From rforno at infowarrior.org Tue Dec 1 23:26:21 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 1 Dec 2009 18:26:21 -0500 Subject: [Infowarrior] - 8 Million Reasons for Real Surveillance Oversight Message-ID: 8 Million Reasons for Real Surveillance Oversight Christopher Soghoian Sprint Nextel provided law enforcement agencies with its customers' (GPS) location information over 8 million times between September 2008 and October 2009. This massive disclosure of sensitive customer information was made possible due to the roll-out by Sprint of a new, special web portal for law enforcement officers. The evidence documenting this surveillance program comes in the form of an audio recording of Sprint's Manager of Electronic Surveillance, who described it during a panel discussion at a wiretapping and interception industry conference, held in Washington DC in October of 2009. It is unclear if Federal law enforcement agencies' extensive collection of geolocation data should have been disclosed to Congress pursuant to a 1999 law that requires the publication of certain surveillance statistics -- since the Department of Justice simply ignores the law, and has not provided the legally mandated reports to Congress since 2004. [More] All of the mp3 audio recordings & pdf FOIA scans included on this page can be found in this .zip file (100Mb). Please mirror! http://paranoia.dubfire.net/2009/12/8-million-reasons-for-real-surveillance.html From rforno at infowarrior.org Wed Dec 2 00:52:45 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 1 Dec 2009 19:52:45 -0500 Subject: [Infowarrior] - EFF sues feds for info on social network surveillance Message-ID: <9E8191F3-DE53-48A4-AFEF-85309B73334D@infowarrior.org> December 1, 2009 3:07 PM PST EFF sues feds for info on social network surveillance by Elinor Mills http://news.cnet.com/8301-27080_3-10407224-245.html?part=rss&subj=news&tag=2547-1_3-0-20 The Electronic Frontier Foundation sued the CIA, Defense Department, Justice Department and three other government agencies on Tuesday for allegedly refusing to release information about how they are using social networks in surveillance and investigations. The nonprofit Internet rights watchdog group formally asked more than a dozen agencies or departments in early October to provide records about federal guidelines on the use of sites like Facebook, Twitter, and Flickr for investigative or data gathering purposes, according to the lawsuit. The requests were prompted by published news reports about how authorities are using social networks to monitor citizen activities and aid in investigations. For example, according to the lawsuit, government officials have: used Facebook to hunt for fugitives and search for evidence of underage drinking; researched the activities of an activist on Facebook and LinkedIn; watched YouTube to identify riot suspects; searched the home of a social worker because of Twitter messages regarding police actions he sent during the G-20 summit; and used fake identities to trick Facebook users into accepting friend requests. The EFF needs access to the information to "help inform Congress and the public about the effect of such uses and purposes on citizens' privacy rights and associated legal protections," the lawsuit said. None of the agencies contacted had complied with the EFF's Freedom of Information Act (FOIA) requests and only one, the IRS, had asked for an extension, according to the suit. The suit, filed in federal court in San Francisco, names the defendants as the CIA, the office of the Director of National Intelligence, and the departments of Defense, Justice, Homeland Security and Treasury. The FOIA requests and the lawsuit were filed on behalf of the EFF by the Samuelson Law, Technology, and Public Policy Clinic at the University of California, Berkeley, School of Law. The government agencies could not be reached for comment Tuesday afternoon. From rforno at infowarrior.org Wed Dec 2 12:25:12 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 2 Dec 2009 07:25:12 -0500 Subject: [Infowarrior] - Forget the gate; is the enemy at the front door? Message-ID: <197867D5-CCAA-4FA6-A33C-71D0276C7890@infowarrior.org> (The last paragraph really says it all. --rick) Forget the gate; is the enemy at the front door? By Courtland Milloy Wednesday, December 2, 2009 http://www.washingtonpost.com/wp-dyn/content/article/2009/12/01/AR2009120104264_pf.html During a stroll outside the gates of the White House grounds the other night, I thought about the controversy surrounding Tareq and Michaele Salahi and started wondering about ways to sneak into a state dinner. So I took out my notebook and began jotting down the most visible obstacles to overcome. Streets around the White House are blocked with concrete pillars and steel shields; that meant I couldn't show up at the front door in a limo pretending to be President Obama's lost cousin from Kenya. Guards dressed in SWAT-like outfits were stationed at gatehouses around the White House grounds. Leaping over the spear-tipped wrought iron fence and making a mad dash for the Rose Garden wouldn't work, either, unless I could outrun a bullet. As I took notes, an unmarked van with tinted windows showed up and parked across the street from me, engine idling. Call it paranoia, but I began to sense the warmth of an infrared facial recognition scanner -- which made me worry that I could be mistaken for Saddam Hussein. Again. It happened back in 2003, when the threat level was raised to "orange" by the Bush administration. Highway signs urged citizens to be alert for terrorist activities. For a column, I went to the Jefferson Memorial and asked people if they had seen anything suspicious. The next thing I knew, U.S. Park Police had detained me. "We hear you've been asking curious questions," an officer said to me at the time. ""Why are you doing that?" I later learned that a tourist had called police to report that a man resembling Saddam was hanging around the cherry blossom trees, acting strangely. This time, though, I was in front of the White House, not the Tidal Basin. Far more dangerous real estate. Earlier this year, the president mentioned the consequences that even he might suffer if caught trying to break into his residence at 1600 Pennsylvania Ave. "Here, I'd be shot," Obama said. The remark had been prompted by the arrest of his friend, Harvard professor Henry Louis Gates, whom a neighbor mistook for a burglar. Entering the White House using the Gates method was definitely out. But if the president thought that he could get shot for trying to enter his own house, then it was possible that I could be considered fair game just for thinking about it. So much for breaking-and-entering fantasies. It seems the only way to get in to a state dinner uninvited is to sashay on in right past the Secret Service. After carefully approaching two police officers who were standing outside their patrol cars, not far from the idling van, I said in my friendliest tone, "You guys catching any heat over the party crashers?" The officers smiled, as congenial as tour guides -- albeit with guns. "We're just waiting on the results of the investigation," one replied. The two had deftly positioned themselves slightly on each side of me. Courteous, but cautious. We ended up talking about street closings. There was a time, for instance, when you could take your grandparents on a drive past the White House, showing them where the president lives without putting them through the agony of a long walk from some overpriced downtown parking garage. No more. "We closed this block of Pennsylvania Avenue after Oklahoma City," one of the officers said. Even in death, Timothy McVeigh was still dictating the terms of our freedom. To the east was a closed-off stretch of Madison Street that used to run between the Treasury Department and the White House. You could walk through -- drive through, too, but only old folk seem to remember those days -- with the children waving to the president they imagined was standing in an East Wing window waving back at them. No more. Al Qeada took that street away. In winter, children used to slide down the snowy steps of the U.S. Supreme Court; in spring, you could picnic on the grounds of the U.S. Capitol. No more. And now come the Salahis, reminding us -- if that investigation proves they sneaked into the White House -- how easy it is to breach it all and that safety measures for which we traded so much liberty amount to little more than an illusion. From rforno at infowarrior.org Wed Dec 2 12:29:23 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 2 Dec 2009 07:29:23 -0500 Subject: [Infowarrior] - Google to limit free news access Message-ID: Google to limit free news access Newspaper publishers will now be able to set a limit on the number of free news articles people can read through Google, the company has announced. The concession follows claims from some media companies that the search engine is profiting from online news pages. Under the First Click Free programme, publishers can now prevent unrestricted access to subscription websites. Users who click on more than five articles in a day may be routed to payment or registration pages. "Previously, each click from a user would be treated as free," Google senior business product manager Josh Cohen said in a blog post. ? This may still be a significant moment in the battle between old and new media ? Rory Cellan-Jones, BBC technology correspondent "Now, we've updated the programme so that publishers can limit users to no more than five pages per day without registering or subscribing." Google users may start seeing registration pages appear when they click for a sixth time on any given day at websites of publishers using the programme, according to Mr Cohen. This will only affect websites that currently charge for content. 'Significant move' The announcement is seen as a reaction to concerns in the newspaper industry that Google is using newspaper content unfairly. Media tycoon Rupert Murdoch, the chairman and chief executive of Newscorp, has accused firms such as Google of profiting from journalism by generating advertising revenue by linking readers to newspaper articles. Some readers have discovered they can avoid paying subscription fees to newspaper websites by calling up their pages via Google. ANALYSIS Tim Weber, business editor, BBC News website The dispute between media groups and Google reflects the general confusion over how traditional media can make money on the internet. Every newspaper owner angry about Google's linking policy can use a simple remedy: add two lines of code to a file on your servers and Google will leave you alone. Deep down, most media owners realise that the old "publish it and they will come" principle does not work in an on-demand world. If Google would not link to their websites, the very same media groups would bitterly complain about Google's refusal to generate valuable online traffic. Unless you own premium content (from the Wall Street Journal at one end to porn at the other), making money from on-demand content means first and foremost that your audiences have to be able to find you. The problem: Nobody has quite figured out a business model for a world where consumers don't want their morning or evening news, but want the Now O'clock News - the "on-demand and to my taste" news. This is because Google searches frequently link directly to newspaper articles, bypassing some sites' subscription systems. Broadcasting and media consultant Steve Hewlett said that Google's response was "a pretty significant move". "Rupert Murdoch is trying to build a consensus that paying for content online is right and that aggregators like Google that use newspaper content but don't pay for it are doing something wrong," he said. Search for revenue Newspapers are increasingly looking for new ways to make money from their online content amid a continuing decline in circulation figures and advertising revenues. Earlier this week Johnston Press, the UK's largest regional newspaper publisher, announced plans to to begin charging for access to six of its titles online. The move follows a 42% slump in advertising revenues at the group over the last two years. Earlier this year, the Daily Mail and General Trust (DMGT) cut 1,000 jobs at its regional arm Northcliffe Media, which publishes more than 100 newspapers in England and Wales. Newscorp, which owns the Times and the Sun newspapers in the UK, has also been affected by the downturn. In June, it announced losses of $3.4bn (?2bn) for the previous 12 months, describing the year as "the most difficult in recent history". It has also revealed plans to begin charging for access to all its online content. The corporation currently charges for access to its US title the Wall Street Journal. Story from BBC NEWS: http://news.bbc.co.uk/go/pr/fr/-/2/hi/business/8389896.stm Published: 2009/12/02 10:21:14 GMT ? BBC MMIX From rforno at infowarrior.org Wed Dec 2 12:31:49 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 2 Dec 2009 07:31:49 -0500 Subject: [Infowarrior] - ISP Dream Business Model? Message-ID: <525D1B7B-73F7-44D3-801A-8854FD726CCC@infowarrior.org> Hrmmm.... maybe they're taking lessons from the credit card industry? --rf Neat Trick: Rogers Offers Online Video And Broadband Cap To Punish You For Using It from the that'll-work-well dept Two separate initiatives by cable companies are coming together in conflict. We've seen how many cable companies are trying to set up video portals that will let subscribers to cable TV get access to the same content online, as a weak attempt to reduce churn of consumers dumping cable altogether and concentrating on online options. But, at the same time, they're also looking to implement broadband caps with high overage fees. Those two concepts are shown together with Rogers offering both a video portal and low metered caps with high overage fees. So your incentive is to not use the video portal (which apparently is limited in the first place). How is that going to reduce the churn? It seems like a far better option is to just go with another provider that actually focuses on adding value rather than limiting it. Too bad there's so little competition up in Canada. Ahhh... that explains things, now, doesn't it? http://techdirt.com/articles/20091201/1046327151.shtml From rforno at infowarrior.org Wed Dec 2 12:32:57 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 2 Dec 2009 07:32:57 -0500 Subject: [Infowarrior] - Students say district forced them to publish paper Message-ID: <2000FF34-861E-44F7-9935-D2696CFDAF21@infowarrior.org> www.chicagotribune.com/news/education/chi-high-school-newspaper-25-nov25,0,6312471.story High School: Students say district forced them to publish paper By William Lee Tribune reporter November 25, 2009 Less than a week after administrators at Stevenson High School in Lincolnshire halted the release of the student newspaper because of stories dealing with drinking, smoking and teen pregnancy, staff members said they were told they had less than two hours to produce a paper without the controversial stories, or receive failing grades. The staff members said they were not allowed to remove their bylines from the paper, which they said was sloppily put together and rushed to printers. "We had no time to do it. It was sloppy. It was gross. It's not what we do," said Stevenson senior and staff writer Stephanie Glassberg. "It's not our paper anymore, it's the administration's paper." Statesman Editor-in-Chief Pam Selman said the paper's staff was given the option to move past the November issue and concentrate on next month's issue, something the administration denied saying. Newspaper staff members said they felt forced and threatened to put out an inferior product. District 125 spokesman Jim Conrey said the administration never intended to stop publication of the paper. "We never said we were not going to publish the November issue. We said the issue was being delayed to provide more time for editing and layout," Conrey said. Free-speech advocates criticized the administrators Tuesday. "This is certainly one of the more outlandish abuses of power we've ever seen by a school administration," said Frank LoMante, executive director of the Student Press Law Center. "You'd be hard-pressed to find a more blatant violation of the First Amendment than what Stevenson has done today." The controversy centered on several stories slated to run in last Friday's paper. In one, two National Honor Society students, quoted anonymously, admitted to drinking and smoking, which are prohibited under the society's no-use contract. Newspaper staff members said they have secured free legal counsel. wlee at tribune.com From rforno at infowarrior.org Thu Dec 3 03:48:37 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 2 Dec 2009 22:48:37 -0500 Subject: [Infowarrior] - Certifications are not a panacea for cybersecurity woes Message-ID: <70A80B00-7ED7-4738-973F-BE87D60F910B@infowarrior.org> AMEN!!! -rick Certifications are not a panacea for cybersecurity woes ? By Daniel Castro ? Dec 01, 2009 http://fcw.com/articles/2009/12/01/comment-castro-certification.aspx As Congress debates legislation to improve cybersecurity, one problematic idea that appears to have gained some traction is developing a national certification program for cybersecurity professionals. If certifications were effective, we would have solved the cybersecurity challenge many years ago. Certainly more workforce training, although not a panacea, can help teach workers how to respond to known cyberattacks. However, workforce training is not certification, and organizations, not Congress, are in the best position to determine the most appropriate and effective training for their workers. Organizations know that simply getting their employees certified will not solve their security challenges. Although a good certification standard might be a measure of a baseline level of competence, it is not an indicator of job performance. Having certified employees does not mean firewalls will be configured securely, computers will have up- to-date patches, and employees won?t write passwords on the backs of keyboards. Nor has the increase in the number of certified cybersecurity workers nationwide resulted in any noticeable decrease in the number of computer vulnerabilities, security incidents or losses from cyber crime. Between 2001 and 2005, although the number of Certified Information Systems Security Professionals in North America quadrupled, the number of vulnerabilities cataloged by the U.S. Computer Emergency Readiness Team more than doubled, the dollar loss of claims reported to the Internet Crime Complaint Center increased more than tenfold, and the number of complaints the center referred to law enforcement increased more than twentyfold. At the federal level, a certification mandate would be little more than a box-checking activity for agencies, akin to many of the Federal Information Security Management Act requirements that tax the federal budget and workforce, but produce few results. Even worse, Congress might go further and impose costly certification requirements on a broad range of private network operators and companies in many major industries. By requiring certification for so many jobs, Congress would in effect create a ?license to practice? for cybersecurity professionals. Licenses are typically only required in professions in which the public is harmed by the absence of licensure. (Perhaps that is an argument to require licenses for members of Congress.) Therefore, the implicit assumption in arguing for a certification program for all federal cybersecurity professionals, those involved in operating critical infrastructure and potentially many more individuals in the private sector, is that the public is being harmed because unqualified workers are filling those jobs -- not because of a lack of talent or insufficient training but because hiring managers cannot distinguish between competent and incompetent cybersecurity workers. That is the only problem that certification (in the form of a de facto license) could fix. However, no proponent of that approach has provided evidence to show that the problem exists, nor is the problem commonly cited in other studies as a factor contributing to cybersecurity risks. The security community needs to speak up. The cybersecurity challenge is too important to allow Congress to provide a paper-thin response that produces nothing more than the veneer of government action without reducing any real risks. About the Author Daniel Castro is a senior analyst at the Information Technology and Innovation Foundation. From rforno at infowarrior.org Thu Dec 3 12:05:50 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 3 Dec 2009 07:05:50 -0500 Subject: [Infowarrior] - Modern Spook's Data Retention Wish List Message-ID: <24843ABE-7320-4EB3-9B15-1D98C73ADB1B@infowarrior.org> Modern Spook's Data Retention Wish List Concerning retained traffic, geolocation and financial data in circuit switched wireline and 3G mobile networks as well as the Internet ETSI TS 102 657 V1.3.1 (2009-09) Technical Specification Lawful Interception (LI); Retained data handling; Handover interface for the request and delivery of retained data http://cryptome.org/ETSI_TS_102_657_V1.3.1_(2009-09).pdf (89pp, 470KB) From rforno at infowarrior.org Thu Dec 3 12:06:34 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 3 Dec 2009 07:06:34 -0500 Subject: [Infowarrior] - Telco spying guides (assorted) Message-ID: <98BC494A-1C49-4F8A-8835-1F0BBD694BFB@infowarrior.org> Cryptome has a bunch of ISP 'spy guides' posted now, and Yahoo's already invoking DMCA (yawn) to get them to remove their guide. So if you're curious, get 'em while you can. http://www.cryptome.org/ From rforno at infowarrior.org Fri Dec 4 01:33:57 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 3 Dec 2009 20:33:57 -0500 Subject: [Infowarrior] - Introducing Google Public DNS Message-ID: <0026B213-EA0C-4605-A70E-0133E202E419@infowarrior.org> http://googlecode.blogspot.com/2009/12/introducing-google-public-dns-new-dns.html Introducing Google Public DNS: A new DNS resolver from Google Thursday, December 03, 2009 Today, as part of our efforts to make the web faster, we are announcing Google Public DNS, a new experimental public DNS resolver. The DNS protocol is an important part of the web's infrastructure, serving as the Internet's "phone book". Every time you visit a website, your computer performs a DNS lookup. Complex pages often require multiple DNS lookups before they complete loading. As a result, the average Internet user performs hundreds of DNS lookups each day, that collectively can slow down his or her browsing experience. We believe that a faster DNS infrastructure could significantly improve the browsing experience for all web users. To enhance DNS speed but to also improve security and validity of results, Google Public DNS is trying a few different approaches that we are sharing with the broader web community through our documentation: ? Speed: Resolver-side cache misses are one of the primary contributors to sluggish DNS responses. Clever caching techniques can help increase the speed of these responses. Google Public DNS implements prefetching: before the TTL on a record expires, we refresh the record continuously, asychronously and independently of user requests for a large number of popular domains. This allows Google Public DNS to serve many DNS requests in the round trip time it takes a packet to travel to our servers and back. ? Security: DNS is vulnerable to spoofing attacks that can poison the cache of a nameserver and can route all its users to a malicious website. Until new protocols like DNSSEC get widely adopted, resolvers need to take additional measures to keep their caches secure. Google Public DNS makes it more difficult for attackers to spoof valid responses by randomizing the case of query names and including additional data in its DNS messages. ? Validity: Google Public DNS complies with the DNS standards and gives the user the exact response his or her computer expects without performing any blocking, filtering, or redirection that may hamper a user's browsing experience. We hope that you will help us test these improvements by using the Google Public DNS service today, from wherever you are in the world. We plan to share what we learn from this experimental rollout of Google Public DNS with the broader web community and other DNS providers, to improve the browsing experience for Internet users globally. To get more information on Google Public DNS you can visit our site, read our documentation, and our logging policies. We also look forward to receiving your feedback in our discussion group. From rforno at infowarrior.org Sun Dec 6 23:30:07 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 6 Dec 2009 18:30:07 -0500 Subject: [Infowarrior] - A closed meeting on openness Message-ID: PROMISES, PROMISES: A closed meeting on openness By SHARON THEIMER (AP) ? 5 hours ago http://www.google.com/hostednews/ap/article/ALeqM5joOOsTVD57lFwm_InpZY_nRbg4KQD9CDRVOO0 WASHINGTON ? It's hardly the image of transparency the Obama administration wants to project: A workshop on government openness is closed to the public. The event Monday for federal employees is a fitting symbol of President Barack Obama's uneven record so far on the Freedom of Information Act, a big part of keeping his campaign promise to make his administration the most transparent ever. As Obama's first year in office ends, the government's actions when the public and press seek information are not yet matching up with the president's words. "The Freedom of Information Act should be administered with a clear presumption: In the face of doubt, openness prevails," Obama told government offices on his first full day as president. "The government should not keep information confidential merely because public officials might be embarrassed by disclosure, because errors and failures might be revealed, or because of speculative or abstract fears." Obama scored points on his pledge by requiring the release of detailed information about $787 billion in economic stimulus spending. It's now available on a Web site, http://www.recovery.gov. Other notable disclosures include waivers that the White House has granted from Obama's conflict-of-interest rules and reports detailing Obama's and top appointees' personal finances. Yet on some important issues, his administration produced information only after government watchdogs and reporters spent weeks or months pressing, in some cases suing. Those include what cars people were buying using the $3 billion Cash for Clunkers program (it turned out the most frequent trades involved pickups for pickups with only slightly better gas mileage); how many times airplanes have collided with birds (a lot); whether lobbyists and donors meet with the Obama White House (they do); rules about the interrogation of terror suspects (the FBI and CIA disagreed over what was permitted); and who was speaking in private with Treasury Secretary Timothy Geithner (he has close relationships with a cadre of Wall Street executives whose multibillion-dollar companies survived the economic crisis with his help). The administration has refused to turn over important records. Obama signed a law that let the Pentagon refuse to release photographs showing U.S. troops abusing detainees, and Defense Secretary Robert Gates then did so. The Obama administration, like the Bush administration before it, has refused to release details about the CIA's "black site" rendition program. The Federal Aviation Administration wouldn't turn over letters and e-mails among FAA officials about reporters' efforts to learn more about planes that crash into birds. Just last week, a State Department deputy assistant secretary, Llewellyn Hedgbeth, said at a public conference that "as much as we want to promote transparency," her agency will work just as hard to protect classified materials or information that would put the United States in a bad light. People who routinely request government records said they don't see much progress on Obama's transparency pledge. "It's either smoke and mirrors or it was done for the media," said Jeff Stachewicz, founder of Washington-based FOIA Group Inc., which files hundreds of requests every month across the government on behalf of companies, law firms and news organizations. "This administration, when it wants something done, there are no excuses. You just don't see a big movement toward transparency." The San Francisco-based Electronic Frontier Foundation, a civil liberties group, said it filed 45 requests for records since Obama became president, and that agencies such as NASA and the Energy Department have been mostly cooperative in the spirit of Obama's promises. But the FBI and Justice Department? Not so much, said Nate Cardozo, working for the foundation on a project to expose new government surveillance technologies. The FBI resisted turning over copies of reports to a White House intelligence oversight board about possible bureau legal violations. The FBI said it's so far behind reviewing other, unrelated requests that it can't turn over the reports until May 2014. "This administration started with a bang, saying this was going to be a new day, and we had really high expectations," Cardozo said. "We haven't seen much of a change. The Justice Department said there would be a stronger presumption in favor of disclosure, but that hasn't been the case." Obama has approved startup money for a new office taking part in Monday's closed conference, the Office of Government Information Services. It was created to resolve disputes involving people who ask for records and government agencies. But as evidenced by the open- records event behind closed doors, there is a long way to go. "We'd like to know, when they're training agencies, are they telling them the same thing they're saying in public, that they're committed to making the Freedom of Information Act work well and make sure that agencies are releasing information whenever possible while protecting important issues like individual privacy and national security," said Rick Blum, coordinator of the Sunshine in Government Initiative, of which The Associated Press is a member. The closed conference will provide tips for FOIA public liaisons on communicating and negotiating with people who make requests, and introduce the new Office of Government Information Services to them, said Melanie Ann Pustay, director of the Justice Department's Office of Information Policy, which takes the lead on government openness issues. Pustay said she planned to say the same things at the private workshop that she would say publicly. She offered these reasons to explain why it was closed: She wanted government employees to be able to speak candidly, and the conference would be in an auditorium at the Commerce Department, where she said a government ID was required to be admitted. The AP and others news organizations routinely enter government buildings to cover the government. Pustay said she is looking for ways to improve how the government responds to information requests, which costs roughly $400 million each year. The director of the new Office of Government Information Services, Miriam Nisbet, said the event was closed to make sure there would be room for all the government employees attending. "I can understand skepticism anytime a meeting for government people is not necessarily open to the public," Nisbet said. "However, everything that is discussed there is absolutely available for the public to know about." Associated Press writer Ted Bridis contributed to this report. On the Net: ? Office of Government Information Services: http://www.archives.gov/ogis/ ? Obama memo on the Freedom of Information Act: http://tinyurl.com/yhjgqfm ? Holder memo on FOIA: http://tinyurl.com/ygbdxzp Copyright ? 2009 The Associated Press. All rights reserved. From rforno at infowarrior.org Sun Dec 6 23:30:54 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 6 Dec 2009 18:30:54 -0500 Subject: [Infowarrior] - U.S. Navy Builds An MMOG Message-ID: <5FC9E5E5-AA0A-43D2-BC90-9EA75A4F7A62@infowarrior.org> The U.S. Navy Builds An MMOG http://www.strategypage.com/htmw/htlead/articles/20091206.aspx December 6, 2009: The U.S. Navy is looking for a game development company to bid on a project to help create a multiplayer game for training and brainstorming. What they want initially is a feasibility study on the creation of a " Massive Multiplayer Online War Game Leveraging the Internet (MMOWGLI)." The proposals are due by December 28th. The navy wants a game that will enable them to further explore what they might be able to do with a multiplayer game, that can be used by players all over the world. The following description includes material from the navy solicitation document (in "parenthesis"). "It is anticipated that the number of players will be between 50 and 1000. Players will be drawn from a pool that includes military officers, government civilians, and government contractors. It is expected that players will be generally knowledgeable but not necessarily be Subject Matter Experts." "The game will be unclassified; however it will not be open or available to the general public. Respondents should be prepared to address game play within a restrictive information assurance environment." "For the purposes of the pilot, the graphics environment should be just enough, but not more than, that needed to facilitate the play of a turn based strategy game." "The game is non-deterministic and will be played in three moves that are related to, yet still distinct from, each other. It is conceivable that insights gleaned from game play during Moves One and Two may be used to modify Moves Two and Three respectively. Respondents should plan on some level of effort being dedicated to being part of the game controller team during game play, and to making changes to the scenarios of subsequent moves. Each move is anticipated to last between one to two weeks of calendar time, with one to two weeks of calendar time between moves for game controller activities. " "Move One - Protecting the Sea Lanes: Move One is designed to get the players engaged in the game - collaborating and thinking strategically. Players attend a major International Anti-Piracy Conference being convened under the auspices of the International Maritime Organization. Players, representing various anti-piracy stakeholders, sign up as members of various working groups which are tasked with addressing aspects of the piracy problem. Once formed into teams/working groups, the players will have tasking to address activities related to military and operational coordination, information sharing, and the operational role of the regional coordination center. The complete player tasking is contained in the attachment. What the players produce: working as part of collaborative teams, the players will produce n-# of multimedia responses to the tasking they receive, where n-# corresponds to the number of teams. Assignment of players into teams: To the maximum extent practical, it is the intent that game controllers allow the teams to self organize and self manage. Thus, it is conceivable that a distribution of team sizes will exist, including some that are very small and some that are very large. " "Move Two - Attacks at Sea: The scenario is multiple near simultaneous attacks on ships transiting the Red Sea to the Horn of Africa. Players would be self selecting and self organizing into collaborative teams of either Red (pirates) or Blue (US and Allied response). It is conceivable that players may have the option of signing up to be part of a third party as well, representing e.g. NGOs, other governments, etc, but this has not yet been determined. " "Players will be provided with a menu of Red forces to work with, Blue forces to work with, constraints on how much of each they can use, and a description of the targets. This will be government furnished information. The attachment has more complete details. The first action belongs to Red, who is tasked with developing a plan of attack, with a deadline. The players would then produce n-# of multimedia responses, where the response describes their plan of attack. Once the Red plans of attack are submitted, then Blue takes over. Blue teams may respond to as many of the Red plans of attack as they wish. Blue's output consists of n-# of multimedia responses, where the response describes their plan of defense/counter-attack to the various Red attacks. " "Move Three: The game continues with a final move consisting of a range of scenarios that are logical outcomes from Move Two. These scenarios include, but may not be limited to: . Conducting a hostage rescue ashore . Conducting a hostage rescue at sea . Dismantling pirate base camps . Disrupting the pirate support infrastructure ashore and/or overseas . Helping the Somali Transitional National Government and Puntland officials restore order and the rule of law. Developing a viable indigenous Somali Coast Guard . Providing humanitarian assistance. Others, potentially based on insights gleaned from play in Moves One or Two." "Teams will have the option of selecting which scenario(s) to play. The format of game play will mirror that of Move Two, this time with Blue owning the first action and Red having the response. The players would produce the same output as in Move Two, i.e. n-# of multimedia responses consisting of a plan of attack (for Blue) and a plan of response or counter-attack (for Red)." The navy also wants a Unified User Interface (the MMOWGLI Appliance). "As discussed earlier in this document, it is envisioned that the primary level of effort for the pilot will go toward integration of existing component technologies. To that end, respondents should address, to the maximum extent practical, having a unified user interface. In the ideal outcome, players and participants should be able to run a single program to participate meaningfully in the game. The term "appliance" is being used to mean a unified system consisting of an integrated hardware and software deliverable. Upon initial entry, users will be given the opportunity to create an account to enter personal information such as education and professional background. The addition of interests and hobbies will be encouraged to create a well rounded profile. Information should be organized in such a way as to promote social networking and used by others as Teams self organize." "An online help system will be will be available to user along with basic system usage training. Player responsibilities will be explained in this system and it should be accessible at any time. Help topics will cover tools provided by the MMOWGLI Appliance." "Players will be guided to documentation/media library where they are exposed to an initial presentation of the scenarios and background information. Users will be presented with questions to answer and are provided with expectations of minimum satisfactory responses to be completed by the end of each move. Game controllers are people tasked with the duty of guiding game play. Players may be provided with additional information, injected by the game controllers, at any time. Game Controllers may answer questions and encourage teams to gel. Key questions may be posed during a move in response to player inputs. " "Players will have the ability to create, edit, share, and compartmentalize all content created and archived within the appliance. Content may be defined as documents (text, word processed, spreadsheets, and presentations), audio, and video. Users will have the ability to send alerts via instant messaging or email to team members when content has been added or changed. Players will be provided a suite of online collaboration tools where teams would be allowed to create private forums. The team may assign moderator rights to the leader. Teams would have public and private chat capabilities, allowing polling." In a section of the document titled, "Scoring, Ranking, Adjudication and Other Factors Affecting Player Engagement": "Respondents should address having a scheme for ranking and scoring players and teams both publicly and privately. The scheme should combine elements that are objective as well as subjective (i.e. determined by the game controllers). It is envisioned that these criteria would be made known to the players. Since the game is non- deterministic, it is envisioned that the game controller team will have to adjudicate winners and losers for each Move (i.e. human-in-the- loop). In addition to the basics of scoring and ranking, respondents should address other aspects of game play that they assess as important to making the game experience meaningful." The navy eventually wants to add analysis, of player actions, to the game, but not in this prototype version. "Future Considerations Re-Use and Re-Purposability: The feasibility study should also address the re-purposing of this pilot into an eventual platform for ongoing experimentation and innovation. Topics to address include the following: Data capture mechanisms and protocols, Data analysis tools, Modular design. Support for user authored games and user generated content beyond the scope of the scenario described in this document. Support for user generated real time changes in content, i.e. injection of excursions. Integration of 3-D graphics Planned support for external connections to other simulators such as High Level Architecture Real-time Platform-level Reference Federated Object Model (IEEE 1516 HLA RPR FOM) or the Distributed Interactive Simulation Protocol." From rforno at infowarrior.org Mon Dec 7 02:25:51 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 6 Dec 2009 21:25:51 -0500 Subject: [Infowarrior] - Archived ISP/Telco 'Spyguides' Message-ID: <2A2E41F9-9695-4FF9-A3BF-5AA88D476083@infowarrior.org> Since a lot of folks have reported the availability of assorted "ISP Spying Guides" in recent days, I've decided to aggregate the once I've encountered thus far for your convenience and reading pleasure. http://www.infowarrior.org/users/rforno/streissand-effect/telco-isp-spyguides.zip (5MB zipfile) (Source: Cryptome, Wikileaks) -rick From rforno at infowarrior.org Mon Dec 7 04:41:26 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 6 Dec 2009 23:41:26 -0500 Subject: [Infowarrior] - UK police U-turn on photographers and anti-terror laws Message-ID: <927E1977-7DFA-41E5-A5D3-8EB5F5DBEF9D@infowarrior.org> http://www.independent.co.uk/news/uk/home-news/police-uturn-on-photographers-and-antiterror-laws-1834626.html December 5, 2009 Police U-turn on photographers and anti-terror laws By Jerome Taylor and Mark Hughes Don't use anti-terror laws to prevent pictures being taken, officers told Police forces across the country have been warned to stop using anti- terror laws to question and search innocent photographers after The Independent forced senior officers to admit that the controversial legislation is being widely misused. The strongly worded warning was circulated by the Association of Chief Police Officers (Acpo) last night. In an email sent to the chief constables of England and Wales's 43 police forces, officers were advised that Section 44 powers should not be used unnecessarily against photographers. The message says: "Officers and community support officers are reminded that we should not be stopping and searching people for taking photos. Unnecessarily restricting photography, whether from the casual tourist or professional, is unacceptable." Chief Constable Andy Trotter, chairman of Acpo's media advisory group, took the decision to send the warning after growing criticism of the police's treatment of photographers. Writing in today's Independent, he says: "Everyone... has a right to take photographs and film in public places. Taking photographs... is not normally cause for suspicion and there are no powers prohibiting the taking of photographs, film or digital images in a public place." He added: "We need to make sure that our officers and Police Community Support Officers [PCSOs] are not unnecessarily targeting photographers just because they are going about their business. The last thing in the world we want to do is give photographers a hard time or alienate the public. We need the public to help us. "Photographers should be left alone to get on with what they are doing. If an officer is suspicious of them for some reason they can just go up to them and have a chat with them - use old-fashioned policing skills to be frank - rather than using these powers, which we don't want to over-use at all." Section 44 of the Terrorism Act allows the police to stop and search anyone they want, without need for suspicion, in a designated area. The exact locations of many of these areas are kept secret from the public, but are thought to include every railway station in and well- known tourist landmarks thought to be at risk of terrorist attacks. Many photographers have complained that officers are stopping them in the mistaken belief that the legislation prohibits photographs in those areas. Forces who use Section 44, most commonly London's Metropolitan Police, have repeatedly briefed and guided frontline officers on how to use the powers without offending the public. But privately senior officers are "exasperated, depressed and embarrassed" by the actions of junior officers and, particularly, PCSOs who routinely misuse the legislation. One source said that an "internal urban myth" had built up around police officers who believe that photography in Section 44 areas is not allowed. The aberrations have resulted in nearly 100 complaints to the police watchdog. Since April 2008 every complaint made by a member of the public about the use of Section 44 powers, unlike other complaints, must be forwarded to the Independent Police Complaints Commission. In the past 18 months there have been 94 complaints. Eight of these specifically mentioned the fact that the issue arose around photography. Acpo's communiqu? has been welcomed by rank-and-file police officers and photographers alike. Simon Reed, the chairman of the Police Federation, which represents England and Wales's 140,000 rank-and-file officers, said: "I think some new guidance will be welcome." New orders: The message to officers This is the message circulated by Andy Trotter, of the Association of Chief Police Officers, to police forces in England and Wales. "Officers and PCSOs are reminded that we should not be stopping and searching people for taking photos. "There are very clear rules around how stop-and-search powers can be used. However, there are no powers prohibiting the taking of photographs, film or digital images in a public place. Therefore members of the public and press should not be prevented from doing so. "We need to co-operate with the media and amateur photographers. They play a vital role as their images help us identify criminals. "We must acknowledge that citizen journalism is a feature of modern life and police officers are now photographed and filmed more than ever. "However, unnecessarily restricting photography, whether from the casual tourist or professional is unacceptable and worse still, it undermines public confidence in the police service." A personal viewpoint: 'I was reminded why I left the police' I spent 27 years as a PC in the Met, but it was during a trip to my old police station with a friend late last year that I was starkly reminded why I eventually decided to leave. Since 2003 I have been living in France, where I coach a children's rugby team not far from Toulouse. But last December my sister needed to see a specialist in Harley Street so I went with her and a rugby friend of mine back to London for the week. While my sister went to the doctors I suggested to my friend, Will, that we should go and take a look at Albany Street police station near Regent's Park, which was where I spent my first eight years as a copper. It's the kind of station that looks like something out of Dixon