right for people to bear arms, but that all laws must be followed," spokeswoman Dana Perino said After the shootings, all entrances to the campus were closed, and classes were canceled through Tuesday. The university set up a meeting place for families to reunite with their children. It also made counselors available and planned an assembly for Tuesday at the basketball arena. After the shooting began, students were told to stay inside away from the windows. Aimee Kanode, a freshman from Martinsville, said the shooting happened on the fourth floor of West Ambler Johnston dormitory, one floor above her room. Kanode's resident assistant knocked on her door about 8 a.m. to notify students to stay put. Police said there had been bomb threats on campus over the past two weeks by authorities but said they have not determined a link to the shootings. It was second time in less than a year that the campus was closed because of a shooting. Last August, the opening day of classes was canceled and the campus closed when an escaped jail inmate allegedly killed a hospital guard off campus and fled to the Tech area. A sheriff's deputy involved in the manhunt was killed on a trail just off campus. The accused gunman, William Morva, faces capital murder charges. Copyright 2007 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed. From rforno at infowarrior.org Mon Apr 16 20:17:18 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 16 Apr 2007 16:17:18 -0400 Subject: [Infowarrior] - Attack code raises Windows DNS zero-day risk Message-ID: Attack code raises Windows DNS zero-day risk By Joris Evers http://news.com.com/Attack+code+raises+Windows+DNS+zero-day+risk/2100-1002_3 -6176429.html Story last modified Mon Apr 16 12:57:44 PDT 2007 The public release of computer code that exploits a yet-to-be-patched Windows security hole increases the possibility of widespread attacks, security experts have warned. At least four exploits for the vulnerability in the Windows domain name system, or DNS, service were published on the Internet over the weekend, Symantec said in an alert Monday. In response, the Cupertino, Calif., company raised its ThreatCon to level 2, which means an increase in attacks is expected. The security vulnerability affects Windows 2000 Server and Windows Server 2003. Microsoft last week warned that it had already heard of a "limited attack" exploiting the flaw. However, exploit code wasn't yet publicly available. Exploits may help miscreants craft malicious code that uses the vulnerability to compromise Windows systems. Microsoft continues to work on a fix for the problem, and attacks are still limited, Christopher Budd, a Microsoft Security Response Center staffer, wrote on a corporate blog Sunday. "Attacks are still limited. We are aware though of public disclosure of proof-of-concept code to exploit the vulnerability," Budd wrote. Microsoft urges users of the vulnerable systems to apply the workarounds it has suggested. The attacks happen when someone sends rigged data to the Windows DNS service, which is meant to help map text-based Internet addresses to numeric Internet Protocol addresses. The vulnerability affects the DNS RPC interface. RPC, or Remote Procedure Call, is a protocol used by applications to send requests across a network. The vulnerability is not exploitable over the standard DNS ports TCP/UDP 53, according to Microsoft. The RPC Interface is typically bound to network ports between 1024 and 5000, Symantec said. This mitigates the risk, according to the SANS Internet Storm Center, which tracks network threats. "Networks obliging to basic secure perimeter design would only allow port 53 UDP/TCP to the authoritative DNS servers, and definitely not the additional RPC ports required for exploitation," a SANS ISC staffer wrote on the organization's blog Monday. Still, the issue is significant, according to SANS ISC. Web hosting companies may run various network services on a single server, and Active Directory servers often also run DNS and may be exposed, according to the blog post. The DNS flaw does not affect Windows XP or Windows Vista. Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 are vulnerable, Microsoft said. Copyright ?1995-2007 CNET Networks, Inc. All rights reserved. From rforno at infowarrior.org Tue Apr 17 00:58:53 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 16 Apr 2007 20:58:53 -0400 Subject: [Infowarrior] - U.K. ends use of phrase 'war on terror' Message-ID: U.K. ends use of phrase 'war on terror' Expression makes militants feel too important, minister says The Associated Press Updated: 9:28 a.m. ET April 16, 2007 URL: http://www.msnbc.msn.com/id/18133506/ LONDON - The British government has stopped using the phrase ?war on terror? to refer to the struggle against political and religious violence, according to a Cabinet minister?s prepared remarks for a Monday speech. International Development Secretary Hilary Benn, a rising star of the governing Labour Party, says in a speech prepared for delivery in New York that the expression popularized by President Bush after the Sept. 11 attacks strengthens terrorists by making them feel part of a bigger struggle. Extracts from Benn?s speech at New York University?s Center on International Cooperation were released by his office. ?We do not use the phrase 'war on terror' because we can?t win by military means alone, and because this isn?t us against one organized enemy with a clear identity and a coherent set of objectives,? Benn said. ?It is the vast majority of the people in the world ? of all nationalities and faiths ? against a small number of loose, shifting and disparate groups who have relatively little in common apart from their identification with others who share their distorted view of the world and their idea of being part of something bigger.? Prime Minister Tony Blair?s official spokesman said he was unsure when Blair had last used the phrase. ?We all use our own phraseology, and we talk about terrorism, we talk about the fight against terrorism, but we also talk about trying to find political solutions to political problems,? he said on condition of anonymity, in line with government policy. According to the advance text, Benn urged Americans to use the ?soft power? of values and ideas as well as military strength to defeat extremism. Benn?s comments were at least partly directed at his own Labour Party, which is uneasy about Blair?s close alliance with Bush and overwhelmingly opposed to Britain?s participation in the Iraq war. Benn currently is the bookies? favorite to become Labour?s deputy leader in a party election once Blair steps down as premier later this year. ? 2007 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed. URL: http://www.msnbc.msn.com/id/18133506/ From rforno at infowarrior.org Tue Apr 17 03:37:41 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 16 Apr 2007 23:37:41 -0400 Subject: [Infowarrior] - OT: Wizard of Id' Cartoonist Brant Parker Dies Message-ID: Another sad loss for the satire world in less than 10 days. :( -rf http://www.editorandpublisher.com/eandp/news/article_display.jsp?vnu_content _id=1003572154&imw=Y Wizard of Id' Cartoonist Brant Parker Dies By Dave Astor Published: April 16, 2007 2:40 PM ET NEW YORK Brant Parker, who worked on "The Wizard of Id" comic with Johnny Hart, died yesterday in Lynchburg, Va. He was 86. Parker's death came just eight days after Hart passed away at the age of 76. Creators Syndicate distributes "The Wizard of Id" to more than 1,200 newspapers. The syndicate's president, Rick Newcombe, said in a statement: "Brant was a truly innovative mind in the comics world. The artistry he displayed in 'The Wizard of Id' was remarkable for its consistency and creativity." The Los Angeles-born Parker -- who won the National Cartoonists Society's 1984 Reuben Award as top cartoonist -- also worked as a newspaper staff artist, editorial cartoonist, magazine cartoonist, greeting card artist, IBM advertising/promotion person, and at Walt Disney Productions during his career. The 43-year-old "Wizard of Id," like Hart's 49-year-old "B.C." comic, will be continued by family members. Brant's son, Jeff, began working on "The Wizard of Id" in 1987, and took over for his father in 1997. From rforno at infowarrior.org Wed Apr 18 02:43:05 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 Apr 2007 22:43:05 -0400 Subject: [Infowarrior] - Yet another state rejecting Real ID act Message-ID: Gov signs law rejecting Real ID act By The Associated Press http://www.billingsgazette.net/articles/2007/04/17/news/state/28-law.txt HELENA - Gov. Brian Schweitzer signed a law Tuesday rejecting national driver's licenses for Montanans, saying the message to the federal government was "no, nope, no way, hell no." The bill the governor signed rejected implementing the Real ID act in Montana, a federal law that sets a national standard for driver's licenses and requires states to link their record-keeping systems to national databases. Montana joined two other states, Idaho and Arkansas, in enacting laws that outright refuse to comply with the federal law, according to National Conference on State Legislatures. Washington's legislature has also passed a similar bill and Maine and Hawaii have passed resolutions opposing the Real ID act. The law says that the federally approved identification cards eventually would be necessary to board airplanes or enter federal buildings. "We also don't think that bureaucrats in Washington D.C. ought to tell us that if we're going to get on a plane we have to carry their card, so when it's scanned through they know where you went, when you got there and when you came home," Schweitzer said. "This is still a free country and there are no freer people than the people that we have in Montana." Copyright ? 2007 Associated Press. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed. Published on Tuesday, April 17, 2007. Last modified on 4/17/2007 at 12:59 pm Copyright ? The Billings Gazette, a division of Lee Enterprises. From rforno at infowarrior.org Wed Apr 18 03:20:10 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 Apr 2007 23:20:10 -0400 Subject: [Infowarrior] - Wireless Security Puts IRS Data at Risk Message-ID: Would somebody kindly explain WTF the IRS is using wireless networking anywhere in their IT environment??? -rf April 17, 2007 Wireless Security Puts IRS Data at Risk By THE ASSOCIATED PRESS http://www.nytimes.com/aponline/technology/AP-IRS-Wireless-Security.html?_r= 1&oref=slogin&pagewanted=print Filed at 10:57 p.m. ET WASHINGTON (AP) -- Internal Revenue Service offices across the nation that use wireless technology are still vulnerable to hackers, according to the latest assessment of the agency's security policies released Tuesday. Despite efforts to improve wireless security the past four years, the Inspector General's assessment of 20 buildings in 10 cities discovered four separate locations at which hackers could have easily gained access to IRS computers using wireless technology. There was no evidence that the computers were connected to the IRS network at the time and no signs that any hacking had occurred, the report said. ''However, anyone with a wireless detection tool could pick up the wireless signal and gain access to the computer,'' wrote Michael Phillips, the Inspector General. And if an employee had been connected to the IRS network, ''a hacker conceivably could gain access to the IRS network,'' which contains sensitive financial data of more than 226 million taxpayers, he added. The vulnerabilities were discovered in Denver and at three other IRS facilities in Texas and Florida. Wireless networks are created by linking computers using hardware called routers. The devices enable wireless laptop or mobile device users, such as Treos, to send signals back and forth to each other. Data can be encrypted, but the report said that software available on the Internet can decode the encryption. The inspector general's office said it used inexpensive wireless equipment and software freely available on the Internet to scan the facilities for wireless signals. According to the report, the IRS also is not effectively monitoring its uses of wireless technology. As of May 2006, the agency had scanned fewer than 6 percent of all IRS offices - mainly in the Washington, D.C., and Baltimore metropolitan areas. The inspector general's office recommended increased of the IRS network for unapproved wireless devices and educating employees about security risks. The report said the agency agreed with the IG's recommendations and will implement them. From rforno at infowarrior.org Wed Apr 18 11:22:08 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Apr 2007 07:22:08 -0400 Subject: [Infowarrior] - RIM's BlackBerry system down: report Message-ID: RIM's BlackBerry system down: report Wed Apr 18, 2007 5:39AM EDT NEW YORK (Reuters) - A system failure at Research In Motion (RIM.TO: Quote, Profile, Research) has affected Blackberry users in the Western Hemisphere, a news channel reported on its Web site late on Tuesday. The infrastructure failed on Tuesday night, and e-mails were not being delivered to the handheld devices, WNBC.com reported. A Research In Motion representative was not immediately available for comment. But WNBC.com cited company officials as saying that they were trying to reset the system, but the problem would carry into Wednesday morning. ? Reuters 2006. All rights reserved. http://www.reuters.com/article/ousiv/idUSN1822488020070418 From rforno at infowarrior.org Wed Apr 18 12:13:28 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Apr 2007 08:13:28 -0400 Subject: [Infowarrior] - Rant: Scottrade Message-ID: Scottrade, the online brokerage, is in my media doghouse. So what's the problem? Simple -- I resent being carpet-bombed by a company who doesn't realize its ads have become so annoying and pervasive that they make you want to spork your eyes and ears out. In this case, the company's current TV ad campaign (with the Scottrade founder flying over a city in a helicopter) is a series of 15-second commercials that either "bookend" a commercial break or appear back-to-back within the same break. So you see two ads for the company during the break. Annoying, but bearable. BUT ---- they play these ads at least 3 times an hour, so you hear them QUITE frequently during the day. Not to mention, the music that kicks each spot off is grating and very annoying as the day goes on when you have the TV on during market hours. (Simply eliminating the first 2 seconds of the high-pitched brassy horn fanfare that begins each ad would make all the difference, IMO.) But we're not done yet -- now imagine when getting two "bookends" aired on CNBC's network-owned part of a commercial break, followed by two more "bookends" aired by Comcast in the portion of the same break the cable company can sell ads for.....meaning that you get FOUR annoying Scottrade ads in a single commercial break. On top of the 2 other 'bookends" you see during the hour as well, and you're Scottraded-to-death during the day. Although I spoke with the Chief Marketing Officer of Scottrade recently and he listened politely to my complaint, I don't think anything will change as the result of our chat. But I did appreciate the personal interaction with a senior executive at the firm. (Disclosure: I do NOT have an account with them, and likely won't ever do business with them.) I fail to see how pissing off customers serves to attract them to your brand. But then again, I'm not a marketing expert. Even Comcast -- another media firm I tend to despise for its carpet-bombing commercials -- has improved their status in my view during recent weeks. Grrr. -rick Infowarrior.org From rforno at infowarrior.org Wed Apr 18 13:17:16 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Apr 2007 09:17:16 -0400 Subject: [Infowarrior] - So, who's panicking this morning? Message-ID: Anyone suffering from Crackberry withdrawl? Anyone THANKFUL for the outage? Anyone's company/agency freaking out? Inquiring minds want to know. :) -Rick, Neither a Crackberry-owner nor plays one on tv From rforno at infowarrior.org Wed Apr 18 13:38:26 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Apr 2007 09:38:26 -0400 Subject: [Infowarrior] - Texas' new version of TIA Message-ID: (c/o Dangerroom) Printed from http://new.texasobserver.org/article.php?aid=2472 April 20, 2007 ? Features The Governor's Database Texas is amassing an unprecedented amount of information on its citizens by Jake Bernstein Piece by piece, Gov. Rick Perry?s homeland security office is gathering massive amounts of information about Texas residents and merging it to create the most exhaustive centralized database in state history. Warehoused far from Texas on servers housed at a private company in Louisville, Kentucky, the Texas Data Exchange?TDEx to those in the loop?is designed to be an all-encompassing intelligence database. It is supposed to help catch criminals, ferret out terrorist cells, and allow disparate law enforcement agencies to share information. More than $3.6 million has been spent on the project so far, and it already has tens of millions of records. At least 7,000 users are presently allowed access to this information, and tens of thousands more are anticipated. What is most striking, and disturbing, about the database is that it is not being run by the state?s highest law enforcement agency?the Texas Department of Public Safety. Instead, control of TDEx, and the power to decide who can use it, resides in the governor?s office. That gives Perry, his staff, future governors, and their staffs potential access to a trove of sensitive data on everything from ongoing criminal investigations to police incident reports and even traffic stops. In their zeal to assemble TDEx, Perry and his homeland security director, Steve McCraw, have plunged ahead with minimal oversight from law enforcement agencies, and even DPS is skittish about the direction the project has taken. In researching TDEx, the Observer reviewed more than a thousand pages of documents from the Office of the Governor, DPS, and the Department of Information Management. We interviewed law enforcement officials as well as McCraw. The narrative that emerged from the records?disputed by McCraw?is a headlong pursuit of control through information hoarding for a project in search of a purpose. Along the way, money has been squandered, sensitive data potentially lost, and security warnings unheeded. If information is power, Perry and his successors are about to become powerful in ways that are scaring civil libertarians, and probably should alarm every Texan. Texas agencies already have plenty of information on all of us?driver?s licenses, fingerprints, and proofs of address, details we provide every time we renew our licenses, register a car, or vote. Then there?s every brush with the law, all the criminal convictions, prison records, and so forth. Much of that information is now scattered about in different agencies and locations. Never has it been pulled together for the ease of access that TDEx promises. There?s also a less discernible realm of information that should perhaps concern the citizens of Texas more. In the course of doing their work, police agencies vacuum up enormous piles of tips, rumors, innuendo, guesses, false reports, and other useless material that they sift through to solve crimes and identify criminals. Access to this massive trove of information?files on cases in progress, notes about ?persons of interest? who may prove to be of no interest at all, details involving confidential informants?is closely guarded for good reason. Information worthless for solving a crime might be useful in other contexts. Like politics or personal revenge. The potential for abuse explains why access to existing federal and state crime databases is normally strictly controlled. Over the years?in the wake of scandals like J. Edgar Hoover?s secret FBI files and the increasing privatization of computer databases?federal regulations have evolved to ensure the safety of information and accountability for its use. Keeping a tight rein on who can access raw investigative data, and for what purposes, is supposed to prevent abuses large and small?from high officials who might misuse information for political purposes down to small town deputies who might be willing to sell information, or use it to track down an ex-wife?s new boyfriend. The federal rules apply to states that accept federal money and ensure the integrity of law enforcement efforts. Under federal rules, a database like TDEx must be run by a criminal justice agency. According to the FBI and DPS, Texas Homeland Security is not a criminal justice agency. McCraw, who has an extensive criminal justice background, including a stint as an assistant director of the FBI?s Office of Intelligence, has fought a pitched battle with DPS in his zeal to promote TDEx. Repeatedly DPS has raised concerns, chief among them whether the new database is even secure enough to keep unauthorized users from logging on because it lacks ?advanced authentication? to ensure that people accessing the database are who they say they are. DPS is also worried that the same user could be logged on to the system multiple times concurrently. Then there?s the problem of getting rid of bad data or faulty intelligence that finds its way into the system. Each agency that gives data to TDEx is responsible for the accuracy of its own information. But where once the mistake of a single police department was its own, TDEx offers the potential to amplify that error statewide. To identify weaknesses within TDEx, a database manager with the DPS Criminal Law Enforcement Division, at the direction of his boss, easily defeated the security of the user registration process last summer. He did it by employing an accurate and relatively easily obtained agency identification number, and used one of his son?s e-mail accounts. In retaliation, Jack Colley, the governor?s director of emergency management, revoked the DPS staffer?s access to TDEx. After DPS complained, it was reinstated 11 days later. McCraw says the audit and authentication issues raised by DPS have been resolved. He says that an on-again, off-again Texas Intelligence Council of law enforcement officials will eventually supervise TDEx. McCraw blames DPS reluctance to embrace TDEx on its fear of change. ?You are going to see a strong resistance institutionally to move to new things,? he says. Remarkably, in many ways TDEx seems to be an improvement over Texas Homeland Security?s first stab at a database run by a private contractor. On June 27, 2005, the Department of Information Resources, at McCraw?s behest, sent out a ?request for offer? to vendors that could provide a ?Solution for Local, Intra-State, and Inter-State Sharing of Offender and Other Investigative Data.? DPS was not consulted in the development of the offer request. The resulting contract given to Kentucky-based Appriss Inc. would initially be worth a little more than $759,000. The information department, which handle?s the state?s computer needs, originally was supposed to monitor how well Appriss did the job, but that arrangement quickly ran into a problem. Under federal law?relevant because federal money was being used?the contract had to be overseen by a criminal justice agency. So McCraw simply designated the department as one. ?I am writing to confirm the Texas Department of Information Resources (DIR) is an agency with law enforcement functions for the purpose of TDEx,? he wrote to Larry Olson, the department?s chief technology officer. While TDEx was getting under way, on August 29, 2005, Hurricane Katrina hit New Orleans. As Texas cities filled with Louisiana refugees, panic over the possible arrival of a criminal element from New Orleans seems to have gripped some Texas authorities. McCraw proposed a separate database that would group traffic law enforcement information, DPS criminal law enforcement reporting, the Texas Rangers database, consumer records amassed by a scandal-ridden private data company called ChoicePoint Inc., prison records from Appriss, and criminal information from the Louisiana State Police. (There are differing accounts of whether polygraph information, the inclusion of which if not redacted could have violated state law, was also provided. McCraw says no.) A private vendor was to create a global search capability for all the unstructured data. This new database would then be made available to analysts at the Texas Fusion Center, a crisis management bunker operated by the governor?s Division of Emergency Management. McCraw rushed through a contract with Northrop Grumman Corp. for a database project to last until October 2006 at a cost of $1.4 million in federal homeland security funds. ?The Louisiana State Police has informed Texas officials that known criminals are among our evacuee population,? reads a statement of work for Northrop. ?Moreover, we have been told that many of the individuals who were involved in heinous crimes at the Superdome are now a part of our evacuee population. There is a critical need to immediately collect and analyze criminal data related to evacuees and provide it to local law enforcement officials throughout Texas. This requires the rapid acquisition of information technology tools.? McCraw says today that the purpose of the project was to help DPS coordinate its criminal justice information. According to several accounts, DPS officials resisted this ?help,? and its Criminal Law Enforcement Division only handed over data?including open cases still under investigation?after being ordered to do so. By the summer of 2006, it was clear that Northrop could not make the project function and that the threat from Katrina evacuees appeared to be overblown. In addition to the fact that it didn?t work, the project had multiple flaws. Chief among DPS?s concerns was that it was not clear who at Northrop had access to the data, or what had