From rforno at infowarrior.org Sat Nov 1 15:08:03 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 1 Nov 2008 11:08:03 -0400 Subject: [Infowarrior] - Virtual Heist Nets 500,000+ Bank, Credit Accounts Message-ID: <54548311-8FC2-4BB5-BE71-FC7E53FC7F9B@infowarrior.org> Virtual Heist Nets 500,000+ Bank, Credit Accounts http://blog.washingtonpost.com/securityfix/?hpid=sec-tech A single cyber crime group has stolen more than a half million bank, credit and debit card accounts over the past two-and-a-half years using one of the most advanced strains of computer spyware in existence, according to research to be published today. The discovery is among the largest stolen data caches ever recovered. Researchers at RSA's FraudAction Research Lab unearthed the massive trove of purloined data while tracking the activities of a family of spyware known as the "Sinowal" Trojan, designed to steal data from Microsoft Windows PCs. RSA investigators found more than 270,000 online banking account credentials, as well as roughly 240,000 credit and debit account numbers and associated personal information on Web servers the Sinowal authors were using to set up their attacks. The company says the cache was the bounty collected from computers infected with Sinowal going back to February 2006. "Almost three years is a very, very long time for just one online gang to maintain the lifecycle and operations in order to utilize just one Trojan," said Sean Brady, manager of identity protection for RSA, the security division of EMC. "Only rarely do we come across crimeware that has been continually stealing and collecting personal information and payment card data, and compromising bank accounts as far back as 2006." Sinowal, also called "Torpig" and "Mebroot" by various anti-virus companies, constantly morphs its appearance to slip past security software. Between April and October, researchers spotted an average of 60 to 80 new Sinowal variants per month (see graphic above). Indeed, in the 24 hours ending Oct 30, security researchers at ThreatExpert.com saw at least three new versions of Sinowal being released into the wild. On Oct. 21, a new Sinowal variant was submitted to Virustotal.com, which scans incoming files against nearly three dozen commercial anti- virus programs and maintains a historical record of those results. Only 10 out of 35 of those security programs - or 28.5 percent - identified it as such or even flagged it as suspicious. Another scan of a Sinowal variant sent to VirusTotal a week earlier yielded slightly better results, with just over half of the anti-virus tools detecting it as malicious. Sinowal also is unique in that hides in the deepest recesses of a host computer, an area known as the "Master Boot Record." The MBR is akin to a computer's table of contents, a file system that loads even before the operating system boots up. According to security experts, many anti-virus programs will remain oblivious to such a fundamental compromise. What's more, completely removing the Trojan from an infected machine often requires reformatting the system and wiping any data stored on it. The Trojan lies in wait until the victim visits one of more than 2,700 bank and e-commerce sites hard-coded into the malware, at which point it injects new Web pages or information fields into the victim's Web browser. For example, Sinowal can falsely prompt an unsuspecting victim for personal information, such as a Social Security number or password when he or she visits one of the targeted financial institution Web sites. Any stolen data is regularly uploaded to Web servers controlled by the Trojan's authors. The makers of Sinowal typically have spread their Trojan by sewing malicious code into the fabric of large numbers of legitimate, hacked Web sites. When an unsuspecting Windows user visits one of these sites, the code left on the site tries to install the Trojan using one of several known Web browser security holes, such as vulnerabilities found in popular video and music player plug-ins like Macromedia Flash and Apple's QuickTime player. The Sinowal gang appear to have profited handsomely from a spate of high-profile Web compromises reported of late: More than 100,000 bank account credentials were stolen by the Trojan in the last six months alone, RSA found (see graphic above). It's not clear exactly who's behind these attacks, but evidence points to Russian malware gangs. Brady said Sinowal had early ties with the Russian Business Network, a notorious, cyber-crime friendly Web hosting firm in St. Petersburg, Russia, that was dispersed last year due to international media attention. While the Sinowal authors no longer use RBN as a home base, Brady said his team could find no trace of a single Russian victim in the entire database of credentials and identities stolen from customers of hundreds of banks across the United States, Europe and Asia, and at least 27 other countries. According to several analysts at iDefense, a security intelligence firm in Sterling, Va., more than a dozen criminals operating the Sinowal data theft network have been thumbing their noses at authorities for some time. While examining a Web server used in a Sinowal attack earlier this year, iDefense found a spoof of the U.S. Marshals Web site apparently created by the criminals (click the image above to enlarge). iDefense said each nickname on the fake site corresponds to the digital credentials that gang members used to access the Web server. The bogus wanted poster includes caricatures of such famous figures as Mikhail Gorbachev; Leonid Brezhnev, Joseph Stalin (Perevodchik, "translator" in Russian); Vladimir Lenin; and Russian Prime Minister Vladimir Putin ("Shaitan," or "devil"). From rforno at infowarrior.org Sat Nov 1 15:21:30 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 1 Nov 2008 11:21:30 -0400 Subject: [Infowarrior] - Israel creating nationwide biometric database Message-ID: <41689003-576D-4A6A-9A7F-5FACF21EA690@infowarrior.org> Biometric database bill passes first vote Knesset okays controversial biometrics bill, turns it over to Constitution, Law and Justice Committee for further legislation. If passed, will compel citizens to make fingerprints available to government, or risk jail < - > http://www.ynetnews.com/Ext/Comp/ArticleLayout/CdaArticlePrintPreview/1,2506,L-3614965,00.html From rforno at infowarrior.org Sat Nov 1 15:43:57 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 1 Nov 2008 11:43:57 -0400 Subject: [Infowarrior] - Bravo, MAJ Sebastian Morely! Message-ID: <512B575D-52BE-4101-9F7E-13D0433E4255@infowarrior.org> ....for standing up for both your principles and your troops in the face of apparent bureaucratic incompetence. --rf Exclusive: SAS chief quits over 'negligence that killed his troops' The commander of Britain's SAS troops in Afghanistan has resigned in disgust, accusing the Government of "gross negligence" over the deaths of four of his soldiers. < - > http://www.telegraph.co.uk/news/newstopics/onthefrontline/3332417/Exclusive-SAS-chief-quits-over-negligence-that-killed-his-troops.html From rforno at infowarrior.org Sun Nov 2 01:23:48 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 1 Nov 2008 21:23:48 -0400 Subject: [Infowarrior] - Security Systems and the Stock Market: How Do You Invest? References: Message-ID: http://attrition.org/security/rant/invest01.html Sat Nov 1 2008 20:40:13 Lyger Anyone who has ever been responsible for the research, approval, or purchase of a "security system", whether it be a spam filter, web filter, antivirus software, firewall, NAC, or any one of a plethora of other options, probably knows what a daunting task it can be. Dozens of vendors vie for your attention with dozens of options for each product they offer, and examining every detail of every option of every product is pretty much impossible unless you have a full-time team dedicated to nothing but product analysis and testing. For smaller shops, there should be a way to make a few educated decisions about which vendor is best suited for company needs. Note the word "suited". When considering a product or vendor, it's all about "suitability". Just like the stock market. [.] By my own estimation, I have about 400 times more experience in the security industry than I do as an investor in the stock market. Over the last week, my stock purchases have been watched with a curious fascination, but I also began to see a correlation between my financial investments and what can be done to assess vendors of security-related products. [...] http://attrition.org/security/rant/invest01.html From rforno at infowarrior.org Sun Nov 2 15:49:37 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 2 Nov 2008 10:49:37 -0500 Subject: [Infowarrior] - Fed court orders WH to release wiretap memos Message-ID: <6A8792F8-E7C3-450F-94F7-47DED7F64F36@infowarrior.org> Judge orders review of wiretap memos Justice Department must produce communications from White House The Associated Press updated 5:53 p.m. ET, Sat., Nov. 1, 2008 http://www.msnbc.msn.com/id/27488365/ WASHINGTON - A federal judge has ordered the Justice Department to produce White House memos that provide the legal basis for the Bush administration's post-Sept. 11 warrantless wiretapping program. U.S. District Judge Henry Kennedy Jr. signed an order Friday requiring the department to produce the memos by the White House legal counsel's office by Nov. 17. He said he will review the memos in private to determine if any information can be released publicly without violating attorney-client privilege or jeopardizing national security. Kennedy issued his order in response to lawsuits by civil liberties groups in 2005 after news reports disclosed the wiretapping. The department had argued that the memos were protected attorney- client communications and contain classified information. But Kennedy said that the attorney-client argument was "too vague" and that he would have to look at the documents himself to determine if that argument is valid and also to see if there is information that can be released without endangering national security. Justice Department spokesman Dean Boyd said Saturday the department is reviewing the opinion and will "respond appropriately in court." Shortly after the Sept. 11 attacks, Bush authorized the National Security Agency to spy on calls between people in the U.S. and suspected terrorists abroad without obtaining court warrants. The administration said it needed to act more quickly than the court could and that the president had inherent authority under the Constitution to order warrantless domestic spying. After the program was challenged in court, Bush last year put it under the supervision of the Foreign Intelligence Surveillance Court, established in 1978 after the domestic spying scandals of the 1970s. "We think just as a common sense matter the legal theories for the president's wiretap programs cannot be classified and should be available to the public," said Marc Rotenberg, president of the Electronic Privacy Information Center, one of the groups seeking the memos. "It's an important decision because up to this point the judge has relied on the government's assertion that it has done everything properly under the law and that it has disclosed everything it needs to disclose," Rotenberg said Saturday. Copyright 2008 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed. URL: http://www.msnbc.msn.com/id/27488365/ MSN Privacy . Legal ? 2008 MSNBC.com From rforno at infowarrior.org Mon Nov 3 02:21:23 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 2 Nov 2008 21:21:23 -0500 Subject: [Infowarrior] - UK Web Censor: A victory for the terrorists Message-ID: <51F28AE5-DF0D-43DA-87DF-3257919A2A98@infowarrior.org> A victory for the terrorists Website censorship erodes the very freedoms that the home secretary purports to defend o John Ozimek o guardian.co.uk, o Sunday November 02 2008 20.00 GMT http://www.guardian.co.uk/commentisfree/2008/nov/02/uksecurity-internet The UK has a very real problem with websites that incite terrorism, and if we are not careful the government's preferred cure could be as bad as the disease itself. Faced with the impossibility of policing material that originates from abroad, the home secretary is now planning to appoint herself the UK's first official censor. In 2006, the government passed a law banning the display of material that "directly or indirectly" encouraged terrorism. "Direct encouragement" is easy to spot. It includes virtually all website that urge true believers to "kill the infidel". Not, however, a site featuring Achmed, the dead terrorist, as that is clearly satire. "Indirect" is a little harder to pin down. Apparently this is "glorification of the commission or preparation" of certain acts, together with a nudge that such acts would be a good idea right now. If you do come across incitement to terrorism on the internet, report it to your nearest police constable. They will then issue the "relevant person" with a "take-down" notice: and in quaint British fashion, the site must be down within two working days, excluding Christmas or Good Friday, but not including Eid. Or else. An eternal difficulty with such legislation is that "one person's terrorist is someone else's freedom fighter". The law may be outwardly neutral: but it is focussed pretty exclusively on muslim terrorism. You won't find many web sites that glorify western covert ops being reported or closed down. Or to put it another way: "Lyrical Terrorist", Samima Malik was first found guilty, then cleared, of inciting terrorism through poetry. It seems unlikely in the extreme that our laws would ever be used against the freelance anti-terrorism websites ? mostly US-based ? that wage a constant, possibly illegal and sometimes seriously unpleasant citizens' war against the "axis of evil". I also know, or hope I know, that the decision to close a site will not be left in the hands of humble beat officers, who have after all, previously arrested wearers of anti-Blair t-shirts for "offensiveness". That said, I'm not sure I trust more senior policemen either. After all, it was an officer with the met's obscene publications unit who leant on satirical site "thinkofthechildren" on the grounds it "could" incite violence. There's a weasel word, if ever there was one: so many things "could" glorify terrorism. Sadly, this only catches UK-hosted websites, which are a small proportion of the whole: the most prolific inciters of terrorism lie well beyond the reach of the most dedicated UK copper. This is a biased law, but it's also a figleaf: a symptom of government pretending that something can be done. Yet government now wishes to do more. Recently, the home office informed me that "the government has been working ? to develop filtering software [to protect] against illegal material that promotes or encourages terrorism". However, just because the home secretary doesn't like something doesn't make it "illegal". In fact, "illegal" material doesn't actually exist, at least, not as such. Terrorism material, in British Law, is defined largely ? albeit not exclusively ? by the intent of the person possessing it. The Catholic church may once have possessed an index of banned books: we do not. There is altogether too much of the lynch mob about this proposal: to go after the devil, we'd happily chop down every law in the land to do so. Is that really what we expect from one of the most senior ministers in the land? Herein lies the real risk from terrorism. It's all very well arguing that terrorism sites are pernicious, evil, etc. But what the home office is doing is equally dangerous. Substituting police opinion for due process may be operationally efficient: but it is an erosion of legality. Replacing a properly enacted power to block banned sites with a filtering process that will permit the home secretary to censor by executive fiat strikes at the core of civil liberties in this country. Terrorism is serious stuff; so too are some of its remedies. From rforno at infowarrior.org Mon Nov 3 13:12:02 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 3 Nov 2008 08:12:02 -0500 Subject: [Infowarrior] - A PSA message to Infowarrior-l Message-ID: Whatever your personal beliefs or registered party association, please do our country a favor and go vote on November 4th. Exercise your right to speak up and make a real difference in our collective future! Thanks. We now return to your regularly scheduled Monday. -Rick From rforno at infowarrior.org Mon Nov 3 13:31:55 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 3 Nov 2008 08:31:55 -0500 Subject: [Infowarrior] - On Security, Microsoft Reports Progress and Alarm Message-ID: November 3, 2008 On Security, Microsoft Reports Progress and Alarm By JOHN MARKOFF http://www.nytimes.com/2008/11/03/technology/companies/03security.html?_r=1&oref=slogin&pagewanted=print Microsoft plans to report on Monday that the security of its Windows operating system has significantly improved, while at the same time the threat of computer viruses, frauds and other online scourges has become much more serious. The company blames organized crime, na?ve users and its competitors for the deteriorating situation. In the latest edition of its twice-a-year ?Security Intelligence Report,? Microsoft said that the amount of malicious or potentially harmful software removed from Windows computers grew by 43 percent during the first half of 2008. The company said improvements in security for its Windows Vista operating system and security updates to the previous Windows XP system had made such software a less attractive target for attackers. Instead they have shifted their attention to security holes in individual programs. During the first half of the year, 90 percent of newly reported vulnerabilities involved applications, and only 10 percent affected operating systems, according to the report. Microsoft executives said they were pleased with the progress made since the company was shaken by a series of destructive programs that spread rapidly around the world over the Internet beginning in 2003. But they said that unless software development practices change throughout the industry, any improvements in the security of Windows would be meaningless. ?This story is real,? said George Stathakopoulos, general manager for Microsoft?s Security Engineering and Communications group, referring to the improvement in the company?s engineering practices. ?Now we have a third-party problem and it?s something we have to go solve.? Security researchers said they were sympathetic to Microsoft?s plight. ?The only thing that Microsoft can patch is their own software,? said Patrik Runald, chief security adviser for F-Secure, a computer security firm in Finland. ?That?s not what the bad guys are using to get into computers these days. It?s certainly a challenge.? Microsoft and the computer industry have also been unable to solve the so-called dancing pony problem. That refers to the propensity of many computer users to click on enticing links in their e-mail or to visit seductive but malicious Web sites, leaving them vulnerable to Trojan horse downloads and other infections. Over the last three years the computer security industry has been fighting a losing battle, as the ability of computer criminals to profit from identity theft and a variety of other scams has led to the development of a robust underground industry generating viruses and other so-called malware. Microsoft has tried to combat the problem by building a variety of safeguards into its operating systems and its Internet Explorer browser, with mixed success. The User Account Control feature of Windows Vista, which popped up an endless stream of warnings that irritated users, proved to be one of the key factors in the poor reception for Vista. Last week in Los Angeles, the company said it had entirely reworked the user interface of its new Windows 7 operating system to minimize user frustration. In comparing Web browser vulnerabilities in Windows XP and Windows Vista in the first half of the year, the new report found that while Microsoft could be blamed for half of the top 10 vulnerabilities in Windows XP, the top 10 browser vulnerabilities under Vista all came from third-party add-on software from companies like Apple and RealNetworks. A companion report published by Jeffrey R. Jones, a Microsoft security director, claims that Microsoft is fixing security-related bugs about three times as fast as three of its rivals: Apple, Ubuntu and Red Hat. An Apple spokesman, Bill Evans, said Microsoft had previously issued similar reports and declined to comment beyond saying that the data was not supported by users? experience of infections. Microsoft has a unique vantage point from which to monitor the world of malware and other threats because it receives automated data both from free software it has given to users, like the Malicious Software Removal Tool, and from specialized Internet reporting systems that monitor threats. It also receives data about crashes on more than a half-billion personal computers. The current report indicates that malware infection rates are generally higher in developing countries and regions than in developed ones. Infection rates range from 1.8 for every 1,000 computers in Japan to above 76.4 for every 1,000 in Afghanistan. The United States had an infection rate of 11.2 infected computers for every 1,000 scanned, an increase of 25.5 percent in the last six months. From rforno at infowarrior.org Mon Nov 3 19:47:57 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 3 Nov 2008 14:47:57 -0500 Subject: [Infowarrior] - USAF Aims to 'Rewrite Laws of Cyberspace' Message-ID: <55A037DA-D2A0-41BC-8FA1-AB81B907ED4A@infowarrior.org> Air Force Aims to 'Rewrite Laws of Cyberspace' By Noah Shachtman EmailNovember 03, 2008 | 12:25:00 PMCategories: Info War http://blog.wired.com/defense/2008/11/air-force-aims.html The Air Force is fed up with a seemingly endless barrage of attacks on its computer networks from stealthy adversaries whose motives and even locations are unclear. So now the service is looking to restore its advantage on the virtual battlefield by doing nothing less than the rewriting the "laws of cyberspace." It's more than a little ironic that the U.S. military, which had so much to do with the creation and early development of internet, finds itself at its mercy. But as the American armed forces become increasingly reliant on its communications networks, even small, obscure holes in the defense grid are seen as having catastrophic potential. Trouble is that even a founding father can't unilaterally change things that the entirety of the internet ecosystem now depends on. "You can control your own networks, rewrite your own laws," says Rick Wesson, CEO of the network security firm Support Intelligence. "You can't rewrite everybody else's." But the Air Force Research Laboratory's "Integrated Cyber Defense" program, announced earlier this month, is part of a larger military effort to accomplish just that. "The 'laws' of cyberspace can be rewritten, and therefore the domain can be modified at any level to favor defensive forces," announces the project's request for proposals. Some of the rewrites being considered: * Making hostile traffic inoperable on Air Force networks. * Locating and identifying once-anonymous hackers. * Enabling Air Force servers to evade or dodge electronic attacks, somehow. It's part of a larger Air Force effort to gain the upper hand in network conflict. An upcoming Air Force doctrine calls for the service to have the "freedom to attack" online. A research program, launched in May, shoots for "gain access" to "any and all" computers. A new division of information warriors is being set up under Air Force Space Command. "Our mission is to control cyberspace both for attacks and defense," 8th Air Force commander Lt. Gen. Robert Elder told Wired.com earlier this year. Apparently. At the moment, though, online aggressors have the edge on the military's network protectors, the Air Force says. "Defensive operations are constantly playing 'catch up' to an ever- increasing onslaught of attacks that seem to always stay one step ahead," says the Air Force Research Laboratory's "Integrated Cyber Defense" request for proposals. "In order to tip the balance in favor of the defender, we must develop a strategic approach to cyber defense that transcends the day to day reactive operations." "[M]ost threats should be made irrelevant by eliminating vulnerabilities beforehand by either moving them 'out of band' (i.e., making them technically or physically inaccessible to the adversary), or 'designing them out' completely," the request for proposals adds. "Can we create a cyberspace with different rules?" asks Paul Ratazzi, a technical advisor at the AFRL's Information Directorate. "Let's challenge those fundamental assumptions on how these things work, and see if there's a better way." For instance, it's extraordinarily difficult to find the hacker behind a cyberattack today. Network traffic can be run through dozens of different proxies and anonymizers; "botnets" of enslaved computers can be controlled from the other side of the world; millions of PCs spew out malicious data without their owners ever catching on. AFRL would like to see a way to change existing network protocols, to make it easier to trace and locate the source of an online threat. Or perhaps today's protocols can be tailored, to make military networks "technically or physically inaccessible" to malicious traffic. "We'll start with blue," says Information Directorate chief Donald Hanson, using the military term for friendly forces. "If you're not blue, you can't come in." Hanson is also interested in finding ways to dodge electronic attacks, rather than figure out new ways to stop them, or lock them out. "A lot of our [defenses] up to now have been about defeating an attack," he says. "We'd rather avoid it altogether." Digital radios communicate today by "frequency-hopping" -- jumping across multiple bands of the spectrum. Perhaps the Air Force's online traffic could do something similar. There are some network precedents for the idea, Wesson explains. So- called "honeypot" servers are used to lure in hackers with fake targets to attack. But the hackers are often aware which IP addresses are really honeypots. So hosted servers are used to mask those addresses -- and, with a secure network "tunnel," run the traffic back to the honeypots. "If you can do that with honeypots, you can do it with all kinds of other things," Wesson says. Hanson refused to comment on that technique. But Ross Stapleton-Gray, with the Packet Clearing House research group, isn't sure cyberstrikes can be avoided, really. "The way networks work, it's always going to be easier for a nimble attacker than a nimble defender," says Ross Stapleton-Gray, with the Packet Clearing House research group. "There's always a scarcity of bandwidth -- somewhere. There are always chokepoints -- somewhere." From rforno at infowarrior.org Mon Nov 3 20:32:22 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 3 Nov 2008 15:32:22 -0500 Subject: [Infowarrior] - Partnering for Cyberspace Security Message-ID: Partnering for Cyberspace Security By Walter Pincus Monday, November 3, 2008; A19 http://www.washingtonpost.com/wp-dyn/content/article/2008/11/02/AR2008110202204_pf.html In two recent speeches that have attracted little notice, Donald Kerr, principal deputy director of national intelligence, has called for a radical new relationship between government and the private sector to counter what he called the "malicious activity in cyberspace [that] is a growing threat to everyone." Kerr said the most serious challenge to the nation's economy and security is protecting the intellectual property of government and the private sector that is the basis for advancements in science and technology. "I have a deep concern . . . that the intelligence community has still not properly aligned its response to what I would call this period of amazing innovation -- the 'technological Wild West' -- by grasping the full range of opportunities and threats that technology provides to us," he said at the annual symposium of the Association for Intelligence Officers on Oct. 24. "Major losses of information and value for our government programs typically aren't from spies . . . In fact, one of the great concerns I have is that so much of the new capabilities that we're all going to depend on aren't any longer developed in government labs under government contract." Calling for "a fundamental rethinking of our government's traditional relationship with the private sector," Kerr said that "a high percentage of our critical information infrastructure is privately owned, and both government and industry must recognize that an individual vulnerability is a common weakness." Hackers steal proprietary information, shut down systems and corrupt the integrity of information by inserting erroneous data, he said. He described "supply-chain attacks" in which adversaries plant vulnerabilities in communications hardware and other high-tech equipment "that can be used later to bring down systems or cripple our infrastructure." Kerr offered some far-reaching solutions in a talk Wednesday during another symposium, sponsored by the Office of the National Counterintelligence Executive, which is part of his organization. One approach would have the government take equity stakes in companies developing technical products, in effect expanding the practice of In- Q-Tel, the CIA entity that invests in companies. Another proposal is to provide the same protective capabilities applied to government Web sites, ending in .gov and .mil, to the private industry's sites, ending in .com, which Kerr said have close to 98 percent of the nation's most important information. He also suggested that the government ask insurers whether they cover "a failure to protect intellectual capital." That way, Kerr said, the insurers, through their premiums, "provide an incentive for companies, in fact, to pay attention to protecting their intellectual property." In the past, Kerr said, when the director of central intelligence or the FBI chief faced similar problems, they would meet privately with leaders of companies involved in new technologies, seeking cooperation and perhaps access to their products. "What's the modern equivalent of what used to be done?" Kerr asked. "We have a responsibility . . . to help those companies that we take an equity stake in or those that are just out there in the U.S. economy, to protect the most valuable assets they have, their ideas and the people who create them," he said. National security and intelligence reporter Walter Pincus pores over the speeches, reports, transcripts and other documents that flood Washington and every week uncovers the fine print that rarely makes headlines -- but should. If you have any items that fit the bill, please send them to fineprint at washpost.com. From rforno at infowarrior.org Tue Nov 4 15:43:08 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 4 Nov 2008 10:43:08 -0500 Subject: [Infowarrior] - EndNote case headed to court Message-ID: EndNote reverse-engineering case looks headed to courtroom http://arstechnica.com/news.ars/post/20081104-endnote-reverse-engineering-case-looks-headed-to-courtroom.html By Jonathan M. Gitlin | Published: November 04, 2008 - 07:35AM CT As anyone who works in academia knows, writing and publishing papers involves frequently citing the existing literature. When you're working on a paper with 30 or more references, keeping track of them all can be a downright pain, which is where reference-managing software like Thomson Reuters' EndNote comes in. EndNote is the market leader in this field, but recently it has been facing competition from the open source Zotero, which is a Firefox plugin that lets you manage your bibliographic library and insert references into papers. Right now though, EndNote and Zotero are locked in a legal battle over claims by Thomson Reuters that the developers of Zotero have illegally reverse-engineered aspects of EndNote. Although EndNote has its position as the 800lb gorilla in the reference manager field, it wouldn't be an exaggeration to say that many users view the application with a measure of antipathy. It can sometimes be frustrating to use, and the company's practice of rolling out updates that can appear to be bug fixes with a $99 price tag has created an environment where other developers have begun to enter the market with competing solutions. As I noted in my Office 2008 review, Microsoft has inserted a reference manager into the new versions of Word, but where EndNote triumphs over others is the vast breadth of output styles available to users. These are necessary, as individual journals often have subtly different ways that they want citations to be presented; references shown in the text as numbered articles that are then listed in that order in the bibliography, or listed in the text as (author name, year) and then listed alphabetically, for example. Given that the process of publication can sometimes involve sending the same manuscript to more than one journal, being able to reformat the way the references are presented is an invaluable tool. By virtue of being a market leader with a long history in the field, EndNote is able to offer the widest selection of these output styles as downloads, and by virtue of their large selection of output styles, they remain the market leader. Zotero is an open source project led by a pair of academics, Dan Cohen and Sean Takats, at George Mason University's Center for History and New Media. Zotero is a plugin for the Firefox browser, and therefore cross-platform, and also has the advantage of being free. It also includes functionality similar to the Mac OS X application Papers, in that it manages PDF libraries, as well as offering users a way to insert references into a document. The lawsuit, brought by Thomson Reuters against George Mason University and the Comptroller of Virginia, alleges that GMU is in contravention of their EndNote license with their newest version of Zotero, thanks to Zotero having allegedly reverse-engineered the file format that EndNote uses for citation styles in order to offer a similar functionality in Zotero. Thomson Reuters claims that GMU is causing "irreparable harm" to its brand, and is seeking to prevent GMU from distributing the offending application, as well as significant financial damages. GMU denies this claim, insisting that, although Zotero can read EndNote's .ens files, the application does not convert that data to Zotero's .csl format. GMU has decided not to renew its site license for EndNote, and has re-released the controversial Zotero 1.5 Sync Preview. For its part, Thomson Reuters remain resolute in its claim that Zotero infringes on their intellectual property and that GMU violated the terms of their site license. According to Thomson Reuters VP Dave Kochalko, "These format files only exist as software code; there is no content or information independent of lines of code and these files can only be interpreted by the computer. A key value of EndNote is its ability to format a bibliography within a manuscript and the format files are integral to that capability." Kochalko also maintains that "We have worked diligently over the past several months to resolve this matter amicably. Since it has become clear that a resolution is not possible at this time, we have no choice but to pursue litigation in order to protect our intellectual property, as well as protect our bibliographic formatting capability, an important publishing resource our EndNote user-community has relied upon for many years." As things currently stand, it seems that this case will be heard in front of a court, which will have to decide if GMU really did reverse- engineer EndNote's style files. From rforno at infowarrior.org Tue Nov 4 15:45:34 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 4 Nov 2008 10:45:34 -0500 Subject: [Infowarrior] - German and Dutch tech idiocy Message-ID: Way to be helpful to tourists and other folks, guys. --rf Berlin bans handy iPhone metro app By Jan Libbenga ? Get more from this author Posted in Applications, 4th November 2008 14:19 GMT Berlin public transportation company BVG has banned a popular iPhone application which helps to navigate the city's vast metro system with over 3000 stations. Meanwhile, in the Netherlands Dutch Rail is threatening a student who developed a nifty train timetable for the iPhone. Both VBG and Dutch Rail claim the Apps violate their copyright. The German iPhone App Fahr-Info-Berlin was developed by 21-year-old student Jonas Witt, and has been downloaded over 20,000 times from the iTunes App Store since it first appeared in July. < - > http://www.theregister.co.uk/2008/11/04/german_iphone_app_verboten/ From rforno at infowarrior.org Tue Nov 4 15:48:53 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 4 Nov 2008 10:48:53 -0500 Subject: [Infowarrior] - AT&T testing bandwidth caps Message-ID: <54B0BE39-B609-40F1-9B30-000E4F34C4A5@infowarrior.org> http://gizmodo.com/5075831/att-monthly-bandwidth-caps-are-here AT&T's bandwidth caps for its high speed internet customers are here. They're conducting a "market trial" in Reno that started on Nov. 1, where users get between 20GB and 150GB a month, depending on their speed tier. Unlike Time Warner's trial in Beamont, where caps were only applied to new customers, existing customers will also be capped, though they'll get the roomier 150GB cap. If you bust the cap, AT&T will charge an extra dollar per gigabyte. Surveying the broadband landscape in this country, It's either caps orslowdowns or filters. (Unless you're on Comcast, then it's a two-for- one.) Caps seem like the lesser of the three evils, if only because they're fairly transparent?filtering and slowdowns are more insidious, since you might not be immediately aware it's happening. They're essentially legitimized forms of sabotage. Verizon is the only major ISP leaving traffic totally unfettered, but I wonder how long that will last. From rforno at infowarrior.org Wed Nov 5 00:20:53 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 4 Nov 2008 19:20:53 -0500 (EST) Subject: [Infowarrior] - Supreme Court Hears FCC Profanity Case Message-ID: <49381.66.80.146.10.1225844453.squirrel@mail.krvw.com> Great use of the Court's time, eh? --rf Supreme Court Hears FCC Profanity Case By Jerry Markon Washington Post