of Dock Green, it has a lovely little blue police light outside the entrance and I asked Will whether he'd take a picture of me standing underneath it. Within seconds we found ourselves approached by two PCSOs who told us that we were not allowed to take photographs of police stations. I didn't want to be a sad old git by telling stories of my past and the nostalgia I felt for the place. So instead I said: "We're tourists. We want a picture of that Blue lamp, it's iconic and it represents London bobbies." But they didn't want any of it and ordered us to stop taking photographs. The second PCSO started asking Will for his details which he began to give before I informed him that he was under no obligation to do so. I'd clearly failed what the police call "the attitude test" because they radioed for back-up from inside the police station and we were soon joined by a police constable. Often during my time as a policeman I would hear this policy. If someone was bolshy, argumentative or challenging in any manner, refusing to play by the police rules and not willing to show deference, then they had failed the "attitude test". I guess I hoped the PC would show more common sense but he repeated the same line, that the police station was in a "sensitive zone" and that we had to stop taking photographs. Eventually we gave up and walked away. From rforno at infowarrior.org Mon Dec 7 04:45:00 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 6 Dec 2009 23:45:00 -0500 Subject: [Infowarrior] - Movie theater nuttiness Message-ID: Charged With Felony After Taping 4 Minutes Of "New Moon" By Meg Marco on December 3, 2009 1:05 PM 53961 views http://consumerist.com/2009/12/charged-with-felony-after-taping-4-minutes-of-new-moon.html The Sun-Times is reporting that a 22-year-old Chicago woman has been arrested and charged with a felony after taping 4 minutes of "New Moon" during her sister's surprise 29th birthday party. Managers saw the woman taping and called the police, who examined the camera (a digital still camera that also takes short video segments) and say they found ?two very short segments? that totaled no more than 4 minutes. The alleged felony movie-taper says she was taking pictures of her family before the film and that nobody warned her. From the Sun-Times: ??We sang ?Happy Birthday? to her in the theater,? Tumpach said. She also took pictures of family members in the theater before the film began, but an usher who saw the photo session never issued them a warning, Tumpach said. As ads and previews ran on the big screen, she fiddled with the camera ? which she got in July and is still learning how to work ? and was surprised to see it took clear videos of the screen. The footage she shot also includes the pre-film commercials, as well as her talking about the camera and the movie. ?You can hear me talking the whole time,? Tumpach said. She plans to fight in court the felony filed against her because she said she did nothing wrong ? and certainly didn?t try to secretly tape the movie. ?It was never my intention to record the movie,? she said. ? The theater managers decided to press charges, so the woman spent two nights in jail and faces up to three years in prison. From rforno at infowarrior.org Mon Dec 7 13:52:43 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 7 Dec 2009 08:52:43 -0500 Subject: [Infowarrior] - Fwd: TSA releases screening manual with unredacted redactions References: <20091207120022.GA29999@gsp.org> Message-ID: Begin forwarded message: > From: Rich Kulawiec > Date: December 7, 2009 7:00:22 AM EST > To: Paul Ferguson , Richard Forno >, Dave Farber > Subject: TSA releases screening manual with unredacted redactions > > (via BoingBoing) > > The TSA makes another stupid move > http://www.wanderingaramean.com/2009/12/tsa-makes-another-stupid-move.html > > Excerpt: > > So the decision to publish it on the Internet is probably a > questionable one. On top of that, however, is where the real > idiocy shines. They chose to publish a redacted version of > the document, hiding all the super-important stuff from the > public. But they apparently don't understand how redaction works > in the electronic document world. See, rather than actually > removing the offending text from the document they just drew > a black box on top of it. Turns out that PDF documents don't > really care about the black box like that and the actual content > of the document is still in the file. > > Yup, their crack legal staff managed to screw this one up pretty > badly. Want to know which twelve passports will instantly get > you shunted over for secondary screening, simply by showing them > to the ID-checking agent? Check out Section 2A-2 (C) (1) (b) > (iv). Want to know the procedure for CIA-escorted passengers > to be processed through the checkpoint? That's in the document, > too; Details on the calibration process of the metal detectors is > in there. So is the procedure for screening foreign dignitaries. > > > Document mirror: > > http://cryptome.org/tsa-screening.zip > > ---Rsk > From rforno at infowarrior.org Mon Dec 7 16:36:23 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 7 Dec 2009 11:36:23 -0500 Subject: [Infowarrior] - Rules of MacNeil/Lehrer Journalism Message-ID: <5798DA34-0F24-47B4-A9E6-8E5CEFED4B91@infowarrior.org> 'I Am Not in the Entertainment Business' and Other Rules of MacNeil/ Lehrer Journalism By: Dave Gustafson http://www.pbs.org/newshour/rundown/2009/12/im-not-in-the-entertainment-business-and-other-rules-of-macneillehrer-journalism.html Signing off of Friday's broadcast, Jim Lehrer outlined the journalistic mindset that has driven the program for 34 years and will continue to guide it when its fifth iteration relaunches Monday as the PBS NewsHour: JIM LEHRER: People often ask me if there are guidelines in our practice of what I like to call MacNeil/Lehrer journalism. Well, yes, there are. And here they are: * Do nothing I cannot defend. * Cover, write and present every story with the care I would want if the story were about me. * Assume there is at least one other side or version to every story. * Assume the viewer is as smart and as caring and as good a person as I am. * Assume the same about all people on whom I report. * Assume personal lives are a private matter, until a legitimate turn in the story absolutely mandates otherwise. * Carefully separate opinion and analysis from straight news stories, and clearly label everything. * Do not use anonymous sources or blind quotes, except on rare and monumental occasions. * No one should ever be allowed to attack another anonymously. * And, finally, I am not in the entertainment business. Here is how I closed a speech about our changes to our PBS stations family last spring: "We really are the fortunate ones in the current tumultuous world of journalism right now. When we wake up in the morning, we only have to decide what the news is and how we are going to cover it. We never have to decide who we are and why we are there." That is the way it has been for these nearly 35 years. And that's the way it will be forever. And for the NewsHour, there will always be a forever. From rforno at infowarrior.org Tue Dec 8 01:56:55 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 7 Dec 2009 20:56:55 -0500 Subject: [Infowarrior] - F.C.C. May Pry Open the Cable Set-Top Box Message-ID: <4136E392-654E-4074-A560-88BE0B9E5195@infowarrior.org> F.C.C. May Pry Open the Cable Set-Top Box December 4, 2009, 12:58 pm By SAUL HANSELL http://bits.blogs.nytimes.com/2009/12/04/watch-out-comcast-the-fcc-may-not-let-you-favor-nbc/ Officially, Julius Genachowski had only a terse one-sentence statement about Comcast?s proposed acquisition of NBC on Monday. It said: ?The FCC will carefully examine the proposed merger and will be thorough, fair and fact-based in its review.? But a relatively obscure rule-making notice, also issued Monday, is warning the industry that the commission under Mr. Genachowski may well break up the cozy relationship between TV networks and cable systems, merger or not. Specifically, the commission wants to make it much easier for anyone who makes a video program to send it directly to your television set, without having to cut a deal with a cable company. That was the implication of a five-page document titled ?Comment sought on video device innovation? that appeared on the commission?s Web site. Technically, it relates to one of the commission?s most ineffectual areas of regulation: cable set-top boxes. In 1996, Congress ordered the commission to create rules that would let people buy ?navigation devices? ? in other words, set-top boxes, remote controls and other gizmos that change channels on your TV ? from a consumer electronics company rather than just from their cable company. The idea was there would be a standard so that any set-top box would work in any cable system. The last time you went to Best Buy, did you see any cable boxes? I didn?t think so. The reason for that is the subject of a debate. Electronics companies say the cable systems have dragged their feet for a decade in supporting open technical specifications. The cable companies say they have standards, but consumers would rather rent boxes for a few dollars a month than spend hundreds up front. In any case, the commission?s inquiry skips past this annoying argument to point out that the real question today is how TVs will connect not only to cable and satellite services but also to video provided directly over the Internet. The commission points out that people are watching much more online video from sites like Hulu, Netflix and YouTube, and they are buying gadgets that can put those programs on their television from companies like Apple, TiVo, and Roku. Very little of that Internet video, however, comes through boxes that cable or satellite companies provide. The commission asks four rather provocative questions, that I?ll do my best to translate into English here: ? Why can?t that box you get from your cable company also get programs over the Internet and from other sources? ? Would the availability of set-top boxes in retail stores encourage people to get broadband Internet service (something the commission wants to do) and create a competitive market in devices that hook up to cable systems? ? Should the commission mandate a technical standard that would let video flow freely around a home to any compatible device, just as the Wi-Fi standard allows any computer to hook up to your Internet connection? ? What has stopped the long-promised convergence between televisions and computers? The words ?network neutrality? don?t appear anywhere in the commission?s notice, but the rules it is asking about are exactly the sort that many in the communications industry fear as the commission pushes net neutrality principles. The commission is suggesting that since cable TV shows are fundamentally no different from any other data sent over the Internet, they might well be offered through the sort of open standards we are used to for computers, not the closed systems of cable companies. In other words, there is no reason that the company that runs a wire to your house (say, Comcast) should have any special right to sell you a bundle of programming that goes over the wire (say, a bunch of NBC networks). The cable companies no doubt will argue that the market is working fine and that new rules will stifle innovation and keep them from earning enough money to keep investing in their networks. Companies that just make programs are likely to be more muted. The cable companies are their biggest revenue streams today. But they are also intrigued by the idea of connecting directly to their customers and cutting out the middlemen. (That is, those companies that didn?t just agree to be sold to a middleman.) In any case, expect these arguments to hit like a tornado. The commission has allowed less than three weeks for comments, which are due Dec. 21. From rforno at infowarrior.org Tue Dec 8 02:00:32 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 7 Dec 2009 21:00:32 -0500 Subject: [Infowarrior] - Google chief: only miscreants worry about net privacy Message-ID: <46F2A50F-4600-469D-8459-3DD1EE0D2FAF@infowarrior.org> Google chief: only miscreants worry about net privacy http://www.theregister.co.uk/2009/12/07/schmidt_on_privacy/ 'If you don't want anyone to know, don't do it' By Cade Metz in San Francisco ? Get more from this author Posted in Music and Media, 7th December 2009 19:56 GMT If you're concerned about Google retaining your personal data, then you must be doing something you shouldn't be doing. At least that's the word from Google CEO Eric Schmidt. "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place," Schmidt tells CNBC, sparking howls of incredulity from the likes of Gawker. But the bigger news may be that Schmidt has actually admitted there are cases where the search giant is forced to release your personal data. "If you really need that kind of privacy, the reality is that search engines - including Google - do retain this information for some time and it's important, for example, that we are all subject in the United States to the Patriot Act and it is possible that all that information could be made available to the authorities." There's also the possibility of subpoenas. And hacks. But if any of this bothers you, you should be ashamed of yourself. According to Eric Schmidt. Gawker highlights the irony of Schmidt's typically haughty proclamations. After all, this is the man who banned CNet for a year after the news site published information about him it had gleaned from, yes, Google. But the larger point here is that Schmidt isn't even addressing the issue at hand. Per usual. When the privacy question appears, Google likes to talk about the people asking the questions. But the problem lies elsewhere: with the millions upon millions blissfully unaware of the questions. If you're concerned about your online privacy, you can always put the kibosh on Google's tracking cookies. You can avoid signing in to Google accounts. And, yes, you can avoid using Google for anything Eric Schmidt thinks you shouldn't be doing. But most web users don't even realize Google is hoarding their data. CNBC asks Schmidt: "People are treating Google like their most trusted friend. Should they be?" But he answers by scoffing at those who don't trust Google at all. Not that you'd expect anything less. As always, Schmidt's holier-than- thou attitude is wonderfully amusing. Except that it's not. ? From rforno at infowarrior.org Tue Dec 8 02:02:46 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 7 Dec 2009 21:02:46 -0500 Subject: [Infowarrior] - Pentagon: Zombie Pigs First, Then Hibernating Soldiers Message-ID: Pentagon: Zombie Pigs First, Then Hibernating Soldiers ? By Katie Drummond ? December 4, 2009 | ? 4:50 pm | http://www.wired.com/dangerroom/2009/12/pentagon-zombie-pigs-first-then-hibernating-gis/ Around half of U.S. troop fatalities are caused by blood loss from battlefield injuries. Now, with another 30,000 troops deploying to Afghanistan, the Pentagon is pushing for medical advances that can save more lives during combat. The Defense Department?s latest research idea: Stop bleeding injuries by turning pigs into the semi- undead. If it works out, we humans could be the next ones to be zombified. Military?s mad-science arm Darpa has awarded $9.9 million to the Texas A&M Institute for Preclinical Studies (TIPS), to develop treatments that can extend a ?golden period? when injured war fighters have the best chance of coming back from massive blood loss. Odds of survival plummet after an hour ? during combat, that kind of quick evacuation, triage and treatment is often impossible. The institute?s research will be based on previous Darpa-funded efforts. One project, at Stanford University, hypothesized that humans could one day mimic the hibernation abilities of squirrels ? who emerge from winter months no worse for wear ? using a pancreatic enzyme we have in common with the critters. The other, led by Dr. Mark Roth at the Fred Hutchinson Cancer Research Center, used nematode worms and rats to test how hydrogen sulfide could block the body?s ability to use oxygen ? creating a kind of ?suspended animation? where hearts stop beating and wounds don?t bleed. After removing 60 percent of the rat?s blood, Dr. Roth managed to keep the critters alive for 10 hours using his hydrogen sulfide cocktail. The next logical step: Try the same thing on pigs. They?ve got a similar cardiovascular system to humans, and TIPS researchers Theresa Fossum and Matthew Miller think they can accurately predict human results from the swine trials. Using anesthetized pigs, the doctors are testing various compounds, some containing hydrogen sulfide, to find one that can safely keep the hemorrhaging animals ?as close to death as possible.? With a 15-person team working exclusively on the project, the institute anticipates successful results within 18 months. ?Darpa wants this to happen yesterday, because it was needed yesterday,? Dr. Miller told Danger Room. Once the team comes up with the right elixir, it?ll undergo federally mandated safety testing. After that, the zombie vaccine will be sent to the battlefield for human application. Dr. Fossum predicts that each soldier will carry a syringe into combat zones or remote areas, and medic teams will be equipped with several. A single injection will minimize metabolic needs, de-animating injured troops by shutting down brain and heart function. Once treatment can be carried out, they?ll be ?re-animated? and ? hopefully ? as good as new. From rats, to pigs, to troops ? to civilians. Dr. Miller anticipates dozens of medical applications, including the preservation of organs before transplants and suspension of life-threatening emergencies, like heart attacks and strokes. ?Everybody?s talking about the military use of this, and that?s our focus now,? he says. ?But really, this could be much, much bigger than that.? From rforno at infowarrior.org Tue Dec 8 19:36:02 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 8 Dec 2009 14:36:02 -0500 Subject: [Infowarrior] - Google teams with Post, N.Y. Times to create online tool Message-ID: <2CFC0EB7-E397-44BE-ACA5-95E2DF5BCFB6@infowarrior.org> Google teams with Post, N.Y. Times to create online tool 'Living story' pages aim to change how news is consumed on the Web By Howard Kurtz Washington Post Staff Writer Tuesday, December 8, 2009 1:26 PM http://www.washingtonpost.com/wp-dyn/content/article/2009/12/08/AR2009120802319_pf.html Take the engineering mystique of Google, add the prestige of The Washington Post and New York Times, throw in the spice of secret meetings, and what have you got? A new online tool that, well, isn't exactly going to revolutionize journalism. But those involved in the partnership between the California software giant and two of the nation's top newspapers see it as a first step toward changing the way news is consumed online. It's called a living story page, and Google executives are touting it as their contribution to the beleaguered newspaper business. The idea is to simplify things for readers by grouping developing stories about a hot topic -- say, Tiger Woods -- on a single Web page, with updates automatically highlighted at the top of the screen. "So much of what you see online today is a reflection of the way it's told in newspapers," says Josh Cohen, senior business product manager for Google News. "They haven't taken advantage of what the Web offers to tell news in a different way." By grouping the stories day after day under one Web address, the Times and Post could boost their Google rankings, which would tend to push those pages toward the top of the list when people search for that subject. After the Tuesday launch, the story pages will reside at Google Labs for an experimental period of two to three months, and revert to the papers' own Web sites if all goes well. "Over the coming months, we'll refine Living Stories based on your feedback," Google says in a blog posting. If the new format gets traction, Google plans to offer it to any interested newspaper, magazine or Web site, at no charge. For now, The Post is launching three such pages, on health-care reform, D.C. schools and the Washington Redskins. The Times has five, devoted to Afghanistan, executive compensation, global warming, swine flu and health care. R.B. Brenner, deputy editor of The Post's new Universal Desk, which oversees its print and Web operations, says the "one-stop shopping" approach could spare readers from having to hunt for previous stories on a subject. "The idea is that users, news consumers, are interested in experiencing news in different ways, and it's important for news organizations to be experimenting. . . . The question is, when you take the car out for a spin, what are the advantages?" The confidential meetings, which began last spring, grew out of conversations between Eric Schmidt, Google's chief executive, and Donald Graham, The Post Co.'s chief executive. Google later began separate discussions with senior Times executives. The initiative comes as some media executives, led by Rupert Murdoch, are blaming Google for grabbing their content without charge at a time when newspapers are struggling to generate enough revenue to support their newsrooms. A generation of Web surfers has grown up searching for individual stories rather than visiting major media portals. "Google is a great source of promotion," Schmidt wrote last week in a Wall Street Journal opinion piece. "We send online news publishers a billion clicks a month from Google News and more than 3 billion extra visits from our other services, such as Web Search and iGoogle. The claim that we're making big profits on the back of newspapers also misrepresents the reality." For a company that invented Google Maps and Gmail, the living story pages lack technological bells and whistles, although multimedia elements could be added later. Topic pages, which collect a media outlet's work on specific subject, already exist at the Times and at such aggregation sites as the Huffington Post. Readers of each story page can click on a list of themes, such as "test scores," "labor issues" or "the racial divide" on The Post's D.C. schools page. Other choices include "events," "articles," "images," "videos," "graphics" and "opinion." A timeline of key developments appears near the top. Stories deemed by editors to be more important get bigger play, perhaps with a photo. Readers can choose to display a list of stories with the latest or oldest at the top. When they return to a page, new material since their last visit is highlighted. And clicking on certain words within an article causes small boxes -- such as a picture and brief bio of D.C. Schools Chancellor Michelle A. Rhee -- to pop up. One advantage of collecting pieces on the same page is that many paragraphs of background material -- needed in a daily paper because editors don't know who has read the earlier stories -- can be eliminated. But Post editors are concerned that the overall process could eat up valuable staff time unless it is made more automated. During the process a half-dozen Google staffers spent three days in the Post newsroom in May, trailing editors and reporters with notepads and video cameras like some archeological expedition. "The culture of Google is a culture of engineers," Brenner says. "We exist in different worlds." From rforno at infowarrior.org Wed Dec 9 15:04:41 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 9 Dec 2009 10:04:41 -0500 Subject: [Infowarrior] - TSA Blows Smoke for Sensitive Screening Document Message-ID: TSA Blows Smoke for Sensitive Screening Document http://www.washingtonpost.com/wp-dyn/content/article/2009/12/08/AR2009120803206.html?hpid=topnews [Excerpt] Washington Post December 8, 2009 TSA learned of the failure that day and has since taken "swift action," an official said. As part of its response, the TSA replaced the document on the government procurement Web site with a more secure version. .... yeah, right. Cryptome shows the "more secure" version. ---rf http://cryptome.org/tsa-smoke/tsa-smoke.htm From rforno at infowarrior.org Wed Dec 9 15:10:07 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 9 Dec 2009 10:10:07 -0500 Subject: [Infowarrior] - Microsoft to Get Malware Bailout in Germany Message-ID: <83898078-A179-413C-9006-9B5D4B5133E8@infowarrior.org> Microsoft to Get Malware Bailout in Germany 2009-12-08 Print version http://www.quantenblog.net/security/microsoft-malware-bailout With the economic crisis still being in full effect, Germany wants to throw government money at another industry giant. However, this time it is not an ailing car manufacturer, but the software producer Microsoft. The German Federal Office for Information Security (BSI) plans to team up with internet service providers (ISPs) to establish a call center helping malware-troubled Windows users. The project was announced today at the German IT summit in Stuttgart. Starting in 2010, ISPs will track down customers with infected PCs, e.g., by looking for communication with botnet controllers. These customers will then be directed to a special website offering advice on removing the malware. If this is unsuccessful (or the site is blocked by the malware), people will get access to a call center, where a staff of about 40 will try to fix the problem. This approach raises a number of concerns. First, it leaves the software manufacturers out of the equation. Therefore, there will be little incentive to write secure code, as the cost of additional support will be passed (at least partly) to the government. Second, it also discourages the users from switching to more secure products. Both aspects can be interpreted as a direct subsidy for Microsoft. The timing of the initiative could also not be better: last week Microsoft's Internet Explorer, the attack vector number one, lost its leadership in Germany to rival Firefox. Additionally, the plan establishes questionable practices for IT security. Malware infections are seen as something inevitable, which is definitely not the case. Unfortunately, how much government money is involved is also kept secret. SPIEGEL ONLINE reports that the BSI refused to disclose the costs for the project, citing procurement regulations. However, the plans could be overthrown anyway: chances are that such subsidies are in violation of EU laws. From rforno at infowarrior.org Wed Dec 9 20:40:51 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 9 Dec 2009 15:40:51 -0500 Subject: [Infowarrior] - DHS takes action in bungled posting of airport security secrets Message-ID: <7B75C21B-E605-48DB-88A5-96E6B57CB611@infowarrior.org> DHS takes action in bungled posting of airport security secrets By Spencer S. Hsu and Carrie Johnson Washington Post Staff Writer Wednesday, December 9, 2009 2:53 PM http://www.washingtonpost.com/wp-dyn/content/article/2009/12/09/AR2009120901883_pf.html The Department of Homeland Security has initiated unspecified personnel actions against individuals involved in the bungled online posting this spring of a government document that revealed airport screening secrets, Homeland Security Secretary Janet Napolitano told senators Wednesday morning. A contract employee was responsible for failing to properly redact a 93-page Transportation Security Administration operating manual onto a government procurement Web site, allowing computer users to recover blacked-out information by copying and pasting them into other documents, Napolitano said. TSA supervisors were also involved, Napolitano said. "The security of the traveling public has never been put at risk," Napolitano assured the Senate Judiciary Committee at an oversight hearing, repeating earlier TSA statements that the document was out of date, never implemented and had been subjected to six revisions after the breach. Napolitano said DHS Inspector General Richard Skinner is conducting an independent review of the incident, in addition to TSA's Office of Inspections. "We have already initiated personnel action against the individuals involved in this," Napolitano told panel Chairman Patrick Leahy (D- Vt.), without elaborating. "We have already instituted an internal review to determine what else needs to be done to make sure this incident never recurs." The TSA confirmed Tuesday that the document was posted online as part of a contract solicitation. The manual details procedures for screening passengers and checked baggage, such as technical settings used by X-ray machines and explosives detectors. It also includes pictures of credentials used by members of Congress, CIA employees and federal air marshals, and it identifies 12 countries whose passport holders are automatically subjected to added scrutiny. TSA officials said that the manual was posted online in a redacted form on a federal procurement Web site, but that the digital redactions were inadequate. They allowed computer users to recover blacked-out passages by copying and pasting them into a new document or an e-mail. Current and former security officials called the breach troubling, saying it exposed TSA practices that were implemented after the Sept. 11, 2001, terrorist attacks and expanded after the August 2006 disruption of a plot to down transatlantic airliners using liquid explosives. Checkpoint screening has been a fixture of the TSA's operations -- as well as a lightning rod for public criticism of the agency's practices. Stewart A. Baker, a former assistant secretary at the Department of Homeland Security, said that the manual will become a textbook for those seeking to penetrate aviation security and that its leaking was serious. "It increases the risk that terrorists will find a way through the defenses," Baker said. "The problem is there are so many different holes that while [the TSA] can fix any one of them by changing procedures and making adjustments in the process . . . they can't change everything about the way they operate." Another former DHS official, however, called the loss a public relations blunder but not a major risk, because TSA manuals are shared widely with airlines and airports and are available in the aviation community. "While it's certainly a type of document you would not want to be released . . . it's not something a determined expert couldn't find another way," the official said. Even before Wednesday's oversight hearing, criticism from Congress was scathing. Sen. Susan M. Collins (Maine), the ranking Republican on the Senate homeland security committee, called the document's release "shocking and reckless." "This manual provides a road map to those who would do us harm," she said. Sen. Joseph I. Lieberman (I-Conn.), the panel's chairman, called the breach "an embarrassing mistake" that impugns the judgment of managers at the TSA, which is still without a permanent administrator 11 months into the Obama administration. Nominee Erroll Southers, a Los Angeles airports police executive, is awaiting a confirmation vote in the Senate. House Homeland Security Committee Chairman Bennie G. Thompson (D- Miss.) and Rep. Sheila Jackson Lee (D-Tex.) also wrote acting TSA Administrator Gail Rossides, saying they are were "deeply concerned" about the disclosures and calling for an independent government investigation. The document, dated May 28, 2008, is labeled "sensitive security information," and states that no part of it may be disclosed to people "without a need to know" under threat of legal penalties. Seth Miller, 32, an information technology consultant in Manhattan, first publicized the manual's ineffectual redactions Sunday on his travel blog, WanderingAramean.com. He said he learned about the document while chatting with other fliers on an Internet bulletin board. Miller said it made him question TSA secrecy rules, saying the agency has withheld even mundane operational rules from public view rather than clarify its practices. "After getting over the initial shock of how stupid it seemed they were for putting out a document like that," Miller said in a phone interview, "I think the most significant risk is that when . . . you see some of the things that are marked as security sensitive information, you have to sort of smack your hand on your forehead and say, 'What are they thinking?' " The TSA learned of the failure that day , an official said. It has checked other procurement documents to correct similar vulnerabilities. The original version of the manual is still available online, preserved by Web sites that monitor government secrecy and computer security. "TSA takes this matter very seriously and took swift action when this was discovered. A full review is now underway," the agency said in a statement Tuesday. "TSA has many layers of security to keep the traveling public safe and to constantly adapt to evolving threats. TSA is confident that screening procedures currently in place remain strong." The manual includes material both highly sensitive and mundane, from how TSA screening officers should handle diplomatic pouches to when they should dispose of their rubber gloves. Among the most disturbing disclosures concern the settings used to test and operate metal detectors. For instance, officers are instructed to discontinue use of an X-ray system if it cannot detect 24-gauge wire. The manual also describes when to allow certain firearms past the checkpoint, and when police, fire or emergency personnel may bypass screening. The document identifies the minimum number of security officers who must be present at checkpoints, how often checked bags are to be hand- searched, and screening procedures for foreign dignitaries and CIA- escorted passengers. It also says that passport-holders from Cuba, Iran, North Korea, Libya, Syria, Sudan, Afghanistan, Lebanon, Somalia, Iraq, Yemen and Algeria should face additional screening. From rforno at infowarrior.org Thu Dec 10 01:41:24 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 9 Dec 2009 20:41:24 -0500 Subject: [Infowarrior] - Facebook Pushes People to Go Public Message-ID: <6C34367E-7A68-43E6-BDC6-8A6B6B14E726@infowarrior.org> The Day Has Come: Facebook Pushes People to Go Public Written by Marshall Kirkpatrick / December 9, 2009 10:01 AM http://www.readwriteweb.com/archives/facebook_pushes_people_to_go_public.php Facebook announced this morning that its 350 million users will be prompted to make their status messages and shared content publicly visible to the world at large and search engines. It's a move we expected but the language used in the announcement is near Orwellian. The company says the move is all about helping users protect their privacy and connect with other people, but the new default option is to change from "old settings" to becoming visible to "everyone." This is not what Facebook users signed up for. It's not about privacy at all, it's about increasing traffic and the visibility of activity on the site. Information like your email address is recommended to remain limited to friends, but make no mistake about it - Facebook wants you to make the status messages you post visible to the entire internet. According to the video explaining the changes, the new default for status messages is "everyone." That's a huge change. Of course it's not hard for people to keep their existing privacy settings, but confusion around what those settings are is hardly resolved by the phrase "old settings" and a tool-tip phrase appearing when you hover over that option. A substantial backlash has already begun in comments on the Facebook blog post about the announcement. Previous moves by the company, like the introduction of the news feed, have seen user resistance as well - but this move cuts against the fundamental proposition of Facebook: that your status updates are only visible to those you opt-in to exposing them to. You'll now have to opt-out of being public and opt- in to communicating only with people you've given permission to see your content. Will users go for it? If Facebook becomes a lot more like Twitter, will users stick around? The network of friends you've created on Facebook can't be taken anywhere else - access to those people off- site is limited due to "privacy concerns." This is an amazing move that was announced with limited press attention. A Facebook group message to press was sent out at 6am, two hours before a press phone call. The announcement is a long, wordy and unclear text putting undue emphasis on Privacy when the new options clearly favor going public. Earlier this week the company made an announcement about forthcoming privacy policy changes and Open was not the recommended setting. Facebook confirmed to us in a press call earlier this year that the company does in fact want users to post more publicly and we expected a site-wide call for users to loosen privacy restrictions - but not like this. This announcement was couched in language of user control and privacy. A much more honest approach to privacy would be to encourage users to create lists of contacts and encourage them to select which list any update was visible to. Instead, that's greatly underemphasized. Expect to see this story blow up for the rest of the year. It's a very big move. From rforno at infowarrior.org Thu Dec 10 15:57:32 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 10 Dec 2009 10:57:32 -0500 Subject: [Infowarrior] - our tax dollars @ work Message-ID: <6AF0A5CA-3962-4CD1-B0F2-147954BE72AB@infowarrior.org> Ugh. You can't make this stuff up. :( ---rf House panel passes college football playoff bill Dec 9, 2:47 PM (ET) By FREDERIC J. FROMMER WASHINGTON (AP) - A House subcommittee approved legislation Wednesday aimed at forcing college football to switch to a playoff system to determine its national champion, over the objections of some lawmakers who said Congress has meatier targets to tackle. The bill, which faces steep odds, would ban the promotion of a postseason NCAA Division I Football Bowl Subdivision game as a national championship unless it results from a playoff. The measure passed by voice vote in a House Energy and Commerce Committee subcommittee, with one audible "no," from Rep. John Barrow, D-Ga. "With all due respect, I really think we have more important things to spend our time on," Barrow said before the vote, although he stressed he didn't like the current Bowl Championship Series, either. < - > http://apnews.myway.com/article/20091209/D9CFVTR01.html From rforno at infowarrior.org Thu Dec 10 20:09:49 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 10 Dec 2009 15:09:49 -0500 Subject: [Infowarrior] - Senate sets up Cyber Security Task Force Message-ID: Oh, zippidy-doo-dah! Just what will fix the problem -- another task force to spend our tax dollars and waste time leading to town halls, hearings, and a nicely-formatted report telling us what we already know and have known for the past 15 years. The more things change....... ---rf http://whitehouse.senate.gov/newsroom/press/release/?id=BDB0A4A9-B617-4E87-B03A-BBCEA1D0BD1C December 9, 2009 Washington, D.C. - The U.S. Senate Select Committee on Intelligence has established a Cyber Security Task Force to evaluate cyber threats to the United States and issue recommendations to the U.S. intelligence community, as appropriate. The bipartisan task force will be chaired by U.S. Senator Sheldon Whitehouse (D-RI), and will also include Senators Barbara Mikulski (D-MD) and Olympia Snowe (R-ME). "I'm honored to have been chosen by Chairman Feinstein to lead this task force," said Whitehouse. "As our world becomes increasingly interconnected by advanced networks of communication, the United States must recognize cyber security as fundamental to our national security. I look forward to working with Senators Mikulski and Snowe to make our nation better ready to defend against this new frontier of potential attacks." The task force will officially convene in January 2010 and will complete its work by June 2010. From rforno at infowarrior.org Thu Dec 10 20:43:28 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 10 Dec 2009 15:43:28 -0500 Subject: [Infowarrior] - Let's Legislate the Streissand Effect! Message-ID: <9C3D0DDE-99E9-4060-B80E-0EA84C3F3C91@infowarrior.org> Okay - first off, King is an absolute doofus on anything having to do with security, but if anyone thinks that they can legislate away the distribution or flow of information on the Internet, they have been living in a cave for the past 20 years. Oh, wait -- consider the source. Nevermind *facepalm* --rf Lawmakers Want to Bar Sites From Posting Sensitive Government Docs ? By Kim Zetter ? December 10, 2009 http://www.wired.com/threatlevel/2009/12/tsa-leak-2/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired27b+%28Blog+-+27B+Stroke+6+%28Threat+Level%29%29 Three Republican lawmakers have asked the Department of Homeland Security what can be done to bar or criminally penalize whistleblower sites that reposted a sensitive airport-screening manual that was published on the internet by a government worker. < - > In their letter to Homeland Security Secretary Janet Napolitano (.pdf) on Wednesday, Reps. Peter T. King (R - New York), Charles Dent (R - Pennsylvania) and Gus Bilirakis (R - Florida) asked, ?How has the Department of Homeland Security and the Transportation Security Administration addressed the repeated reposting of this security manual to other websites, and what legal action, if any, can be taken to compel its removal?? From rforno at infowarrior.org Fri Dec 11 14:14:41 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 11 Dec 2009 09:14:41 -0500 Subject: [Infowarrior] - =?windows-1252?q?The_Redactor=92s_Dilemma?= Message-ID: he Redactor?s Dilemma December 8th, 2009 ? 2 Comments It?s been a good week for document dumps?especially if you?re interested in surveillance policy. On top of Chris Soghoian?s revelations about telecom location tracking requests and a slew of leaked telecom and social networking site surveillance manuals for law enforcement at Cryptome, I?ve also been poring over the FOIA documents on cell phone lojacking obtained by the ACLU. Like a lot of the stacks of papers that pile up on your desk when you study national security surveillance for a living, these are heavily redacted, and over time, you start developing little heuristics for trying to put the puzzle pieces together, to at least limit the domain of what might be in those black boxes. What can context tell you? What can you infer from the length of the redacted material? Looking at these sets of documents, I think I may have picked up on an interesting variation on Mike Masnick?s ?Streisand Effect??that now-familiar phenomenon where efforts to suppress information end up drawing all the more attention to it. < - > http://www.juliansanchez.com/2009/12/08/the-redactors-dilemma/ From rforno at infowarrior.org Fri Dec 11 23:37:36 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 11 Dec 2009 18:37:36 -0500 Subject: [Infowarrior] - Charges dropped in 'New Moon' incide Message-ID: <28D7DB50-8BC9-446F-A20D-04BB18819E50@infowarrior.org> Charges dropped in 'New Moon' incident 22-year-old woman accused of pirating 'Twilight' movie Associated Press Dec 11, 2009, 12:33 PM ET http://www.hollywoodreporter.com/hr/content_display/news/e3i719dc07a203bf2ec725765d2127edb3d CHICAGO -- Charges have been dropped against a 22-year-old Chicago woman accused of videotaping part of "The Twilight Saga: New Moon" at a movie theater. Cook County prosecutors on Friday announced in court that they won't pursue charges against Samantha Tumpach. Tumpach was arrested Nov. 28 in the Chicago suburb of Rosemont and faced a felony charge of illegally copying the film. She had about three minutes of "New Moon" on her digital camera. Tumpach has said she was taping her sister's birthday party and wasn't trying to record the movie. The film's director, Chris Weitz, came to Tumpach's defense. He told the Chicago Sun-Times there's a difference between trying to protect a copyright and prosecuting someone who didn't mean to commit video piracy. From rforno at infowarrior.org Sun Dec 13 00:51:55 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 12 Dec 2009 19:51:55 -0500 Subject: [Infowarrior] - U.S. and Russia Open Talks on Limits to War in Cyberspace Message-ID: <69069A00-CC05-498E-8674-E2C6CDD55D83@infowarrior.org> December 13, 2009 U.S. and Russia Open Talks on Limits to War in Cyberspace By JOHN MARKOFF and ANDREW E. KRAMER http://www.nytimes.com/2009/12/13/science/13cyber.html?