become of it. In an e-mail on August 17, 2006, Kent Mawyer, chief of the enforcement division, wrote to McCraw: ?... with the termination of the project, I will be notifying NG to confirm delete of all data from affected servers ... to include any backups and closure of the firewall.? McCraw responded: ?Please hold off on any deletions until I have an independent audit conducted to ensure there are no excuses for meeting operational requirements.? Rather than go through the state auditor?s office, McCraw commissioned an audit of the project by a former colleague from his FBI days. She produced a five-page evaluation. Under a section on security, the audit read: Operation of the system has been suspended by DPS primarily for security reasons. Other than a firewall, the system had no front-end security (no access control) and it also collected no audit data (nothing to record what users had done). During its brief operation, the data was available theoretically to anyone at the DPS IP address who typed in the web address for the system. NG asserts that security features were eliminated from the proposal to cut costs; this appears to have been an inappropriate solution in the absence of alternative security measures. McCraw says some of the money for the Katrina project was spent on hardware and software that can still be utilized. He insists that the data DPS gave Northrop Grumman were eventually returned. Extensive public records requests have not revealed any documentation to that effect. Control and security of data would be an issue with Appriss as well. Some of the difficulty stems from using private vendors to handle sensitive material. For McCraw, this is the future and the only way to operate. ?What we are trying to build,? he says, ?is an intelligence capability or intelligence-sharing capability. Not do it in the old ways, where it takes four years to roll out, and not do it where the government is going to do it, where it?s cost prohibitive, but to do it in a way that leverages the private sector?s capability and know-how.? Fortunately, there are federal guidelines laid out by the FBI?s Criminal Justice Information Services Advisory Policy Board. As part of the CJIS guidelines, before a private vendor can handle sensitive material, its staff must undergo background and fingerprint checks. CJIS also contains policies governing the operation of computers, access devices, circuits, hubs, routers, firewalls, and other components that comprise and support a network. According to DPS, as of April 11, Appriss is still not CJIS compliant. McCraw disputes this. ?DPS is wrong,? he says. ?We?re more in compliance with CJIS security requirements than CJIS.? McCraw knows from experience that larger Texas police departments will not give their files to a system that is not CJIS compliant for fear of compromising their data. DPS has heard from the McAllen and Plano police departments, which have voiced concern over TDEx for this very reason. And it?s not unfounded. As late as October 2006, more than a year after Appriss signed its contract and after receiving sensitive data from the Texas Rangers and the state Highway Patrol, Appriss had not given Texas authorities fingerprints or background checks of all its employees handling the data, according to e-mails obtained by the Observer. There were also questions about the security of the company hired to shred documents for Appriss. (McCraw says all background checks have since been completed.) In hope of providing some form of monitoring over the Appriss facilities, Texas DPS authorities began discussions with the Kentucky State Police to make them a ?supervisory? criminal justice agency for site security. No agreement was formalized. In a recent interview, McCraw insists that there are sufficient safeguards and it?s no longer necessary. ?In today?s world, where the warehouse is doesn?t matter, as long as it?s in complete compliance with all the security protocol and ... you have the ability to audit at any time,? he says. Others disagree. ?Once that data leaves, you?ve lost control,? says one law enforcement official knowledgeable about TDEx who requested anonymity. One sticking point for DPS was how Appriss would provide a statewide network to deliver the information that would be sufficiently secure. There was one available: the FBI?s Law Enforcement Online network. DPS urged Appriss to use it. McCraw nixed the idea. ?... my concerns with LEO is simply this: If it is not funded or there are other FBI priorities as in the past we lose,? McCraw e-mailed a DPS supervisor from his Blackberry. Because of these and other issues, the DPS?s Criminal Law Enforcement Division decided that despite McCraw?s objections, it would only provide TDEx with information on closed cases. In some ways, TDEx?s goals are not necessarily bad. The need for law enforcement agencies to better communicate and share information with each other has been widely recognized by the 9/11 Commission, among others. But even if the TDEx system could solve its significant security hurdles and manage to function as intended, there would still be the issue of its control by the governor?s office. Asked about the dangers involved in allowing a political office to control such a database, McCraw replies, ?I?m the only one [from the governor?s office] that has access to TDEx, and the reason I have access to it now is not because I need it, but because I?m just testing its capability.? When it was pointed out that Jack Colley, director of the governor?s emergency management division, also had access, McCraw backtracked and took refuge in the idea that no matter who the user, there would be an audit trail of their searches. Civil libertarians are not assuaged by this kind of answer. ?Criminal intelligence data should be in the hands of a professional law enforcement agency that has distance from the political pressures on elected officials,? says Rebecca Bernhardt, immigration, border and national security policy director for the Texas ACLU. ?How can we be sure that we will never have a governor who will misuse this power?? Rather than take a serious look at these issues, the Texas Legislature seems intent on giving Perry even more power. The governor is pushing an appropriation of $100 million for border and homeland security. Presumably, some of that money would be used for TDEx. House State Affairs Chairman David Swinford, a Dumas Republican, is offering House Bill 13, ?relating to homeland security issues.? The bill is scheduled for hearing on Friday, April 13. Leading up to the hearing, the bill?s content was a bit of a moving target. Two days before the hearing, there already had been two committee substitutes, with the possibility of a third on the way. The most recent version had a provision that reads: ?The Department of Public Safety of the State of Texas shall provide to the State Office of Homeland Security any criminal intelligence information that the director of the State Office of Homeland Security determines is relevant to Homeland Security operations.? Asked about this provision, McCraw vowed that it would not be in the final version. ?I?m sure there are some that think I was conspiring to take over criminal intelligence,? he says. ?I got enough problems tying my shoelaces; it?s not about one agency, it?s about multiple agencies working as a team.? Meanwhile, the Perry Alliance Network paid for by Texans for Rick Perry has been sending out e-mails in support of Swinford?s bill. From rforno at infowarrior.org Wed Apr 18 14:18:42 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Apr 2007 10:18:42 -0400 Subject: [Infowarrior] - Privacy concerns dog Google-DoubleClick deal Message-ID: Privacy concerns dog Google-DoubleClick deal By Stefanie Olsen http://news.com.com/Privacy+concerns+dog+Google-DoubleClick+deal/2100-1024_3 -6177029.html Story last modified Wed Apr 18 06:25:08 PDT 2007 There is growing unease among consumer privacy advocates over Google's proposed $3.1 billion acquisition of DoubleClick. How will the search-advertising powerhouse treat the massive amounts of data it already stores on people's search histories, once it also has at its disposal a storehouse of data on people's surfing habits from DoubleClick, the No. 1 digital ad-serving company? Specifically, will Google combine the two data systems to map not only what someone searches for, but also which sites they visit, videos they watch and ads they click across the Web in order to better target marketers' promotions? "It leaves too much personal information about all of us in one company's hands--Google's," said Jeff Chester, founder and executive director of the Center for Digital Democracy, a privacy watchdog. The CDD has called on the Federal Trade Commission and European Union to stop the merger for privacy and anticompetitive concerns. On Monday, Microsoft (which reportedly was also in talks to acquire DoubleClick) and AT&T stoked those fears and also asked the FTC to examine the merger for anticompetitive issues around online advertising. Google says such fears are unwarranted. (The deal is expected to close later this year.) When asked about such worries Tuesday at the Web 2.0 Expo in San Francisco, Google CEO Eric Schmidt replied that the company recognizes the importance of privacy and making people comfortable with its practices. He speculated that Google could create an opt-in system for consumers or maintain separate data storehouses. "It's a legitimate concern. If we lose our advertisers' support or end-user support, the company goes kaput," Schmidt said. Google representatives did not immediately respond to requests for additional comment, but Nicole Wong, Google's associate general counsel, told The Los Angeles Times that the company hopes to merge the "nonpersonally identifiable data" from Google and DoubleClick to better target ads. She said that could help prevent consumers from being bombarded with repetitive promotions. Personally identifiable data like names and e-mail addresses will be kept apart. Schmidt and Wong's assurances notwithstanding, privacy advocates worry that Google's vision for protecting users' personal information on the Web, and therefore its privacy policies and practices, haven't yet caught up with the breakneck pace of the company's expansion. DoubleClick was intensely criticized for the way it handled users' personal information during the dot-com boom. "This is bringing together two very large advertising networks. To the extent that information is being centralized raises concerns that it could become a target" for hackers or overzealous government investigators, said Kurt Opsahl, senior staff attorney at the Electronic Frontier Foundation, a legal advocacy group. "Google said it has no plans to integrate the two services...but that doesn't mean that later, you might not develop those plans." During the dot-com bubble, DoubleClick was to online advertising what Google is to Web search today. The company dominated the field so much that when it bought offline direct marketer Abacus and eventually began combining data on customers' real-world buying habits with their online behaviors, consumer privacy advocates sounded warning bells. The FTC stepped in, and DoubleClick eventually backed away from the consumer media business and from targeting ads based on people's behavior. Part of DoubleClick's retreat could be attributed to increased competition: Google and Yahoo became advertising powerhouses and made DoubleClick's business not as lucrative as it once was. For Google, the DoubleClick deal is about breaking open the display-advertising market on the Web in the way it did with search marketing, media executives say. By turning search advertising into an opportunity for anyone with a credit card and Web page, Google has attracted more than a million advertisers for its search ad marketplace, according to one advertising executive. But display advertising on the Web is still dominated by about 1,000 of the largest marketers. With DoubleClick, Google could try to democratize display and rich-media ads the same way as it did with search, expanding the number of advertisers in the mix. In turn, it could boost demand for ad-serving technology that DoubleClick sells. Media executives estimate that DoubleClick reaches between 80 percent and 85 percent of the Web population, given that such a high percentage of publishers and advertisers use its back-end ad-serving technology. (Its customers include Time Warner's AOL and Viacom's MTV Networks.) Although DoubleClick's technology delivers the ads, the company does not collect personal information about Web surfers, nor does it target ads based on personal preferences, according to the company. Rather, it says its customers--the publishers and advertisers--own data on consumers. DoubleClick doesn't need to collect personal information in order to target ads, privacy advocates say. With the placement of tracking cookies on individual computers, the company has access to a given computer's Internet Protocol address, as well as a record of sites it has visited. "The question for DoubleClick is not whether they own the data but whether they store it," Opsahl said. "They have a storehouse of information that could be later accessed by a third party." The scary scenario for privacy advocates would be if Google were to combine its own storehouse of data on users--yielded through cookies and other personal information given up for services like Gmail--with DoubleClick's data. It would then have unparalleled visibility into people's online behavior, a point brought home last year when AOL accidentally leaked the search histories of users. What's more, with Google venturing into ad sales for offline media, including radio, TV and print, the company could eventually have a user profile database that goes well beyond what DoubleClick ever planned. Google, for example, just introduced a free voice-activated local-search service for the cell phone and landlines. "You start to add on more and more collections of information, and they have the ability to tie all of this together, and that poses a major potential for privacy risk in the future," said Ari Schwartz, deputy director for the Center for Democracy and Technology, an advocacy group in Washington. Merger may spur dialogue on practices Still, privacy advocates think the merger could be an opportunity to talk to Google about its practices and put together some clear privacy standards for the industry. The CDT has urged the FTC to hold a workshop on behavioral targeting to set best practices in the industry and get players like Microsoft, Google and Yahoo to agree on them. The organization wants to ensure that people have control in the event that these companies begin to merge consumer information from search and Web-surfing records to personalize ads. Google currently targets ads to people based only on the context of their searches. A search for lemon pie recipes, for example, might yield an ad for Martha Stewart's recipe database. It also uses IP addresses to target people by their location. Schwartz, whose CDT brought privacy action against DoubleClick in 2000, said Google called the center after the purchase was finished. Although CDT is still talking to Google, he said the group has some concerns with the acquisition that aren't necessarily related to DoubleClick's collection practices. They deal more with the wide-ranging projects Google has tackled without developing clear privacy policies for each one. For example, Google is forward about letting people know about the privacy implications involved with installing its Toolbar application, saying "it's not the usual yada yada yada" and that it will collect Web-surfing footprints from the user if he or she opts in. In contrast, Schwartz said Google has been unclear on how long it takes Gmail to get rid of e-mail, once a user has deleted it, unlike rival Yahoo. Earlier this year, Google also changed its data retention policy. Now the company will purge search query data associated with cookies and IP addresses after 18 to 24 months, rather than its previous policy of keeping them forever. Still, privacy advocates would like to see Google come up with data retention policies for other services on its site, such as histories associated with watching videos on YouTube. "There's a complexity there about where they're going. They've had this goal of collecting all of the world's information and making it publicly searchable, but they haven't had the corresponding policy to protect privacy," Schwartz said. "They've had a shadow of protection in what they discuss by 'not doing evil,' but they don't have that bigger vision," he added. Opsahl said he would like to see Google consider rendering the IP addresses that DoubleClick collects through its ad servers more private, the way Google itself has done. Google recently said it will remove the last quartet of the IP address associated with an individual computer so the number is lumped into a larger set of 256 IP numbers. That way, it can target people based on country, not by computer. "It's a step in the right direction; it's not complete anonymity," he said. The goal, Opsahl said, is "to minimize the amount of information collected to only the necessary info to operate the business, and keep it for minimum amount of time. That's something to continue the dialogue with Google about." Some think Google just hasn't yet been able to articulate its vision for consumer privacy. On a conference call announcing the DoubleClick deal Friday, even one of Google's co-founders had difficulty articulating his company's plans. "Overall, we care very much about end-user privacy, and that's really going to take the No. 1 priority when we contemplate new kinds of ad products," co-founder Sergey Brin said. "So I think anything along those lines..." and Brin trailed off. Then he added: "There are quite a few challenges with such a plan, with respect to how we feel about privacy." Copyright ?1995-2007 CNET Networks, Inc. All rights reserved. From rforno at infowarrior.org Wed Apr 18 14:40:21 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Apr 2007 10:40:21 -0400 Subject: [Infowarrior] - OT: SCOTUS Backs Ban on Abortion Procedure Message-ID: Court Backs Ban on Abortion Procedure Apr 18 10:18 AM US/Eastern By MARK SHERMAN Associated Press Writer http://www.breitbart.com/article.php?id=D8OJ2HV82&show_article=1 WASHINGTON (AP) - The Supreme Court upheld the nationwide ban on a controversial abortion procedure Wednesday, handing abortion opponents the long- awaited victory they expected from a more conservative bench. The 5-4 ruling said the Partial Birth Abortion Ban Act that Congress passed and President Bush signed into law in 2003 does not violate a woman's constitutional right to an abortion. The opponents of the act "have not demonstrated that the Act would be unconstitutional in a large fraction of relevant cases," Justice Anthony Kennedy wrote in the majority opinion. The decision pitted the court's conservatives against its liberals, with President Bush's two appointees, Chief Justice John Roberts and Justice Samuel Alito, siding with the majority. Justices Clarence Thomas and Antonin Scalia also were in the majority. It was the first time the court banned a specific procedure in a case over how?not whether?to perform an abortion. Abortion rights groups have said the procedure sometimes is the safest for a woman. They also said that such a ruling could threaten most abortions after 12 weeks of pregnancy, although government lawyers and others who favor the ban said there are alternate, more widely used procedures that remain legal. The outcome is likely to spur efforts at the state level to place more restrictions on abortions. More than 1 million abortions are performed in the United States each year, according to recent statistics. Nearly 90 percent of those occur in the first 12 weeks of pregnancy, and are not affected by Tuesday's ruling. Six federal courts have said the law that was in focus Wednesday is an impermissible restriction on a woman's constitutional right to an abortion. The law bans a method of ending a pregnancy, rather than limiting when an abortion can be performed. Copyright 2007 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed. From rforno at infowarrior.org Wed Apr 18 17:34:17 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Apr 2007 13:34:17 -0400 Subject: [Infowarrior] - Our benevolent surveillance state Message-ID: Wednesday April 18, 2007 11:31 EST Our benevolent surveillance state http://www.salon.com/opinion/greenwald/?last_story=/opinion/greenwald/2007/0 4/18/surveillance/ The expansion of the Surveillance State is endless. Buried within an ABC report on the Virginia Tech shootings is this paragraph (h/t reader DT): Some news accounts have suggested that Cho had a history of antidepressant use, but senior federal officials tell ABC News that they can find no record of such medication in the government's files. This does not completely rule out prescription drug use, including samples from a physician, drugs obtained through illegal Internet sources, or a gap in the federal database, but the sources say theirs is a reasonably complete search. Is there any good reason whatsoever why the federal government should be maintaining "files" which contain information about the pharmaceutical products which all Americans are consuming? The noxious idea has taken root in our country -- even before the Bush presidency, though certainly greatly bolstered during it -- that one of the functions of the federal government is to track the private lives of American citizens and maintain dossiers on what we do. If that sounds hyperbolic, just review the disclosures over the course of recent years concerning what data bases the Federal Government has created and maintained and the vast amounts of data they contain -- everything from every domestic telephone call we make and receive to the content of our international calls to "risk assessment" records based on our travel activities to all sorts of information obtained by the FBI's use of NSLs. And none of that includes, obviously, the as-yet-undisclosed surveillance programs undertaken by the most secretive administration in history. It is true that much (though not all) of this data is already scattered in the hands of various private corporations and insurance companies. But, for multiple and self-evident reasons, it presents a fundamentally different type and level of threat when it is all consolidated and centralized in the hands of the federal government. Amazingly, it is the political movement that spent all of the 1990s stridently warning of the dangers of federal government power -- The Black Helicopters And Janet Reno Are Coming -- which has brought us this Surveillance State and continues to cheer on its infinite expansion. The federal government data base which contains all of our controlled substance prescriptions, for instance, was mandated by a law -- The National All Schedules Prescription Electronic Reporting Act -- passed in 2005 by the Republican-controlled Congress (though with full bipartisan support) and signed into law by the "conservative" Leader. That law appropriates funds to each state to create and maintain these data bases which are, apparently, accessible to federal agencies, federal law enforcement officials, and almost certainly thousands of other state and federal employees (as well as, most likely, employees of private companies). Along these lines, the Department of Homeland Security last month promulgated proposed regulations for enforcement of the so-called Real ID Act of 2005 (.pdf). Those regulations require that every state issue technologically compatible Driver's Licenses which enable, in essence, uniform and nationwide tracking of all sorts of private information about every individual. Just as the Prescription Drug Tracking Law is "justified" by the Drug War, these national ID cards are justified by the War on Terrorism. As the Homeland Security Department explains: The 9/11 Commission endorsed the REAL ID requirements, noting that: "For terrorists, travel documents are as important as weapons . . . All but one of the 9/11 hijackers acquired some form of identification document, some by fraud. Acquisition of these forms of identification would have assisted them in boarding commercial flights, renting cars, and other necessary activities." EPIC notes that "the deadline for public comment [on the DHS regulations] is May 8, 2007" -- and from what I understand, more public comments are needed from people who have strong views about these regulations. EPIC explains why these regulations are so disturbing: The requirement for non-REAL ID-compliant DL/ID to have explicit "invalid for federal purposes" designations, turns this "voluntary" card into a mandatory national ID card. Anyone with a non-REAL ID-compliant card would be instantly suspicious. Compliant cards would be necessary for federal purposes such as entering courthouses, air travel or receiving federal benefits, such as Medicaid or Social Security. It would be easy for insurance companies, credit card companies, even video stores, to demand a REAL ID-compliant DL/ID in order to receive services. That the "conservative" movement is ushering in measures such as a federal law mandating that every state create National ID cards is ironic on multiple levels. But as Wired's Ryan Singel notes, numerous states -- the latest being Montana (after Idaho, Arkansas and Maine) -- have enacted laws refusing to comply with these requirements on the ground that they infringe on the privacy of the citizens of that state and/or on the ground that the law violates federalism principles by taking over areas (i.e., regulating driver's licenses) traditionally preserved for the states. For those reasons, many other states, particularly in the Mountain West and even the Deep South, are on their way to enacting similar