Staff Writer Tuesday, November 4, 2008; 4:04 PM http://www.washingtonpost.com/wp-dyn/content/article/2008/11/04/AR2008110400579_pf.html It's not every day that a top lawyer for the Bush administration, standing before the black-robed justices of the Supreme Court, invokes the specter of "Big Bird dropping the F-bomb on Sesame Street." Yet it was that kind of morning in the august courtroom, where the justices weighed a new government policy that can punish television networks for a one-time, or "fleeting" expletive, as opposed to a stream of profanities. The case came about after singer Cher dismissed her critics by saying "[expletive] 'em" during a live 2002 awards show, and celebrity Nicole Richie told millions of viewers in 2003: "Have you ever tried to get cow [expletive] out of a Prada purse? It's not so [expletive] simple." The justices made their usual majestic entrance, and the argument began with the typically sober discussion of weighty legal issues. But the lawyers were soon jumping through verbal hoops to avoid saying the words at issue, trying everything from "these words" to expletives, swearing, the F-word, the F-bomb and "freaking." Chief Justice John G. Roberts Jr. debated with a lawyer for Rupert Murdoch's Fox network, which aired the Cher and Richie remarks, whether such words inherently denote offensive "sexual or excretory activities" -- the definition the Federal Communications Commission's used to cite Fox for broadcasting indecent material. Roberts asked, "Why do you think the F-word has" such power? ". . . Because it's associated with sexual or excretory activity. That's what gives it its force." The tension in the crowded courtroom gave way to laughter when 88-year-old Justice John Paul Stevens asked whether the FCC would sanction a broadcaster if the indecent remark "was really funny." Solicitor General Gregory G. Garre said it might depend on the context. "So bawdy jokes are okay, if they're really good," Justice Antonin Scalia cracked, to more laughter. Stevens also asked whether the word "dung" would be indecent (Garre said probably not) and Justice Stephen G. Breyer added the observation that during live television "you're dealing with a cross section of humanity, and my experience is that some sections of that cross section swear." But nary a curse word was heard amid a debate that soon turned to the serious issues at hand. The case culminated a battle over what can be said on radio and television, part of a broader culture clash between those who see increasing profanity on the airwaves as harming children and debasing the nation's values and others who believe the government's crackdown threatens free speech and artistic expression. The government has imposed decency standards on broadcasters since the 1920s, and currently the FCC prohibits the broadcast of sexual or excretory content on over-the-air radio and television between the hours of 6 a.m. and 10 p.m., when children are most likely to be in the audience. Even with those rules, there have been periodic flare-ups over what can be said on-air. The issue really heated up after the split-second television exposure of singer Janet Jackson's breast during the 2004 Super Bowl halftime show. Hundreds of thousands of viewers complained, prompting the FCC to change a long-standing policy that only repeated use of on-air expletives would be punished. The commission didn't fine Fox for the Cher and Richie incidents because the policy was new but made it clear that further "fleeting," or one-time, use of obscenities could draw punishment. Television networks protested, but Congress in 2006 raised the maximum indecency fine from $32,500 to $325,000. President Bush signed the bill, saying that network television "too often pushed the bounds of decency." Fox filed suit, arguing that the FCC's policy change was arbitrary and that the designation of the fleeting F-words as indecent violated the broadcaster's First Amendment rights. A federal appeals court in New York agreed, issuing a 2-1 decision last year that broadly questioned whether the FCC still has the right to police the airwaves for offensive language. (The FCC has no authority over cable and satellite radio and TV.) The Bush administration petitioned the Supreme Court, which agreed to hear its first substantial case on broadcast indecency since a 1978 decision that said comedian George Carlin's "seven dirty words" monologue was indecent. That narrow decision, written by Stevens, spelled out that the court had not decided the issue of "an occasional expletive." Garre urged the justices to back the FCC, saying that upholding the appellate ruling could lead to "a world where the networks are free to use expletives 24 hours a day," including, he said, the Big Bird "F-bomb" scenario. "Everyone acknowledges that a word like the F-word is one of the most vulgar, graphic and explicit words in the English language" in describing sexual activity, he said. Carter Phillips, an attorney for Fox, questioned what he called the FCC's shifting definitions of indecency and raised the specter of stations being afraid to broadcast live events -- everything from documentaries to high school football games -- for fear that someone might curse. Recently, he said, a Vermont public television station excluded a political candidate from a live debate because he had sworn during a previous public forum. But Phillips ran into resistance from several members of the court's conservative wing, especially Scalia, who decried what he called the "coarsening" of the broadcast networks and asked whether those who are offended by such words have their position taken into account. The networks argue that it wouldn't be a free-for-all if the FCC stopped policing the airwaves because producers could still put cursing and nudity on any show after 10 p.m., without fear of a fine. A recent study by the Parents Television Council found that the use of what it defines as expletives has nearly doubled in primetime broadcast television since 1998, and council President Tim Winter, a former NBC executive, said in an interview that without Supreme Court intervention "we're going to see a tidal wave of ever more graphic material when children are watching." But Marjorie Heins, a lawyer for the American Civil Liberties Union and other organization that filed a brief supporting Fox, called on the FCC to let broadcasters make their own judgments about standards of language. "There's always a risk in a society that values free expression that someone will be offended," she said in an interview. "The First Amendment doesn't tolerate language police, and it shouldn't." From rforno at infowarrior.org Wed Nov 5 13:22:22 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 5 Nov 2008 08:22:22 -0500 Subject: [Infowarrior] - Change! Message-ID: <297545F5-884E-4C4C-8FE4-4173E1470422@infowarrior.org> To the surprise of many here, I've kept pretty mum about politics this election season. In keeping with that promise to myself, this likely will be my only comment about the election. I am an independent who voted for Obama, but don't agree with all his or his party's positions. I think a major statement was issued to (and about) ourselves and the world last night, and I am optimistic that America finally has set itself up to move into the right direction both internally and externally. It's up to the new Administration, Congress, and above all, the American People, to make it happen. Last night should not be viewed as an emotional one-off historical event that we can ignore for a while as we often do when we think things are going our way and we get what we want. We must seize the opportunity and exercise the effort it takes to help transform our expectations into realities. Let's not outsource this opportunity lest we return to that from which we have just rejected -- and that includes ensuring an environment of intellectual and rhetorical tolerance on all sides as we debate and address the many issues facing our Nation in the coming years. We've got an opportunity here --- but to steal a prayer from Alan Shepard as he waited to blast off on Mercury 1, "Dear Lord, please don't foul this up." Onwards, and I hope, upwards. -rick From rforno at infowarrior.org Wed Nov 5 15:58:36 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 5 Nov 2008 10:58:36 -0500 Subject: [Infowarrior] - Google Drops Yahoo Deal Message-ID: Google Drops Yahoo Deal After Government Talks Fail (Update1) http://www.bloomberg.com/apps/news?pid=20601087&sid=a0zecDnA9Qhw&refer=home By Crayton Harrison Nov. 5 (Bloomberg) -- Google Inc., the top seller of online advertising, scrapped an agreement to place ads on Yahoo! Inc.'s site after failing to win support from the U.S. government. Regulators and advertisers' concerns about the deal may have hurt Google's long-term interests, David Drummond, the company's chief legal officer, said today in a blog post. Microsoft Corp., which trails Google and Yahoo in online ads, also had criticized the agreement, saying it would give Google too much power. The action is the first significant time that Google has backed away from an attempt to expand its reach, said Rebecca Arbogast, an analyst at Stifel Nicolaus & Co. in Washington. While abandoning the deal helps Google avoid a confrontation with the government, concerns that it has become too strong won't disappear, she said. ``It creates a bit of a cloud around them, in terms of raising a question of, have they gotten as big as they could get?'' she said. ``What they avoid by walking away from this is any adverse legal precedent at all. They will be completely unsullied.'' The Mountain View, California-based company fielded about two-thirds of U.S. searches last year, three times the amount of second-place Yahoo. The U.S. online ad market is expected to rise 17 percent to $26.2 billion this year, according to EMarketer Inc. Google fell $5.46, or 1.5 percent, to $361.48 at 10:22 a.m. in Nasdaq Stock Market trading. Sunnyvale, California-based Yahoo climbed 81 cents, or 6.1 percent, to $14.16. Yahoo's Options The decision leaves Yahoo, which turned down takeover offers of as much as $47.5 billion from Microsoft this year, without a new source of ad sales. Yahoo estimated that the deal would generate as much as $800 million a year in revenue. Google's share of online searches has helped it command higher prices and draw a wider variety of advertisers, Yahoo has said. Chief Executive Officer Jerry Yang aimed to use Google ads for so-called keyword searches. The companies announced their agreement after Yahoo rejected attempts by Microsoft to buy the company, or at least its online search business. Microsoft, which accounted for 8.5 percent of online queries in September, wanted to use Yahoo to help catch up with Google. Antitrust Questions The Justice Department hired attorney Sanford Litvack as an adviser in September, signaling that the government was looking into an antitrust challenge. Litvack, the department's antitrust chief under President Jimmy Carter, headed a 2006 commission created by Congress to consider changes to antitrust law. The Association of National Advertisers, a trade group, opposed the Google-Yahoo deal, saying it would push ad prices higher. The American Antitrust Institute, a Washington advocacy group, called for restrictions to limit Google's control of the market. On Sept. 29, a group of U.S. lawmakers from California urged the government not to block the deal, saying Google wouldn't gain power because the agreement wasn't a merger. With profits falling and revenue growth stalling, it may be too late now for Yang, 39, to seek another offer from Microsoft, Arbogast said. While Microsoft CEO Steve Ballmer has suggested that a deal with Yahoo might still make economic sense, the company said Oct. 16 it has no interest in an acquisition. Yahoo's profit has dropped in 10 of the past 11 quarters, and net sales growth slowed to 3 percent last quarter, down from 14 percent a year earlier. In August, investors withheld about a third of their votes for Yang's re-election to the board in a demonstration of their displeasure. Yahoo has also talked with Time Warner Inc. since April about an acquisition of that company's AOL business. Yahoo executives said on an Oct. 21 conference call that they were socking cash as they weighed their options. To contact the reporter on this story: Crayton Harrison in Dallas at tharrison5 at bloomberg.net . Last Updated: November 5, 2008 10:25 EST From rforno at infowarrior.org Wed Nov 5 16:04:52 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 5 Nov 2008 11:04:52 -0500 Subject: [Infowarrior] - FCC clears Google-backed plan on airwaves Message-ID: <7769361E-FBC8-4F50-A2FE-559F5C97C567@infowarrior.org> FCC clears Google-backed plan on airwaves use (Reuters) * Posted on Tue Nov 4, 2008 6:07PM EST http://tech.yahoo.com/news/nm/20081104/tc_nm/us_fcc_whitespace_1 WASHINGTON (Reuters) - The U.S. Federal Communications Commission on Tuesday approved a plan sought by tech companies like Google Inc and Microsoft Inc to open soon-to-be-vacant television airwaves to new wireless devices. The five-member FCC voted to open unlicensed pockets of the spectrum known as white space that will become available when U.S. broadcasters are required to move to digital television next year. Companies like Google and Microsoft, as well as consumer groups, said access to the white space airwaves would encourage innovation in cellular telephones and wireless devices, much as WiFi did. "Let's hope it's not just Wi-Fi on steroids but Wi-Fi on amphetamines," FCC Commissioner Jonathan Adelstein said. FCC commissioner Deborah Taylor Tate dissented in part, saying she preferred a more formal process to deal with interference issues. Traditional broadcasters such as Walt Disney Inc's ABC, General Electric's NBC, CBS Corp and even country singer Dolly Parton opposed the plan. They said signals sent over that part of the spectrum could cause interference with broadcasts or wireless microphones at live productions. A broadcasters' group, Maximum Service Television, said the decision "imperils American's television reception in order to satisfy the "free" spectrum demands of Google and Microsoft." The FCC sided with the tech companies and consumer groups after two rounds of testing the devices. An agency engineering report released several weeks ago said the spectrum could be used without causing harmful interference. Harold Feld, senior vice president at the consumer group Media Access Project, said the vote will lead to expanded investment in broadband and other technologies. "Motorola, Google and Microsoft have invested five years and millions of dollars to get this approved," Feld said. "The people that made those decisions are going to show they made good decisions." The bi-partisan vote by three Republican and two Democratic FCC voting members signals that greater access to white space will move forward regardless of whether Republican John McCain or Democrat Barack Obama wins the presidency, said Ben Scott, policy director of the advocacy group Free Press. Republicans back white space access as a free-market approach, while Democrats like that it improves affordability and is pro-consumer, Scott said. "No matter who is president, this white space policy will be expanded upon," he said. The decision "will allow the marketplace to produce new devices and new applications that we can't even imagine today," Republican Commissioner Robert McDowell said. The order requires both fixed and portable devices to be capable of sensing television stations and wireless microphones and that those devices be registered in an FCC database. From rforno at infowarrior.org Wed Nov 5 19:36:58 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 5 Nov 2008 14:36:58 -0500 Subject: [Infowarrior] - RIP Michael Crichton Message-ID: <517D4783-1D1B-4F32-9400-9EB2BDEB2257@infowarrior.org> Family: Michael Crichton dies of cancer Nov 5 02:58 PM US/Eastern By HILLEL ITALIE AP National Writer http://www.breitbart.com/print.php?id=D948URK81&show_article=1 Michael Crichton, the million-selling author of such historic and prehistoric science thrillers as "Jurassic Park," "Timeline" and "The Andromeda Strain," has died of cancer, his family said. He died Tuesday in Los Angeles at age 66 after a long battle with the illness. Chrichton was a brand-name author, known for his stories of disaster and systematic breakdown, such as the rampant microbe of "The Andromeda Strain" or dinosaurs running amok in "Jurassic Park," one of his many books that became major Hollywood movies. "Through his books, Michael Crichton served as an inspiration to students of all ages, challenged scientists in many fields, and illuminated the mysteries of the world in a way we could all understand," his family said in a statement. The 6-foot-9-inch author was also a screenwriter and filmmaker, earning producing and writing credits for the film versions of many of his titles. He also created the TV hospital series "ER" in 1994. In recent years, he was the rare writer to get on well with President Bush, perhaps because of his skepticism about global warming, which Crichton addressed in the 2004 novel, "State of Favor." Crichton's views were strongly condemned by environmentalists, who alleged that the author was hurting efforts to pass legislation to reduce emissions of carbon dioxide. A new novel by Crichton had been tentatively scheduled to come next month, but publisher HarperCollins said the book was postponed indefinitely because of his illness. "While the world knew him as a great storyteller that challenged our preconceived notions about the world around us?and entertained us all while doing so?his wife Sherri, daughter Taylor, family and friends knew Michael Crichton as a devoted husband, loving father and generous friend who inspired each of us to strive to see the wonders of our world through new eyes," his family said. Copyright 2008 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed. From rforno at infowarrior.org Wed Nov 5 19:57:18 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 5 Nov 2008 14:57:18 -0500 Subject: [Infowarrior] - Report: Obama, McCain campaigns hit with 'sophisticated' cyberattack Message-ID: <2DEFD996-875A-4EA3-BE98-488B4B92606B@infowarrior.org> Report: Obama, McCain campaigns hit with 'sophisticated' cyberattack http://www.theregister.co.uk/2008/11/05/obama_mccain_cyberattack/ By Dan Goodin in San Francisco ? Get more from this author Posted in Security, 5th November 2008 19:30 GMT Sophisticated overseas hackers broke in to the computer systems of both the Barack Obama and John McCain campaigns and stole a large amount of data, according to an article published Wednesday by Newsweek. Officials with the FBI and the Secret Service notified Obama staffers in August of the breach after tech consultants for the campaign detected what they thought at the time was a computer virus. "You have a problem way bigger than what you understand," an FBI agent told Obama staff members. "You have been compromised, and a serious amount of files have been loaded off your system." White House chief of staff Josh Bolten also weighed in, telling an Obama campaign chief: "You have a real problem...and you have to deal with it." Investigators told Obama aides that the McCain computer systems had been similarly compromised. A senior McCain official confirmed to Newsweek that the campaign's network had been hacked and the FBI was investigating. Representatives of both campaigns weren't available to comment on the Newsweek report. According to investigators at the FBI and the White House, a "foreign entity or organization" is believed to be behind the attacks in an attempt to "gather information on the evolution of both camps' policy positions." The information could prove useful in negotiations with a future administration. The investigators told the Obama team the hack wasn't carried out by political opponents. From rforno at infowarrior.org Thu Nov 6 00:48:09 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 5 Nov 2008 19:48:09 -0500 Subject: [Infowarrior] - Critical vulnerability in Adobe Reader Message-ID: Critical vulnerability in Adobe Reader Posted on 04 November 2008. http://www.net-security.org/secworld.php?id=6715 Core Security Technologies issued an advisory disclosing a vulnerability that could affect millions of individuals and businesses using Adobe?s Reader PDF file viewing software. Engineers from CoreLabs determined that Adobe Reader could be exploited to gain access to vulnerable systems via the use of a specially crafted PDF file with malicious JavaScript content. Upon making the discovery, CoreLabs immediately alerted Adobe to the vulnerability and the two companies have since coordinated efforts to ensure that a patch could be created and made available to protect users of the program. Successful exploitation of the vulnerability requires that users open a maliciously crafted PDF file thereby allowing attackers to gain access to vulnerable systems and assume the privileges of a user running Acrobat Reader. Adobe Reader version 9, which was released in June 2008, is not vulnerable to the reported problem. Adobe has issued a security update that addresses the vulnerable version 8.1.2 of Reader. Alternatively, users of affected versions of the program can also work around the problem and reduce their exposure by disabling JavaScript functionality in the software?s Edit| Preferences menu. Vulnerability details While investigating the feasibility of exploiting a vulnerability previously disclosed in Foxit Reader (CVE-2008-1104), a CoreLabs researcher found that Adobe Reader was affected by the same bug. After an initial examination of the involved implementation bug, it was believed that although the problem was present, it was apparently not exploitable in Adobe Reader due to the use of two structured exception handlers in the program. The primary difference between the Adobe and Foxit applications is the manner in which they perform security checks, and at first glance, it seemed as if the bug was not exploitable in Reader, since there was no way to control the program?s first exception handler. However, upon further examination of the code, CoreLabs found that another overflow occurs before the call to the involved code is made in relation to the previously known vulnerability. This new problem was identified in the way vulnerable versions of Adobe Reader implement the JavaScript util.printf() function. The function first converts the argument it receives to a String, using only the first 16 digits of the argument and padding the rest with a fixed value of ?0? (0x30). By passing an overly long and properly formatted command to the function, it is possible to overwrite the program?s memory and control its execution flow. A specifically crafted PDF file that embeds JavaScript code to manipulate the program?s memory allocation pattern and trigger the vulnerability can allow an attack to execute arbitrary code with the privileges of a user running the Adobe Reader application. The vulnerability was discovered by Dami?n Frizza, a CoreLabs researcher and software engineer with the CORE IMPACT Exploit Writers Team. The previously disclosed vulnerability (CVE-2008-1104) mentioned in this report was discovered in Foxit Reader by Dyon Balding from Secunia Research and disclosed on May 20th, 2008. From rforno at infowarrior.org Thu Nov 6 13:04:08 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 6 Nov 2008 08:04:08 -0500 Subject: [Infowarrior] - UK gov black boxes will 'collect every email' Message-ID: <42FA0967-E99F-43DB-A019-F13905953CB2@infowarrior.org> http://www.independent.co.uk/news/uk/home-news/government-black-boxes-will-collect-every-email-992268.html Government black boxes will 'collect every email' Home Office says all data from web could be stored in giant government database By Robert Verkaik, Law Editor Wednesday, 5 November 2008 Internet "black boxes" will be used to collect every email and web visit in the UK under the Government's plans for a giant "big brother" database, The Independent has learnt. Home Office officials have told senior figures from the internet and telecommunications industries that the "black box" technology could automatically retain and store raw data from the web before transferring it to a giant central database controlled by the Government. Plans to create a database holding information about every phone call, email and internet visit made in the UK have provoked a huge public outcry. Richard Thomas, the Information Commissioner, described it as "step too far" and the Government's own terrorism watchdog said that as a "raw idea" it was "awful". Nevertheless, ministers have said they are committed to consulting on the new Communications Data Bill early in the new year. News that the Government is already preparing the ground by trying to allay the concerns of the internet industry is bound to raise suspicions about ministers' true intentions. Further details of the database emerged on Monday at a meeting of internet service providers (ISPs) in London where representatives from BT, AOL Europe, O2 and BSkyB were given a PowerPoint presentation of the issues and the technology surrounding the Government's Interception Modernisation Programme (IMP), the name given by the Home Office to the database proposal. Whitehall experts working on the IMP unit told the meeting the security and intelligence agencies wanted to use the stored data to help fight serious crime and terrorism, and said the technology would allow them to create greater "capacity" to monitor all communication traffic on the internet. The "black boxes" are an attractive option for the internet industry because they would be secure and not require any direct input from the ISPs. During the meeting Whitehall officials also tried to reassure the industry by suggesting that many smaller ISPs would be unaffected by the "black boxes" as these would be installed upstream on the network and hinted that all costs would be met by the Government. "It was clear the 'back box' is the technology the Government will use to hold all the data. But what isn't clear is what the Home Secretary, GCHQ and the security services intend to do with all this information in the future," said a source close to the meeting. He added: "They said they only wanted to return to a position they were in before the emergence of internet communication, when they were able to monitor all correspondence with a police suspect. The difference here is they will be in a much better position to spy on many more people on the basis of their internet behaviour. Also there's a grey area between what is content and what is traffic. Is what is said in a chat room content or just traffic?" Ministers say plans for the database have not been confirmed, and that it is not their intention to introduce monitoring or storage equipment that will check or hold the content of emails or phonecalls on the traffic. A spokesman for the Home Office said that Monday's meeting provided a "chance to engage with small communication service providers" ahead of the formal public consultation next year. He added: "We need to work closely with the internet service providers and the communication service providers. The meeting was to show the top-line challenges faced in the future. We are public about the IMP, but we are still working out the detail. There will a consultation on the Communications Data Bill early next year." A spokesman for the Internet Service Providers Association said the organisation was pleased the Home Office had addressed its members and was keen to continue dialogue while awaiting a formal consultation. Database plans were first announced by the Prime Minister in February. It is not clear where the records will be held but GCHQ may eventually be the project's home. From rforno at infowarrior.org Fri Nov 7 13:55:10 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Nov 2008 08:55:10 -0500 Subject: [Infowarrior] - OT: Oxford compiles list of top ten irritating phrases Message-ID: A top 10 of irritating expressions has been compiled by researchers at Oxford University. http://www.telegraph.co.uk/news/newstopics/debates/3394545/Oxford-compiles-list-of-top-ten-irritating-phrases.html The top ten most irritating phrases: 1 - At the end of the day 2 - Fairly unique 3 - I personally 4 - At this moment in time 5 - With all due respect 6 - Absolutely 7 - It's a nightmare 8 - Shouldn't of 9 - 24/7 10 - It's not rocket science From rforno at infowarrior.org Fri Nov 7 15:08:13 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Nov 2008 10:08:13 -0500 Subject: [Infowarrior] - Anti-Terror Law Mission Creep in the U.K. Message-ID: <41E91C18-3BD1-4507-BF9C-384F692FC5EC@infowarrior.org> Anti-Terror Law Mission Creep in the U.K. First terrorists, then trash cans: More than half of town halls admit using anti-terror laws to spy on families suspected of putting their rubbish out on the wrong day. Their tactics include putting secret cameras in tin cans, on lamp posts and even in the homes of 'friendly' residents. The local authorities admitted that one of their main aims was to catch householders who put their bins out early. http://www.schneier.com/blog/archives/2008/11/anti-terror_law.html From rforno at infowarrior.org Fri Nov 7 17:23:21 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Nov 2008 12:23:21 -0500 Subject: [Infowarrior] - USAF Won't Lead Military in Cyber War Message-ID: Air Force Won't Lead Military in Cyber War By Noah Shachtman EmailNovember 07, 2008 | 12:01:36 PM Categories: Info War, Paper Pushers & Powerpoint Rangers http://blog.wired.com/defense/2008/11/air-force-wont.html For a while, there, the Air Force was selling itself as the only service that could lead the military through a cyber war. Now, the Pentagon chiefs have made it clear: They're not buying. All of the military services are going to have a role in fighting online. ?It rebuffs the Air Force grab for predominance in cyber operations,? a Pentagon official tells Inside Defense. Last fall, the Office of Secretary of Defense pushed back an even more intense effort by the Air Force to grab control of the military's unmanned air force. "A draft version of the 2008 Quadrennial Roles and Missions Review... concludes the Army, Navy, Air Force and Marines each use cyberspace and have personnel and equipment as well as offensive and defensive capabilities," Inside Defense reports. "This finding, set to be included in a congressionally mandated report the Pentagon expects to complete by the end of next month, is not seen as the final word on the matter." But Air Force plans to "dominate" cyberspace aren't looking so good. From rforno at infowarrior.org Fri Nov 7 18:49:07 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Nov 2008 13:49:07 -0500 Subject: [Infowarrior] - OT: DAV-F200 availability? Message-ID: <9D9D19C3-6256-4E02-B794-C7F75D4F081B@infowarrior.org> Yes, it's Friday and I'm shopping. Does anyone know if the Sony DAV-F200 Home Theater is going to be available in the US anytime soon? It's currently only available in Europe from what I can see, and I'd prefer to get that over the DAV- IS10. Thx in advance -rick From rforno at infowarrior.org Fri Nov 7 18:53:44 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Nov 2008 13:53:44 -0500 Subject: [Infowarrior] - UK judge: web users make bad jurors Message-ID: <8ACC9A5F-AF5A-4A7C-9113-8B66AEC1782F@infowarrior.org> Web-savvy young make bad jurors because they cannot listen, says Lord Chief Justice Young people brought up with the internet are not used to listening for long periods and would not make good jurors, according to the most senior judge in England and Wales. By Christopher Hope, Home Affairs Editor Last Updated: 6:51AM GMT 07 Nov 2008 http://www.telegraph.co.uk/news/newstopics/politics/lawandorder/3393061/Web-savvy-young-make-bad-jurors-because-they-cannot-listen-says-Lord-Chief-Justice.html In a speech, Lord Judge of Draycote, the Lord Chief Justice, said it might be better to present information for young jurors on screens because that is how they were used to digesting information. He said: "Most are technologically proficient. Many get much information from the internet. They consult and refer to it. They are not listening. They are reading. "One potential problem is whether, learning as they do in this way, they will be accustomed, as we were, to listening for prolonged periods. "Even if they have the ability to endure hours and days of sitting listening, how long would it be before some ask for the information on which they have to make their decision to be provided in forms which adapt to modern technology? He said: "Our system of jury trials depends on 12 good men and women and true coming to court and listening to the case. Orality is the crucial ingredient of the adversarial system. "Witnesses speak and answer questions. Counsel speak and address the jury. Judges speak and give directions." Currently information is provided on screens to jurors, such as in complex fraud trials, but "not without difficulty and with great expense", he said. He added: "What about the defendant's oral testimony and child witness complaining of an indecent assault which the defendant adamantly denies? "What process aimed at finding the truth between them, and enabling a jury to decide where the truth lies, will be in place in 25 years time? What will happen to our oral tradition? Should it, will it, be forced to change?" Lord Judge also conceded that it was inevitable some jurors defy a judge's direction and make "private enquiries" into a case using the internet. In one case a juror went online using a Blackberry-device during a rape case, causing the conviction to be quashed. Lord Judge said that he did not have solutions to these concerns. But he suggested that in the future the courts system must be "capable of development and adaptable for the future". Lord Judge, who took over as Lord Chief Justice last month, also warned this week that criminals should be "frightened'' of going to court, signalling a stricter attitude towards sentencing. From rforno at infowarrior.org Sat Nov 8 03:35:12 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Nov 2008 22:35:12 -0500 Subject: [Infowarrior] - Google Earth helps yet worries government Message-ID: <06F53040-9019-41A2-95E3-D3DE23F01936@infowarrior.org> Google Earth helps yet worries government By Peter Eisler, USA TODAY http://www.usatoday.com/tech/news/surveillance/2008-11-06-googleearth_N.htm WASHINGTON ? The secretive National Geospatial-Intelligence Agency is rushing to get the latest, high-definition satellite photos of Afghanistan into the hands of U.S. ground troops as they ramp up operations in the country's tangled terrain. The NGA analysts aren't tapping the government's huge network of highly classified spy satellites; they're getting the pictures from commercial vendors. That's the same stuff pretty much anyone can get, either through free, online programs, such as Google Earth, or by buying it from the same companies supplying Uncle Sam. It's a remarkable turn, given the warnings that security experts in the USA and worldwide raised a few years ago about giving the entire planet ? terrorists and rogue states included ? access to high- resolution satellite photos once available only to superpowers. Last month, the most powerful commercial satellite in history sent its first pictures back to Earth, and another with similar capabilities is set for launch in mid-2009. The imagery provided by those and other commercial satellites has transformed global security in fundamental ways, forcing even the most powerful nations to hide facilities and activities that are visible not only to rival nations, but even to their own citizens. Although no one disputes that commercial imagery poses threats, it has been embraced in ways few predicted. "It's created a lot of opportunities to do things we couldn't do with (classified) imagery," says Jack Hild, a deputy director at NGA, which provides imagery and mapping for defense and homeland security operations. Pictures from government satellites are better than commercial photos, but how much better is a secret. Only people with security clearances generally are allowed to see them. Using commercial products, intelligence agencies can provide imagery for combat troops, which wasn't possible before because of the risk of it reaching enemy hands and even international coalition partners. Federal agencies use commercial imagery to guide emergency response and inform the public during natural disasters, such as this year's Hurricane Ike. It's also used by government scientists to monitor glacial melting and drought effects in the Farm Belt. When commercial satellite photos first hit the market, "the gut reaction was, 'We can't allow this imagery to be out there because someone might do us harm with it,' " Hild says. "Are there still bad things that people can do with commercial imagery? Absolutely ? but we think the benefits far outweigh the risks." Other nations share the sentiment. U.S. and foreign government contracts provide critical income for commercial imagery companies, such as Digital Globe and GeoEye ? both of which supply photos for Google Earth. "Most of our revenue (is) from governments," says Mark Brender, vice president of GeoEye, which got half its 2007 revenue from the U.S. government and 35% from foreign governments. "They have a core competency in understanding how to use this technology ? and a national security imperative to do so." In August 2006, the Islamic Army in Iraq circulated an instructional video on how to aim rockets at U.S. military sites using Google Earth. Posted on a jihadist website, the video showed a computer using the program to zoom in for close-up views of buildings at Iraq's Rasheed Airport, according to an unclassified U.S. intelligence report obtained by USA TODAY. The segment ended with the caption, "Islamic Army in Iraq/The Military Engineering Unit ? Preparations for Rocket Attack." The video appeared to fulfill the dire predictions raised by security experts in the USA and across the globe when Google began offering free Internet access to worldwide satellite imagery in 2005. Officials in countries as diverse as Australia, India, Israel and the Netherlands complained publicly that it would be a boon to terrorists and hostile states, especially since the pictures often provide a site's map coordinates. Indeed, some