_r=1&hp=&pagewanted=print The United States has begun talks with Russia and a United Nations arms control committee about strengthening Internet security and limiting military use of cyberspace. American and Russian officials have different interpretations of the talks so far, but the mere fact that the United States is participating represents a significant policy shift after years of rejecting Russia?s overtures. Officials familiar with the talks said the Obama administration realized that more nations were developing cyberweapons and that a new approach was needed to blunt an international arms race. In the last two years, Internet-based attacks on government and corporate computer systems have multiplied to thousands a day. Hackers, usually never identified, have compromised Pentagon computers, stolen industrial secrets and temporarily jammed government and corporate Web sites. President Obama ordered a review of the nation?s Internet security in February and is preparing to name an official to coordinate national policy. On Nov. 12, a delegation led by Gen. Vladislav P. Sherstyuk, a deputy secretary of the Russian Security Council and the former leader of the Russian equivalent of the National Security Agency, flew to Washington and met with representatives from the National Security Council, State Department, Department of Defense and the Department of Homeland Security. Officials familiar with these talks said the two sides made progress in bridging divisions that had long separated the countries. Indeed, two weeks later in Geneva, the United States agreed to discuss cyberwarfare and cybersecurity with representatives of the United Nations committee on disarmament and international security. The United States had previously insisted on addressing those matters in the committee on economic issues. The Russians have held that the increasing challenges posed by military activities to civilian computer networks can be best dealt with by an international treaty, similar to treaties that have limited the spread of nuclear, chemical and biological weapons. The United States had resisted, arguing that it was impossible to draw a line between the commercial and military uses of software and hardware. Now there is a thaw, said people familiar with the discussions. ?In the last months there are more signs of building better cooperation between the U.S. and Russia,? said Veni Markovski, a Washington-based adviser to Bulgaria?s Internet security chief and representative to Russia for the organization that assigns Internet domain names. ?These are signs that show the dangers of cybercrime are too big to be neglected.? Viktor V. Sokolov, deputy director of the Institute of Information Security in Moscow, a policy research group run by General Sherstyuk, said the Russian view was that the American position on Internet security had shifted perceptibly in recent months. ?There is movement,? he said. Before, bilateral negotiations were limited to the relevant Russian police agency, the Bureau of Special Technical Operations, the Internet division of the Ministry of Interior, and the F.B.I. Mr. Sokolov characterized this new round of discussions as the opening of negotiations between Russia and the United States on a possible disarmament treaty for cyberspace, something Russia has long sought but the United States has resisted. ?The talks took place in a good atmosphere,? he said. ?And they agreed to continue this process. There are positive movements.? A State Department official, who was not authorized to speak about the talks and requested anonymity, disputed the Russian characterization of the American position. While the Russians have continued to focus on treaties that may restrict weapons development, the United States is hoping to use the talks to increase international cooperation in opposing Internet crime. Strengthening defenses against Internet criminals would also strengthen defenses against any military-directed cyberattacks, the United States maintains. An administration official said the United States was seeking common ground with the Russians. The United Nations discussions are scheduled to resume in New York in January, and the two countries also plan to talk at an annual Russia- sponsored Internet security conference in Garmisch, Germany. The American interest in reopening discussions shows that the Obama administration, even in absence of a designated Internet security chief, is breaking with the Bush administration, which had declined to talk with Russia about issues related to military attacks using the Internet. Many countries, including the United States, are developing weapons for use on computer networks that are ever more integral to the operations of everything from banks to electrical power systems to government offices. They include ?logic bombs? that can be hidden in computers to halt them at crucial times or damage circuitry; ?botnets? that can disable or spy on Web sites and networks; or microwave radiation devices that can burn out computer circuits miles away. The Russians have focused on three related issues, according to American officials involved in the talks that are part of a broader thaw in American-Russian relations known as the "reset" that also include negotiations on a new nuclear disarmament treaty. In addition to continuing efforts to ban offensive cyberweapons, they have insisted on what they describe as an issue of sovereignty calling for a ban on ?cyberterrorism.? American officials view the issue differently and describe this as a Russian effort to restrict ?politically destabilizing speech.? The Russians have also rejected a portion of the Council of Europe Convention on Cybercrime that they assert violates their Constitution by permitting foreign law enforcement agencies to conduct Internet searches inside Russian borders. In late October at a luncheon during a meeting on Security and Counter Terrorism at Moscow State University, General Sherstyuk told a group of American executives that the Russians would never sign the European Cybercrime Treaty as long as it contained the language permitting cross-border searches. From rforno at infowarrior.org Mon Dec 14 13:35:39 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Dec 2009 08:35:39 -0500 Subject: [Infowarrior] - DECAF released (the anti-COFEE) Message-ID: <490F6760-BD84-4D92-AEAE-37F026B95815@infowarrior.org> http://www.decafme.org/ Detect and Eliminate Computer Assisted Forensics (DECAF) DECAF is a counter intelligence tool specifically created around the obstruction of the well known Microsoft product COFEE used by law enforcement around the world. DECAF provides real-time monitoring for COFEE signatures on USB devices and running applications. Upon finding the presence of COFEE, DECAF performs numerous user-defined processes; including COFEE log clearing, ejecting USB devices, drive-by dropper, and an extensive list of Lockdown Mode settings. The Lockdown mode gives the user an automated approach to locking down the machine at the first sign of unusual law enforcement activity. DECAF is highly configurable giving the user complete control to on- the-fly scenarios. In a moments notice, almost every piece of hardware can be disabled and pre-defined files can be deleted in the background. DECAF also gives the user an opportunity to simulate COFEE's presence by sending the application into a 'Spill the cofee' type mode. Simulation gives the user an opportunity to test his or her configuration before going live. Future versions will have text message and email triggers so in case the computer needs to enter into lockdown mode the user can do it remotely. It will also have notification services where in the case of an emergency, someone can be notified (private torrent tracker admins). DECAF's next release is going to be available in a more light- weight version and/or a windows service. http://www.decafme.org/ From rforno at infowarrior.org Mon Dec 14 18:35:55 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Dec 2009 13:35:55 -0500 Subject: [Infowarrior] - Microsoft DRM Locks You Out Of Your Own Documents Message-ID: <5BC16870-7E5B-4DB6-8698-BEC4450CA864@infowarrior.org> Microsoft DRM Locks You Out Of Your Own Documents from the reason-number-6495884672-why-DRM-sucks dept In case you haven't been paying attention, there's yet to be a good reason put forth for using DRM that I can remember. We've seen over and over again how DRM seems to interfere with legitimate actions, but does nothing at all to slow down "pirates." Slashdot points to a rather scary situations for those who used Microsoft Office 2003 to DRM certain documents for their own use. Apparently, a screwup on the part of Microsoft (oops) means that many people got locked out of their own documents. Basically, Microsoft let a certificate expire, and that's made life difficult for lots and lots of people. So what good is DRM again? http://techdirt.com/articles/20091214/0005017331.shtml From rforno at infowarrior.org Mon Dec 14 18:40:42 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Dec 2009 13:40:42 -0500 Subject: [Infowarrior] - Fugitive found working at DHS Message-ID: (How's this for hiding in plain sight? And what does this say about the DHS internal controls to ensure it hires *cough* folks we would WANT to protect this country? --rf) Fugitive is discovered at Homeland Security Wednesday, December 09, 2009 STAR-LEDGER STAFF http://www.nj.com/news/ledger/jersey/index.ssf?/base/news-15/126032730518280.xml&coll=1 A New Jersey fugitive wanted on insurance fraud charges since 2007 was working for the immigration division of the Department of Homeland Security in Georgia, despite a nationwide alert for her arrest, Essex County prosecutors said yesterday. The U.S. Citizenship and Immigration Services office in Atlanta was unaware that Tahaya Buchanan, 39, formerly of Newark, was being sought on a 2007 indictment on charges she staged the theft of her Range Rover in Newark for an insurance payout, said Paul Loriquet of the Essex County Prosecutor's Office. He said the USCIS continued to remain unaware of the criminal case after Buchanan was arrested on July 9 in DeKalb County, Ga., by a traffic officer who noticed a warrant for her arrest was issued in December 2007 by a New Jersey judge and posted a month later on the National Crime Information Center. Yesterday, Buchanan's supervisors at the CIS office in Atlanta said they did not know about the criminal charges, despite the fact Buchanan remained in a Georgia jail for a week after her arrest. On Monday, she pleaded guilty to one charge of insurance fraud, for which she faces three months of probation. "It's amazing they couldn't find her. Good Lord," said Kevin Kerns, the office chief of staff at USCIS where Buchanan still works as an analyst. Ana Santiago, a spokeswoman for the USCIS, said it is still checking into the case and did not have information available as to whether the office regularly checks its employee list against national criminal warrants. "The USCIS is looking into this matter. USCIS has zero tolerance for any type of employee misconduct or criminal activity," she added. Essex County Assistant Prosecutor Michael Morris said his detectives believe Buchanan was working for Homeland Security while still living in New Jersey in 2007, and that she may have transferred to the Georgia office while under investigation. But Morris said his office is baffled as to why the warrant for her arrest, placed on a national alert system, did not prompt Homeland Security to notice that one of its employees was wanted on a criminal warrant. "We found it surprising, alarming that an employee of the Department of Homeland Security is a fraudster, and we do not understand how she could have remained employed there with an open criminal warrant for her arrest remaining on the interstate system without being discovered," said Morris. Buchanan was indicted in November 2007 on a charge of second-degree insurance fraud. A Superior Court judge in Newark issued a warrant for her arrest a month later when she failed to appear for a court hearing. The warrant was entered on the National Crime Information Center system on Jan. 8, 2008, notifying law enforcement agencies nationwide she was a fugitive, said Loriquet. Buchanan admitted on Monday that she falsely reported her car stolen in March 2005 and filed an insurance claim. A month after the report, the Range Rover was found by police in an Irvington garage owned by Buchanan's aunt after the garage caught fire, said Morris. Buchanan's insurance company launched a probe and eventually denied her insurance claim. A criminal probe was later opened. Brian Murray may be reached at bmurray at starledgercom or (973)-392-4153. From rforno at infowarrior.org Tue Dec 15 03:30:35 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Dec 2009 22:30:35 -0500 Subject: [Infowarrior] - We can't see the forest for the T-Mobiles Message-ID: We can't see the forest for the T-Mobiles As we consume Apples and BlackBerrys, natural world beats a sensory retreat By Adrian Higgins Washington Post Staff Writer Tuesday, December 15, 2009 http://www.washingtonpost.com/wp-dyn/content/article/2009/12/14/AR2009121403347_pf.html You know you have crossed the river into Cyberland when the guy coming your way has his head buried in the hand-held screen. He will knock into you unless you get out of his way, and don't expect an apology. It's as if you aren't there. Maybe you're not. Technology has drawn us into our interconnected webs, in the office, on the street, on the park bench, to the point that we exist virtually everywhere except in the physical world. Robert Harrison, a professor of Italian literature at Stanford University, laments that when students pass through the school's visually stimulating campus, iPhones, BlackBerrys and all the evolving devices and apps draw them into their blinkered personal realms. "Most of the groves, courtyards, gardens, fountains, artworks, open spaces and architectural complexes have disappeared behind a cloaking device, it would seem," he writes in his book "Gardens: An Essay on the Human Condition." This retreat from the natural world is most evident in the young, but it is not a generational phenomenon, he argues. Instead, the ubiquity of the computer is changing the very essence of the human animal. We are in the midst of a historical change in "our mode of vision," he says, "which is bound up with our mode of being." According to a recent landmark study of viewing habits, adults spend an average of nearly three hours a day interacting with computer screens. Add TV viewing and you get a screen time of about 8 1/2 hours. "People are spending more time in media and especially screen media than anything else they're doing in life," says Bill Moult of Sequent Partners, one of two organizations that provided the study. But you don't need numbers to know how absorbed we have become by screens and their mesmerizing qualities. In October, two Northwest Airlines pilots who flew their jet 150 miles past their destination told investigators they were distracted by their laptop computers. Walk the streets of downtown Washington and you will see many people, a majority perhaps, plugged in to a two-dimensional world. Peer into the vehicles, and tally a scary number of drivers on hand-held cellphones, even texting. This may be illegal in the District, but the temptation is too great. We have become digital zombies. Actually, we have become symbionts, says Katherine Hayles, author of "How We Became Posthuman." Just as a lichen is the marriage of a fungus and an algae, we now live in full partnership with digital technology, which we rely on for the infrastructure of our lives. "If every computer were to crash tomorrow, it would be catastrophic," she said. "Millions or billions of people would die. That's the condition of being a symbiont." Hayles is among a number of intellectuals who see this dependence as not necessarily bad, but as advancing civilization and, above all, just inevitable. "From Thoreau on, we have had this dream we can withdraw from our technologies and live closer to the natural world, and yet that's not the cultural trajectory that we have followed," says Hayles, a professor of literature at Duke University. "You could say when humans started to walk upright, we lost touch with the natural world. We lost an olfactory sense of the world, but obviously bipedalism paid big dividends." In the Computer Age, "we are making our environments more responsive to humans' needs and desires than ever before." Adriana de Souza e Silva, assistant professor of communication at North Carolina State University, says the widespread acceptance of public phoning, texting, surfing and tweeting on mobile devices has changed our lives so that we exist in a duality of the physical and electronic worlds. "What we are witnessing now is a different kind of public space composed of people who are physically there [but talking to] people who are remote," she says. She argues that this has actually made us more aware of our surroundings because so many devices are driven by their location and the user's awareness of place. "The BlackBerry might be looking for a local restaurant and a person two blocks away, not overseas. If you're walking downtown and you can access information that's been tagged there, that information suddenly becomes part of that location." The difficulty, Harrison argues, is that we are losing something profoundly human, the capacity to connect deeply to our environments. Landscape designers talk about bestowing on a garden its genius loci, or spirit of the place, that bubbles up into your consciousness if its presence is strong enough and the visitor meditative enough to receive it. Harrison says a garden truly reveals itself only when its own depths and those of the beholder flow together. But that takes time. "For the gardens to become fully visible in space, they require a temporal horizon that the age makes less and less room for." He is captivated by the Czech writer Karel Capek, who gave the world the robot in his play "R.U.R." and in it warned that technology would be our ruination. But Capek was also a passionate gardener who wrote "The Gardener's Year," published in 1929. "No one knew better than Capek that the cultivation of the soil and cultivation of the spirit are connatural," Harrison writes. He believes gardens hold the key in leading us back into the visible world, because they are three- dimensional and made of living plants that speak to our "biophilia." "Gardens are the best place to begin this reeducation," he says. Without it, he fears that the prophecy of the German poet Rainer Maria Rilke, in his Duino Elegies, will become so. "Earth, isn't this what you want; invisibly to arise in us? Is it not your dream to be someday invisible? Earth! Invisible!" From rforno at infowarrior.org Tue Dec 15 13:04:51 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 15 Dec 2009 08:04:51 -0500 Subject: [Infowarrior] - US Move to National ID Cards Delayed Message-ID: Threat Level Privacy, Crime and Security Online Move to National ID Cards Delayed ? By David Kravets ? December 14, 2009 | http://www.wired.com/threatlevel/2009/12/real_id/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired27b+%28Blog+-+27B+Stroke+6+%28Threat+Level%29%29 The United States? quest for a national identification database associated with driver?s licenses won?t be finished by year?s end. The deadline was Dec. 31 for the states to create what would be the largest identification database of its kind under the auspices of the Real ID program. The law also mandates uniform anti-counterfeiting standards for state driver?s licenses. None of the states are in full compliance with the law, first adopted in 2005, requiring state motor vehicle bureaus to obtain and internally scan and store personal information like Social Security cards and birth certificates for a national database, according to the American Civil Liberties Union. About half the states oppose the mandate, or have said they would never comply. Beginning Jan.1, the law was supposed to have blocked anybody from boarding a plane using their driver?s license as ID if their resident state did not comport with the Real ID program. But the Department of Homeland Security is set to extend, for at least a year, the deadline of the Real ID program that has raised the ire of privacy advocates. Homeland Security officials point to the 9/11 hijackers? ability to get driver?s licenses in Virginia using false information as justification for the proposed $24 billion program. The American Civil Liberties Union and the Electronic Frontier Foundation suggest the plan is misguided, and might pave the way for requiring such IDs to vote or purchase prescription drugs. ?Our biggest concern is that it is a national ID card. It changes the relationship between the citizen and the state,? Chris Calabrese, the ACLU?s legislative counsel, said in a telephone interview. ?We see it as a potential mission creep, and an individual?s rights can be curtailed because of this.? Richard Esguerra, the EFF?s residence activist, said in a telephone interview Monday and in a recent blog post that the giant database, if it ever comes to fruition, ?threatens citizens? personal privacy without actually justifying its impact or improving security.? From rforno at infowarrior.org Tue Dec 15 14:07:17 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 15 Dec 2009 09:07:17 -0500 Subject: [Infowarrior] - Oz: No Clean Feed !! Message-ID: (the blogosphere, inboxes, and Twitterscapes are screaming over this today! --rf) To wit: Australia moves toward mandatory ISP filtering http://news.cnet.com/8301-1023_3-10415539-93.html ... and obviously, in (righteous protest) we have http://nocleanfeed.com/ What is the 'Clean Feed'? The Australian Federal Government is pushing forward with a plan to force Internet Service Providers [ISPs] to censor the Internet for all Australians. This plan will waste tens of millions of taxpayer dollars and will not make anyone safer. Despite being almost universally condemned by the public, ISPs, State Governments, Media and censorship experts, Communications Minister Stephen Conroy is determined to force this filter into your home. The list of material to be banned -- material that has been 'refused classification' -- includes much more than child sexual abuse material, from websites about euthanasia to websites that distribute games not suitable for anyone under 16. The filter will do almost nothing to prevent the people who are willfully making, trading, and accessing child sexual abuse material. http://nocleanfeed.com/ From rforno at infowarrior.org Tue Dec 15 14:07:52 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 15 Dec 2009 09:07:52 -0500 Subject: [Infowarrior] - Australia will try to censor the Internet Message-ID: <2FB32EDF-8420-4A2B-BC4E-6D8C0CE405A9@infowarrior.org> Australia will try to censor the Internet Comment Blighty to follow? By Nick Farrell Tuesday, 15 December 2009, 13:19 http://www.theinquirer.net/inquirer/opinion/1566179/australia-try-censor-internet THE AUSTRALIAN GOVERNMENT has decided that the land Down Under will become the only Western Democracy to attempt to censor the Internet. Despite warnings that the government is committing political suicide and the technology will not work, the Rudd government is screaming for the same controls over its citizens as Communist China. It is insisting that filtering a blacklist of banned sites will be accurate and won't slow down the Internet. The Communications Minister, Stephen Conroy, said today that he will introduce legislation just before next year's elections to force ISPs to block a government blacklist of "refused classification" (RC) websites for all Australian Internet users. The website blacklist is a 21st century version of book burning, featuring everything that good decent citizens should not like. The Australian Government claims its list only includes things like child sex abuse, sexual violence and instructions on crime. However the list will be compiled using a public complaints mechanism, Government censors and URLs provided by 'international agencies'. Of course no one can imagine how anything could go wrong with that. Conroy said that most good decent cobbers know there is a some Internet material that is not acceptable in any civilised society and it is important that all Australians, particularly young children, are protected from this material. Of course good decent cobbers will be asking the government to tell them what is bad for them and this is where it will all go pear-shaped. The Government's top-secret list of banned sites was leaked onto the web in March, revealing the scope of the filtering could extend significantly beyond child porn and other bad things. About half of the sites on the list were not related to child porn and included poker sites, Youtube links, regular gay and straight porn sites, Wikipedia entries, euthanasia sites, fringe religions, fetish sites, Christian sites and bizarrely a tour operator and even a Queensland dentist. It is starting to look, however, like the Rudd Government's Internet censorship initiatives are being watched closely by other democracies. While most governments know that they will be accused of being Big Brother if they bring it in they are watching to see if the Aussie control freaks get away with it. Governments, whatever they may say, love the idea of control. Blighty has happily encouraged the installation of CCTV cameras everywhere despite enormous costs to the taxpayers and the fact that there is no evidence they reduce crime. Conroy claimed that more than 15 western countries had encouraged or enforced Internet filtering, and there was no reason why Australians should not have similar "protection". Countries that do filter the Internet include Communist China and North Korea, the Islamic theocracies of Saudi Arabia and Iran, a number of other less than democratic countries in the Middle East and a few tin-pot dictatorships here and there. Conway is also taking a big risk of trying to get the legislation through before the election. No opposition party supports the plan and the Rudd government is not the most popular. Many expected the daft plan to be dropped as too risky. The fact that it has not been dropped is worrying for everyone in the Western World who has a problem with being told what to do by a government. What is amusing is that it will only inconvenience those who allow themselves to be blocked. The Chinese government has found that if people are determined enough any filtering of the world wide web can be bypassed. Paedophiles and terrorists will be the first to get around any Internet filtering. So this means it will only be useful for controlling and monitoring the Australian public. ? From rforno at infowarrior.org Tue Dec 15 18:39:36 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 15 Dec 2009 13:39:36 -0500 Subject: [Infowarrior] - DOJ Report: Controlled Unclassified Information Message-ID: <1BA08938-6B1B-478E-BED2-49A4EE8722B4@infowarrior.org> WOW. There's 117 "unclassified" monikers in the USG according to today's White House report on unclassified information. The last number I heard was fifty-something. Unbelievable! The report can be found online at http://www.dhs.gov/xlibrary/assets/cui_task_force_rpt.pdf Press Release follows: http://www.justice.gov/opa/pr/2009/December/09-ag-1341.html Department of Justice Office of Public Affairs FOR IMMEDIATE RELEASE Tuesday, December 15, 2009 Presidential Task Force on Controlled Unclassified Information Releases Report and Recommendations WASHINGTON? Attorney General Eric Holder and Department of Homeland Security (DHS) Secretary Janet Napolitano today announced two major steps in their efforts to implement reforms to enhance information sharing among federal, state, local and tribal law enforcement agencies and safeguard sensitive information used by the government? designed to expand joint capabilities to protect the United States from terrorist activity, violent crime and other threats to the homeland. The Presidential Interagency Task Force on Controlled Unclassified Information (CUI), led by Attorney General Holder and Secretary Napolitano, today released a report recommending a single, standardized framework for marking, safeguarding and disseminating sensitive but unclassified (SBU) information across the federal government. SBU information refers collectively to the various designations for documents and information that are sufficiently sensitive to warrant some level of protection but that do not meet the standards for classification. Attorney General Holder and Secretary Napolitano also announced the creation of dual Program Management Offices (PMOs) to coordinate support for state and local Fusion Centers and the Nationwide Suspicious Activity Reporting Initiative (NSI), housed within DHS and the Department of Justice (DOJ), respectively, to work in partnership to enhance information sharing between federal, state, local and tribal agencies and the private sector. Coupled with the CUI framework, these new offices represent a significant milestone toward fully implementing information sharing reforms called for following the terrorist attacks of Sept. 11, 2001. "Our recommendations will allow the federal government to be more open and transparent while still meeting our first priority of keeping the American people safe," said Attorney General Holder. "By streamlining and modernizing the system for designating, marking and handling sensitive information, we can achieve the appropriate balance between the public?s right to access information and the government's imperative to maintain the security and privacy of all Americans." "Our review of policies and procedures for access to and sharing of sensitive but unclassified information across the U.S. Government revealed a need for a more open, standardized approach," said Secretary Napolitano. "The task force recommendations, coupled with newly-dedicated federal-wide resources to support Fusion Centers, will improve information sharing, transparency and engagement with our partners in state and local law enforcement as we work together to combat terrorism, violent crime and other dangerous threats to the homeland." Both announcements reflect the Obama administration?s commitment to improving the ability of federal state, local and tribal governments as well as the private sector to gather, analyze, share and utilize information in order to protect communities from violent crime including terrorism, while protecting the privacy and civil rights of Americans. The Task Force report proposes 40 actions intended to mitigate current inconsistencies among SBU information policies in federal agencies by simplifying and consolidating procedures?intended to enhance standardization, information sharing, government transparency, and protection of information only where there is a compelling requirement to do so. The recommendations also seek to balance the imperatives of protecting legitimate security, law enforcement, privacy and civil liberties interests. The Task Force was directed to review the ongoing efforts of the CUI Council, which was established by a 2008 Presidential Memorandum, and its ongoing efforts to establish a CUI Framework for terrorism-related information. One significant recommendation in the report would expand the scope of the CUI Framework to the designation, marking, safeguarding and dissemination of all SBU information. The new PMOs will work jointly to provide sustained funding and personnel support to 72 state and local Fusion Centers nationwide and provide training and resources to frontline law enforcement officials to better document activities possibly linked to terrorism through NSI, a DHS-DOJ collaboration designed to detect, analyze and share intelligence about suspicious behavior and other indicators while protecting privacy and civil liberties. The Fusion Center and NSI PMOs will establish strong cross-linkages, including the exchange of senior-level specialists and management personnel, and joint program performance measures in order to ensure efficient oversight and coordination of current initiatives and successfully facilitate ongoing efforts to build and develop the Information Sharing Environment. State and major urban area Fusion Centers help fulfill key recommendations of the 9/11 Commission by providing critical links for information sharing between and across all levels of government. NSI operates in coordination with the Federal Bureau of Investigation, the International Association of Chiefs of Police, Major City Chiefs, Major County Sheriffs, and other state, local and tribal partners to gather, blend and analyze information gathered from local law enforcement about suspicious activity. There are more than 100 different SBU markings and handling procedures currently in use across the federal government. The report recommends that all SBU markings be replaced with one, simplified set of markings ?"CUI"?which will be standardized under the CUI Framework. Additional recommendations include simplifying the definition of CUI; clarifying that CUI markings have no bearing on releases either under the Freedom of Information Act or to Congress; and phasing in implementation of the expanded scope of the CUI Framework. President Obama initiated the review on May 27 with a Presidential Memorandum directing Attorney General Holder and Secretary Napolitano to lead a 90-day review of current procedures for categorizing and sharing SBU information. If implemented, the recommendations would revise the 2008 Presidential Memorandum that established the CUI Framework for handling and disseminating CUI information. The Task Force, which involved senior representatives from 12 federal agencies, met with representatives both within and outside the information sharing environment; state, local and tribal partners; privacy and open government organizations; and members of Congress. The Task Force also analyzed previous studies of SBU and the efforts of the CUI Council. For more information, visit www.dhs.gov or www.justice.gov. The report can be found online at http://www.dhs.gov/xlibrary/assets/cui_task_force_rpt.pdf From rforno at infowarrior.org Tue Dec 15 23:23:14 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 15 Dec 2009 18:23:14 -0500 Subject: [Infowarrior] - Biden's One-Sided Piracy Summit Message-ID: *cough* No fair use representatives? Go figure where the Change-and- Hope(tm) Administration stands on IP policy issues! :( Industry Leaders to the White House for Piracy Summit Published: Mon, December 14, 2009, 3:12 PM http://www.wilshireandwashington.com/2009/12/industry-leaders-to-the-white-house-for-piracy-summit.html Vice President Joseph Biden is leading a roundtable on Tuesday with Hollywood CEOs, music industry execs and legal experts in what is being billed as a first-of-its-kind discussion on piracy. He'll be joined by Attorney General Eric Holder, Homland Security Secretary Janet Napolitano, Commerce Secretary Gary Locke, FBI director Robert Mueller and Secret Service director Mark Sullivan. Among those expected are Sony's Michael Lynton, Warner Bros.' Barry Meyer, Viacom's Philippe Dauman, NBC Universal's Jeffrey Zucker, Warner Music Group's Edgar Bronfman, Harper Collins CEO Brian Murray, Universal Music Group's Zachary Horowitz, the MPAA's Dan Glickman, the RIAA's Mitch Bainwol, IATSE's international president Matthew Leob, AFTRA'S Kim Roberts Hedgepeth, DGA president Taylor Hackford, DGA exec director Jay Roth and SAG's David White. Also present will be the administration's new "copyright czar," Victoria Espinel. From rforno at infowarrior.org Tue Dec 15 23:25:03 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 15 Dec 2009 18:25:03 -0500 Subject: [Infowarrior] - Biden: "all stakeholders" brought together ... NOT Message-ID: Consumer group blasts White House's digital piracy pow-wow Sam Gustin Dec 15th 2009 at 2:40PM Text SizeAAA http://www.dailyfinance.com/2009/12/15/consumer-group-blasts-white-houses-digital-piracy-pow-wow/ Late last month, Somali brigands in a dinghy hijacked the Maran Centaurus, an American-bound tanker carrying millions of barrels of crude oil, in the latest episode of escalating pirate attacks off the coast of the failed, anarchic East African state. But that event won't come up at Tuesday afternoon's White House meeting on piracy, because at that gathering, the topic of discussion will be so-called digital piracy. Led by Vice President Joe Biden, the meeting "is the first of its kind, and will bring together all of the stakeholders to discuss ways to combat piracy in this rapidly changing technological age," according to the White House. On Tuesday morning, a prominent consumer advocacy group took the White House to task for the lopsided guest list of the meeting, which did not include "consumer or public-interest groups, technology companies, technology associations or Internet Service Providers." Biden will be joined at the meeting by Attorney General Eric Holder, Homeland Security Secretary Janet Napolitano, Commerce Secretary Gary Locke, FBI Director Robert Mueller, Secret Service Director Mark Sullivan, "as well as CEOs from major media conglomerates, union representatives, legal experts and other government officials," the White House said. Industry participants will include Michael Lynton, chairman and CEO of Sony Pictures Entertainment (SNE); Barry Meyer, chairman and CEO of Warner Bros. Entertainment (TWX); Philippe Dauman, chairman and CEO of Viacom (VIA); Jeffrey Zucker, CEO of NBC Universal; Edgar Bronfman, CEO of Warner Music Group; Zachary Horowitz, president and COO of Universal Music Group (VIVEF); and Michael Regan, executive vice president of News Corp (NWS). Public Knowledge, a Washington, D.C.-based advocacy group, said it was "extremely disappointed to learn of the White House meeting to be held later today on the issue of intellectual property and 'piracy.'" 'All of the Stakeholders'? "It is unclear why three cabinet officers, several subcabinet officers, the directors of the Federal Bureau of Investigation and the U.S. Secret Service are needed to tend to the worries of the big media companies, particularly the motion picture industry, which is completing a year in which it will set box-office records," fumed Gigi Sohn, president of Public Knowledge. Despite the White House's assertion that "all of the stakeholders" will attend the meeting, Sohn pointed out that "some stakeholders are noticeably missing." "No consumer or public-interest groups, technology companies, technology associations or Internet service providers are on the guest list," Sohn said. "No one who questions the need for draconian governmental policies on behalf of the privileged special interest group for whom this meeting is being held is on the guest list." "If Vice President Biden is truly interested in learning more about intellectual property, we hope he will continue his consultations with a group of people who share a wider range of views than those with whom he will meet today," Sohn said. Additionally, the group questioned "the propriety of having Attorney General Eric Holder attend a meeting with top officials of NBC when it is quite possible that the Department of Justice will have to rule on NBC's unprecedented merger with Comcast, which would combine those two media giants." Meanwhile, the Maran Centaurus, its crew and its cargo remain hostage to the drugged-up Somali pirates who continue to maraud against American and America-bound ships in the Gulf of Eden. No word on when the White House will hold a "first of its kind" meeting to discuss that topic. From rforno at infowarrior.org Wed Dec 16 14:11:54 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Dec 2009 09:11:54 -0500 Subject: [Infowarrior] - Keeping Uncle Sam from spying on citizens Message-ID: <49AC6937-74FF-46A6-BA29-424AB7FB30DD@infowarrior.org> December 16, 2009 4:00 AM PST Keeping Uncle Sam from spying on citizens by Elinor Mills http://news.cnet.com/8301-27080_3-10415899-245.html?part=rss&subj=news&tag=2547-1_3-0-20 Editor's note: This is the third in a series of articles discussing how people in the tech industry are working with or around federal and state governments. During the first Gulf War, Greg Nojeim went to Washington National Airport to observe Arab Americans being pulled out of lines and put through security checks that weren't required of other passengers. The evidence he gathered was used by his employer, the American-Arab Anti- Discrimination Committee, to sue Pan Am World Airways on allegations of racial profiling. Now an attorney with the Center for Democracy and Technology (CDT), he's still fighting attempts to use national security as a justification to violate people's constitutional rights and invade their privacy. Specifically, he analyzes proposed legislation, lobbies and testifies before Congress, and provides advice to companies and the government on civil liberties issues that arise in the technology world to protect the privacy of consumer activities and communications. "For about the last 15 years, my career has focused on the intersection of privacy, law enforcement and national security," Nojeim said. "When I started at the ACLU in 1995, it was just a few weeks after the Oklahoma City bombing. Wiretapping and government surveillance were at the center of my issue portfolio. And Congress has been focused on those issues for years." Nojeim is director of the Project on Freedom, Security, and Technology at the Washington, D.C.-based nonprofit CDT. He has tackled government data mining, the Patriot Act, and wireless wiretapping, working to limit the threat that surveillance by officials and law enforcement poses to consumer privacy. He brought together a coalition of groups that worked to remove proposals from a 1996 antiterrorism law that would have given law enforcement increased wiretap authority to access records without court orders and broaden the type of records accessed. Nojeim is concerned about the ramifications of a government policy that allows officials to eavesdrop on citizens without proper justification. "Who wants to live in a world where the government can listen in on every communication without any evidence of crime?" he said. "The consequences of that are that people won't communicate freely and the country would be very different as a result. Imagine how your conversation with a close personal friend would change if you knew someone else was listening. That's what is at stake. That's what needs to be protected." Nojeim also is bothered by possible side effects from new measures designed to improve the country's ability to fend off cyberattacks, particularly a proposal to allow a government agency to access information held by companies--even if protected by a privacy statute-- when the agency believes the information is relevant to cybersecurity. This means the government could use a broad cybersecurity justification and ask ISPs and other service providers to turn over private e-mails of citizens. Officials are normally restricted by certain conditions such as requirements to provide probable cause that a crime was committed or access is otherwise warranted. "I'm referring specifically to the Cybersecurity Act, which says that [the Department of] Commerce would become the new clearinghouse for cybersecurity information and that it could, in that role, gain access to that information notwithstanding any law," he said. "Imagine how your conversation with a close personal friend would change if you knew someone else was listening. That's what is at stake. That's what needs to be protected." --Greg Nojeim, CDT attorney "It could force companies to release sensitive, confidential, and proprietary information to the government and it could force companies to release private information about consumers' communications to the government, as well," he added. Officials and lawmakers aren't malicious or targeting average citizens, Nojeim said. They're just not thinking through the consequences of their proposals in their zeal to fight terrorism and prevent cyberattacks, he said. "Or, they don't put enough weight on the civil liberties interest at stake," he said. Nojeim was born in 1959 in Syracuse, N.Y., to first-generation Lebanese-American parents. His mother worked as an accounts manager at a large corporation and his father worked on computers for the U.S. Air Force. The fourth of five sons, Nojeim was class president and valedictorian in high school and played soccer. He graduated from the University of Rochester in 1981 with a B.A. in political science. He went to law school at the University of Virginia and worked in mergers and acquisitions at a private firm after that, taking a break at one point to travel around the world for a year. Collegiate advocacy His interest in the nonprofit world began when he joined the American Civil Liberties Union in college. He later volunteered at the American- Arab Anti-Discrimination Committee (ADC) and then worked as the director of legal services there, conducting much of the group's work in the areas of immigration, civil, and human rights. When the office started getting calls from people complaining about racial profiling at airport security lines, he and other staffers spent hours at the airport to monitor the situation. The lawsuit filed against Pan Am was settled when the airline ceased flying due to its bankruptcy. From there, Nojeim went to the ACLU, which had assisted the ADC with the airport profiling case. He worked at the ACLU for 12 years before joining the CDT in May 2007. Nojeim is disappointed that the Patriot Act was passed while he was at the ACLU. The law dramatically expanded government power in the most dangerous ways for civil liberties, such as cutting down on judicial oversight of the exercise of investigative power and increasing the secrecy in which the powers are used, he said. For instance, before the act was passed, the FBI had to prove that hotel, car rental, and other records it sought for national security reasons pertained to the travel of a terrorist or spy. After the law was passed, the FBI can access records on anyone merely by showing that the records are relevant to an investigation. The Patriot Act also gives the FBI authority to conduct a secret search of a home or office for regular crimes and not just for foreign intelligence purposes. But things might be turning around. The CDT and other civil liberties groups have been able to convince Congress to consider reforming a part of the law that gave the FBI the authority to issue "National Security Letters" (NSL) ordering ISPs and other types of businesses to turn over sensitive customer records. A measure before the U.S. House of Representatives would require that records sought with an NSL pertain to somebody who is either a terrorist or a spy or someone known to be in contact with a terrorist or spy, Nojeim said. For Americans with no ties to such individuals, the FBI can require a company to turn over its financial information and communications only after judicial review or with a subpoena in a criminal investigation, he said. The issue is likely to be resolved in the spring, he added. "The Patriot Act changed the NSL statutes so that they can be used to seek records about anyone, not just about terrorists and spies and other 'agents of foreign powers,'" he said. 'Quiet warrior' From his office a few blocks from the White House, Nojeim organizes the staff softball team and writes humorous reports on the team's activities when he's not doing the more serious work of trying to block the government from overstepping its authority. "He's got a really off-beat sense of humor and he's a bit of a mischief maker in terms of the humor he shows to his colleagues," said Tim Sparapani, Facebook director of public policy, whom Nojeim hired at the ACLU. "He's doing deadly serious work and yet he sees the humor and the irony in a lot of situations, and that always makes his colleagues enjoy working with him." "He's a very bright guy and coupled with that he's got a huge heart and a dedication to the law," said Albert Mokhiber, a lawyer at the firm of Mokhiber & Moretti and former president of the ADC who hired Nojeim to work there. Nojeim is passionate about protecting individuals' constitutional rights but is also particularly effective working on issues that easily incite anger and strong emotion in others because he is measured and calm, his former colleagues said. "This made him extremely useful for the work we were doing because there was a lot of emotion and passion in civil rights and human rights issues," Mokhiber said. "It has been very easy to violate civil and constitutional rights of Arab-Americans because there was this perception that we are the other; that we are the enemy, and that's not the case." Nojeim stands out as a humble and relatively apolitical activist in a town noted for its egos and power games, according to Sparapani. "Greg is one of those quiet warriors," he said. "He's probably the most important privacy advocate and Arab-American advocate that people don't know about. Greg does everything quietly behind the scenes," Sparapani said. "Greg was never somebody who needed to make friends in Washington. That helped him distinguish himself as an advocate. He calls them like he sees them." Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. From rforno at infowarrior.org Wed Dec 16 14:18:48 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Dec 2009 09:18:48 -0500 Subject: [Infowarrior] - NZ brings back 3-strikes proposal Message-ID: <4F509B2A-F132-480F-9F6E-D815523585FA@infowarrior.org> http://www.michaelgeist.ca/content/view/4622/125/ New Zealand Releases Revamped Three Strikes Proposal Tuesday December 15, 2009 The New Zealand government has released a revamped three strikes proposal that incorporates full court hearings and the possibility of financial penalties. A prior proposal, which would have resulted in subscriber access being terminated without court oversight, was dropped earlier this year following public protest. The new proposal is essentially a notice-and-notice system where ISPs would be required to pass along alleged infringement notices to the subscriber. After the third notice, the rights holder could seek up to $15,000 at the Copyright Tribunal for damages sustained. If the infringements continue, the rights holder could go to court to seek suspension of the subscriber account for up to six months. The NZ government proposes to amend its copyright law to give courts the power to suspend accounts, taking into account any relevant circumstances including multiple users of a shared account, effect on business, and vulnerable account holders. The NZ Cabinet paper also notes that the government is currently negotiating ACTA and free trade agreements that could require legislative reform. More @ BoingBoing: http://www.boingboing.net/2009/12/16/three-strikes-law-re.html From rforno at infowarrior.org Wed Dec 16 14:21:03 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Dec 2009 09:21:03 -0500 Subject: [Infowarrior] - OT: Lucasfilm loses UK copyright case over Stormtrooper helmet Message-ID: Propmaker strikes back in Star Wars stormtrooper battle Paul Cheston and Natasha Nischal 16.12.09 http://www.thisislondon.co.uk/standard/article-23784727-propmaker-strikes-back-in-star-wars-stormtrooper-battle.do A propmaker today won in the Appeal Court in his Star Wars battle with Hollywood giant Lucasfilm. Three senior judges ruled unanimously that Andrew Ainsworth, who made the original stormtrooper helmets, had not breached UK copyright laws. They rejected claims by Star Wars creator George Lucas that the helmets were sculptures and thereby breached his copyright. Lord Justice Jacob, sitting with Lords Justices Rix and Patten, ruled there was no copyright in any sculpture. Today's judgment could cost the Hollywood billionaire ?500,000 in legal costs but the final decision on who picks up the bill has still to be made. The ruling was handed down to an empty courtroom, in stark contrast to the scenes last year when the High Court was packed with life-size figures of the intergalatic clones, their helmets and assorted gadgets. The judges backed the findings of Mr Justice Edward Mann that Mr Ainsworth did not own the copyright in the helmets and that Lucasfilm could not enforce its US judgment here. Lucasfilm brought the case after winning ?10?million damages in America for copyright and trademark infringement and unfair competition. It took its legal action to London in an attempt to protect the ?6? billion worldwide merchandising sales from Star Wars since 1977. Mr Ainsworth had been paid ?35 each for 50 helmets for the original film. It was not until 2004 when he found one of the original helmets in a cupboard at his home that he sold it to a collector. He began making stormtrooper outfits and selling them through his company, Shepperton Design Studios, for up to ?1,800 each. Today Lord Justice Jacob pointed out that Mr Ainsworth, of Twickenham, had achieved only a ?modicum? of sales in the US so there would be ?no financial remedy? for compensation. However the judge warned Mr Ainsworth that if he was to ?seek any further selling into the US,? he would be in breach of copyright laws. From rforno at infowarrior.org Wed Dec 16 14:23:45 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Dec 2009 09:23:45 -0500 Subject: [Infowarrior] - FTC sues chip-king Intel for 'anti-competitive tactics' Message-ID: <9701ECBF-D4B3-41F7-9B97-3D42E12E2501@infowarrior.org> FTC sues chip-king Intel for 'anti-competitive tactics' http://voices.washingtonpost.com/economy-watch/2009/12/ftc_sues_chip-king_intel_for_a.html?hpid=topnews The Federal Trade Commission is suing Intel, saying the chip-making king has "illegally used its dominant market position for a decade to stifle competition and strengthen its monopoly." Quoting from the release on the FTC Web site, which hit moments ago: "In its complaint, the FTC alleges that Intel has waged a systematic campaign to shut out rivals? competing microchips by cutting off their access to the marketplace. In the process, Intel deprived consumers of choice and innovation in the microchips that comprise the computers? central processing unit, or CPU." You can read the entire release by clicking here. This is big, big news and a clear sign of the FTC's new muscularity in taking on corporate giants. From the FTC release: "The FTC?s administrative complaint charges that Intel carried out its anticompetitive campaign using threats and rewards aimed at the world?s largest computer manufacturers, including Dell, Hewlett- Packard, and IBM, to coerce them not to buy rival computer CPU chips. Intel also used this practice, known as exclusive or restrictive dealing, to prevent computer makers from marketing any machines with non-Intel computer chips. In addition, allegedly, Intel secretly redesigned key software, known as a compiler, in a way that deliberately stunted the performance of competitors? CPU chips. Intel told its customers and the public that software performed better on Intel CPUs than on competitors? CPUs, but the company deceived them by failing to disclose that these differences were due largely or entirely to Intel?s compiler design." -- Frank Ahrens From rforno at infowarrior.org Wed Dec 16 14:33:54 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Dec 2009 09:33:54 -0500 Subject: [Infowarrior] - Article + comment ... House takes steps to boost cybersecurity Message-ID: <29CE2502-A8DE-41F4-A1A5-5CDE99BDD874@infowarrior.org> NB: During the 1990s when we first drafted House infosec policies, our team was told to develop two "policies" -- one for staffers and one for the elected Members. The staffer version was a fairly common user security policy like you'd find anywhere else at the time and REQUIRED compliance (and had likely penalties/consequences), but the Member one, to put it simply, ENCOURAGED their adherence or compliance with recommended good security practices but that was about it. The reason for this double-standard? We were told that (elected) Members could not be told what to do (or how to act) by (unelected) staffers such as our team.[1] Sigh. As such, one wonders how many cybersecurity transgressions in the House are the result of elected Member goof-ups that get hushed up!!! -rf [1] We did get the opportunity to say "I told you so" to House leaders who got embarrassed publicly and then ran to us wondernig what could be done to prevent it from happening again. Heh, memories! House takes steps to boost cybersecurity By Paul Kane Washington Post Staff writer Wednesday, December 16, 2009; A06 http://www.washingtonpost.com/wp-dyn/content/article/2009/12/15/AR2009121505075_pf.html House leaders have asked the chamber's security officials to implement a new cybersecurity training regimen for aides and take additional measures to protect sensitive information from potential hackers. After a six-week review prompted by The Washington Post's disclosure of the ethics committee's secretive deliberations, Daniel P. Beard, the House's chief administrative officer, recommended technology security updates that focused mostly on making staff aware of the security risks on the Internet. "Changes in security policies will make it clear that all sensitive House information will remain on House equipment at all times, it will be encrypted when stored on mobile devices and must not be transmitted on any public access system," Beard wrote in a letter to House Speaker Nancy Pelosi (D-Calif.) and Minority Leader John A. Boehner (R-Ohio). Beard undertook the review after a junior staffer took home a sensitive computer file that included a document naming every member of Congress the panel was investigating and updating most of the nearly three dozen investigations. In many cases, the lawmaker's ethics troubles had not been revealed publicly. The staffer placed the file on a home computer on which she had downloaded peer-to-peer file-sharing software, commonly used by people who want to share music and other digital files. The Post obtained the file from a source who had no connection to Congress or any matter before the ethics committee. In addition to new training, Beard will force the House's internal wireless Internet service to be password-protected. Employees traveling outside the United States will have their government-issued wireless devices checked by House security before and after their trips. From rforno at infowarrior.org Wed Dec 16 16:59:13 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Dec 2009 11:59:13 -0500 Subject: [Infowarrior] - Conficker may be forgotten, but it's not gone Message-ID: (c/o Rich P) -------- Original Message -------- Subject: [shadowserver] Conficker may be forgotten, but it's not gone.. Shadowserver is happy to announce a new set of statistics and charts highlighting the widespread infection & propagation of Conficker. We thought it would be of interest to illustrate the depth and extent of how Conficker truly affects a worldwide scope of providers. While much public attention has faded since the widely publicized April 1st 2009 "attack date", it's quite evident that Conficker still maintains a huge foothold on many computer systems worldwide. Hopefully this report will again raise public awareness to a 6.5M node botnet and drive remediation efforts from the providers themselves, as well as the average computer user. Shadowserver hopes you find these stats and charts as interesting as we have. This is a dynamic page, so you can watch trends and remediation efforts over time. As always, we're interested in how folks use and benefit from our data and reports. Feel free to drop us a note anytime and give us your feedback. Shadowserver has posted a new blog about this at: http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091216 The Conficker stats and charts page can be found here: http://www.shadowserver.org/wiki/pmwiki.php/Stats/Conficker _______________________________________________ From rforno at infowarrior.org Thu Dec 17 21:45:18 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 17 Dec 2009 16:45:18 -0500 Subject: [Infowarrior] - TSA Hearing on "The Manual" Message-ID: <65C5B45A-2A8C-42D3-A2F8-64165862FE5C@infowarrior.org> ...that last sentence is hysterical. Is TSA now saying its contractors are not qualified to handle sensitive information? If TSA admits that, one has to wonder about the rest of the gov contractors who engage in daily handling of sensitive information, right??? --rf TSA Cannot Order Sites to Take Down Sensitive Manual December 17th, 2009 by Steven Aftergood http://www.fas.org/blog/secrecy/2009/12/tsa_cannot.html After a Transportation Security Administration (TSA) manual containing ?sensitive security information? was inadvertently disclosed on a government website, it was reposted on several non-governmental websites where it remains freely available. Asked what TSA intends to do about that, Acting TSA Administrator Gale D. Rossides told Congress that her agency does not have the legal authority to compel members of the public to remove sensitive TSA documents from their websites, though she wished that they would do so. < - > Ms. Rossides added that in order to prevent further inadvertent disclosures of the newest security measures, she was refusing to provide a hardcopy of the latest edition of the TSA security manual to Congress. ?I just wanted to take the absolute measures to protect that information, and that?s why a hardcopy wouldn?t be presented,? she said. Rep. Dent objected to this. ?By refusing to give a document to this committee because of concern about a public disclosure, that?s implying that this subcommittee would disclose the document. And that?s what, I guess, troubles me the most.? He said he would press the issue. Subcommittee chair Rep. Sheila Jackson-Lee (D-TX) said she would introduce legislation to bar contractors from access to ?sensitive security information,? since contractors apparently were at fault in the inadvertent disclosure of the security manual. ?It?ll be my legislative initiative to insist that contract employees not be used to handle sensitive security information, period,? she said. From rforno at infowarrior.org Thu Dec 17 21:51:03 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 17 Dec 2009 16:51:03 -0500 Subject: [Infowarrior] - Beyond ACTA: Proposed EU - Canada Trade Agreement Message-ID: <13D907FA-71AB-496A-9AE8-201842D83C72@infowarrior.org> Beyond ACTA: Proposed EU - Canada Trade Agreement Intellectual Property Chapter Leaks Wednesday December 16, 2009 http://www.michaelgeist.ca/content/view/4627/125/ Canada's participation in the Anti-Counterfeiting Trade Agreement negotiations has understandably generated enormous public concern as leaked documents indicate that ACTA would have a dramatic impact on Canadian copyright law. The U.S. has proposed provisions that would mandate a DMCA-style implementation for the WIPO Internet treaties and encourage the adoption of a three-strikes and you're out system to cut off access where there are repeated allegations of infringement. Yet it would appear that ACTA is actually only part of the story. Canada is also currently negotiating a Comprehensive Economic and Trade Agreement with the European Union. The negotiations have been largely off the radar screen (and similarly secretive) with the first round of talks concluding in October in Ottawa. Intellectual property figures prominently in the agreement. In fact, the EU proposal for the IP chapter has just leaked online and the document is incredibly troubling. When combined with ACTA, the two agreements would render Canadian copyright law virtually unrecognizable as Canada would be required to undertake a significant rewrite of its law. The notion of a "made-in-Canada" approach - already under threat from ACTA - would be lost entirely, replaced by a made-in-Washington-and-Brussels law. What are some of the EU's demands? ? Copyright term extension. The current term of copyright law in Canada is life of the author plus 50 years. This is consistent with the term requirements under the Berne Convention. The EU is demanding that Canada add an additional 20 years by making the term life plus 70 years. ? WIPO ratification. The EU is demanding that Canada respect the rights and obligations under the WIPO Internet treaties. The EU only formally ratified those treaties this week. ? Anti-circumvention provisions. The EU is demanding that Canada implement anti-circumvention provisions that include a ban on the distribution of circumvention devices. There is no such requirement in the WIPO Internet treaties. ? ISP Liability provisions. The EU is demanding statutory provisions on ISP liability where they act as mere conduits, cache content, or host content. ISPs would qualify for a statutory safe harbour in appropriate circumstances. There is no three-strikes and you're out language (which presumably originates with the U.S.). ? Enforcement provisions. The EU is demanding that Canada establish a host of new enforcement provisions including measures to preserve evidence, ordering alleged infringers to disclose information on a wide range of issue, mandate disclosure of banking information in commercial infringement cases, allow for injunctive relief, and destruction of goods. There is also a full section on new border measures requirements. ? Resale rights. The EU is demanding that Canada implement a new resale right that would provide artists with a royalty based on any resales of their works (subsequent to the first sale). ? Making available or distribution rights. The EU is demanding that Canada implement a distribution or making available right to copyright owners. These are just the copyright provisions. There are sections dealing with patents, trademarks, designs, and (coming soon) geographical indications. These include: ? requiring Canada to comply with the Trademark Law Treaty (Canada is not a contracting party) ? requiring Canada to accede to the Hague System for the International Registration of Industrial Designs ? creating new legal protections for registered industrial designs including extending the term of protection from the current 10 years to up to 25 years ? requiring Canada to comply with the Patent Law Treaty (Canada has signed but not implemented) ? requiring Canada to establish enhanced protection for data submitted for pharmaceutical patents While the leaked document may only represent the European position, there is little doubt there will be enormous pressure on Canadian negotiators to cave on the IP provision in return for "gains" in other areas. The net result is that when combined with the ACTA requirements, Canadian copyright law reform may cease to become Canadian. Instead, the rules will be dictated by secretive agreements as the U.S. and Europe tag team to pressure Canada into dramatic changes far beyond those even proposed in Bills C-60 or C-61. From rforno at infowarrior.org Fri Dec 18 00:23:05 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 17 Dec 2009 19:23:05 -0500 Subject: [Infowarrior] - Lululemon v. Olympics (brilliant) Message-ID: Vancouver Olympics Unhappy With 'Cool Sporting Event That Takes Place in British Columbia Between 2009 and 2011 Edition' Slogan http://techdirt.com/articles/20091216/0816517384.shtml We've been covering how the Olympics has been able to get various governments around the world to grant it extra special intellectual property protection on certain words and phrases, with the upcoming Vancouver Olympics being no exception. In that case, you have to be careful of the use of "Vancouver," "Olympics," and even "2010." So, clothing maker Lululemon decided to come up with a line that mocks these restrictions, with a brand new line of clothing called: "Cool Sporting Event That Takes Place in British Columbia Between 2009 and 2011 Edition." Note how careful the company is to avoid any of the restricted words. Nicely done. Of course, guess who isn't happy? Reader Joe McEnaney alerts us to the news that, even though the Vancouver Olympics can't officially do anything to Lululemon, it has decided to try shaming the company instead, expressing disappointment that the company has "has broken the spirit of Olympic trademark regulations." Of course, even so, the Olympic officials seem to misunderstand what's going on here. They claim: "We expected better sportsmanship from a local Canadian company than to produce a clothing line that attempts to profit from the Games but doesn't support the Games or the success of the Canadian Olympic team." But, of course, that's not what's going on here at all. They're not trying to profit off of the Olympic Games. They're trying to profit off of the ridiculous free speech restrictions put in place by the Olympics for no good reason. From rforno at infowarrior.org Fri Dec 18 15:01:16 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 18 Dec 2009 10:01:16 -0500 Subject: [Infowarrior] - Kudos to Australia Message-ID: <0A07F5B8-FE82-4D8C-BCE3-B0689F6834C2@infowarrior.org> http://www.smh.com.au/travel/travel-news/carryon-restrictions-to-be-relaxed-20091216-kvm2.html "Carry-on baggage rules will be relaxed under a shake-up of aviation security announced by the Federal Government today. The changes will see passengers again allowed to carry some sharp implements, such as nail files and clippers, umbrellas, crochet and knitting needles on board aircraft from July next year" Best quote: "Metal cutlery will return to return to cabin meals and airport restaurants following Government recognition that security arrangements must be targeted at 'real risks'." ...somebody care to tell the TSA this is how you do security planning? Oh, wait - passenger screening isn't a federal jobs program for the Ozzies like it is here in the USA. Now to get them to drop that assinine web filtering scheme. -rf From rforno at infowarrior.org Fri Dec 18 15:04:51 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 18 Dec 2009 10:04:51 -0500 Subject: [Infowarrior] - DECAF disabled (quasi-hoax) Message-ID: <4F85CA02-8447-4FF0-8722-01672BCB2910@infowarrior.org> I give 'em some credit for this however ... gods know I feel the same way about folks wanting the instant-gratification route on things, particularly forensics and security!! --rf http://www.decafme.org/ As you probably noticed, your copy of DECAF no longer works. We have disabled every copy of DECAF. We hope that as you realize this was a stunt to raise awareness for security and the need for better forensic tools that you would reconsider cutting corners on corporate security. Also, governments should not rely on a tool to automate the process of forensics but rather invest in the education of investigators and forensic tool experts. If we were able to assist every government agency in their computer crime investigations, we would. The problem is DECAF is just two people. As a security community at large, we need to band together and start relieving some of the burden off our government by giving back. It also goes to show that if two people can make an impact as big as DECAF did; imagine how much positive we could all do together. Lately our media has been presenting many individual people (balloon boy, white house visitors, etc) who have been manipulating media outlets for selfish publicity in hopes of being "successful". The problem is that America has grown to be selfish, self-reliant, prideful, and a arrogant monster. We leave our marriages, neglect our kids, chase positions/status at work, chase materialistic property and only think of ourselves. In the mean time our whole country goes down the tubes. < snip > http://www.decafme.org/ From rforno at infowarrior.org Sun Dec 20 23:25:55 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 20 Dec 2009 18:25:55 -0500 Subject: [Infowarrior] - Pope copyrights himself Message-ID: Holy See declares unique copyright on Papal figure http://www.catholicnewsagency.com/utiles/myprint/print.php Vatican City, Dec 19, 2009 / 12:23 pm (CNA).- The Vatican made a declaration on the protection of the figure of the Pope on Saturday morning. The statement seeks to establish and safeguard the name, image and any symbols of the Pope as being expressly for official use of the Holy See unless otherwise authorized. The statement cited a "great increase of affection and esteem for the person of the Holy Father" in recent years as contributing to a desire to use the Pontiff's name for all manner of educational and cultural institutions, civic groups and foundations. Due to this demand, the Vatican has felt it necessary to declare that "it alone has the right to ensure the respect due to the Successors of Peter, and therefore, to protect the figure and personal identity of the Pope from the unauthorized use of his name and/or the papal coat of arms for ends and activities which have little or nothing to do with the Catholic Church." The declaration alludes to attempts to use ecclesiastical or pontifical symbols and logos to "attribute credibility and authority to initiatives" as another reason to establish their ?copyright? on the Holy Father's name, picture and coat of arms. "Consequently, the use of anything referring directly to the person or office of the Supreme Pontiff... and/or the use of the title 'Pontifical,' must receive previous and express authorization from the Holy See," concluded the message released to the press. Copyright ? CNA (http://www.catholicnewsagency.com) From rforno at infowarrior.org Mon Dec 21 02:42:02 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 20 Dec 2009 21:42:02 -0500 Subject: [Infowarrior] - To Deal With Obsession, Some Unfriend Facebook Message-ID: December 21, 2009 To Deal With Obsession, Some Unfriend Facebook By KATIE HAFNER http://www.nytimes.com/2009/12/21/technology/internet/21facebook.html Facebook, the popular networking site, has 350 million members worldwide who, collectively, spend 10 billion minutes there every day, checking in with friends, writing on people?s electronic walls, clicking through photos and generally keeping pace with the drift of their social world. Make that 9.9 billion and change. Recently, Halley Lamberson, 17, and Monica Reed, 16, juniors at San Francisco University High School, made a pact to help each other resist the lure of the login. Their status might as well now read, ?I can?t be bothered.? ?We decided we spent way too much time obsessing over Facebook and it would be better if we took a break from it,? Halley said. By mutual agreement, the two friends now allow themselves to log on to Facebook on the first Saturday of every month ? and only on that day. The two are among the many teenagers, especially girls, who are recognizing the huge distraction Facebook presents ? the hours it consumes every day, to say nothing of the toll it takes during finals and college applications, according to parents, teachers and the students themselves. Some teenagers, like Monica and Halley, form a support group to enforce their Facebook hiatus. Others deactivate their accounts. Still others ask someone they trust to change their password and keep control of it until they feel ready to have it back. Facebook will not reveal how many users have deactivated service, but Kimberly Young, a psychologist who is the director of the Center for Internet Addiction Recovery in Bradford, Pa., said she had spoken with dozens of teenagers trying to break the Facebook habit. ?It?s like any other addiction,? Dr. Young said. ?It?s hard to wean yourself.? Dr. Young said she admired teenagers who came up with their own strategies for taking Facebook breaks in the absence of computer- addiction programs aimed at them. ?A lot of them are finding their own balance,? she said. ?It?s like an eating disorder. You can?t eliminate food. You just have to make better choices about what you eat.? She added, ?And what you do online.? Michael Diamonti, head of school at San Francisco University High School, which Monica and Halley attend, said administrators were pondering what the school?s role should be, since students used Facebook mostly at home, although excessive use could affect their grades. ?It?s such uncharted territory,? Dr. Diamonti said. ?I?m definitely in support of these kids recognizing that they need to exercise some control over their use of Facebook, that not only is it tremendously time consuming but perhaps not all that fulfilling.? In October, Facebook reached 54.7 percent of people in the United States ages 12 to 17, up from 28.3 percent in October last year, according to the Nielsen Company, the market research firm. Many high school seniors, now in the thick of the college application process, are acutely aware of those hours spent clicking one link after another on the site. Gaby Lee, 17, a senior at Head-Royce School in Oakland, Calif., had two weeks to complete her early decision application to Pomona College. Desperate, she deactivated her Facebook account. The account still existed, but it looked to others as if it did not. ?No one could go on and write on my wall or look at my profile,? she said. The habit did not die easily. Gaby said she would sit down at the computer and find that ?my fingers would automatically go to Facebook.? In her coming book, ?Alone Together? (Basic Books, 2010), Sherry Turkle, a psychologist who is director of the Initiative on Technology and Self at the Massachusetts Institute of Technology, discusses teenagers who take breaks from Facebook. For one 18-year-old boy completing a college application, Professor Turkle said, ?Facebook wasn?t merely a distraction, but it was really confusing him about who he was,? and he opted to spend his senior year off the service. He was burned out, she said, trying to live up to his own descriptions of himself. But Facebook does not make it easy to leave for long. Deactivating an account requires checking off one of six reasons ? ?I spend too much time using Facebook,? is one. ?This is temporary. I?ll be back,? is another. And it is easy to reactivate an account by entering the old login and password. For Walter Mischel, a professor of psychology at Columbia University, who studies self-control and willpower, ?what?s fascinating about this is that it involves spontaneous strategies of self-control, of trying to exert willpower after getting sucked into a huge temptation.? Professor Mischel performed a now-famous set of experiments at Stanford University in the late 1960s in which he tested young children?s ability to delay gratification when presented with what he called ?hot? temptations, like marshmallows. Some managed to stop themselves; others could not. ?Facebook is the marshmallow for these teenagers,? Professor Mischel said. Rachel Simmons, an educator and the author of ?The Curse of the Good Girl: Raising Authentic Girls with Courage and Confidence? (Penguin Press, 2009), said Facebook?s new live feed format had made the site particularly difficult to tear oneself away from. ?You?re getting a feed of everything everyone is doing and saying,? Ms. Simmons said. ?You?re literally watching the social landscape on the screen, and if you?re obsessed with your position in that landscape, it?s very hard to look away.? It is that addictive quality that makes having a partner who knows you well especially helpful. Monica said that when she was recently in bed sick for several days, she broke down and went on Facebook. And, of course, she felt guilty. ?At first I lied,? Monica said. ?But we?re such good friends she could read my facial expression, so I ?fessed up.? As punishment, the one who breaks the pact has to write something embarrassing on a near-stranger?s Facebook wall. After several failed efforts at self-regulation, Neeka Salmasi, 15, a sophomore at Greenhills School in Ann Arbor, Mich., finally asked her sister, Negin, 25, to change her Facebook password every Sunday night and give it back to her the following Friday night. Neeka quickly saw an improvement in her grades. Still better, she said, is that her mother no longer visits her room ?every half an hour to see if I was on Facebook or doing homework.? ?It was really annoying,? she said. Last year, Magellan Yadao, 18, a senior at Northside College Preparatory High School in Chicago, went on a 40-day Facebook fast for Lent. ?In my years as a Catholic, I hadn?t really chosen something to give up that was very important to me,? Magellan said in an e-mail message. ?Apparently, Facebook was just that.? In his follow-up work, Professor Mischel said he found that some of the children who delayed gratification with the marshmallows turned out to be higher achievers as adults. Halley said she and Monica expect their hiatus to continue at least through the rest of the school year. She added that they were enjoying a social life lived largely offline. ?Actually, I don?t think either one of us wants it to end,? she said. From rforno at infowarrior.org Mon Dec 21 04:04:29 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 20 Dec 2009 23:04:29 -0500 Subject: [Infowarrior] - Job Posting: Cyber Arms Dealer Message-ID: Some humour to start your Monday! --rf ------------------------------------------------------------------------------------------------ Job Posting: Cyber Arms Dealer (500k ? 750k + bonus) http://thecipblog.com/?p=271 December 20th, 2009 Matthew Holt Employer: Restricted Business Name (RBN) Position Type: Part-time contractor, sales Salary: Commission only (est. 500k ? 750k), uncapped upside opportunity Bonus: Top-sellers will be invited to the annual company picnic in a secret location Travel Required: 0% Target Clients: Disgruntled 3rd world dictators, other national governments Business Hours: 24/7 Education Level: None required Experience Level: No previous cyber security or business experience required Target Age: 0-99 years There is a once in a lifetime opportunity to become part of the largest, most efficient business in the world focusing on Cyber Security issues as it seeks to expand its Cyber Warfare product line. Our products have replaced the traditional wares of arms dealers (i.e. tanks, planes, nuclear weapons) and are crucial to the successful wartime activities of our clients as they plot integrated military attack strategies against the critical infrastructures of their enemies. With an extensive team of sales professionals, we are already delivering a full spectrum of cyber security-related products to a worldwide client base which you will be able to leverage. Principal Duties and Responsibilities: The successful candidate must be able to access the Internet, download the pre-configured software package provided by the company, and click ?save and run? when prompted. Basic understanding of cyber security helpful, but not really required. Primary activities involve monitoring incoming messages for requests for the company?s Distributed Denial of Service (DDOS) Attack 2.0 product line and establishing contact with the potential client. You will not need to understand how the DDOS Attack 2.0 product works as we have a large staff of technicians to take care of this for you. You will merely act as the middleman to handle the transaction, of which you will retain a certain percentage (to be negotiated). Although the target market is worldwide, it is vital to the employer that the candidate is physically located in Russia, China, Indonesia, or Ukraine. This ensures minimal risk of disruption of company activity by law enforcement, and will also help the candidate ensure continued flow of low-risk income as he builds his customer base. Thanks to the global standardization of Internet protocols, you will be able to deliver the DDOS Attack 2.0 product line to your clients anywhere in the world in real-time (no shipping charges or customs duties) from these any of these four countries. Desired Characteristics: * Excellent prospecting, new client generation and negotiation skills * Successful sales track record * Understanding of money transfer options (i.e. PayPal, Western Union) * Desire and ability to work alone, ability to operate under little supervision * Proficiency in typing and reading messages on your computer * Must be enthusiastic and positive * Optimist at heart and passionate about selling the company?s products * Should have laptop with WiFi access to avoid geolocation by law enforcement Above all else, loyalty to the company is required. In the unlikely event that some pesky law enforcement officer should happen to apprehend you, you should understand up front that revealing any information about the company will result in long-term, painful punishment to those closest to you. How to apply: Please access your favorite IRC channel and enter job code: 0b1010011010 From rforno at infowarrior.org Mon Dec 21 13:39:03 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 21 Dec 2009 08:39:03 -0500 Subject: [Infowarrior] - Battlefield robot had security hole Message-ID: <39DA3CC9-9D1A-4CA2-AD90-7BDDA521D3DF@infowarrior.org> Battlefield robot had security hole Insurgents could steal video before local firm made fix By Hiawatha Bray Globe Staff / December 19, 2009 http://www.boston.com/business/technology/articles/2009/12/19/battlefield_robot_had_security_hole/ The same security weakness that allowed Iraqi insurgents to record video from unmanned US surveillance aircraft might also have let them spy on American battlefield robots produced by a local firm. For years, Talon robots, made by Qinetiq North America Operations LLC in Waltham, transmitted analog video images without the encryption that scrambles signals to prevent them from being intercepted. As a result, videos from the robots could have been viewed and recorded by anybody with a laptop and a television receiver, including adversaries. The US military has purchased more than 3,000 Talon robots. Many are used for video surveillance patrols in Iraq and Afghanistan. Qinetiq officials said the security hole was plugged in 2007, when Talons received upgraded video equipment. Last week, the Wall Street Journal reported that laptop computers belonging to captured Iraqi insurgents contained video images from US surveillance drones. The insurgents had used TV receiving gear and a cheap piece of software purchased on the Internet to record unencrypted video from the aircraft. There?s no evidence that enemy forces actually tapped into video feeds from the Talon robots. But Eric Rosenbach, executive director of research at the Belfer Center for Science and International Affairs at Harvard University, expressed surprise that the military would ever transmit battlefield data over an insecure channel. ?It?s common practice and standard operating procedure that any communication from the military is encrypted if it?s even remotely sensitive,?? said Rosenbach, who served as an Army intelligence officer in Bosnia. Bob Quinn, Qinetiq?s vice president of Talon robot operations, said that in 2007, the company refitted the robots with new digital video systems and added encryption. ?Over 2,000 robots, in our case, have been upgraded,?? Quinn said, but he added that the upgrade was not prompted in any way by concerns about spying. Instead, the change was a consequence of the military?s efforts to reduce the terrible toll inflicted on US troops by roadside bombs in Iraq. Many of the bombs were detonated remotely by radio transmitters such as cellphones. The US Army responded by deploying Talon robots along key roadways to seek out the bombs and by equipping supply convoys with powerful radio jammers. The jammers created a sort of electronic bubble around the convoy, so that nearby radio-controlled bombs could not be detonated. ?The robots have to be able to work inside that protective electronic bubble,?? said Quinn. But the jamming blocked the robots? analog video signals, making them useless for surveillance. The 2007 digital video upgrade solved the problem and also ensured that insurgents couldn?t view the videos with conventional equipment. Quinn said that there was never any risk that an enemy hacker could have taken command of a Talon, because the robot?s remote control system has always used an encrypted digital radio system. Letting a Talon come under enemy control could have deadly consequences, as some are equipped with remotely-controlled machine guns. But just being able to see surveillance video could be very useful to an enemy. ?It gives them the ability to know where and how the US is surveilling targets,?? said Rosenbach. For instance, an insurgent could use intercepted video to warn his comrades that one of their ?safe houses?? was actually being watched by the Americans. The US military has purchased thousands of robots from another Massachusetts company, iRobot Corp. of Bedford. Like the Qinetiq Talon, iRobot?s PackBot is frequently equipped with video cameras for surveillance work. But the company won?t say whether its video feeds are encrypted. IRobot spokeswoman Nancy Dussault-Smith said the company ?does not comment on communications security or other operational security topics.?? Hiawatha Bray can be reached at bray at globe.com. From rforno at infowarrior.org Mon Dec 21 13:43:33 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 21 Dec 2009 08:43:33 -0500 Subject: [Infowarrior] - Why can't Americans make things? Two words: business school. Message-ID: <54615A6D-6AE2-424B-B33A-E8312F59F45C@infowarrior.org> Upper Mismanagement Why can't Americans make things? Two words: business school. ? Noam Scheiber ? December 18, 2009 | 12:00 am http://www.tnr.com/print/article/economy/wagoner-henderson One of the themes that came up while I was profiling [1] White House manufacturing czar Ron Bloom earlier this fall was managerial talent. A lot of people talk about reviving the domestic manufacturing sector, which has shed almost one-third of its manpower over the last eight years. But some of the people I spoke to asked a slightly different question: Even if you could reclaim a chunk of those blue-collar jobs, would you have the managers you need to supervise them? It?s not obvious that you would. Since 1965, the percentage of graduates of highly-ranked business schools who go into consulting and financial services has doubled, from about one-third to about two- thirds. And while some of these consultants and financiers end up in the manufacturing sector, in some respects that?s the problem. Harvard business professor Rakesh Khurana, with whom I discussed these questions at length, observes that most of GM?s top executives in recent decades hailed from a finance rather than an operations background. (Outgoing GM CEO Fritz Henderson and his failed predecessor, Rick Wagoner, both worked their way up from the company?s vaunted Treasurer?s office.) But these executives were frequently numb to the sorts of innovations that enable high-quality production at low cost. As Khurana quips, ?That?s how you end up with GM rather than Toyota.? How did we get to this point? In some sense, it?s the result of broad historical and economic forces. Up until World War I, the archetypal manufacturing CEO was production oriented?usually an engineer or inventor of some kind. Even as late as the 1930s, business school curriculums focused mostly on production. Khurana notes that many schools during this era had mini-factories on campus to train future managers. After World War II, large corporations went on acquisition binges and turned themselves into massive conglomerates. In their landmark Harvard Business Review article from 1980, ?Managing Our Way to Economic Decline,? Robert Hayes and William Abernathy pointed out that the conglomerate structure forced managers to think of their firms as a collection of financial assets, where the goal was to allocate capital efficiently, rather than as makers of specific products, where the goal was to maximize quality and long-term* market share. By the 1980s, the conglomerate boom was reversing itself. Investors began seizing control of overgrown public companies and breaking them up. But this task was, if anything, even more dependent on fluency in financial abstractions. The leveraged-buyout boom produced a whole generation of finance tycoons?the Michael Milkens of the world?whose ability to value corporate assets was far more important than their ability to run them. The new managerial class tended to neglect process innovation because it was hard to justify in a quarterly earnings report, where metrics like ?return on investment? reigned supreme. ?In an era of management by the numbers, many American managers ? are reluctant to invest heavily in the development of new manufacturing processes,? Hayes and Abernathy wrote. ?Many of them have effectively forsworn long-term technological superiority as a competitive weapon.? By contrast, European and Japanese manufacturers, who lived and died on the strength of their exports, innovated relentlessly. One of Toyota?s most revolutionary production techniques is to locate suppliers inside its own factories. The New York Times? Jon Gertner recently visited a Toyota plant and reported [2] that the company doesn?t actually order a seat for a new truck until the chassis hits the assembly line, at which point the seat is promptly built on-site and installed. ?If the front seat had not been ordered 85 minutes earlier, it would not exist,? Gertner observed. Alas, these aren?t the kinds of money-saving breakthroughs the GM brain trust has ever excelled at. The country?s business schools tended to reflect and reinforce these trends. By the late 1970s, top business schools began admitting much higher-caliber students than they had in previous decades. This might seem like a good thing. The problem is that these students tended to be overachiever types motivated primarily by salary rather than some lifelong ambition to run a steel mill. And there was a lot more money to be made in finance than manufacturing. A recent paper by economists Thomas Philippon and Ariell Reshef shows that compensation in the finance sector began a sharp, upward trajectory around 1980. The business schools had their own incentives to channel students into high-paying fields like finance, thanks to the rising importance of school rankings, which heavily weighted starting salaries. The career offices at places like Harvard, Stanford, and Chicago institutionalized the process?for example, by making it easier for Wall Street outfits and consulting firms to recruit on campus. A recent Harvard Business School case study about General Electric shows that the company had so much trouble competing for MBAs that it decided to woo top graduates from non-elite schools rather than settle for elite-school graduates in the bottom half or bottom quarter of their classes. No surprise then that, over time, the faculty and curriculum at the Harvards and Stanfords of the world began to evolve. ?If you look at the distribution of faculty at leading business schools,? says Khurana, ?they?re mostly in finance. ? Business schools are responsive to changes in the external environment.? Which meant that, even if a student aspired to become a top operations man (or woman) at a big industrial company, the infrastructure to teach him didn?t really exist. In fairness, all that financial expertise we?ve been churning out hasn?t been a complete waste (much as it may seem that way today). Many of the financial restructurings of the ?80s and ?90s made the economy more efficient and competitive. Likewise, it would be ludicrous to suggest that simply changing the culture of business schools would single-handedly revive U.S. manufacturing. As I explained in the Ron Bloom piece, that sector faces a variety of challenges, not least the mercantilist industrial policies of our foreign competitors. On the other hand, it?s hard to believe that American manufacturing has a chance of recovering unless business schools start producing people who can run industrial companies, not just buy and sell their assets. And we?re pretty far away from that point today. Noam Scheiber is a senior editor of The New Republic. *Added after original publication. From rforno at infowarrior.org Mon Dec 21 13:57:09 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 21 Dec 2009 08:57:09 -0500 Subject: [Infowarrior] - How NORAD tracks Santa Message-ID: <289C5460-A6F6-4FD3-AC0F-02A857B9CC4F@infowarrior.org> December 21, 2009 4:00 AM PST How NORAD keeps track of Santa by Daniel Terdiman http://news.cnet.com/8301-13772_3-10418101-52.html?part=rss&subj=news&tag=2547-1_3-0-20 Last Christmas Eve, Jeff Martin found himself forced to explain to a Canadian general why, when Santa Claus passed through Toronto that night, Google Maps had placed the city in the United States. Martin, then a senior marketing manager in Google's Geo group, was part of a huge team of people involved in the joint U.S.