laws refusing to comply. It is simply no longer news when the "conservative" movement violates every "small-government" and states' rights principle it pretended to embrace ("conservatives" Andy McCarthy, David Frum, and John Yoo tonight are appearing at an event to argue for this Orwellian proposition: "Better More Surveillance than Another 9/11"). Apparently, we need to empower the federal government to maintain comprehensive dossiers on all Americans, otherwise our freedoms might be at risk from The Terrorists. It is hardly worth pointing out that the idea of the Federal Government engaging in massive surveillance of innocent American citizens is about as far away from the core beliefs of the American Founders as one can get. Anyone who does not realize that is likely beyond the realm of persuasion. But the only people who would think that it is fine to have the Federal Government compiling dossiers like this are those who place blind faith in our Leaders not to abuse their power. But that is the ethos that is the exact opposite of the one on which the country was founded, but which has come to dominate so much of our political culture. -- Glenn Greenwald From rforno at infowarrior.org Wed Apr 18 17:58:03 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Apr 2007 13:58:03 -0400 Subject: [Infowarrior] - Google Info on removing info from their cache Message-ID: Requesting removal of content from our index Posted by Vanessa Fox 4/17/2007 04:04:00 PM As a site owner, you control what content of your site is indexed in search engines. The easiest way to let search engines know what content you don't want indexed is to use a robots.txt file or robots meta tag. But sometimes, you want to remove content that's already been indexed. What's the best way to do that? As always, the answer begins: it depends on the type of content that you want to remove. Our webmaster help center provides detailed information about each situation. Once we recrawl that page, we'll remove the content from our index automatically. But if you'd like to expedite the removal rather than wait for the next crawl, the way to do that has just gotten easier. < - > http://googlewebmastercentral.blogspot.com/2007/04/requesting-removal-of-con tent-from-our.html From rforno at infowarrior.org Wed Apr 18 19:26:21 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Apr 2007 15:26:21 -0400 Subject: [Infowarrior] - Blackberry Outage Fixed, but Backlog Remains Message-ID: Blackberry Outage Fixed, but Backlog Remains By Sam Diaz Washington Post Staff Writer Wednesday, April 18, 2007; 3:06 PM http://www.washingtonpost.com/wp-dyn/content/article/2007/04/18/AR2007041800 496_pf.html A service outage that left millions of Blackberry users across North America without e-mail service for much of last night and this morning has been fixed, but the backlog of e-mails on the network could keep the system from returning to normal for some time. Research In Motion, the Toronto-based company that provides the service, said in a statement that the cause of the outage is being investigated and that the network is being monitored to maintain normal service levels. The disruption occurred sometime last evening, and service was intermittent throughout the night. It affected e-mail customers on all wireless companies. Voice services on Blackberry devices were not affected. Verizon Wireless said its broadband and data services -- which allow users to send text messages and surf the Internet -- were not impacted. And users of handheld e-mail and smartphone devices, such as the Palm Treo, were not affected. Blackberry users in Europe also were not affected. AT&T Wireless said their customers were affected beginning at 8 p.m. yesterday. A company spokesman said RIM contacted them at 6 a.m. this morning and said service had been restored but the backlog of messages from overnight hours would take time to reach users. Still, the disruption was enough to frustrate business users who have come to depend on the handheld device to communicate with business contacts. Rebecca Skloot, a New York freelance writer and part-time teacher at New York University, said she first noticed the outage around 8 p.m. yesterday when e-mails that she had sent earlier started bouncing back. "I'm completely dependent on my Blackberry," she said. "It's how I keep my life organized. If my Blackberry goes down, I'm lost." When e-mails started bouncing back, she thought something was wrong with her device, she said. "I kept rebooting, taking the battery out, shaking it, as if any of these things would help," she said. "That was before I knew about the outage." From rforno at infowarrior.org Thu Apr 19 00:31:18 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Apr 2007 20:31:18 -0400 Subject: [Infowarrior] - State Department Got Mail -- and Hackers Message-ID: State Department Got Mail -- and Hackers Wednesday April 18, 8:29 pm ET By Ted Bridis, Associated Press Writer Hackers Used Mysterious E-Mail to Break Into State Department Computers http://biz.yahoo.com/ap/070418/hackers_state_department.html?.v=5 WASHINGTON (AP) -- A break-in targeting State Department computers worldwide last summer occurred after a department employee in Asia opened a mysterious e-mail that quietly allowed hackers inside the U.S. government's network. In the first public account revealing details about the intrusion and the government's hurried behind-the-scenes response, a senior State Department official described an elaborate ploy by sophisticated international hackers. They used a secret break-in technique that exploited a design flaw in Microsoft software. Consumers using the same software remained vulnerable until months afterward. Donald R. Reid, the senior security coordinator for the Bureau of Diplomatic Security, also confirmed that a limited amount of U.S. government data was stolen by the hackers until tripwires severed all the State Department's Internet connections throughout eastern Asia. The shut-off left U.S. government offices without Internet access in the tense weeks preceding missile tests by North Korea. Reid was scheduled to testify Thursday at a cybersecurity hearing for a House Homeland Security subcommittee. He was expected to tell lawmakers an employee in the State Department's Bureau of East Asian and Pacific Affairs -- which coordinates diplomacy in countries including China, the Koreas and Japan -- opened a rigged e-mail message in late May giving hackers access to the government's network. The chairman of the Homeland Security Committee, Rep. Bennie Thompson, D-Miss., said hackers are no longer considered harmless, bored teenagers. "These are experienced, sophisticated people who are trying to exploit our vulnerabilities and gain access to our information," Thompson said. Reid was not expected to disclose the identities or nationalities of the hackers believed to be responsible for the break-ins or to disclose whether U.S. authorities believe a foreign government was responsible. The department struggled with the break-ins between May and early July. The panel's chairman, Rep. James R. Langevin, D-R.I., called cybersecurity an often-overlooked line of defense. "Since much of our critical infrastructure is dependent on computers and networks and is interconnected and interdependent, a cyberattack could disrupt major services and cripple economic activity," Langevin said. The mysterious State Department e-mail appeared to be legitimate and included a Microsoft Word document with material from a congressional speech related to Asian diplomacy, Reid said. By opening the document, the employee activated hidden software commands establishing what Reid described as backdoor communications with the hackers. The technique exploited a previously unknown design flaw in Microsoft's Office software, Reid said. State Department officials worked with the Homeland Security Department and even the FBI to urge Microsoft to develop quickly a protective software patch, but the company did not offer the patch until Aug. 8 -- roughly eight weeks after the break-in. Microsoft said it works as quickly as possible to provide customers with security updates. "If we release a security update that is not adequately tested, we could potentially put customers at risk, especially as the release of an update can lead to reverse-engineering the fix and lead to broader attacks," said Microsoft's senior security strategist, Phil Reitinger. "Updates must be able to be deployed by customers with confidence." At the time, Microsoft described the software flaw as "a newly discovered, privately reported vulnerability" but did not suggest any connection to the U.S. government break-in. It urged consumers to apply the update immediately. It also recommended that consumers not open or save Microsoft Office files they receive from sources they don't trust or files they receive unexpectedly from trusted sources. The State Department detected its first break-in immediately, Reid said, and worked to block suspected communications with the hackers. But during its investigation, it discovered new break-ins at its Washington headquarters and other offices in eastern Asia, Reid said. At first, the hackers did not immediately appear to try stealing any U.S. government data. Authorities quietly monitored the hackers' activity, then tripwires severed Internet connections in the region after a limited amount of data was detected being stolen, Reid said. Reid also complained the State Department's efforts to deal quietly with the break-in were disrupted by news reports. The Associated Press was first to reveal the intrusions. "We were successful here until a newspaper article telegraphed what we were dealing with," Reid said. From rforno at infowarrior.org Thu Apr 19 00:44:43 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Apr 2007 20:44:43 -0400 Subject: [Infowarrior] - Washington Governor Signs Bill Rejecting REAL ID Message-ID: (yet another state does the right thing........rf) Washington Governor Signs Bill Rejecting REAL ID (4/18/2007) http://www.aclu.org/privacy/gen/29426prs20070418.html FOR IMMEDIATE RELEASE CONTACT: media at aclu.org State Rebellion against De Facto National ID Card Spreads SEATTLE, WA - As part of a growing state rebellion, Gov. Christine Gregoire today signed a bill rejecting REAL ID, a new federal identification system that would create a de facto national ID card. Legislatures in four other states ? Maine, Idaho, Arkansas and Montana ? also have adopted measures opposing REAL ID, and lawmakers in more than 20 other states are considering similar action. The measure will prohibit state implementation of the REAL ID Act, unless the federal government fully funds it and provides stronger protections for the privacy of Washington drivers. The measure (SB 5087) passed both chambers of the legislature with bipartisan support, including an overwhelming 95-2 vote in the House. Senator Mary Margaret Haugen (D-Camano Island) was the bill?s prime sponsor, and Senators Dan Swecker (R-Rochester) and Ed Murray (D-Seattle) were cosponsors. ?Lawmakers from both parties took a strong stand against REAL ID. It would threaten personal privacy, as well as create a bureaucratic nightmare to implement,? said American Civil Liberties Union of Washington Legislative Director Jennifer Shaw. Passed by Congress in 2005, the REAL ID Act requires states to produce standardized driver?s licenses and to store the drivers? information in nationally connected databases ? creating a de facto national ID card. By placing personally identifiable information in databases accessible across the country, REAL ID makes the information more vulnerable to identity theft and misuse. The law requires states to start issuing these licenses by Dec. 31, 2009, but it did not set aside funds to make that possible. In Washington, the net costs of implementing this new system would be approximately $50 million per year for the first five years, according to a survey by the American Association of Motor Vehicle Administrators. REAL ID has drawn opposition from organizations across the political spectrum, including the American Bar Association, the American Conservative Union, the Council of State Governments, Gun Owners of America, the National Coalition Against Domestic Violence, the National Conference of State Legislatures and the National Governors Association. More information about REAL ID is available online at: www.realnightmare.org. From rforno at infowarrior.org Thu Apr 19 16:20:43 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 19 Apr 2007 12:20:43 -0400 Subject: [Infowarrior] - RIAA Subpoenas High School Student for Deposition Message-ID: The RIAA idiots continue to demonstrate new levels of stupidity, greed, and ways to prepare for industry hari-kari. Yay, RIAA. -rf RIAA Subpoenas High School Student for Deposition; Demands He Miss Class; Gives Only 1-Day Notice; in Houston, Texas, case http://recordingindustryvspeople.blogspot.com/2007/04/riaa-subpoenas-high-sc hool-student-for.html In a Houston, Texas, case, UMG v. Hightower, the RIAA subpoenaed a high school student on 24 hours notice to appear for a deposition at 9:00 A.M. at their lawyer's office, on a school day. The student was the son of the defendant. Defendant's lawyer filed a motion to quash the subpoena, and objections: April 16, 2007, Motion to Quash Subpoena and Objections* Ms. Hightower is represented by J. Goodwille Pierre, of Walker, James, Dhingra, and Pierre, of Houston, Texas. From rforno at infowarrior.org Thu Apr 19 21:49:25 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 19 Apr 2007 17:49:25 -0400 Subject: [Infowarrior] - LOpht in Transition Message-ID: >From CSOonline.com Information Security LOpht in Transition http://www.csoonline.com/read/040107/fea_lopht_pf.html Most of the '90s hacking group have emerged in legitimate roles. Was their work ultimately boon or bane for security? By Michael Fitzgerald Brian Oblivion. Kingpin. Mudge. Space Rogue. Stefan von Neumann. Tan. Weld Pond. That?s how the hacker group called the L0pht appeared before the Senate Subcommittee on Government Cybersecurity on May 19, 1998. They said, among other things, that they could take down the Internet in 30 minutes. The senators listened closely and afterward praised them effusively. It was a landmark moment for hackers, shunned, derided and loathed by the technology industry. And it was a landmark for the L0pht too. Though the group was already known for its vulnerability disclosures, for the Hacker News Network, for tools like the hash cracking tool L0phtCrack, now ?everybody [in the hacking community] wanted to be the L0pht,? remembers Jeff Moss, founder of the Black Hat and Defcon security conferences. Not bad for a group that got its start when someone?s wife said it was time to get his computers out of the bathtub. The L0pht shaped the way disclosures are handled and helped force vendors like Microsoft to change the way they address software security flaws. There?s no question, either, that by raising the visibility of security problems, the group spurred companies to begin paying more attention to security. ?You knew you?d better rattle your own doorknobs before the hackers did,? says John Pescatore, a longtime information security analyst at Gartner. Some think, though, that visibility has hurt software security. ?They were the Led Zeppelin of gray hat hacking,? says Marcus Ranum, who is credited with creating the first commercial firewall product and is now CSO at Tenable Network Security. ?By releasing gray hat tools and techniques they were able to get a tremendous amount of attention. And they opened the floodgates for all the bottom feeders that followed them.? Ironically, it was Ranum himself who helped give the L0pht credibility. As CEO of NFR, which made software to find intruders on corporate networks, Ranum used the L0pht?s vulnerability research to strengthen his product, and hired the L0pht both to do a code review and to write modules for his product, giving the group a legitimate corporate client to tout. He says he considers the L0pht members his friends and says they are ?great guys.? But he thinks those who have followed them find vulnerabilities almost as a way to blackmail corporations. He blames the L0pht, saying, ?They have changed the industry for the worse.? Nothing in the L0pht?s emergence from Boston?s bulletin board community in 1992 suggested it would achieve any more notoriety than other hacker collectives of the day. Brian Oblivion, a hacker with strong interests in radio communications, founded the group. Oblivion declined to be interviewed for this article, saying via Space Rogue that he was too busy. Chris Wysopal, who joined the L0pht in late 1992 as Weld Pond (a handle chosen by pointing at random at a map of the Boston area, because the bulletin board The Works forbade members to use real names), says that Oblivion ?had so many computers in the bathroom that his wife couldn?t use it anymore.? She gave the group space in the South End artist?s loft where she made hats. And for several years, the L0pht was just a place for Oblivion and his friends to hang out after work and store their growing collection of computing equipment. Among those friends were Space Rogue and a teenage hacker and skateboarder named Joe Grand, who went by the handle Kingpin (named for the bolt that runs through the truck, or axle, of a skateboard). Grand calls from the road. He?s often on the road, literally?he is a triathlete good enough to have a sponsor. He?s 31 now and runs his own San Diego design shop, Grand Idea Studio, which has designed RFID and GPS modules for Parallax, an in-game videocamera for Gamecaster, and his best design yet, a video game accessory that he has licensed but can?t talk about. Grand, an electrical engineer, has also written two books on hardware hacking and is a technical adviser to Make magazine. If all goes well with a pilot he?s recently shot, this fall we?ll see him on an engineering show on the Discovery Channel. Yet he?s nostalgic about the L0pht. ?I?m having a really hard time with realizing that I?m twice as old as when I joined the L0pht,? he says. ?We did so many great things?what can I do to top that?? The L0pht originally built a network so they could play Doom against each other. But they got more serious in 1994 and 1995, shedding some members and adding others with specific technical skills that complemented the group. They moved to a larger space in Watertown, Mass. Excepting Grand, who was still in high school, all of the L0pht held various day jobs, often working together at places like Comp?USA, Massachusetts General Hospital or BBN Technologies, the fabled research lab (Weld Pond, Brian Oblivion, Mudge and Silicosis all worked there at some point). They kept their identities hidden, in part to keep their day jobs. Everyone in the hacking community knew Dan Farmer had been fired from his job for releasing the Satan network analyzer. But the group wanted to turn the L0pht into a day job. The charismatic, long-tressed Peiter ?Mudge? Zatko had emerged as the group?s public face, if not its de facto leader. He developed, along with Wysopal, L0phtCrack, a tool that revealed weak passwords. Released in 1997, it?s still available on some websites today. ?Back then, the companies would pretend [vulnerabilities] weren?t real,? says Bruce Schneier, the noted cryptographer and CTO of BT Counterpane. Schneier says the L0pht?s ability to build tools like L0phtCrack forced vendors to address security problems. ?That?s the reason we have more secure software today. If it wasn?t for that, Microsoft would still be belittling, insulting and suing researchers,? he says. By late 1998, the L0pht was actively trying to attract venture capital and turn itself into a real business?it had pushed out Stefan von Neumann and a couple of other short-lived members, and hired Christien Rioux (known as Dildog) and Paul Nash (known as Silicosis) to support L0phtCrack and do custom work for companies like NFR. The L0pht was not the first group of hackers to offer professional services or tools, but even in the giddy late 1990s, hackers still had an unsavory reputation. Finally, @stake, a security consulting firm, came to the group with $10 million in VC money and told the L0pht it could continue its research. The members voted to join it. Even so, that merger, announced Jan. 10, 2000, marked the symbolic end of the L0pht. Over the next few years, its members were fired or drifted away, and @stake itself was gobbled up by Symantec in 2004. The only member of the L0pht still there is Nash. The transition was particularly difficult for Zatko, who spent six months on disability and left @stake after just two years. Today, Zatko?s office at BBN is a rest area for sundry things. There?s a dead computer on a chair, and a working circa-1940s polygraph machine on a table. In a corner are two fishing rods and an antenna, part of an impromptu communications experiment. There?s a guitar signed by one-time porn stars Barbara Dare and Jamie Summers. A bound copy of the L0pht?s testimony in front of the Senate is on a shelf. On one wall hangs a picture of him with President Bill Clinton and Vinton Cerf, in which Zatko?s light brown hair is still rock-star length. It?s short now, parted in the middle. He has a goatee and wears glasses. He?s sore from a boxing workout the night before, a reminder that he?s in his late 30s. Zatko says he can?t talk about what he does at BBN, other than to say it?s security-related and for some unmentionable three-lettered government agencies. He also says he returned to BBN, which employed him in the 1990s, before the L0pht was his job, in part because BBN told him there could be no publicity about the projects he was working on. ?That was attractive as hell,? he says. But Zatko can?t seem to stay out of the spotlight. He is the obvious model for ?Soxster,? one of the main characters in former cyberczar Richard A. Clarke?s new novel, Breakpoint (the L0pht itself appears as ?the Dugout?). And he acknowledges that he still ?wants to make a dent in the universe,? the old motto of the L0pht. After an hour of talking about the L0pht, Zatko suggests a tour of the older parts of the BBN laboratory in Cambridge, dating from when it was an acoustics consultancy. He shows off the silent room, the amplification room, the sonar tank, the place where it developed Boomerang?a technology being used in Iraq to help find snipers?and he talks about how much he likes the variety of the cool ideas BBN pursues. ?Originally, the L0pht was meant as a microcosm of here,? he says, with a wistful expression. The spirit of the L0pht lives on most directly at Veracode, the security software company started by Wysopal and Rioux after they left Symantec in 2005. The company launched at the RSA Security Conference in February. Wysopal post-L0pht helped codify responsible disclosure policies and establish the Organization of Internet Safety, and while starting Veracode he also managed to be lead author of The Art of Software Security Testing, published in December 2006. Wysopal, at a rangy 6 foot 2 inches, was the tallest member of the L0pht and the oldest (he?s now 41). Rioux (whose handle Dildog was the original name Dilbert creator Scott Adams gave to Dogbert) was the shortest and youngest (now 29). In early January, sitting in the conference room at Veracode, the two play Click-and-Clack about their time at the L0pht, and the purpose of Veracode, which in a real sense extends the L0pht?s mission: to make software more secure, in this case by offering a Web-based service that automatically checks software for security flaws, via a clever?and patented?technique for data flow modeling and modeling control flow analysis developed by Rioux. Told of Ranum?s comments, Rioux makes a slight grimace. ?The days are over when we should be flinging mud over the Internet about vulnerabilities,? he says. Veracode has pulled in $19.5 million in capital from Polaris Venture Partners, Atlas Venture and .406 Ventures. While it has competitors, such as Coverity, Fortify and Ounce Labs, Veracode?s approach is ?a cool spin? on existing security technology, according to Gartner?s Pescatore. Both Wysopal and Rioux believe Veracode is ready to sharply reduce the world?s total number of software vulnerabilities. The L0pht, then, are all now unquestionably legitimate, and their evolution serves as a metaphor for the security business, which is now mainstream. Companies like Microsoft and Oracle have developed methods to take care of vulnerabilities, and the L0pht deserves some credit for that turn of events. While the disclosure wars are again raging, thanks to bug-a-day campaigns and other ploys by the hackers of today, the L0pht?s overall impact on corporate security has been positive, say many, including Howard Schmidt, who knew the L0pht both in his role as a computer forensics investigator at the Air Force and as CSO at Microsoft. Still, some vendors continue to try to shove security issues under the rug, and there is no question that more of the Internet is under attack today than ever before. So what of that? Peter Neumann (no relation to the L0pht?s Stefan von Neumann) is 74 and still a principal scientist at SRI, working on security issues. He also testified before the Senate subcommittee on that day in May 1998. He says security vulnerabilities are a part of a much bigger set of problems that have existed for 40 years and probably will exist 40 years from now. But he chuckles when asked about the L0pht, saying, ?They were pointing out that the emperor has no clothes on, and nobody wants to hear that, but they did it in a tasteful way that made people listen. They made a difference.? Michael Fitzgerald is a freelance writer based near Boston. Send comments to csoletters at cxo.com. 2002-2007 CXO Media Inc. All rights reserved. Reproduction in whole or in part without permission is prohibited. From rforno at infowarrior.org Fri Apr 20 01:42:26 