terrorist attacks have been planned with the help of Google Earth, including an event in 2006 in which terrorists used car bombs in an unsuccessful effort to destroy oil facilities in Yemen, according to Yemeni press reports. Images from Google Earth and other commercial sources have been found in safe houses used by al-Qaeda and other terror groups, according to the Pentagon. Many security experts say commercial imagery does little to enhance the capabilities of such organizations. "You can get the same (scouting) information just by walking around" with a map and a GPS device, says John Pike, director of GlobalSecurity.org, a research organization specializing in defense and intelligence policy. The imagery "may give someone precise coordinates (for a target), but they need precise weapons ? and their ability to target discrete parts of a particular site is pretty limited. People who think this gives you magical powers watch too many Tom Clancy movies." Safeguards Nonetheless, the world's governments have taken a variety of steps in response to the emergence of Google Earth and other commercial imagery sources, according to a confidential report issued in July by the CIA's Open Source Center and made public by the Federation of American Scientists. Among them: ?Negotiation. Some nations have asked Google and other companies to keep certain images off the market, the report says. For example, Google Earth uses older imagery of parts of Iraq based on British concerns about exposing military sites. Some commercial imagery providers -- typically those providing pictures from planes, not satellites -- blur sensitive images before they are provided to Google, usually in accordance with local law or at the request of local authorities. ?Bans. China has barred websites selling "unapproved" commercial imagery, according to the report. In 2006, Bahrain officials banned Google Earth, but the CIA report notes that the move may have been mainly to "prevent exposure of elaborate residences and land holdings of the country's rich." ?Buying in. Several countries, such as China and Thailand, are getting into the satellite imagery business themselves, and India sells its spy photos commercially, the report says. Many countries that lack their own satellite capability have become enthusiastic purchasers of commercial imagery to meet intelligence and security needs. ?Evasion. Many countries have stepped up efforts to conceal sensitive facilities, either by putting them underground or camouflaging them, the report says. Others, such as India, have improved their ability to discern when satellites pass overhead, which allows them to conduct sensitive military activities when cameras aren't watching. "We actively engage with organizations and governments ? to strike a balance between their security concerns and the needs of the end user," says Chikai Ohazama, Google Earth's product management director. Sensitive sites often are obscured by satellite operators before Google even gets the imagery, he adds. It often doesn't matter "because the imagery already is available from other places." Newer satellites The number of sources for satellite imagery continues to grow, fueled not only by government customers in the USA and worldwide, but by an explosion in public usage. This month, GeoEye launched the most advanced commercial satellite yet ? able to distinguish home plate on a baseball field ? and the NGA paid half the $475 million cost. Digital Globe will launch a satellite with similar resolution and other new capabilities next year on its own dime. The use of commercial imagery relieves some of the burden on the U.S. government's classified satellite network, says Rick Oborn, spokesman at the National Reconnaissance Office, which runs the system. "We're oversubscribed," Oborn says, noting that intelligence and security missions get priority and often need the higher resolution and quicker returns offered by the government's own satellites. "Anytime the broader area stuff can be taken commercially, so much the better." The appetite for commercial imagery from the general public continues to grow as more people realize the technology has uses far beyond picking out your home on Google Earth. Non-governmental organizations have used commercial imagery to show devastating attacks on villages in Darfur by the Janjaweed militia. Security experts have used it to show development of new missile bases in North Korea. Environmentalists have used it to document effects of global warming. "In a way, those sort of things also have a lot to do with national security," says Steven Aftergood, an intelligence expert at the Federation of American Scientists. "It's an extraordinary tool (for) bringing transparency to government. ? And it's here to stay." Find this article at: http://www.usatoday.com/tech/news/surveillance/2008-11-06-googleearth_N.htm From rforno at infowarrior.org Sat Nov 8 04:22:03 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Nov 2008 23:22:03 -0500 Subject: [Infowarrior] - Pakistan Declares Death Penalty for 'Cyber Terror' Message-ID: <7334BE03-E784-4017-BA15-1B3386588BB0@infowarrior.org> Pakistan Declares Death Penalty for 'Cyber Terror' By Noah Shachtman http://blog.wired.com/defense/2008/11/cyber-terror.html American officials can have some pretty over-the-top reactions to hackers and so-called cyber terrorists. Once, I saw a briefing comparing our own Kevin Poulsen to Osama bin Laden and Pablo Escobar -- seriously. But the U.S. has nothing on Pakistan, when it comes to cyber terror paranoia. Yesterday, Pakistani president Asif Ali Zardari signed a law making cyber terror a crime "punishable with death." Executions will only be allowed if the hack attack "causes [the] death of any person," the Prevention of Electronic Crimes law states. But the definition of what is considered "cyber terror" is alarmingly broad in the law, proposed last year and signed Thursday by the Pakistani president. Not only does it apply to "any person, group or organization who, with terroristic intent utilizes, accesses or causes to be accessed a computer or computer network or electronic system or electronic device or by any available means, and thereby knowingly engages in or attempts to engage in a terroristic act." The ordinance also considers cyber terrorism to be: (a) altering by addition, deletion, or change or attempting to alter information that may result in the imminent injury, sickness, or death to any segment of the population; (b) transmission or attempted transmission of a harmful program with the purpose of substantially disrupting or disabling any computer network operated by the Government or any public entity; (c) aiding the commission of or attempting to aid the commission of an act of violence against the sovereignty of Pakistan, whether or not the commission of such act of violence is actually completed; or (d) stealing or copying, or attempting to steal or copy, or secure classified information or data necessary to manufacture any form of chemical, biological or nuclear weapon, or any other weapon of mass destruction. In contrast, the maximum penalty for a hacking crime under U.S. law is 20 years in prison. Although, as we've seen in recent years, Washington seems to give itself a little, um, leeway when it comes to perceived terror threats. From rforno at infowarrior.org Sat Nov 8 17:15:06 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 8 Nov 2008 12:15:06 -0500 Subject: [Infowarrior] - DoD Announces $400 Million Investment To Basic Research Message-ID: http://www.defenselink.mil/releases/release.aspx?releaseid=12337 IMMEDIATE RELEASE No. 938-08 November 07, 2008 DoD Announces $400 Million Investment To Basic Research The Department of Defense today announced plans to invest an additional $400 million over the next five years to support basic research at academic institutions. Secretary of Defense Robert Gates secured the additional funding in the fiscal 2009 President's budget request to Congress to expand research into new and emerging scientific areas and to foster fundamental discoveries related to the DoD's most challenging technical problems. The DoD published a ?Strategic Plan For Basic Research? last summer, which built the case for this effort. Acknowledging this need, Congress authorized and appropriated funds to support these significant increases in basic research investment. By making these additional investments, the DoD aims to "sustain and strengthen the nation's commitment to long-term basic research", as recommended by the National Research Council's ?Rising Above the Gathering Storm? report and to address similar recommendations from numerous other independent national security and scientific advisory groups. "These new grants will lead to discoveries in fundamental fields which underpin many of the technologically complex systems fielded in today's Armed Forces,? said William Rees, Jr., the deputy under secretary of defense for laboratories and basic sciences. The anticipated awards will be intended for individual investigators and provide sufficient funding to support a cadre of graduate students working with the faculty member to make substantial and sustained progress in research areas of importance to the DoD. Merit-based awards, based on peer review, will support projects beginning in fiscal 2009 that will be funded for five years. Exceptionally meritorious projects that can be completed in less time will also be considered for funding. Projects will be based on numerous academic disciplines, including: physics, ocean science, chemistry, electrical engineering, materials science, environmental engineering, mechanical engineering, information sciences, civil engineering, mathematics, chemical engineering, geosciences, atmospheric science, and aeronautical engineering. Topics for the initial funding will focus on the following areas of technical challenge: counter weapons of mass destruction (WMD), network sciences, energy and power management, quantum information sciences, human sciences, science of autonomy, information assurance, biosensors and bio-inspired systems, information fusion and decision science, and energy and power management. DoD research offices that will make the awards, contingent upon the receipt and evaluation of sufficiently high quality proposals, include the Army Research Office http://www.aro.army.mil/ , the Office of Naval Research http://www.onr.navy.mil/ and the Air Force Office of Scientific Research http://www.afosr.af.mil/ . Information on specific program announcements and solicitations supported by this funding can be found at http://www.grants.gov , as well as at the respective research office Web sites. From rforno at infowarrior.org Mon Nov 10 00:00:40 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 9 Nov 2008 19:00:40 -0500 Subject: [Infowarrior] - More UK police check hysteria... Message-ID: Preventive policing? Don't even think about it http://www.theregister.co.uk/2008/11/07/preventative_policing/ Police 'randomly searching every fifth person' By John Ozimek ? Get more from this author Posted in Policing, 7th November 2008 15:17 GMT Drinking in Aberdeen just got a whole lot more complicated, as police warned those popping out for a swift half that they may need to undergo drug testing before they are served. In Lancaster, police were last week setting up scanners near the central bus station to check passers-by for knives. Meanwhile, on Waterloo station, sniffer dogs that will check you out for drugs or bombs ? but not knives ? have become a regular part of the daily commuter experience. Welcome to the world of preventive policing. This, as Catholic readers may recognise, is one in which you may be penalised not just for the sins you have committed, but also for ones you are about to commit, or may just casually have thought about committing. In Aberdeen, pub-goers will soon be faced with The Itemiser (pdf) - also known as the Ion Detector. This device can detect traces of drugs - including cocaine, cannabis, heroin and ecstasy - from hand swabs in a matter of seconds, flashing up green, amber or red according to what it thinks may be present. Green will get you straight into the pub or club: amber means you will receive a drug information pack; red may result in your being refused entry, and possibly searched. The test is voluntary, but customers will be refused entry if they do not take part. Or, given the police track record with knife-related stop and searches, it is just possible that a refusal to agree to being checked would itself be grounds to search you. After all, if you have nothing to hide... Similar hijinks have been going on recently in Lancaster, as police and the Lancashire County Council?s Safer Travel Unit began stop and search procedures on members of the public travelling to and from Lancaster bus station. This ?Gateway Check? involved the use of two airport-style metal detectors and handheld metal detectors, along with the frisking of travellers as they left the station. One officer explained: "Due to recent anti-social behaviour and knife crime on buses we are trialling this method as an attempt to deter knife crime, we are currently randomly searching every fifth person." Historically, police powers to stop and search have been limited to instances where there is reasonable suspicion that they might find something you shouldn't have on you: stolen goods, drugs, an offensive weapon, any article made or adapted for use in certain offences (for example a burglary or theft), knives, or items which could damage or destroy property. Over the last few years, that limit has been seriously eroded. Section 44 of the Terrorism Act 2000 allows arbitrary stop and search with the purpose to prevent terrorism when authorisation is given by a commander of Metropolitan Police. This builds upon section 60 of the Criminal Justice and Public Order Act 1994, which permits searches for offensive weapons or dangerous instruments when authorisation by an officer of the rank of inspector or above is given in relation to a specific place and time period. In general, court rulings have tended to uphold those powers, rather than diminish them - so even if you have done nothing wrong, failure to comply with a police search may now be an offence in itself. Reports from locations as far apart as Wellingborough, North Wales and Ipswich all suggest that this is an approach to policing that is increasingly finding favour with police across the country. Meanwhile, the issue of surveillance on railway stations can be attested to by Reg staff, who regularly brave the sniffer dogs of Waterloo in their journey to work each morning. For once, we haven?t asked the police to comment on the above. We could reasonably expect some canned statements about the need to reduce risk, increase public safety, and further explanation that if we haven?t done anything wrong, we would have nothing at all to fear. Instead, we will repeat a comment made by Head of the Police Improvements Agency, Peter Neyroud: Peter Neyroud, chief executive of the NPIA. In a Policing paper earlier this year, he and his fellow authors argued that "factual questions about the effectiveness of new technologies... in detecting and preventing crime should not, and cannot, be separated from ethical and social questions surrounding the impact which these technologies might have upon civil liberties". In the end, these measures will either become an acceptable everyday part of British policing, or they will thoroughly alienate Police and public. Only time will tell. ? From rforno at infowarrior.org Mon Nov 10 03:11:02 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 9 Nov 2008 22:11:02 -0500 Subject: [Infowarrior] - FTC wants to de-muck IP quagmire Message-ID: <4D81CF48-E192-47D6-B9B8-CC9961D3BDBF@infowarrior.org> http://www.networkworld.com/community/node/34964 FTC wants to de-muck the intellectual property quagmire By Layer 8 on Thu, 11/06/2008 - 1:34pm. What do you get when you mix the government, the court system, company lawyers and Joe consumer? A serious mess that would send most people screaming into the night. But the Federal Trade Commission is no such entity. It wants to straighten Intellectual Property (IP) out and today said it will hold a series of hearings - the first in Washington, DC on Dec. 5 - it will use to examine IP law and the myriad issues surrounding it. Interested bigwigs from the tech industry, including Cisco, Yahoo and the Computer & Communications Industry Association are expected to testify along with professors, lawyers and other industry players. The patent system has experienced significant change and more changes are under consideration, the FTC said "The courts and patentees are exploring the full implications of Supreme Court and Federal Circuit decisions on injunctive relief, patentability, and licensing issues. Congress has considered sweeping legislative patent reform, and new debates on the appropriate methods for calculating infringement damages have engaged the patent community. New business models for buying, selling and licensing patents have emerged and evolved since 2003. In addition, there is new learning regarding the operation of the patent system and its contribution to innovation and competition. And the understatement of the day: The cumulative impact of these changes and proposed changes are poorly understood, the FTC said. The FTC has tried to clear things up before. The last time in 2002/2003 when it held 24 days of hearings that involved more than 300 panelists, including representatives from large and small business firms; the independent inventor community; patent and antitrust organizations; and the academic community in economics and antitrust and patent law. In addition, the FTC said it received about 100 written submissions. Many of the business representatives were from technology-intensive industries such as pharmaceuticals, biotechnology, computer hardware and software, and the Internet. The final results were contained in a 207-page report that has guided the agency's ruling on IP since. According to the FTC, the hearing will consist of three panels. One that looks at the operation of emerging business models, aspects of the patent system that support those models, and industry responses. The discussion also will explore the implications these developing business models have for patent valuation and licensing. A second will examine recent and proposed changes in remedies law, including their impact on innovation and consumers, and their use of economic analysis in determining remedies. The third will look at legal doctrines that affect the value and licensing of patents, such as the recent Supreme Court cases on obviousness and other important rulings make the scope and enforcement of patents unpredictable, the FTC stated. The FTC wants your comments too. Such comments should be submitted here and must be received by February 5, 2009, and should refer to "Evolving IP Marketplace - P093900." From rforno at infowarrior.org Mon Nov 10 13:16:57 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 10 Nov 2008 08:16:57 -0500 Subject: [Infowarrior] - Fed Defies TARP Transparency Message-ID: <6481E312-8E30-43B7-B78A-9A974D0FF64D@infowarrior.org> Fed Defies Transparency Aim in Refusal to Identify Bank Loans By Mark Pittman, Bob Ivry and Alison Fitzgerald http://www.bloomberg.com/apps/news?pid=20601087&sid=aatlky_cH.tY&refer=worldwide Nov. 10 (Bloomberg) -- The Federal Reserve is refusing to identify the recipients of almost $2 trillion of emergency loans from American taxpayers or the troubled assets the central bank is accepting as collateral. Fed Chairman Ben S. Bernanke and Treasury Secretary Henry Paulson said in September they would comply with congressional demands for transparency in a $700 billion bailout of the banking system. Two months later, as the Fed lends far more than that in separate rescue programs that didn't require approval by Congress, Americans have no idea where their money is going or what securities the banks are pledging in return. ``The collateral is not being adequately disclosed, and that's a big problem,'' said Dan Fuss, vice chairman of Boston- based Loomis Sayles & Co., where he co-manages $17 billion in bonds. ``In a liquid market, this wouldn't matter, but we're not. The market is very nervous and very thin.'' Bloomberg News has requested details of the Fed lending under the U.S. Freedom of Information Act and filed a federal lawsuit Nov. 7 seeking to force disclosure. The Fed made the loans under terms of 11 programs, eight of them created in the past 15 months, in the midst of the biggest financial crisis since the Great Depression. ``It's your money; it's not the Fed's money,'' said billionaire Ted Forstmann, senior partner of Forstmann Little & Co. in New York. ``Of course there should be transparency.'' Federal Reserve spokeswoman Michelle Smith declined to comment on the loans or the Bloomberg lawsuit. Treasury spokeswoman Michele Davis didn't respond to a phone call and an e-mail seeking comment. The Fed's lending is significant because the central bank has stepped into a rescue role that was also the purpose of the $700 billion Troubled Asset Relief Program, or TARP, bailout plan -- without safeguards put into the TARP legislation by Congress. $2 Trillion Total Fed lending topped $2 trillion for the first time last week and has risen by 140 percent, or $1.172 trillion, in the seven weeks since Fed governors relaxed the collateral standards on Sept. 14. The difference includes a $788 billion increase in loans to banks through the Fed and $474 billion in other lending, mostly through the central bank's purchase of Fannie Mae and Freddie Mac bonds. Before Sept. 14, the Fed accepted mostly top-rated government and asset-backed securities as collateral. After that date, the central bank widened standards to accept other kinds of securities, some with lower ratings. The Fed collects interest on all its loans. The plan to purchase distressed securities through TARP called for buying at the ``lowest price that the secretary (of the Treasury) determines to be consistent with the purposes of this Act,'' according to the Emergency Economic Stabilization Act of 2008, the law that covers TARP. `We Need Transparency' The legislation didn't require any specific method for the purchases beyond saying mechanisms such as auctions or reverse auctions should be used ``when appropriate.'' In a reverse auction, bidders offer to sell securities at successively lower prices, helping to ensure that the Fed would pay less. The measure also included a five-member oversight board that includes Paulson and Bernanke. At a Sept. 23 Senate Banking Committee hearing in Washington, Paulson called for transparency in the purchase of distressed assets under the TARP program. ``We need oversight,'' Paulson told lawmakers. ``We need protection. We need transparency. I want it. We all want it.'' At a joint House-Senate hearing the next day, Bernanke also stressed the importance of openness in the program. ``Transparency is a big issue,'' he said. Banks Resist Disclosure The Fed lent cash and government bonds to banks, which gave the Fed collateral in the form of equities and debt, including subprime and structured securities such as collateralized debt obligations, according to the Fed web site. The borrowers have included the now- bankrupt Lehman Brothers Holdings Inc., Citigroup Inc. and JPMorgan Chase & Co. Banks oppose any release of information because it might signal weakness and spur short-selling or a run by depositors, said Scott Talbott, senior vice president of government affairs for the Financial Services Roundtable, a Washington trade group. ``You have to balance the need for transparency with protecting the public interest,'' Talbott said. ``Taxpayers have a right to know where their tax dollars are going, but one piece of information standing alone could undermine public confidence in the system.'' Frank Backs Fed The nation's biggest banks, Citigroup, Bank of America Corp., JPMorgan Chase, Wells Fargo & Co., Goldman Sachs Group Inc. and Morgan Stanley, declined to comment on whether they have borrowed money from the Fed. They received $120 billion in capital from the TARP, which was signed into law Oct. 3. In an interview Nov. 6, House Financial Services Committee Chairman Barney Frank said the Fed's disclosure is sufficient and that the risk the central bank is taking on is appropriate in the current economic climate. Frank said he has discussed the program with Timothy F. Geithner, president and chief executive officer of the Federal Reserve Bank of New York and a possible candidate to succeed Paulson as Treasury secretary. ``I talk to Geithner and he was pretty sure that they're OK,'' said Frank, a Massachusetts Democrat. ``If the risk is that the Fed takes a little bit of a haircut, well that's regrettable.'' Such losses would be acceptable, he said, if the program helps revive the economy. Frank said the Fed shouldn't reveal the assets it holds or how it values them because of ``delicacy with respect to pricing.'' He said such disclosure would ``give people clues to what your pricing is and what they might be able to sell us and what your estimates are.'' He wouldn't say why he thought that information would be problematic. `Unclog the Market' Revealing how the Fed values collateral could help thaw frozen credit markets, said Ron D'Vari, chief executive officer of NewOak Capital LLC in New York and the former head of structured finance at BlackRock Inc. ``I'd love to hear the methodology, how the Fed priced the assets,'' D'Vari said. ``That would unclog the market very quickly.'' TARP's $700 billion so far is being used to buy preferred shares in banks to shore up their capital. The program was originally intended to hold banks' troubled assets while markets were frozen. The Bloomberg lawsuit argues that the collateral lists ``are central to understanding and assessing the government's response to the most cataclysmic financial crisis in America since the Great Depression.'' AIG Lending The Fed has lent at least $81 billion to American International Group Inc., the world's largest insurer, so that it can pay obligations to banks. The central bank is also responsible for losses on a $26.8 billion portfolio guaranteed after Bear Stearns Cos. was bought by JPMorgan. ``As a taxpayer, it is absolutely important that we know how they're lending money and who they're lending it to,'' said Lucy Dalglish, executive director of the Arlington, Virginia- based Reporters Committee for Freedom of the Press. Ultimately, the Fed will have to remove some securities held as collateral from some programs because the central bank's rules call for instruments rated below investment grade to be taken back by the borrower and marked down in value. Losses on those assets could then be written off, partly through the capital recently injected into those banks by the Treasury. Moody's Investors Service alone has cut its ratings on 926 mortgage- backed securities worth $42 billion to junk from investment grade since Sept. 14, making them ineligible for collateral on some Fed loans. The Fed's collateral ``absolutely should be made public,'' said Mark Cuban, an activist investor, the owner of the Dallas Mavericks professional basketball team and the creator of the Web site BailoutSleuth.com, which focuses on the secrecy shrouding the Fed's moves. To contact the reporters on this story: Mark Pittman in New York at mpittman at bloomberg.net ; Bob Ivry in New York at bivry at bloomberg.net; Alison Fitzgerald in Washington at afitzgerald2 at bloomberg.net. Last Updated: November 10, 2008 00:01 EST From rforno at infowarrior.org Mon Nov 10 13:26:35 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 10 Nov 2008 08:26:35 -0500 Subject: [Infowarrior] - Treasury's own Enabling Act? Message-ID: <24DB7DCD-35D6-4969-82FB-589B60882B5A@infowarrior.org> Salient points from today's WaPo article. Compare that with similar situations involving USA PATRIOT Act, warrantless wiretapping, etc, etc, etc. This is exactly what folks on both sides of the aisle worried about in September when Treasury lobbied for these powers. Turns out they were right to be skeptical. -rf http://www.washingtonpost.com/wp-dyn/content/article/2008/11/09/AR2008110902155.html A Quiet Windfall For U.S. Banks With Attention on Bailout Debate, Treasury Made Change to Tax Policy The financial world was fixated on Capitol Hill as Congress battled over the Bush administration's request for a $700 billion bailout of the banking industry. In the midst of this late-September drama, the Treasury Department issued a five-sentence notice that attracted almost no public attention. But corporate tax lawyers quickly realized the enormous implications of the document: Administration officials had just given American banks a windfall of as much as $140 billion. The sweeping change to two decades of tax policy escaped the notice of lawmakers for several days, as they remained consumed with the controversial bailout bill. < - > The change to Section 382 of the tax code -- a provision that limited a kind of tax shelter arising in corporate mergers -- came after a two- decade effort by conservative economists and Republican administration officials to eliminate or overhaul the law, which is so little-known that even influential tax experts sometimes draw a blank at its mention. Until the financial meltdown, its opponents thought it would be nearly impossible to revamp the section because this would look like a corporate giveaway, according to lobbyists. Andrew C. DeSouza, a Treasury spokesman, said the administration had the legal authority to issue the notice as part of its power to interpret the tax code and provide legal guidance to companies. He described the Sept. 30 notice, which allows some banks to keep more money by lowering their taxes, as a way to help financial institutions during a time of economic crisis. "This is part of our overall effort to provide relief," he said. < - > No one in the Treasury informed the tax-writing committees of Congress about this move, which could reduce revenue by tens of billions of dollars. Legislators learned about the notice only days later. DeSouza, the Treasury spokesman, said Congress is not normally consulted about administrative guidance. Sen. Charles E. Grassley (R-Iowa), ranking member on the Finance Committee, was particularly outraged and had his staff push for an explanation from the Bush administration, according to congressional aides. < - > According to tax attorneys, no one would have legal standing to file a lawsuit challenging the Treasury notice, so only Congress or Treasury could reverse it. Such action could undo the notice going forward or make it clear that it was never legal, a move that experts say would be unlikely. < - > "It's just like after September 11. Back then no one wanted to be seen as not patriotic, and now no one wants to be seen as not doing all they can to save the financial system," said Lee A. Sheppard, a tax attorney who is a contributing editor at the trade publication Tax Analysts. "We're left now with congressional Democrats that have spines like overcooked spaghetti. So who is going to stop the Treasury secretary from doing whatever he wants?" From rforno at infowarrior.org Mon Nov 10 13:28:17 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 10 Nov 2008 08:28:17 -0500 Subject: [Infowarrior] - Paypal Holds Sellers' Funds Hostage Message-ID: <82EF149E-FB9D-46C6-9096-A726A2A713CB@infowarrior.org> http://seekingalpha.com/article/105040-paypal-holds-sellers-funds-hostage?source=feed Paypal Holds Sellers' Funds Hostage by: Dinah Balk November 10, 2008 | about stocks: EBAY Dinah Balk Is it a glitch? Or is it another way to increase revenue? Who knows? I guess Donahoe knows but he's not talking. What am I referring to? eBay (EBAY) cleverly wove the mandatory use of Paypal into its user agreement and now that it's gone into effect, Paypal holds on sellers accounts have increased by leaps and bounds. When is it going to end? My guess is when the State Attorneys General unite and regulate Paypal or when eBay ceases to exist ? whichever comes first. My money is on eBay because there's been a 20% drop in traffic, the stock is at a low not seen in nearly 10 years, and disruptive innovations continue to drive buyers & sellers to user friendly sites like Bonanzle & Etsy. New Glitch. On the morning of November 6 many sellers discovered they could not withdrawal funds from their Paypal accounts due to a glitch that eBay/Paypal has yet to acknowledge or resolve. Is this related to the mysterious eCheck glitch? Sellers began reporting unexplained holds on their accounts as early as October 25 and within 2 days the glitch spread like a virus throughout the eBay selling community as one seller after another discovered their funds had cleared but were being hostage as there was no way to claim them. No resolution appears to be in sight and eBay/Paypal has yet to make an announcement or notify members. Paypal did offer sellers a few pennies on the dollar for the use of their money (if they had a Paypal Money Market account). Anyone want to guess how much money Paypal earned? One eBay member named Permacrisis has an interesting theory. The extra load/artificial spike imposed on October 20th overloaded Paypal's servers (insufficient band with) and Paypal had to choose between collecting funds and disbursing funds. Sellers have also reported that their funds are being held from a few days to months. eBay/Paypal excuses range from: 1) suspicious transaction; 2) no feedback from buyer; 3) less than 100 seller feedback; 4) false positives; 5) no shipping information; etc. etc. etc. none of which have anything to do with processing a transaction. I think this situation was best summed up by deltamaster who wrote "If Wells Fargo, Bank of America, US Bank, or any other financial institution were to conduct business in this fashion there would be regulators crawling all over them like fire ants on a grasshopper." Which begs the question, how can anyone trust Paypal because it is not regulated, profits from its failure to perform, and operates in a shroud of secrecy? From rforno at infowarrior.org Tue Nov 11 12:51:45 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 11 Nov 2008 07:51:45 -0500 Subject: [Infowarrior] - EU refuses to release secret ACTA documents Message-ID: <6CB30B73-E8EB-4D66-8CB6-B5148F71EBAE@infowarrior.org> EU Council refuses to release secret ACTA documents http://press.ffii.org/Press_releases/EU_Council_refuses_to_release_secret_ACTA_documents Brussels, 10th November 2008 - The EU Council of Ministers refuses to release secret Anti-Counterfeiting Trade Agreement (ACTA) documents. The Foundation for a Free Information Infrastructure (FFII) had requested these documents to make public and parliamentary scrutiny possible. After the Council's refusal, the FFII sent in a confirmatory application, for the EU Council to review its position, as allowed by Article 7(2) of the regulation dealing with public access to such documents. ACTA's secrecy fuels concerns that the treaty may give patent trolls the means to extort companies, undermine access to low-cost generic medicines, lead to monitoring all citizens' Internet communications and criminalize peer-to-peer electronic file sharing. The EU Council refuses to release the secret documents stating that disclosure of this information could impede the proper conduct of the negotiations, would weaken the position of the European Union in these negotiations and might affect relations with the third parties concerned. The FFII reaffirms its application stating that the legislative process in the EU has to be open. If the agreement will only be made public once all parties have already agreed to it, none of the EU's national parliaments nor the European Parliament will have been able to scrutinise its contents in any meaningful way. To prevent this from happening, it may be necessary to renegotiate ACTA's transparency. The FFII's confirmatory application letter questions ACTA's secrecy in no uncertain terms: "The argument that public transparency regarding 'trade negotiations' can be ignored if it would weaken the EU's negotiation position is particularly painful. At which point exactly do negotiations over trade issues become more important than democratic law making? At 200 million euro? At 500 million euro? At 1 billion euro? What is the price of our democracy?" The Canadian government released documents under the Access to Information Act that provide additional insights into the secretive nature of the negotiations. If the EU Council again refuses to release the secret documents, the FFII can take the case to the European Court of Justice. An earlier case on transparency of EU legislation took 6 years. By that time ACTA may long have entered into force. Ante Wessels, FFII analyst, says: "We do not have so much time. The only solution we see is that the parliaments of Europe force the Council to publish the texts by making Parliamentary scrutiny reservations." < - > more < - > http://press.ffii.org/Press_releases/EU_Council_refuses_to_release_secret_ACTA_documents From rforno at infowarrior.org Tue Nov 11 19:18:49 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 11 Nov 2008 14:18:49 -0500 Subject: [Infowarrior] - America the Illiterate Message-ID: <914C9C02-F892-4093-9DE1-8008780DAC08@infowarrior.org> (Couldn't have said it better myself.....