-Canada North American Aerospace Defense Command's annual NORAD Santa tracker program, a long-running effort to provide children the world over a live view of Santa's progress as he and his reindeer deliver Christmas presents. In 2007, Google signed onto the project as a technology partner, and since then, has been incorporating NORAD's data on Santa's whereabouts into special 2D Google Maps and 3D Google Earth representations. And that's where the trouble began. Inexplicably, as Santa made his way through Toronto that night last year, the mapping software began identifying the city as being in the United States. Instantly, NORAD Santa's dedicated Gmail account "just lit up" with messages from irate Canadians, Martin said, and quickly, the Google team fixed the problem. But not before Martin's run-in with Canadian Lt. Gen. Marcel Duval. "He said, 'I understand that you have a new American city,'" Martin recalled. "It was a slightly tense moment for me, standing in front of a three-star general explaining to him why one of his cities had been designated as a United States city." Is this Santa Claus All joking aside, NORAD has been taking its Santa tracking project seriously for decades. But it actually began in 1955 with a wrong number. One morning that December, U.S. Air Force Col. Harry Shoup, the director of operations at CONAD, the Continental Air Defense Command-- NORAD's predecessor--got a phone call at his Colorado Springs, Colo., office (see video below). This was no laughing matter. The call had come in on one of the top secret lines inside CONAD that only rang in the case of a crisis. Grabbing the phone, Shoup must have expected the worst. Instead, a tiny voice asked, "Is this Santa Claus?" "Dad's pretty annoyed," said Terri Van Keuren, Shoup's daughter, recalling the legend of that day in 1955. "He barks into the phone," demanding to know who's calling. "The little voice is now crying," Van Keuren continued. "'Is this one of Santa's elves, then?'" The Santa questions were only beginning. That day, the local newspaper had run a Sears Roebuck ad with a big picture of St. Nick and text that urged, "Hey, Kiddies! Call me direct...Call me on my private phone and I will talk to you personally any time day or night." But the phone number in the ad was off by a digit. Instead of connecting with Santa, callers were dialing in on the line that would ring if the Russians were attacking. Before long, the phone was ringing off the hook, and softening up, Shoup grabbed a nearby airman and told him to answer the calls and, Van Keuren said, "'just pretend you're Santa.'" Indeed, rather than having the newspaper pull the Sears ad, Shoup decided to offer the countless kids calling in something useful: information about Santa's progress from the North Pole. To quote the official NORAD Santa site, "a tradition was born." From that point on, first CONAD and then, in 1958, when NORAD was formed, Shoup's organization offered annual Santa tracking as a service to the global community. A phone number was publicized and anyone was invited to call up, especially on December 24, and find out where Santa was. Manning those phones over the years have been countless numbers of Army, Navy, Air Force and Marine Corps personnel and their families, and for many people, turning to NORAD to find out where Santa is became something to look forward to each year. Phones and e-mail These days, of course, a single red phone isn't enough to handle the demand for the information. In fact, said Joyce Frankovis, the public affairs specialist who runs the Santa tracking program for NORAD these days, there were fully 1,275 people involved in the project in 2008, and there would have been more had there been more room for them. Frankovis explained that most of those people are volunteers who come in to NORAD's Colorado Springs headquarters on Christmas Eve to answer phone calls and emails. And it's a good thing there's so many, she said, because "Literally, when a volunteer puts the phone down after they get done with a call, it's ringing again." All told, she said that each volunteer handles about 39 calls per hour and that in 2008, the team used 100 phones and 25 computers to handle 69,845 calls and 6,086 e-mails from more than 200 countries. Most of those contacts happened during the 25 hours from 2 a.m. on December 24 through 3 a.m. on Christmas that the operations center (see video below) is up and running. Most people, Frankovis said, just want to know where Santa is. And so the volunteer answering the question will look up at the big screen on the wall at the operations center and see where, on the map that is integrating geographical information from NORAD with Google's mapping service, Santa is at that moment. "NORAD uses four high-tech systems to track Santa--radar, satellites, Santa Cams and fighter jets," reads the NORAD Santa Web site. "Tracking Santa starts with the NORAD radar system called the North Warning System. This powerful radar system consists of 47 installations strung across the northern border of North America. On Christmas Eve, NORAD monitors the radar systems continuously for indications that Santa Claus has left the North Pole. "The moment that radar indicates Santa has lifted off, we use our second detection system. Satellites positioned in geo-synchronous orbit at 22,300 miles from the Earth's surface are equipped with infrared sensors, which enable them to detect heat. Amazingly, Rudolph's bright red nose gives off an infrared signature, which allow our satellites to detect Rudolph and Santa. "The third tracking system is the Santa Cam network. We began using it in 1998, which is the year we put our Santa Tracking program on the Internet. Santa Cams are ultra-cool, high-tech, high-speed digital cameras that are pre-positioned at many locations around the world. NORAD only uses these cameras once a year on Christmas Eve. The cameras capture images and videos of Santa and his reindeer as they make their journey around the world. "The fourth system is made up of fighter jets. Canadian NORAD fighter pilots flying the CF-18 intercept and welcome Santa to North America. In the United States, American NORAD fighter pilots in either the F-15 or the F-16 get the thrill of flying alongside Santa and his famous reindeer: Dasher, Dancer, Prancer, Vixen, Comet, Cupid, Donner, Blitzen and, of course, Rudolph." Still, despite all that, "Santa is hard to track," said Frankovis. "We actually never know which route Santa's going to take. So it's just a matter of using that high-tech equipment to track him." Technology is also playing an increasing role in how NORAD publicizes the program. Frankovis said that after taking over the project earlier this year when her predecessor retired, she decided to begin using a much wider collection of social and online media for promotion. As a result, the NORAD Santa tracker now has presences on Facebook, Twitter, Flickr, YouTube and TroopTube. Google's Martin said that his company--which, like all the corporate partners in the program, offers its assistance at no cost to taxpayers--has dozens of people working on helping to track Santa. Those people provide technical consulting and server provisioning for the NORAD Santa Web site, as well as helping put together YouTube videos, information for Google Maps and Google Earth and, soon, a new service that will allow people to use their mobile phones to track Santa on Christmas Eve. All told, Martin said, the Web site had 8 million unique users in 2008, who visited the site 15 million times, accumulating tens of millions of page views and more than 10 million map views. Those numbers were up about 45 percent from 2007, he added. Martin also said Google helps out by providing and monitoring a Gmail account for the program. And it was there that one of the best messages he can remember came in just a few days ago. "I have been good," a girl named Stephanie wrote to Santa. "But my brother Christopher is mean to me. Take him and leave the presents, please!" Martin said that, clearly, many of the kids who send emails think they're reaching out directly to Santa. "We'll write back and say we've forwarded their message to Santa at the North Pole, who's preparing for Christmas Eve." Of course, not everyone believes in Santa. Frankovis said that some callers--especially towards the later part of Christmas Eve when maybe a little bit too much egg nog or a Canadian grog called Moose Milk has been drunk--dial in to have a little bit of fun. But for those who question whether there really is a Santa at all, Frankovis said the volunteers answering the phone have a simple answer: "'We believe, based on historical data and 51 years of NORAD tracking information, that Santa Claus is alive and well in the hearts of people throughout the world." Col. Shoup and the e-mails Last March, Shoup died, said Van Keuren. But in the years before his death, she and her family would take the retired colonel back to Colorado Springs each year for the Santa tracker training. "They would introduce him and he would say a few words," Van Keuren said. "So that was a big thrill for him." In his later years, Shoup "was not as sharp as he used to be," she said. But his days overseeing the Santa tracker program were still near and dear to his heart. She said the NORAD folks had printed out a sheaf of emails kids had written in and gave them to Shoup as a reminder of what he'd started back in 1955. "For the last weeks of his life, he carried them around in his briefcase like they were top secret papers," Van Keuren said. "Those were just precious to him. I'd read them to him over and over." Daniel Terdiman is a staff writer at CNET News covering games, Net culture, and everything in between. E-mail Daniel. From rforno at infowarrior.org Mon Dec 21 14:12:59 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 21 Dec 2009 09:12:59 -0500 Subject: [Infowarrior] - OZ filters already shutting sites down Message-ID: <7F964528-5C42-499C-BCA3-BDF7BC822B73@infowarrior.org> (This is a site protesting the Oz Net Filters Policy) On Fri 18-12-2009 auDA issued a notice giving us 3 hours to provide evidence of our eligibility to hold stephenconroy.com.au and related domain names. We asked for reasonable time to prepare and make representations on our eligibility but auDA refused to grant this, insisting we reply within the 3 hour window. < - > http://stephen-conroy.com/page.php?4 From rforno at infowarrior.org Mon Dec 21 17:07:00 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 21 Dec 2009 12:07:00 -0500 Subject: [Infowarrior] - Gov't imposes 3-hour limit on tarmac strandings Message-ID: <3CCEF607-43C1-40D5-8608-E3772F607BCA@infowarrior.org> Gov't imposes 3-hour limit on tarmac strandings By JOAN LOWY The Associated Press Monday, December 21, 2009; 11:41 AM http://www.washingtonpost.com/wp-dyn/content/article/2009/12/21/AR2009122101607_pf.html WASHINGTON -- The Obama administration took aim Monday at tarmac horror stories, ordering airlines to let passengers stuck in stranded airplanes to disembark after three hours. With its new regulations, the Transportation Department sent an unequivocal message on the eve of the busy holiday travel season: Don't hold travelers hostage to delayed flights. Under the new regulations, airlines operating domestic flights will be able only to keep passengers on board for three hours before they must be allowed to disembark a delayed flight. The regulation provides exceptions only for safety or security or if air traffic control advises the pilot in command that returning to the terminal would disrupt airport operations. U.S. carriers operating international flights departing from or arriving in the United States must specify, in advance, their own time limits for deplaning passengers. Foreign carriers are not covered by the rules. Airlines will be required to provide food and water for passengers within two hours of a plane being delayed on a tarmac, and to maintain operable lavatories. They must also provide passengers with medical attention when necessary. From January to June this year, 613 planes were delayed on tarmacs for more than three hours, their passengers kept on board. Airlines will also be prohibited from scheduling chronically delayed flights. Carriers who fail to comply could face government enforcement action for using unfair or deceptive trade practices. The new regulations, which were published Monday in the Federal Register, go into effect in 120 days. "Airline passengers have rights, and these new rules will require airlines to live up to their obligation to treat their customers fairly," Transportation Secretary Ray LaHood said in a statement. Under the new regulations, airlines would be fined $27,500 per passenger for each violation of the three-hour limit, LaHood said. LaHood called the new regulations the Obama administration's "passenger bill of rights." Legislation pending in the Senate would also have imposed a three-hour limit, but the new regulations go even farther, giving passenger rights advocates nearly everything they've been asking for. Airlines have strongly opposed a hard time limit on tarmac strandings. They say forcing planes to return to gates so that passengers can get off could cause more problems than it cures. They predict more flights will be canceled, further delaying passengers from reaching their destinations. Last month, the department fined Continental Airlines, ExpressJet Airlines and Mesaba Airlines $175,000 for their roles in a nearly six- hour tarmac delay in Rochester, Minn. On Aug. 8, Continental Express Flight 2816 en route to Minneapolis was diverted to Rochester due to thunderstorms. Forty-seven passengers were kept overnight in a cramped plane amid crying babies and a smelly toilet because Mesaba employees refused to open a gate so that they could enter the closed airport terminal. The case marked the first time the department had fined an airline for actions involving a tarmac delay. Transportation officials made clear the case was a warning to the industry. Consumer advocates have been pressing the department and Congress for at least a decade to do something extended tarmac delays. However, past efforts to address the problem have fizzled in the face of industry opposition and promises to reform. Congress and the Clinton administration tried act after a January 1999 blizzard kept Northwest Airlines planes on the ground in Detroit, trapping passengers for seven hours. Some new regulations were put in place but most proposals died, including one that airlines pay passengers who are kept waiting on a runway for more than two hours. The Bush administration and Congress returned to the issue three years ago after several high-profile strandings. In December 2006, lightning storms and a tornado warning shut the Dallas-Fort Worth airport, causing American Airlines to divert more than 100 flights and stranding passengers on some planes for as long as nine hours. Two months later, snow and ice led JetBlue Airways to leave planes full of passengers sitting on the tarmac at New York's Kennedy International Airport for nearly 11 hours. After those incidents, DOT Inspector General Calvin Scovel recommended that airlines be required to set a limit on the time passengers have to wait out travel delays grounded inside an airplane. Mary Peters, who was transportation secretary under former President George W. Bush, proposed requiring airlines to have contingency plans for stranded passengers. The idea was that if airlines include these plans in their "contract of carriage" - the fine print on an airline ticket - consumers can hold them responsible in court if they break their promise. An industry-dominated panel set up by the government debated the matter for 11 months, then issued a report in November 2008 that offered only guidelines for what a model plan should look like. Neither those guidelines nor Peters' proposed rule contained a specific limit on how long passengers can be kept waiting before being allowed to return to a gate. They were denounced as toothless by consumer advocates. LaHood has rewritten Peters' proposal, added a firm time-limit and other protections, and made the proposal a final rule. --- On the Net: Department of Transportationhttp://www.dot.gov Air Transport Associationhttp://www.airlines.org From rforno at infowarrior.org Tue Dec 22 01:05:46 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 21 Dec 2009 20:05:46 -0500 Subject: [Infowarrior] - WH to name Schmidt Cybersecurity Advisor Message-ID: News Alert 07:20 PM EST Monday, December 21, 2009 White House expected to name new cybersecurity coordinator http://www.washingtonpost.com/wp-dyn/content/article/2009/12/21/AR2009122103055.html President Obama expected to name former Bush adviser cybersecurity czar By Ellen Nakashima Washington Post Staff Writer Monday, December 21, 2009; 7:16 PM Seven months after President Obama vowed to "personally select" an adviser to orchestrate the government's strategy for protecting computer systems, the White House is expected to name a former Bush administration adviser to the job as early as Tuesday. Howard A. Schmidt, who was a cyber adviser in President George W. Bush's White House, will be Obama's new cybersecurity coordinator, according to two sources with knowledge of the move who spoke on the condition of anonymity because they are not authorized to speak on the record. The White House did not return calls and e-mails seeking comment. Schmidt declined to comment. Schmidt's mission is challenging: to coordinate cybersecurity policy across the federal government, from the military to the civilian agencies. The step comes as the Pentagon is getting a major new "cyber- command" unit up and running and the Department of Homeland Security is working to improve its protection of civilian networks. In May, Obama declared the nation's digital networks a "strategic national asset" and said protecting them would be a "national security priority." Creating a White House cybersecurity office, to be headed by a senior White House official, would be key to that effort, he said. "I'll depend on this official in all matters relating to cybersecurity, and this official will have my full support and regular access to me as we confront these challenges," he said from the East Room. But his remarks were undercut by internal tension over how much authority the "cyber-czar" would have and to whom the official would report. In the end, White House economic adviser Lawrence H. Summers insisted that the new coordinator, who will be anchored in the National Security Council and report to the national security adviser, report to him as well, sources said. Summers argued that cybersecurity is also a matter of national economic security, they said. Schmidt was chosen after an months-long process in which dozens of people were sounded out and many declined, largely out of concern that the job conferred much responsibility with little true authority, some of them said. Meanwhile, the cybersecurity chief at the National Security Council, Christopher Painter, has served as the de facto coordinator, trying to push ahead the plan 60-day cyberspace policy review plan unveiled by Obama in May. That plan's formulation was led by Melissa Hathaway, who resigned in frustration in August after delays in naming the cyber coordinator. She had been a contender for the position, which does not require Senate confirmation. Schmidt served as special adviser for cyberspace security from 2001 to 2003 and during that time shepherded the National Strategy to Secure Cyberspace, a plan that then was largely ignored. He left that job also frustrated, colleagues said. Schmidt's r?sum? reflects experience in the private sector, law enforcement and government. Before he joined the White House the first time, he worked as chief security officer at Microsoft. After leaving, he became vice president and chief information security officer at eBay. He served in the Air Force from 1967 to 1983 in various roles, both active-duty and civilian, and headed the computer exploitation team at the FBI's National Drug Intelligence Center in the 1990s. Today he is president of the Information Security Forum, a nonprofit consortium of 300 of the world's largest corporations and public sector bodies working to resolve cybercrime and cybersecurity issues. "He has many of the qualities and connections that one would think would be good for the position," said a colleague who asked not be identified in order to speak candidly. "He is a team player. I don't have high expectations for that position as it is currently defined, so he's very possibly overqualified for it." Staff researcher Eddy Palanzo contributed to this report. From rforno at infowarrior.org Tue Dec 22 13:03:43 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 22 Dec 2009 08:03:43 -0500 Subject: [Infowarrior] - Verizon nixes Google on smartphones Message-ID: Yet another reason why I hate the idea of smartphones as currently envisioned. Walled gardens, proprietary app stores, and then the carriers go and tell you which search engines you must use. I'll stick with my RAZR thankyouverymuch. --rf Verizon snuffs Google for Microsoft search By Cade Metz in San Francisco ? Get more from this author Posted in Mobile, 19th December 2009 00:18 GMT http://www.theregister.co.uk/2009/12/19/verizon_snuffs_google_for_bing/ Verizon has unilaterally updated user Storm 2 BlackBerries and other smartphones so that their browser search boxes can only be used with Microsoft Bing. The move is part of the five-year search and advertising deal Verizon signed with Microsoft in January for a rumored $500m. Verizon pushed the search change over its network two days ago, the company has confirmed with The Reg. "We're a proud supporter of Microsoft's Bing search engine," a company spokesman tells us. "On a couple of select smartphones (Storm 2 the most prominent), we've changed the [Verizon Wireless]-supplied web menu to make Bing the default search engine." Previously, the search box - baked into the top of Verizon's browser, above the url address bar - could be set to search Google, Wikipedia, and other sites. Naturally, such sites can still be queried via the browser proper. But countless users are up-in-arms over the switch. A discussion thread dedicated to the change at CrackBerry, a popular BlackBerry user site, is now 36 pages long. "This frustrates the heck out of me. On the phone with VZW right now. The rep is telling me that she can choose search options from her non- Storm phone, so she's off to get a Storm to find out what the deal is. Will post results. Grrrrrrrrrrrrrrrr," writes one user. A sea of similar comments has also appeared on Verizon's web forums. "Yesterday, all of the search providers that used to be available through the browser disappeared and bing is the only option. I hate bing. I no longer am able to search using Google, Dictionary.com, or Wikipedia from the 'Go to...' page on my browser. This is a very poor decision...to take choice away from their users," the first post says. "SOMEONE is pushing this change to Blackberry users without notification and without giving the option to refuse this change. If this has happened to you, please call Verizon and inform them. I really want my choices for search back. Not only because I hate bing, but because taking choices away from customers is just a really **bleep** thing to do." Verizon and Microsoft have an existing relationship. In January, the two signed a five-year search and ad deal rumored to be worth $500m. When we asked Microsoft to comment on the Verizon search-box switch, it referred us to a January blog post. "Verizon Wireless subscribers in the U.S. will be able to use Live Search on their mobile devices to find information on local business and shopping information, access maps and directions, find ringtones and other mobile products and services," the company said at the time. "This partnership will give Verizon Wireless customers great search results and provide targeted, relevant mobile advertising to enhance the overall mobile computing experience." When we asked Google for comment, a spokeswoman said: "We're passionate believers in competition that's good for users. We're committed to working with industry leaders to provide the best user experience possible and develop innovative products and services." It should be said, however, that according to press reports, Google was in talks with Verizon over a similar search deal before the Microsoft pact was finalized. Google and Verizon have since agreed to a deal that involves the two companies jointly developing Android phones for the carrier's network. Meanwhile, press reports indicate that Google intends to sell its own Android phone in the New Year. Google has confirmed the existence of a Google-built Android phone, and this device is built for GSM networks - i.e. not Verizon's. ? From rforno at infowarrior.org Tue Dec 22 13:07:31 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 22 Dec 2009 08:07:31 -0500 Subject: [Infowarrior] - EFF: E-Book Buyer's Guide to Privacy Message-ID: An E-Book Buyer's Guide to Privacy Commentary by Ed Bayley As we count down to end of 2009, the emerging star of this year's holiday shopping season is shaping up to be the electronic book reader (or e-reader). From Amazon's Kindle to Barnes and Noble's forthcoming Nook, e-readers are starting to transform how we buy and read books in the same way mp3s changed how we buy and listen to music. Unfortunately, e-reader technology also presents significant new threats to reader privacy. E-readers possess the ability to report back substantial information about their users' reading habits and locations to the corporations that sell them. And yet none of the major e-reader manufacturers have explained to consumers in clear unequivocal language what data is being collected about them and why. As a first step towards addressing these problems, EFF has created a first draft of our Buyer's Guide to E-Book Privacy. We've examined the privacy policies for the major e-readers on the market to determine what information they reserve the right to collect and share. < - > http://www.eff.org/deeplinks/2009/12/e-book-privacy From rforno at infowarrior.org Tue Dec 22 13:23:52 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 22 Dec 2009 08:23:52 -0500 Subject: [Infowarrior] - Russians Are Wary of Push for Cyrillic Web Domains Message-ID: <3CC75043-CC66-4951-BD50-1535F13E9618@infowarrior.org> December 22, 2009 Russians Are Wary of Push for Cyrillic Web Domains By CLIFFORD J. LEVY http://www.nytimes.com/2009/12/22/world/europe/22cyrillic.html?_r=1&hp=&pagewanted=print MOSCOW ? The Kremlin has long been irritated by the way the United States dominates the Internet, all the way down to the ban on using Cyrillic for Web addresses ? even kremlin.ru has to be demeaningly rendered in English. The Russian government, as a result, is taking the lead in a landmark shift occurring around the world to allow domain names in languages with non-Latin alphabets. Russians themselves, though, do not seem at all eager to follow. Cut off for decades under Communism, Russians revel in the Internet?s ability to connect them to the world, and they prize the freedom of the Web even as the government has tightened control over major television channels. But now, computer users are worried that Cyrillic domains will give rise to a hermetic Russian Web, a sort of cyberghetto, and that the push for Cyrillic amounts to a plot by the security services to restrict access to the Internet. Russian companies are also resisting Cyrillic Web addresses, complaining about costs and threats to online security. ?This is one more step toward isolation,? said Aleksei Larin, 31, a construction engineer in Tula, 115 miles south of Moscow. ?And since this is a Kremlin project, it is possible that it will lead to the introduction of censorship, which is something that certain officials have long sought.? Besides startling Russian officials, the reaction has offered insights into the evolution of the Internet as it has spread from the West to the rest of the world. People in places like Russia have created a hybrid Web, typing domain and e-mail addresses in Latin letters and the content in native ones. However loyal they may be to the language of Dostoyevsky, many here do not want to embrace another system. The most widely trafficked search engine in Russia, Yandex, estimated that fewer than 10 percent of the country?s Internet users would favor Cyrillic addresses in the near future. Livejournal, the busiest blogging platform in Russia, said it would not employ Cyrillic domains. ?I really do not see Cyrillic domains being popular,? said Dmitri N. Peskov, a prominent computer consultant who organizes Internet conferences in Russia. ?People just do not see the point in having them.? More than 30 million Russians use the Internet weekly, out of a population of 140 million, and the country?s growth in use is among the fastest in Europe, officials said. There are 2.5 million domains with the .ru suffix, with the address written in Latin letters. The Cyrillic domains are likely to be activated next year. Russia is ahead in setting up its system, and its experience could be an indication of what is in store for other countries with non-Latin alphabets, like China, Japan and Egypt. Internet cultures, though, develop unpredictably, so the reaction elsewhere could be more positive. The decision to allow non-Latin domains was approved in October by the Internet Corporation for Assigned Names and Numbers, or Icann, the supervisory body based in the United States. More than half of the world?s 1.6 billion Internet users speak a native language that does not have a Latin alphabet, Icann said. Supporters of the change, including Russia?s president, Dmitri A. Medvedev, who prides himself on his Internet knowledge, said the new domains would open the Internet to a whole class of people who are unfamiliar with Latin characters or are intimidated by them. Andrei Kolesnikov, director of the agency that coordinates Cyrillic domains, said he was at first skeptical that they were needed. But he said he had turned into a strong proponent, pointing out that Internet penetration in Russia was confined largely to big cities, and Cyrillic domains would help it grow in the provinces. ?For many people, the Cyrillic domains work much better than Latin names,? Mr. Kolesnikov said. ?The professionals, they don?t get it, they don?t understand the whole power of this, but they will get it.? Mr. Kolesnikov said fears of censorship of Cyrillic domains were unfounded and based on a misunderstanding. He said Internet filtering and fire walls, like those enforced by the Chinese government, had nothing to do with domains. If the Russian government wanted to, it could censor .ru domains, he said. But it has not, he said, and will not do so with the new ones. ?This has no relationship to filtering or huge K.G.B. walls,? Mr. Kolesnikov said. The .ru suffix will remain when Russia rolls out its Cyrillic suffix, .??, which stands for Russian Federation. But holders of .ru Web sites will have to decide whether to establish companion sites with Cyrillic addresses and the Cyrillic suffix. Many may not be enthusiastic. In late November, Mr. Kolesnikov?s agency opened up registration to companies with Russian trademarks that wanted to use them as Cyrillic Web addresses. Of about 50,000 trademarks that were available, only about 4,000 had been registered as addresses so far. ?The new system will be very inconvenient,? said Aleksandr Malis, president of Evroset, one of the largest cellphone and electronics retailers in Russia, which has not applied for a Cyrillic domain. ?It will not give us any more clients because I do not see a way to get people to use these new Web sites.? Some companies said they would acquire Cyrillic domains mostly to protect themselves from so-called cybersquatters who might otherwise take over the domains and harm their businesses. Others worried about viruses or scams. ?This is a major headache for Russian companies,? said Aleksandr Gostev, an executive in Moscow at Kaspersky Lab, an Internet security company. ?It is a wide new field for fraudsters.? The authorities countered that they did not believe that the domains would touch off more crime. Still, the early process of registering Cyrillic domains has been rocky. It was temporarily halted after a dispute over domains with generic names, like the Russian words for sports and sex. A company had registered several of those words as trademarks in anticipation of the new system, and officials ruled that the company was entitled to them because it had followed the rules. Individuals and businesses without trademarks will be able to register Cyrillic addresses next year. The question now is how many will want to. ?Cyrillic domains are a major mistake because Latin symbols are the only symbols available on keyboards all over the world,? said Ilya V. Ponomarev, an opposition member in Russia?s Parliament who is a leading voice on technology. ?And there is a real concern that non- Latin domains are going to help governments that are not fully democratic, including the one in Russia, to better control their information space.? From rforno at infowarrior.org Tue Dec 22 17:48:44 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 22 Dec 2009 12:48:44 -0500 Subject: [Infowarrior] - Happy Holidays to All Message-ID: (Ganked from one of my favorite sitcom series of the 1980s that ran on BBC --- "Yes (Prime) Minister.") (c/o http://video-limboland.blogspot.com/2006/08/christmas-at-ministry.html) Bernard: Before you go home for the holidays, Minister, Sir Humphrey has something to say to you. Sir Humphrey: Minister, Just one thing. I wonder if I might crave your momentary indulgence in order to discharge a, by-no-means disagreeable obligation, which is over the years become more-or-less, an established practice within government circles, as we approach the terminal period of the year, calendar of-course not financial. In fact not to put a too fine a point on it, week 51, and submit to you, with all appropriate deference for your consideration at a convenient juncture, a sincere and sanguine expectation and indeed confidence. Indeed one might go so far to say, hope, that the aforementioned period may be, at the end of the day, when all relevant factors have been taken into consideration, susceptible of being deemed to be such as, to merit the final verdict of having been, by-no-means unsatisfactory in it?s overall outcome and in the final analysis to give grounds for being judged, on mature reflection to have been conducive to generating a degree of gratification, which will be seen in retrospect to have been significantly higher than the general average. Jim Hacker: Humphrey, are you saying Happy Christmas? Sir Humphrey: Yes Minister! .... Happy Holidays to the subscribers of infowarrior-l! -rick From rforno at infowarrior.org Wed Dec 23 00:39:27 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 22 Dec 2009 19:39:27 -0500 Subject: [Infowarrior] - Putting Hollywood on notice Message-ID: <0E017D51-9D5F-4501-BC43-9BDC27A613A2@infowarrior.org> So much for their "piracy is killing our industry" arguments. If they can do this well during a global recession (when piracy likely would be rampant and impact their revenues) they have no credibility making such statements going forward. Anyone who listens to that pablum is an idiot, Hollywood cartel lobbyist, or Congresscritter. Oh, wait, I'm being redundant. Hollywood eyes record $10 billion box office for 2009 http://www.reuters.com/article/idUSTRE5B901X20091210 From rforno at infowarrior.org Wed Dec 23 03:07:54 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 22 Dec 2009 22:07:54 -0500 Subject: [Infowarrior] - Hackers break Amazon's Kindle DRM Message-ID: <667DEE90-4DB2-4DDA-A9BD-1A31CE77ED97@infowarrior.org> Hackers break Amazon's Kindle DRM The great ebook 'unswindle' By Dan Goodin in San Francisco ? Get more from this author Posted in Security, 23rd December 2009 00:35 GMT http://www.theregister.co.uk/2009/12/23/amazon_kindle_hacked/ An Israeli hacker says he has broken copyright protections built in to Amazon's Kindle for PC, a feat that allows ebooks stored on the application to work with other devices. The hack began as an open challenge in this (translated) forum for participants to come up with a way to make ebooks published in Amazon's proprietary format display on competing readers. Eight days later, a user going by the handle Labba had a working program that did just that. The hack is the latest to show the futility of digital rights management schemes, which more often than not inconvenience paying customers more than they prevent unauthorized copying. Once upon a time, Apple laced its iTunes-purchased offerings with similar DRM restrictions that evoked major headaches when trying to do something as simple as transferring songs to a new PC. When reverse engineering specialist DVD Jon neutered the mechanism, that was the beginning of the end to the draconian regimen, which Apple called, ironically enough, Fairplay. But most vendors don't bow so gracefully or quickly out of the reverse- engineering arms race. Witness, well, Apple, which regularly issues iPhone updates to thwart users who have the audacity to jailbreak the devices they own. Texas Instruments has also been known to take action against customers who reverse engineer calculators. Amazon representatives have yet to indicate how they plan to respond. Queries put to a spokesman on Tuesday weren't immediately returned. According to a translated writeup of the Kindle hack here, Amazon engineers went to considerable lengths to prevent their DRM from being tampered with. The Kindle for PC uses a separate session key to encrypt and decrypt each book "and they seem to have done a reasonable job on the obfuscation," the author says. The crack comes courtesy of a piece of software titled unswindle, and it's available here. Once installed, proprietary Amazon ebooks can be converted into the open Mobi format. And from there, you can enjoy the content any way you like. ? From rforno at infowarrior.org Wed Dec 23 04:34:36 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 22 Dec 2009 23:34:36 -0500 Subject: [Infowarrior] - U.S. struggles to recruit computer security experts Message-ID: <1E5917B0-2194-41F8-9B58-8F9FAA0CFDEA@infowarrior.org> As attacks increase, U.S. struggles to recruit computer security experts By Ellen Nakashima and Brian Krebs Washington Post Staff Writer Wednesday, December 23, 2009; A01 http://www.washingtonpost.com/wp-dyn/content/article/2009/12/22/AR2009122203789_pf.html The federal government is struggling to fill a growing demand for skilled computer-security workers, from technicians to policymakers, at a time when network attacks are rising in frequency and sophistication. Demand is so intense that it has sparked a bidding war among agencies and contractors for a small pool of special talent: skilled technicians with security clearances. Their scarcity is driving up salaries, depriving agencies of skills, and in some cases affecting project quality, industry officials said. The crunch hits as the Pentagon is attempting to staff a new Cyber Command to fuse offensive and defensive computer-security missions and the Department of Homeland Security plans to expand its own "cyber" force by up to 1,000 people in the next three years. Even President Obama struggled to fill one critical position: Seven months after Obama pledged to name a national cyber-adviser, the White House announced Tuesday that Howard Schmidt, a former Bush administration official and Microsoft chief security officer, will lead the nation's efforts to better protect its critical computer networks. The lack of trained defenders for these networks is leading to serious gaps in protection and significant losses of intelligence, national security experts said. The Government Accountability Office told a Senate panel in November that the number of scans, probes and attacks reported to the Department of Homeland Security's U.S. Computer Emergency Readiness Team has more than tripled, from 5,500 in 2006 to 16,840 in 2008. "We know how we can be penetrated," said Sen. Benjamin L. Cardin (D- Md.), chairman of the Judiciary subcommittee on terrorism and homeland security. "We don't know how to prevent it effectively." Indeed, the protection of critical computer systems and sensitive data, said former National Security Agency director William Studeman, may be the "biggest single problem" facing the national security establishment. Agencies under attack One evening in May 2006, a U.S. embassy employee in East Asia clicked on an innocent-looking e-mail attachment that opened the door to the most significant cyberattack the State Department has yet faced, allowing attackers operating through computers in China to send malicious computer code into the department's networks in the region. State's cyber-emergency response team immediately went into action, working round-the-clock for two weeks to isolate the harmful code and craft a temporary patch that officials said prevented a massive data theft. The department's response to the attack highlights how skills matter, experts said. In 2000, State had hired technicians -- the vast majority contractors -- who custom-built an intrusion detection system and trained people to identify malicious software and reverse-engineer it to determine an attack's goals and methods. As a result, department technicians in 2006 were able to contain the attack quickly, said Alan Paller of the SANS Institute, who has analyzed the case for the Center for Strategic and International Studies. Unlike State, most government agencies and private companies lack the skills and resources to muster a robust containment effort. Two months after the East Asia intrusion, the Commerce Department detected a similar attack -- but only after a deputy undersecretary was unable to log on to his computer. Contractor technicians were never able to identify the initial date of penetration into the computers of the Bureau of Industry and Security, which controls sensitive exports of technology that has both commercial and military uses. It took eight days once the attack was discovered for technicians to install a filter to prevent leaks, and then they installed the wrong kind of filter, said Paller, sharing previously undisclosed findings about the incident, first reported in The Washington Post in October 2006. Because of "operational security concerns," the Commerce Department declined to comment for this article. But a senior Commerce official told a House Homeland Security panel in 2007 that the agency had no evidence that data were compromised. Still, the department replaced hundreds of workstations and blocked employees from regular Internet use for more than a month. Commerce is trying to improve, but it can take years to put the people, processes and technology in place to wage an effective defense, said Mischel Kwon, former director of the Department of Homeland Security's readiness team. For years, she said, most civilian agencies were forced by federal law to spend their cyber-funds on security audits as opposed to crafting a strong security program. And most federal information technology managers do not know what advanced skills are needed to combat cyberattacks, said Karen Evans, information technology administrator in the Bush administration. "Skills," Paller said, "are much more important than hardware." The federal pay gap A pillar of the federal government's effort to develop talent is the National Science Foundation's Scholarship for Service program, which pays for up to two years of college in exchange for an equal number of years of federal service. However, the program has placed fewer than 1,000 students since its inception in 2001. The career of a 30-year-old computer scientist named Brian Denny shows how the government is often outbid by the private sector in recruiting cyber-warriors. Denny earned a computer science masters degree in 2004 from Purdue University on an NSF scholarship. In return, he spent two years at the National Security Agency, identifying novel security flaws in computer systems and software. Then Booz Allen Hamilton, a major intelligence contractor, hired him at a 45 percent pay raise. Today, Denny works for a small employee-owned firm that has federal government and private-sector contracts, and his pay is higher still. "You can still do a lot of cool national-security-related work as a contractor," said Denny, chief security architect for Ponte Technologies in Ellicott City, Md., near the NSA. "The pay difference is so dramatic now," he said, "you can't ignore it." Recently, a military officer with 20 years' cybersecurity experience and a coveted security clearance sauntered out of a job interview with Northrop Grumman, a major defense contractor that is making an aggressive play for potentially billions of dollars in government cyber-business. "It's mind-roasting," said the officer, who is about to retire. "I've had people call my house, recruiters for defense contractors . . . probably 20 calls." The labor shortage is torquing up salaries, a cost that often gets passed on to the government. Some young people with three years' experience and a clearance are commanding salaries above $100,000. "Companies are paying people to jump from one company to another," said Ed Giorgio, a former NSA official and Ponte Technologies co- founder. The job-hopping can undermine the firm's performance on a contract, he said. Philip Reitinger, deputy undersecretary of Homeland Security's National Protection and Programs Directorate, conceded that the government generally cannot match industry pay scales. "But in government, one can have a bigger ability to effect change at an earlier place in your career than anywhere else," he said. "And -- your country needs you." Homeland Security officials acknowledged that hiring 1,000 people will be difficult, so they are also looking at training people already in the federal government. Cybersecurity lawyers, researchers and policymakers are also in short supply. The Pentagon, for instance, lacks a career path to develop "expert decision-making in the cyber field," said Robert D. Gourley, a former Defense Intelligence Agency chief technology officer. "The great cyber-generals are few and far between." From rforno at infowarrior.org Wed Dec 23 13:37:35 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 23 Dec 2009 08:37:35 -0500 Subject: [Infowarrior] - IBM patents managing patents Message-ID: United States Patent 7,630,915 Bracchitta , et al. December 8, 2009 Intellectual property management method and apparatus Abstract An intellectual property management facility for proactively creating, developing and managing an intellectual property portfolio includes: determining available resource capacity for an intellectual property activity in a tracking system; assigning technical attributes to the activity in the tracking system; apportioning resource capacity for the activity by technical attribute based on the value assigned to each of the technical attributes and based on available resource capacity; obtaining actual resource usage by technical attribute from the tracking system; and managing resource allocation for the intellectual property activity by determining the difference between the actual resource usage and the resource allocation by technical attribute. http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PALL&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.htm&r=1&f=G&l=50&s1=7,630,915.PN.&OS=PN/7,630,915&RS=PN/7,630,915 From rforno at infowarrior.org Wed Dec 23 15:26:41 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 23 Dec 2009 10:26:41 -0500 Subject: [Infowarrior] - Outage cripples BlackBerry Americas network Message-ID: <62297E2C-041B-42F7-94CC-6C72E30D8339@infowarrior.org> Outage cripples BlackBerry Americas network Reuters Wednesday, December 23, 2009; 12:14 AM http://www.washingtonpost.com/wp-dyn/content/article/2009/12/22/AR2009122204192_pf.html NEW YORK/SAN FRANCISCO (Reuters) - North and South American users of Research in Motion Ltd's BlackBerry smartphone suffered widespread delays in message services on Tuesday, just a week after another outage struck the popular corporate network. Customers and analysts had raised concerns about network stability after a short-lived outage on December 17 -- the same day the Canadian company reported quarterly results. RIM said in a statement that some BlackBerry customers in the Americas "are experiencing delays in message delivery. Technical teams are actively working to resolve the issue for those impacted." Canada-based RIM's line of BlackBerry products is one of the world's most popular smartphone brands, and is used widely among corporations as an email and communications device. BlackBerry users on Tuesday reported problems on the wireless networks of AT&T Inc, Verizon Communications Inc, Sprint Nextel Corp and T- Mobile USA, a unit of Deutsche Telekom. BlackBerry customers were also hit by email delays on the morning of December 17, though that outage appeared to affect mainly individual and small-business users, rather than large corporations. After RIM had major outages in February 2008 and April 2007, customers raised concerns over service stability. The company had pledged to improve reliability to avoid future crashes, but had not disclosed details. Shares in Research in Motion closed 3.6 percent lower at $67.22 on the Nasdaq, and at C$71.21 in Toronto. They were holding steady in after- hours trade on Nasdaq. (Reporting by Ernest Scheyder and Gabriel Madway; Editing by Ian Geoghegan) ? 