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 19 Apr 2007 21:42:26 -0400 Subject: [Infowarrior] - Cyberattacks at federal agencies draw House scrutiny Message-ID: Cyberattacks at federal agencies draw House scrutiny By Anne Broache http://news.com.com/Cyberattacks+at+federal+agencies+draw+House+scrutiny/210 0-7348_3-6177783.html Story last modified Thu Apr 19 17:41:41 PDT 2007 WASHINGTON--As new details emerged about cyberattacks against networks at the State and Commerce departments last year, politicians on Thursday said they're concerned many federal agencies are ill-prepared to fend off such intrusions. Members of a U.S. House of Representatives cybersecurity subcommittee said they weren't confident that the computer systems at bureaus within the State and Commerce departments were adequately secured and scrubbed of backdoors that could allow cybercrooks to re-enter. They also questioned agency representatives on whether they could truly guarantee that sensitive information hadn't been accessed or copied. "We don't know who's inside our networks," subcommittee chairman Rep. James Langevin (D-R.I.) said at an afternoon hearing here. "We don't know what information has been stolen." Indeed, 21 of 24 major federal agencies had weak or deficient information security controls in place during the last fiscal year, according to audit reports, said Gregory Wilshusen, director of information security issues for the Government Accountability Office. Pitfalls ranged from failing to replace well-known vendor-supplied passwords on systems to not encrypting sensitive information to not creating adequate audit logs to track activity on their systems, according to a new GAO report (PDF) he summarized at the hearing. One of the main purposes of the hearing was to allow officials at the State and Commerce departments to give the first complete public accounts of the cyberattacks since news reports brought the incidents to light several months ago. The State Department troubles began in May, said Donald Reid, senior coordinator for security infrastructure for the agency's Bureau of Diplomatic Security. An employee at an office in the East Asia Pacific region opened an e-mail message that contained what appeared to be a legitimate Microsoft Word document of a congressional speech--but when opened, actually unleashed malicious code that allowed the intruder backdoor access to the State Department's network. The agency's intrusion detection system "immediately" detected the flaw and later discovered additional breaches on its systems in other Asian outposts and at its Washington headquarters, Reid said. In the process of analyzing that malicious code, analysts also discovered another previously unknown hole in the Windows operating system that lacked a security patch. Realizing that Microsoft would not be able to issue a fix as speedily as necessary, the department developed a temporary "wrapper" designed to protect the systems from continued exploits, Reid said. All the affected systems were brought back up and running by July, and the department has not encountered further troubles, Reid said. (Microsoft ultimately released the new patch in August.) Some politicians targeted Reid's assurances that the attacks only affected "unclassified" systems. Because government auditors have determined that the State Department lacks a complete inventory of its computer systems, "how can you be certain your classified networks aren't touching your unclassified networks, and can you really know hackers have only accessed unclassified networks?" Langevin asked. He also suggested that even unclassified networks can contain "sensitive" data. Also encountering pointed questions from the handful of politicians present Thursday was Dave Jarrell, manager of the Commerce Department's Critical Infrastructure Protection Program. Jarrell recounted events that transpired beginning in July at his department's Bureau of Industry and Security, which handles the sometimes thorny topic of export controls. After a senior BIS official discovered one morning that he could not log in to his machine, an agency computer security team went on to discover 33 computers that had attempted to establish connections to suspicious Internet protocol addresses originating from Internet servers in China. Some politicians criticized the bureau for admittedly not knowing exactly how long the attackers were able to gain access to their systems. Jarrell said the agency was "very confident" that the data on existing machines is safe. He blamed the inability to pinpoint the time of the intrusion on faulty audit logs and said the agency was fixing that problem. Politicians also used the hearing to lash out again at the Department of Homeland Security's persistently lagging cybersecurity efforts. They lamented that the agency had only managed to pull up its own information security grade, as determined by its compliance with federal standards, to slightly above failing this year. (The State and Commerce departments, for their part, both received F's.) "I'll be honest with you," Langevin said. "I don't know how the department thinks it's going to lead this nation in securing cyberspace when it can't even secure its own networks." Copyright ?1995-2007 CNET Networks, Inc. All rights reserved. From rforno at infowarrior.org Fri Apr 20 03:14:47 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 19 Apr 2007 23:14:47 -0400 Subject: [Infowarrior] - User-generated epidemiology map Message-ID: (c/o boignboing) http://whoissick.org/sickness/ The CDC (Center for Disease Control) provides flu data but only to the State level and only on a time scale of 1 week. For example, they will report that in the state of California, last week, there were 539 cases of the flu reported. While this information may be useful for some health practitioners or academics, for the average individual, this does not come in handy when they are trying to figure out what kinds of sicknesses are going around their area. It is not local enough, timely enough, or broad enough because they don't cover different types of sicknesses. In contract, whoissick provides local (down to the zip code level), timely (within a day), and broad (many different symptoms, not just the flu) sickness information. Some typical use cases for a user would be 1. I am feeling a little sick and want to check what sicknesses are going around in my local area - probably within 10 or 20 miles from where I live or work. 2. I am traveling to another area of the country and want to know if there are sicknesses going around that I need to be careful of 3. I live in an area where I notice lots of people getting sick, so in preparation, I can take an AirBorne or vitamins to prevent catching anything To date, the only way to get information like this is probably to call multiple places (hospitals, doctors, clinics, schools, etc) and ask what is currently going around. Not very organized or efficient. We hope to change this. From rforno at infowarrior.org Fri Apr 20 14:35:59 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 Apr 2007 10:35:59 -0400 Subject: [Infowarrior] - A new Google privacy danger Message-ID: Your slice of the web Thursday, April 19, 2007 at 4:23:00 PM Posted by Payam Shodjai, Product Manager for Personalization http://googleblog.blogspot.com/2007/04/your-slice-of-web.html I'll probably visit more than 100 web pages today, and so will hundreds of millions of people. Printed and bound together, the web pages you'll visit in just one day are probably bigger than the book sitting on your night table. Over the next month alone, that's an entire bookcase full! The idea of having access to this virtual library of information has always fascinated me. Imagine being able to search over the full text of pages you've visited online and finding that one particular quote you remember reading somewhere months ago. Imagine always knowing exactly where you saw something online, like that priceless YouTube video of your friend attempting to perform dance moves from a bygone age. Better yet, imagine having this wealth of information work for you to make searching for new information easier and faster. Today, we're pleased to announce the launch of Web History, a new feature for Google Account users that makes it easy to view and search across the pages you've visited. If you remember seeing something online, you'll be able to find it faster and from any computer with Web History. Web History lets you look back in time, revisit the sites you've browsed, and search over the full text of pages you've seen. It's your slice of the web, at your fingertips. How does Web History work? All you need is a Google Account and the Google Toolbar with PageRank enabled. The Toolbar, as part of your browser, helps us associate the pages you visit with your Google Account. If you're currently a Search History user, you'll notice that we've renamed Search History to Web History to reflect this new functionality. To sign up for Web History, visit http://www.google.com/history. From rforno at infowarrior.org Fri Apr 20 14:37:01 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 Apr 2007 10:37:01 -0400 Subject: [Infowarrior] - ISP ejects whistle-blowing student Message-ID: ISP ejects whistle-blowing student BeThere's damage control found lacking By Dan Goodin in San Francisco ? More by this author Published Tuesday 17th April 2007 22:02 GMT http://www.theregister.com/2007/04/17/hackers_service_terminated/ A 21-year-old college student in London had his internet service terminated and was threatened with legal action after publishing details of a critical vulnerability that can compromise the security of the ISP's subscribers. BeThere took the retaliatory action four weeks after subscriber Sid Karunaratne demonstrated how the ISP's broadband routers can be remotely accessed by anyone curious enough to look for several poorly concealed backdoors. The hack makes it trivial to telnet into a modem and sniff users' VPN credentials, modify DNS settings and carry out other nefarious acts. Alas, Karunaratne's February 22 posting originally included the specific password needed to carry out the attack - a tack from the "full disclosure" school of vulnerability reporting that is considered a no-no in many security circles. Less than 48 hours later, he removed the password information, but that didn't stop the ISP from exacting its retribution. "We have carried out a full and diligent investigation into the alleged breach and your posting relating to it," a BeThere email informed Karunaratne. "Based on that investigation, we do not believe that there was (prior to your post) any such security breach. Therefore, the passwords could only have been obtained through illegal means (i.e. by hacking)." Evidently, the mere tinkering with a modem constitutes "illegal means." That's a remarkable determination for any technology-related company, but especially so in this case given the niche that BeThere aims to fill: The ISP caters to power users by offering speeds as high as 24 Mbps down and 2.5 Mbps up. The email went on to "reserve the right to institute legal proceedings" if Karunaratne accessed BeThere's network again or made additional publications that included passwords related to the ISP. BeThere also sought to prevent Karunaratne from going public with the termination. "This letter is confidential and we do not consent to any publication of the details of our dispute with you or this letter in any forum whatsoever," it warned. (In a generous concession, it added: "We agree that you may disclose the contents of this letter to your legal counsel or advisor.") Unfortunately, BeThere hasn't shown the same diligence in repairing the vulnerability, which remains unmitigated more than seven weeks after Karunaratne revealed it. The company says rolling out a patch in a way that doesn't disrupt subscribers' existing service takes time and that it expects to begin pushing out a fix in the next week or so. The company has made no public disclosures of the vulnerability and has offered no temporary workarounds, again, managers say, because they don't want to do anything that will degrade customer experience. The company says in a statement it canceled Karunaratne's account because he violated numerous terms of service, including failing to take reasonable steps necessary to prevent third parties from obtaining unauthorized access to the BeThere network. "According to our investigation, the modem vulnerability did not exist prior to his accessing without permission and then publishing certain confidential passwords which were not otherwise available to Be* members," Managing Director Dana Pressman said. They say time heals all wounds, and for Karunaratne, a state of Zen-inspired acceptance has settled in, even if he has to surf the web at significantly slower speeds. "I knew that some companies treated security researchers very badly but I had no idea companies like that included major ISPs," he says. (Note: BeThere has only a fraction the number of subscribers of huge ISPs of BT or AT&T.) "I've learned just how ill-prepared some companies are and what they will do to make the problem go away." ? From rforno at infowarrior.org Sat Apr 21 03:29:45 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 Apr 2007 23:29:45 -0400 Subject: [Infowarrior] - Investigating the First Casualty of War, in Afghanistan and Iraq Message-ID: Army clamped down after Tillman's death By SCOTT LINDLAW, Associated Press Writer Fri Apr 20, 6:01 PM ET http://news.yahoo.com/s/ap/20070420/ap_on_go_ca_st_pe/tillman_information_cl ampdown&printer=1;_ylt=AkGwDKzCqp0Wj38n_XaEic.WwvIE Within hours of Pat Tillman's death, the Army went into information-lockdown mode, cutting off phone and Internet connections at a base in Afghanistan, posting guards on a wounded platoon mate, and ordering a sergeant to burn Tillman's uniform. New investigative documents reviewed by The Associated Press describe how the military sealed off information about Tillman's death from all but a small ring of soldiers. Officers quietly passed their suspicion of friendly fire up the chain to the highest ranks of the military, but the truth did not reach Tillman's family for five weeks. The clampdown, and the misinformation issued by the military, lie at the heart of a burgeoning congressional investigation. "We want to find out how this happened," said Rep. Henry Waxman (news, bio, voting record), D-Calif., chairman of the House oversight committee, which has scheduled a hearing for Tuesday. "Was it the result of incompetence, miscommunication or a deliberate strategy?" It is also a central issue as the Army weighs punishments against nine officers, including four generals, faulted in the latest Pentagon report on the case of the NFL star-turned-soldier. Military offocials said those recommendations could come in the next several weeks. It is well known by now that the circumstances of Tillman's April 22, 2004, death were kept from his family and the American public; the Army maintained he was cut down by enemy bullets in an ambush, even though many soldiers knew he was mistakenly killed by his own comrades. The nearly 1,100 pages of documents released last month at the conclusion of the Army Criminal Investigation Command's probe reveal the mechanics of how the Army contained the information. For example, the day after Tillman died, Spc. Jade Lane lay in a hospital bed in Afghanistan, recovering from gunshot wounds inflicted by the same fellow Rangers who had shot at Tillman. Amid his shock and grief, Lane noticed guards were posted on him. "I thought it was strange," Lane recalled. Later, he said, he learned the reason for their presence: The news media were sniffing around, and Lane's superiors "did not want anyone talking to us," he said. Inside Forward Operating Base Salerno, near Khowst, Afghanistan, a soldier heard the dreaded call come across the radio: "KIAs." There were two killed in action, one allied Afghan fighter and one Army Ranger, identified only by his code name. The soldier checked a roster and discovered the fallen American was Tillman. He rounded up four others and broke the news but withheld Tillman's name. Had this soldier wanted to share the news outside the tactical operations center, it would have been difficult. "The phones and Internet had been cut off, to prevent anyone from talking about the incident," he told investigators. Nearby on the same base, a staff sergeant was in his tent when a captain walked in and told him to burn Tillman's bloody clothing. "He wanted me alone to burn what was in the bag to prevent security violations, leaks and rumors," the staff sergeant testified. The superior "put a lock on communications" in the tent, he testified. Other Army officers said this was probably a directive to the staff sergeant to keep the conversation to himself. Then he left the staff sergeant to his work: placing Tillman's uniform, socks, gloves and body armor into a 55-gallon drum and burning them. Several Army officers who have served in Iraq and Afghanistan said pulling the plug on base phones and e-mail was routine after a soldier died. The practice was meant to ensure the family was notified through official channels, said Army Maj. Todd Breasseale, chief spokesman for ground forces in Iraq until last August. But the truth was quickly becoming evident to a small group of soldiers with direct access to the evidence. Two other sergeants who examined Tillman's vest noticed the bullet holes appeared to be from 5.56-caliber bullets ? signature American ammunition. An awful realization dawned on the sergeants, whose names, like those of others who testified in the investigation, were deleted from the recently released testimony. "At this time was when I had realized Tillman may have been killed by friendly fire," one of them said. The other sergeant, who was higher-ranking, told him to "keep quiet and let the investigators do their job," the subordinate sergeant testified. He was not to go "informing unit members that Spc. Tillman was killed by friendly fire." This was the same reason top-ranking officers cited in trying to explain why they waited to tell the Tillman family: They wanted to have the definitive investigation results. Army regulations, however, dictate that the next of kin be informed of additional information about a service member's death as it becomes available. Then-Col. James C. Nixon, Tillman's regimental commander, ordered an investigation but directed that the information gathered be shared with as few people as possible until the results were finalized, acting Defense Department Inspector General Thomas Gimble found in a separate probe also completed last month. Nixon, now a brigadier general and director of operations at the Center for Special Operations at MacDill Air Force Base in Florida, said that he was not aware of all regulations governing such a case, and that his missteps were unintentional. Among the top brass at the Pentagon, Lt. Gen. Philip Kensinger, a now-retired three-star general in charge of special operations, represented the Army at Tillman's memorial service almost two weeks after the soldier's death. "He decided to withhold notification from family members until all facts concerning the incident could be verified," Gimble found. Kensinger denied that he knew on the day of the memorial service that friendly fire was suspected. But investigators dismissed his claim as not credible and Kensinger could be punished under military law for making false official statements. Congressional investigators will try to determine how high up the chain of command the information lockdown went. The Army delivered several thousand pages of new documents on Thursday, military officials said. Gen. John Abizaid, then chief of Central Command, in charge of all American forces in the Middle East and Central Asia, testified that he did not learn of the likelihood of friendly fire until sometime between May 6 and May 13 ? two or three weeks after Tillman died ? because he was traveling in the Middle East. And a lieutenant colonel testified that he delayed briefing Central Command lawyers until more than a month after Tillman had died, in part because he feared leaks and did not want to be blamed as the source. But Abizaid visited Afghanistan within a week of Tillman's death and spoke to Tillman's platoon leader, then-Lt. David Uthlaut. Uthlaut has testified he did not suspect friendly fire until later. Abizaid's trip to Afghanistan was not examined by Gimble's investigators, according to spokesman Gary Comerford. Abizaid had no immediate comment. The new testimony and other documents do not identify who, if anyone, orchestrated the clampdown. Nor do they address whether there was a concerted effort to conceal the truth about the best-known casualty in the war on terrorism. Gimble said last month he found no evidence of such a cover-up. But when asked by a reporter whether he probed why the Army had not told the family in a timely fashion, Gimble said no. One soldier carried a particularly heavy burden of secrecy. Ranger Spc. Russell Baer had witnessed Rangers shooting at Rangers. Afterward, he was directed to travel from Afghanistan to the United States with his friend Kevin Tillman. But he was ordered not to tell Pat Tillman's brother and fellow Ranger that friendly fire was the likely cause of the former football player's death. He kept the secret, fearing he did not know the whole story. But in a personal protest, Baer later went AWOL and was demoted as punishment. "I lost respect for the people in charge of me," Baer testified in an earlier Tillman investigation. He had gleaned "part of the puzzle" of Tillman's death, but lamented that "I couldn't tell them about it." Five investigations and three years later, that information gap is what's driving the congressional probe, which is also looking into misinformation surrounding the capture and rescue of Pvt. Jessica Lynch in Iraq. From rforno at infowarrior.org Mon Apr 23 11:07:38 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Apr 2007 07:07:38 -0400 Subject: [Infowarrior] - Get ready for "Pushed Ringtones" Message-ID: This has got to be one of the %#$#^-ing worst ideas I've seen by the music industry trying to gin up sales. Talk about finding new and improved ways to anger people......or spread malware...... > Emotive's flagship product, the patent-pending "Push Ringer", reverses the > common ringtone model. It enables a caller to push an outgoing ringtone to the > receiving phone allowing the caller, not the called person, to set the tone. > The chosen Ringer is transmitted to the recipient's handset and temporarily > overrides the phone's pre-set ringer. The ringers can comprise audio, video, > animations, avatars or flash files. Closing the loop, if the called person > likes the ringtone, the service also enables him or her to instantly buy a > copy of the ringtone for his or her own phone. Full press release here: http://www.mobiletechnews.com/info/2007/04/19/100912.html From rforno at infowarrior.org Mon Apr 23 11:14:26 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Apr 2007 07:14:26 -0400 Subject: [Infowarrior] - Blame the Internet for VT Message-ID: I've seen a bunch of these type of stories in recent days........why is the media making SUCH a big deal that the VT shooter purchased his ammo clips via Ebay? What if he'd done his killings with a set of Ginsu knives bought at Bed Bath and Beyond? Would they cover it equally as frantically as they are Ebay? Or would they cover it so breathlessly only if he bought the knives at BBB's website instead of a physical store? The same thing about using a cellphone to communicate. Is that REALLY newsworthy? Does using a cellphone make a bad person's actions worse? It's like the mere mention of the Internet or IT adds a higher degree of severeity to a crime --- purely sensational fluff at its worst. The shooter deserves no sympathy. But IMO neither does bad reporting. http://www.neowin.net/index.php?act=view&id=39670 > Virginia Tech killer purchased ammunition clips on eBay > Posted by Emil Protalinski on 22 April 2007 - 20:09 ? 