-rf) America the Illiterate http://www.truthdig.com/report/item/20081110_america_the_illiterate/ Posted on Nov 10, 2008 By Chris Hedges We live in two Americas. One America, now the minority, functions in a print-based, literate world. It can cope with complexity and has the intellectual tools to separate illusion from truth. The other America, which constitutes the majority, exists in a non-reality-based belief system. This America, dependent on skillfully manipulated images for information, has severed itself from the literate, print-based culture. It cannot differentiate between lies and truth. It is informed by simplistic, childish narratives and clich?s. It is thrown into confusion by ambiguity, nuance and self-reflection. This divide, more than race, class or gender, more than rural or urban, believer or nonbeliever, red state or blue state, has split the country into radically distinct, unbridgeable and antagonistic entities. There are over 42 million American adults, 20 percent of whom hold high school diplomas, who cannot read, as well as the 50 million who read at a fourth- or fifth-grade level. Nearly a third of the nation?s population is illiterate or barely literate. And their numbers are growing by an estimated 2 million a year. But even those who are supposedly literate retreat in huge numbers into this image-based existence. A third of high school graduates, along with 42 percent of college graduates, never read a book after they finish school. Eighty percent of the families in the United States last year did not buy a book. The illiterate rarely vote, and when they do vote they do so without the ability to make decisions based on textual information. American political campaigns, which have learned to speak in the comforting epistemology of images, eschew real ideas and policy for cheap slogans and reassuring personal narratives. Political propaganda now masquerades as ideology. Political campaigns have become an experience. They do not require cognitive or self-critical skills. They are designed to ignite pseudo-religious feelings of euphoria, empowerment and collective salvation. Campaigns that succeed are carefully constructed psychological instruments that manipulate fickle public moods, emotions and impulses, many of which are subliminal. They create a public ecstasy that annuls individuality and fosters a state of mindlessness. They thrust us into an eternal present. They cater to a nation that now lives in a state of permanent amnesia. It is style and story, not content or history or reality, which inform our politics and our lives. We prefer happy illusions. And it works because so much of the American electorate, including those who should know better, blindly cast ballots for slogans, smiles, the cheerful family tableaux, narratives and the perceived sincerity and the attractiveness of candidates. We confuse how we feel with knowledge. The illiterate and semi-literate, once the campaigns are over, remain powerless. They still cannot protect their children from dysfunctional public schools. They still cannot understand predatory loan deals, the intricacies of mortgage papers, credit card agreements and equity lines of credit that drive them into foreclosures and bankruptcies. They still struggle with the most basic chores of daily life from reading instructions on medicine bottles to filling out bank forms, car loan documents and unemployment benefit and insurance papers. They watch helplessly and without comprehension as hundreds of thousands of jobs are shed. They are hostages to brands. Brands come with images and slogans. Images and slogans are all they understand. Many eat at fast food restaurants not only because it is cheap but because they can order from pictures rather than menus. And those who serve them, also semi-literate or illiterate, punch in orders on cash registers whose keys are marked with symbols and pictures. This is our brave new world. Political leaders in our post-literate society no longer need to be competent, sincere or honest. They only need to appear to have these qualities. Most of all they need a story, a narrative. The reality of the narrative is irrelevant. It can be completely at odds with the facts. The consistency and emotional appeal of the story are paramount. The most essential skill in political theater and the consumer culture is artifice. Those who are best at artifice succeed. Those who have not mastered the art of artifice fail. In an age of images and entertainment, in an age of instant emotional gratification, we do not seek or want honesty. We ask to be indulged and entertained by clich?s, stereotypes and mythic narratives that tell us we can be whomever we want to be, that we live in the greatest country on Earth, that we are endowed with superior moral and physical qualities and that our glorious future is preordained, either because of our attributes as Americans or because we are blessed by God or both. The ability to magnify these simple and childish lies, to repeat them and have surrogates repeat them in endless loops of news cycles, gives these lies the aura of an uncontested truth. We are repeatedly fed words or phrases like yes we can, maverick, change, pro-life, hope or war on terror. It feels good not to think. All we have to do is visualize what we want, believe in ourselves and summon those hidden inner resources, whether divine or national, that make the world conform to our desires. Reality is never an impediment to our advancement. The Princeton Review analyzed the transcripts of the Gore-Bush debates, the Clinton-Bush-Perot debates of 1992, the Kennedy-Nixon debates of 1960 and the Lincoln-Douglas debates of 1858. It reviewed these transcripts using a standard vocabulary test that indicates the minimum educational standard needed for a reader to grasp the text. During the 2000 debates, George W. Bush spoke at a sixth-grade level (6.7) and Al Gore at a seventh-grade level (7.6). In the 1992 debates, Bill Clinton spoke at a seventh-grade level (7.6), while George H.W. Bush spoke at a sixth-grade level (6.8), as did H. Ross Perot (6.3). In the debates between John F. Kennedy and Richard Nixon, the candidates spoke in language used by 10th-graders. In the debates of Abraham Lincoln and Stephen A. Douglas the scores were respectively 11.2 and 12.0. In short, today?s political rhetoric is designed to be comprehensible to a 10-year-old child or an adult with a sixth-grade reading level. It is fitted to this level of comprehension because most Americans speak, think and are entertained at this level. This is why serious film and theater and other serious artistic expression, as well as newspapers and books, are being pushed to the margins of American society. Voltaire was the most famous man of the 18th century. Today the most famous ?person? is Mickey Mouse. In our post-literate world, because ideas are inaccessible, there is a need for constant stimulus. News, political debate, theater, art and books are judged not on the power of their ideas but on their ability to entertain. Cultural products that force us to examine ourselves and our society are condemned as elitist and impenetrable. Hannah Arendt warned that the marketization of culture leads to its degradation, that this marketization creates a new celebrity class of intellectuals who, although well read and informed themselves, see their role in society as persuading the masses that ?Hamlet? can be as entertaining as ?The Lion King? and perhaps as educational. ?Culture,? she wrote, ?is being destroyed in order to yield entertainment.? ?There are many great authors of the past who have survived centuries of oblivion and neglect,? Arendt wrote, ?but it is still an open question whether they will be able to survive an entertaining version of what they have to say.? The change from a print-based to an image-based society has transformed our nation. Huge segments of our population, especially those who live in the embrace of the Christian right and the consumer culture, are completely unmoored from reality. They lack the capacity to search for truth and cope rationally with our mounting social and economic ills. They seek clarity, entertainment and order. They are willing to use force to impose this clarity on others, especially those who do not speak as they speak and think as they think. All the traditional tools of democracies, including dispassionate scientific and historical truth, facts, news and rational debate, are useless instruments in a world that lacks the capacity to use them. As we descend into a devastating economic crisis, one that Barack Obama cannot halt, there will be tens of millions of Americans who will be ruthlessly thrust aside. As their houses are foreclosed, as their jobs are lost, as they are forced to declare bankruptcy and watch their communities collapse, they will retreat even further into irrational fantasy. They will be led toward glittering and self- destructive illusions by our modern Pied Pipers?our corporate advertisers, our charlatan preachers, our television news celebrities, our self-help gurus, our entertainment industry and our political demagogues?who will offer increasingly absurd forms of escapism. The core values of our open society, the ability to think for oneself, to draw independent conclusions, to express dissent when judgment and common sense indicate something is wrong, to be self-critical, to challenge authority, to understand historical facts, to separate truth from lies, to advocate for change and to acknowledge that there are other views, different ways of being, that are morally and socially acceptable, are dying. Obama used hundreds of millions of dollars in campaign funds to appeal to and manipulate this illiteracy and irrationalism to his advantage, but these forces will prove to be his most deadly nemesis once they collide with the awful reality that awaits us. From rforno at infowarrior.org Tue Nov 11 20:31:45 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 11 Nov 2008 15:31:45 -0500 Subject: [Infowarrior] - =?windows-1252?q?Google_Uses_Searches_to_Track_Fl?= =?windows-1252?q?u=92s_Spread?= Message-ID: <9B8C0755-8BCE-49B2-B04F-D132BFAAE0C3@infowarrior.org> November 12, 2008 Google Uses Searches to Track Flu?s Spread By MIGUEL HELFT http://www.nytimes.com/2008/11/12/technology/internet/12flu.html?_r=1&hp=&oref=slogin&pagewanted=print SAN FRANCISCO ? What if Google knew before anyone else that a fast- spreading flu outbreak was putting you at heightened risk of getting sick? And what if it could alert you, your doctor and your local public health officials before the muscle aches and chills kicked in? That, in essence, is the promise of Google Flu Trends, a new Web tool that Google.org, the company?s philanthropic unit, unveiled on Tuesday, just as flu season is getting underway in the United States. Google Flu Trends is based on the simple idea that people who are feeling sick will probably turn to the Web for information, typing things like ?flu symptoms? or ?muscle aches? into Google. The service tracks such queries and charts their ebb and flow, broken down by regions and states. Early tests suggest that the service may be able to detect regional outbreaks of the flu between a week and 10 days before they are reported by the Centers for Disease Control and Prevention. Some public health experts say that could help accelerate the response of doctors, hospitals and public health officials to a nasty flu season, reducing the spread of the disease and, potentially, saving lives. It could also offer a dose of comfort to stricken individuals in knowing that a bug is going around. ?This could conceivably provide as early a warning of an outbreak as any system,? said Lyn Finelli, lead for surveillance at the influenza division of the C.D.C. Ms. Finelli noted that people often search the Internet for medical information before they call their doctor. ?The earlier the warning, the earlier prevention and control measures can be put in place, and this could prevent cases of influenza,? Ms. Finelli said. Between 5 percent and 20 percent of the nation?s population contracts the flu each year, Ms. Finelli said, leading to an average of roughly 36,000 deaths. Google Flu Trends is the latest indication that the words typed into search engines like Google can be used to track the collective interests and concerns of millions of people, and even to forecast the future. ?This is an example where Google can use the incredible systems that we have to come up with an interesting, predictive result,? said Eric E. Schmidt, Google?s chief executive. ?From a technological perspective, it is the beginning.? For now the service only covers the United States, but Google is hoping to eventually use the same technique to help track influenza and other diseases worldwide. The premise behind Google Flu Trends has been validated by an unrelated study indicating that the data collected by Yahoo, Google?s main rival in Internet search, can also help with early detection of the flu. ?In theory, we could use this stream of information to learn about other disease trends as well,? said Philip M. Polgreen, assistant professor of medicine and epidemiology at the University of Iowa and a co-author of the study based on Yahoo?s data. Still, some public health officials note that many health departments already use other techniques, like gathering data from visits to emergency rooms, to keep daily tabs on disease trends in their own communities. ?We don?t have any evidence that this is more timely than our emergency room data,? said Farzad Mostashari, assistant commissioner of New York City?s Department of Health and Mental Hygiene. If Google provided health officials with details of the inner workings of the system so that it could be validated scientifically, the data could serve as an additional way to detect influenza that is free and may prove valuable, said Mr. Mostashari, who is also chairman of the International Society for Disease Surveillance. A paper on the methodology behind Flu Trends is expected to be published in a future issue of the journal Nature. Researchers have long said that the data sprinkled throughout the Web amounts to a form of ?collective intelligence? that could be used to make predictions. There are commercial Web sites that mine this information to predict airfares or home prices. But the data collected by search engines is particularly powerful, because the keywords and phrases that people type into search engines represent their most immediate intentions. People may search for ?Kauai hotel? when they are planning a vacation and for ?foreclosure? when they get in trouble with their mortgage. Those queries express the world?s collective desires and needs, its wants and likes. Internal research at Yahoo suggests that increases in searches for certain terms can help forecast what technology products will be hits, for instance. Yahoo itself has begun using search traffic to help it decide what material to feature on its home page. It analyzes what its users are interested in and then programs its Web site accordingly. Two years ago, Google began opening up its search data trove through Google Trends, a tool that allows anyone to track the relative popularity of search terms. Google also offers more sophisticated search traffic tools that marketers can use to fine-tune advertising campaigns. And internally it has tested the use of search data to reach conclusions about economic, marketing and entertainment trends. It found both promises and limitations. ?This works remarkably well, but tends to miss ?turning points,? times when the data changes direction,? said Hal Varian, Google?s chief economist. Yahoo?s head of research, Prabhakar Raghavan, also said search data could be immensely valuable for forecasters and scientists, but concerns about privacy have generally stopped the company from sharing it with outside academics. Google Flu Trends gets around privacy pitfalls by relying only on aggregated data that cannot be used to identify individual searchers. To develop the service, Google?s engineers devised a basket of keywords and phrases related to the flu, including thermometer, flu symptoms, muscle aches, chest congestion and many others. Google then dug into its database, extracted five years of data on those queries and mapped the data onto the C.D.C.?s reports of ?influenza-like illness,? which the agency compiles based on data from labs, health care providers, death certificates and other sources. Google found an almost perfect correlation between its data and the C.D.C. reports. ?We know it matches very, very well in the way flu developed in the last year,? said Larry Brilliant, executive director of Google.org. Ms. Finelli of the C.D.C. and Mr. Brilliant both cautioned that the data needed to be monitored to ensure that the correlation with flu activity remained valid. Other people have tried to use information collected from Internet users for public health purposes. A Web site called whoissick.org, for instance, invites people to report about what ails them and superimposes the results on a map. But the site has received little traffic, so its usefulness is limited. HealthMap, a project affiliated with Children?s Hospital Boston and Harvard Medical School, scours the Web for news articles, blog posts and electronic newsletters to create a map that tracks emerging infectious diseases around the world. It is backed by Google.org, which counts the detection and prevention of diseases as one of its main philanthropic objectives. But Google Flu Trends appears to be the first public project that uses the powerful database of a search engine to track the emergence of a disease. ?This seems like a really clever way of using data that is created unintentionally by the users of Google to see patterns in the world that would otherwise be invisible,? said Thomas Malone, a professor at the M.I.T. Sloan School of Management. ?I think we are just scratching the surface of what?s possible with collective intelligence.? From rforno at infowarrior.org Wed Nov 12 03:16:34 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 11 Nov 2008 22:16:34 -0500 Subject: [Infowarrior] - After banning YouTube, military launches TroopTube Message-ID: <2491F527-F891-47B5-9510-1124934D4874@infowarrior.org> After banning YouTube, military launches TroopTube By JESSICA MINTZ The Associated Press Tuesday, November 11, 2008; 4:10 PM http://www.washingtonpost.com/wp-dyn/content/article/2008/11/11/AR2008111101741_pf.html SEATTLE -- The U.S. military, with help from Seattle startup Delve Networks, has launched a video-sharing Web site for troops, their families and supporters, a year and a half after restricting access to YouTube and other video sites. TroopTube, as the new site is called, lets people register as members of one of the branches of the armed forces, family, civilian Defense Department employees or supporters. Members can upload personal videos from anywhere with an Internet connection, but a Pentagon employee screens each for taste, copyright violations and national security issues. Part of Delve's work was to build speedy tools for approving and sorting incoming videos. Its technology also crunches video files into several sizes and automatically plays the one that best suits viewers' Internet connection speeds. But the startup's real forte is making sure searches on the site turn up the best video results. Delve's system turns a video's sound into a text transcript. It pares unimportant words like "this" and "that," then compares what's left against a massive database of words commonly uttered in proximity to each other, collected from crawling hundreds of millions of Web pages. The result: Even if speech recognition software trips on the one word someone is searching for, there's a good chance Delve can still deliver relevant results. In May 2007, the Defense Department banned employees and soldiers from accessing sites including YouTube and MySpace, citing security and bandwidth issues. Delve Chief Executive Alex Castro called TroopTube a "retention tool" aimed at a generation of soldiers who bring laptops to the front lines. "A lot of people are excited in the company to be doing something for the people who make sacrifices," said Castro, his eyes tearing. "We're proud of this." ___ On the Net: http://www.trooptube.tv From rforno at infowarrior.org Wed Nov 12 14:04:16 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 12 Nov 2008 09:04:16 -0500 Subject: [Infowarrior] - Veins the new fingerprints? Message-ID: <979F9E94-FBC5-4BCE-AE07-07E278998FA2@infowarrior.org> Why veins could replace fingerprints and retinas as most secure form of ID Mike Harvey, Technology Correspondent http://technology.timesonline.co.uk/tol/news/tech_and_web/article5129384.ece Forget fingerprinting. Companies in Europe have begun to roll out an advanced biometric system from Japan that identifies people from the unique patterns of veins inside their fingers. Finger vein authentication, introduced widely by Japanese banks in the last two years, is claimed to be the fastest and most secure biometric method. Developed by Hitachi, it verifies a person's identity based on the lattice work of minute blood vessels under the skin. Easydentic Group, a European leader in the biometric industry based in France, has announced that it will be using Hitachi's finger vein security in a range of door access systems for the UK and European markets. In Japan, thousands of cash machines are operated by finger vein technology. Hitachi announced today that it will introduce 20,000 finger vein authentication systems at shops and kiosks belonging to two Japanese companies, which will use the devices to protect the privacy of customer information by requiring storeworkers to authenticate themselves before accessing the customer database. The pattern of blood vessels is captured by transmitting near-infrared light at different angles through the finger, usually the middle finger. This can be done in a small instrument attached to a wall or as part of an ATM machine. The light is partially absorbed by haemoglobin in the veins and the pattern is captured by a camera as a unique 3D finger vein profile. This is turned into a simple digital code which is then matched with a pre-registered profile to verify an individual's identity. Even twins are said to have different finger vein patterns. Hitachi claims that because the veins are inside the body, invisible to the eye, it is extremely difficult to forge and impossible to manipulate. While fingerprints can be "lifted" and retinas scanned without an individual realising it, it is extremely unlikely that people's finger vein profiles can be taken without them being aware of it, the company says. The gruesome possibility that criminals may hack off a finger has already been discounted by Hitachi's scientists. Asked if authentication could be "forged" with a severed finger, the company says: "As blood would flow out of a disconnected finger, authentication would no longer be possible." Hitachi says finger vein authentication is less expensive than iris scanning or face/voice recognition and that the false rejection rate is much lower than with fingerprinting. And people don't have to remember a pin number. Hitachi's system is being used to verify user identities for ATMs, door access systems and computer log-in systems in Japan. An alternative technique, developed by Fujitsu, scans the palms of people's hands to identify a similarly unique vein pattern. This system has also been gaining international recognition. It was recently installed at Carolinas HealthCare System, based in Charlotte, North Carolina, the first healthcare provider in the United States to implement this technology. The palm scanners, which are linked to hospitals' patient registration databases, are used at admitting, the emergency department, one-day surgery, and all inpatient and outpatient registration points. "Most recently, we have begun a rollout to physician practice settings for our physicians network," said Steve Burr, vice president of patient financial services. From rforno at infowarrior.org Wed Nov 12 17:21:44 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 12 Nov 2008 12:21:44 -0500 Subject: [Infowarrior] - Secret Rocket Balls Target WMD Bunkers Message-ID: <39FF7FB7-E0DA-4AC4-AE96-72FF748BA36B@infowarrior.org> Secret Rocket Balls Target WMD Bunkers By David Hambling EmailNovember 12, 2008 | 11:30:00 AM Categories: Ammo and Munitions, Bizarro, Chem-Bio http://blog.wired.com/defense/2008/11/secret-rocket-b.html The Pentagon has a new secret weapon to neutralize sites containing chemical or biological weapons: rocket balls. These are hollow spheres, made of rubberized rocket fuel; when ignited, they propel themselves around at random at high speed, bouncing off the walls and breaking through doors, turning the entire building into an inferno. The makers call them "kinetic fireball incendiaries." The Pentagon doesn't want to talk about them, but published documents show that the fireballs have undergone tests on underground bunkers. There are plenty of bombs which could destroy a lab, and bunker- busting weapons can tackle hardened underground facilities. But blowing up WMDs is a not a good idea. Using high explosives is likely to scatter then over a wide area, which is exactly what you want to avoid. Two special high-temperature incendiary bombs ?- named "CrashPAD" and "Shredder" -- were quietly rushed into service for the use against WMD few years ago. CrashPAD is based on the Mk.84 bomb and is intended for soft targets; the BLU-119/B Shredder is a modified BLU-109 bunker- buster for hardened or underground targets. The filler for both is a combination of explosive and incendiary, which is more effective than explosive alone, but hardly safe. An explosion causes overpressure and release a plume of hazardous material. However, without any explosive the incendiary will not be adequately dispersed. The incendiary must also maintain the temperature for a prolonged period, to ensure that anything dangerous is destroyed. That means heating up the entire structure for more than just a few seconds. Existing incendiaries tend to burn fiercely but quickly. One solution is replacing the standard explosive or incendiary with a load of kinetic fireballs, described in this proposal. Each fireball is a hollow spherical shell with a hole in it; when the inside is ignited, the hole acts as a rocket nozzle. The kinetic fireballs eject an extremely high temperature exhaust which will heat up the surrounding volume to over 1,000 f within seconds. Their random ricocheting around ensures that they will fill any space they occupy, and they are capable of diffusing throughout a multi-room structure. This really is rocket science. The inventor, Kevin Mahaffy, was an engineer at Air Force Research Laboratory's Rocket Propulsion Division, and spent three years as the Chief of the Motor Branch overseeing solid and hybrid rocket propulsion. Mahaffy's company, Exquadrum Inc., has received contracts from the Pentagon's Defense Threat Reduction Agency (DTRA) which is tasked with tackling WMD threats. The DTRA acknowledges that the fireball project progressed under an SBIR program completed in 2006. The culmination was a 2,000 lb BLU-109 bomb, filled with a payload of fireballs, and tested against a multi- room bunker. DTRA would not comment on any more recent developments. However, I discovered a later contract running from 2006-2008, which indicates that the fireballs were taken further -- possibly into some kind of low-rate production. The DTRA declined to comment further and suggested that I try filing an Freedom of Information Act request -- a polite way of telling me to go away. I contacted Mahaffy directly about the fireball technology, but he was understandably unable to comment even on uses not related to the DTRA work. The kinetic fireballs might be an effective way of dealing with chemical and biological WMD safely. They might also be effective against nuclear facilities, as again they can effectively spread destruction throughout a complex without breaking it open and spreading radioactivity. Smaller fireball payloads have been suggested for shoulder-fired rockets and grenades for tactical use. The DTRA is known to be interested in a payload for the 84mm SMAW rocket launcher for agent defeat; at present, ground forces have no tactical options for dealing with a suspected chemical/biological lab operated by terrorists or others. They might find other uses for the fireballs as a "low collateral damage technology." A warhead filled with fireballs offers a way to take out all the occupants of a building without causing it to collapse, and without damaging any adjacent structures. No blast, no fragmentation. Of course incendiary weapons can cause media and political backlash, but as the increasing deployment of thermobarics has shown, this need not be an obstacle. For the present kinetic fireball technology seems set to stay on the secret list . And if you're running a chem/bio weapons lab and assuming they won't risk attacking you -- be afraid. From rforno at infowarrior.org Thu Nov 13 04:52:56 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 12 Nov 2008 23:52:56 -0500 Subject: [Infowarrior] - The invasive Obama employment questionairre Message-ID: <514D4A68-D29C-4BA6-B827-8A9FACBA86C2@infowarrior.org> (For anyone thinking of applying for a senior-level job with the Obama Administration, you might need to take out a second mortgage to fund the research these guys are asking of you. I can understand their desire to avoid political embarrassment but some of these questions and the timeframes involved are unbelievable -- they should reimburse applicants for the time and trouble! -rf) The questionairre: http://graphics8.nytimes.com/packages/pdf/national/13apply_questionnaire.pdf November 13, 2008 For a Washington Job, Be Prepared to Tell All By JACKIE CALMES http://www.nytimes.com/2008/11/13/us/politics/13apply.html?_r=1&hp&oref=slogin WASHINGTON ? Want a top job in the Obama administration? Only pack rats need apply, preferably those not packing controversy. A seven-page questionnaire being sent by the office of President-elect Barack Obama to those seeking cabinet and other high-ranking posts may be the most extensive ? some say invasive ? application ever. The questionnaire includes 63 requests for personal and professional records, some covering applicants? spouses and grown children as well, that are forcing job-seekers to rummage from basements to attics, in shoe boxes, diaries and computer archives to document both their achievements and missteps. Only the smallest details are excluded; traffic tickets carrying fines of less than $50 need not be reported, the application says. Applicants are asked whether they or anyone in their family owns a gun. They must include any e-mail that might embarrass the president- elect, along with any blog posts and links to their Facebook pages. [Application at nytimes.com/washington.] The application also asks applicants to ?please list all aliases or ?handles? you have used to communicate on the Internet.? The vetting process for executive branch jobs has been onerous for decades, with each incoming administration erecting new barriers in an effort to avoid the mistakes of the past, or the controversies of the present. It is typically updated to reflect technological change (there was no Facebook the last time a new president came to town). But Mr. Obama has elevated the vetting even beyond what might have been expected, especially when it comes to applicants? family members, in a reflection of his campaign rhetoric against lobbying and the back- scratching, self-serving ways of Washington. ?President-elect Obama made a commitment to change the way Washington does business, and the vetting process exemplifies that,? said Stephanie Cutter, chief spokeswoman for the Obama transition office. Jobs with the mortgage-finance giants Fannie Mae and Freddie Mac have served as lucrative incubators for Democratic and Republican administration officials. But those affiliations have become potentially toxic since the government seized both companies after years of financial irregularities that have stoked the economic crisis. Not surprisingly, then, Question 18 of the Obama application asks whether ?you, your spouse or any member of your immediate family? have been affiliated with Fannie, Freddie, American International Group, Washington Mutual and any other institution getting a government bailout. Under ?Domestic Help,? the questionnaire asks the immigration status of applicants? housekeepers, nannies, chauffeurs and yard-workers, and whether applicants have paid the required taxes for household employees. (Those questions reflect controversies that tripped up President Bill Clinton?s first two nominees for attorney general in 1993.) ?Every transition is cumulative,? said Michael Berman, a lawyer and lobbyist who worked in the transitions of both Mr. Clinton and President Jimmy Carter. After reviewing the Obama application, Mr. Berman added, ?I am very happy I am not seeking a job in the federal government.? A former Clinton White House official who insisted on anonymity said in an e-mail message, ?I believe it is considerably more detailed than we had to fill out in ?93. Interesting that they want spouse information on everything ? means lots of folks are going to have to list the very prominent ? and controversial ? companies that their spouses work/lobby for.? The first question asks applicants not just for a r?sum?, but for every r?sum? and biographical statement issued by them or others for the past 10 years ? a likely safeguard against r?sum? falsehoods, one Clinton administration veteran said. Most information must cover at least the past decade, including the names of anyone applicants lived with; a chronological list of activities for which applicants were paid; real estate and loans over $10,000, and their terms, for applicants and spouses; net worth statements submitted for loans, and organization memberships ? in particular, memberships in groups that have discriminated on the basis of race, sex, disability, ethnicity, religion or sexual orientation. There are no time limits for some information, including liens, tax audits, lawsuits, legal charges, bankruptcies or arrests. Applicants must report all businesses with which they and their spouses have been affiliated or in which they have had a financial stake of more than 5 percent. All gifts over $50 that they and their spouses have received from anyone other than close friends or relatives must be identified. Just in case the previous 62 questions do not ferret out any potential controversy, the 63rd is all-encompassing: ?Please provide any other information, including information about other members of your family, that could suggest a conflict of interest or be a possible source of embarrassment to you, your family, or the president-elect.? The answer could duplicate the response to Question 8: ?Briefly describe the most controversial matters you have been involved with during the course of your career.? For those who clear all the hurdles, the reward could be the job they wanted. But first there will be more forms, for security and ethics clearances from the Federal Bureau of Investigation and the Office of Government Ethics. From rforno at infowarrior.org Thu Nov 13 12:49:24 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 13 Nov 2008 07:49:24 -0500 Subject: [Infowarrior] - 2008 Plum Book released Message-ID: <0AFB09F1-2CC9-429B-8442-00EA68A709AE@infowarrior.org> (Paging all government jobseekers.......