2009 Reuters From rforno at infowarrior.org Wed Dec 23 17:27:27 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 23 Dec 2009 12:27:27 -0500 Subject: [Infowarrior] - Carmakers, software makers, no differrence? Message-ID: Toyota found to keep tight lid on potential safety problems A Times investigation shows the world's largest automaker has delayed recalls and attempted to blame human error in cases where owners claimed vehicle defects. http://www.latimes.com/business/la-fi-toyota-secrecy23-2009dec23,0,557792,full.story From rforno at infowarrior.org Wed Dec 23 19:40:28 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 23 Dec 2009 14:40:28 -0500 Subject: [Infowarrior] - LANL Accidentally Blows up Building with a Cannon Message-ID: <1822320E-100A-43D9-A1C6-17BDC9DFD26B@infowarrior.org> (c/o Dissent) Los Alamos National Laboratory Researchers Accidentally Blow up Building with a Cannon http://www.pogowasright.org/blogs/dissent/?p=1825 According to a Los Alamos National Laboratory (LANL) Occurrence Report, ?Shock and Detonation Physics Group researchers heard a loud unusual noise from Technical Area 15, Building 562 after firing a shot from a large-bore powder gun (LBPG).? The researchers accidentally blew a building apart at Technical Area-15, on December 16, 2009 while testing a gun which acts like a Civil War cannon. While no one was hurt, sources advise POGO that there was over $3 million in damage to property. The explosion blew the doors off the building ? which is described in the report as, ?two doors were propelled off the facility.? The Facility Operations Director ?declared a management concern due to the significant facility structural damage incurred resultant of the shot.? Parts of the cannon were found outside the building. ?I must say that this is a new twist in the long history of screw-ups by Los Alamos.? POGO?s Senior Investigator, Peter Stockton. ?I have no idea in the world why they have a gun like this, let alone testing it.? For more information on POGO?s Los Alamos National Laboratory files click here. Founded in 1981, the Project On Government Oversight (POGO) is an independent nonprofit that investigates and exposes corruption and other misconduct in order to achieve a more effective, accountable, open, and ethical federal government. From rforno at infowarrior.org Thu Dec 24 21:04:13 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 24 Dec 2009 16:04:13 -0500 Subject: [Infowarrior] - Software fraudster 'fooled CIA' into terror alert Message-ID: <3E030607-4EAC-41E1-A1DA-BB7E13E1B4B4@infowarrior.org> Software fraudster 'fooled CIA' into terror alert Spooks 'f*cking livid' By Chris Williams ? Get more from this author Posted in Crime, 24th December 2009 11:58 GMT http://www.theregister.co.uk/2009/12/24/cia_montgomery/ A con man fooled US spooks into grounding international flights by selling them "technology" to decode al-Qaeda messages hidden in TV broadcasts, it's claimed. A long and highly entertaining Playboy article explains that in 2003, 50-year-old Dennis Montgomery was chief technology officer at Reno, Nevada-based eTreppid Technologies. The firm began as a video compression developer, but Montgomery took it in new and bizarre directions. He reportedly convinced the CIA that he had software that could detect and decrypt "barcodes" in broadcasts by Al Jazeera, the Qatari news station. The Company was apparently impressed enough to set up its own secure room at the firm to do what Montgomery called "noise filtering". He somehow produced "reams of data" consisting of geographic coordinates and flight numbers. In December 2003, it's claimed CIA director George Tenet was sufficiently sold on Montgomery's data to ground transatlantic flights, deploy heavily armed police on the streets of Manhattan and evacuate 5,000 people from the Metropolitan Museum of Art. Homeland Security secretary Tom Ridge told the press the terror alert was the result of "credible sources - about near-term attacks that could either rival or exceed what we experienced on September 11". In fact, according to evidence from his former lawyer, Montgomery, the "credible source", was a "habitual liar engaged in fraud". Montgomery worked with the CIA's Directorate of Science and Technology - its Q Branch - engaged in exotic research and intelligence gathering. According to Playboy, one counter-intelligence official briefed on the programme said: "We were fucking livid. I was told to shut up. I was saying, 'This is crazy. This is embarrassing.'" Eventually a branch of French intelligence helped the CIA prove that the Al Jazeera "messages" never existed. Files were handed over to counter-intelligence to investigate the scam. The FBI uncovered a series of frauds by Montgomery, who was a compulsive gambler. As well as his "noise filtering" technology, he had rigged video software to convince officials it could detect weapons. Following a dispute with eTreppid's financial backer, Montgomery took off with his "technology" and tried to win more government contracts alone. By now though, the officials he was trying to sell to were part of the FBI investigation. It reportedly "went nowhere", however. By 2008, the financial dispute had come to court. Montgomery said he was still doing classified government work, for $3m. In June this year however, his gambling led to personal bankruptcy, listing his still- classified "technology" as a $10m asset. Frances Townsend, a homeland security adviser to Bush, said she did not regret having relied on Montgomery's mysterious intelligence. "It didn't seem beyond the realm of possibility. We were relying on technical people to tell us whether or not it was feasible," she said. ? From rforno at infowarrior.org Fri Dec 25 02:44:31 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 24 Dec 2009 21:44:31 -0500 Subject: [Infowarrior] - Security in the Ether Message-ID: <2660BF08-6CE4-4D60-92F7-4D2A7F53663B@infowarrior.org> January/February 2010 Security in the Ether Information technology's next grand challenge will be to secure the cloud--and prove we can trust it. By David Talbot http://www.technologyreview.com/printer_friendly_article.aspx?id=24166&channel=specialsections§ion=smarterit In 2006, when Amazon introduced the Elastic Compute Cloud (EC2), it was a watershed event in the quest to transform computing into a ubiquitous utility, like electricity. Suddenly, anyone could scroll through an online menu, whip out a credit card, and hire as much computational horsepower as necessary, paying for it at a fixed rate: initially, 10 cents per hour to use Linux (and, starting in 2008, 12.5 cents per hour to use Windows). Those systems would run on "virtual machines" that could be created and configured in an instant, disappearing just as fast when no longer needed. As their needs grew, clients could simply put more quarters into the meters. Amazon would take care of hassles like maintaining the data center and network. The virtual machines would, of course, run inside real ones: the thousands of humming, blinking servers clustered in Amazon's data centers around the world. The cloud computing service was efficient, cheap, and equally accessible to individuals, companies, research labs, and government agencies. But it also posed a potential threat. EC2 brought to the masses something once confined mainly to corporate IT systems: engineering in which Oz-like programs called hypervisors create and control virtual processors, networks, and disk drives, many of which may operate on the same physical servers. Computer security researchers had previously shown that when two programs are running simultaneously on the same operating system, an attacker can steal data by using an eavesdropping program to analyze the way those programs share memory space. They posited that the same kinds of attacks might also work in clouds when different virtual machines run on the same server. In the immensity of a cloud setting, the possibility that a hacker could even find the intended prey on a specific server seemed remote. This year, however, three computer scientists at the University of California, San Diego, and $$COL$$ one at MIT went ahead and did it (see "Snooping Inside Amazon's Cloud" in above image slideshow). They hired some virtual machines to serve as targets and others to serve as attackers--and tried to get both groups hosted on the same servers at Amazon's data centers. In the end, they succeeded in placing malicious virtual machines on the same servers as targets 40 percent of the time, all for a few dollars. While they didn't actually steal data, the researchers said that such theft was theoretically possible. And they demonstrated how the very advantages of cloud computing--ease of access, affordability, centralization, and flexibility--could give rise to new kinds of insecurity. Amazon stressed that nobody has successfully attacked EC2 in this manner and that the company has now prevented that specific kind of assault (though, understandably, it wouldn't specify how). But what Amazon hasn't solved--what nobody has yet solved--is the security problem inherent in the size and structure of clouds. Cloud computing--programs and services delivered over theInternet--is rapidly changing the way we use computers (see Briefing, July/August 2009, and "Clouds, Ascending" in above slideshow). Gmail, Twitter, and Facebook are all cloud applications, for example. Web-based infrastructure services like Amazon's--as well as versions from vendors such as Rackspace--have attracted legions of corporate and institutional customers drawn by their efficiency and low cost. The clientele for Amazon's cloud services now includes the New York Times and Pfizer. And Google's browser and forthcoming operating system (both named Chrome) mean to provide easy access to cloud applications. Even slow-moving government agencies are getting into the act: the City of Los Angeles uses Google's Apps service for e-mail and other routine applications, and the White House recently launched www.apps.gov to encourage federal agencies to use cloud services. The airline, retail, and financial industries are examples of those that could benefit from cloud computing, says Dale Jorgenson, a Harvard economist and expert on the role of information technology in national productivity. "The focus of IT innovation has shifted from hardware to software applications," he says. "Many of these applications are going on at a blistering pace, and cloud computing is going to be a great facilitative technology for a lot of these people." Of course, none of this can happen unless cloud services are kept secure. And they are not without risk. When thousands of different clients use the same hardware at large scale, which is the key to the efficiency that cloud computing provides, any breakdowns or hacks could prove devastating to many. "Today you have these huge, mammoth cloud providers with thousands and thousands of companies cohosted in them," says Radu Sion, a computer scientist at the State University of New York at Stony Brook. "If you don't have everybody using the cloud, you can't have a cheap service. But when you have everybody using the clouds, you have all these security issues that you have to solve suddenly." Cloud Crises Cloud computing actually poses several separate but related security risks. Not only could stored data be stolen by hackers or lost to breakdowns, but a cloud provider might mishandle data--or be forced to give it up in response to a subpoena. And it's clear enough that such security breaches are not just the stuff of academic experiments. In 2008, a single corrupted bit in messages between servers used by Amazon's Simple Storage Service (S3), which provides online data storage by the gigabyte, forced the system to shut down for several hours. In early 2009, a hacker who correctly guessed the answer to a Twitter employee's personal e-mail security question was able to grab all the documents in the Google Apps account the employee used. (The hacker gleefully sent some to the news media.) Then a bug compromised the sharing restrictions placed on some users' documents in Google Docs. Distinctions were erased; anyone with whom you shared document access could also see documents you shared with anyone else. Andin October, a million T-Mobile Sidekick smart phones lost data after a server failure at Danger, a subsidiary of Microsoft that provided the storage. (Much of the data was later recovered.) Especially with applications delivered through public clouds, "the surface area of attack is very, very high," says Peter Mell, leader of the cloud security team at the National Institute of Standards and Technology (NIST) in Gaithersburg, MD. "Every customer has access to every knob and widget in that application. If they have a single weakness, [an attacker may] have access to all the data." To all this, the general response of the cloud industry is: clouds are more secure than whatever you're using now. Eran Feigenbaum, director of security for Google Apps, says cloud providers can keep ahead of security threatsmuch more effectively than millions of individuals and thousands of companies running their own computers and server rooms. For all the hype over the Google Docs glitch, he points out, it affected less than .05 percent of documents that Google hosted. "One of the benefits of the cloud was the ability to react in a rapid, uniform manner to these people that were affected," he says. "It was all corrected without users having to install any software, without any server maintenance." Think about the ways security can be compromised in traditional settings, he adds: two-thirds of respondents to one survey admitted to having mislaid USB keys, many of them holding private company data; at least two million laptops were stolen in the United States in 2008; companies can take three to six months to install urgent security patches, often because of concern that the patches will trigger new glitches. "You can't get 100 percent security and still manage usability," he says. "If you want a perfectly secure system, take a computer, disconnect it from any external sources, don't put it on a network, keep it away from windows. Lock it up in a safe." But not everyone is so sanguine. At a computer security conference last spring, John Chambers, the chairman of Cisco Systems, called cloud computing a "security nightmare" that "can't be handled in traditional ways." At the same event, Ron Rivest, the MIT computer scientist who coinvented the RSA public-key cryptography algorithm widely used in e-commerce, said that the very term cloud computing might better be replaced by swamp computing. He later explained that he meant consumers should scrutinize the cloud industry's breezy security claims: "My remark was not intended to say that cloud computing really is 'swamp computing' but, rather, that terminology has a way of affecting our perceptions and expectations. Thus, if we stop using the phrase cloud computing and started using swamp computing instead, we might find ourselves being much more inquisitive about the services and security guarantees that 'swamp computing providers' give us." A similar viewpoint, if less colorfully expressed, animates a new effort by NIST to define just what cloud computing is and how its security can be assessed. "Everybody has confusion on this topic," says Peter Mell; NIST is on its 15th version of the document defining the term. "The typical cloud definition is vague enough that it encompasses all of existing modern IT," he says. "And trying to pull out unique security concerns is problematic." NIST hopes that identifying these concerns more clearly will help the industry forge some common standards that will keep data more secure. The agency also wants to make clouds interoperable so that users can more easily move their data from one to another, which could lead to even greater efficiencies. Given the industry's rapid growth, the murkiness of its current security standards, and the anecdotal accounts of breakdowns, it's not surprising that many companies still look askance at the idea of putting sensitive data in clouds. Though security is currently fairly good, cloud providers will have to prove their reliability over the long term, says Larry Peterson, a computer scientist at Prince ton University who directs an Internet test bed called the PlanetLab Consortium. "The cloud provider may have appropriate security mechanisms," Peterson says. "But can I trust not only that he will protect my data from a third party but that he's not going to exploit my data, and that the data will be there five years, or 10 years, from now? Yes, there are security issues that need attention. But technology itself is not enough. The technology here may be out ahead of the comfort and the trust." In a nondescript data center in Somerville, MA, just outside Boston, lies a tangible reminder of the distrust that Petersonis talking about. The center is owned by a small company called 2N+1, which offers companies chilled floor space, security, electricity, and connectivity. On the first floor is a collection of a dozen black cabinets full of servers. Vincent Bono, a cofounder of 2N+1, explains these are the property of his first client, a national bank. It chose to keep its own server rather than hire a cloud. And for security, the bank chose the tangible kind: a steel fence. Encrypting the Cloud Cloud providers don't yet have a virtual steel fence to sell you. But at a minimum, they can promise to keep your data on servers in, say, the United States or the European Union, for regulatory compliance or other reasons. And they are working on virtual walls: in August, Amazon announced plans to offer a "private cloud" service that ensures more secure passage of data from a corporate network to Amazon's servers. (The company said this move was not a response to the research by the San Diego and MIT group. According to Adam Selipsky, vice president of Amazon Web Services, the issue was simply that "there is a set of customers and class of applications asking for even more enhanced levels of security than our existing services provided.") Meanwhile, new security technologies are emerging. A group from Microsoft, for example, has proposed a way to prevent users of one virtual machine on a server from gleaning information by monitoring the use of shared cache memory by another virtual machine on the same server, something that the San Diego and MIT researchers suggested was possible. And researchers at IBM have proposed a new kind of security mechanism that would, in essence, frisk new virtual machines as they entered the cloud. Software would monitor each one to see how it operates and ensure its integrity, in part by exploring its code. Such technologies could be ready for market within two or three years. But fully ensuring the security of cloud computing will inevitably fall to the field of cryptography. Of course, cloud users can already encrypt data to protect it from being leaked, stolen, or--perhaps above all--released by a cloud provider facing a subpoena. This approach can be problematic, though. Encrypted documents stored in a cloud can't easily be searched or retrieved, and it's hard to perform calculations on encrypted data. Right now, users can get around these problems by leaving their information in the cloud unencrypted ("in the clear") or pulling the encrypted material back out to the safety of their own secure computers and decrypting it when they want to work with it. As a practical matter, this limits the usefulness of clouds. "If you have to actually download everything and move it back to its original place before you can use that data, that is unacceptable at the scale we face today," says Kristin Lauter, who heads the cryptography research group at Microsoft Research. Emerging encryption technologies, however, could protect data in clouds even as users search it, retrieve it, and perform calculations on it. And this could make cloud computing far more attractive to industries such as banking and health care, which need security for sensitive client and patient data. For starters, several research groups have developed ways of using hierarchical encryption to provide different levels of access to encrypted cloud data. A patient, for example, could hold a master key to his or her own electronic medical records; physicians, insurers, and others could be granted subkeys providing access to certain parts of that information. Ideally, we'd make it more practical to work with sensitive data that needs to be encrypted, such as medical records, so that unintended viewers couldn't see it if it were exposed by a hack or a glitch at the cloud provider. "The general theme of cloud computing is that you want to be able to outsource all kinds of functionality but you don't want to give away your privacy--and you need very versatile cryptography to do that," says Craig Gentry, a cryptography researcher at IBM's Watson Research Center in Yorktown, NY. "It will involve cryptography that is more complicated than we use today." To find and retrieve encrypted documents, groups at Carnegie Mellon University, the University of California, Berkeley, and elsewhere are working on new search strategies that start by tagging encrypted cloud- based files with encrypted metadata. To perform a search, the user encrypts search strings using mathematical functions that enable strings to find matches in the encrypted metadata. No one in the cloud can see the document or even the search term that was used. Microsoft Research recently introduced a theoretical architecture that would stitch together several crytographic technologies to make the encrypted cloud more searchable. The problem of how to manipulate encrypted data without decrypting it, meanwhile, stumped researchers for decades until Gentry made a breakthrough early in 2009. While the underlying math is a bit thick, Gentry's technique involves performing calculations on the encrypted data with the aid of a mathematical object called an "ideal lattice." In his scheme, any type of calculation can be performed on data that's securely encrypted inside the cloud. The cloud then releases the computed answers--in encrypted form, of course--for users to decode outside the cloud. The downside: the process eats up huge amounts of computational power, making it impractical for clouds right now. "I think one has to recognize it for what it is," says Josyula Rao, senior manager for security at IBM Research. "It's like the first flight that the Wright Brothers demonstrated." But, Rao says, groups at IBM and elsewhere are working to make Gentry's new algorithms more efficient. Risks and Benefits If cloud computing does become secure enough to be used to its full potential, new and troubling issues may arise. For one thing, even clouds that are safe from ordinary hackers could become central points of Internet control, warns Jonathan Zittrain, the cofounder of Harvard's Berkman Center for Internet and Society and the author of The Future of the Internet--and How to Stop It. Regulators, courts, or overreaching government officials might see them as convenient places to regulate and censor, he says. What's more, cloud providers themselves could crack down on clients if, say, copyright holders apply pressure to stop the use of file- sharing software. "For me," Zittrain says, "the biggest issue in cloud security is not the Sidekick situation where Microsoft loses your data." More worrisome to him are "the increased ability for the government to get your stuff, and fewer constitutional protections against it; the increased ability for government to censor; and increased ability for a vendor or government to control innovation and squash truly disruptive things." Zittrain also fears that if clouds dominate our use of IT, they may turn into the kinds of "walled gardens" that characterized the Internet in the mid-1990s, when companies such as Compuserve, Prodigy, and AOL provided limited menus of online novelties such as news, e- commerce, and e-mail to the hoi polloi. Once people pick a cloud and applications they like, he says--Google Apps, for example--they may find they have limited access to great apps in other clouds, much as Facebook users can't network with people on MySpace. But such concerns aren't stopping the ascendance of the cloud. And if cloud security is achieved, the benefits could be staggering. "There is a horrendous amount of computing and database management where cloud computing is clearly relevant," says Harvard's Dale Jorgenson. Imagine if today's emerging online repositories for personal health data, such as Google Health and Microsoft HealthVault, could link up with the growing number of electronic records systems at hospitals in a way that keeps private data protected at all times. The resulting medical megacloud could spread existing applications cheaply and efficiently to all corners of the medical profession. Doctors could easily compare patients' MRI scans, for example, with those of other patients around the country, and delve into vast databases to analyze the efficacy of treatments and prevention measures (see "Prescription: Networking," November/December 2009). "The potential there is enormous, because there are a couple of transformations that may occur in medicine in the near future from vast collections of medical records," says Ian Foster, a computer scientist who leads the Computation Institute at Argonne National Laboratory and the University of Chicago. Today, he points out, individuals are demanding access to their own medical information while medical institutions seek new sources of genomic and other data. "The two of those, together, can be powered by large-scalesharing of information," he says. "And maybe you can do it in the cloud. But it has particularly challenging security problems." This isn't the first time a new information technology has offered profound benefits while raising potentially intolerable security risks. The advent of radio posed similar issues a century ago, says Whitfield Diffie, one of the pioneers of public-key cryptography, who is now a visiting professor at Royal Holloway College at the University of London. Radio was so much more flexible and powerful than what it replaced--the telegraph--that you had to adopt it to survive in business or war. The catch was that radio can be picked up by anyone. In radio's case, fast, automated encryption and decryption technologies replaced slow human encoders, making it secure enough to realize its promise. Clouds will experience a similar evolution. "Clouds are systems," says NIST's Peter Mell. "And with systems, you have to think hard and know how to deal with issues in that environment. The scale is so much bigger, and you don't have the physical control. But we think people should be optimistic about what we can do here. If we are clever about deploying cloud computing with a clear-eyed notion of what the risk models are, maybe we can actually save the economy through technology." David Talbot is Technology Review's chief correspondent. Copyright Technology Review 2009. From rforno at infowarrior.org Sat Dec 26 02:11:15 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 25 Dec 2009 21:11:15 -0500 Subject: [Infowarrior] - With Schmidt in place, who's his deputy? Message-ID: <622CF436-16D4-4ACA-BC18-32D5E3D60F6F@infowarrior.org> With Schmidt in place, who's his deputy? December 23, 2009 By Jason Miller Executive Editor FederalNewsRadio http://www.federalnewsradio.com/index.php?nid=110&sid=1848282 Now that Howard Schmidt has officially been appointed the cyber coordinator, the next guessing game is how he fills out his staff. Multiple sources say the next piece to the puzzle could be a staff member from the Senate Select Committee on Intelligence. Sources say Sameer Bhalotra is a leading candidate to be deputy cyber coordinator. "Sameer interviewed with the White House earlier this year, but I don't think a decision has been made," says one source, who like the others requested anonymity because of the sensitivity of personnel announcements. According to his bio, Bhalotra received an undergraduate degree in Physics and Chemistry from Harvard University and a doctorate in Applied Physics from Stanford University. He also worked with the CIA in the science and technology directorate and developed new cross-community technology programs as a founding member of the science and technology staff within the Office of the Director of National Intelligence. Bhalotra also was a member of the Commission on Cybersecurity for the 44th Presidency. Bhalotra has been with the Senate Intelligence Committee since 2007 where he has focused on cybersecurity and leads the committee's cyber study team. "Sameer knows how to get stuff done," says another source. "That is the type of person that this position needs." Attempts to reach Bhalotra for comment were unsuccessful and an e-mail to the White House seeking comment on the deputy position went unanswered. "I know Sameer very well and if he was picked he would be solid appointment," says Rep. Jim Langevin (D-R.I.). "But I have heard nothing official whether there will be deputy. But if the White House picks Sameer or someone similar that would be positive development." Melissa Hathaway, the former senior director for cyberspace for the National Security Council under President Obama, says the cyber coordinator's office is set up to have a coordinator, a deputy and several senior directors who would come from agencies on detail. No matter who becomes the deputy, Schmidt and his staff have plenty of work to do. Hathaway, who now is president of Hathaway Global Strategies, says she would advise Schmidt to get to know the agencies by understanding their capabilities and where they need the most help. She says he may want to start with the federal centers of cybersecurity excellence: ? U.S. Cert at the Homeland Security Department ? The FBI's National Cyber Investigative joint task Force ? The National Security Agency's National Threat Operations Center ? The Defense Department's Joint Task Force for Global Network Operations (JTF-GNO) ? ODNI's incident response center "I would advise him to visit those centers and know what they are doing and have a good operational understanding of what's out there," she says. "He should know how the partnership is growing between the different departments and agencies." Hathaway also says Schmidt should know the status of the short and long term goals detailed in the White House's 60-day cyberspace review. The administration issued the document in May, and Hathaway, who led the review, says work is ongoing to meet the milestones. Schmidt also will have to do a lot of work on Capitol Hill, experts say. He will need to do more than understand more than 36 different pieces of legislation, but also get to know many more members who are interested in cybersecurity. "He needs to understand the critical paths programs under Comprehensive National Cybersecurity Initiative (CNCI), and help agencies with advocacy and championing of key programs in fiscal 2011 budget," Hathaway says. "I think it will be important for him to have good understanding what is being discussed in each legislation and to start to present the view from the White House of what is important to the administration." Mischel Kwon, the former head of the DHS's U.S. Cert and now a vice president of the public sector for security solutions at RSA, says getting the government on more solid ground should be among his top priorities as well. But at the same time, Kwon says Schmidt needs to make two-way information sharing a major priority. "It cannot just be industry giving to government, but government giving to industry too," she says. "They need to share information about attacks and threats affecting our networks and the Internet." Kwon adds that one of Schmidt's biggest challenges will be ensuring consistent and clear communication and coordination. "It will be important for him to figure out how best to govern security across the government, and how to work with chief information officer, chief information security officers, DHS and in the DoD space," Kwon says. "He also will have to figure out how best to work with the legislative and judicial branches, and go out to look at critical infrastructure. He will have to create priorities and industry will have to support him to create a collaborative environment." And that collaborative environment is key to creating a better partnership between industry and government. Liesyl Franz, the vice president for information security and global public policy at TechAmerica, an industry association, says Schmidt should push the public-private sector relationship must move beyond strategic. "It's not how we work together when an incident occurs, but in the analytical phases as well," she says. "We need to work along the way on a sustained and ongoing basis." Franz echoed many of Kwon's suggestions about making the relationship a two-way partnership. "Industry does its job every day in fighting off attacks and protecting networks," she says. "The government is doing the same thing. Now that he is in place, he can galvanize the relationship into a concerted and integrated effort, and fully bring the resources to bear." Franz adds that finally having a permanent cyber coordinator will make a big difference in the long term security of the government and industry. "It's a great move to name Howard," she says. "It will be way for us to take a lot of steps in the New Year. And it's crucially important to have a cyber coordinator in the White House because ultimately the policy that comes from them is the policy of the land and cybersecurity needs to be part of that conversation." (Copyright 2009 by FederalNewsRadio.com. All Rights Reserved.) back From rforno at infowarrior.org Sat Dec 26 19:47:02 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 26 Dec 2009 14:47:02 -0500 Subject: [Infowarrior] - New TSA procedure? Message-ID: If indeed this is the TSA response to yesterday's events, what exactly is this meant to accomplish? --rf (Nothing posted yet on the TSA website, btw) According to the Air Canada website: "New rules imposed by the U.S. Transportation Security Administration also limit on-board activities by customers and crew in U.S. airspace that may adversely impact on-board service. Among other things, during the final hour of flight customers must remain seated, will not be allowed to access carry-on baggage, or have personal belongings or other items on their laps." http://www.aircanada.com/en/news/trav_adv/091226.html From rforno at infowarrior.org Sat Dec 26 20:02:34 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 26 Dec 2009 15:02:34 -0500 Subject: [Infowarrior] - Airlines: New rules keep passengers in seats Message-ID: <871406C5-6ACE-4F7B-9FA1-8613649AA7A9@infowarrior.org> This is security theater, pure and simple, with the goal still being to present the appearance of providing security by doing something more inconvenient. Because, we all know, security-through- inconvenience is the New Normal. Better to annoying the travelling public and/or sell the government zillion dollars of defective air puff scanners instead.....at least the Military Industrial Homeland Congressional Complex will be protected, and that's apparently Job Number One. ---rf Airlines: New rules keep passengers in seats By JOAN LOWY The Associated Press Saturday, December 26, 2009; 2:34 PM http://www.washingtonpost.com/wp-dyn/content/article/2009/12/26/AR2009122601070_pf.html WASHINGTON -- Some airlines were telling passengers on Saturday that new government security regulations prohibit them from leaving their seats beginning an hour before landing The regulations are a response to a suspected terrorism incident on Christmas Day. Air Canada said in a statement that new rules imposed by the Transportation Security Administration limit on-board activities by passengers and crew in U.S. airspace. The airline said that during the final hour of flight passengers must remain seated. They won't be allowed access to carryon baggage or to have any items on their laps. Flight attendants on some domestic flights are informing passengers of similar rules. Passengers on a flight from New York to Tampa Saturday morning were also told they must remain in their seats and couldn't have items in their laps, including laptops and pillows. The TSA declined to confirm the new restrictions. Homeland Security Secretary Janet Napolitano said in a statement Saturday that passengers flying to the U.S. from overseas may notice extra security, but she said the measures "are designed to be unpredictable, so passengers should not expect to see the same thing everywhere." A transportation security official speaking on condition of anonymity because the official wasn't authorized to speak publicly said passengers traveling internationally could see increased security screening at gates and when they check their bags, as well as additional measures on flights such as stowing carryons and personal items before the plane lands. A Nigerian passenger on a Northwest Airlines flight from Amsterdam allegedly attempted to start a fire as the plane prepared to land in Detroit on Friday, according to authorities. The incident has sparked a major international terrorism investigation. Air Canada said it was limiting passengers to one carryon bag in response to a request from the U.S. and Canadian governments. The airline advised U.S.-bound passengers to restrict their carryon item to "the absolute minimum" or to not carry any bag on board at all. "Carriage of any carryon item will result in lengthy security delays for the customer," the airline said. U.S.-bound flights on all airlines are experiencing significant delays, said Duncan Dee, Air Canada's executive vice president and chief operating officer. A spokeswoman with Infraero, a Brazilian government agency that oversees airport infrastructure, said that airlines had been asked by federal authorities to add another layer of security for international flights originating in the country after the attempted attack in the U.S. The official, who spoke on condition of anonymity because she was not authorized to discuss the matter, said that passengers would face an extra screening that would take place just before they boarded planes. She would give no more details, citing security concerns. David Castelveter, a spokesman for the Air Transport Association, said the domestic airline industry has been in close coordination with the security administration since Friday's incident and there will be increased scrutiny of passengers. He declined to comment on whether new regulations have been put in place. --- Associated Press writers Eileen Sullivan in Washington and Bradley Brooks in Rio de Janeiro contributed to this report. ? 2009 The Associated Press From rforno at infowarrior.org Sat Dec 26 22:38:43 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 26 Dec 2009 17:38:43 -0500 Subject: [Infowarrior] - Revised Screening Policies Message-ID: Interestingly, the websites of the following carriers (Singapore, Virgin Atlantic, British Airways, KLM, Delta, United,American) all talk about "enhanced screening" and other security measures about entering the secure area, warning of delayed boarding times, and so forth. It appears these 'enhancements' are for flights coming into the USA, although I wager domestic flights will be disrupted in the name of Making America Feel Safe(tm) as well. Interestingly, or apparently, Air Canada has revised their statements -- their website as of 1730 ET no longer mentions anything about "sitting for the final hour" that we saw earlier today. For all we know, that was just TSA being over-protective in their recommendations to foreign carriers. That said, Bruce S. just told me he flew domestically and didn't see anything differently. More to follow... -rf From rforno at infowarrior.org Sun Dec 27 05:00:24 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 27 Dec 2009 00:00:24 -0500 Subject: [Infowarrior] - Father warned US about 'jet bomber' Message-ID: Father warned about 'jet bomber' http://news.bbc.co.uk/2/hi/americas/8431470.stm The father of a Nigerian charged with trying to blow up a US jet on Christmas Day had voiced concerns to US officials about his son, it has emerged. The father, a top Nigerian banker, warned US authorities weeks ago about 23-year-old Umar Farouk Abdulmutallab's extreme religious views. An Obama administration official told the New York Times the report had been received, but had been non-specific. Airports worldwide have beefed up security after the alleged attack. Mr Abdulmutallab was formally charged by a US federal judge at a Michigan hospital where he is being treated for burns after allegedly trying to detonate a device. 'Sewn in underpants' The detainee reportedly smiled as agents brought him in to the room in a wheelchair, dressed in a green hospital robe and with a blanket over his lap. High explosives are believed to have been moulded to his body and sewn in to his underpants. He was immediately overpowered by passengers and crew aboard Northwest Airlines Flight 253, minutes before it was due to land in Detroit from the Dutch capital Amsterdam. The suspect was charged with placing a destructive device on the Airbus 330, which was carrying 289 passengers and crew, and attempting to destroy the jet. His father, Alhaji Umaru Mutallab, is a prominent banker well- connected in Nigeria's political world, the BBC's Caroline Duffield reports from Lagos. In recent months the family had become gravely concerned about their son, a former engineering student at University College London. His political views had alarmed his family and his father especially. Mr Mutallab had approached the US embassy in Abuja, reportedly in November, as well as Nigerian security officials, to voice concerns about his son. How the accused, who had a valid US travel visa, boarded a flight in Lagos to Amsterdam, despite being on a database listing individuals of concern to the authorities, is a key question, our correspondent says. Anti-terrorist measures in Nigeria's airports are haphazard and corruption among police, customs and security officials is endemic, she adds. The unnamed Obama official quoted by the New York Times said: "The information was passed into the system but the expression of radical extremist views were very non-specific." A US official told Reuters news agency the suspect's name was in a US database of suspected terrorists, but there had not been sufficient information to warrant putting him on the "no-fly" list. It is understood that members of Mr Abdulmutallab's family are travelling to the Nigerian capital Abuja on Sunday to meet police and government officials. 'Nice and polite' A preliminary FBI analysis has found that the device allegedly found attached to Mr Abdulmutallab contained the high explosive PETN, also known as pentaerythritol. PETN was used in the device worn by British "shoe bomber" Richard Reid, who is serving a prison sentence for attempting to blow up a Paris-Miami airliner in Christmas week of 2001. PETN HIGH EXPLOSIVE ? Was found on Flight 253 suspect's person, early tests suggest ? Also known as pentaerythritol, often used in military explosives ? Terrorists are said to favour it because it is small and powerful ? Was used in the December 2001 airliner shoe bomb attack Mr Abdulmutallab allegedly tried to detonate a device using a syringe, but it failed to go off. The suspect has reportedly told investigators he had links to al-Qaeda and had received the explosives in Yemen for a suicide attack, after a month of training. Mr Abdulmutallab went to the bathroom for about 20 minutes before the incident, court documents say. When he got back to his seat, he said he had an upset stomach and he pulled a blanket over himself, the affidavit continues. "Passengers then heard popping noises similar to firecrackers, smelled an odour, and some observed Abdulmutallab's pants, leg and the wall of the airplane on fire," the Department of Justice said in a statement. Dutch tourist Jasper Schuringa, credited with tackling the suspect first and helping crew members to restrain him, is being hailed as a hero by fans on the internet. The 32-year-old Dutch filmmaker has said in media interviews that when he heard a bang and smelled smoke he felt immediately it was a terrorist attack and did not hesitate to intervene. Mr Schuringa added that the alleged bomber had not become aggressive after the alleged bomb failed to detonate. "He was actually a normal person, he was very scared, he had a very frightened look, he wasn't resisting or anything," he told the BBC. "I also spoke later to one of the Dutch people who was sitting next to him and they said he was a really nice and polite man. So he was someone you wouldn't expect to commit a crime like this." Meanwhile, delays have been caused to transatlantic flights after airlines flying in to and around the US tightened security. Measures include cutting down on hand baggage, extra frisking of passengers at passport control and allowing more time to board. Story from BBC NEWS: http://news.bbc.co.uk/go/pr/fr/-/2/hi/americas/8431470.stm Published: 2009/12/27 02:36:02 GMT ? BBC MMIX From rforno at infowarrior.org Sun Dec 27 05:01:50 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 27 Dec 2009 00:01:50 -0500 Subject: [Infowarrior] - Plane suspect was listed in terror database Message-ID: <1FD92B10-77F2-437E-9C58-31EC91611781@infowarrior.org> Plane suspect was listed in terror database after father alerted U.S. officials By Dan Eggen, Karen DeYoung and Spencer S. Hsu Washington Post Staff Writer Sunday, December 27, 2009; A01 http://www.washingtonpost.com/wp-dyn/content/article/2009/12/25/AR2009122501355_pf.html A Nigerian man charged Saturday with attempting to blow up a U.S. airliner on Christmas Day was listed in a U.S. terrorism database last month after his father told State Department officials that he was worried about his son's radical beliefs and extremist connections, officials said. The suspect, Umar Farouk Abdulmutallab, was added to a catch-all terrorism-related database when his father, a Nigerian banker, reported concerns about his son's "radicalization and associations" to the U.S. Embassy in Nigeria, a senior administration official said. Abdulmutallab was not placed on any watch list for flights into the United States, however, because there was "insufficient derogatory information available" to include him, another administration official said. Abdulmutallab was granted a two-year tourist visa by the U.S. Embassy in London in June 2008. He used the visa to travel previously to the United States at least twice, officials said. On Friday, Abdulmutallab, 23, was subdued by passengers and crew members onboard Northwest Airlines Flight 253 after he allegedly ignited an explosive device that set afire his pants leg and part of the airplane during preparations to land in Detroit. The incident marks the latest apparent attempt by terrorists to bring down a U.S. aircraft through the use of an improvised weapon, and set in motion urgent security measures that disrupted global air travel during the frenetic holiday weekend. The case also reignited a partisan debate within Washington over whether the Obama administration was doing enough to guard against terrorist attacks after the shootings last month at Fort Hood, Tex., and other incidents. Passengers on international flights bound Saturday for the United States were required to undergo more stringent searches before boarding and were ordered to remain glued in their seats for the final hour of many flights. Homeland Security Secretary Janet Napolitano said domestic passengers may notice additional security measures in coming days, but she did not specify them. Abdulmutallab was charged Saturday in U.S. District Court for Eastern Michigan with attempting to destroy an aircraft and with placing a destructive device onboard a plane, each of which is punishable by up to 20 years in prison. U.S. District Judge Paul D. Borman informed Abdulmutallab of the charges during a hearing at the University of Michigan Health System in Ann Arbor, where he is being treated at the burn unit. The suspect was rolled into a conference room in a wheelchair for the hearing. Asked whether he understood the charges against him, he replied, "Yes, I do." When a federal prosecutor asked how he was doing, Abdulmutallab replied, "I feel better." The suspect allegedly told FBI agents after his arrest that he had received training and explosive materials from al-Qaeda-linked terrorists in Yemen, a claim that U.S. law enforcement officials were still attempting to verify Saturday. The FBI said the device strapped to Abdulmutallab contained PETN, or pentaerythritol, which is the same plastic explosive used by al-Qaeda operative Richard C. Reid in his December 2001 attempt to destroy a U.S.