35 comments & 2330 views > A spokesman for eBay confirmed that the Virginia Tech killer used the handle > Blazers5505 on the auction site to buy two 10-round magazines for the Walther > P22 ? one of two handguns used in the massacre of 32 people. The clips were > bought March 22 from a gun shop in Idaho. His eBay rating was a superb 98.5%: > only one person gave him a negative rating. The site says the person has had > an account since January 2004. Seung-Hui Cho also sold several books with > violent themes, tickets to Hokies football games, and a graphics calculator > that contained several games. The eBay material is part of investigators' > efforts to pore through electronic records for a hint as to what drove the man > to go on shooting rampage. < - > From rforno at infowarrior.org Tue Apr 24 17:08:30 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 24 Apr 2007 13:08:30 -0400 Subject: [Infowarrior] - Pentagon proposes new info restrictions Message-ID: (c/o SecrecyNews) PENTAGON PROPOSES NEW ACCESS RESTRICTIONS The Department of Defense has asked Congress to enact two expansive new provisions in the FY 2008 defense authorization act to help it restrict public access to information. One of the provisions would create a new exemption to the Freedom of Information Act for certain unclassified information related to weapons of mass destruction (WMD). The other would establish civil and criminal penalties for the unauthorized publication or sale of maps and images ("geodetic products") that the Secretary of Defense has designated for "limited distribution." The proposed exemption for unclassified WMD information, which was proposed and rejected by Congress last year (SN, 04/18/06), is exceptionally broad in scope. Its definition of "weapons of mass destruction" even extends to devices that are not lethal, as long as they may cause "serious bodily injury to a significant number of people" (50 U.S.C. 2302). The Pentagon's argument for the exemption is further undermined by the assertion that without it, unclassified information could "easily" assist a terrorist to make or use a weapon of mass destruction. The notion that terrorism is "easy," popular with some New York Times op-ed writers and other lazy persons, was memorably dissected by George Smith of GlobalSecurity.org (SN, 08/16/05). The second provision to penalize "inappropriate disclosures" of geodetic information, "including postings of such products on the internet," originated with the Defense Criminal Investigative Service (DCIS), which said it could not effectively protect these unclassified maps and images without a new criminal prohibition. "For several years, products bearing the LIMDIS [limited dissemination] caveat have wrongfully been offered for sale to the public ... on eBay or displayed on internet sites. To date, DCIS efforts to prosecute the eBay sellers have not been successful." An organization that engaged in unauthorized disclosure or dissemination of such materials would be subject to a penalty of "not more than $500,000 for each violation...." The text of the two proposed Pentagon access restrictions, with accompanying explanation and justification, may be found here: http://www.fas.org/sgp/congress/2007/defauth-prop.html From rforno at infowarrior.org Tue Apr 24 17:51:54 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 24 Apr 2007 13:51:54 -0400 Subject: [Infowarrior] - Cult Dead Cow: Google, China, and Genocide In-Reply-To: <4F87FD9C-CD58-4EA2-8B2B-B87C7A0A2436@hacktivismo.com> Message-ID: ------ Forwarded Message From: Oxblood Ruffin I have just posted a t-file on the Cult of the Dead Cow Web site entitled, "Google, China, and Genocide." The lead paragraph reads, "When content filtering targets a race of people for purely political reasons, and an American company provides the technology to enable that filtering, then it's time to shame the enablers. To date, Google has been criticized solely for providing China with the means to censor the Internet. But a tragic consequence of Google's collaboration -- and one that has been entirely overlooked -- is its contribution to the cultural genocide of the Tibetan people." The full t-file can be found here - http://www.cultdeadcow.com/cDc_files/cDc-0409.php Although I've singled out Google for specific criticism, they're obviously not the only contributors. But Google does bare a special responsibility as the world's most powerful search engine. Internet censorship is a critical issue for everyone to debate, whatever their objections. Thanks for taking the time to read this. O. ------ End of Forwarded Message From rforno at infowarrior.org Tue Apr 24 17:59:16 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 24 Apr 2007 13:59:16 -0400 Subject: [Infowarrior] - Judge denies RIAA request to reconsider attorneys' fees award Message-ID: Judge denies RIAA request to reconsider attorneys' fees award By Eric Bangeman | Published: April 24, 2007 - 11:59AM CT http://arstechnica.com/news.ars/post/20070424-judge-denies-riaa-request-to-r econsider-attorneys-fees-award.html A federal judge has denied the RIAA's motion for reconsideration of his attorneys' fees award in Capitol v. Foster. Calling the RIAA's motion for reconsideration one of "very limited appropriateness," Judge Lee R. West found fault with just about every one of the RIAA's arguments. Capitol v. Foster involves an Oklahoma woman targeted as part of the record industry's driftnet of file-sharing legislation. Last July, Foster won, when the case was dismissed with prejudice. Her victory opened up the door for her to recover attorneys' fees from the RIAA, and Judge West granted her motion for an award of fees in February, citing in part the RIAA's attempt to paint her as guilty of "secondary copyright infringement" in his decision. As one might expect, the award was not greeted with much enthusiasm by the record industry, in no small part due to the ramifications it could have for other file-sharing litigation. A couple of weeks after the judge's ruling, the RIAA asked him to reconsider his decision, citing among other things the "premature end of discovery," being denied the chance to prove their claims of secondary infringement, and its belief that an attorneys' fees award rewarded the defendant for deciding to litigate long after the court battle should have been settled. In his ruling, Judge West disagreed strongly with the RIAA's interpretation of events. With regard to the secondary infringement claims, Judge West found that "Based on the limited record and the fact that the plaintiffs could not point to a single case finding secondary liability for copyright infringement under similar circumstances, the Court concluded the plaintiffs' secondary copyright terms appeared to be marginal and indisputably untested." The judge also ridiculed the RIAA's assertion that it was denied the chance to prove secondary infringement, noting that the record labels moved voluntarily to dismiss the case instead of proceeding to a trial. Currently, the RIAA and Debbie Foster are engaged in discovery over the reasonableness of Foster's attorneys' fees, and the RIAA was forced to turn over their own billing records to Foster's attorneys. The RIAA had fought vigorously to keep those records from being revealed, saying that their disclosure could materially affect other file-sharing cases. Judge West agreed and issued a protective order instructing Foster's attorneys to maintain the confidentiality of the RIAA's billing records. Filed under: RIAA, From rforno at infowarrior.org Fri Apr 27 01:56:14 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 26 Apr 2007 21:56:14 -0400 Subject: [Infowarrior] - MPAA's (former) Jack Valenti Dies at 85 Message-ID: Film Lobbyist Jack Valenti Dies at 85 By Adam Bernstein Washington Post Staff Writer Thursday, April 26, 2007; 7:52 PM http://www.washingtonpost.com/wp-dyn/content/article/2007/04/26/AR2007042601 990.html?hpid=artslot Jack Valenti, 85, a onetime confidant of President Lyndon B. Johnson who spent nearly four decades as Hollywood's chief Washington lobbyist and helped devise the "G" to "X" movie-rating system, died today at his home in Washington of complications from a stroke in March. As president of the Motion Picture Association of America from 1966 to 2004, Valenti represented such powerful studios as Disney, Sony, Warner Bros., Paramount, MGM, 20th Century Fox and Universal as well as several leading independent producers. Earlier, he established political connections as a Texas advertising and public relations executive that led to his strong ties to Johnson. With an instinctive showman's flair -- notably his grandiloquent speaking style and access to movie stars -- Valenti became the dominant powerbroker connecting Capitol Hill and the film colony. Besides his work on the ratings system in the late 1960s, he helped open up world markets for American-made films and secured passage of copyright legislation to protect movies into the digital age, which led to the proliferation of DVDs. He also was a major gateway to Hollywood's financial largesse during the campaign season. On any given week, Valenti met with actors, world leaders and newspaper editors and was regarded as a brilliant and aggressive wielder of his glamorous pulpit. Harry C. McPherson Jr., also a Johnson intimate who became a Washington lobbyist, called Valenti "an extremely successful advocate of the movie industry. You'd be hard pressed to find any lobbyist for any industry who did a more successful job than Valenti. I can't think of many times when Jack Valenti lost. "He had a lot to work with," added McPherson, an occasional lobbying adversary of Valenti's. "When Senator X would want to go to Hollywood and would want some people to attend his fundraiser at the home of [former Walt Disney CEO] Michael Eisner or some producer or studio chief, he'd talk to Jack. Jack would set it up and very often go out there." Lawrence Levinson, a former Washington representative for Paramount, told the New Yorker magazine in 2001: "Jack was able to use the power and glamour and mystique of Hollywood. A new president came in, and [Valenti would] put himself in the center of the process of getting movies to the president. He'd get so excited. He'd call Sid Sheinberg" -- the president of MCA/Universal -- "and say, 'Sid! The president is going to Camp David! We've got to get him "Jaws"!' " Valenti became known to a wider audience through his work as a presenter on Academy Award telecasts. A diminutive, sprightly man, he was easily identifiable by a well-tanned and protruding forehead covered by snow-white hair. There was also his immaculate executive attire and what one reporter long ago called a "riverboat gambler's drawl." The Texas-born, Harvard-educated lobbyist had a strikingly baroque writing and speaking style heavily influenced by 19th-century British historian Lord Macaulay and British Prime Minister Winston Churchill. For instance, a movie audience was not comprised of ticket buyers but "unknown but enthusiastic companions of a single night." He was widely considered an effective promoter for Hollywood on matters including censorship, videotape technology, copyright infringement and, in recent years, video and online "piracy" of trademarked films. When Hollywood filmmakers attracted controversy, he routinely defended the studios by citing the freedom of speech guaranteed by the First Amendment as well as the cause of artistic liberty. This was the case when Valenti, along with MPAA general counsel Louis Nizer, helped create a voluntary rating system in 1968 that changed the way the studios classified a film's suitability for general audiences. This new arrangement was important because it kept government intrusion and citizen censors at bay, while allowing the artists' maximum freedom and the consumer to influence the marketplace by voting with his wallet. By implementing this voluntary system, the MPAA eliminated a movie code dating from the early 1930s with a long list of onscreen taboos ranging from "excessive and lustful kissing" to showing mixed-race sexual relations. The films had further been subject to city and state censorship boards trying to rid offending material. The 1968 system -- with its long-familiar ratings ranging from "G" for admittance of general audiences to "X" prohibiting those under 17 -- was credited with helping keep the American film market competitive with European companies. In Europe, filmmakers had long ventured into fare laden with adult language, nudity and other forms of explicitness that proved increasingly popular with changing tastes. What helped smooth the way for Valenti's changes was that many of these bolder American films were quality productions with top stars, including "Who's Afraid of Virginia Woolf?" (1966) starring Richard Burton and Elizabeth Taylor. By 1969, "Midnight Cowboy" starring Dustin Hoffman and Jon Voight became the only X-rated picture ever to win an Academy Award for best picture. Valenti had a role in later changes and additions to the voluntary system, including PG-13 and NC-17 ratings. Nevertheless, the ratings system continued to be criticized for how it was applied toward films that accented sex or violence. One of the strongest critics of the MPAA's system was Nell Minow, a corporate governance expert who was writing family oriented movie reviews for Common Sense Media. Citing examples, she told one congressional hearing a few years ago that the MPAA's system did a poor job of providing families with helpful information. Minow said recently: "He waited for me to finish, he stood up, learned over, kissed me on the top of my head and said, 'Nell, that's why we all need your Web site, because you can give parents what we can't.' There was really no way to respond to that. I thought that's why he's the most effective lobbyist in Washington." The grandson of Sicilian immigrants, Jack Joseph Valenti was born Sept. 5, 1921, in Houston. His father was a clerk in the Harris County Courthouse, where young Valenti often saw office-seekers shaking the hands of well-connected bureaucrats. He began political campaigning at 10 and excelled in high school debate. At 15, he became an office boy for Houston's Humble Oil and Refining Co., which later became Exxon Mobil. He returned from World War II a decorated Army Air Forces bomber pilot and a veteran of 51 missions over Europe. After the war, he finished his undergraduate degree in business at the University of Houston in 1946 and received a master's degree in business administration from Harvard University in 1948. He returned to Humble and described his most notable work as the "clean bathroom" publicity campaign for the company. In 1952 he and an old friend, Weldon Weekley, formed their own advertising agency. While Weekley oversaw the office work, Valenti lured a series of oil and business executives as clients. He also began handling advertising work for congressional and gubernatorial campaigns and met Johnson, the Senate majority leader, in 1956. At the time, Valenti had a weekly column in the Houston Post and wrote a deeply flattering account of the future president that described him as "unbending as a mountain crag, tough as a jungle fighter" and called him the "Great Persuader." Valenti further cemented their relationship in 1962 by marrying Johnson's personal secretary, Mary Margaret Wiley. She survives him, along with three children, Courtenay Valenti and John Valenti, both of Los Angeles, and Alexandra Valenti of Austin; a sister; and two grandchildren. In November 1963, then-Vice President Johnson asked Jack Valenti to handle press relations during President John F. Kennedy's swing through Texas. Valenti was in the presidential motorcade in downtown Dallas when Kennedy was fatally shot Nov. 22 and accompanied the newly sworn-in Johnson back to Washington that night on Air Force One. He appeared in the famous photograph showing Johnson taking the oath of office aboard the plane. As president, Johnson brought Valenti to Washington in 1963 as his special assistant -- a vague position Valenti likened to a "roving line-backer." He was a presidential trouble-shooter, speech editor and trusted deputy for confidential assignments. He was often the first non-family member to greet Johnson in the morning and the last to see him late at night. McPherson, who became Johnson's special counsel, said Valenti was "enormously valuable as an aide because he could do so much. He could talk to members of Congress, he could take a piece of leaden speechwriting by someone and turn it, maybe not into Churchillian prose, but something that had some zip to it. There was no one he felt too shy to talk to on behalf of Johnson." Tom Johnson, a White House fellow during the Johnson administration who later held executive positions at the Los Angeles Times and CNN, said, "Lyndon Johnson had no chief of staff but Jack was closest to it." He said Valenti was "the primary notetaker in virtually all of the most confidential meetings LBJ had with heads of state, members of Congress, governors and [National Security Council] meetings." He also was Lyndon Johnson's liaison to the Catholic Church and arranged with utmost secrecy a meeting between the president and Pope Paul VI at the Vatican during a presidential world tour. Yet Valenti was often described as Johnson's chief whipping post or "glorified valet" who loyally absorbed Johnson's foul-mouthed tantrums and such seemingly humiliating acts as Johnson using Valenti's lap as a footrest. Despite such treatment, Valenti continued to describe Johnson in worshipful, often purple prose as when he told a group of advertising industry leaders in 1965, "I sleep each night a little better, a little more confidently because Lyndon Johnson is my president." Afterward, Washington Post political cartoonist Herblock drew Valenti as a slave being whipped into submission. All this brought Valenti the enduring image of a sycophant, political journalist Richard Rovere once wrote. Valenti's closeness to Johnson was a top reason Lew Wasserman, president of MCA/Universal Studios and often called the most powerful man in Hollywood, pursued Valenti in 1966 to become MPAA president. Wasserman's empire had been the frequent target of Justice Department actions, and Valenti proved a valuable contact. The polished Valenti remained the discreet Wasserman's front man in Washington for decades. For his work, Valenti was among the best paid trade group chief executives in Washington. On the job, he was tireless yet always appeared impeccably tanned and suave. He logged hundreds of thousands of miles for his causes and at various times had to confront treatment toward Hollywood from foreign cultural ministries who used trade talks to limit or lambaste American film imports. In the early 1990s, he encouraged the MPAA to donate money to European film schools as a way of improving relations. Videos are now among the top income sources for his client companies, but Valenti was paid for years to denounce what was then new technology. He memorably told a congressional panel in 1982, "I say to you that the VCR is to the American film producer and the American public as the Boston strangler is to the woman home alone." In the early 1980s, he successfully lobbied the Federal Communications Commission to prevent the repeal of long-standing financial-syndication rules. His actions allowed the movie industry to keep reaping billions of dollars from reruns. Until the rule changed in the mid-1990s, television continued to be shut out of owning and syndicating the entertainment programs they aired. Wasserman had also played an important role, having spoken directly to President Ronald Reagan, whose political rise he helped orchestrate in the 1950s. When he resigned from the MPAA in 2004, Valenti was reportedly earning $1.35 million, and National Journal magazine ranked him the seventh-highest paid trade group chief executive in Washington. His MPAA successor was Dan Glickman, a former U.S. congressman and President Bill Clinton's agriculture secretary.Valenti contributed opinion pieces to newspapers and magazines such as Reader's Digest and the Atlantic Monthly. Among his books were "A Very Human President" (1975) about Johnson's White House years; "Speak Up With Confidence," a guide to public speaking (1982); and "Protect and Defend" (1992), a Washington-based political novel edited by former first lady Jacqueline Kennedy Onassis. In 2006, he wrote a memoir, "This Time, This Place: My Life in War, the White House and Hollywood." From rforno at infowarrior.org Sun Apr 29 18:38:54 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 29 Apr 2007 14:38:54 -0400 Subject: [Infowarrior] - UK has 1 surveillance camera for every 14 people Message-ID: Britain becoming a Big Brother society, says data watchdog By Sophie Goodchild Published: 29 April 2007 http://news.independent.co.uk/uk/this_britain/article2494230.ece Britain is in danger of "committing slow social suicide" as such Big Brother techniques as surveillance cameras and recording equipment spread into every aspect of our lives, the nation's information watchdog will warn this week. A new report from Richard Thomas, the information commissioner, will say that the public needs to be made more aware of the "creeping encroachment" on civil liberties created by email monitoring, CCTV and computer tracking of our buying habits. It is understood that one of the concerns in Mr Thomas's report is the use of special listening devices which can be placed in lamp posts, street furniture and offices. These are already widely used in the Netherlands to combat crime and anti-social behaviour. More than 300 of the cameras with built-in microphones have been fitted in benefit offices and city centres. The equipment can pick up aggressive tones on the basis of decibel level, pitch and speed at which words are spoken. Westminster council has already started piloting the listening devices, but experts say the use of these microphones raises questions about how surveillance can be used to intrude into the private lives of citizens. He will also call for greater regulation of companies that supply surveillance technology which provides "convenience or safety for the more affluent majority", but not for the vulnerable such as children, immigrants and the elderly. His warning comes as MPs launch their first inquiry into the impact of surveillance in Britain. The Home Affairs Select Committee will investigate the use of video cameras to monitor high streets and residential areas as well as the holding of personal information on both government and commercial databases. On Tuesday, Mr Thomas, who last year warned that Britain was "sleepwalking into a surveillance society", will tell the committee at its first hearing that new safeguards must be introduced to protect the public from the increasing intrusion of surveillance into their daily lives. Civil liberty campaigners have already warned that Britain is becoming a Big Brother society where its citizens are increasingly being watched. There are more than four million CCTV cameras in this country, one for every 14 people, and the national DNA database which was set up by police to combat crime now holds 3.5 million profiles. From rforno at infowarrior.org Sun Apr 29 18:41:41 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 29 Apr 2007 14:41:41 -0400 Subject: [Infowarrior] - Economist Mag: Criminalising the consumer Message-ID: Criminalising the consumer Apr 27th 2007 >From Economist.com Where digital rights went wrong http://www.economist.com/displayStory.cfm?story_id=9096421&fsrc=RSS IS IT legal to make a copy of that DVD you?ve just bought so the family can watch it around the home or in the car? In one of the most watched copyright cases in recent years, a judge in northern California ruled last month that copying DVDs for personal use was legal, given the terms of the industry?s licence and the way the copies were made. The wider implication of the ruling remains clouded?not least because the DVD Copy Control Association, the loser in the case, has 60 days to appeal. But whatever the video industry may like to think, the writing is on the wall for copy protection. Copyright is a tricky thing. It protects only the way that an author, designer, photographer, film-maker or composer has expressed himself. It does not cover the ideas or the factual information conveyed in the work. What constitutes fair use or an infringement is trickier still. Much depends on the purpose and character of the borrowed material?s use. Limited reproduction for the purpose of criticism, comment, news reporting, teaching, scholarship and research is considered fair game. But the wholesale repackaging of the content for commercial use is a flagrant infringement. In America, the Audio Home Recording Act of 1992 made it legal for people to record copyrighted radio broadcasts for personal use. But while the act said nothing about making digital recordings, ripping copyrighted music tracks off CDs and storing them on an iPod has become an everyday occurrence. Despite the number of iTunes downloaded for a fee, Apple would be in trouble if people were prevented from transferring legitimately owned CDs to their iPods. The software Apple gives away to iPod customers is designed to let them do just that. Most people think it ludicrous that they can?t do the same with the DVDs they own. Now it seems, despite squeals from the movie industry, the law is finally moving in the video fan?s favour. The issue in the recent case was whether Kaleidescape, a maker of digital ?jukeboxes? that store a person?s video and music collections and distribute the entertainment around the home, had breached the terms of the DVD Content Control Association?s CSS (content scrambling system) licence. A Kaleidescape server stores digital content ripped from CDs and DVDs on its hard drive. The content is then encrypted and fed to various screens and speakers around the home by a secure cable. Kaleidescape claimed that content distributed this way was even safer than it was on the original polycarbonate disks. The judge not only agreed, but couldn?t find any breach of the copy-protection licence either. If the case ends there, to all intents and purposes the notion of fair use would appear to apply to DVDs as well as CDs. The movie industry, which nowadays depends as much on DVD sales as on box-office receipts, still seems to think that making life difficult for its customers is a recipe for success. After likewise shooting itself in the foot for ages, the record industry is now falling over itself to abandon DRM (digital rights management) on CDs. A number of online music stores such as eMusic, Audio Lunchbox and Anthology have given up using DRM altogether. In a recent survey by Jupiter Research, two out of three music industry executives in Europe reckoned that dropping DRM would improve sales. The latest music publisher to do so is EMI, which announced in January that it had stopped producing CDs with DRM protection. ?The costs of DRM,? it declared, ?do not measure up to the results.? In an open letter entitled ?Thoughts on Music?, even Steve Jobs, Apple?s charismatic boss and chief evangelist, recently called for the elimination of DRM. From this month, Apple?s iTunes will sell EMI?s highest quality recordings (those with sampling rates of 256 kilobits per second) without DRM for a small premium. Belatedly, music executives have come to realise that DRM simply doesn?t work. It is supposed to stop unauthorised copying, but no copy-protection system has yet been devised that cannot be easily defeated. All it does is make life difficult for paying customers, while having little or no effect on clandestine copying plants that churn out pirate copies. Now the copy