--rf) The Plum Book (United States Government Policy and Supporting Positions): 2008 Edition The United States Government Policy and Supporting Positions (Plum Book) (1.26 MB, 210 pages) has been made available in its entirety, as a single PDF file. GPO has refined the 2008 Plum Book by adding bookmarks to it and optimizing it for the web. In addition, the entire report is also available in TEXT format (1.91 MB). http://www.gpoaccess.gov/plumbook/2008/index.html From rforno at infowarrior.org Fri Nov 14 14:46:12 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Nov 2008 09:46:12 -0500 Subject: [Infowarrior] - DHS RFI on NIPP Revision Message-ID: http://cryptome.info/0001/nppd111408.htm [Federal Register: November 14, 2008 (Volume 73, Number 221)] [Notices] [Page 67532-67534] From the Federal Register Online via GPO Access [wais.access.gpo.gov] [DOCID:fr14no08-101] ----------------------------------------------------------------------- DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2008-0112] Review and Revision of the National Infrastructure Protection Plan AGENCY: National Protection and Programs Directorate, DHS. ACTION: Notice and request for comments. ----------------------------------------------------------------------- SUMMARY: This notice informs the public that the Department of Homeland Security (DHS) is currently revising the 2006 National Infrastructure Protection Plan (NIPP) and, as part of a comprehensive national review process, solicits public comment on issues or language in this draft document that need to be updated during this triennial review cycle. [[Page 67533]] DATES: Written comments must be submitted on or before December 1, 2008. ADDRESSES: Comments must be identified by docket number DHS-2008-0112 and may be submitted by one of the following methods: Federal Rulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments. Mail: Charles H. Davis, NIPP Program Management Office, Mail Stop 8530, Department of Homeland Security, 245 Murray Lane, SW., Washington, DC 20528-8530. FOR FURTHER INFORMATION CONTACT: Larry L. May, NIPP Program Management Office, Partnership and Outreach Division, Office of Infrastructure Protection, National Protection and Programs Directorate, Department of Homeland Security, Washington, DC 20528, 703-235-3648 or NIPP at dhs.gov. SUPPLEMENTARY INFORMATION: I. Public Participation DHS invites interested persons to contribute suggestions and comments for the revision of the National Infrastructure Protection Plan (NIPP) by submitting written data, views, or arguments. Comments that will provide the most assistance to DHS in revising the NIPP will explain the reason for any recommended changes to the NIPP and include data, information, or authority that supports such recommended changes. Identifying the proposed changes by page and line number, and/or Figure/Table number is requested. DHS first solicited comments, issues and/or language on the 2006 NIPP as part of this triennial NIPP revision, in a previous Federal Register Notice published on June 6, 2008, (72 FR 32341). All of the public comments received in response to the June 6, 2008, notice have been reviewed, adjudicated and as appropriate revisions have been incorporated into the draft 2009 National Infrastructure Protection Plan which is available for review in docket DHS-2008-0112 on www.regulations.gov. Once all comments are received in response to this notice, they will be adjudicated, addressed, and DHS will distribute the revised NIPP for inter-agency review and concurrence through the Homeland Security Council (HSC) process. Upon receipt and adjudication of the comments resulting from the HSC review, a final document will be prepared for review and signature by the Secretary of Homeland Security and the respective heads of the federal departments and agencies in preparation for its reissue. The 2009 reissue of the NIPP will represent the culmination of a comprehensive national review process involving the collaboration of critical infrastructure and key resources (CIKR) protection partners at all levels of government and the private sector; the consideration and inclusion of comments from the American public; and the benefit of shared knowledge and experience resulting from the robust public- private partnership established through the NIPP sector partnership model. Because of the open and collaborative process being used to review and update the document, the 2009 NIPP will be of maximum value to all CIKR protection partners and the public. Instructions: All submissions received must include the agency name and docket number for this action. All comments received will be posted without change to http://www.regulations.gov, including any personal information provided. You may submit your comments and material by one of the methods specified in the ADDRESSES section above. Please submit your comments and material by only one means to avoid the receipt and review of duplicate submissions. If you submit comments by mail, your submission should be an unbound document and no larger than 8.5 by 11 inches to enable copying and electronic document management. If you want DHS to acknowledge receipt of comments by mail, please include with your comments a self-addressed, stamped postcard that includes the docket number for this action. We will date your postcard and return it to you via U.S. mail. All comments or recommended changes should be identified by page and line number, and/or Figure or Table number. Docket: Background documents and comments received can be viewed at http://www.regulations.gov. II. Background The NIPP sets forth a comprehensive risk management framework and clearly defines critical infrastructure protection roles and responsibilities for the DHS; Sector-Specific Agencies (SSAs); and other Federal, State, regional, local, tribal, territorial, and private-sector partners. The NIPP provides a coordinated approach for establishing national priorities, goals, and requirements for infrastructure protection so that funding and resources are applied in the most effective manner. The NIPP risk management framework responds to an evolving risk landscape; as such, there will always be changes to the NIPP--from relatively minor to more significant. The 2006 NIPP established the requirement to conduct a comprehensive review of the NIPP and fully reissue the plan every three years to ensure that it is current and of maximum value to all security partners as a national unifying plan for critical infrastructure protection. However, it is also important to provide periodic reviews to identify and address significant issues so that all NIPP partners are aware of these issues and their potential impact. Review of the NIPP in response to the June 2008 FRN provided proposed changes. The purpose of this notice is to invite interested parties to review the resulting draft of the revised NIPP (see http://www.regulations.gov) and propose edits and changes to this new document. Note that a detailed technical edit and check of acronyms will be conducted when all the comments are incorporated. III. Initial List of Issues To Be Updated in the NIPP Since the NIPP was released in June 2006, DHS and its partners have been working to implement the risk management framework and the sector partnership model to protect the Nation's CIKR. Throughout this implementation, DHS has engaged the NIPP feedback mechanisms to capture lessons learned and issues that need to be revised and updated in future versions of the NIPP. This section presents a brief summary of some of these issues to serve as a guide to reviewers and commenters in their review of the draft revised NIPP: Publishing the Sector Specific Plans (SSPs). Establishment of Critical Manufacturing as the 18th CIKR sector and designation of Education as a subsector of Government Facilities. Expansion of the sector partnership model to include the geographically focused Regional Consortium Coordinating Council (RCCC). Integration with State and local fusion centers. Evolution of the National Asset Database (NADB) to the Infrastructure Information Collection System (IICS) and the Infrastructure Data Warehouse (IDW). Developments in the programs, approaches, and tools used to implement the NIPP risk management framework. Updates on risk methodologies, information sharing mechanisms, and other DHS-led programs. [[Page 67534]] Expansion and revision of the metrics discussion under the NIPP risk management framework. Description of additional Homeland Security Presidential Directives, National Strategies, and legislation. Release of the Chemical Facility Anti-Terrorism Standards (CFATS), regulating a segment of those industries that involve the production, use, and storage of high-risk chemicals. Discussion of expanded education, training, outreach, and exercise programs. Evolution from the National Response Plan (NRP) to the National Response Framework (NRF). Inclusion of further information on research and development and modeling, simulation, and analysis efforts. Additionally, the revised NIPP integrates the concepts of resiliency and protection and broadens the focus of NIPP-related programs and activities to the all-hazards environment. While the basic structure and principles have not changed, changes have been made throughout the document and interested parties are encouraged to read the portions of interest to them carefully. For purposes of review, the draft revised NIPP can be found at http:// www.regulations.gov. Robert B. Stephan, Assistant Secretary, Office of Infrastructure Protection, Department of Homeland Security. [FR Doc. E8-27106 Filed 11-13-08; 8:45 am] BILLING CODE 4410-10-P From rforno at infowarrior.org Sat Nov 15 19:51:49 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 15 Nov 2008 14:51:49 -0500 Subject: [Infowarrior] - AP temporarily refuses DOD-issued photos Message-ID: Army manipulated general's photo Nov 14 08:18 PM US/Eastern By RICHARD LARDNER Associated Press Writer http://www.breitbart.com/article.php?id=D94F1CIG0&show_article=1 WASHINGTON (AP) - The Associated Press on Friday suspended the use of photos provided by the Defense Department after the Army distributed a digitally altered photo of the U.S. military's first female four-star general. The image of Army Gen. Ann E. Dunwoody is the second Army-provided photo the AP has eliminated from its service in the last two months. The AP said that adjusting photos and other imagery, even for aesthetic reasons, damages the credibility of the information distributed by the military to news organizations and the public. "For us, there's a zero-tolerance policy of adding or subtracting actual content from an image," said Santiago Lyon, the AP's director of photography. Santiago said the AP is developing procedures to protect against further occurrences and, once those steps are in place, it will consider lifting the ban. He said the AP is also discussing the problem with the military. Col. Cathy Abbott, chief of the Army's media relations division, said the Dunwoody photo did not violate Army policy that prohibits the cropping or editing of a photo to misrepresent the facts or change the circumstances of an event. She did not know who changed the photo or which Army office released it, she said. Dunwoody was promoted to full general on Friday at a Pentagon ceremony attended by Gen. George Casey, the Army chief of staff. In the original photo, the general appears to be sitting at a desk with a credenza and bookshelf behind her. Three stars on her uniform identify her as a lieutenant general, her rank before Friday's promotion. The altered photo, distributed by the Army and run on the AP's photo wire Thursday, shows Dunwoody in fatigues in front of an American flag. Her rank, affixed to the front of a soldier's tunic, is not visible. "We're not misrepresenting her," Abbott said. "The image is still clearly Gen. Dunwoody." In September, the AP banned use of a photo of Army Staff Sgt. Darris Dawson, who was killed in Iraq. Dawson's face and shoulders appeared to have been digitally altered. Abbott said Dawson's unit did not have an official photo of him and wanted one that could be used for a memorial service. "That photo was released to the public strictly by accident," she said. "We apologized for that." Bob Owen, deputy director of photography at the San Antonio Express- News, was the first to notice the changes in the Dawson and Dunwoody photos, finding the earlier versions on the Internet. Owen said he views all photos supplied by the Defense Department skeptically. "Photo journalists lose their jobs over this," he said. ___ On the Net: U.S. Army: http://www.army.mil Copyright 2008 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed. From rforno at infowarrior.org Sun Nov 16 17:13:39 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 16 Nov 2008 12:13:39 -0500 Subject: [Infowarrior] - German intelligence scrubs European database after Wikileaks exposure References: Message-ID: <094997F6-4214-4D30-BFED-F24FA582B6D8@infowarrior.org> WIKILEAKS PRESS RELEASE (English) For Immediate Release Sun Nov 16 04:14:36 2008 GMT "German intelligence scrubs European records after Wikileaks exposure" http://wikileaks.org/wiki/SF WIKILEAKS--Between Friday night and Sunday morning, a massive deletion operation took place at the European Internet address register (RIPE) to scrub references to a cover used by Germany's premier spy agency, the Bundesnachrichtendienst, or BND. The cleanup operation comes the night after Wikileaks' revealed of over two dozen covert BND networks provided by T-Systems (Deutsche Telekom). The addresses were assigned to an unregistered company at a Munich-based PO box linked to T-Systems. The telco purged the RIPE database of all networks exposed by Wikileaks, moving the addresses into a several giant anonymous "Class B" address pools. The move comes just a few hours after T-Systems Computer Emergency Response Team (CERT) contacted Wikileaks to demand removal of an internal T-Systems memo listing the BND cover addresses. Wikileaks refused and T-System did not respond to requests for further detail by the time of writing. Yet an investigation into the addresses over the weekend reveals key information about the BND's Internet activities. Findings include the removal of information on the BND's own German Wikipedia entry--which stated that the Goethe Institute was sometimes used as BND cover, visits to websites including the Russian government and a Berlin escort agency (perhaps for "honey traps"), as well as crawling the Internet for terrorism related topics, such as the assassination of Iraqi insurgent leader Abu Musab Zarqawi. Website references reveal that in 2006 numerous hosters of Internet websites complained about out of control "data mining" robots from two of the BND-linked IP addresses. One of the hosters ran a popular discussion forum on counter-terrorism operations. The integrity and transparency of the RIPE system is not assisted by the T-Systems deletion. German citizens may wonder at the double standard. At a time when individual's Internet addresses are being recorded by ISPs under data retention laws derisively referred to as "Stasi 2.0", the "real Stasi" has had the largest telco in Germany scrub its addresses from the European record within 24 hours of their exposure. For further information and documents on the case please see: http://wikileaks.org/wiki/German_Secret_Intelligence_Service_%28BND%29_T-Systems_network_assignments%2C_13_Nov_2008 and the according discussion page: http://wikileaks.org/wiki/Talk:German_Secret_Intelligence_Service_%28BND%29_T-Systems_network_assignments%2C_13_Nov_2008 From rforno at infowarrior.org Sun Nov 16 17:37:30 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 16 Nov 2008 12:37:30 -0500 Subject: [Infowarrior] - Judge: No cryptographic hash analysis without warrant Message-ID: Judge: No cryptographic hash analysis without warrant By Dan Goodin in San Francisco ? Get more from this author Posted in Law, 15th November 2008 00:08 GMT http://www.theregister.co.uk/2008/11/15/cryptographic_hash_search_ruling/ In a case that could have important implications for law enforcement investigations throughout the US, a federal judge has ruled that the cryptographic fingerprinting of suspects' hard drives constitutes a search for purposes of the Constitution. The decision by US District Judge Yvette Kane in the Middle District of Pennsylvania rejected prosecutors' arguments that running a hash value on the contents of a hard drive didn't qualify as a search because agents didn't actually open any of the suspect's files. Instead, she said agents overstepped their authority when they used a forensic tool called EnCase to take the cryptographic signature of each file on the hard drive of Robert Ellsworth Crist III, a man who was later found possessing a large cache of child pornography. "To derive the hash values of Crist's computer, the government physically removed the hard drive from the computer, created a duplicate image of the hard drive without physically invading it, and applied the EnCase program to each compartment, disk, file, folder and bit," Kane wrote. "By subjecting the entire computer to a hash value analysis - every file, internet history, picture, and 'buddy list' became available for government review. Such examination constitutes a search." Because Pennsylvania investigators examined the hard drive without first getting a search warrant, Kane ordered the evidence to be suppressed. Under the US Constitution's Fourth Amendment, searches are only authorized when law enforcement officials have a valid warrant. The EnCase program allowed investigators to examine Crist's hard drive cluster by cluster and bypass user passwords to create an index of each file, even if it had already been deleted. Agents then compared the hash values of the files with a database of known child pornography. The analysis uncovered five videos containing known child pornography, according to the decision. A subsequent examination using a different method revealed 1,600 images of child porn. Crist became a suspect while he was being evicted by his landlord. Someone who took possession of his computer stumbled upon some of the forbidden files and reported them to police. Kane also rejected prosecutors contention that Crist's computer should be considered a single container that had already been breached when the landlord's acquaintance accessed it. "Rather, a hard drive is comprised of many platters, or magnetic data storage units, mounted together," the judge wrote. In essence, she said, each platter constituted its own separate container and the acquaintance's search of one didn't breach the others. From rforno at infowarrior.org Mon Nov 17 04:46:31 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 16 Nov 2008 23:46:31 -0500 Subject: [Infowarrior] - China fights back against MS DRM Message-ID: <43BE013C-9416-4848-B9CF-9DAF68932C88@infowarrior.org> China's consumers are flexing their muscles in Microsoft fight By Kathrin Hille and Mure Dickie in Beijing Published: November 17 2008 02:00 | Last updated: November 17 2008 02:00 http://www.ft.com/cms/s/0/f9d08bca-b446-11dd-8e35-0000779fd18c.html?nclick_check=1 When Microsoft rolled out its latest anti-piracy initiative this year, it was not aimed at any particular country. Windows Genuine Advantage, a tool that identifies users of counterfeit software and pushes them to buy the real thing, was launched worldwide in several geographical blocs. But Microsoft ran into trouble when the roll-out hit China last month. While users in other markets kept silent when hit by one of WGA's more extreme features, a mechanism that blackens the desktop background on computers found to be using counterfeit Windows, their Chinese peers broke into a storm of anger, forcing Microsoft officials in the country into damage control mode. China's piracy rates, at 82 per cent according to the Business Software Alliance, are not the world's worst. But the country's sheer size means piracy generates vastly bigger losses there - $6.7bn for all software companies last year - than in any other market, according to the industry group. In a dramatic illustration of the scope of the problem, several million Chinese are using a Windows license key held by the University of Pennsylvania, which is freely available on the web. But fighting these problems is proving a sensitive affair in an increasingly nationalistic country that is well aware of its weight in the global economy. Last month, Dong Zhengwei, a Beijing-based lawyer, called on the police to pursue Microsoft for what he called a "hacker-style attack" on consumers. Local bloggers have also taken up the issue in fervent postings. "If we ignore them for six months, they will come back begging us to take it for free," one blogger called 'liangyouliang' wrote at the weekend. "If they don't seek good relations with us and not give us a little something for our [exported] clothes, then the people of their country will go naked." Well aware of the mood expressed by such postings, the government has also criticised Microsoft. "Violating consumers' rights just to protect your own rights is inappropriate," warns Liu Binjie, Commissioner of the National Copyright Administration. He adds that in future he wants the company to discuss anti-piracy measures with the government before they are launched. Like other multinationals doing business in China, Microsoft cannot ignore that message. People familiar with the company's dialogue with the government say that it needs to apply more diligence to its intellectual property rights strategy in China. They say that the next planned big anti- piracy step, the shutting down of illegitimately-used software license keys such as that held by the University of Pennsylvania, will not go ahead until the current crisis in China is resolved. Separately, Microsoft is taking another look at its anti-piracy tool, and does not exclude the possibility that it could look different in the future. "Microsoft engineers are working on ways to improve the user experience," says Garth Fort, Microsoft's marketing head for Greater China. Although China-specific changes that would take away the black desktop feature are deemed unlikely, there could be global adjustments to WGA triggered by the Chinese protests. The reason is simple: China is becoming an extremely important market. Microsoft's revenue in Brazil, Russia, India and China grew more than 50 per cent in the fiscal year to June 30, more than double the world average. Company officials point to the fact that more than one-fifth of the world's computer science students are now in Chinese universities. If the software group falls foul of Chinese public opinion, what is at risk is not just its standing with today's Chinese consumers but its image with tomorrow's softw From rforno at infowarrior.org Mon Nov 17 16:51:35 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 17 Nov 2008 11:51:35 -0500 Subject: [Infowarrior] - Russian spy at NATO may have passed IW and MD secrets Message-ID: (c/o D) From Times Online November 16, 2008 Russian spy in Nato could have passed on missile defence and cyber-war secrets Roger Boyes in Berlin http://www.timesonline.co.uk/tol/news/world/europe/article5166227.ece A spy at the heart of Nato may have passed secrets on the US missile shield and cyber-defence to Russian Intelligence, it has emerged. Herman Simm, 61, an Estonian defence ministry official who was arrested in September, was responsible for handling all of his country's classified information at Nato, giving him access to every top-secret graded document from other alliance countries. He was recruited by the Russians in the late 1980s and has been charged in Estonia with supplying information to a foreign power. Several investigation teams from both the EU and Nato, under the supervision of a US officer, have flown to the Estonian capital Tallinn to assess the scope of what is being seen as the most serious case of espionage against Nato since the end of the Cold War. ?The longer they work on the case, the more obvious it becomes how big the impact of the suspected treachery really is,? according to Der Spiegel magazine. A German official described the Russian penetration of Nato as a "catastrophe". Comparisons are being drawn with the case of Aldrich Ames, the former head of the CIA counter-intelligence department who was in effect Russia's top agent in the US. "Simm became a proper agent for the Russian government in the mid-1990s," says the Estonian deputy Jaanus Rahumaegi who heads the country's parliamentary control commission for the security services. On the face of it, the Simm case resembles the old-fashioned Cold War spy story. He used a converted radio transmitter to set up meetings with his contact, apparently someone posing as a Spanish businessman. As in the 1950s and 1960s, it seems that the operation was a husband- and-wife team. His wife Heete ? who previously worked as a lawyer at the national police headquarters ? has also been detained on charges of being an accessory to treason. Mr Simm was ensnared because of blunders that have dogged modern espionage ever since the KGB first pitted itself against the West. First, he bought up several pieces of valuable land and houses including a farmhouse on the Baltic Sea and a grand white-painted villa outside Tallinn. Second, his contact officer got careless and tried to recruit a second agent ? who reported the incident to the security authorities. That is when the Estonian mole-hunters began to reconstruct the movements of the supposed Spaniard and followed the thread back to the agent inside Nato. But Mr Simm was not some relic from the days of Kim Philby or other notorious deep-cover agents. He was at the cutting edge of one of Nato?s most important new strategic missions: to defend the alliance against cyber-attack. Mr Simm headed government delegations in bilateral talks on protecting secret data flow. And he was an important player in devising EU and Nato information protection systems. Estonia ? described by NATO Secretary General Jaap de Hoop Scheffer as "Nato's most IT-savvy nation" ? conducts much of its government and commercial business online. People vote and pay their taxes online, government meetings involve almost no paperwork. As a result, when it angered Russia in 2007, by removing a Soviet war memorial, it became the target of hostile attacks on the internet. Estonia has been lobbying hard to put cyber-defence on the Nato agenda, and has set up a Cyber Defence centre in Tallinn which is supposed to help the Alliance as a whole. Now that project could be compromised. The other important question in the Simm case is whether he was operating alone. A senior Estonian police officer claimed asylum in Britain in the 1990s reportedly telling the authorities that he was trying to escape pressure from the Russian secret service to sell secrets. The Russians, it seems, were keen to buy as many place-men as they could: the prospect of Nato forces hard up against the northern Russian border was too alarming for the Kremlin. Moreover, Mr Simm was for many years in charge of issuing security clearance: he could have nodded through other Russian agents. Mr Simm is likely to be formally arraigned at the beginning of next year after the damage control teams from Nato have completed their work. If found guilty he could face between three and fifteen years in prison. Neither the Simms, nor their defence lawyer, have commented on the charges. Nato too has refused to say anything. But there is no doubting that the case is a serious embarrassment. And though Russia may have lost an agent ? "a gold card operative" according to one Estonian newspaper ? it has achieved a tactical victory by sewing suspicion between western Nato members and the new east and central European entrants. From rforno at infowarrior.org Mon Nov 17 17:09:01 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 17 Nov 2008 12:09:01 -0500 Subject: [Infowarrior] - Tech: Rupert Murdoch is right (yes, I said it) Message-ID: Murdoch to Aussies: embrace technology Glenda Korporaal | November 08, 2008 Article from: The Australian http://www.theaustralian.news.com.au/story/0,25197,24619205-7582,00.html NEWS Corporation chief Rupert Murdoch is urging Australians to move out of their comfort zones and embrace new technology. In his second of five Boyer Lectures, The Challenge of Technology, which will be aired on ABC Radio National at 5pm tomorrow, Mr Murdoch says people should stop whingeing about the challenge of new technology and "get out in front of it". He says new technology, such as the internet, is destroying business models that have been used for decades, particularly those with a "one size fits all" approach to their customers. The US television networks are finding their audiences shrinking every day, he says. "People suddenly have a growing multitude of choices -- and they are rightly exercising those choices," Mr Murdoch says. The near monopoly of classified advertisements that newspapers once enjoyed is being threatened by websites retailing cars and jobs and consumer sites, such as Craigslist in the US. The chairman and chief executive of News Corporation, owner of The Weekend Australian, says new technology is "ushering in a new golden age for human kind". It is becoming easier and cheaper for people to buy and sell. People can do more of what they want at a cheaper cost and the disadvantaged now have greater access to information than at any time in history, Mr Murdoch says. Technology is also "allowing the little guy to do what once required a huge corporation". Mr Murdoch cites the Drudge Report website run by US columnist Matt Drudge, which mainly alerts readers to content on other websites and articles he finds interesting. "Even those who don't like him click on to his website every day," Mr Murdoch says. "Drudge has succeeded in challenging all the leading media companies of our day -- including mine. And he has done it with minimal start-up costs: a computer, a modem and some space on a server." Mr Murdoch says that as technology levels playing fields, the "human factor" is more important. "If you run a business, you need good people more than ever," he says. From rforno at infowarrior.org Tue Nov 18 01:13:02 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 17 Nov 2008 20:13:02 -0500 Subject: [Infowarrior] - Feds can lojack mobiles without telco help Message-ID: <88565E46-EC2D-42FC-89CB-BCCD83DABD86@infowarrior.org> FOIA docs show feds can lojack mobiles without telco help By Julian Sanchez | Published: November 16, 2008 - 10:45PM CT http://arstechnica.com/news.ars/post/20081116-foia-docs-show-feds-can-lojack-mobiles-without-telco-help.html Courts in recent years have been raising the evidentiary bar law enforcement agents must meet in order to obtain historical cell phone records that reveal information about a target's location. But documents obtained by civil liberties groups under a Freedom of Information Act request suggest that "triggerfish" technology can be used to pinpoint cell phones without involving cell phone providers at all. Triggerfish, also known as cell-site simulators or digital analyzers, are nothing new: the technology was used in the 1990s to hunt down renowned hacker Kevin Mitnick. By posing as a cell tower, triggerfish trick nearby cell phones into transmitting their serial numbers, phone numbers, and other data to law enforcement. Most previous descriptions of the technology, however, suggested that because of range limitations, triggerfish were only useful for zeroing in on a phone's precise location once cooperative cell providers had given a general location. This summer, however, the American Civil Liberties Union and Electronic Frontier Foundation sued the Justice Department, seeking documents related to the FBI's cell-phone tracking practices. Since August, they've received a stream of documents?the most recent batch on November 6?that were posted on the Internet last week. In a post on the progressive blog Daily Kos, ACLU spokesperson Rachel Myers drew attention to language in several of those documents implying that triggerfish have broader application than previously believed. As one of the documents intended to provide guidance for DOJ employees explains, triggerfish can be deployed "without the user knowing about it, and without involving the cell phone provider." That may be significant because the legal rulings requiring law enforcement to meet a high "probable cause" standard before acquiring cell location records have, thus far, pertained to requests for information from providers, pursuant to statutes such as the Communications Assistance for Law Enforcement Act (CALEA) and the Stored Communications Act. The Justice Department's electronic surveillance manual explicitly suggests that triggerfish may be used to avoid restrictions in statutes like CALEA that bar the use of pen register or trap-and-trace devices?which allow tracking of incoming and outgoing calls from a phone subject to much less stringent evidentiary standards?to gather location data. "By its very terms," according to the manual, "this prohibition applies only to information collected by a provider and not to information collected directly by law enforcement authorities.Thus, CALEA does not bar the use of pen/trap orders to authorize the use of cell phone tracking devices used to locate targeted cell phones." Perhaps surprisingly, it's only with the passage of the USA PATRIOT Act in 2001 that the government has needed any kind of court order to use triggerfish. While previously, the statutory language governing pen register or trap-and-trace orders did not appear to cover location tracking technology. Under the updated definition, these explicitly include any "device or process which records or decodes dialing, routing, addressing, and signaling information." From rforno at infowarrior.org Tue Nov 18 01:22:59 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 17 Nov 2008 20:22:59 -0500 Subject: [Infowarrior] - That Damn Ram Challenge Message-ID: <6D487EAF-D88A-4B0C-AA91-B181FB60D1B5@infowarrior.org> I couldn't agree more. Bad timing, bad imagery, bad economy, and a total waste of advertising dollars on *so* many levels.....utterly stupid, to boot! --rf That Damn Ram Challenge Posted by Dale Dougherty, November 17, 2008 2:53 PM | http://www.boingboing.net/2008/11/17/that-damn-ram-challe.html Since mid-October, Dodge has been rolling out its 2009 Ram truck with a set of commercials that run during NFL and college football games and elsewhere testosterone flows. These ads "feature" Dodge Ram trucks being driven into flaming buildings and around, through and over other kinds of obstacles. The slogan is "Never Back Down." The "shock-and- awe" ads direct you to a Yahoo website: ramchallenge.com for a series of webisodes. Here's the trailer, all part of a multimillion, multimedia extravangza that's enough to make you sick. < - > Quick, jump in an oversized American-made truck, see how fast it can go downhill without crashing, next tow a heavy trailer (pensions?) along hair-pin curves without tumbling down a hillside, and then go try to build and cross a makeshift bridge without dropping into a deep gully. During this race to the finish, you're running out of time and trying to avoid disaster. The media in helicopters hover above you, following your every move, waiting to move in. Even if you make it, the group that finishes last is eliminated. It's like we're watching a dream sequence from a movie about a US auto industry exec! Wake up, wake up! To place a bet this size selling the wrong product at the wrong time is like pushing all your chips to the middle of the poker table and bluffing with a pair of threes. Is there any way any of the auto companies win? Do you and other US taxpayers want to add your own money to their pile? Never Back Down? Never Surrender? How is this for a new slogan: "Hold On!" It's better than "Fold." The oddest thing about the Ram Challenge reality-ad is the warning that accompanies it: "Chrysler, LLC, Dodge and its Agencies insist that no one attempt to replicate the activity on this site." No, few of us have this kind of budget, even if such "stupid fun" somehow made sense for anyone to want to do. < - > http://www.boingboing.net/2008/11/17/that-damn-ram-challe.html From rforno at infowarrior.org Tue Nov 18 13:39:08 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Nov 2008 08:39:08 -0500 Subject: [Infowarrior] - Web Sites That Dig for News Rise as Watchdogs Message-ID: <3E3E5556-F940-4897-A172-CB0333BD86EB@infowarrior.org> November 18, 2008 Web Sites That Dig for News Rise as Watchdogs By RICHARD P?REZ-PE?A http://www.nytimes.com/2008/11/18/business/media/18voice.html?_r=1&hp=&pagewanted=print SAN DIEGO ? Over the last two years, some of this city?s darkest secrets have been dragged into the light ? city officials with conflicts of interest and hidden pay raises, affordable housing that was not affordable, misleading crime statistics. Investigations ensued. The chiefs of two redevelopment agencies were forced out. One of them faces criminal charges. Yet the main revelations came not from any of San Diego?s television and radio stations or its dominant newspaper, The San Diego Union-Tribune, but from a handful of young journalists at a nonprofit Web site run out of a converted military base far from downtown?s glass towers ? a site that did not exist four years ago. As America?s newspapers shrink and shed staff, and broadcast news outlets sink in the ratings, a new kind of Web-based news operation has arisen in several cities, forcing the papers to follow the stories they uncover. Here it is VoiceofSanDiego.org, offering a brand of serious, original reporting by professional journalists ? the province of the traditional media, but at a much lower cost of doing business. Since it began in 2005, similar operations have cropped up in New Haven, the Twin Cities, Seattle, St. Louis and Chicago. More are on the way. Their news coverage and hard-digging investigative reporting stand out in an Internet landscape long dominated by partisan commentary, gossip, vitriol and citizen journalism posted by unpaid amateurs. The fledgling movement has reached a sufficient critical mass, its founders think, so they plan to form an association, angling for national advertising and foundation grants that they could not compete for singly. And hardly a week goes by without a call from journalists around the country seeking advice about starting their own online news outlets. ?Voice is doing really significant work, driving the agenda on redevelopment and some other areas, putting local politicians and businesses on the hot seat,? said Dean Nelson, director of the journalism program at Point Loma Nazarene University in San Diego. ?I have them come into my classes, and I introduce them as, ?This is the future of journalism.? ? That is a subject of hot debate among people who closely follow the newspaper industry. Publishing online means operating at half the cost of a comparable printed paper, but online advertising is not robust enough to sustain a newsroom. And so financially, VoiceofSan Diego and its peers mimic public broadcasting, not newspapers. They are nonprofit corporations supported by foundations, wealthy donors, audience contributions and a little advertising. New nonprofits without a specific geographic focus also have sprung up to fill other niches, like ProPublica, devoted to investigative journalism, and the Pulitzer Center on Crisis Reporting, which looks into problems around the world. A similar group, the Center for Investigative Reporting, dates back three decades. But some experts question whether a large part of the news business can survive on what is essentially charity, and whether it is wise to lean too heavily on the whims of a few moneyed benefactors. ?These are some of the big questions about the future of the business,? said Robert H. Giles, curator of the Nieman Foundation for Journalism at Harvard. Nonprofit news online ?has to be explored and experimented with, but it has to overcome the hurdle of proving it can support a big news staff. Even the most well-funded of these sites are a far cry in resources from a city newspaper.? The people who run the local news sites see themselves as one future among many, and they have a complex relationship with traditional media. The say that the deterioration of those media has created an opening for new sources of news, as well as a surplus of unemployed journalists for them to hire. ?No one here welcomes the decline of newspapers,? said Andrew Donohue, one of two executive editors at VoiceofSanDiego. ?We can?t be the main news source for this city, not for the foreseeable future. We only have 11 people.? Those people are almost all young, some of them refugees from older media. The executive editors, Mr. Donohue, 30, and Scott Lewis, 32, each had a few years of experience at small papers before abandoning newsprint. So far, their audience is tiny, about 18,000 monthly unique visitors, according to Quantcast, a media measurement service. The biggest of the new nonprofit news sites, MinnPost in the Twin Cities and the St. Louis Beacon, can top 200,000 visitors in a month, but even that is a fraction of the Internet readership for the local newspapers. VoiceofSanDiego?s site looks much like any newspaper?s, frequently updated with breaking news and organized around broad topics: government and politics, housing, economics, the environment, schools and science. It has few graphics, but plenty of photography and, through a partnership with a local TV station, some video. But it is, of necessity, thin ? strictly local, selective in what it covers and with none of the wire service articles that plump up most news sites. VoiceofSanDiego grew out of a string of spectacular municipal scandals. City councilmen took bribes from a strip club owner, a mishandled pension fund drove the city to the brink of bankruptcy and city officials illegally covered up the crisis, to name a few. A semiretired local businessman, Buzz Woolley, watched the parade of revelations, fraud charges and criminal convictions, seething with frustration. He was particularly incensed that the pension debacle had developed over several years, more or less in plain sight, but had received little news coverage. ?I kept thinking, ?Who?s paying attention?? ? Mr. Woolley recalled. ?Why don?t we hear about this stuff before it becomes a disaster?? ? In 2004, his conversations with a veteran columnist, Neil Morgan, who had been fired by The Union-Tribune, led to the creation of VoiceofSanDiego, with Mr. Woolley as president, chief executive and, at first, chief financial backer. Most of this new breed of news sites have a whiff of scruffy insurgency, but MinnPost, based in Minneapolis, resembles the middle- age establishment. Its founder and chief executive, Joel Kramer, has been the editor and publisher of The Star Tribune, of Minneapolis, and its top editors are refugees from that paper or its rival, The Pioneer Press in St. Paul. MinnPost is rich compared with its peers ? with a $1.5 million bankroll from Mr. Kramer and several others when it started last year, and a $1.3 million annual budget ? and it has been more aggressive about selling ads and getting readers to donate. The full-time editors and reporters earn $50,000 to $60,000 a year, Mr. Kramer said ? a living wage, but less than they would make at the competing papers. MinnPost has just five full-time employees, but it uses more than 40 paid freelance contributors, allowing it to do frequent reporting on areas like the arts and sports. If MinnPost is the establishment, The New Haven Independent is a guerrilla team. It has no office, and holds its meetings in a coffee shop. The founder and editor, Paul Bass, who spent most of his career at an alternative weekly, works from home or, occasionally, borrows a desk at a local Spanish-language newspaper. In addition to state and city affairs, The Independent covers small- bore local news, lately doing a series of articles on people who face the loss of their homes to foreclosure. With a budget of just $200,000, it has a small staff ? some are paid less than $30,000 ? and a small corps of freelancers and volunteer contributors. It does not sell ads, which Mr. Bass says would be impractical. ?There?s room for a whole range of approaches, and we?re living proof that you can do meaningful journalism very cheaply,? Mr. Bass said. Crosscut.com, a local news site in Seattle, does reporting and commentary of its own, but also aggregates articles from other news sources. It began last year as a business, but is changing to nonprofit status. VoiceofSanDiego took yet another approach, hiring a crew of young, hungry, full-time journalists, paying them salaries comparable to what they would make at large newspapers and relying less on freelancers. Mr. Donohue and Mr. Lewis earned $60,000 to $70,000 last year, according to the VoiceofSan Diego I.R.S. filings. On a budget under $800,000 this year ? almost $200,000 more than last year ? everyone does double duty. Mr. Lewis writes a political column, and Mr. Donohue works on investigative articles. But the operation is growing and Mr. Woolley says he has become convinced that the nonprofit model has the best chance of survival. ?Information is now a public service as much as it?s a commodity,? he said. ?It should be thought of the same way as education, health care. It?s one of the things you need to operate a civil society, and the market isn?t doing it very well.? From rforno at infowarrior.org Tue Nov 18 17:03:05 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Nov 2008 12:03:05 -0500 Subject: [Infowarrior] - How Can So Much Spam Come From One Place? Message-ID: <4AB598D3-EB2F-4798-A999-EC4CB44CCB0F@infowarrior.org> How Can So Much Spam Come From One Place? By Brian Krebs washingtonpost.com Staff Writer Tuesday, November 18, 2008; 9:18 AM http://www.washingtonpost.com/wp-dyn/content/article/2008/11/18/AR2008111801120_pf.html At roughly 4:30 p.m. Eastern time last Tuesday, the volume of junk e- mail arriving at inboxes around the world suddenly plummeted by at least 65 percent, an unprecedented drop caused by what is believed to be a single, simple act. According to security experts, one Silicon Valley based computer firm was playing host to computers of various organizations that controlled the distribution of much of the world's spam. Confronted with evidence tracing the spam activity back to the hosting firm, McColo Corp., Internet service providers pulled the plug, severing McColo's online connections. By nearly all accounts, spam volumes have remained at far diminished levels, though experts interviewed for this story expect spam to soon bounce back or even exceed previous levels. But the question remains: How could such a massive concentration of spam activity be hosted for so long from the servers at a single U.S.