-bound airliner by igniting a homemade bomb in his shoe. A senior administration official said Abdulmutallab, who had studied engineering at University College London, was issued a two-year U.S. tourist visa in June 2008 in London and did not raise any red flags during screening before boarding Northwest Flight 253 at Amsterdam's Schiphol airport, one of the most heavily secured air facilities in the world. Administration officials acknowledged Saturday that Abdulmutallab's name was added in November to the Terrorist Identities Datamart Environment, or TIDE, which contains about 550,000 individuals and is maintained by the Office of the Director of National Intelligence at the National Counterterrorism Center. TIDE is a catch-all list into which all terrorist-related information is sent. Some, but not all, information from TIDE is transferred to the FBI- maintained Terrorist Screening Data Base (TSDB), from which consular, border and airline watch lists are drawn. The Transportation Security Administration has a "no-fly" list of about 4,000 people who are prohibited from boarding any domestic or U.S.-bound aircraft. A separate list of about 14,000 "selectees" require additional scrutiny but are not banned from flying. Abdulmutallab's name never made it past the TIDE database. "A TIDE record on Umar Farouk Abdulmutallab was created in November 2009," one administration official said, but "there was insufficient information available on the subject at that time to include him in the TSDB or its 'no fly' or 'selectee' lists." Several top Republicans criticized the administration's approach to counterterrorism, saying the government had not pieced together warning signs in recent cases, including the slayings of 13 people at Fort Hood, allegedly by a Muslim soldier. "I think the administration is finally recognizing that they got this terrorism thing all wrong," said Rep. Peter Hoekstra (Mich.), the ranking Republican on the House intelligence committee and a state gubernatorial candidate. "I think we came very, very close to losing that plane last night." After being briefed by federal authorities, Rep. Peter King (R-N.Y.) said Abdulmutallab did not undergo body scans that might have helped detect the explosive material when he went through security at airports in Nigeria and Amsterdam. Sen. Joseph I. Lieberman (I-Conn.), chairman of the Senate Homeland Security Committee, released a statement saying he was "troubled by several aspects" of the case, including the visit by Abdulmutallab's father to the U.S. Embassy in Nigeria. Democrats in the House and Senate vowed to hold hearings in January but also urged caution in jumping to conclusions. Rep. Jane Harman (D- Calif.), chairman of the House Homeland Security subcommittee on intelligence, said a federal official briefed lawmakers about "strong suggestions of a Yemen-al-Qaeda connection and an intent to blow up the plane over U.S. airspace." Administration officials said President Obama is seeking accountability in the incident, although he has not demanded any sort of special review. He is getting detailed briefings on the facts of the case and the airport security changes while on vacation in Hawaii, the officials said. One administration official, speaking on the condition of anonymity because he was not authorized to discuss the matter publicly, said Abdulmutallab received his 2008 tourist visa from the U.S. Embassy in London. "We interviewed him, and his name was run against the watch list maintained by [the Department of Homeland Security] and the FBI," the official said. "There was no indication of any derogatory information. There is every indication that whatever radicalization took place occurred recently." In a new emergency order effective until Wednesday, TSA is requiring that all passengers bound for the United States undergo a "thorough pat-down" at boarding gates, concentrating on the upper legs and torso. All carry-on baggage also should be inspected, focusing on syringes with powders or liquids, TSA said. In addition, passengers must remain seated and may not access carry-on baggage for the final hour before the landing or hold any personal item on their laps. The extraordinary steps came as former senior U.S. officials spoke in unusually blunt terms about the apparent failure of aviation security measures to detect a common military explosive allegedly brought on board. Michael Chertoff, who was homeland security secretary from 2005 to 2009, said terrorists appear to have exploited the natural inhibition of screeners to conduct overly intrusive searches, and he renewed calls for widespread expansion of whole-body imaging scanners that use radio waves or X-rays to reveal objects beneath a person's clothes. Chertoff said the government has sought to expand use of imaging scanners, but privacy advocates and Congress have raised objections. "This plot is an example of something we've known could exist in theory, and in order to be able to detect it, you've got to find some way of detecting things in parts of the body that aren't easy to get at," Chertoff said. "It's either pat-downs or imaging, or otherwise hoping that bad guys haven't figured it out, and I guess bad guys have figured it out." From rforno at infowarrior.org Sun Dec 27 14:27:26 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 27 Dec 2009 09:27:26 -0500 Subject: [Infowarrior] - The 2000s: The decade we didn't see coming Message-ID: <4A09F5FA-B254-4859-8AF1-2FE0261B9A4E@infowarrior.org> Joel Achenbach on the 2000s: The decade we didn't see coming By Joel Achenbach Washington Post Staff Writer Sunday, December 27, 2009; A01 http://www.washingtonpost.com/wp-dyn/content/article/2009/12/26/AR2009122601822_pf.html The decade began so swimmingly. No Y2K bug, no terrorism, nothing but lots of fireworks as the planet turned and, time zone by time zone, all the zeroes replaced the nines. America was at peace. Prosperity reigned. The popular president soon announced a budget surplus of $230 billion. The dilemma for Washington lawmakers was what to do with all the extra money. People watched the values of their houses soar. The Dow had jumped 25 percent in just a year. Imagine how $1,000 might mushroom if invested in stocks for the next decade! The future had arrived bearing nifty technological gifts. An entire music catalogue could fit in the palm of a hand. People nurtured their avatars in Internet role-playing games. Technology offered a virtual escape from the real world. Except the real world wouldn't leave us alone. Throughout the decade, the real world pursued, hectored, harassed. Ignorance was punished. Hubris found its comeuppance. The optimists were routed, the pessimists validated. The fabulous economy turned out to be something of a hoax. A war predicted to be a "cakewalk" turned into a dismal slog. This was a decade when things you didn't know about could really hurt you. So it was that Americans were shocked by 9/11. That's when the decade really began, regardless of what the calendar might say. There had been earlier terrorist events, and abundant warnings, but the rantings of jihadists did not fully penetrate the consciousness of peacetime America. That September morning, observing the carnage in New York and Washington and in a field in rural Pennsylvania, we asked: What do these people want from us? Osama bin Laden's 9/11 hijackers, holing up in cheap motels, moving in groups, warily clinging to their luggage, had acted -- we could say in hindsight -- pretty much like terrorists plotting something or other. But they were invisible in a nation still blissfully unaware of the intensity with which it was hated. Go back to Jan. 1, 2000: The peace of that first night wasn't quite so real after all. A would-be terrorist, trained in Afghanistan, had planned to bomb Los Angeles International Airport. The plot unraveled a couple of weeks before the New Year, and investigators learned the full details only months later. "History's always catching America off guard," says Rick Shenkman, editor of George Mason University's History News Network. "We have to relearn that lesson over and over and over again, that we cannot escape history." The attacks shaped the entire decade. They led to two wars overseas and a new security regime at home that requires grandmothers to take off their shoes and get wanded before they board a flight. Not knowing about 9/11 would be, in this decade, like walking into a whodunit movie 15 minutes late and never understanding what the characters are talking about and why they're so exercised. The Iraq war, launched by the Bush administration in pursuit of weapons of mass destruction that did not actually exist, will be litigated by pundits and historians until the end of time. The decade closes with that war winding down and tens of thousands of troops surging into Afghanistan to intensify the battle with those who attacked us at the decade's start. And just in case we might have begun to let down our guard at home, a man tried to blow up a plane landing in Detroit on the final Christmas of the decade. Disaster and debt Some disasters were natural. For years, people warned that a big hurricane could devastate New Orleans. The worst came to pass, in the form of a storm named Katrina. About 1,500 people died on the Gulf Coast. This has not been a good decade for anyone overly sensitive to bad news. We've had two recessions, the first caused by the bursting of the tech bubble (wasn't Pets.com supposed to dominate the dog food market?), the second by the even more dramatic popping of the housing bubble (oops, maybe buying that $1.5 million McMansion was rash). The economic recovery has been trembling at best. The titans of industry can't bring themselves to do anything more risky than hire a few temps. Oh, and that $1,000 investment in the stock market? It turned into about $900 if invested in Dow blue-chips, and even less if you adjust for inflation. For this decade, the mattress would have been a better place to put your money. Some would call that a disaster. The more technically accurate term among market-watchers is a "correction." The Correction Decade was not much fun. The U.S. budgetary surplus of 2000 lasted about as long as the cherry blossoms by the Tidal Basin. Debt proved to be the grease by which ideologically polarized parties pushed legislation through Congress. The decade ends with the government running annual deficits that have to be expressed in scientific notation (i.e., 1.5 x 10 to the 12th dollars). Ordinary people misapprehended their station in life, and overspent, and overborrowed, and suffered the consequences when the whole house of cards fell apart. Financiers made a bad situation utterly catastrophic. The Wall Street wizards had bundled and diced and rearranged our mortgage debt into ever more exotic financial instruments that they wheeled and dealed in the global marketplace. Not even the experts knew what any of that stuff was really worth. They'd securitized the inscrutable. The entire economy had been inflated by the belief that what goes up can't possibly go down. We now stand corrected. Jack Abramoff, the Washington influence peddler, had his own encounter with the Department of Corrections, as did the Ponzi schemer Bernie Madoff, not to mention highfliers at places like Enron and WorldCom. Calamity in this era has been very much a group activity. Many institutions were not, in fact, too big to fail -- just ask the people who used to run the venerable Wall Street firm of Lehman Brothers. Being large and established proved to be a handicap in an era that favored the small and nimble. The Internet destabilized everything from newspapers to the music industry to global security. Jihadists recruit with YouTube. Politically the 2000s were not exactly the Era of Good Feeling. The bitterness was inevitable after Al Gore beat George W. Bush by more than 500,000 votes nationally, and yet, through a series of complex and improbable events -- including thousands of likely Gore voters in Palm Beach County punching a ballot for Pat Buchanan -- was denied the presidency. The signature image of the election was an official in South Florida examining a paper ballot to see if a "chad" was attached by one, two or three corners. You couldn't make this stuff up. History is neither linear nor deterministic, which is why, perhaps, Arnold Schwarzenegger became governor of California, and Tom "The Hammer" DeLay wound up as a contestant on "Dancing With the Stars." An African American won the nation's highest office. Barack Obama's triumph proved a dream come true for millions of Americans who wondered whether they'd live long enough to see a black president. One shocker: The campaign wasn't in any significant way about race. Clinton had an excellent decade. So did her husband. The Red Sox won the World Series! Historian Gil Troy, in a recent essay for the History News Network, pointed out that most people had a pretty good time the past 10 years: "When they look back on this cascade of catastrophes, Americans in the future will assume our lives were miserable, practically unlivable. Yet, for most of us, life has continued. We have maintained our routines, while watching these disasters unfold on the news. In fact, these have been relatively good years. America remains the world's playground, the most prolific, most excessive platform for shopping and fun in human history." Gizmos and Humvees Computers, software, all those 1s and 0s, flourished in the 2000s. This may have been the first decade in history that was better for machines than human beings. Largely overlooked in the 1990s Internet boom was the power of a computer application known as "search." Google, embryonic at the start of the decade, ends it looking as big and powerful as Ma Bell back in the day. "Content creation" had a bad decade, and "aggregation" a very good one. Today, marketers and headline writers have to craft something that will make sense to the Google spiders and Yahoo crawlers. Algorithms roam the Earth, terrorizing peasants who've yet to have their Search Engine Optimization training. We all Googled our symptoms; invariably we discovered our sniffle or twitch to be the sign of a hideous disease. Cyberchondria is just a growing pain of the Internet as machine intelligence improves, says Microsoft Research principal researcher Eric Horvitz, "On the way to perfection, these algorithms won't be perfect." The hassock-sized desktop computer is vanishing. The laptop survives, and has turned every coffee shop into a warren of workstations. Thanks to BlackBerrys and smartphones, people never have to experience life offline. The magic is powerful, and a little scary. How would we explain to an earlier generation our struggle to cut down on texting- and-driving? It was the hottest decade on record. Glaciers are in full retreat. Everyone could calculate his or her carbon footprint. Even oil companies claimed to be green. The one thing that didn't change was the increase in the emission of carbon. Stewart Brand, the technology sage, says that in 50 years the symbol of this decade might be the Humvee. This decade will be seen as "the last blast of extravagant wastefulness of energy and material, and lovely wretched excess, and probably will be viewed with a certain amount of nostalgia." If the 20th century was the "American Century," as Henry Luce called it, then the 21st century remains -- with 10 percent of it gone -- very much up for grabs. China may be the most fascinating country on Earth, but it has demographic and environmental burdens. India has a billion people and a lot of jobs once performed by Americans. Europe is integrating portentously. But the United States remains the world's sole superpower. America has a new leader who, back in 2000, was an obscure state legislator in Illinois. The next decade could be Obama's to shape. But governing is harder than campaigning. And Obama has already discovered that "Change" is something many people want in the abstract more than in real life. Human civilization evolves paradoxically. A world where you can donate money with the click of a button to save a life in Africa is also one where men strap bombs to themselves to blow up innocent strangers. As history marches on, this decade will be known for its stumbles and reversals. The scolds and doubters reminded us that hope is not a plan. But neither is despair a winning strategy. The smart move is to look back at the 2000s glancingly, and then turn, with optimism, to the decade ahead. From rforno at infowarrior.org Sun Dec 27 17:37:27 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 27 Dec 2009 12:37:27 -0500 Subject: [Infowarrior] - TSA To Save Print Media? Message-ID: <482D53D5-7BD0-4807-94EE-E8D2284462CF@infowarrior.org> TSA To Save Print Media? No Electronics On International Flights? What A Joke. MG Siegler TechCrunch.com Saturday, December 26, 2009; 10:22 AM http://www.washingtonpost.com/wp-dyn/content/article/2009/12/26/AR2009122601168_pf.html Before I begin, let me just state that TSA has yet to confirm any of this on its website, so the details aren't entirely clear at the moment. That said, there are several indications that orders have been issued to cease the use of electronics during international flights. Yes, that means no laptops, no iPods, no Kindles, no CD players, no portable DVD players, no Nintendo DSes ? nothing that requires any sort of power on these flights. If this is true, it's absolutely awful news. Obviously, this is all in reaction to the Nigerian man who attempted to bring down a plane coming into the U.S. And the TSA is going to do whatever it thinks is necessary to prevent further attacks of a similar nature. But the simple fact is that if the TSA was really this seriously worried about electronic devices, they could have banned them anytime since the attacks on September 11, 2001. Instead, they're doing it more than 8 years later after a man apparently lit some sort of mixture of powder and liquid in his lap. How that relates to electronics, I'm not sure. This just reeks of a "well, we have to do something" move. Again, all the details aren't known yet, and it's entirely possible that this is just a temporary measure that will be in place during a heightened security time following the attempted attack. Other reports suggest this will only affect planes coming into the U.S. Of course, if you leave the U.S. to go on an international trip, you're very likely going to have to come back, so this will affect you. So far, all the TSA is official saying is this: Passengers flying from international locations to U.S. destinations may notice additional security measures in place. These measures are designed to be unpredictable, so passengers should not expect to see the same thing everywhere. Due to the busy holiday travel season, both domestic and international travelers should allot extra time for check- in." Those other security measures apparently include not being allowed to get up in the final hour of a flight (so, no bathroom), being limited to one carry-on bag, and not being allowed to have anything on your lap in this final hour. We'll update this post when the official policy becomes more clear, but given the previous policies of no liquids, taking off your shoes, etc, it wouldn't be entirely shocking for a no electronics rule of some sort to be commonplace. And it comes at a time when air travel was becoming almost becoming bearable thanks to WiFi on a growing number of flights (though domestic for now). Instead, it looks like we'll have to revert back to the old standards: Books, magazines, and newspapers for these flights. If I were the print media companies, I'd jack up the prices in airports immediately. They may have just found a business model that will save them: Fear. I stand by my statement earlier: If they take electronics away from us on plane, I'd much prefer to be put into a state of hibernation on the flights like in Avatar. That's about the only thing that will make those cattle cars tolerable at that point. From rforno at infowarrior.org Sun Dec 27 21:27:51 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 27 Dec 2009 16:27:51 -0500 Subject: [Infowarrior] - =?windows-1252?q?=91Nonserious=92_Incident_on_Sam?= =?windows-1252?q?e_Flight_to_Detroit?= Message-ID: <4D2EC5CA-D00B-470F-937E-4665EB84E349@infowarrior.org> December 28, 2009 A ?Nonserious? Incident on Same Flight to Detroit By MICHELINE MAYNARD http://www.nytimes.com/2009/12/28/us/politics/w28talk.html?pagewanted=print DETROIT ? The pilots of Northwest Airlines Flight 253 from Amsterdam to Detroit ? the same flight involved in Friday?s terrorism attempt ? requested emergency assistance Sunday upon landing in Detroit, an airport spokesman said. The crew had requested police assistance on the ground because a passenger was ?verbally disruptive,? according to a statement from Delta Airlines, which acquired Northwest last year. A Homeland Security official described the incident as ?nonserious.? The Transportation Safety Administration said in a statement that it had been alerted to a ?disruptive passenger on board? Flight 253. The T.S.A. said that the flight landed safely at Detroit International Airport at approximately 12:35 p.m. Eastern ?without incident.? ?The aircraft has been moved to a remote location for additional screening,? the agency said. ?T.S.A. and law enforcement met the aircraft upon arrival, the passenger is now in custody.? A little before 4 p.m., the large white jetliner sat at the southeast corner of the vast Detroit Metropolitan Airport, surrounded by police and other emergency vehicles with their lights flashing in the fading afternoon light amid falling snowflakes. At 3:55 p.m., CNN said that law enforcement authorities has offered an "all clear" signal ? indicating that thethreat had passed ? and the plane began to be moved. Rows of bags and luggage remained on the tarmac, approached by dogs sniffing for contraband, whether as serious as explosive devices or the usual agricultural products not allowed to be flown in on passenger jets. Bill Burton, a White House spokesman, said that President Obama, vacationing in Hawaii, had been notified ?shortly after 9:00 a.m. Hawaiian time of the incident regarding an unruly passenger on the flight arriving in Detroit by N.S.S. chief of staff Denis McDonough.? ?The President stressed the importanceof maintaining heightened security measures for all air travel and gaveinstructions to set up another secure teleconference briefing as soon as possible,? Mr. Burton added. Police vehicles met the plane at the far end of the airport, and five buses drove up to the plane, in a repeat of the same scene that occurred on Friday. ?It?s a pretty typical response,? Scott Winter, the airport spokesman, said of the police vehicles. ?With an aircraft situation, speed is of the essence.? Television news showed scenes of lined-up luggage on the tarmac being approached by a bomb-sniffing dog. Even before the plane arrived, it was already running more than an hour late, according to the arrivals board inside the airport. The Associated Press reported that the passenger in question was a man from Nigeria, the same country of suspect in Friday?s terrorism attempt. The second Nigerian man was taken into custody after locking himself in the airliner?s lavatory, The A.P. reported. CNN reported that the man had locked himself in the lavatory for such a long time that the crew requested help on the ground. Micheline Maynard reported from Detroit, and Elisabeth Bumiller from Washington. From rforno at infowarrior.org Mon Dec 28 01:00:54 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 27 Dec 2009 20:00:54 -0500 Subject: [Infowarrior] - Paranoia, revisited Message-ID: <5F39A10A-4A01-4A95-AF8E-545BACD8CEF8@infowarrior.org> So speaking loudly in a foreign language (er, airborne xenophobia) is grounds for suspicion? You'd think a 'terrorist' would be more subtle, right? Oh.....and I guess if you're of Middle Eastern descent, you should ONLY watch 'Bambi' or 'The Princess Bride' when flying. Anything else might be deemed suspicious and get you detained, as happened today. --rf TSA: 2 passengers detained after flight to Phoenix Associated Press, 12.27.09, 07:29 PM http://www.forbes.com/feeds/ap/2009/12/27/general-us-phoenix-airport-detainment_7239843.html PHOENIX -- Two men thought to have been acting suspicious aboard a flight bound for Phoenix were detained and questioned by federal anti- terrorism authorities before they were released, the FBI said Sunday. Transportation Security Administration officials said passengers aboard U.S. Airways ( LCC - news - people ) Flight 192 from Orlando, Fla., on Saturday night reported that two men, described as Middle Eastern, were acting strangely and talking loudly to each other in a foreign language. A nearby passenger also observed one of men watching what appeared to be footage of a suicide bombing, but was actually a scene from the 2007 movie "The Kingdom." The man also got up from his seat while the seat belt warning sign was still lit, FBI spokesman Manuel Johnson said. "The totality of those three occurrences led this passenger to believe this was suspicious," he said. The flight crew called for law enforcement and TSA officers to meet them when the plane landed at Phoenix's Sky Harbor International Airport at about 8 p.m. Authorities said the two men were met by Phoenix police and TSA officials at the flight's airport gate and later interviewed by FBI agents. Nothing dangerous was found during a search of the plane and passengers' luggage, police said. The men were released after questioning and allowed to continue on to California, Phoenix Johnson said. From rforno at infowarrior.org Mon Dec 28 01:02:16 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 27 Dec 2009 20:02:16 -0500 Subject: [Infowarrior] - Sensible BTC Memo on Aviation Security Message-ID: (c/o IP) INDUSTRY ANALYSIS Aviation System Security Business Travel Coalition December 27, 2009 By Kevin Mitchell The Christmas attempt by a Nigerian man with PETN (one of the most powerful explosives known) affixed to his body to cause harm to an internationally-originated Delta Air Lines flight on approach to Detroit shone a bright light on much that is wrong with the U.S. approach to aviation system security. It is welcome news that President Obama has ordered an airline industry security review so long as it is strategic in nature. It makes abundant sense in the immediate aftermath of a suspected terrorist attempt to tighten security measures to ensure that there is not a wider terrorist operation underway; to guard against would-be copycats; and to adequately complete an investigation such that there is sufficient visibility to the nature and extent of the threat. The restrictions ordered by the Transportation Security Administration (TSA) on passenger movement and use of personal items during the one- hour period prior to landing in the U.S. would defy logic, if they are kept in place longer than what near-term security precautions warrant. Someone wanting to terrorize would simply endeavor to do so 65 minutes prior to landing, or during the beginning or middle of a flight. The immediate post 9/11 security priority for the U.S. was to prevent a commercial airline from ever again being used as a weapon-of-mass- destruction. Airport screening was strengthened substantially, the Air Marshall program was expanded, cabin and cockpit crews were trained in advanced anti-terrorism techniques, many pilots were armed, F-14s were placed on alert, and most importantly, cockpit doors were reinforced and passengers were forever transformed from passive participants in a time of threat to able defenders. All of this was accomplished within a relatively short period of time after the U.S. was attacked on 9/11. From that point forward the highest and best use of each incremental security dollar spent should have been on intelligence gathering, risk- management analysis and sharing, and on fundamental police work such that terrorists would never reach an airport, much less board an airplane. What does the immediate investigation into the near-calamity on Christmas reveal? ? The father of the accused terrorist, Umar Farouk Abdulmutallab, informed U.S. officials months ago that he was concerned about his son?s extreme religious views. Not a friend, not a teacher, but his very own father issued the warning! ? The accused Nigerian is in the Terrorist Identities Datamart Environment database (550K names) maintained by the U.S. National Counterterrorism Center. While not on the selectee list (14K names) or no-fly list (4K names), should not some of our scarce security dollars have been used to ensure that he was placed on the selectee list, questioned and subjected to extra searching prior to being allowed to board the Detroit-bound flight from Amsterdam? U.S. Homeland Security Secretary Janet Napolitano appeared today on ABC?s This Week show and unabashedly steered clear of government accountability arguing that the U.S. did not have enough information to keep the accused man from boarding the flight or to add him to the selectee or no-fly list. However, his very father warned us! Moreover, the UK?s Daily Mail reports that Umar Farouk Abdulmutallab was banned from Britain; his last visa request refused! That the suspect did not but should have received additional questioning and physical screening is where the U.S. government?s focus should be, versus on the in- flight security illusion of restricted passenger movement, if it is intended to be more that temporary. President Obama is right to review aviation system security. In doing so his advisors should consider that security-theater in fact also inconveniences all passengers, renders air travel less appealing for business travelers and negatively impacts our struggling economy as aviation drives commercial activity and job creation. What?s more, it is unconscionable that the U.S. has been without a TSA leader for a year and reprehensible that one Senator?s extreme political views are allowed to hold our country hostage and put our citizens in harm?s way by blocking the confirmation of President Obama?s nominee to run TSA, Erroll Southers. Politics trumping passenger security is a national disgrace! We desperately require leadership at TSA now. CONTACT BTC || Kevin Mitchell | 610-341-1850 | mitchell at BusinessTravelCoalition.com About BTC Founded in 1994, the mission of Business Travel Coalition is to bring transparency to industry and government policies and practices so that customers can influence issues of strategic importance to their organizations. From rforno at infowarrior.org Mon Dec 28 02:11:49 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 27 Dec 2009 21:11:49 -0500 Subject: [Infowarrior] - TSA Observation/Question Message-ID: <72D5C94F-EC02-43CC-A480-662149DF29BB@infowarrior.org> A question regarding the current airline security sideshow: Does anyone else think it odd/interesting that DHS and TSA is bending over backwards to say - as frequently as possible -- that "Passengers should not expect to see the same thing at every airport" in regard to the 'enhanced security' measures put into place this week? This seems to be Talking Point #1 over the past 24 hours or so. On one level a degree of variance is a good thing from a security perspective, I realize that. However, with the frequency this statement is being propagated in the media, it makes me wonder if this isn't also a vague way of covering the agency in the event of future terrorism attempts that get discovered in-progress like the one this week, or is invoked to make it harder to develop appropriate measures of accountability for their activities by responsible entities. At the risk of sounding conspiratorial, in light of this soundbyte being used so much in the past day or so, and given this adminisration's infatuation with its branding and marketing, I can't help but wonder..... Just musing out loud, -rick infowarrior.org From rforno at infowarrior.org Mon Dec 28 02:19:22 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 27 Dec 2009 21:19:22 -0500 Subject: [Infowarrior] - ATT: NYC "not ready" for iPhone Message-ID: <857DA306-8906-4C2E-8C75-FA8049F58758@infowarrior.org> AT&T Customer Service: "New York City Is Not Ready For The iPhone" By Laura Northrup on December 27, 2009 5:30 PM 0 views AT&T has apparently found a workable solution to the reported data congestion in New York City. They've quietly stopped selling the iPhone to customers in the New York metropolitan area, at least from their web site. I guess that's one way to solve the problem. Reader Stephen in Brooklyn made the discovery while shopping for a new phone today... http://consumerist.com/2009/12/att-customer-service-new-york-city-is-not-ready-for-the-iphone.html From rforno at infowarrior.org Mon Dec 28 13:14:20 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 28 Dec 2009 08:14:20 -0500 Subject: [Infowarrior] - OT: JibJab's 2009 Review Message-ID: <39733A52-41DA-42B4-850F-6BD62C2C1067@infowarrior.org> http://www.techcrunch.com/2009/12/27/jibjab-year-in-review-2009/? 2009 is coming to a close, which means it?s time to reflect on the events that shaped the last twelve months. And there?s nothing like a whirlwind animated musical to put everything into perspective. Cue JibJab, which has just released their annual Year In Review: a two minute video romp that recaps the last year in all its glory. The video is packed will everything from momentous events like the induction of our first black President to moments of unparalleled stupidity (Balloon Boy). Even Three Wolf Moon made the cut. This is the fifth year that JibJab has produced their Year In Review, and we?re told it will be seeing airtime on a number of national television networks tomorrow. For those wondering how the video was made, the company has put together a thorough blog post detailing its production. Aside from the video, CEO Gregg Spiridellis tells us that JibJab is having a very strong holiday season. The entertainment portal, which offers customizable Flash videos, greeting cards, and a variety of other content, drew 33 million unique visitors in the last month according to Quantcast. Spiridellis adds that the site has served 90 million video views this quarter alone (which was likely helped in part by its always popular ElfYourself feature). Watch the video in the embed below: http://www.techcrunch.com/2009/12/27/jibjab-year-in-review-2009/? From rforno at infowarrior.org Mon Dec 28 13:26:01 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 28 Dec 2009 08:26:01 -0500 Subject: [Infowarrior] - Adding Fees and Fences on Media Sites Message-ID: <8D50263B-A45B-4BFE-B003-6E21C7926983@infowarrior.org> December 28, 2009 Adding Fees and Fences on Media Sites By RICHARD P?REZ-PE?A and TIM ARANGO http://www.nytimes.com/2009/12/28/business/media/28paywall.html?hpw=&pagewanted=print Over more than a decade, consumers became accustomed to the sweet, steady flow of free news, pictures, videos and music on the Internet. Paying was for suckers and old fogeys. Content, like wild horses, wanted to be free. Now, however, there are growing signs that this free ride is drawing to a close. Newspapers, including this one, are weighing whether to ask online readers to pay for at least some of what they offer, as a handful of papers, like The Wall Street Journal and The Financial Times, already do. Indeed, in the next several weeks, industry executives and analysts expect some publications to take the plunge. Rupert Murdoch, beyond charging for access to The Journal, has talked about forming a partnership with a single search engine, which would pay him for the rights to scour the news and entertainment programming produced by his company, the News Corporation, rather than letting all search engines crawl his sites. Also Hulu, which is owned partly by Mr. Murdoch?s company, is considering charging viewers to watch some of the TV shows it now streams free. Magazine publishers, meanwhile, have banded together to try to create their own version of the iTunes store, aiming for a day when they can sell enhanced versions of what they have been giving away. And more and more media companies are planning to charge for apps on iPhones and other mobile devices, as well as on the Amazon Kindle and other e- readers. Media companies of all stripes built their business models on the assumption that advertising would continue to pour into their coffers. But with advertising in a tailspin, they now must shrink, shut down or find some way to shift more of the cost burden to consumers ? the same consumers who have so blissfully become accustomed to Web content that costs nothing. So will future consumers look back on 2010 as the year they finally had to reach into their own pockets? Industry experts have their doubts, saying that pay systems might work, but in limited ways and only for some sites. Publishers who sounded early this year as though they were raring to go have not yet taken the leap, and the executives who advocate change tend to range from vague to cautious in making any predictions about fundamentally changing the finances of their battered businesses. But one thing clearly has shifted already, in a year rife with magazine closures and newspaper bankruptcies: conventional wisdom among media companies has swung hard from the belief that pay walls would only curb traffic and stifle ad revenue, to the view that media businesses need to try something new, because the current path appears to lead to extinction. ?Content providers see that the idea that everything has to be free, supported by ads, isn?t working well, and they?re trying to put the toothpaste back into the tube, but only partially,? said Alan D. Mutter, a media consultant and blogger who has been an executive at digital media companies. He went on: ?So we?re looking at some sort of an inflection point, at least in attitude. But I haven?t seen much realistic, hard-headed thinking about how that?s going to happen, so I don?t know how much is really going to change.? Ann S. Moore, the chief executive of Time Inc., the nation?s largest magazine publisher, said, ?A lot is going to change over the next two years.? But she conceded that it was very hard to predict the shape of that change, and she said that adding pay walls alone probably would not work. Of course, it is the established media, with their legacy of high operating costs and outdated technology, that face this problem. Leaner, newer online competitors will continue to be free, avidly picking up the users lost by sites that begin to charge. Arianna Huffington, co-founder and editor in chief of The Huffington Post, predicted that much of the talk of media?s mining the Web for new revenue would never become reality ? and that if it did, free sites like hers would benefit. Some of the plans now being laid might work, she said, but many of them would just alienate the Internet users who click from one site to another, wherever links and their curiosity take them. ?I?m not minimizing the fact that there?s a need to experiment with multiple new business models,? she said. ?I just don?t believe in ignoring the current realities.? For more than a decade, media companies have hoped for a day when they could either control access to their products online or at least put a price on them that a mass market would bear. But that day has never come. What has changed is the level of threat they face, given the worst advertising downturn in memory. Since the infancy of the Web, there have been predictions that by making information more plentiful and accessible, prices would be steadily driven down, with no bottom in sight. At first, it did not seem to matter: Internet advertising grew at a breakneck pace, and traditional media thrived even as the assumption of free content took root online. But eventually, the rise of the Internet punished most media, starting with the music industry, in the form of file-sharing. That history offers an object lesson. Despite the success of iTunes and other pay services, illegal downloads remain common. Print publications are suffering most now, but digital distribution has grown in importance for broadcast television. Nearly all of its content is now available free online, as broadcast media lose audience and advertising. Book publishers are also fighting the tide; Simon & Schuster said recently that it would delay the release of e-book versions of 35 big titles, like Karl Rove?s memoir and a Don DeLillo novel, fearing that the $9.99 digital versions would eat into sales of hardcover copies. Cable television has been an exception, thriving on subscriber fees, but even there, executives fret that consumers are disentangling themselves from their cable boxes, free to pick and choose individual programs online and watch on their TVs. Jeffrey L. Bewkes, the chairman and chief executive of Time Warner, has advanced a plan that he calls TV Everywhere, which would allow paying cable television subscribers to view shows online for no extra charge. Similarly, Comcast started a service this month that gives subscribers to its broadband Internet and digital cable services access to its cable programming on the Web. These efforts are not about wringing extra dollars from the Web but about preserving the current economics of the business. ?We?re saying, since those payments you have made have found their way to the networks and through distributors that give you the connection, that we want to have you be able to watch all those networks on broadband,? Mr. Bewkes said recently at an investor conference in New York. A leading evangelist for the coming of a new era is Rupert Murdoch, who has said he envisions a not-too-distant day when all of the News Corporation?s news properties, including Fox News Channel, The Times of London and The New York Post, charge online. He and his executives have repeatedly criticized search engines and news aggregators, saying it was ?theft? to profit from publishers? work. The News Corporation has been shopping around an online payment software system ? so far without much success ? in hopes of playing pied piper to other publishers, and it is a charter member of the group of magazine publishers that have banded together, in a consortium announced this month. And there have been talks about the possibility of Microsoft paying for the exclusive rights to have its Bing search engine direct users to News Corporation sites. ?Quality content is not free,? Mr. Murdoch wrote in The Wall Street Journal on Dec. 8, days after delivering a similar message at a Federal Trade Commission workshop. ?In the future, good journalism will depend on the ability of a news organization to attract customers by providing news and information they are willing to pay for.? People who have studied the problem argue that charging online would work only if consumers were offered a much-improved product with the convenience of access anywhere, on any digital device ? the core idea behind the magazine consortium and its planned online store. By that standard, much of the talk of wringing more money from Internet users rings hollow, said Jay Rosen, a professor of journalism at New York University and a prominent blogger on media subjects. ?People who really think we have to charge or the industry is sunk would be more persuasive if they said at the same time we have to add more value than we?ve been adding,? he said. And, most industry experts agree, entertainment will be easier to charge for than news. It may be hard to prevent free distribution of an episode of ?The Office? or ?NCIS,? but the product is unique, with no substitute being created by someone else. A small number of publications already charge for Internet access, including The Wall Street Journal, The Financial Times, Newsday, Consumer Reports and The Arkansas Democrat-Gazette. But they tend to be either specialty products or near-monopolies in local markets, and they generally do not charge enough to fundamentally alter their profit pictures. But for most general-interest news, any paid site would be competing with alternative versions of the same articles, delivered by multiple free news sources. ?One of the problems is newspapers fired so many journalists and turned them loose to start so many blogs,? Mr. Mutter said. ?They should have executed them. They wouldn?t have had competition. But they foolishly let them out alive.? From rforno at infowarrior.org Mon Dec 28 14:02:18 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 28 Dec 2009 09:02:18 -0500 Subject: [Infowarrior] - DHS backpedals: The system "failed miserably" Message-ID: System to keep air travel safe failed: Napolitano WASHINGTON Mon Dec 28, 2009 8:45am EST http://www.reuters.com/article/idUSTRE5BQ0Z420091228 WASHINGTON (Reuters) - The system aimed at keeping air travel secure failed when a Nigerian man who was suspected of ties to militants managed to smuggle explosives aboard a flight, U.S. Homeland Security Secretary Janet Napolitano said on Monday. "It did," Napolitano said in an interview on NBC's Today Show, when asked if the system "failed miserably." "And that's why we are asking -- how did this individual get on the plane? Why wasn't the explosive material detected? What do we need to do to change" the security watch list rules, she said. Umar Farouk Abdulmutallab has been charged with trying to blow up Northwest Airlines flight 253 as it approached Detroit from Amsterdam on Christmas Day with almost 300 people on board. Passengers and crew overpowered him after he set alight an explosive device attached to his body. On Sunday, Napolitano said the system to protect air travel worked, but in news shows appearances on Monday she said she meant the response to alert other flights and airports and impose immediate safety procedures was effective. Appearing on Monday on CNN, she said the administration was reviewing other security policies "because clearly this individual should not have been able to board this plane carrying that material." Abdulmutallab's father, a respected Nigerian banker, had told U.S. officials he was concerned that his son's radicalized behavior could pose a threat, and his name was on a broad U.S. list of possible security threats. But he was not on the much smaller "no fly" list. Napolitano was asked on NBC if the attempt represented a new form of threat that the screening system was not equipped to handle. "I wouldn't go that far," she said. "What I would say is that our system did not work in this instance. No one is happy or satisfied with that. An extensive review is under way." "At this point we feel that with the additional screening procedures in place ... the additional protective measures within aircraft ...that air travel is safe while we work our way through this problem." (Reporting by Deborah Charles, editing by Vicki Allen) From rforno at infowarrior.org Mon Dec 28 20:06:26 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 28 Dec 2009 15:06:26 -0500 Subject: [Infowarrior] - GSM crypto cracked Message-ID: Secret code protecting cellphone calls set loose http://www.theregister.co.uk/2009/12/28/gsm_eavesdropping_breakthrough/ Universal phone snooping moves forward By Dan Goodin in San Francisco ? Get more from this author Posted in Security, 28th December 2009 18:57 GMT Cryptographers have moved closer to their goal of eavesdropping on cellphone conversations after cracking the secret code used to prevent the interception of radio signals as they travel between handsets and mobile operators' base stations. The code is designed to prevent the interception of phone calls by forcing mobile phones and base stations to rapidly change radio frequencies over a spectrum of 80 channels. Without knowing the precise sequence, would-be eavesdroppers can assemble only tiny fragments of a conversation. At a hacker conference in Berlin that runs through Wednesday, the cryptographers said they've cracked the algorithm that determines the random channel hopping and have devised a practical means to capture entire calls using equipment that costs about $4,000. At the heart of the crack is open-source software for computer-controlled radios that makes the frequency changes at precisely the same time, and in the same order, that the cellphone and base station do. "We now know this is possible," said Karsten Nohl, a 28-year-old cryptographer and one of the members of an open-source project out to prove