protection on DVDs is proving just as easy to bypass. The biggest flop has been the CSS technology featured in the recent Kaleidescape case. It was first cracked back in 1999 by a Norwegian programmer called Jon Lech Johansen, who showed, in a few short lines of elegant code called DeCSS, just how trivial such lauded protection systems really were. Since then, even the DRM used to protect the new high-definition video disks (the Blu-ray format from the Sony camp and its HD-DVD rival from the Toshiba alliance) have been cracked wide open. While most of today?s DRM schemes that come embedded on CDs and DVDs are likely to disappear over the next year or two, the need to protect copyrighted music and video will remain. Fortunately, there are better ways of doing this than treating customers as if they were criminals. One of the most promising is Audible Magic?s content protection technology. Google is currently testing this to find the ?fingerprints? of miscreants who have posted unauthorised television or movie clips on YouTube. The beauty of such schemes is that they don?t actually prevent anyone from making copies of original content. Their purpose is simply to collect royalties when a breach of copyright has occurred. By being reactive rather than pre-emptive, normal law-abiding consumers are then left in peace to enjoy their music and video collections in any way they choose. Why couldn?t we have thought of that in the beginning? From rforno at infowarrior.org Sun Apr 29 21:48:13 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 29 Apr 2007 17:48:13 -0400 Subject: [Infowarrior] - Phone Taps in Italy Spur Rush Toward Encryption Message-ID: April 29, 2007 Phone Taps in Italy Spur Rush Toward Encryption By PETER KIEFER http://www.nytimes.com/2007/04/29/technology/29cnd-encrypt.html?hp=&pagewant ed=print ROME, April 29 ? Drumming up business would seem to be an easy task for those who sell encrypted cellphones in Italy. All they have to do is browse the major newspapers for likely customers. Piero Fassino, national secretary of the Democratic Left Party, could have benefited from an encrypted phone before comments he made regarding a sensitive bank takeover made the front pages. Luciano Moggi, the former head of the Juventus soccer club, could have used one, too. His phone conversations, intercepted by investigators and then leaked to the media, led to Italy?s soccer game-fixing scandal. And Prince Victor Emmanuel might wish he?d had a secure cellphone before his conversations, made public, resulted in his arrest last year on charges that he provided prostitutes and dealt in illegal slot machines. Not even Nicolo Pollari, the former head of Italy?s top spy agency, was immune; transcripts of some of his conversations found their way into the newspapers. ?Initially, we thought we would market to the big businesses, to lawyers and the government,? said Ferdinando Peroglio, commercial director of Caspertech, a four-year-old Turin company that sells encrypted cellphone software. ?But after the Juventus soccer scandal, we had so many clients that we had never thought to contact.? Three years ago, the company?s only clients were the government and the military; last year 60 percent of sales were to ordinary civilians. Mr. Peroglio refused to provide exact sales numbers but said Caspertech?s sales increased 100 percent from 2005 to 2006. Enrico Comana, chief executive of Snapcom Italia, the Italian unit of an Israeli company that offers a similar product, sees the same trend. ?There is about 700 to 800 percent more interest now than at the same time last year,? he said. What has spurred encryption sales is not so much the legal wiretapping authorized by Italian magistrates ? though information about those calls is also frequently leaked to the press ? but the widespread availability of wiretapping technology over the Internet, which has created a growing pool of amateur eavesdroppers. Those snoops have a ready market in the Italian media for filched celebrity conversations. When it comes to phone tapping, Brazil, Greece and Spain are other desirable markets, the encryption companies say, but in Western Europe, Italy remains peerless. ?No one is ever going to discuss sensitive issues with you on the phone,? said Carlo Bonini, an investigative reporter for La Repubblica, the Rome daily. Earlier this year, Mr. Bonini?s name was among thousands that surfaced in an illegal wiretapping scandal involving employees of Telecom Italia, the Italian phone company. Twenty people were arrested, including the former chief of Telecom Italia security, in what investigators say was an attempt to use the intercepted phone conversations to blackmail Italian public figures. A proposal that would impose stiffer fines and longer jail terms for journalists and others who make public the contents of illegally monitored conversations has passed the lower house of the Italian Parliament and now needs Senate approval. Mr. Bonini said he understood the need to curb the publication of some of these transcripts but argued that the issue was less about privacy and more about Italy?s notoriously slow judicial system. ?I don?t think that we don?t need a stricter privacy law ? we already have it,? Mr. Bonini said. ?We need consequences. We need to see sanctions. If no one is ever held accountable, then there is no way to stop the phenomenon.? The phone encryption companies sell a range of products ? all legal, they insist ? that they say can protect both cellphone text messages and actual voice conversations. The high-end package, which runs about $2,200 at both companies, includes a phone, which must be a model capable of using the encryption software. Caspertech?s software can be used only on phones running the Windows Mobile operating system, while Snapcom offers software that can be used on other platforms as well. On the lower end is software that can encrypt your SMS text messages for about $410. In the midrange, you can scramble your faxes or mask the content of your fixed-line calls for $1,500 and up. For full secrecy, however, the phones on both ends of a voice conversation must carry the software in advance of the call. Peter van der Arend, chairman of the European Telecommunications Standards Institute?s lawful interception committee, said in an e-mail message that the technology appeared to be legal. But does the over-the-counter encryption technology actually work? Rolando Rosas, the United States development director for Snapcom, which operates in 40 countries, said he believed that its software was 90 percent reliable. ?Nothing is 100 percent fool-proof ? nothing, nothing, nothing,? he added. From rforno at infowarrior.org Sun Apr 29 21:52:21 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 29 Apr 2007 17:52:21 -0400 Subject: [Infowarrior] - Shadow Hunters Message-ID: Shadow Hunters http://nationaljournal.com/njcover.htm# By Shane Harris, National Journal ? National Journal Group Inc. Friday, April 27, 2007 It started with a phone call. On April 23, 2004, a Friday, a man calling himself "Al" contacted the Homeland Security Department in Washington. He claimed that he knew a group of terrorists who were going to blow up a building. Al knew this, he said, because he was once a member of Al Qaeda. The shadowy warning could have easily been swallowed up in the flow of hundreds of crank calls and sketchy leads about airport attacks and bombs on bridges that flooded government hotlines that year. But this call was different: Al named a place, and a date. Los Angeles, next Thursday, the 29th, Al said. A shopping mall near the Federal Building on Wilshire Boulevard and the close-by campus of UCLA. Al said that a cell of three terrorists would enter the country from Canada. He even gave names. This didn't sound like a crank. Could it be for real? Could this be the one? Forget about what you think homeland security really means. For now, put aside thoughts of stripping down at airport security checks. Never mind those seemingly random spikes in the color-coded national threat level -- and whatever happened to those alerts, anyway? From a city's point of view, where distinguishing hoax from horror can turn on a single phone call, this is how you fight a war on terrorism. Officials in Washington immediately called L.A.'s Joint Terrorism Task Force, a team of FBI agents, Homeland Security officials, and local police and sheriff's officers. The FBI set up dozens of these task forces in cities across the country after 9/11, and they quickly became magnets for bureaucratic turf tussles. But in L.A., partly owing to a long history of cooperating on anti-gang and drug squads, the local cops and the feds got along well. After getting Washington's call about Al, the FBI set up a team within the task force to vet incoming tips, including other bomb threats. The police department's terrorism analysts canceled their weekend plans. Unnoticed in the hustle and flow of city life, L.A. went into terror mode. At least two big malls were near the Federal Building and UCLA. On busy West Pico Boulevard was the Westside Pavilion, with more than 160 stores. Over in the Fairfax District, a historically Jewish neighborhood, the fashionable outdoor plaza called the Grove beckoned shoppers and moviegoers to its stores and cinemas. Before the Los Angeles Police Department and the mayor told thousands of Angelinos to stay away from these two sites, the authorities needed to know what they were up against. FBI agents traced Al's call to a prepaid phone card. They tracked down the card seller, who gave agents a log of Al's calls. It turned out that his real name was Zameer Mohamed and that he had called in the bomb threat from Room 308 of a Comfort Inn in Calgary. Hotel management told agents that a Samier Hussein had rented the room. Authorities ran the name and got a hit in federal records: Mohamed had used Hussein as an alias in Texas, where officials had investigated him the year before on a theft charge. Was Mohamed changing names to cover his tracks? That would have helped him if he wanted to evade U.S. authorities or the Qaeda members he had ostensibly just ratted out. Life Goes On Meanwhile, in Los Angeles, local authorities were analyzing the bomb threat. The city's top terrorism officials were seasoned experts. John Miller, the head of the LAPD's counter-terrorism operation at the time, was a former journalist with deep ties to the FBI. He was also the last Western reporter to interview Osama bin Laden before 9/11. The department's chief, William Bratton, was perhaps the most famous cop in America. He was appointed New York City's police commissioner a year after the 1993 World Trade Center bombing, and he led a dramatic reduction in crime citywide. Miller was Bratton's spokesman then. The two were plugged in to those who knew the national threat picture. No one in Washington had said it publicly yet, but even as Mohamed made his call in April 2004, multiple and credible sources had convinced counter-terrorism officials that Al Qaeda was planning a major attack in the United States. The "chatter" about a strike was at its highest level since 9/11, intelligence agencies calculated. A month earlier, coordinated bombings on commuter trains in Madrid had killed 191 people. Some senior officials believed that Al Qaeda struck Spain in an effort to turn popular support against the conservative government, which backed the war in Iraq and was up for re-election. The Americans thought that the terrorists might try something similar in the U.S., possibly with attacks at the upcoming national political conventions. Senior officials also feared the possibility of strikes aimed at the Group of Eight summit in Sea Island, Ga., and even the opening of the World War II Memorial in Washington. There had also been worried talk about a dirty bomb. Specifically, intelligence and diplomatic officials had homed in on three Qaeda operatives who had overseen experiments to build explosives containing radioactive material or deadly chemicals. America was bracing for a hit. In that anxious atmosphere, how could anyone ignore Mohamed's tip that three terrorists were about to go after L.A.? On Wednesday, the day before the threatened attack, city officials informed the shopping mall owners. On Thursday, Bratton stood before news cameras at the Grove and asked Angelinos for help. "We need the eyes, the ears" of the citizenry, he stressed. He reminded people that bin Laden had recently issued another taped warning promising more violence. Then-Mayor James Hahn said that people should go about their daily business but should be alert to the out-of-place: "a truck that seems to be parked somewhere for too long, or someone ... wearing bulky clothing on a hot day." Police stepped up patrols around the two malls and across West Los Angeles. News helicopters whirled above the supposed targets. But by Friday, everything seemed back to normal. Shoppers trolled the window fronts, while L.A. traffic flowed as usual. Nearby, a movie crew erected the set for a day's shooting. "This just happens all the time.... This is no different than any anonymous bomb threat that gets called in," Gene Thompson, the head of corporate security for the Westside Pavilion's owners, told a reporter for the Los Angeles Times. "Life goes on," said Tom Miles, the Grove's general manager. In fact, life did go on, unimpeded by a bomb or any other shopping disruptions. On the day Mohamed had warned that his Qaeda friends would strike, federal authorities apprehended him as he crossed the U.S.-Canadian border into Montana. Mohamed confessed that he'd made the whole thing up. There was no bomb. Those supposed Qaeda operatives were actually friends of his girlfriend. Mohamed had called Homeland Security to get back at her for stealing his paycheck from a Toronto bank where they used to work together. He had asked the three men to help him get the money back, but they had refused. Mohamed said he picked the two malls because he knew the area, having once visited the UCLA Law Library. Life went on. But the city never really slept. The Listening Post Mohamed's unusually specific threat inspired a rare frenzy of activity. To be sure, Los Angeles doesn't ramp up to full alert for every lead that comes over the transom. That would be impossible, because, by officials' count, they have received more than 4,000 tips, leads, and other vague insinuations about possible terrorist attacks in the greater L.A. area in just the past three years. Most of them turn out to be bogus. Anonymous callers see "Arabs" taking photographs of bridges. Electrical plant owners notice a van driving slowly by their security gates. Some concerned citizen sees "Middle Eastern-looking" men loading fertilizer onto a truck in her neighbor's driveway. Authorities have documented literally thousands of such leads in cities across the country, and few of them come to anything. The camera-toting terrorists are actually tourists; the driver of the van was lost; the men loading fertilizer were Mexican gardeners. Occasionally, of course, the leads are more substantial and are worth investigating. Some are sourced to U.S. intelligence agencies or to the Homeland Security Department, which is nominally tasked with keeping states and localities abreast of threats to their areas. But the river of leads pouring into L.A. contains mostly unofficial reports from locals, and they run the gamut from the useful to the useless. At such a dizzying pace -- 4,000 in three years -- how could anyone keep up? Today, in L.A. and in more than four dozen other cities across the country, state and local officials, using mostly federal grant money, have built a network of lead-vetting teams to do just that. They call them "fusion centers," and Bush administration officials, along with powerful members of Congress in both parties, believe that they are one of the best ways to prevent the next attack. Usually run in partnership with federal agencies, such as the FBI and Homeland Security, fusion centers employ teams of terrorism analysts, many of whom are self-educated. They take every lead, hold it up to the light, and ask, Could this be connected to terrorism? To answer that question, the leads are examined using a wealth of other information, including analysts' own expertise, local police reports, statewide crime databases, and sometimes intelligence from the federal level. "Fused" together, all that analysis tells police and security agencies whether they should rest easy or call out the guard. In L.A., a city that makes its living spinning fact into fiction -- the buttoned-down terrorism analyst has morphed into Jack Bauer, terrorist-fighting force of nature on "24" -- you might expect the fusion center to pulse at the city's heart. Wrong. To get to the lead-filtering complex -- called the Joint Regional Intelligence Center, or "Jay-Rick" -- you have to leave the beauty bars of the Sunset Strip and the curvy overlooks of the Hollywood Hills. Go south about 10 miles, take the 105 freeway east until it ends, then head down an industrial road, past a taco stand, a carwash, and a movie theater. There, amid a warren of stout office buildings in the industrial L.A. suburb of Norwalk, is a sand-colored 525,000-square-foot edifice. JRIC is on the seventh floor, next to the corporate headquarters of Bally Total Fitness. This is homeland security's next frontier. JRIC is L.A.'s terrorism "listening post," says Stephen Tidwell, the assistant director in charge of the FBI's Los Angeles field office. Tidwell, LAPD's Bratton, and L.A. County Sheriff Leroy Baca are among JRIC's most enthusiastic supporters. The three men are friends and self-professed true believers in chasing terrorists down at the local level. Their comradeship has caught Washington's attention. When JRIC opened last summer, Homeland Security Secretary Michael Chertoff came out for the ribbon-cutting. Federal officials call JRIC a "model fusion center," one for others to emulate. JRIC's roster is a bureaucratic potpourri. It contains FBI agents, LAPD officers, L.A. County sheriff's deputies, public health experts, contract analysts who study radical Islam, a liaison from the Homeland Security Department, and officers detailed from other local law enforcement agencies across the Los Angeles region. The "region" is a seven-county, 44,000-square-mile sprawl that, historically, has never much cared for jurisdictional spats. As any L.A. cop, firefighter, or paramedic will attest, during an earthquake, fire, or a flood -- all of which the region suffers every year -- you don't much care what color uniform the person coming to your rescue wears. The region adheres to a pact of "mutual aid," which all but eliminates turf tensions. Cooperatively fighting terrorism fits right in with that culture. Dead Ends At 9 a.m. every Monday through Friday, the JRIC staff sits down and sorts through the daily cache of leads, to make sure that they're vetted and that all agencies are on the same page. If there's a report that terrorists are spiking the water supply with biotoxins, JRIC will ask a microbiologist to take a look. How credible is the threat? Could that toxin actually live in water? How many people might be affected? If there's a call about suspicious activity in Long Beach, the appropriate JRIC officer will run it past his sources. Some have likened the hunt for terrorists to looking for a needle in a haystack. But JRIC members go through haystacks, straw by straw, asking, "Could this be a needle?" So far, none of the leads has revealed an active terrorist conspiracy in the L.A. region. "Ninety-nine-point-nine percent are false," says Bob Galarneau, a sheriff's department lieutenant and a JRIC program manager. "But we still investigate.... Every one is followed up on." Considering the gravity of the potential threat, one might expect daily life at JRIC to resemble a scene out of a Tom Clancy movie. Wrong again. There are trappings of adventure -- wall-mounted televisions tuned to cable news channels, including Al Jazeera; table tops strewn with copies of Counterterrorism magazine. Beyond that, JRIC looks like just another banal workplace. If this were a TV show, it would be "24" meets "The Office." But that is what homeland security looks like. A lot of waiting, a lot of wading through noise, and then life goes on, in all its reassuring regularity. "I wish it were like '24'," says Kristen von KleinSmid, the FBI supervisory special agent in charge of the threat squad, a JRIC team that can decide to open investigations on particular leads. "I can't redirect satellites. I'm sure there's someone who can. But I just can't make a phone call and have it done." The threat squad, also called CT-6, worked the 2004 bomb threat on the shopping malls. Today it comprises about 20 analysts and officers from a variety of federal and local agencies. The squad is permanently attached to the fusion center and has "right of first refusal" on all incoming leads. Von KleinSmid says that it handles, on average, about 25 tips a week. "You have to be very organized," she says. "It's hard to keep the leads straight." As leads go, CT-6 has a low bar. "The only ones we won't work are if we know the person who wrote this complaint is completely crazy," von KleinSmid says -- if the person rambles, or if "it's just some woman saying she saw two Middle Eastern men taking photos of a building." Those tips have no "lead value," she continues, meaning they're dead ends. It's "common," von KleinSmid says, for people to anonymously file complaints about their neighbors. "Most of the leads are dead ends," Sheriff Baca says. "It's well-meaning information from people who don't know exactly what they're talking about." Distractions and hoaxes come with the job, but officials are also trying to dissuade future cranks. In one case, officials say, the threat squad responded to a complaint from a military contractor who claimed that his Filipino girlfriend had stolen plans for a shoulder-fired missile and intended to sell them to Abu Sayyaf, a terrorist network based in the Philippines. CT-6 investigated, and officers tracked down the woman, who, it turned out, was in the country illegally. She and her boyfriend had recently fought, and to get back at her, he reported her as a terrorist supporter, hoping she would be deported. The U.S. attorney's office is prosecuting him for making false claims, officials say. "About one out of every 100 leads, there's something good that comes out of that, where really useful information is obtained," von KleinSmid says. Agents "know that a lot of the stuff they're working isn't going to go anywhere." Which makes one wonder: If nothing will come of most -- nearly all -- of the leads that have poured into L.A. over the years, why bother chasing down each one? Because, officials say, chasing ghosts and possible hoaxes is the best chance they have of finding a bona fide threat. One time out of thousands, the lead might bear fruit. The terrorist hunters might get lucky. In fact, they say, it has already happened. Terror Comes to Town In the summer of 2005, police officers in Torrance, south of downtown L.A., investigated an armed robbery at a gas station. It was the latest in a string of heists, and each time the bandits had fled without a trace. But this time one of them dropped his cellphone, giving police a rare lead. Officers traced the phone to Gregory Vernon Patterson, a 21-year-old local man with no criminal record. They placed him under surveillance. According to a criminal complaint, on the evening of July 5, Patterson and Levar Haney Washington, who, later investigations showed, was an L.A. gang member, drove to a gas station in Fullerton, east of Torrance in Orange County. Washington, dressed in a dark hooded sweatshirt and carrying a shotgun, robbed the clerk, according to the complaint. Police arrested the two men and then searched Washington's apartment in South Los Angeles. That search, authorities say, ultimately enabled them to disrupt a major terrorist plot aimed at local military recruiting stations, the Israeli consulate, and other targets across L.A. Torrance police officers found documents outlining an imminent attack, possibly timed for the anniversary of September 11, as well as knives, bulletproof vests, and "jihadist" material that wasn't available from the usual sources on the Internet, investigators said. Almost immediately, one of the officers involved in the search, who had been trained to spot terrorist warning signs in the course of his normal duties, called local counter-terrorism officials. The entire L.A. terrorist hunting apparatus was on alert again. More than 200 federal and local investigators worked the case, pursuing leads, tracking evidence, and grilling Washington and Patterson. "Virtually every agency in the area jumped on the hunt," says Tidwell, the FBI assistant director in charge. "It was textbook." According to an FBI affidavit, Washington told investigators that he led an "Islamic council" that was planning a jihad in the United States, "to respond to the oppression of Muslims in Iraq and Afghanistan by the U.S. government." Washington said that his group had scouted targets, to determine whether they should use a bomb or "rifles and inflict as many casualties as possible." Patterson, the affidavit said, had purchased an AR-15 assault rifle and was only days from picking it up at a sporting goods store. Investigators charged that the men committed the gas-station robberies to pay for their citywide offensive. Planning for the attacks, the FBI said that Washington told them, was nearly complete. Officials later charged that Washington and Patterson acted at the behest of Kevin Lamar James, a Muslim convert doing time in Folsom prison since 1996 for armed robbery in gang-related crimes. Police said that James had founded a radical Islamic cell called Jamiyyat Ul Islam Is Saheeh, or JIS -- "the Association of True Islam," -- and, from inside Folsom's walls, directed