-based facility, in the belly of the security and tech community in Silicon Valley? The answer exemplifies how complex the battle against spam has become. Like other Internet hosting firms, McColo -- which has not been charged with any crime and has been unavailable for comment -- assigns certain Internet addresses for its clients' computers to use. In effect, that's how those firms operate on the Web. But the spam often does not come directly from those computers, according to security experts who have documented the activity. Rather, McColo appears to have been home to a number of key Internet servers -- computers that control networks of computers -- that were used by their respective owners to coordinate the actions of hundreds of thousands of PCs that may be compromised with malicious software designed to turn them into spam-spewing zombies. According to research by several in the computer security community, some of the largest collections of hacked PCs, known as robot networks or "botnets," may have had their master control servers hosted at McColo. Assigned such curious monikers such as "Srizbi," "Rustock," "Mega-D" and "Cutwail" by anti-virus vendors, the networks of compromised computers around the world are named after the malicious software that powers them. The botnets typically are rented out to junk e-mail purveyors. The spammers then sign in remotely to those control servers and use them to coordinate the sending of billions of e-mails a day touting everything from knockoff pharmaceuticals and designer goods to pornography and get-rich-quick scams. But when McColo was taken offline by its Internet providers, so, too, were all of the botnet control servers located there. That means hundreds of thousands of computers that remain infected with these bot programs were left like sheep without a shepherd, waiting and searching the Web for a new set of instructions from the criminal gangs that controlled them. Joe Stewart, director of malware research for Atlanta-based SecureWorks, said some botnets might remain disconnected. For the moment, the Internet's three largest spam botnets appear to be stranded and unable to contact more than a small number of the their control servers, according to Marshal, a computer security firm in the United Kingdom that tracks bot activity. Both Stewart and Marshal say the criminals responsible for maintaining those botnets will quickly find ways to revive them. Not everyone has seen fewer spam messages in their inboxes after McColo's shutdown. Adam O'Donnell, director of emerging technologies at Cloudmark, an e-mail security company in San Francisco, said those who did not see a drop in spam from the McColo shutdown likely subscribe to an Internet service provider that already does an effective job blocking 99 percent of junk e-mail. "People who had really good systems in place probably didn't benefit from this, while those who had more marginal spam filter protection likely saw a significant drop off in spam," O'Donnell said. Evidence collected by anti-spam groups strongly suggests that not only was McColo hosting major gateways for the sending of spam, but it also was home to the most world's most aggressive e-mail address harvesting services. In the underground spam economy, e-mail addresses are a valuable commodity, as they represent both the beginning and end points of any junk e-mail operation. Spam distribution lists typically are assembled using automated computer programs, or "bots," that continuously trawl millions of Web sites much the way that search engines do -- scouring them for e-mail addresses. The addresses are then sold to spam networks, which use them as not only the destination for their junk e-mail, but also as the apparent source by "spoofing" the messages to make them appear as though they were sent by real, live e-mail users. In many cases, those responsible for harvesting e-mail addresses are not the same people sending the spam, but rather individuals who will sell the lists to known spam operators. Matthew Prince, chief executive of Unspam Technologies and founder of Project Honey Pot, a collaborative effort that secretly gathers intelligence about the world's largest spam networks, has tracked the spam harvesting bots hosted at McColo for more than two years. Project Honey Pot's free technology, which is deployed at more than 20,000 Web sites, tries to track these crawler bots by assigning a unique "spam trap" e-mail address to each participating site. The dummy addresses are designed to be difficult for humans to find but very easy for the bots to gather. The project's software then records the Internet address of any visitor and the date and time of the visit. Because those addresses are never used to sign up for e-mail lists, the software can help investigators draw connections between harvesters and spammers if an address generated by a spam trap or "honey pot" later receives junk e-mail. Prince said statistics from Project Honey Pot suggest that crawler bots hosted at McColo are responsible for more than 30 million spam messages sent to the project's e-mail traps since June 2006. "And our spam traps constitute a tiny fraction of the e-mail addresses in the world," Prince said. The project estimates that each e-mail address harvested by bots at McColo could expect to receive an additional 2,000 junk e-mail messages a year as a result. Such activity could have major implications for businesses that list large numbers of employee e-mail addresses on their Web sites. "Consider what this activity means for, say, a single law firm that publishes on its site the e-mail addresses for each of its 50 attorneys," Prince said. "After the firm's site gets crawled by the bots at McColo, that means that firm can expect to receive at least 100,000 more pieces of spam than it would have otherwise." While there are hundreds of millions of e-mail addresses already registered, spammers need every address they can get their hands on because such a tiny percentage of people who receive the messages actually buy anything from them. A study by University of California researchers released in October estimated that the criminals behind the Storm worm -- which powered a botnet once responsible for sending about 20 percent of all spam -- made on average between $7,000 and $9,000 a day sending pharmaceutical spam. But the Storm worm purveyors had to send prodigious amounts of spam to gin up a single customer: The researchers found that while only about 1 in every 12 million spam e-mails turned into a sale, that was enough to keep the spammers in business. Despite the level of questionable activity researchers say was coming out of networks hosted at McColo, it's not clear what if anything federal law enforcement can or should do about it, or whether anyone at the company has committed any crime. A spokesman for the FBI declined to comment for this story, as did the U.S. Secret Service. A federal law enforcement official familiar with the accusations against McColo said privately that authorities have been investigating the hosting provider, but that building a case that could convince a jury of McColo's complicity in the activity has proven difficult. Some in the security community, while applauding McColo's Internet providers for cutting the company off, said it should have happened sooner. John Bambenek, incident handler with the SANS Internet Storm Center, which tracks hacking trends, said he doubts either provider was unaware of the alleged activity at McColo. "The upstream providers may claim they didn't know, but that's about as convincing as a motel operator who is renting rooms by the hour and hearing the exploits from the hallway and being shocked when the police show up to bust the prostitution ring," Bambenek said. But Benny Ng, director of infrastructure for Hurricane Electric, one of the Internet providers that cut off McColo's online connections, said that "until we were provided with the Washington Post report, there was no compelling overall picture." He added that many people, "including some professionals, think it is perfectly reasonable for an Internet service provider to intercept and inspect their customers traffic, including reading customers' email. Hurricane Electric does NOT condone or practice this, as this is illegal due to privacy laws." Ng said his company monitors spam blacklists for Internet addresses used to send spam, but even those lists would not have flagged the botnet control servers hosted by McColo. "Specifically in this case, the scope and complexity [of what was going on at McColo] was nearly imperceptible," said Ng. "The indirect nature of this network abuse, with compromised computers all over the world, was particularly subversive." Global Crossing, the other major provider that pulled the plug on McColo's access, refused to comment. If U.S. law enforcement was reluctant to act against McColo before the company's Internet providers pulled the plug, there are no signs that they any more willing after the incident. Sometime on Saturday, McColo's principals briefly reconnected the company's Web servers to a major Internet provider in Europe. "The best part about this story is that they haven't physically moved their servers... they're still in Market Post Tower in sunny San Jose," at the very same Internet addresses, wrote Atif Mushtaq, a researcher and engineer at Fireeye. Fireeye said the European ISP on Sunday severed its relationship with McColo under pressure from the security community. But that may have been enough time for criminals behind the Rustock botnet to reclaim control of between 10,000 and 15,000 of the estimated 100,000 computers infected with the malware, Fireeye estimates. Experts say it's not uncommon for cyber criminals to stage their operations out of the United States, regardless of where the criminals themselves may be based. After all, U.S. Internet providers offer some of the fastest, cheapest and most reliable Internet services on the planet. "These guys like going after well-hosted infrastructure in good economies, because it gives them the resiliency that any business looks for," said Vincent Weafer, senior director of development for Symantec Security Response. What's more, dependability and server uptime are important in cutthroat businesses for which an outage of a few hours can staunch the flow of spam and cost thousands of dollars. From rforno at infowarrior.org Tue Nov 18 19:14:48 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Nov 2008 14:14:48 -0500 Subject: [Infowarrior] - Apple brings HDCP to a new aluminum MacBook near you Message-ID: <37A8A96E-35BE-4400-A0FA-686EE86611EC@infowarrior.org> Apple brings HDCP to a new aluminum MacBook near you http://arstechnica.com/journals/apple.ars/2008/11/17/apple-brings-hdcp-to-a-new-aluminum-macbook-near-you By David Chartier | Published: November 17, 2008 - 03:52PM CT High Definition Content Protection (HDCP)?you can't live with it, but you practically can't buy an HD-capable device anymore without it. While HDCP is typically used in devices like Blu-ray players, HDTVs, HDMI-enabled notebooks, and even the Apple TV in order to keep DRMed content encrypted between points A and B, it appears that Apple's new aluminum MacBook (and presumably the MacBook Pro) are using it to protect iTunes Store media as well. When my friend John, a high school teacher, attempted to play Hellboy 2 on his classroom's projector with a new aluminum MacBook over lunch, he was denied by the error you see above. John's using a Mini DisplayPort-to-VGA adapter, plugged into a Sanyo projector that is part of his room's Promethean system. Strangely, only some iTunes Store movies appear to be HDCP-aware, as other purchased media like Stargate: Continuum and Heroes season 2 play through the projector just fine. Attempts to play Hellboy 2 or other HDCPed films through the projector via QuickTime also get denied. Other movies that don't work include newer films like Iron Man, Star Wars: Clone Wars, and Love Guru, but older films like Shawshank Redemption are restricted as well. The technology in Apple's MacBooks that prevents a seemingly arbitrary collection of iTunes Store files from being played on HDCP non- compliant devices is perhaps more accurately called DPCP, or DisplayPort Content Protection. As we've covered in the past, DisplayPort was designed as an open, extensible standard for computers that offers lower power consumption over DVI (especially in the Mini DisplayPort format that Apple uses on the new MacBooks). But more importantly, DisplayPort also beats DVI in the studios' books by offering the option of 128-bit AES encrypted copy protection. All of the tested files are wrapped in the same iTunes Store FairPlay Version 3 DRM, save for Stargate: Continuum, which John says has version 2. While Apple's own Apple TV has used HDCP to protect video files playing from its HDMI port, this is the first time we've heard of Apple bringing HDCP DPCP to its hardware. (It has, however, been brought to our attention that other users have been complaining about this in Apple's discussion forums for a couple of weeks.) From rforno at infowarrior.org Wed Nov 19 03:21:11 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Nov 2008 22:21:11 -0500 Subject: [Infowarrior] - Companies Shrinking Product Sizes, But Not Prices Message-ID: <9F60D0A5-7C84-42A8-B546-55A02BBA90A6@infowarrior.org> Nov 17, 2008 6:47 am US/Pacific Companies Shrinking Product Sizes, But Not Prices http://cbs5.com/consumer/shrinking.products.product.2.866401.html (CBS) From cereal and ice cream, to toilet paper and even soap, there's something happening inside some grocery stores -- the cost per item is going up on many popular everyday items, and the additional cash is buying less product, reports CBS station KTVT-TV in Dallas. When the economy began to slump, manufacturers started looking for ways to cut back. However, some people say the choice some manufacturers made is maddening. Enraged shopper, Edgar Dvorsky, started Mouseprint.org when he noticed his groceries were actually shrinking. "The companies have found a sneaky way to pass on a price increase by taking out some of the content from the package, but making the package look the same size," he explains. Dvorsky noticed the change in a jar of Skippy Peanut Butter. To the untrained eye, there's no real difference between the old jar and the new jar. But if you put to two side by side and look closely, you'll see there are actually two fewer ounces in the new Skippy jar than the old. "Most people don't check the net weight of a product to make sure it hasn't been reduced from the last time you purchased it," says Dvorsky. The size of a box of Applejacks cereal has gone from 11 ounces to 8.7 ounces, and a jar of Hellmann's Mayonnaise has shrunk from 32 ounces to 30. "Most people can't tell the difference between the old and the new except when they're side by side," Dvorsky said. "And even when they're side by side you can't tell the difference." The short change isn't only happening with food items. Scott Toilet Paper's new product says it contains 1000 sheets, which is no different than the old product. But if you check the fine print on the package, you'll notice that the old sheets were 4.5 inches x 4.0 inches. The new Scott sheets are 4.5 inches x 3.7 inches. Dan Howard, a marketing professor at Southern Methodist University, says this is a company's way of instituting a price increase without actually raising the price. "Price is much more visible," Howard says. "Consumers notice the price before they turn the box over or the jar over and say 'Gee, I'm actually getting fewer ounces of what I just bought.'" Packages of Dial Soap have also changed. The original package gave you four bars at 4.5 ounces each. The new version offers four bars at a flat 4 ounces each. That's about a half a full bar less than the original. Starkist Tuna has made some changes, reducing the size of their cans from six ounces to five. "It makes me furious on the one hand," Howard said. "But then I'm likely to laugh because it's so absurd." According to Howard there's only one was to fight back against shrinking products. "Speak with your pocketbook," he suggests. "Refuse to buy products that engage in tactics like that." Despite the urging, most shoppers who spoke with KTVT say they probably won't change their habits. "Its life, you have to pay for what you want," shopper Mandy Robertson said. Dvorsky asked several companies why their products are shrinking and most chalked it up to a rise in fuel and manufacturing costs. Their responses are posted on his website - along with more products that he's investigated. (? MMVIII, CBS Broadcasting Inc. All Rights Reserved.) From rforno at infowarrior.org Wed Nov 19 03:36:18 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Nov 2008 22:36:18 -0500 Subject: [Infowarrior] - PRC's propaganda plan Message-ID: <39877412-4C6E-4373-80A3-F4C322E4C65A@infowarrior.org> http://www.timesonline.co.uk/tol/news/world/asia/article5181300.ece November 19, 2008 Beijing propaganda chief hatches plan to combat age of internet news A parent, right, looks for a lost child at a brick kiln at Liuwu Village State television was allowed to report the discovery of slave labour in brick kilns, but was silenced after a few days Jane Macartney and Sophie Yu in Beijing China?s propaganda officials are experimenting with a revolutionary new policy to manage their message in the age of the internet: reporting the news as it happens. The move marks an important shift for the ruling Communist Party, which is accustomed to deciding what will be reported and when. However, far from being a move towards freedom of the press, the aim is to maintain control of the information available to China?s 1.3 billion people. The order came straight from the desk of China?s propaganda chief, Li Changchun, one of the nine members of the all-powerful Politburo standing committee who, faced with a bewildering array of media now available to the public, is finding it increasingly difficult to keep control of information. ?Let us use the method of providing news as the way to control news,? a well-placed source quoted Mr Li as saying in his recently issued directive. The new approach is aimed at ensuring that ultimate control of at least the most sensitive information remains in party hands. The source told The Times: ?The principle is to report an incident as soon as possible without the need to inform the leaders in advance.? Already this has streamlined official reporting of some events. In the past, major news would be allowed into the public eye only after careful vetting by senior officials. The source said: ?In the past, when something happened the usual practice was that a senior person would hold off and say he would report to the leadership. And once something was reported to the leadership then they would issue an order for a media blackout.? When a provincial television station reported the discovery of slave labour in brick kilns last year the main government television station was allowed to air the story, but was silenced after a few days. Restrictions remain in place, with the goal of ensuring that sufficient information is released to satisfy a hungry public while holding back details that could prove incendiary in a country whose leaders are deeply fearful of public unrest. The source said that the propaganda chief had indicated that the new approach to news would reduce wild gossip, particularly on the internet, where rumours and speculation are rife and wildly inaccurate reports gain credence in the absence of an official version, given the low credibility of state-run media. Mr Li?s directive is intended to keep the news in party hands by ensuring the news agenda is set by propaganda organisations rather than investigative reporters. One trigger for the approach was a scandal involving the sale of tainted baby formula that was hidden to prevent bad news from tarnishing China?s image during the Beijing Olympics. When the cover- up was discovered and reported there was widespread anger against the Government. At least four babies ? and possibly many more ? died from kidney failure after being fed milk powder contaminated with the industrial chemical melamine. The news emerged only in September after a Chinese journalist posted a report online. Other newspapers that had been aware of the problem then followed suit, forcing the Government to come out into the open. Since then, several items of bad news have been reported with unusual speed. A riot late on Monday by villagers angered by the confiscation of their homes and land in a remote northwestern town was reported by state media within hours. The public have also been given blow-by-blow accounts of taxi strikes in several cities, even though industrial action has long been a taboo subject in case it triggers wider unrest. Despite Mr Li?s exhortation, many Chinese officials are set in their ways. It was only after members of the public began sending text messages about an epidemic of maggots in mandarin oranges from the southwestern Sichuan province late last month that the authorities acknowledged they had a problem. State media said that officials tried to cover up the infestation for about a month ? even though farmers notified local authorities just two days after tens of thousands of trees were found to be affected. The party?s tight control was high-lighted in the past few days by a drive to remove the editorial board of China?s most daring magazine. An article in the September issue of Annals of the Yellow Emperor praised the Communist Party leader sacked after the 1989 Tiananmen Square student demonstrations. The report angered his successor and Mr Li has followed up the leader?s request to punish the editors and muzzle the publication. Filtering the news ? It took China 18 years before it broke its silence to reveal that 694 people ? including 597 children ? had died in a Chinese New Year?s Day inferno in a crowded cinema in 1977. There was no explanation for the delay in the news ? In 1975, 62 dams in central Henan province crumbled over the course of three days or were intentionally destroyed amid record rainfall, killing at least 175,000 people in the worst such recorded disaster in history. Government figures were declassified only in 2005 ? The extent of the 2003 outbreak of Sars, right, was originally underreported. The Chinese Government was eventually forced to release accurate figures only after a Chinese doctor blew the whistle ? Chinese officials paid high sums in compensation to families of workers who died during the building of the Bird?s Nest Stadium to ensure their silence. China admitted the deaths of two workers only after a report by The Sunday Times in January of this year ? The Government was slow to respond to contamination of milk that led to the deaths of at least four infants and the hospitalisation of 12,892. It admitted partial guilt in October and arrested 36 manufacturers State television was allowed to report the discovery of slave labour in brick kilns, but was silenced after a few days Jane Macartney and Sophie Yu in Beijing China?s propaganda officials are experimenting with a revolutionary new policy to manage their message in the age of the internet: reporting the news as it happens. The move marks an important shift for the ruling Communist Party, which is accustomed to deciding what will be reported and when. However, far from being a move towards freedom of the press, the aim is to maintain control of the information available to China?s 1.3 billion people. The order came straight from the desk of China?s propaganda chief, Li Changchun, one of the nine members of the all-powerful Politburo standing committee who, faced with a bewildering array of media now available to the public, is finding it increasingly difficult to keep control of information. ?Let us use the method of providing news as the way to control news,? a well-placed source quoted Mr Li as saying in his recently issued directive. The new approach is aimed at ensuring that ultimate control of at least the most sensitive information remains in party hands. The source told The Times: ?The principle is to report an incident as soon as possible without the need to inform the leaders in advance.? Already this has streamlined official reporting of some events. In the past, major news would be allowed into the public eye only after careful vetting by senior officials. The source said: ?In the past, when something happened the usual practice was that a senior person would hold off and say he would report to the leadership. And once something was reported to the leadership then they would issue an order for a media blackout.? When a provincial television station reported the discovery of slave labour in brick kilns last year the main government television station was allowed to air the story, but was silenced after a few days. Restrictions remain in place, with the goal of ensuring that sufficient information is released to satisfy a hungry public while holding back details that could prove incendiary in a country whose leaders are deeply fearful of public unrest. The source said that the propaganda chief had indicated that the new approach to news would reduce wild gossip, particularly on the internet, where rumours and speculation are rife and wildly inaccurate reports gain credence in the absence of an official version, given the low credibility of state-run media. Mr Li?s directive is intended to keep the news in party hands by ensuring the news agenda is set by propaganda organisations rather than investigative reporters. One trigger for the approach was a scandal involving the sale of tainted baby formula that was hidden to prevent bad news from tarnishing China?s image during the Beijing Olympics. When the cover- up was discovered and reported there was widespread anger against the Government. At least four babies ? and possibly many more ? died from kidney failure after being fed milk powder contaminated with the industrial chemical melamine. The news emerged only in September after a Chinese journalist posted a report online. Other newspapers that had been aware of the problem then followed suit, forcing the Government to come out into the open. Since then, several items of bad news have been reported with unusual speed. A riot late on Monday by villagers angered by the confiscation of their homes and land in a remote northwestern town was reported by state media within hours. The public have also been given blow-by-blow accounts of taxi strikes in several cities, even though industrial action has long been a taboo subject in case it triggers wider unrest. Despite Mr Li?s exhortation, many Chinese officials are set in their ways. It was only after members of the public began sending text messages about an epidemic of maggots in mandarin oranges from the southwestern Sichuan province late last month that the authorities acknowledged they had a problem. State media said that officials tried to cover up the infestation for about a month ? even though farmers notified local authorities just two days after tens of thousands of trees were found to be affected. The party?s tight control was high-lighted in the past few days by a drive to remove the editorial board of China?s most daring magazine. An article in the September issue of Annals of the Yellow Emperor praised the Communist Party leader sacked after the 1989 Tiananmen Square student demonstrations. The report angered his successor and Mr Li has followed up the leader?s request to punish the editors and muzzle the publication. From rforno at infowarrior.org Thu Nov 20 02:55:40 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 19 Nov 2008 21:55:40 -0500 Subject: [Infowarrior] - iTunes customers angry over DRM Message-ID: November 19, 2008 5:57 PM PST iTunes customers angry over copy protection moves at Apple Posted by Elinor Mills http://news.cnet.com/8301-13579_3-10103284-37.html?part=rss&subj=news&tag=2547-1_3-0-20 Want to watch a high-definition show from iTunes on an older external display? Good luck! Some Mac users are teed off that they are getting error messages saying the iTunes movie they rented or bought can't be played on their display because it is not HDCP (High Digital Content Protection) authorized. And some people are complaining they are only able to play certain standard definition iTunes content on their laptop or via an HDMI connection. As a result, some Apple forum participants have threatened to boycott iTunes. "And here we are now with Apple users who have spent thousands of dollars on Apple hardware (30" Cinema displays are not cheap!), buying films legitimately through Apple's store only to find themselves screwed when they just want to watch the film!" wrote "non-troppo" on the Apple Discussions Forum. Forum participant Jim Beggans complained that Apple expanded the usage limitations of iTunes without updating the published usage terms. "It is imperative that Apple address this customer concern with NEW terms of service (which will require them to offer some remedy for existing purchases) and clarify that HDCP is a now a standard part of their products regardless of which mode of the DisplayPort is in use," he Beggans wrote. ArsTechnica, which first covered the issue, reports that Apple's new MacBook is using DPCP, or DisplayPort Content Protection, which was developed by Philips. The Mini DisplayPort connector used on Apple's new MacBooks and MacBook Pros uses DPCP to prevent iTunes files from being played on devices that are not compliant with either DPCP or HDCP, a copy- protection technology used with the HDMI standard. DPCP supports the HDCP technology, but is considered a stronger level of encryption according to the Video Electronics Standard Association (click for PDF) . "While Apple's own Apple TV has used HDCP to protect video files playing from its HDMI port, this is the first time we've heard of Apple bringing HDCP DPCP to its hardware," David Chartier writes on ArsTechnica. Basically, Apple is moving forward with a new standard that is not compatible with older displays. In the past, Apple has shown a willingness to forge ahead with new technology that doesn't always play nice with the older stuff, and the decision to use the Mini DisplayPort connector on the new MacBooks and MacBook Pros ensured that DPCP and HDCP would come along for the ride. "Apple's compliance with HDCP -- a necessary but appalling condition of the content companies that deliver the HD movies and TV shows -- is beginning to close out the 'analog hole' and cause real aggravation for laptop owners with legitimate use cases, writes Michael Rose on The Unofficial Apple Weblog site. Andy Foster sums the situation up on his Computer Blog: "In other words, the only way any of us can guarantee we can play the stuff we buy that is HD is to ensure we have the newest in hardware." What does Apple have to say for itself? We don't know and likely won't. Apple representatives did not return repeated phone calls and e- mails seeking comment over two days. (CNET News' Tom Krazit contributed to this report.) From rforno at infowarrior.org Thu Nov 20 03:00:57 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 19 Nov 2008 22:00:57 -0500 Subject: [Infowarrior] - Unpaid time while Vista boots results in lawsuits Message-ID: <97A26B75-352C-4114-8E48-A13241177C80@infowarrior.org> Unpaid time while Vista boots results in lawsuits http://www.electronista.com/articles/08/11/19/vista.boot.times.lawsuit/ Certain employers are docking their employees' pay while they wait for their Vista PCs to boot up, to the tune of 30 to 60 minutes per day, resulting in class-action lawsuits being brought against the employers, says a Tuesday blog report. The employers, which include big companies such as AT&T, United Health Group and Cigna, argue workers often go on coffee, smoke or social breaks while they await their machines to boot up, and therefore do not do any work. The lawsuits have popped up over the last year and are being handled by a lawyer experienced with cases involving long boot times. As the cause of the long boot times are in essence the company's responsibility, lawyers representing the employees maintain the workforce cannot legally be docked for this. Las Vegas lawyer Mark Thierman is representing the wronged employees, while the six companies named in the lawsuit have undertaken the services of Princeton, NJ's Richard Rosenblatt from Morgan, Lewis & Bockius for defense. The unusually long boot and log-off/shutdown times, reported as between 15 and 30 minutes, could be due to running Vista on slower, older hardware and/or the company opting to use heavy-duty security and monitoring programs as part of the start-up process. Microsoft has recently launched a Vista Velocity program to improve start times with out-of-the-box PCs and has also pledged to reduce the load time for Windows 7 when it launches as early as next year. From rforno at infowarrior.org Thu Nov 20 18:56:33 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 20 Nov 2008 13:56:33 -0500 Subject: [Infowarrior] - PC Magazine dropping print for online Message-ID: <11D9BEB0-A712-47A9-81DF-8287B0B67476@infowarrior.org> PC Magazine dropping print for online Nov 19 03:29 PM US/Eastern http://www.breitbart.com/print.php?id=081119192919.36ul595y&show_article=1 PC Magazine, which has documented the explosive growth of the personal computer since 1982, announced on Wednesday that it was dropping its print edition next year and going online only. PC Magazine publisher Ziff Davis Media, which recently exited Chapter 11 bankruptcy, said in a statement that the final edition of the iconic magazine would be the January 2009 issue. Ziff Davis said PC Magazine, which has suffered a steep drop in advertising as scores of competing publications cropped up on the Internet, will go "all-digital" at PCMag.com. "Moving our flagship property to an all-digital format is the final step in an evolutionary process that has been playing out over the last seven years," Ziff Davis Media chief executive Jason Young said. "Since 2000, online has been the focal point where technology buyers get their information and technology marketers are directing their dollars to drive demand and build their brands. "We have been carefully preparing for this step and are fortunate to have a digital business that has the scale, profit, and opportunity to carry the brand powerfully into the future," he said. PaidContent.org, which covers digital media, said seven employees will be laid off as a result of the closure of the print edition of the magazine. The Ziff Davis Media statement made no mention of any job reductions. PC Magazine is the latest US publication to drop its print edition and move to a Web-only format. US News & World Report, long the number three newsmagazine in the United States behind Time and Newsweek, announced earlier this month that it was abandoning print for the Web and the 100-year-old newspaper the Christian Science Monitor announced plans recently to do the same. Copyright AFP 2008, AFP stories and photos shall not be published, broadcast, rewritten for broadcast or publication or redistributed directly or indirectly in any medium From rforno at infowarrior.org Thu Nov 20 19:10:43 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 20 Nov 2008 14:10:43 -0500 Subject: [Infowarrior] - Napolitano for DHS Secretary? Message-ID: Dems: Napolitano emerges for Homeland Security job By LIZ SIDOTI ? 1 hour ago http://www.google.com/hostednews/ap/article/ALeqM5h2qtj24vzZZS2Jid8I03W0bz7zXwD94IQHN00 WASHINGTON (AP) ? Barack Obama is likely to choose Arizona Gov. Janet Napolitano for the job of secretary of homeland security, top Obama advisers and several Democrats said Thursday as the shape of the president-elect's Cabinet begins to emerge. The Obama advisers cautioned that no final decision has been made on putting Napolitano in charge of the Homeland Security department, the massive agency created by Congress after the Sept. 11, 2001, terrorist attacks. But the advisers said she was by far the top contender. Thus far, Obama has informally selected Washington lawyer Eric Holder as attorney general and former Senate Majority Leader Tom Daschle as health and human services secretary. The plans could be sidetracked by unexpected glitches in the final vetting process, officials note. Sen. Hillary Rodham Clinton seems more likely than ever to be Obama's secretary of state. Clinton is deciding whether to take that post as America's top diplomat, her associates said. Among other Cabinet posts: senior Democrats say there is a strong possibility that Defense Secretary Robert Gates would stay temporarily and later give way to former Navy Secretary Richard Danzig. Even so, Republican Sen. Chuck Hagel of Nebraska and Democratic Sen. Jack Reed of Rhode Island also are said to be under consideration. Democrats also say that several people remain in the running for the Treasury Secretary position, including Timothy Geithner, president of Federal Reserve Bank of New York; Lawrence Summers, former treasury secretary and one-time Harvard University president; and former Federal Reserve Chairman Paul Volcker. Several news organizations reported Thursday that Chicago businesswoman Penny Pritzker, who was Obama's national campaign finance chairman, is his leading choice to become secretary of commerce. But the Obama advisers strongly disputed the reports, and officials say Laura D'Andrea Tyson, the former chair of White House Council of Economic Advisers under President Clinton, remained in the running. The Obama advisers and Democrats discussed the Cabinet positions only on grounds of anonymity because of the private nature of the screening process. Obama appears to be assembling a team that includes a mix of longtime aides, Washington insiders and a sprinkling of Democratic governors. Besides Napolitano, strong contenders for Cabinet posts include New Mexico Gov. Bill Richardson and Kansas Gov. Kathleen Sebelius. Sebelius and Napolitano, who once was Arizona's attorney general, were among the first governors to commit to Obama's candidacy. Richardson endorsed Obama after ending his own presidential bid, angering Clinton and her husband, former president Bill Clinton. As governor, Napolitano has fought to curb illegal immigration, but she has been skeptical that building a fence along the border will solve the problem. She once said, "You build a 50-foot wall, somebody will find a 51-foot ladder." Last year, her state passed a law that requires all Arizona businesses to use the federal online database, E-Verify, to confirm that new hires have valid Social Security numbers and are eligible for employment. This has been a cornerstone of the Bush administration's immigration policy. As governor she has overseen wildfires and severe flooding and worked with the Federal Emergency Management Agency, now part of the Homeland Security Department. Associated Press writers Eileen Sullivan, Jim Kuhnhenn and David Espo in Washington contributed to this story. From rforno at infowarrior.org Fri Nov 21 00:39:40 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 20 Nov 2008 19:39:40 -0500 Subject: [Infowarrior] - Pentagon Hit by Unprecedented Cyber Attack Message-ID: <16B0ACA0-BE50-43AC-96A2-BA69E74460BA@infowarrior.org> Pentagon Hit by Unprecedented Cyber Attack http://www.foxnews.com/politics/2008/11/20/pentagon-cyber-siege-unprecedented-attack/ As a result of the cyber attack, the Defense Department has banned the use of external hardware devices throughout a vast network of military computers. FOXNews.com Thursday, November 20, 2008 The Pentagon has suffered from a cyber attack so alarming that it has taken the unprecedented step of banning the use of external hardware devices, such as flash drives and DVD's, FOX News has learned. The attack came in the form of a global virus or worm that is spreading rapidly throughout a number of military networks. "We have detected a global virus for which there has been alerts, and we have seen some of this on our networks," a Pentagon official told FOX News. "We are now taking steps to mitigate the virus." The official could not reveal the source of the attack because that information remains classified. Military computers are often referred to as part of the Global Information Grid, or GIG, a system composed of 17 million computers, many of which house classified or sensitive information. FOX News obtained a copy of one memo sent out last week to an Army division within the Pentagon warning of the cyber attack. "Due to the presence of commercial malware, CDR USSTRATCOM has banned the use of removable media (thumb drives, CDRs/DVDRs, floppy disks) on all DoD networks and computers effective immediately." FOX News' Justin Fishel and Jennifer Griffin contributed to this report. From rforno at infowarrior.org Fri Nov 21 01:56:28 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 20 Nov 2008 20:56:28 -0500 Subject: [Infowarrior] - Apple iPhone SDK Agreement Message-ID: <7321E0B7-1F23-4069-B9B2-D7A4AAFABA17@infowarrior.org> Via Wikileaks, for the curious. http://www.wikileaks.org/wiki/Apple_iPhone_SDK_Agreement Description (as provided by the original submitter) 1. This file has never been released as that is not allowed by the agreement. 2. This file is important because Apple is being extremely secretive about the iPhone developer program. The agreement contains several controversial terms and claims that need to be discussed in an open forum. This is however explicitly forbidden by the agreement. 3. The audience is mainly software developers. 4. Apple Computer can be contacted for verification. They will likely not discuss this agreement though. Any registered iPhone developer can download the agreement. 5. This document was leaked because of the extreme secrecy surrounding the iPhone Developer Program. Releasing this document to the public will hopefully start a public debate about the terms and conditions in the document. From rforno at infowarrior.org Fri Nov 21 01:59:03 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 20 Nov 2008 20:59:03 -0500 Subject: [Infowarrior] - Final Report: Digital Youth Project Message-ID: <7F097C76-2674-400A-B806-A5F6C89B0997@infowarrior.org> http://digitalyouth.ischool.berkeley.edu/report Social network sites, online games, video-sharing sites, and gadgets such as iPods and mobile phones are now fixtures of youth culture. They have so permeated young lives that it is hard to believe that less than a decade ago these technologies barely existed. Today?s youth may be coming of age and struggling for autonomy and identity as did their predecessors, but they are doing so amid new worlds for communication, friendship, play, and self-expression. We include here the findings of three years of research on kids' informal learning with digital media. The two page summary incorporates a short, accessible version of our findings. The White Paper is a 30-page document prepared for the MacArthur Foundation?s Digital Media and Learning Series. The book is an online version of our forthcoming book with MIT Press and incorporates the insights from 800 youth and young adults and over 5000 hours of online observations. http://digitalyouth.ischool.berkeley.edu/report From rforno at infowarrior.org Fri Nov 21 02:28:36 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 20 Nov 2008 21:28:36 -0500 Subject: [Infowarrior] - iHype. Bleh. Message-ID: <194CC674-1499-4FEA-8934-8104E3DFF7F6@infowarrior.org> Pardon the interruption......but this is a nagging question that just deserves a mini-rant for a slow Friday: Is it just me or is Apple less of a "computer" company and more of a "gadget" company? It seems all we hear, read, or see from Cupertino these days is the iPhone, iPhone Apps, The App Store, and so forth. Visit most Mac websites and the discussion is nearly all about the iPhone and its latest SERVICE$/PRODUCT$/ACCESSORY$. I mean, it's getting hard to find the "Mac" stuff among all the "iPhone" stuff on the boards, blogs, and sites. And I bet the iPhone-to-Mac TV ads are running 3- to-1 in favor of the iPhone, too. Frankly, for all the i-hype, it's getting a bit stale.[1] One has to wonder if there's a serious if not undeclared shift in their corporate focus from computers and operating systems to consumer gadgets, content delivery[2], and the "halo" of the iPhone "experience." After all, they delayed the release of OSX 10.5 last year to focus on getting an overly-hyped and tightly-locked gadget known as the 'Jesus Phone' released early. To me, it just seems that Mac computing seems to get much less attention from Cupertino and the Mac community these days. Put another way, is anyone else here sick, tired, and/or disgusted with the Apple iPhone hype machine? Thus endeth the rant. Go surf in peace. -rick [1] For those wondering, given that a) the iPhone has no user- removable battery and b) is "p0wn3d" by Apple via remote, I have no desire to get one. Two major architectural and security-related errors in my view, which really makes me wonder why so many geeks and supposed security-minded folks want (or carry) them. [2] Don't get me started on the DisplayPort HDCP fiasco from this week, either. Despite a few years of good feelings and slick marketing, Apple finally pulled the curtain back a bit to show where its loyalties appear to lie in the "iTunes" content-delivery experience. And it ain't with the customer. :( From rforno at infowarrior.org Fri Nov 21 04:21:31 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 20 Nov 2008 23:21:31 -0500 Subject: [Infowarrior] - DOD Bans Disks, USB Drives Message-ID: Under Worm Assault, Military Bans Disks, USB Drives By Noah Shachtman EmailNovember 19, 2008 | 6:12:30 PM Categories: Info War http://blog.wired.com/defense/2008/11/army-bans-usb-d.html The Defense Department's geeks are spooked by a rapidly spreading worm crawling across their networks. So they've suspended the use of so- called thumb drives, CDs, flash media cards, and all other removable data storage devices from their nets, to try to keep the worm from multiplying any further. The ban comes from the commander of U.S. Strategic Command, according to an internal Army e-mail. It applies to both the secret SIPR and unclassified NIPR nets. The suspension, which includes everything from external hard drives to "floppy disks," is supposed to take effect "immediately." Similar notices went out to the other military services. In some organizations, the ban would be only a minor inconvenience. But the military relies heavily on such drives to store information. Bandwidth is often scarce out in the field. Networks are often considered unreliable. Takeaway storage is used constantly as a substitute. The problem, according to a second Army e-mail, was prompted by a "virus called Agent.btz." That's a variation of the "SillyFDC" worm, which spreads by copying itself to thumb drives and the like. When that drive or disk is plugged into a second computer, the worm replicates itself again ? this time on the PC. "From there, it automatically downloads code from another location. And that code could be pretty much anything," says Ryan Olson, director of rapid response for the iDefense computer security firm. SillyFDC has been around, in various forms, since July 2005. Worms that use a similar method of infection go back even further ? to the early '90s. "But at that time they relied on infecting floppy disks rather than USB drives," Olson adds. Servicemembers are supposed to "cease usage of all USB storage media until the USB devices are properly scanned and determined to be free of malware," one e-mail notes. Eventually, some government-approved drives will be allowed back under certain "mission-critical," but unclassified, circumstances. "Personally owned or non-authorized devices" are "prohibited" from here on out. To make sure troops and military civilians are observing the suspension, government security teams "will be conducting daily scans and running custom scripts on NIPRNET and SIPRNET to ensure the commercial malware has not been introduced," an e-mail says. "Any discovery of malware will result in the opening of a security incident report and will be referred to the appropriate security officer for action." "The USB ban should be effective in stopping the worm," Olson says. Asked if such a wide-spread measure was a bit of over-kill, Olson responded, "I don't know." "I know this [is an] inconvenience," e-mails one Michigan Army National Guardsman. "This has been briefed to the CoS [Chief of Staff] of the ARMY. This is not just a problem for Michigan, and is effecting operations around the world. This is a very serious threat and should be treated as such. Please understand that this is a form of attack, and we need to have patience in dealing with this issue." From rforno at infowarrior.org Fri Nov 21 14:51:36 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 21 Nov 2008 09:51:36 -0500 Subject: [Infowarrior] - Crimes by air marshals raise questions about hiring Message-ID: <2AC7DD8A-5F2F-4CCA-BA1C-224CE1446A19@infowarrior.org> Crimes by air marshals raise questions about hiring By Michael Grabell, ProPublica http://www.usatoday.com/news/washington/2008-11-12-air-marshals_N.htm Shawn Nguyen bragged that he could sneak anything past airport security using his top-secret clearance as a federal air marshal. And for months, he smuggled cocaine and drug money onto flights across the country, boasting to an FBI informant that he was "the man with the golden badge." Michael McGowan used his position as an air marshal to lure a young boy to his hotel room, where he showed him child porn, took pictures of him naked and sexually abused him. AIR MARSHAL SURVEY: Download the complete results (PDF) And when Brian "Cooter" Phelps wanted his ex-wife to disappear, he called a fellow air marshal and tried to hire a hit man nicknamed "the Crucifixer." Since 9/11, more than three dozen federal air marshals have been charged with crimes, and hundreds more have been accused of misconduct, an investigation by ProPublica, a non-profit journalism organization, has found. Cases range from drunken driving and domestic violence to aiding a human-trafficking ring and trying to smuggle explosives from Afghanistan. The Federal Air Marshal Service presents the image of an elite undercover force charged with making split-second decisions that could mean the difference between stopping a terrorist and shooting an innocent passenger. But an examination of police reports, court records, government reports, memos and e-mails shows that 18 air marshals have been charged with felonies, including at least three who were hired despite prior criminal records or being fired from law enforcement jobs. A fourth air marshal was hired while under FBI investigation. Another stayed on the job despite alarming a flight attendant with his behavior. This spring, after U.S. embassies, airlines and foreign police agencies complained about air marshal misconduct overseas, the agency director dispatched supervisors on international missions. From 33 to 3,000 Before 9/11, the Air Marshal Service was a nearly forgotten force of 33 agents with a $4.4 million annual budget. Now housed in the Transportation Security Administration, the agency has a $786 million budget and an estimated 3,000 to 4,000 air marshals, although the official number is classified. Only a fraction of them have been charged with crimes, and some degree of misconduct occurs at all law enforcement agencies. But for air marshals, the stakes are uniquely high. Their beat is a confined cabin with hundreds of passengers in firing range. There are no calls for backup at 30,000 feet, putting a premium on sound judgment and swift action. Since 9/11, air marshals have taken bribes, committed bank fraud, hired an escort while on layover and doctored hotel receipts to pad expenses, records show. They've been found sleeping on planes and lost the travel documents of U.S. diplomats while on a whiskey-tasting trip in Scotland. The Air Marshal Service says it has the highest firearms qualification standard among federal law enforcement agencies. Yet police and court records show some marshals have used their weapons imprudently: In 2003, a New York air marshal pulled his gun in a dispute over a parking space. Another failed to turn over his ammunition on an international trip, as required by diplomatic agreements, and was detained by Israeli airport security in 2004. That same year, a Las Vegas air marshal "discharged" his gun in a hotel room, penetrating a wall and shattering a mirror. In April, a Phoenix air marshal fired his during a fight outside a bar. Still another left his handgun in the plane's lavatory in 2001, according to court papers. He realized it was missing only after a teenager found it. Robert Bray, director of the Air Marshal Service, says the misconduct cases don't represent the exemplary work done by the vast majority of air marshals. "We can reassure the public that these dedicated professionals go out there every day and put their lives on the line to make sure that everyone is safe," Bray says. "I don't want them to be tarred by ? a few allegations from a few years ago." Bray and other officials declined to discuss specific cases, citing privacy laws. Under government policies, air marshals found guilty of felonies were fired or forced to resign. But 10 air marshals convicted of misdemeanors, mostly drunken driving, were allowed to keep their jobs. And even after notice that background checks were poor, the agency failed to root out air marshals with troubled pasts before they committed felonies. Current and former air marshals say the misconduct cases show that the agency continues to struggle with policing its own ranks, a problem that surfaced in its post-9/11 buildup. Since then, the service has had three leaders, been moved four times to different parent agencies and been blasted by Congress for, among other things, failing to cover enough flights and enforcing a dress code that many air marshals felt blew their cover. Don Strange, the former special agent in charge of the Atlanta office and a finalist to lead the agency in 2006, says turmoil and low morale have led good air marshals to quit and made it harder for managers to maintain the highest standards. "It starts with the urgency (to hire and train recruits) in a ridiculous amount of time," he says. "Things start to spin out of control." Recruiting rush Under heavy congressional pressure, the government rushed to hire thousands of air marshals after 9/11. Partly motivated by enduring images of planes hitting the World Trade Center, the Pentagon aflame and a charred Pennsylvania field, 200,000 applied. With limited spots, the Air Marshal Service had an acceptance rate of about one in 40 ? four times as tough as Harvard's. "We're getting the cream of the crop," then-TSA spokesman David Steigman told reporters. "The people who are going into the air marshal program are the best of the best." But that wasn't necessarily the case. Shortly after joining the agency, three air marshals were indicted in corruption investigations at their former police departments. One, Louis Pirani, had been hired in early 2002, despite being under FBI investigation for months on suspicion of skimming profits from drug couriers as a sheriff's deputy in Arkansas. He eventually was convicted and went to prison for lying to investigators. Just two weeks after joining the air marshals in April 2002, Shawn Nguyen filed for bankruptcy, claiming $200,000 in debts. Three years later, the former narcotics officer began carrying cash and cocaine past airport security for a man he knew as a drug trafficker, but who'd already turned to the FBI. "I don't care what's in the [expletive] package, you know what I mean? Just tell me how much it is and what I'm getting in money," Nguyen told the informant in a recorded conversation recounted in court records. "I'm the man with the golden badge." Nguyen was sentenced to seven years in prison. Before becoming an air marshal, Brian Phelps had worked at five small police departments in Alabama, but none for more than a year. He was fired from the job he held longest for losing his temper and acting "irrationally" before thinking things through, prosecutors said. He quit another job in lieu of being fired for misconduct while on duty, says Mayor Paula Phillips of Douglas, Ala. In 2005, Phelps, known as "Cooter" among fellow air marshals, told a colleague that he wanted to see his wife's picture on a milk carton, court transcripts say. He asked the air marshal, who'd worked in Chicago's housing projects, whether he knew of anyone who could help. The colleague said he did: The Crucifixer. The colleague told the Air Marshal Service, and after numerous contacts with FBI agents posing as hit men, Phelps was arrested and sentenced to 25 years in prison. Another air marshal, David Kellerman, was arrested on felony charges for dealing in stolen property in 1983 and for carrying a concealed weapon in 1990. Although judgment was withheld in both cases, Kellerman was sentenced each time to probation, according to Florida Department of Law Enforcement records. In September, Kellerman ? a Green Beret and Purple Heart recipient ? was sentenced to 27 months in prison after being caught hiding a cache of weapons that included AK-47s and a grenade launcher stolen while he was on leave for a military tour in Afghanistan. Kellerman told investigators he was bringing back training aids for his job as an air marshal firearms instructor. Background checks Because air marshals receive top-secret security clearances, background checks are supposed to include criminal history searches going back 10 years, credit reports and interviews with relatives, neighbors and employers. Checks are conducted by the federal Office of Personnel Management, a separate agency, which forwards results to the Air Marshal Service. Kellerman's charges predated the 10-year check period. But in Phelps' case, three officials ? Justice Ashley, former assistant police chief in Guntersville, Ala.; Chad Long, the current Douglas police chief, and Phillips ? say they couldn't recall the air marshals contacting anyone to make a background check. It's unclear whether Pirani's FBI scrutiny and Nguyen's bankruptcy were missed or disregarded. A 2004 report by the Department of Homeland Security's inspector general also flagged gaps in the background checks. The report cited 504 applicants who were recommended for hire and awaiting offers, noting that nearly a third had potentially disqualifying problems, including past arrests, bankruptcies or disciplinary problems. "Many (air marshals) were granted access to classified information after displaying questionable judgment, irresponsibility and emotionally unstable behavior," the report said. This summer, after a Houston TV station reported that three air marshals had been charged with drunken driving, including one with a prior DWI conviction, Rep. Ted Poe, R-Texas, grilled TSA Administrator Kip Hawley at a congressional hearing. In a subsequent letter to Poe, Hawley said that 28 air marshals had been hired with misdemeanors on their records, and nine more kept their jobs after a drunken-driving conviction. TSA policies state that employees who drive drunk "demonstrate a disregard for TSA's mission" and raise questions about their ability to deal with security threats. Yet the policy allows drunken driving to be punished with a letter of reprimand, one of the lowest penalties. By comparison, the FBI mandates at least a 30-day suspension without pay for drunken driving. Although other federal police agencies generally allow for flexibility in discipline, many big-city departments, such as New York, Los Angeles and Chicago, mandate a suspension or loss of pay for a first offense. "It's more serious than a letter saying, 'Don't do it again, try to do better,' " Poe said in an interview. "I don't think a person should have a criminal record and keep their job with the Air Marshal Service ? including a DWI." The flying public agrees. In a national survey for ProPublica conducted by Harris Interactive, 86% of those who'd taken a commercial flight in the past year said it was unacceptable for someone convicted of driving under the influence to become an air marshal. No office compiles uniform statistics on arrests of federal law officers, making it difficult to compare agencies. The 2004 inspector general's report found 753 documented cases of misconduct by air marshals over 20 months, with offenses from sleeping on duty to flunking drug tests. After the report, the agency said it tightened its background procedures. When misconduct occurred, the agency said, it had acted "swiftly and decisively," terminating 101 air marshals over two years and taking resignations from 32 others. But problems continued ? Kellerman, Phelps and Nguyen all committed their crimes after the 2004 report. The service declined to say what's been done since to check for cases that fell through the cracks. Hiring standards erode Over the years, the service has loosened some hiring practices: ? In 2002, the agency decided that recruits no longer had to pass a rigorous firearms test requiring them to prove speed and accuracy in close quarters similar to an airplane. The test is still used in training but is no longer a hiring qualification. ? In late 2005, the agency began hiring TSA screeners, new college grads and others with no law enforcement experience. The change departed from practice during the 9/11 ramp-up, when air marshals almost uniformly were chosen from law enforcement, such as the Border Patrol, federal Bureau of Prisons and police and sheriff's departments. ? Two years ago, officials suspended a requirement that air marshals pass a written psychological test and an interview with a psychologist or psychiatrist. Bray, the director, says the changes did not lower hiring standards and that it's unfair to suggest a TSA screener or a recent college grad could not be up to par after training. The Air Marshal Service still has the highest standard for shooting accuracy among federal police agencies, he says. In the ProPublica survey, 87% said air marshals should be required to pass a psychological stress test, and 77% said they should have prior experience in law enforcement. Two cases show why psychological testing might be valuable. Orlando air marshal Marcus Rogozinski was on a mission from New York to Dallas in 2006 when he walked to the galley and showed a flight attendant a book with some pictures of blue crystals, his supervisor, Richard Lozada, wrote in an e-mail introduced at a competency hearing If she had good thoughts, Rogozinski told her, the water could be turned clear, Lozada recounted. But if she had bad thoughts, it would turn murky. When Rogozinski went to the lavatory, the alarmed flight attendant walked back to his partner, Paul Steward. "I can't believe he is able to carry a gun!" she said, according to an account written by Steward. In 2007, another flight attendant complained that Rogozinski "was talking about all kinds of crazy stuff like outer space," according to a memo from air marshal David Cameron. "No (air marshal) should have to pay more attention to their partner than to the passengers," Cameron wrote. Afterward, Rogozinski failed a psych exam and was put on leave. In June, Rogozinski was convicted of bank fraud for trying to cash a $10.9 million check from a woman he said he believed was Cambodian royalty. The money, he told prosecutors, was partial settlement for a "personal lawsuit" after he was scratched by the woman's cat. Then there's the case of Michael McGowan, who joined the air marshals after 9/11. Before he was sentenced to a sex-offenders unit in 2006, his lawyer pleaded with a judge for help for his client. "He is taking the position 'I have a serious problem, I'm sick,' " said attorney Joel Weiss, according to a court transcript. McGowan had been caught two years earlier trying to buy pornography of children as young as 7 over the Internet. Investigators discovered he'd been molesting a Texas boy since 2002 and had enticed the boy by saying he was staying at a nearby hotel on air marshal business. Even after his conviction, court records show, McGowan called the boy from prison and engaged him in sexual conversations. 'Impact on our reputation' Earlier this year, a rash of complaints about air marshal misconduct on overseas missions set off new alarms. The agency would not provide details of the incidents. But ProPublica obtained an April 15 internal memo from Dana Brown, then director of the Air Marshal Service, warning the rank and file that the behavior threatened to create diplomatic problems for the agency on international routes, "some of the most important we fly." "In foreign countries, some have behaved in a manner that may jeopardize our ability to continue to operate effectively," Brown wrote. "The negative impact on our reputation and that of the American government has the potential to cause significant harm." To put a stop to it, Brown ordered "Quality Assurance Teams" of supervisors to monitor air marshals on international missions and act as liaisons with host countries. "These are highly trained federal air marshals with guns on planes. If they need chaperones, then we're all in serious trouble," says P. Jeffrey Black, a Las Vegas air marshal who in the past has testified before Congress about agency policies. Bray says the agency was not able to substantiate the allegations of overseas misconduct and that Brown was simply being proactive. Black says the job shouldn't be entry-level. New hires need the experience and judgment learned from making decisions on the street, he says. Poe, a former judge and prosecutor who sits on the House aviation subcommittee, says the unique nature of the job demands the highest recruiting standards. He says he wants to address the issue of air marshal misconduct further when the new Congress is seated next year. Air marshals "all have to be of high quality, not most of them," Poe says. "We can't take a chance that they will make a mistake." Six of Cincinnati air marshal David Slaughter's colleagues wrote character references for him after his arrest in 2006, according to court records. "A man of impeccable character," wrote one. "An outstanding employee." "Polite," wrote another. "His character around the office is one of example." "Dave's demeanor and professionalism reflect favorably on the field office as well as the agency as a whole." Slaughter was convicted of abducting a female escort during a July 2006 layover in the Washington, D.C., area. In an interview, he said he hired the escort because he was having marital problems and wanted a woman's perspective. As they talked about how to spend their time, he went into the bedroom of his hotel suite and returned with his gun and handcuffs. The woman tried to flee, but he prevented her from leaving and unplugged the phone, prosecutors said. The two struggled, and when the woman got the door open, Slaughter pinned her to the ground, held her in a chokehold and handcuffed her, according to prosecutors and the woman, Cherith Zorbas. Despite his colleagues' support, Slaughter lost his job and got 15 days in jail. Zorbas called the outcome "horrific" and said the public should be scared. "He's the only one on an airplane with a freakin' weapon," she said, "and he's supposed to have it to be protecting us." Contributing: Jamie Wilson of ProPublica From rforno at infowarrior.org Sun Nov 23 06:25:47 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 23 Nov 2008 01:25:47 -0500 Subject: [Infowarrior] - NYT Warns of Gift Card "survival" Message-ID: FYI as we enter the holiday season....beware of whom you buy gift cards from! --rf November 22, 2008 The Gift Card Comes Wrapped in Growing Risk By ALINA TUGEND http://www.nytimes.com/2008/11/22/business/22shortcuts.html?pagewanted=print From rforno at infowarrior.org Sun Nov 23 16:13:09 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 23 Nov 2008 11:13:09 -0500 Subject: [Infowarrior] - OpEd: The White House: An Operating Manual Message-ID: <83E7B25C-4F1C-4C5A-BD84-88FA6BAE39EA@infowarrior.org> The White House: An Operating Manual By Tom C. Korologos Sunday, November 23, 2008; B07 The writer is a former U.S. ambassador to Belgium and now a strategic adviser at DLAPiper. He spent five years in the White House under Presidents Richard M. Nixon and Gerald R. Ford. http://www.washingtonpost.com/wp-dyn/content/article/2008/11/21/AR2008112102687_pf.html ++++++ Memo to the White House staff: Congratulations on your appointment. Here follows a handy list as you begin your duties in the White House. Pinch yourself every day and repeat, "This is not a dream." You don't have to work at the White House. You get to work at the White House. It's a real treat to work there. You are a caretaker, so take good care of it. The hours are long and demanding, but take advantage of the opportunities offered. Bring your kids in to have lunch in the White House mess on Saturdays. Bring friends and relatives to arrival ceremonies, to the Christmas parties and the Easter egg hunts, because it will all soon be over. Once you're inside, you need to figure out a way to get out. There is never a good time to move on to another job. So start thinking about an exit plan on the first day. You have no personal views when it comes to discussing the president's policies. You represent him 24-7 and in every detail. One of your most important assignments is to keep the trash of government from the president. Keep the president away from intramural government debates. The Cabinet should exhaust all the options and disputes before they rise to the president. In congressional affairs, half your time will be spent explaining the White House to Congress and the other half explaining Congress to the White House. Leave the media and public relations to the media and public relations shop. You are likely to undercut a policy or create problems. You are never permitted to utter the words "It will be vetoed." Only the president can say that. The closest you can come is: "The staff will recommend a veto." The White House is a building. Buildings do not speak. Remember that everybody will take your call when you are calling from the White House. Take note of those who will accept your call after you've gone. Dial your own calls; your assistant will screen the incoming. Return calls in the following order: The president. The vice president. Your wife. Your kids. Congressional leadership. Others as time permits -- also see next item. If you feel you won't have time to talk when you return a call, place the call before 9 a.m., or during the lunch period or after 6 p.m. Chances are good the caller will be out, but you will get credit for returning the call. Old friends are very sensitive to having their calls ignored; get 4-by-5 cards and dash off handwritten notes. Read as many papers as you can before 8 a.m. As President Gerald R. Ford once said, "Start with the sports pages. Chances are 50-50 the news will be good." Be careful of your personal appearance: your wardrobe, the ego wall with photos, your language, your personal demeanor. You are now in the White House, not on the Hill or in your den. Outside the White House gates, watch your conversations at lunch and don't display your White House pass. All those tourists who come and go and swarm the White House are paying your salary. Treat them accordingly. Cabinet officers outrank you. Treat them with the respect they deserve. Be accountable for every activity you undertake. An errant e-mail will find its way into millions of homes and blogs and the gossip columns. Follow the rules of the excellent little e-mail guide, "think before sending." The most secure way to communicate is with pen and paper -- and sometimes that doesn't work, either. Don't ever put anything down on paper that you don't want to see on the front page of The Washington Post. Go home. At 7, 8 or 9 p.m. Forget it. The work will be there in the morning. For your grandchildren, type up (not on the computer; it's subject to