a plot to conduct a violent jihad. Federal officials had warned about the spread of Islamic radicalism in prisons. Local authorities said that Washington and Patterson had met at an area mosque, and had become radicalized by James's vision. On August 31, 2005, a federal grand jury indicted the three men, along with a Pakistani national, on charges of plotting the L.A. attacks. A trial is scheduled for August. Ask any of the terrorist hunters in L.A. to cite a plot they've disrupted as a result of their post-9/11 vigilance, and they'll immediately point to JIS. To this day, the FBI calls the incident the closest thing to an "operational" terrorist plot since the September 11 attacks. Miller, the former LAPD counter-terrorism official who is now the FBI's chief spokesman, has called JIS a "homegrown" terrorist cell. He said that it "is the best example of how the threat now is as much out there on our streets, among some disaffected Americans, as it is teams of sleeper cells who are sent from faraway training camps." Before 9/11, officials in L.A. agree, the police officers who searched Washington's apartment might have been alarmed by the weaponry and the jihadist literature but wouldn't have known to immediately call the terrorism task force. The JIS case is proof, they say, that the relentless pursuit of leads, the hyper-alertness, the constant probing of every piece of evidence for a terrorist link, actually prevents attacks. Many terrorism experts, however, aren't so sure. If the evidence is correct, then Washington and Patterson were clearly capable of violence, and very well may have attacked targets in the city. But is it accurate to call them domestic terrorists, members of a homegrown cell? The case demands comparisons to bona fide homegrown extremists, such as those involved in the London subway and bus bombings in 2005, which killed 52 people. Is JIS the same? Are L.A. terrorist hunters, so intent on turning over every rock, seeing threats where they don't exist? Seeing Things Since 9/11, the FBI and local law enforcement have produced few cases of legitimate terrorism, critics say. Miller said recently that the bureau "has had a part in stopping five terrorist plots in progress" in the past year and a half. Among those, he counts the foiled attempt last year to bomb commercial airliners in midflight on their way from England to the United States. But Miller also includes a plot to blow up a New York City commuter rail line, which investigators have said involved suspects who were never in the United States; the arrest of members of a suspected terrorist cell in Canada who aimed to blow up government buildings there; the arrest of two men in Georgia who the FBI says were linked to the Canadian group and who also discussed attacks on oil refineries and military bases; and the arrest of members of a suspected terrorist group in Florida called "the Seas of David" who officials say wanted to blow up the Sears Tower in Chicago. Terrorism experts hotly debate whether those four cases and others, including JIS in Los Angeles, can or should be called examples of domestic terrorist cells. Tom Kean, the former co-chairman of the 9/11 commission, has dismissed the comparison of JIS to Al Qaeda. JIS, he said, is part of a long history of anarchists and disaffected groups that have wanted to harm the government. Al Qaeda, on the other hand, is a worldwide organization that has declared its intention to harm Americans and has the personnel and financial capabilities to do it, Kean said. "That is the enemy," he told the PBS series "Frontline" last year. "And that is who we're fighting, and we've got to always keep our focus on that." Amy Zegart, an associate professor of public policy at UCLA and a leading national authority on counter-terrorism, says that officials are too quick to label as terrorists groups that express some outrage at the government. "When you parade things that clearly aren't at the level of 9/11 as successes, you undermine the FBI's credibility with the public," she says. Zegart is a prominent FBI skeptic. After she wrote a scathing op-ed in the Los Angeles Times last year in which she said that the FBI was "still stupid" about terrorism, Tidwell called her to his office for a dressing down. Still, after examining the city's terrorist-hunting efforts, including JRIC, Zegart says that there's some reason to take heart. "They have a very forward-thinking approach," she said. JRIC, for instance, built upon the work of another outfit, the Terrorism Early Warning Group, created in 1996 by the L.A. County Sheriff's Department. Experts have lauded the group and the city's leaders for taking local responsibility for terrorism prevention seriously years before national agencies made it a priority. But there's a flip side to the city's ceaseless pursuit, Zegart says. "What worries me about the follow-every-lead approach is that it is done in a strategic void. I think this is an endemic problem that is true across U.S. intelligence. We're ramping up ... saying, 'Let's look at today's threat list,' " Zegart says. "The current news cycle and the terrorist threat are putting more pressure on people to focus on the here and now." As a result, counter-terrorism officials might miss the bigger, longer-range picture about terrorism trends, and overlook new threats that could be emerging below the daily radar sweep, she fears. Zegart says she believes that the threat of domestic terrorism is real. Nevertheless, she's unconvinced that other cities should try to emulate L.A.'s approach. "In many ways, we've been the model in terms of prevention and response," she says. "I always say that the good news and the bad news is, L.A. leads the country in counter-terrorism." Help From Above? In Washington, many intelligence officials want to push the running of homeland security as far away from the nation's capital as possible. In November 2006, President Bush approved a set of guidelines to govern how federal agencies share terrorism information with states, localities, tribal governments, and the private sector, which owns and operates 80 percent of the nation's infrastructure. The guidelines were submitted to the White House by the Office of the Director of National Intelligence, but they were developed by state and local officials, including many of those running fusion centers like JRIC. The guidelines call for a "federalist, or shared-responsibility, approach to information-sharing." The federal government will "promote ... a network of fusion centers" but won't control it. The FBI's Joint Terrorism Task Force and the Homeland Security Department, which is legally the point of contact for states and localities, are cast as partners, not directors. "Fusion centers cannot carry out their efforts in a vacuum. They rely on intelligence and other information from federal entities so that they can develop intelligence priorities," says John Cohen, a spokesman for Thomas McNamara, the former U.S. ambassador-at-large for counter-terrorism and the man who heads the information-sharing environment office that submitted the guidelines to the president. "They also need to be able to view local events within the context of national, even global, terrorist patterns," Cohen says. "State and local officials need this federal information so that they can protect their local communities, and they are telling us that they still are not getting the information they need from the federal government. We are listening and are working aggressively with these states and localities, as well as the intelligence community, Homeland Security, the Defense Department, and the FBI to fix it." Today, some threat reporting comes from the Homeland Security Department and some from the FBI. Those entities have sparred over which should be the primary conduit for states and localities, and who should decide how much they get to know. State and local officials, meanwhile, complain that threat reporting is inconsistent and that much of what they know comes from their own residents. Even in Los Angeles, where relations have remained congenial, Chief Bratton says that the federal agencies need to settle their disputes and to give the locals more information. "How do we get the feds to make nice with each other -- that's still the big issue," Bratton says. From his perspective, local officials have already made a sizable investment in homeland-security policy. "I easily spend 40 percent of my time on terrorism matters," Bratton says, including talking to journalists and members of Congress. Of the federal agencies whose intelligence Bratton wants, he says, "Locals have to be accepted into what was a private club.... We're the new kids knocking on the door." "We're Gonna Get Hit" Ask Stephen Tidwell where the FBI and his friends in L.A. are looking for the next terrorist threat, and you'll get no specifics. "We're looking everywhere.... We spend hours upon hours," he says. "Got people not sleeping very much. People walking around like zombies.... We can't have enough eyes looking." Considering his obsession with standing vigil over L.A., it's odd that Tidwell's office on the 11th floor of the Federal Building looks not to the south and east, over the city's concrete expanse, but to the northwest, taking in the verdant Santa Monica Mountains, which run east to west, to the Pacific Ocean. It's a vivid reminder that Los Angeles sits in a bowl, surrounded by natural forces that also conspire to wipe the city off the map. Immediately outside Tidwell's panoramic window, the Los Angeles National Cemetery spreads in a gradual upward slope toward the mountain range. Dedicated in 1889, the 114-acre garden of stone holds the remains of more than 84,000 veterans of four American wars, from the Spanish-American to the Korean. "We game out in our heads multiple suicide bombers or multiple IED attacks," Tidwell says, referring to Iraqi insurgents' weapon of choice, the improvised explosive device. He pauses and glances out the window. What really scares him, Tidwell says, is what happens after the attack. "Eighteen million people, trying to self-evacuate out of here, will collapse this place." "We're gonna get hit here," Tidwell says. "When it does happen, how are we going to hunt them? How are we going to find them?" By his calculus, every set of eyes, every listening post, every JRIC is one more barrier that terrorists have to overcome. The best chance to save L.A. is to make their job harder. "We're building fences," Tidwell says. "We want enough fences between us and them." Need A Reprint? From rforno at infowarrior.org Sun Apr 29 22:00:28 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 29 Apr 2007 18:00:28 -0400 Subject: [Infowarrior] - How to enjoy media in any region Message-ID: Original URL: http://www.theregister.co.uk/2007/04/28/tv_tips_for_travellers/ How to enjoy media in any region By Thomas C Greene in Dublin Published Saturday 28th April 2007 09:02 GMT Cheap airfares and the so-called "global economy" have got us all travelling internationally like never before, both for business and pleasure. And whatever the purpose of one's trip, two great joys for the traveller are eating and shopping in foreign places. Most of us eagerly bring home merchandise not available locally. As for me, I often bring back inexpensive items like books and music CDs, both of which travel well. So it's a real pity that DVDs and video cassettes have remained so stubbornly provincial - so much the products of place that they are useless in other regions. If you travel frequently and shop often for media, you will soon end up with a mixed collection: that is, DVDs involving various video formats and regions, and VHS cassettes in various video formats, all differentiated according to place. For example, perhaps you travel often to France and want to buy DVDs and cassettes there because you like to watch French movies without subtitles. Or perhaps you travel often to Japan, knowing that much Japanese entertainment is hard to locate at home, and are tempted to buy media during your trip. Depending on where you live, you might have two different obstacles to viewing the movies or TV shows on your television back at home: varying video formats (http://en.wikipedia.org/wiki/Video_formats), and DVD region encoding (http://en.wikipedia.org/wiki/DVD_region_code). First, let's consider the obstacle of video formats: there are three, called PAL (http://en.wikipedia.org/wiki/PAL), NTSC (http://en.wikipedia.org/wiki/NTSC), and SECAM (http://en.wikipedia.org/wiki/SECAM). These are three different schemes for generating and interpreting the video signals that your TV receives, and they are used variously in different parts of the world. It wasn't a problem in the days when virtually all TV content was broadcast; there was no reason why a television in Mexico should be compatible with a signal broadcast in Switzerland. Nowadays, of course, with so much content available on portable media, format incompatibility is a major irritant. Unfortunately, there is no standard video format for media, as there really ought to be. Media and equipment both remain unnecessarily xenophobic - a real vestige of the past. If your British television is designed to receive one type of signal (PAL), it will not display French video that was formatted in another (SECAM). So unless your VCR or DVD player is designed to accept and deliver both types of signal - the type that the media is coded in, and the type that your TV expects to receive - the output will not display correctly. Here is a handy table of video formats by country (http://www.centralhome.com/ballroomcountry/video_formats.htm). Either you must stick with media, media players, and TVs that are all designed for the same video format and region (and forget about buying media that is not formatted appropriately), or you must obtain multi-format equipment. But how expensive is that going to be, you ask? Well, it depends. The cheapest solution is to buy a multi-format DVD player, VCR, or combo unit. The multi-format player can read media in one format, and deliver it in the format your TV requires. The good news is that most European DVD players and VHS boxes of recent manufacture can handle at least NTSC and PAL. Typically, SECAM is not a popular option outside France and former French colonies, so if you're buying media in France for viewing elsewhere, you might have to search more diligently for a suitable player, and you will probably pay more for it. But remember, buying even a high-end player is still a lot cheaper than replacing your television. That's how I approached the problem, anyway. I used to live in the USA, and I've got an assortment of Region 1 DVDs and VHS tapes that I recorded off air. They are all formatted via NTSC, which is standard throughout much of the Americas. Here in Ireland, televisions expect to receive a PAL-formatted signal, which is standard throughout much of Europe. So I needed a device to accept the NTSC signal and provide PAL output. The solution for me was to spend a little extra on a DVD/VCR combo box that can read NTSC and PAL signals, and deliver the one that I choose. It's an exceptionally compact unit that also can run on any electrical current from 110 to 220 volts, so I can conveniently pack it along with, say, 10 of my favourite DVDs when I travel (business travellers will appreciate the savings in hotel porn that this represents, and the ease of concealing one's indulgences from those who examine their expense forms). Have TV, will travel Of course, this does not address the quite different problem of relocating from one video-format region to another and having a TV that's incompatible with the new broadcast and cable signal. This was not an issue for me personally, because I had an older CRT television that wasn't worth the cost of shipping (I moved overseas, not simply from, say, Germany to France, so the shipping cost would have been very high). But that's not going to be the case for everyone. So, can you solve the problem of keeping your old TV and using the broadcast or cable signal in a new region? Yes, but it's not always going to be easy or cheap. The limitation of relying on a media player for multi-format compatibility is this: unless the player can also be used as a multi-format tuner, your TV might not accept broadcast and cable signals after you move. And it also might not be able to run on the local electrical current when you ship it across a national frontier. Fortunately, it's possible to get multi-format, multi-voltage televisions, and this is well worth investigating if you plan to buy an expensive TV soon, but might also move internationally in the near future. If you're going to shell out $2,000 to $4,000 on a high-end widescreen unit that might last five years or more, it's a pity to sell it for pennies on the dollar a year later. In that case, you should look for a multi-format TV that can deal with the broadcast and cable signals in your current, and future, locations. The multi-voltage option is also well worth considering. Because a TV draws a lot of power when it's switched on, you can't use an el-cheapo $25 plug-in voltage converter. You would need a heavy duty one, possibly costing in the neighbourhood of $200 or more. However, if you buy a multi-voltage TV, all you will ever need is a $2 plug adapter. Here is a handy table of voltage standards by country (http://www.kropla.com/electric2.htm). As so often happens these days, there's good news for Europeans here, and bad news for Americans. Multi-format, multi-voltage media players and televisions are widely available throughout Europe, if you know enough to look for them. But in the USA, such units are exotic, and unfortunately priced accordingly. It's virtually impossible to buy a multi-format, multi-voltage media player or television in the USA from any mainstream retailer. So this means going to specialty electronics shops where prices are typically exorbitant. There are several online retailers that you can check out, such as DVDoverseas (http://www.dvdoverseas.com/), 220 Electronics (http://www.220-electronics.com/), World Import (http://www.world-import.com/index.htm), Alldual (http://www.alldual.com/), and Region Free DVD (http://www.regioncodefreedvd.com/) (I haven't shopped at any of them, so this is by no means an endorsement). Fortunately, in Europe, choosing the right kit is simply a matter of checking the specs sheet and ensuring the equipment's video format and voltage capabilities suit your present and likely future needs. Not surprisingly, the more adaptable equipment tends to be more expensive, but it is available through pretty much any retail outlet, whether online or in your neighbourhood. Still, you will have to stick with high-end gear if you're looking for a multi-voltage TV capable of handling all (NTSC, PAL, and SECAM) formats. And a multi-voltage combo player capable of serving as a tuner for all three formats is definitely going to cost you, relatively speaking (although this option is still a money-saver if you don't want to spend lavishly on a television). We control your television set Now we come to another major irritant, DVD region encoding, or, more precisely, DVD region lockout (http://en.wikipedia.org/wiki/Regional_lockout). The movie industry, in its infinite greed and insatiable lust for control, has decided that it simply must regulate your access to media that you have legally purchased. No, I don't mean they are preventing you from copying their priceless treasures; I mean they will not even let you view them unless you buy the media in your own geographical region. Your DVD player is programmed to reject "foreign" disks. Here is a handy table of DVD regions (http://www.hometheaterinfo.com/dvd3.htm). The chief purpose of this abuse is to coordinate the theatrical releases and DVD releases of movies in a way that prevents DVDs from appearing in shops until after the theatrical showing is finished. For example, if a movie's US theatre-run is over and DVDs are available there, but in the UK the movie either hasn't opened or is still in theatres, region lockout discourages UK punters from buying DVDs from, say, Amazon.com. The American disk won't play in the UK machine (well supposedly, about which more below). Brits are thus encouraged to wait patiently until Hollywood decides to release the movie overseas, let it run in theatres, and finally release a DVD compatible with the local equipment. Another reason, of course, is the American habit of subsidising their failing economy by overcharging foreigners. If an American DVD won't play in a French, German, or British box, you can see the potential here for media price-gouging in "Old Europe". Indeed, the priceless Hollywood treasure Dreamgirls (Two-Disc "Showstopper Edition") DVD retails for $22.74 at Amazon.com. This same Showstopper sells for ?14.98, or $30 at Amazon.co.uk, and may now be pre-ordered pending the movie's failure in UK theatres. Allowing 17.5 per cent VAT, we find that the Showstopper, or the tiny blob of molten plastic worth far less than a penny and formed into a disk worth about 15 cents, runs about $2 more in the UK. Obviously, a budget-conscious European won't order from Amazon.com, as the shipping would more than consume the savings; but if one is travelling to the USA, scooping up heaps of DVDs, unpacking them, and pretending that they are one's long-owned property on return, can be a real money saver. Especially if one's US destination is within the vast flyover region, where sales taxes are low if they exist at all. But will your cheap American DVDs work for you at home? Well, if you've solved the video format problems outlined previously, all that's left to worry about is DVD region lockout. Stickin' it to the man Now, here is some good news, for a change. Region lockout is often painfully easy to defeat. Think about it: these gizmos are manufactured by the tens of millions in gargantuan plants, and then shipped on to different regions. The regional spread of orders to be filled will necessarily fluctuate week by week. So it has got to be easy for the maker to set each device's region after manufacture. And if it's easy for them, it's easy for us. We just have to know how to do it. You can easily select the region for your DVD player, and thus play DVDs from any other location. You can also switch back to your default region whenever you please. The manufacturers don't advertise the methods for changing regions on a player, but insiders leak the information, and patient empiricists discover it. And a lot of it is available on the web. You can search for region hacks at free sites such as VideoHelp.com (http://www.videohelp.com/dvdhacks), DVD Reviewer (http://www.dvd.reviewer.co.uk/info/multiregion/), DVDActive.com (http://www.dvdactive.com/player-hacks/), and AskMerlin.org (http://www.askmerlin.org/), and also at part-free, part-pay sites such as DVD Exploder (http://www.dvdexploder.com/). The old trick of choosing Region 0, or any region, no longer works now that Region Coding Enhancement (RCE) has been introduced. With recent DVDs and players it's necessary for you to choose the correct region for each disk in order to play it. But the hacks are often relatively easy, and this should figure into your shopping strategy. Research the players that interest you first, and be sure to discover whether a hack is already known, and whether it is easy or cumbersome to implement. Here in Dublin, hacking your DVD player is a courtesy that any retailer will extend with good cheer. It's all in the open; there's no shame of guilt associated with it. Even in the most mainstream department stores and equipment outlet shops, one of the first things a salesperson will do is check to see if a hack exists for a player you might wish to buy. And they will gladly print the instructions for you. In less enlightened parts of the world, this might be looked at as somewhat seedy, and it might therefore be necessary to go to a seedy shop in a seedy neighbourhood and speak in low tones. Or, just find the hacks online for the players that you are most interested in buying before you go shopping. Of course, the MPAA hates all this, and probably regards it as something approaching piracy. But piracy is a crime, as it should be. This is not piracy; it's not even close to piracy; it is nothing more than you exercising control over equipment that you own and modifying it to suit your needs. You are doing nothing worse than annoying the media giants. They don't like it, all right. And so what? Contrary to MPAA propaganda, changing the region on your player is in no way unethical. It might possibly be illegal in some jurisdictions (e.g., the DMCA is so vaguely worded that region hacking might be a violation), but any law that forbids you to tinker with your own property for legal purposes, such as watching a DVD that you bought on equipment that you own, is ridiculous and needs to be flouted flagrantly. Such laws are a product of political corruption, of legislators in the pockets of entertainment giants, passing regulations written by media corporation lobbyists in order to curry favour with their deep-pocketed Masters. No such law is to be taken seriously, unless there are criminal aspects, or public safety or public interest concerns (such as there are with emissions controls on automobiles, which, for very good reasons, may not be fiddled with). But here, the interests are 100 per cent private and intolerably selfish, so don't feel the merest twinge of guilt in sticking it to the man. He's always eager to reciprocate, after all. So, just to recap: While a frequent flier obviously needs to know a lot to make a wise media or equipment purchase, we've just sketched out the most important issues a shopper should educate himself about and investigate before buying. It is complicated, but just remember that video formats and DVD regions are two separate problems requiring separate solutions. Remember also that the video-format problem has two elements, media on the one hand, for which the right player is needed, and cable and broadcast on the other, for which the right tuner is needed. A media player might or might not be able to serve as a multi-format tuner, so be sure to sort out your needs before buying a new player or a new television. ? From rforno at infowarrior.org Sun Apr 29 22:21:26 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 29 Apr 2007 18:21:26 -0400 Subject: [Infowarrior] - Will Bioterror Fears Spawn Science Censorship? Message-ID: Will Bioterror Fears Spawn Science Censorship? 