a subpoena and to mass distribution) a page of your activities for the day. Use an old-fashioned typewriter, if you can find one. There are two things to remember on the ethics side. First, codes of ethics bind the ethical. Second, if it feels good, it is probably wrong. From rforno at infowarrior.org Mon Nov 24 04:30:44 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 23 Nov 2008 23:30:44 -0500 Subject: [Infowarrior] - Obama wants you (to spill your secrets) Message-ID: <1DF1887D-9FF0-496D-AE1B-0B99CCF07E05@infowarrior.org> http://www.salon.com/mwt/feature/2008/11/24/online_privacy/print.html Barack Obama wants you (to spill your secrets) Prospective White House employees must cough up an unprecedented amount of detail about their online activity. Is the new administration being smart -- or scary? By Michael Martin Nov. 24, 2008 | In his first press conference after the election, Barack Obama cracked a joke about Nancy Reagan holding s?ances in the White House. (It was factually inaccurate; the former first lady was into horoscopes, not "Hellraiser.") This provoked the administration?s first apology, but not the first bipartisan critique. That came a week later, with the release of the administration?s job application. In 63 questions over seven pages, prospective White House employees are being asked ? in addition to questions about finances, gun ownership and, possibly, flossing habits ? to list ?all aliases or ?handles? you have used to communicate on the Internet,? everything they?ve written, ?including, but not limited to, any posts or comments on blogs or other websites,? links to their Facebook or MySpace pages and any potentially embarrassing ?electronic communication, including but not limited to an email, text message or instant message.? Three, two, one, controversy! ?Mr. Obama has elevated the vetting even beyond what might have been expected,? declared the New York Times on Nov. 13. TV commentators, giddy with White House puppy speculation only hours earlier, expressed concern. The words ?intrusive? and ?most extensive? were frequently used. Rachel Maddow raised her first eyebrow at the new administration. In a commentary on ABCNews.com, Sam Donaldson wondered if Obama would pass his own vetting (citing question 20, about association with controversial characters). By now, it?s conventional wisdom that Obama?s transition team intends to ?avoid the mistakes? of the Clinton administration, whose early Cabinet appointments were under-researched and ultimately sunk by scandals involving untaxed nannies and undocumented housekeepers. In that view, the prospect of a little rigor seems reassuring. The wounded right is almost certainly coiled to pounce on the first sign of indiscretion. And Sarah Palin ? that improper gift that kept on giving ? was propelled onto the national stage largely by lazy vetting. But something about those Internet-usage questions caused a lingering shock. The idea of listing every blog comment you?ve ever made? Laughable. But the imperative to disclose every Internet alias you?ve ever used? Uncomfortable. Unexpected. And more than a little ironic. The grassroots campaign that was incubated ? and largely won ? on the Internet has now assumed the role of moral groundskeeper, parsing and judging the online behavior of the generation that launched it. ?It reflects, in a strange way, the relatively clean record the president-elect has,? says Paul Ohm, an associate professor of law at the University of Colorado. No one was really able to dig up dirt on Obama. Starting at the very top, you have someone who has laid it all bare and lived to see the next day. So maybe it doesn?t seem exceptional to ask those who want to work for him to do the same thing.? Obama did, after all, confess to drinking, doing drugs and engaging in other youthful indiscretions in his 1995 memoir, "Dreams From My Father." But how clean will Obama?s staffers have to be? Today, everyone has an extensive Web trail, and young and old alike have embarrassed themselves online, either by accident or an ignorance of potential repercussions. How many members of Generation O, newly roused to the idea of government participation, will be judged unfit because they were playing against rules they didn?t foresee? Will the application have a chilling effect, discouraging potentially qualified candidates? Will the administration be staffed with an army of flavorless Tracy Flicks, resulting in a more conservative White House than we bargained for, at least from a human-resources standpoint? We don?t know. Clues will become evident only down the road ? if and when thwarted applicants choose to blog about it. But, for now, privacy experts don?t agree that the application is all that intrusive. ?It may not be a good thing or a comfortable thing, but I think it was to be expected in today?s information age,? says Anita L. Allen, a professor of law and philosophy at the University of Pennsylvania. ?If it?s a little bit awkward, it?s because we?ve never had to do this before. In history, there?s never been so many different ways in which embarrassing, salacious or inappropriate conduct can go viral. It shouldn?t be surprising that an administration that?s raised so much money by using the Internet also understands, better than most, the dangers the Internet poses for revealing embarrassing facts about people?s lives. ? In the application, the words ?controversial? and ?embarrassing? appear several times. But how do you define either, and what is a disqualifier? An impulsive rant in a comments section? An ill-advised foray into Second Life? Holding a beer in a Facebook photo? Who among us has not sent a text message ? or a hundred ? that might not embarrass us in retrospect, much less an entire presidential administration? In this sexy, Web-savvy new political era, must individuals with even a cursory interest in future government service comport themselves online like traditional politicians? ?One concern is: Is requesting this information a substitute for a moral vetting?? says Allen. ?There are issues to be discussed there, and it might be very troubling, especially to liberals, to think that someone has to have led a conventionally squeaky-clean, perfect life in order to be qualified to work for a new administration. My guess is that this isn?t about morality. It?s about appearances. The Obama administration does not want to appear to be full of people with salacious backgrounds, nor does it want to have to waste time dealing with media publicity around an embarrassing past. There are way more important things to worry about right now.? Marc Rotenberg, the executive director of the Electronic Privacy Information Center in Washington, says the questionnaire?s level of vetting is appropriate. ?I?m not necessarily against intrusive questions,? he says. ?What I?m concerned about is the absence of any notable privacy protection that would prevent the subsequent use of the information. It illustrates a larger problem that the United States has: We don?t have good privacy safeguards for the collection of personal data in the private sector. The Obama administration should be credited for the good job they?ve done so far in setting a high bar for ethics in government. But the transition team has dropped the ball in not establishing similar high standards for the privacy of the very detailed information they?re gathering from this questionnaire.? In some ways, the application is merely an extension of corporate background checks that have been going on for years. ?What?s being asked is not qualitatively different from the kind of highly personal information that?s been asked in the past: medical exams, drug and alcohol tests,? says Allen, who is accustomed to being interviewed by the FBI about the suitability of former students for government posts. ?Background checks are nothing new. It feels new because the questions are different, but my guess is we?re going to get used to asking these kind of questions.? In fact, the questionnaire may be ultimately more old school than it seems: Because any disclosures about online behavior are voluntary, they promise to be as effective as other voluntary disclosures usually are. If given a questionnaire about inappropriate online behavior, Mark Foley probably wouldn?t have owned up to his definitely embarrassing chat sessions with teenage boys. ?I think asking the questions is more about setting the tone and justifying the later punishment,? says Ohm. ?The administration would be fooling themselves if they think they?re immunizing themselves from scandal. Almost every applicant is going to withhold the truly, truly, devastatingly embarrassing thing that?s out there.? The question about online handles disturbs Ohm a little more. ?There, they?re starting to tread on personal, private anonymity in a way that is kind of without precedent,? he says. ?I can?t think of another situation where someone had been compelled to give up all of their handles. There are very good reasons you might have an email address squirreled away that no one knows about, and it doesn?t seem fair to have to reveal that to get a job like this.? Back to Nancy Reagan for a second. In the 2002 story collection "Things You Should Know," A.M. Homes published a short story that envisioned the former first lady leading an elaborate secret life on the Internet, logging on to the Psychic Friends Network as "Starpower," flirting with a middle-aged biker under the name "Lady Hawke" and joining an Alzheimer's support group as "Edith Iowa." Like the fictional first lady, most of us have found community and enlightenment in anonymity. (Well, in concept.) In recent years, legal scholarship has held that one of the benefits of privacy is one?s ability to try on different masks, to be different people at different times. ?There are quite a few very smart people who think this is very essential in self-development as a human being,? says Ohm. ?This application is asking you to list all of those different masks next to one another, and link them all to one another: The person who did X is also the person who did Y and also sent e-mail V. That?s a real powerful unmasking. Now the administration has that document, and that may get into the public someday. In some ways, it is forcing us to violate some trust we had ? it was the one thing we didn?t think we?d ever be asked, and to get this job we desperately want, this is what we have to do.? But not all of us, not yet. ?This is a fairly rarefied category of people. We have, regrettably, watched celebrities lose a fair amount of privacy over the years. This is the same sort of thing,? says Ohm. ?On the other hand, if Obama starts asking this question of the fourth- tier appointees or, God forbid, career appointees, then nothing I?ve said would be true, and I?d be much more alarmed.? What is clear: The release of the Obama application is the latest, and loudest, in a series of wakeup calls about the conflict between online socializing and professional opportunity, and even those who've never aimed a tourist's camera toward the White House -- much less a lifetime of ambition -- could be forgiven for taking a personal inventory. None of us truly knows which parts of our online selves we'll be asked, or expected, to proffer in the future -- or that no opportunity is worth that revelation. This marks a turning point in what online privacy is, or what we can expect it to be, and our ongoing negotiations between online self-expression and self-care. ?This is the new reality,? says Allen. ?On one hand, we?ve moved forward in terms of technology. But we?ve not moved forward in terms of our expectations of demeanor, professionalism and judgment. We?re kind of living in the 1950s and the 21st century at the same time.? -- By Michael Martin From rforno at infowarrior.org Mon Nov 24 14:19:06 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 24 Nov 2008 09:19:06 -0500 Subject: [Infowarrior] - Saudi Girl Group Dares to Rock Message-ID: As Taboos Ease, Saudi Girl Group Dares to Rock By ROBERT F. WORTH Published: November 23, 2008 JIDDA, Saudi Arabia ? They cannot perform in public. They cannot pose for album cover photographs. Even their jam sessions are secret, for fear of offending the religious authorities in this ultraconservative kingdom. But the members of Saudi Arabia?s first all-girl rock band, the Accolade, are clearly not afraid of taboos. The band?s first single, ?Pinocchio,? has become an underground hit here, with hundreds of young Saudis downloading the song from the group?s Web site. Now, the pioneering foursome, all of them college students, want to start playing regular gigs ? inside private compounds, of course ? and recording an album. < - > http://www.nytimes.com/2008/11/24/world/middleeast/24saudi.html?hp From rforno at infowarrior.org Mon Nov 24 14:33:43 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 24 Nov 2008 09:33:43 -0500 Subject: [Infowarrior] - Fed Pledges Top $7.4 Trillion to Ease Frozen Credit Message-ID: Fed Pledges Top $7.4 Trillion to Ease Frozen Credit (Update1) By Mark Pittman and Bob Ivry Nov. 24 (Bloomberg) -- The U.S. government is prepared to lend more than $7.4 trillion on behalf of American taxpayers, or half the value of everything produced in the nation last year, to rescue the financial system since the credit markets seized up 15 months ago. The unprecedented pledge of funds includes $2.8 trillion already tapped by financial institutions in the biggest response to an economic emergency since the New Deal of the 1930s, according to data compiled by Bloomberg. The commitment dwarfs the only plan approved by lawmakers, the Treasury Department?s $700 billion Troubled Asset Relief Program. Federal Reserve lending last week was 1,900 times the weekly average for the three years before the crisis. < - > http://bloomberg.com/apps/news?pid=20601109&sid=arEE1iClqDrk&refer=home From rforno at infowarrior.org Mon Nov 24 14:55:24 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 24 Nov 2008 09:55:24 -0500 Subject: [Infowarrior] - Preserving Network Neutrality without Regulation Message-ID: November 12, 2008 Policy Analysis no. 626 http://www.cato.org/pub_display.php?pub_id=9775 The Durable Internet: Preserving Network Neutrality without Regulation by Timothy B. Lee Timothy B. Lee, an adjunct scholar at the Cato Institute, is pursuing a Ph.D. in computer science at Princeton University Published on November 12, 2008 An important reason for the Internet's remarkable growth over the last quarter century is the "end-to-end" principle that networks should confine themselves to transmitting generic packets without worrying about their contents. Not only has this made deployment of internet infrastructure cheap and efficient, but it has created fertile ground for entrepreneurship. On a network that respects the end-to-end principle, prior approval from network owners is not needed to launch new applications, services, or content. In recent years, self-styled "network neutrality" activists have pushed for legislation to prevent network owners from undermining the end-to end principle. Although the concern is understandable, such legislation would be premature. Physical ownership of internet infrastructure does not translate into a practical ability to control its use. Regulations are unnecessary because even in the absence of robust broadband competition, network owners are likely to find deviations from the end-to-end principle unprofitable. New regulations inevitably come with unintended consequences. Indeed, today's network neutrality debate is strikingly similar to the debate that produced the first modern regulatory agency, the Interstate Commerce Commission. Unfortunately, rather than protecting consumers from the railroads, the ICC protected the railroads from competition by erecting new barriers to entry in the surface transportation marketplace. Other 20th-century regulatory agencies also limited competition in the industries they regulated. Like these older regulatory regimes, network neutrality regulations are likely not to achieve their intended aims. Given the need for more competition in the broadband marketplace, policymakers should be especially wary of enacting regulations that could become a barrier to entry for new broadband firms. < - > http://www.cato.org/pub_display.php?pub_id=9775 From rforno at infowarrior.org Mon Nov 24 20:16:32 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 24 Nov 2008 15:16:32 -0500 Subject: [Infowarrior] - Details emerge about President's Cyber Plan Message-ID: <54F92A55-2738-424F-954C-5AE6ECEDE424@infowarrior.org> Details emerge about President's Cyber Plan 11/21/08 By Wyatt Kash http://www.gcn.com/online/vol1_no1/47639-1.html?topic=Communications_Networking&CMP=OTC-RSS A new layer of details surrounding President Bush's Comprehensive National Cyber Security Initiative emerged from a speech delivered by a senior federal official in Washington yesterday. Steven Chabinksy, deputy director for the Joint Interagency Cyber Task Force, Office of the Director of National Intelligence, shed new light on 12 core initiatives that are part of the president's cyber security plan. Much of the security plan, introduced last January under National Security Presidential Directive 54/Homeland Security Presidential Directive 23, has remained classified. And only limited amounts of information about the initiative have been made public. Reciting concerns that new vulnerabilities, strong adversaries, and weak situational awareness were resulting in "untrusted systems," Chabinsky outlined the objectives and rationale behind 12 "discreet initiatives" in the CNCI plan: 1. Move towards managing a single federal enterprise network. The cornerstone to this effort is the Trusted Internet Connections program, initiated by the Office of Management and Budget in November 2007 that aims to reduce the number of connections from federal agencies to external computer networks to 100 or fewer, from more than 4,300 connections identified in January of this year. But it would also rely heavily on Federal Desktop Core Configuration standards, initiated by OMB, which prescribe specific requirements to access and use federal networks. 2. Deploy intrinsic detection systems. These systems would build on current software tools?notably a program called Einstein, and an enhanced version called Einstein 2, developed by the Department of Homeland Security. These tools monitor and identify information streams at network access points, but currently lack the ability to do more than report potential problems. 3. Develop and deploy intrusion prevention tools. DHS teams are now working on the development of Einstein 3, which would be designed to block and mitigate malicious patterns in the code surrounding information in transit, before they can do harm on federal networks. 4. Review and potentially redirect research and funding. Efforts are underway to take stock of cyber research and related programs and to look for overlaps and gaps, in order to channel resources more effectively. 5. Connect current government cyber operation centers. In particular, increase the effectiveness these centers by standardizing operating procedures and improving shared awareness of threats. 6. Develop a government-wide cyber intelligence plan. Because several civilian, intelligence and defense agencies have varying responsibilities to address cyber threats, the government has had a difficult time crafting a single, coherent approach. 7. Increase the security of classified networks. The escalating volume of attacks, and the increasing penetration into supposedly secure networks makes it imperative that work be done to further security classified networks and the information on them. 8. Expand cyber education. There is a significant need for creating a career pipeline to train cyber security experts?with offensive as well as defensive skills--and to institutionalize the knowledge surrounding security threats. Cyber education needs to include developing a broader base of candidates with scientific knowledge and a cyber-savvy workforce, as well as network specialists who can work in law enforcement, military, homeland security, health and other specialty areas. 9. Define enduring leap-ahead technologies. The government needs to provide direction for "game-changing" technologies that would provide a more stable environment and supplant some of the fundamental design of existing technologies--and the current patchwork approach to fixing them. 10. Define enduring deterrent technologies and programs. The government has an opportunity to tap broader groups of scientists, strategists and policy makers ? similar to the way it did a half-century ago in crafting a nuclear weapons deterrent strategy?to develop new and lasting approaches to address cyber threats in this century. 11. Develop multi-pronged approaches to supply chain risk management. The reality of global supply chains presents significant challenges in thwarting counterfeit--or maliciously designed?hardware and software products which must be addressed. 12. Define the role of cyber security in private sector domains. Experts agree, the government must do more to get its cyber security house in order. But with so much of the nation's infrastructure in the hands of the private sector, more must be done to quantify the financial and economic risks associated with cyber security threats in order to provide better investment direction. Chabinsky said these initiatives represented an integrated portfolio that was unique?"it's the first attempt to implement a totality approach" to improve the nation's cyber security posture, he said. He noted that these initiatives were intended to support four broad goals: Establish the front lines of defense capabilities to manage a single federal enterprise network; Defend against a full spectrum of threats. Shape the future environment, through research and education, to define new technologies and deterrent strategies to protect the nation's infrastructure. Develop tools to enable key departments and agencies neutralize, mitigate, and disrupt domestic illegal computer activity; increase information assurance; increase strategic analysis of intrusion activities and threats; and monitor and coordinate the implementation of the CNCI. Chabinsky spoke at a information technology security conference produced by 1105 Government Information Group. From rforno at infowarrior.org Tue Nov 25 12:39:07 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 25 Nov 2008 07:39:07 -0500 Subject: [Infowarrior] - AT&T Front Group Claims Internet End Is Nigh Message-ID: AT&T Front Group Claims Internet End Is Nigh Expect Internet brownouts unless AT&T lobbyists get what they want... http://www.dslreports.com/shownews/ATT-Front-Group-Claims-Internet-End-Is-Nigh-99213 As a rule, most warnings of Internet capacity armageddon come from traffic shaping companies looking to sell hardware, or industry lobbyists trying to shape policy through think tanks. The term "exaflood," created by the same think tank who crafted the term "intelligent design," is part of a sophisticated campaign aimed at convincing the press, public and lawmakers that without giving carriers what they want (less regulation, no net neutrality laws, no price controls, huge subsidies and tax credits, less consumer protection), the world will simply run out of bandwidth and we'll all be weeping over our clogged tubes. Andrew Odlyzko, one of the nation's top experts on global Internet traffic, repeatedly notes that while growth is strong, it doesn't necessitate drastic new pricing model shifts (metered billing), and is entirely manageable with just modest capacity upgrades. According to Odlyzko, the current Internet growth rate of about 50% per year "can be accommodated with essentially the current level of capital investment." If anything, Odlyzko predicts a slow down (something Cogent confirms). But carriers are better served having the public worry that we're running out of capacity and need to take drastic steps to avoid problems. That's why a think tank named the Discovery Institute (who also crafted the phrase "intelligent design" used to help push creationism into U.S. classrooms) cooked up the term "exaflood" in a 2007 Wall Street Journal editorial. The term is part of a campaign aimed at convincing the public and lawmakers that an industry that has always managed to adapt to bandwidth demand, will suddenly fail to do so without drastic action. What action? In addition to favorable policy, carriers throughout North America are using the non-existent crunch to argue for new metered pricing models, and increased throttling of competitors' traffic. Carriers like AT&T can't very well propose new caps on usage if you're out there believing that they already make a healthy profit and can consistently meet capacity demands. Click for full size One of the biggest pushers of the exaflood myth is the Internet Innovation Alliance, an industry trade group spearheaded largely by AT&T. With AT&T funding, the IIA likes to selectively pluck data that supports their exaflood concept from a research firm named Nemertes research about once a year. The IIA is back again this week with a press release proclaiming that by 2012, apparently incompetent engineers won't be able to manage capacity, and we will begin seeing brownouts. Fixing this incompetence will require Uncle Sam doing what AT&T wants them to: "The exponential explosion of content will persist during challenging economic times, but a prolonged global recession could starve networks of the necessary capital investment," said Bruce Mehlman, co-chair of Internet Innovation Alliance. "It's more important than ever to develop a National Broadband Strategy that will encourage investment and innovations that accelerate America's global competitiveness and address major national challenges, such as energy efficiency, health care cost and quality educational opportunity." What the IIA doesn't tell you in their release is how they hope to accommodate this mythical spending shortfall to address their mythical bandwidth crisis, or what their version of a national broadband strategy (which they're pushing this week in DC) is. Traditionally, the IIA's solution involves the government giving the biggest carriers huge deployment subsidies, while also reducing taxes on carriers. Given the government's history of failed accountability on this front, the IIA is simply asking for no-strings money. That's all the exaflood myth has ever been about. If you're not afraid yet, the IIA recently offered up this video aimed at convincing you the end is near. They don't make their sales pitch until 4:20, where they hint that "wise public policy" can save us all from the bandwidth bogeyman. Be afraid. Be very afraid. From rforno at infowarrior.org Tue Nov 25 13:04:36 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 25 Nov 2008 08:04:36 -0500 Subject: [Infowarrior] - Video: Beware the Exaflood! Message-ID: <2DF294C4-1BA7-425E-A62E-382189FAFE33@infowarrior.org> I just watched the new ATT Front Group video about the need for bandwidth safety mentioned in the article previously posted to infowarrior-l. [1] Here's a direct link to the video: http://www.youtube.com/watch?v=wVnH5D-lWrA Note they use famed 'Frontline' narrator (and BMW commercial voice- over guy) Will Lyman to make it sound even more serious and ominous. Aside from the "wise public policy" mention toward the end, I think the best quote of this video is the spooky-sounding "The impending Exaflood is cause for excitement: if America is prepared for it." Frankly I'm surprised they didn't title this video: "Exaflood determined to Attack the United States" and work in a statement along the lines of "...if the Internet dies at 3AM, who is prepared to take the call?" I swear this thing has a "9/11-be-very-afraid" feel to it and reminds me of that over-the-top Air Force Cyber Command recruiting video last year [2]. After all, it's fear that sells policy in Washington. The Exaflood. Because YouTube doesn't sound scary enough.[3] -rf [1] Original Article at URL: http://www.dslreports.com/shownews/ATT-Front-Group-Claims-Internet-End-Is-Nigh-99213 [2] Video at: http://www.infowarrior.org/users/rforno/USAF-CC-Promo.flv [3] - Yes, I think bandwidth concerns are valid and need to be addressed objectively for all involved -- however, I challenge the sensationally-spooky tactics used in conveying the message here. From rforno at infowarrior.org Thu Nov 27 00:02:23 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 Nov 2008 19:02:23 -0500 Subject: [Infowarrior] - Massive botnet returns from the dead Message-ID: <8BAD714F-7956-41BC-8280-4B888FA83886@infowarrior.org> Massive botnet returns from the dead, starts spamming Criminals regain control after security firm stops preemptively registering routing domains Gregg Keizer http://www.computerworld.com/action/article.do? command=viewArticleBasic&articleId=9121678 November 26, 2008 (Computerworld) A big spam-spewing botnet shut down two weeks ago has been resurrected, security researchers said today, and is again under the control of criminals. The "Srizbi" botnet returned from the dead late Tuesday, said Fengmin Gong, chief security content officer at FireEye Inc., when the infected PCs were able to successfully reconnect with new command-and- control servers, which are now based in Estonia. Srizbi was knocked out more than two weeks ago when McColo Corp., a hosting company that had been accused of harboring a wide range of criminal activities, was yanked off the Internet by its upstream service providers. With McColo down, PCs infected with Srizbi and other bot Trojan horses were unable to communicate with their command servers, which had been hosted by McColo. As a result, spam levels dropped precipitously. But as other researchers noted last week, Srizbi had a fallback strategy. In the end, that strategy paid off for the criminals who control the botnet. According to Gong, when Srizbi bots were unable to connect with the command-and-control servers hosted by McColo, they tried to connect with new servers via domains that were generated on the fly by an internal algorithm. FireEye reverse-engineered Srizbi, rooted out that algorithm and used it to predict, then preemptively register, several hundred of the possible routing domains. The domain names, said Gong, were generated on a three-day cycle, and for a while, FireEye was able to keep up -- and effectively block Srizbi's handlers from regaining control. "We have registered a couple hundred domains," Gong said, "but we made the decision that we cannot afford to spend so much money to keep registering so many [domain] names." Once FireEye stopped preempting Srizbi's makers, the latter swooped in and registered the five domains in the next cycle. Those domains, in turn, pointed Srizbi bots to the new command-and-control servers, which then immediately updated the infected machines to a new version of the malware. "Once each bot was updated, the next command was to send spam," said Gong, who noted that the first campaign used a template targeting Russian speakers. The updated Srizbi includes hard-coded references to the Estonian command-and-control servers, but Gong was unaware of any current attempt to convince the firm now hosting those servers to yank them off the Web. In the meantime, FireEye is working with several other companies -- including VeriSign Inc., Microsoft Corp. and Network Solutions Inc., a domain registrar -- on ways to reach the more than 100,000 users whose PCs FireEye has identified as infected with Srizbi. Discussions about how to best handle any future McColo-Srizbi situation are also ongoing, Gong said. "We're trying to find a solution, and talking about ideas of how they can help fund efforts for some period of time to [preemptively] register domains," he said. "Right now, though, we have this window of opportunity to help clean all those [100,000] machines," Gong said. "Registering those domains was just a way to buy us time. We have to reach those machines to clean them up." Although some message security companies said yesterday that spam volumes had climbed back from post-McColo troughs, Gong was hesitant to finger Srizbi's return as the reason. "Srizbi may have contributed," he said, "but Rustock is also back." Rustock, another botnet whose command-and-control servers were hosted by McColo, was partially restored when a Swedish Internet provider briefly stepped in 11 days ago to reconnect McColo to the Web. Even though McColo's connection was quickly severed by TeliaSonera after it received complaints, Rustock's controllers had enough time to instruct some of the bots to look to a Russian-hosted server for commands. From rforno at infowarrior.org Thu Nov 27 00:04:58 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 Nov 2008 19:04:58 -0500 Subject: [Infowarrior] - =?windows-1252?q?Lenovo_creates_SMS_=91kill_pill?= =?windows-1252?q?=92?= Message-ID: Lenovo creates SMS ?kill pill? David Flynn26 November 2008, 3:00 PM (20 hours 3 minutes ago.) http://apcmag.com/lenovo_creates_sms_kill_pill_for_thinkpads.htm# New service will allows users to disable a lost or stolen 3G notebook by sending it an SMS message. If BIOS-level passwords, fingerprint recognition and encrypted hard drives aren?t enough for the most paranoid portable PC user, get set for the latest in security. From early next year, Lenovo?s new Constant Secure Remote Disable service will allow owners of the latest ThinkPads to shut down their system by sending it a special SMS message from your mobile phone. Once the laptop shuts down, the self-encrypting hard drive will scramble the data. Of course, the notebook will need to be fitted with its own 3G radio, be on the air and within network range in order to receive your ?seek and destroy? text message. Up to 10 mobile numbers can be associated with a single notebook, and the content of the SMS itself must registered with the service so that the laptop will shut down only on receipt of that specific message (which could be anything from a simple ?SHUT DOWN? to ?Klaatu barada nikto? if you?re a fan of classic sci-fi movies like The Day The Earth Stood Still (oh, and if you?re nerdy enough to remember how to spell it correctly!). You?ll get an automated SMS reply to confirm the notebook has gone into lock-down mode. If the notebook somehow finds its way back into your hands, you?ll need to reboot the system and enter a pre-set passcode. The necessary notebook software will be offered for free by Lenovo, which worked with BIOS developer Phoenix Technologies to create the service, for most Montevina-class ThinkPads and IdeaPads as well as appearing on new systems next year. From rforno at infowarrior.org Thu Nov 27 19:06:33 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 27 Nov 2008 14:06:33 -0500 Subject: [Infowarrior] - Violate ToS = breaking the law Message-ID: Regarding the MySpace 'cyberbullying' news from yesterday: http://www.washingtonpost.com/wp-dyn/content/article/2008/11/26/ AR2008112600629.html?hpid=topnews A Missouri woman who posed as a 16-year-old boy on MySpace.com to woo and then rebuff a troubled teenage girl who later committed suicide was found guilty Wednesday of three misdemeanor charges, but no felonies, by a federal jury. < -> Prosecutors alleged that Drew and her employee violated MySpace's "terms of service," which prohibit using fraudulent registration information, obtaining personal information about juvenile members, and using the service to harass, abuse or harm others. < - > The verdict underscores the complexities of the case. Some legal experts and civil liberties groups said a felony conviction would mean that millions of people who violate the terms of service of the Web sites they visit could become criminally liable. Experts also said that if violating such terms is a crime, then the sites that write the agreements essentially could function as lawmakers or prosecutors. < - > .... this can be the thin edge of the wedge and turn out to be a veeeeery slippery slope for Netizens, especially given how broad, nebulous, and oft-changing (w/o notice) these 'terms' are. Hopefully cooler heads prevail. Happy Turkey Day -Rick From rforno at infowarrior.org Fri Nov 28 15:59:39 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 28 Nov 2008 10:59:39 -0500 Subject: [Infowarrior] - Worker dies; miscarriage during WalMart stampede Message-ID: <813CE619-A85F-4B23-97E9-E06399535336@infowarrior.org> Words utterly fail me here. Life? Death? Injury? Who cares, lemme at the doorbuster bargains! Idiots, all. --rf Worker dies at Long Island Wal-Mart after being trampled in Black Friday stampede BY JOE GOULD DAILY NEWS WRITER Updated Friday, November 28th 2008, 10:19 AM http://www.nydailynews.com/ny_local/ 2008/11/28/2008-11-28_worker_dies_at_long_island_walmart_after.html? print=1&page=all A worker died after being trampled and a woman miscarried when hundreds of shoppers smashed through the doors of a Long Island Wal- Mart Friday morning, witnesses said. The unidentified worker, employed as an overnight stock clerk, tried to hold back the unruly crowds just after the Valley Stream store opened at 5 a.m. Witnesses said the surging throngs of shoppers knocked the man down. He fell and was stepped on. As he gasped for air, shoppers ran over and around him. "He was bum-rushed by 200 people," said Jimmy Overby, 43, a co- worker. "They took the doors off the hinges. He was trampled and killed in front of me. They took me down too...I literally had to fight people off my back." Nassau County Police are still investigating and would not confirm the witness accounts. The Medical Examiner will determine the cause of death. Police did say there were several injuries but weren't more specific. Jessica Keyes was among the shoppers. She told the Daily News she saw a woman knocked down just a few feet from the dying worker. "When the paramedics came, she said 'I'm pregnant,'" Keyes said. Paramedics treated the woman inside the store and then, according to Keys, told the woman: "There's nothing we can do. The baby is gone." Before police shut down the store, eager shoppers streamed past emergency crews as they worked furiously to save the store clerk's life. "They were working on him, but you could see he was dead, said Halcyon Alexander, 29. "People were still coming through." Only a few stopped. "They're savages," said shopper Kimberly Cribbs, 27. "It's sad. It's terrible."