04.25.07 | 2:00 AM http://www.wired.com/print/politics/onlinerights/commentary/circuitcourt/200 7/04/circuitcourt_0425 Since September 11th, people have been increasingly worried about the misuse of legitimate scientific research to create dangerous weapons or to bypass security measures. Now a federal advisory board is about to recommend new guidelines to limit publication of life-sciences research that could be misused by terrorists. I think it's treading on dangerous ground. Last Thursday, a draft of the rules was formally adopted by the National Science Advisory Board for Biosecurity, or NSABB, at a meeting in Bethesda, Maryland. The draft proposes voluntary compliance by scientists, universities and journals, but leaves open the possibility of federal legislation to turn the guidelines into law. Indeed, it almost invites that result by supporting application of the NSABB recommendations to researchers that do not receive federal funds -- a result that can only be achieved through regulation. As a lawyer for computer security researchers, it is impossible to regard this prospect with anything but dread. For example, the proposal (.pdf) broadly defines "dual use research of concern" as any "research that, based on current understanding, can be reasonably anticipated to provide knowledge, products, or technologies that could be directly misapplied by others to pose a threat to public health and safety, agriculture, plants, animals, the environment, or materiel." That's a perfectly reasonable description of an article or paper worth a closer look before publication. But if this language becomes a statute that prohibits publication under some circumstances, the author risks criminal prosecution if law enforcement disagrees with a scientist, university or peer-review publication's decision that the research should be published. And, legally, I'd find it extremely difficult to advise the author with any certainty whether publishing the research is lawful or not. Whose "current understanding" applies? What does "reasonably anticipated" mean? When is research "directly" misapplied, or merely indirectly used? How much of a risk "poses a threat"? The NSABB draft also sets out a procedure to follow once a scientist has identified research of concern. Instead of outright suppression in every case, the proposal suggests a risk/benefit analysis, which can result in a variety of options for communicating the research to the public. This seems flexible and case-specific, which again, is great in a guideline, but terrible when you are trying to advise a client how to avoid the risk of jail. We know that reasonable scientists can and do disagree about these things. What do prosecutors, judges and juries think? Rejecting new regulation doesn't mean we have to be subject to the whims of bioterrorists. Voluntary self-regulation, ethical training, peer review and additional practices currently followed by recombinant DNA researchers, microbiologists and other scientists all have a track record of success. And smart federal laws can control access to pathogens -- and prohibit dangerous practices -- while steering clear of restricting scientific publications. Until recently, U.S. policy has been to allow the publication of information, with only narrow controls on classified information. Then, in 2002, the president signed the National Security Act, which requires federal agencies to create procedures to protect "sensitive but unclassified" knowledge. The statute is unclear about whether these procedures should take the form of voluntary guidelines, or regulations with the force of law, and whether they'll apply outside of federal agencies. But the NSABB report appears to be part of the effort to craft such procedures. The scientists on the board have good reasons for wanting to be involved in crafting the guidelines. They want to stop terrorists, and they take the dangers from dual-use research seriously. They also want to protect the scientific process, and they believe correctly that if regulation is going to happen, it would be much, much better if scientists were involved. Once such scientist is NSABB board member David A. Relman, M.D., associate professor of medicine, microbiology and immunology at Stanford University School of Medicine. He told me about a 2004 addition to federal law which criminalizes possession of the smallpox virus. Unfortunately, the statute defines the pathogen as any virus that contains 85 percent or greater sequence similarity to smallpox, effectively outlawing a whole range of pox viruses, including the smallpox vaccine. The maximum penalty for violating the law is a fine of $2 million dollars and 25 years in prison. Doctor Relman views his role on the NSABB as helping the government avoid a similar kind of mistake in the future. He and his colleagues are doing us a service by participating, but they have to be extremely careful that their work is not used to legitimize regulation. Any guidelines should be crystal clear that they are good only as that -- guidelines. If the NSABB is not careful, its well-balanced recommendations may become a precursor for abandoning voluntary self-regulation in favor of federal regulation of scientists. Once we have regulations, we will also have penalties for non-compliance. At that point, the only question left will be how much scientific self-determination remains. - - - Jennifer Granick is executive director of the Stanford Law School Center for Internet and Society and teaches the Cyberlaw Clinic. From rforno at infowarrior.org Mon Apr 30 00:58:23 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 29 Apr 2007 20:58:23 -0400 Subject: [Infowarrior] - Cryptome.Org shut down by Verio/NTT Message-ID: (original heads-up from marlowe) Verio claims cryptome.org violated its TOS, but does not specify exactly what the violation was or if the site can remedy the situation to avoid disconnection. I find this action to be highly-questionable from a customer service perspective, and thusly can't help wondering "who" (if anyone) got Verio to underake this action without explanation or path of remedy given how controversial the site seems to be to various folks around the world. John Young (cryptome's owner) wonders if Verio got slapped by a gag-inflicting National Security Letter or something else along those lines. http://cryptome.org/cryptome-shut.htm (FWIW, at least Verio's given Cryptome a week's notice.) -rick From rforno at infowarrior.org Mon Apr 30 03:40:24 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 29 Apr 2007 23:40:24 -0400 Subject: [Infowarrior] - How'd You Do In School Today? Message-ID: ...another piece underscoring how "times have changed" --- I really wonder how 'empowered' today's kids will be as future adults given that they're always being monitored and have no "buffer zone" to learn things about life for themselves. The long-term consequences outweigh the short-term benefits, IMHO. --rf How'd You Do In School Today? With Edline Online, The Report Card Goes 24/7 and Every Test Is An Open Book http://www.washingtonpost.com/wp-dyn/content/article/2007/04/29/AR2007042901 391_pf.html By Linton Weeks Washington Post Staff Writer Monday, April 30, 2007; C01 At the beginning of this semester, Laura Iriarte Miguel switched anatomy classes. No big deal. Students at Quince Orchard High School in Gaithersburg can shift courses around at the start of each term. But when Iriarte Miguel remained on the roll in the wrong class for several days, her parents began receiving notices from Edline -- an online, up-to-the-sec grade-tracking program used in Montgomery County middle and high schools -- about her unexcused absences and zeros on quizzes. Finally, one night at dinner, in between bites of spaghetti, her parents grilled her about her truancy and her rotten anatomy grades. She hadn't told them she had opted into another class. "They wanted to know why-why-why-why," Iriarte Miguel says. She set them straight, but the air was still poisoned. The suspicion, she says, "accumulated in the back of their minds during the whole day." This could be a simple story of parental expectations and teenage lackadaisicalness. But it's also a tale of an innovation at the nexus of a morphing world -- symbolic of the changing nature of childhood, America's abiding faith in education and the unforgiving quality of technology. * * * Growing up isn't what it used to be. Time was, parents set boundaries, children tested them. There was always a question of how much parents should know and how much kids should tell them. School was often a black box to parents. Mom and Dad dropped their kids off in the morning and had nearly zero understanding of precisely what went on during the day. High school in particular has been a time of experimentation, says Ellen deLara, an adolescence specialist at Syracuse University. "People are inventing themselves, trying out different ways of being in the world, trying different faces." Now along comes Edline to help erase the illusion -- and reality -- that school is separate from the parental world. That separation, deLara says, "is a buffer that's actually critical for healthy adolescent development." Constant monitoring -- the equivalent of a nanny cam trained on teenagers -- "doesn't allow for confabulation," she adds. Nor does it provide "space for thinking about how to present bad news to parents. Instead, parents can jump to conclusions, and essentially, try and convict their teens, all before hearing from them." The result is double-edged: Edline -- and other programs like it, such as SchoolFusion and School Center -- provide students, teachers and parents with an online meeting place to discuss day-to-day assignments, tests and grades. But it also enables parents to keep track of a kid's academic progress -- or lack of progress -- in a heretofore unthinkably micromanagerial way. Parents can know everything; children have no wiggle room. Gone is the fudge factor, the white lie. A student makes a D on a quiz, a D shows up on Edline. No matter that a student leads a discussion in class or puts forth a cogent point. Or has the possibility to retake the quiz, make up the poor grade or do extra credit work over the weekend. This swift knowledge of success or failure can drive a wedge into families. Exhibit A: More than 20 anti-Edline groups have popped up on Facebook with names such as "Edline Is Hazardous to My Health" and "Edline Is Ruining My Life." These two groups, it turns out, were founded by Montgomery County high school students. So was the largest of the anti-Edline clubs: "Child abuse increased 78% since the Edline was created." With more than 6,000 members, the online klatch is Iriarte Miguel's co-creation. She says that when she and a guy launched it she was being tongue-in-cheek. But there is a real sting. "Edline really doesn't give us an opportunity to explain why our grades aren't up to par," Iriarte Miguel says. An A-minus student planning to go to the University of Virginia in the fall, she hears from scores of kids all over the country who are frustrated by the technology's watchdog qualities. A sampling of comments: "My mom literally watches my sister like a HAWK on Edline," writes a student from Tampa. "Can't say that she has had many fun weekends since Edline was created." And another note from Los Angeles: "Whatever happened to trying to improve grades before the report cards were sent out? This is so dumb!" * * * With computers, everything is binary -- one/two; either/or. There are few in-betweens. Gone are the rough edges, the gray areas. And there are unintended consequences. Technologies often solve and cause problems at the same time. Cellphones, advertised as devices for knowing the whereabouts of someone at all times, also allow that someone to call from, and pretend to be, anywhere. Edline enhances communication among parents, teachers and students. And it can also destroy communication. Sherry Turkle, a Massachusetts Institute of Technology professor, warns against "overtechnologizing." A grade-tracking system like Edline, Turkle says, "sounds to me terribly intrusive." The best way for parents and students to communicate is to talk about what is going on at school, she says. "When you just see a grade as a number, it's not necessarily opening the possibility of dialogue. Potentially it's closing down dialogue." Turkle says Edline reminds her of the panopticon, an 18th-century idea for a specially designed building that would enable jailers to watch prisoners without the prisoners knowing they were being observed. The panopticon has become a metaphor for Big Brother. The question the culture should be asking about monitoring technologies, Turkle says, is: "Is this just making children feel surveillance in a way that is uncomfortable for everybody?" The Internet, she says, can be used as a "blunt instrument." In the old, pre-Internet days, parents who attended back-to-school nights and knew the names of their child's teachers were considered involved. Edline, and other monitoring technologies, take involvement to a whole other level. "Parent involvement is known to be the key factor in positive student behavior and achievement," says Edline Vice President Marge Abrams. "How parents use the information is a parenting decision. Hopefully, if parents use the information to work with their child in a positive caring way, this parental involvement will lead to good achievement. Edline does not change the way a parent parents. If a parent uses the information in a punishing way, the same parent probably punishes at report card time." Love it or hate it, Edline is expanding. Abrams says the service was created in the late 1990s and today is being used in every state and in other countries. The privately owned company won't release its earnings or a complete list of its customers; schools pay about $2 per student for Edline. Edline, she says, has "many thousands of clients," including schools in Harford County, Md., and Chesterfield County, Va. There are 38 middle schools and about 25 high schools -- 75,000 students -- in Montgomery County, according to schools spokeswoman Kate Harrison. All but three of the high schools began using Edline this year. Next year, all the schools will use the service. * * * Many American parents don't think that keeping close tabs on their children's school activities is so dumb. They think it's smart. Countless American success stories revolve around a caring teacher, a challenging class, a top-drawer education. A whole subset of the entertainment industry is built around the glorification of pedagogy. Think "Dangerous Minds" and "Finding Forrester." In this country, "the middle class -- and anyone wishing to become middle class -- believe that education is the escalator to higher social status and financial well-being," says Larry Cuban, a former district superintendent of Arlington Public Schools and professor emeritus of education at Stanford University. "The early-20th-century progressives saw schooling as the engine of democracy and the instrument by which immigrants would become Americans and middle class," he says. "Both business and civic elites have sold public schooling, getting a diploma, and now going to college as ways of entering the labor market and succeeding." The same people, Cuban says, "particularly at the beginning of the 20th century and in the past three decades, have linked better schooling and getting credentials to better jobs, a strong economy and higher lifetime earnings." With so much riding on success in school, watchdog technology such as Edline and its immediate techno-feedback have an obvious appeal. For hovering "helicopter" parents, it's a high-beam searchlight. No bad grade escapes its harsh glare. Chris Barclay is a member of the Montgomery County Board of Education whose daughter goes to Einstein High School in Kensington. Although the students at Einstein call it "Dreadline," he says that the grade-tracking service "helps hold your child and your child's teacher accountable." The software allows working parents to stay connected. Laura Hajdukiewicz, a biology teacher at Andover High School in Massachusetts, loves the software. She liked it so much at her old place of employment, the Bromfield School outside of Boston, that she persuaded Andover to try it. She tells of parents who found out through Edline that their son was reading the novel "To Kill a Mockingbird," giving them something to talk about at dinnertime. She says a parent who is a cardiologist volunteered to come into her class and speak when he learned through Edline that the class was studying the heart. "It's opening lines of communication," Hajdukiewicz says. "Students like it when they are doing well." Hajdukiewicz asked more than 100 students in several grades for their opinion of Edline. She says the response was overwhelmingly favorable, although they felt their parents were now micromanaging their grades. "They like it for their own use but would rather keep things 'quiet' which is a fairly typical teenage response," she writes in an e-mail. "They also feel that their parents check it more often than they do!" Carol Blum, Montgomery's director of high school instruction and achievement, says that Edline has helped to cut down on the number of e-mails and phone calls that parents make to teachers. In the past, she says, "it wasn't as easy to be in touch with parents." A teacher would send out an interim report if the student was in danger of failing and by the time the parent received it, "it was almost too late," she says. "This way if a student is in trouble in a course, a parent can see it in a timely manner." And students can know where they stand. "The biggest pro, coming from the high school perspective," says Christopher S. Garran, principal of Walter Johnson High School in Bethesda, "is that Edline gives the students more information about their grades and where they stand in class." A student can go online, Garran says, "and quickly see the impact that a zero might have. He can more easily see the effect of not having worked very hard." At the same time, "when they get an A, it immediately shows them how powerful that is." Garran tells parents: "How closely you monitor your child's progress is a personal decision. "Parents have to remember what it was like when they were in school . . . remember when you didn't get that homework assignment in on time." A lot can happen, he says, "between that first quiz and the final grade." From rforno at infowarrior.org Mon Apr 30 11:45:53 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 30 Apr 2007 07:45:53 -0400 Subject: [Infowarrior] - London Olympics: Only using 'sponsored' security products Message-ID: (c/o Schneier's blog. This is crazy.........rf) No medals for UK Government over London Olympics security Posted by Davey Winder at 11:16am, 26 Apr 2007 http://www.itpro.co.uk/blogs/editorial-blogs/davey-winder/195108/no-medals-f or-uk-government-over-london-olympics-security.thtml Giving an otherwise rather dull and predictable keynote speech at Infosecurity Europe about the IT security demands of running the London Olympics, Derek Wyatt MP has let it slip that UK Government hands are tied when it comes to security technology. He also made it clear that he has no idea where the security threat will come from stating ?who are the enemy? I wish I knew? and ?don?t ever underestimate the intelligence of the opposition, whoever that is.? But the biggest concern I have over the ramblings of the Right Honourable gentleman came when he started talking about the problems faced in identity management and authentication not only during the event but in the run up to it, with the construction of the venue. Wyatt sound quite upbeat about the possibility of using the London ?Oyster? card, used for public transport travel, which could be upgraded fairly easily to incorporate biometric data and turned into a mini-ID card. He also sounded quite impressed with the idea of using the Nokia based authentication system for mobile phones. Upbeat and impressed, and then he dropped the bombshell, which I hope will not be a bad choice of words for the future, when he casually revealed that because neither of these companies was a ?major sponsor? of the Olympics their technology could not be used. Yes, you read that right, as far as the technology behind the security of the London Olympic Games is concerned best of breed and suitability for purpose do not come into, paying a large amount of money to the International Olympic Committee does. So who has bought their way into being the security experts of choice, and with whom our security and that of the visiting millions will rest? Visa. Oh whoopy-doo, I admit to feeling much more reassured now, after all these are the same people who do not suffer from any problems with identity and authentication and fraud and crime on a huge scale within their own business sector after all. Not. And in case you are wondering why anyone should get wound up by the ramblings of some MP you have never heard of, the fact that he was speaking in his official capacity as Chairman of the All Party Parliamentary Olympic Group might just grab your attention as it did mine. Even when questioned by a member of the British Computer Society Security Group who was as shocked as I, and expressed total disbelief that potentially far better technologies were to be overlooked simply because a sponsor had to be used, Wyatt gave a half-hearted shrug of the shoulders response along the lines of it is out of our hands. Personally I find it beyond contempt that security decisions that will impact upon the whole country, and the billions watching around the world, come down to a money making opportunity for a sponsor rather than being a Government controlled process. Wyatt readily admits it is nothing to do with him, his committee or indeed the Government as the deals arrangements are between the IOC and their sponsors. He also readily admits he doesn?t see why the UK should have to foot the ?1billion cost of security in that case. But again, he misses the point. Security in this case should not be about money, or who foots the bill, but about preventing lives from being lost and terror winning a gold medal on the world stage. Visa have, as of yet, to reveal what plans it has for the games? From rforno at infowarrior.org Mon Apr 30 15:54:35 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 30 Apr 2007 11:54:35 -0400 Subject: [Infowarrior] - MSNBC restricts Internet redistribution of Dem debate Message-ID: MSNBC restricts Internet redistribution of debate; Joe Biden ignores them By Nate Anderson | Published: April 30, 2007 - 05:30AM CT http://arstechnica.com/news.ars/post/20070430-msnbc-supplies-gas-matches-to- bloggers-after-limiting-use-of-debate-footage.html The Democratic presidential contenders gathered for their first debate last week, a debate that MSNBC broadcast, webcast, and blogged. All well and good. But then MSNBC's rules for reusing debate footage surfaced, and journalism guru Jeff Jarvis nearly burst an artery in his anger over the restrictions. Most egregious was MSNBC's claim that no footage could be distributed on the Internet, but not far behind was the network's claim that no one was allowed to use excerpts after May 26, 2007, and could not archive them, either. MSNBC seems to have come down with the sort of amnesia that removes all memory of "fair use" for news reporting, criticism, and commentary, but it's not a total disaster for citizens: the debate is archived and available in its entirety on the network's website. That's not enough for Jarvis, who wants to see all the candidate responses chopped up and made available on YouTube or other outlets. He's not the only one. Lawrence Lessig and 75 other signatories have sent a letter to the RNC and DNC, asking both parties to require that all future debates be made freely available using Creative Commons licenses. When you can convince everyone from Michelle Malkin to Arianna Huffington to sign onto something, true bipartisanship has officially been achieved. MSNBC hasn't fared well in the whole debacle, coming under fire from just about everyone (Media Matters even castigated the network for sexist coverage of the debate), and it's not even clear that the restrictions actually did anything for the network but give it a black eye. Clips from the debate already populate YouTube, many of them apparently posted by Joe Biden's own campaign. Although the spectacle of MSNBC tangling with Biden over takedown notices would be entertaining, don't expect it to happen; no one, not even soulless TV network executives, wants to be seen as a quasher of democratic (in both senses) give-and-take. MSNBC obviously paid for the debate production costs and wants a return on its investment, but stirring up the blogosphere's wrath isn't the way to get it. The episode, while not reflecting well on MSNBC, doesn't make the candidates look so hot, either. Given that these sorts of events are crafted after much careful back-and-forth by lawyers and campaign strategists, who thought that agreeing to these restrictions was a good idea? Or did some candidates truly believe that limiting Internet access to their words was a safer course than making them easily available? The Internet has already shown that it won't abide this sort of stage-managing.