that GSM, the technical standard used by about 80 percent of the mobile market, can't be counted on to keep calls private. The attack "is practical, and there are real vulnerabilities that people are exploiting." A spokeswoman for the GSM Association, which represents 800 operators in 219 countries, said officials hadn't yet seen the research. "GSM networks use encryption technology to make it difficult for criminals to intercept and eavesdrop on calls," she wrote in an email. "Reports of an imminent GSM eavesdropping capability are common." The channel-hopping crack comes as the collective is completing the compilation of a rainbow table that allows them to decrypt calls as they happen. The table works because GSM encryption uses A5/1, a decades-old algorithm with known weaknesses. The table - a 2-terabyte list of known results that allows cryptographers to deduce the unique key that encrypts a given conversation - was developed by volunteers around the globe using giant clusters of computers and gaming consoles. Within days of the project announcement in August, the GSMA pooh- poohed it as a "theoretical compromise" that would have little practical effect on the security of phone calls. In addition to the massive rainbow table needed, the GSMA said it doubted researchers had the means to process the vast amounts of raw radio data involved. "Initially, we didn't consider channel-hopping a big security feature," Nohl told The Register. "If the GSM Association's excuse for bad crypto is there is another security feature we rely on much more, then of course, we'll break that, too." A bare-bones attack can be pulled off with a PC with a medium-end graphics card, a large hard drive, two USRP2 receivers and the channel- hopping software. Under normal conditions, it will take a few minutes of conversation before eavesdroppers have collected enough data to break the encryption. Because the calls are recorded and played back later, the entire contents of a conversation can still be captured. More elaborate setups that use a network of computers or Field Programmable Gate Array devices, will be able to unlock calls almost instantaneously, Nohl said. To capture both ends of a conversation, an attacker would have to place one of the radios in close proximity to the person making the call, while the second would be used to capture downlink transmissions coming from a carrier's base station. That requires a fair amount of effort because attackers must target a specific individual. But in many cases - such as phone menus used by banks and airline companies - it's sufficient for an attacker to intercept only the downlink, said David Burgess, a signal processing engineer who helped to identify weaknesses used to break A5/1. "Even if I only see the downlink, that's still very useful," he said. "The base station is acknowledging back every button press." After weaknesses in A5/1 became common knowledge, mobile operators devised A5/3, an algorithm that requires about a quintillion times more mathematical operations to break. Despite estimates that some 40 percent of cellphones are capable of using the newer cipher, it has yet to be adopted, largely, Nohl says, because of the cost of upgrading and fears older handsets will be left behind. "A5/3 is a better encryption algorithm and there has been a long- standing proposal to make this the preferred cipher in GSM," he said. "But no network operator with one exception that I'm aware of has started adopting A5/3 so far." The GSMA has said it plans to transition to the new technology, but has yet to provide a timetable. Nohl described the channel-hopping techniques at the 26th Chaos Communication Congress, an annual hacker conference in Berlin, along with fellow reverse engineer Chris Paget. Their presentation is here. ? From rforno at infowarrior.org Tue Dec 29 00:12:36 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 28 Dec 2009 19:12:36 -0500 Subject: [Infowarrior] - OpEd: It's Time To Fire the TSA Message-ID: President Obama, It's Time To Fire the TSA http://gizmodo.com/5435675/president-obama-its-time-to-fire-the-tsa Today, DHS's Napolitano's response to the crotchbomber: "We're looking to make sure that this sort of incident cannot recur." But the TSA's response to Abdulmutalib's attempt makes one thing clear: We must stop pretending the TSA is making us safer. Security expert Bruce Schneier nails the core incompetency: "For years I've been saying 'Only two things have made flying safer [since 9/11]: the reinforcement of cockpit doors, and the fact that passengers know now to resist hijackers.'" So what has the TSA done in response to the attempted attack? They've told airlines to make passengers stay in their seats during the last hour of flight. They've made it verboten for passengers to hold anything in their laps, again only during the last hour of flight. Perhaps most hilariously telling, they've forbidden pilots from announcing when a plane is flying over certain cities and landmarks. There is no other way to interpret it: The TSA is saying clearly that they can't prevent terrorists from getting explosives on airplanes, but by god, they'll make sure those planes only explode when the TSA says it's okay. I want our government to prevent terrorism and to make flights safer. But we are spending billions of dollars and man-hours to fight a threat that is less likely to kill a traveler than being struck by lightning. In the last decade, according to statistician Nate Silver, there has been "one terrorist incident per 11,569,297,667 miles flown [the] equivalent to 1,459,664 trips around the diameter of the Earth, 24,218 round trips to the Moon, or two round trips to Neptune." (Sadly, this does mean that in the future we can expect one out of every two round-trip flights to Neptune to be hijacked.) The TSA isn't saving lives. We, the passengers, are saving our own. Since its inception, the TSA has been structured in such a way as to prevent specific terror scenarios, attempting to disrupt a handful of insanely specific tactics, while continuing to disenfranchise and demoralize the citizens who are actually doing the work that a billion- dollar government agency?an agency that received an additional $128 million just this year for new checkpoint explosive screening technology?has failed to do. We just had the first legitimate attempted attack in years, and the TSA changes the threat level from orange...to orange. This goes far beyond simple customer satisfaction issues like "Take Back Takeoff." (Although they are of a kind.) It has to do with wildly irrationally response of a government agency in the face of failure. An agency whose leader, Secretary of Homeland Security Janet Napolitano, said at first blush that the attempted attack showed that? here comes the Katrina-class foot-in-mouth?"the system worked." (She shoveled ---- in her mouth this morning, while still talking up the asinine new measures that the TSA will be taking to respond to this isolated threat.) I don't want to die on an airplane. I don't want to die in my home while eating an organic bagel infested with parasites that lay eggs on my liver. I don't want to die from starvation or bad water or a thousand other things that I pay our government to monitor and regulate. But I also don't expect the government to protect from the literally endless possibilities and threats that could occur at any point to end my life or the life of the few I love. It's been nearly a decade since terrorists used airplanes to attack our country, and last week's attempt makes it clear that the lack of terrorist attacks have nothing to do with the increasing gauntlet of whirring machines, friskings, and arbitrary bureaucratic provisions, but simply that for the most part, there just aren't that many terrorists trying to blow up planes. Because god knows if there were, the TSA isn't capable of stopping them. We're just one bad burrito away from the TSA forcing passengers to choke back an Imodium and a Xanax before being hogtied to our seats. President Obama, don't let this attack?this one attack that was thankfully stopped by smart, fearless passengers and airline staff? take us further in the wrong direction. I don't think I'm alone in feeling this way. Americans of all stripes and affiliation standing up to say, "This isn't working. We gave you our money. You're not making us safer." We appreciate the attempt to make us safer and acknowledge that it came from an honest attempt to protect American (and the rest of the world's) lives. But it's a failure. It's wrongheaded. It's a farce. Tear it down. Put the money towards the sort of actions at which our government excels, like intelligence. The failure of the TSA leaves us no choice, but it's okay. The American people are ready to take back the responsibility for our own safety. Really, we already have. Send an email to Joel Johnson, the author of this post, at joel at gizmodo.com < moc.odomzig at leoj > moc.odomzig at leoj. From rforno at infowarrior.org Tue Dec 29 16:19:34 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 29 Dec 2009 11:19:34 -0500 Subject: [Infowarrior] - NBC, CNN blasted for checkbook journalism Message-ID: <8A2DED57-D05B-4EAA-8051-05DD59BD42B8@infowarrior.org> NBC blasted for checkbook journalism on David Goldman story ? December, 28 2009 4:37 PM http://blogs.orlandosentinel.com/entertainment_tv_tvblog/2009/12/nbc-blasted-for-checkbook-journalism-on-david-goldman-story.html NBC?s interview with David Goldman has drawn a scathing review from the Society of Professional Journalists? Ethics Committee. The panel says it?s ?appalled? because NBC News chartered a plane for Goldman and his son, Sean, to fly from Brazil to the United States. They were reunited after a five-year custody battle, and they arrived in Orlando on Christmas Eve. In paying for the plane, NBC News engaged in ?checkbook journalism,? the Ethics Committee says. The journalists? group has a code of ethics that urges reporters to refrain from bidding for news. ?The public could rightly assume that NBC News bought exclusive interviews and images, as well as the family?s loyalty, with an extravagant gift,? Ethics Committee Chairman Andy Schotz said. In a statement, NBC News said: ?The Goldmans were invited on a jet NBC News chartered to fly home to the U.S. on Thursday, December 24. NBC News has followed this story since the Goldmans? story first ran on Dateline nearly one year ago ? David Goldman since has appeared on Today seventeen times. NBC News has not and will not pay for an interview.? With its lavish gesture to the Goldmans, NBC News helped create the news and jeopardized its credibility, the SPJ Ethics Committee said. ?Mixing financial and promotional motives with an impartial search for truth stains honest, ethical reporting,? Schotz said. ?Checkbook journalism has no place in the news business.? The journalists? group is urging NBC News to show some transparency on the story. Meredith Vieira interviewed David Goldman on ?Today? this morning. More of the interview will be seen in a two-hour ?Dateline? at 8 p.m. Jan. 8. From the beginning, NBC News has disclosed that it invited the Goldman family on the flight. ?NBC must now, belatedly, explain why it entangled its news reporting and corporate interests in this story, as well as the terms of any deal it made with the Goldman family,? Schotz said. ?NBC also is ethically bound to adequately disclose its active role in the story in each of its future reports on the Goldmans.? The Ethics Committee critique arrived after it was reported that CNN paid a licensing fee to Jasper Schuringa, the hero of Northwest Flight 253 who subdued a Nigerian man determined to blow up the plane. CNN paid for a cell phone image ? and thus landed Schuringa for an exclusive interview. The Web site Mediaite.com reported,?There?s a reason Schuringa has not appeared any further on CNN or any other network ? we hear he has asked for additional payment for any future interviews.? Many viewers have been appalled by fees that TV news organizations have paid for photographs and footage in the Casey Anthony case. The networks say they are not paying for interviews by paying the fees. But many observers have been infuriated that the Anthony family seems to be profiting from the death of a child, 2-year-old Caylee Anthony. The Goldman story is an uplifting one, but paying for access is still paying for news. When money changes hands, that gives the appearance of compromising the reporting. There should be one standard in journalism. No matter if the story is happy or tragic, checkbook journalism is wrong. From rforno at infowarrior.org Tue Dec 29 21:35:31 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 29 Dec 2009 16:35:31 -0500 Subject: [Infowarrior] - The 10 Most Infamous Video Memes of the '00s Message-ID: <2E9D7664-62AD-4FE1-9D2B-EA1B1BF5B67A@infowarrior.org> The 10 Most Infamous Video Memes of the '00s http://www.toplessrobot.com/2009/12/the_10_most_infamous_video_memes_of_the_00s.php From rforno at infowarrior.org Tue Dec 29 22:11:06 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 29 Dec 2009 17:11:06 -0500 Subject: [Infowarrior] - Remember to Donate to EFF in 2009! Message-ID: <04DB5D4B-F383-4E08-85C8-0B2296F2C128@infowarrior.org> Mark the end of the decade with a tax-deductible donation to the Electronic Frontier Foundation (EFF). EFF has spent almost 20 years fighting for your digital rights. Help us continue our important work! And in honor of EFF's 20th anniversary, we're offering a limited edition xkcd t-shirt and other special premiums for contributions of over $100 sent by the end of the year. So why wait? Donate NOW! http://secure.eff.org/friends2009 ~Happy New Year from your friends at EFF!~ From rforno at infowarrior.org Tue Dec 29 22:28:13 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 29 Dec 2009 17:28:13 -0500 Subject: [Infowarrior] - Facebook, Capitol Hill as friends? Message-ID: <5EE3046C-8B80-48B3-B31A-810BB76C9C8A@infowarrior.org> Can Facebook and Capitol Hill be friends? Lawmakers climb social- networking wall By Ian Shapira Washington Post Staff Writer Tuesday, December 29, 2009; 4:00 PM http://www.washingtonpost.com/wp-dyn/content/article/2009/12/29/AR2009122901436_pf.html Inside the headquarters of the National Republican Congressional Committee, 25-year-old Adam Conner -- registered Facebook lobbyist, poster of multiple Obama attaboys and a guy whose Facebook photo is a grizzly bear wielding two chainsaws -- sits down to teach a course. The subject: How to use Facebook better. His student: Rep. Peter Roskam (R-Ill.). "If we're going to improve our presence on Facebook and really maximize it, what would you recommend as tangible steps?" Roskam asks, thumbing his BlackBerry. "It looks like you're very comfortable with your BlackBerry," Conner replies earnestly. "Maybe commit to a status message a day? A photo a week? Dive deeper. You'll be surprised at how things that seem routine to you as a congressman are so interesting and cool to constituents." Conner is Facebook's evangelist in Washington, a social-networking pro summoned by elected officials and bureaucrats alike to teach them, free of charge, how to leverage Facebook -- within strict government rules and security guidelines. The mere existence of Conner's hand- holding lessons illustrates the cultural gulf between Washington and Silicon Valley, and spotlights the complex web of congressional rules that limit social networking among federal workers. Lots of help calls Conner is certainly grateful for his job as associate manager of Facebook's privacy and public-policy division. Compared with many of his highly educated but underemployed peers in Washington, Conner is doing just fine financially, earning somewhere around $75,000 a year, with equity to boot. (He declined to give specifics on his salary or stock options.) But striver that he is, Conner, a 2006 George Washington alum who worked on Democrat Mark Warner's exploratory presidential campaign in 2006, chafes at his mechanic's role and the clash of cultures between Facebook's open-book attitude and Washington's need-to-know boundaries. He's impatient for a time when he no longer receives up to 20 help requests a day from government officials. "Everyone really wants to talk on the phone in D.C., and it's often not a polite request," says Conner, who is considering graduate school and entering politics one day. "It's often, 'Call me today.' Yeah, we have a 'Help' section on Facebook. It's very helpful. At the bottom of the page, it says 'Help.' " On his own public Facebook page -- boasting 2,500 "friends," including many government officials -- Conner stays true to the transparency-is- king credo of the Internet. One of his status updates earlier this month was this re-tweet -- the re-posting of another person's Twitter post: "RT @cjoh: Go outside. Feel that hail? That's God being pissed off at Joe Lieberman." Or, some days later: "Not a politics party till people start referring to previous hookups present by campaign cycle, like 'She was New Hampshire Primary 07.' " His day job requires him to seek inroads with security-conscious government agencies and uptight lawmakers -- some of whom are looking into limiting Facebook's running room on privacy issues. But off the clock, Conner's Facebook page is unmoored from the Beltway ethic of caution. Nor does Conner hold back on his partisan positions, a fact that does not seem to poison his relations with those on the right. Last week, Conner posted a link to a Web site devoted to mocking Republican National Committee Chairman Michael Steele, adding as preface: "this one is legendary." "He'll be sitting in my office and I'll ask him, 'Is your skin burning?' " said John Randall, the National Republican Congressional Committee's e-campaign director, who has requested Conner's help for two "campaign schools" this year designed to help Republican candidates improve their Facebook pages. "He just comes back and says, 'Hey, I am a businessman. I think you guys are wrong on a bunch of stuff, and other things not so much.' But I understand what he does. Facebook is a business and there are people who want to spend money on Facebook who are Republicans." For a stronger democracy Conner, who two years ago launched Facebook's Washington office out of his apartment and is now one of three employees in the company's Dupont Circle office, doesn't believe he's aiding the enemy. Conner believes that the savvier politicians become with social networking, the stronger democracy will be. "It would make no sense to cut out 50 percent of the country," he said. "It's better for us to have as many points of view. Facebook is not a partisan platform." Yet, the company has political battles of its own to fight. Facebook recently hired Tim Sparapani, a former American Civil Liberties Union lawyer, as its public policy director. Sparapani said Facebook's challenges in Washington are convincing some federal agencies that the site is secure, and overcoming allegations that Facebook is cavalier about its users' privacy. "Our mission in this office is helping Washington understand this new phenomena of social networking and translating Washington back to Silicon Valley," he said. "Adam's been a big part of that. Sparapani says Conner's pro bono teaching will help if and when the company needs help dealing with federal regulators. "It is better to talk to people when you don't need them than to show up when you're in trouble," Sparapani said. One of the trickier parts of Conner's job is helping congressmen and their staffers figure out how to exploit Facebook without breaking ethics rules set by the House Committee on Administration. Members of Congress and staffers, for instance, may not use a member's "campaign" Facebook page at the office, and must instead use a second Facebook page meant for official government use. To the average person, these pages are nearly indistinguishable. Despite his affection for transparency, Conner has learned that some aspects of Washington life require discretion. Asked about restrictions on using Facebook at the White House, he says: "I can't go into details, but we're helping them solve some issues there." Conner sometimes gets emergency calls. About 9 one night earlier this month, Lt. Col. Kevin Arata, the Army's director of online and social media, discovered that someone was trying to impersonate him on Facebook with a fake account and was friending his wife and son. "I immediately got on Facebook to write Adam," Arata recalls. "He writes back within three minutes and then all the other pages were taken down." A cautious response But perhaps the hardest part of Conner's job is persuading cautious congressmen to reveal the oddball minutiae of their lives. In his meeting with Roskam, Conner tries to motivate his student with the example set by actor Vin Diesel of "Fast and Furious" fame. "The most popular page on Facebook is the actor Vin Diesel," Conner says. "It used to be Obama. How did an actor become more popular than the president? The answer is that he spends a lot of time putting up personal posts. He'll put up pictures from his travels and answer questions about his movies." Roskam, who updates his campaign and official Facebook pages along with his staffers, isn't so sure about following Conner's advice and posting items about his mundane doings. " 'I am going to the dry cleaners' -- that's not interesting," the congressman said in a separate interview. "I am trying to think of what is interesting from a personal connection. 'Going over to the Ways and Means Committee'? You're sensing a little caution in my voice, because you really don't want to be that guy." What about responding to people's comments on your Facebook wall? "That is running, whereas I am more at the creeping stage," said Roskam, who as of Christmas had not updated his pages' walls with his own messages in at least 10 days. As his meeting with Conner wraps up, Roskam and his chief of staff, Steven Moore, recall how Facebook helped secure younger voters in the 2008 election. "We spent $60,000 on radio ads, and about $3,000 on the Internet," Moore says. "If I had known that information going in, I would have doubled down." "Well, feel free to spread the word to other campaign managers," Conner says. Roskam likes what he sees in the Facebook pitchman, even if Conner is a Democrat. "There you go!" he says, extending his hand to Conner. "What a closer." From rforno at infowarrior.org Wed Dec 30 00:26:05 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 29 Dec 2009 19:26:05 -0500 Subject: [Infowarrior] - New WH Order on Classified Information Message-ID: Promoting Openness and Accountability by Making Classification a Two- Way Street Posted by William H. Leary on December 29, 2009 at 02:38 PM EST http://www.whitehouse.gov/blog/2009/12/28/promoting-openness-and-accountability-making-classification-a-two-way-street President Obama has issued a new executive order on ?Classified National Security Information? (the Order) that addresses the problem of over-classification in numerous ways and will allow researchers to gain timelier access to formerly classified records. Among the major changes are the following: ? It establishes a National Declassification Center at the National Archives to enable agency reviewers to perform collaborative declassification in accordance with priorities developed by the Archivist with input from the general public. ? For the first time, it establishes the principle that no records may remain classified indefinitely and provides enforceable deadlines for declassifying information exempted from automatic declassification at 25 years. ? For the first time, it requires agencies to conduct fundamental classification guidance reviews to ensure that classification guides are up-to-date and that they do not require unnecessary classification. ? It eliminates an Intelligence Community veto of certain decisions by the Interagency Security Classification Appeals Panel that was introduced in the Bush order. < - > Here are some other changes in the executive order that advance the President?s agenda of greater openness and transparency: (major cuts --- check blog for details ---rf) 1. Establish a National Declassification Center (NDC) ? Section 3.7 2. Take Effective Measures to Address the Problem of Over- Classification 3. Facilitate Greater Sharing of Classified Information Among Appropriate Parties 4. Appropriately Prohibit Reclassification of Information 5. Enhance Appropriate Classification and Declassification of Electronic Information 6. Take Other Steps Necessary to Provide Greater Openness and Transparency in the Government?s Classification and Declassification Programs From rforno at infowarrior.org Wed Dec 30 00:28:13 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 29 Dec 2009 19:28:13 -0500 Subject: [Infowarrior] - GSM Crack... GSMA's First Response? That's Illegal Message-ID: GSM Encryption Cracked... GSMA's First Response? That's Illegal http://techdirt.com/articles/20091229/1044447528.shtml The big news in security circles this week is the fact that a security researcher claims to have cracked the encryption used to keep GSM mobile phone calls private. It looks like he and some collaborators used a brute force method. He admits that it requires about $30,000 worth of equipment to de-crypt calls in real-time, but that's pocket change for many of the folks who would want to make use of this. What's much more interesting (and worrisome) is the GSM Association's (GSMA) response to this news: "This is theoretically possible but practically unlikely," said Claire Cranton, an association spokeswoman. She said no one else had broken the code since its adoption. "What he is doing would be illegal in Britain and the United States. To do this while supposedly being concerned about privacy is beyond me." There are so many things wrong with that statement it's hard to know where to begin. First, claiming it's "theoretically possible, but practically unlikely" means that it's very, very possible and quite likely. To then say that no one else had broken the code since its adoption fifteen years ago is almost certainly false. What she means is that no one else who's broken the code has gone public with it -- probably because it's much more lucrative keeping that info to themselves. Next, blaming the messenger by announcing that cracking the code is "illegal in Britain and the United States" is not what anyone who uses a GSM phone should want to hear. They should want to know how the GSMA is responding and fixing the problem -- not how they're responding to the public release. Finally, if it's "beyond" her why cracking a code used for private conversations and showing that it's insecure is all about being concerned about "privacy" -- she should be looking for a different job. This has everything to do with privacy. The GSMA claims that the code is secure for private conversations, and this group of folks is showing that it is not. That seems to have everything to do with privacy. From rforno at infowarrior.org Wed Dec 30 15:30:59 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Dec 2009 10:30:59 -0500 Subject: [Infowarrior] - Resource: Stickylinks Message-ID: <79B7D362-FE8E-48A0-B544-A6CF24D3FFFB@infowarrior.org> http://dhruvbird.com/stickylinks/ Many sites like reddit, and Slashdot have ever changing front pages. These are news/content sites whose front page is continually refreshed, and new and latest content added all the time. Even the search result page for a Google search will show different results after their indexes are refreshed either because of a re-crawl or because of change in page ranks, etc... If you want to share the front pages of these sites (and the associated links and their relative ranks as you saw them), you'll either have to copy and subsequently paste them into an email or a file, or just hope that the ranks don't change before the intended recipient sees the page. StickyLinks solves this problem by providing you with a sticky which is basically a permanent link to that page's content so that no matter when it is opened, it will be seen just the way you intended it to be seen by the reader!! This way, you can email links to these dynamic pages and post them on forums without the fear of their content changing. From rforno at infowarrior.org Wed Dec 30 15:41:03 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Dec 2009 10:41:03 -0500 Subject: [Infowarrior] - Schneier: Is aviation security mostly for show? Message-ID: <6D4E85A6-8113-450A-B955-2F75597C331F@infowarrior.org> Is aviation security mostly for show? By Bruce Schneier, Special to CNN http://www.cnn.com/2009/OPINION/12/29/schneier.air.travel.security.theater/index.html Editor's note: Bruce Schneier is an author and technologist who specializes in security. His books include "Applied Cryptography," "Beyond Fear" and "Schneier on Security" and his other writing can be seen at http://www.schneier.com/ (CNN) -- Last week's attempted terror attack on an airplane heading from Amsterdam to Detroit has given rise to a bunch of familiar questions. How did the explosives get past security screening? What steps could be taken to avert similar attacks? Why wasn't there an air marshal on the flight? And, predictably, government officials have rushed to institute new safety measures to close holes in the system exposed by the incident. Reviewing what happened is important, but a lot of the discussion is off-base, a reflection of the fundamentally wrong conception most people have of terrorism and how to combat it. Terrorism is rare, far rarer than many people think. It's rare because very few people want to commit acts of terrorism, and executing a terrorist plot is much harder than television makes it appear. The best defenses against terrorism are largely invisible: investigation, intelligence, and emergency response. But even these are less effective at keeping us safe than our social and political policies, both at home and abroad. However, our elected leaders don't think this way: They are far more likely to implement security theater against movie-plot threats. A "movie-plot threat" is an overly specific attack scenario. Whether it's terrorists with crop dusters, terrorists contaminating the milk supply, or terrorists attacking the Olympics, specific stories affect our emotions more intensely than mere data does. Stories are what we fear. It's not just hypothetical stories -- terrorists flying planes into buildings, terrorists with explosives strapped to their legs or with bombs in their shoes, and terrorists with guns and bombs waging a co-ordinated attack against a city are even scarier movie-plot threats because they actually happened. "Security theater" refers to security measures that make people feel more secure without doing anything to actually improve their security. An example: the photo ID checks that have sprung up in office buildings. No one has ever explained why verifying that someone has a photo ID provides any actual security, but it looks like security to have a uniformed guard-for-hire looking at ID cards. Airport-security examples include the National Guard troops stationed at U.S. airports in the months after 9/11 -- their guns had no bullets. The U.S. color-coded system of threat levels, the pervasive harassment of photographers, and the metal detectors that are increasingly common in hotels and office buildings since the Mumbai terrorist attacks, are additional examples. To be sure, reasonable arguments can be made that some terrorist targets are more attractive than others: airplanes because a small bomb can result in the death of everyone aboard, monuments because of their national significance, national events because of television coverage, and transportation because of the numbers of people who commute daily. But there are literally millions of potential targets in any large country -- there are 5 million commercial buildings alone in the United States -- and hundreds of potential terrorist tactics. It's impossible to defend every place against everything, and it's impossible to predict which tactic and target terrorists will try next. Security is both a feeling and a reality. The propensity for security theater comes from the interplay between the public and its leaders. When people are scared, they need something done that will make them feel safe, even if it doesn't truly make them safer. Politicians naturally want to do something in response to crisis, even if that something doesn't make any sense. Often, this "something" is directly related to the details of a recent event. We confiscate liquids, screen shoes, and ban box cutters on airplanes. We tell people they can't use an airplane restroom in the last 90 minutes of an international flight. But it's not the target and tactics of the last attack that are important, but the next attack. These measures are only effective if we happen to guess what the next terrorists are planning. If we spend billions defending our rail systems, and the terrorists bomb a shopping mall instead, we've wasted our money. If we concentrate airport security on screening shoes and confiscating liquids, and the terrorists hide explosives in their brassieres and use solids, we've wasted our money. Terrorists don't care what they blow up and it shouldn't be our goal merely to force the terrorists to make a minor change in their tactics or targets. Our current response to terrorism is a form of "magical thinking." It relies on the idea that we can somehow make ourselves safer by protecting against what the terrorists happened to do last time. Unfortunately for politicians, the security measures that work are largely invisible. Such measures include enhancing the intelligence- gathering abilities of the secret services, hiring cultural experts and Arabic translators, building bridges with Islamic communities both nationally and internationally, funding police capabilities -- both investigative arms to prevent terrorist attacks, and emergency communications systems for after attacks occur -- and arresting terrorist plotters without media fanfare. They do not include expansive new police or spying laws. Our police don't need any new laws to deal with terrorism; rather, they need apolitical funding. The arrest of the "liquid bombers" in London is an example: They were caught through old-fashioned intelligence and police work. Their choice of target (airplanes) and tactic (liquid explosives) didn't matter; they would have been arrested regardless. But even as we do all of this we cannot neglect the feeling of security, because it's how we collectively overcome the psychological damage that terrorism causes. It's not security theater we need, it's direct appeals to our feelings. The best way to help people feel secure is by acting secure around them. Instead of reacting to terrorism with fear, we -- and our leaders -- need to react with indomitability, the kind of strength shown by President Franklin D. Roosevelt and Prime Minister Winston Churchill during World War II. By not overreacting, by not responding to movie-plot threats, and by not becoming defensive, we demonstrate the resilience of our society, in our laws, our culture, our freedoms. There is a difference between indomitability and arrogant "bring 'em on" rhetoric. There's a difference between accepting the inherent risk that comes with a free and open society, and hyping the threats. We should treat terrorists like common criminals and give them all the benefits of true and open justice -- not merely because it demonstrates our indomitability, but because it makes us all safer. Once a society starts circumventing its own laws, the risks to its future stability are much greater than terrorism. Despite fearful rhetoric to the contrary, terrorism is not a transcendent threat. A terrorist attack cannot possibly destroy a country's way of life; it's only our reaction to that attack that can do that kind of damage. The more we undermine our own laws, the more we convert our buildings into fortresses, the more we reduce the freedoms and liberties at the foundation of our societies, the more we're doing the terrorists' job for them. Today, we can project indomitability by rolling back all the fear- based post-9/11 security measures. Our leaders have lost credibility; getting it back requires a decrease in hyperbole. Ditch the invasive mass surveillance systems and new police state-like powers. Return airport security to pre-9/11 levels. Remove swagger from our foreign policies. Show the world that our legal system is up to the challenge of terrorism. Stop telling people to report all suspicious activity; it does little but make us suspicious of each other, increasing both fear and helplessness. Counterterrorism is also hard, especially when we're psychologically prone to muck it up. Since 9/11, we've embarked on strategies of defending specific targets against specific tactics, overreacting to every terrorist video, stoking fear, demonizing ethnic groups, and treating the terrorists as if they were legitimate military opponents who could actually destroy a country or a way of life -- all of this plays into the hands of terrorists. We'd do much better by leveraging the inherent strengths of our modern democracies and the natural advantages we have over the terrorists: our adaptability and survivability, our international network of laws and law enforcement, and the freedoms and liberties that make our society so enviable. The way we live is open enough to make terrorists rare; we are observant enough to prevent most of the terrorist plots that exist, and indomitable enough to survive the even fewer terrorist plots that actually succeed. We don't need to pretend otherwise. The opinions expressed in this commentary are solely those of Bruce Schneier. An earlier version of this essay appeared in New Internationalist magazine. Find this article at: http://www.cnn.com/2009/OPINION/12/29/schneier.air.travel.security.theater/index.html From rforno at infowarrior.org Wed Dec 30 15:51:08 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Dec 2009 10:51:08 -0500 Subject: [Infowarrior] - Federal court restricts Taser use by police Message-ID: <9C7F6BA0-DF11-42D2-A427-81E93D7393C2@infowarrior.org> latimes.com/news/local/la-me-taser30-2009dec30,0,3444530.story latimes.com Federal court restricts Taser use by police Ninth Circuit ruling -- allowing an officer to be held liable for injuries a man suffered after being Tasered -- sets a precedent that may force agencies to revisit their policies. By Joel Rubin and Richard Winton December 30, 2009 A federal appeals court this week ruled that a California police officer can be held liable for injuries suffered by an unarmed man he Tasered during a traffic stop. The decision, if allowed to stand, would set a rigorous legal precedent for when police are permitted to use the weapons and would force some law enforcement agencies throughout the state -- and presumably the nation -- to tighten their policies governing Taser use, experts said. Michael Gennaco, an expert in police conduct issues who has conducted internal reviews of Taser use for the Los Angeles County Sheriff's Department and other agencies, said the ruling by the U.S. 9th Circuit Court of Appeals prohibits officers from deploying Tasers in a host of scenarios and largely limits their use to situations in which a person poses an obvious danger. "This decision talks about the need for an immediate threat. . . . Some departments allow Tasers in cases of passive resistance, such as protesters who won't move," he said. Tasering for "passive resistance is out the door now with this decision. Even resistance by tensing or bracing may not qualify." The weapons, which resemble handguns, can be fired from about 20 feet away and project two dartlike electrodes. The electrodes send an electrical charge coursing through the target -- a shock that temporarily paralyzes the person's muscles and causes extreme pain. Almost all of the stun guns used by law enforcement agencies in the United States are manufactured by Taser International Inc., including the one fired in the current case. Though stun guns have been in use for about three decades, the number of police departments issuing them to officers has proliferated in the last 10 years. Advocates tout the weapons as a less-than-lethal alternative to firearms and say they help resolve dangerous face-to- face confrontations with combative suspects. But several controversial Taser incidents, some involving fatalities, have led to widespread debate over when police should be allowed to deploy the weapons. Last year, a National Institute of Justice study found that the weapons were employed safely in the vast majority of cases, but concluded that more research is needed to determine the health effects of shocking small children and the elderly, among other groups. The unanimous ruling, issued Monday by a three-judge panel, stemmed from a 2005 encounter in which a former Coronado, Calif., police officer, Brian McPherson, stopped a man for failing to wear a seat belt while driving. The driver, Carl Bryan, who testified that he did not hear McPherson order him to remain in the car, exited the vehicle and stood about 20 feet away from the officer. Bryan grew visibly agitated and angry with himself, but did not make any verbal threats against McPherson, according to court documents. McPherson has said he fired his Taser when Bryan took a step toward him -- a claim Bryan has denied. Bryan's face slammed against the pavement when he collapsed, causing bruises and smashing four front teeth. The appellate court did not rule on whether McPherson acted appropriately, but simply cleared the way for Bryan to pursue a civil case against the officer and the city of Coronado in a lower court. Based on Bryan's version of events, though, the judges found that McPherson used excessive force in firing the Taser, since Bryan did not appear to pose any immediate threat. In spelling out their decision, the judges established legally binding standards about where Tasers fall on the spectrum of force available to police officers, and laid out clear guidelines for when an officer should be allowed to use the weapon. The judges, for example, said Tasers should be considered a more serious use of force than pepper spray -- a distinction that runs counter to policies used by most law enforcement agencies in California and elsewhere, according to Greg Meyer, a retired Los Angeles Police Department captain and consultant on use-of-force issues. The ruling does not appear to affect the LAPD, which has a relatively strict policy on Taser use. Gennaco said that the same is more or less true of the Sheriff's Department, but that he would discuss with Sheriff Lee Baca the possible need for "tweaking" the policy and training. The Orange County Sheriff's Department seems more likely to be affected. Spokesman John McDonald said the department's policy allows officers to fire Tasers at people who try to flee an encounter with police or who refuse, for example, to comply with an officer's order to lie down during an arrest. Those scenarios appear to be prohibited under the court's ruling. "It sounds like this court is attempting to raise the bar for nonlethal use of force," Meyer said. joel.rubin at latimes.com richard.winton at latimes.com Copyright ? 2009, The Los Angeles Times From rforno at infowarrior.org Wed Dec 30 22:18:26 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Dec 2009 17:18:26 -0500 Subject: [Infowarrior] - TSA Security Memo (leaked?) Message-ID: <9D237289-A99A-4168-8D08-BBCBF7B86104@infowarrior.org> 27/12/2009 ? TSA Security Directive SD-1544-09-06 : The Fallout From NW253 Following the failed Christmas Day terrorist attack on Delta Air Lines Flight 253, operated by Northwest Airlines, from Amsterdam to Detroit, the US Department of Homeland Security (DHS) has created a series of security measures in reaction to the incident. Earlier today I wrote about Flight NW253 here, 27/12/2009 - Northwest Airlines Flight 253 : Myths & Facts. The following is the complete text of the US DHS security directive as implemented by the Transportation Security Administration (TSA). http://boardingarea.com/blogs/flyingwithfish/2009/12/27/tsa-security-directive-sd-1544-09-06-the-fallout- from-nw253/ ... though now it seems TSA is going after the blogger to find out who leaked it: http://boardingarea.com/blogs/flyingwithfish/2009/12/30/the-fallout-from-sd-1544-09-06-the-feds-at-my-door/ From rforno at infowarrior.org Wed Dec 30 22:19:22 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Dec 2009 17:19:22 -0500 Subject: [Infowarrior] - Blogger Threatened by DHS for Posting New TSA Screening Directive Message-ID: <00F20D88-A1DE-4DC8-A70C-9A7D71C3A983@infowarrior.org> Threat Level Privacy, Crime and Security Online Blogger Threatened by DHS for Posting New TSA Screening Directive ? By Kim Zetter ? December 30, 2009 | ? 3:53 pm | ? Categories: Censorship, Spooks Gone Wild http://www.wired.com/threatlevel/2009/12/dhs-threatens-blogger/ Two bloggers received home visits from Department of Homeland Security agents on Tuesday after they published a new TSA directive that revises screening procedures and puts new restrictions on passengers in the wake of a recent bombing attempt by the so-called ?underwear bomber.? Special agents from the DHS?s Office of Inspection interrogated two U.S. bloggers, one of them an established travel columnist, and served them each with a civil subpoena demanding information on the anonymous source that provided the TSA document. The document, which the two bloggers published within minutes of each other on December 27, was sent by DHS to airlines and airports around the world and described temporary new requirements for screening passengers through December 30, including conducting ?pat-downs? of legs and torsos. The document, which was not classified, was posted by numerous bloggers. Information from it was also published on some airline web sites. ?They?re saying it?s a security document but it was sent to every airport and airline,? says Steven Frischling, one of the bloggers. ?It was sent to Islamabad, to Riyadh and to Nigeria. So they?re looking for information about a security document sent to 10,000-plus people internationally. You can?t have a right to expect privacy after that.? Transportation Security Administration spokeswoman Suzanne Trevino said in a statement that security directives ?are not for public disclosure.? ?TSA?s Office of Inspections is currently investigating how the recent Security Directives were acquired and published by parties who should not have been privy to this information,? the statement said. Frischling, a freelance travel writer and photographer in Connecticut who writes a blog for the KLM Royal Dutch Airlines, said the two agents who visited him arrived around 7:00 p.m. Tuesday, were armed and threatened him with a criminal search warrant if he didn?t provide the name of his source. They also threatened to get him fired from his KLM job and indicated they could get him designated a security risk, which would make it difficult for him to travel and do his job. ?They were indicating there would be significant ramifications if I didn?t cooperate,? said Frischling, who was home alone with his three children when the agents arrived. ?It?s not hard to intimidate someone when they?re holding a 3-year-old [child] in their hands. My wife works at night. I go to jail, and my kids are here with nobody.? Frischling, who described some of the details of the visit on his personal blog, told Threat Level that the two agents drove to his house in Connecticut from DHS offices in Massachusetts and New Jersey and didn?t mention a subpoena until an hour into their visit. ?They came to the door and immediately were asking, ?Who gave you this document?, Why did you publish the document?? and ?I don?t think you know how much trouble you?re in.? It was very much a hardball tactic,? he says. When they pulled a subpoena from their briefcase and told him he was legally required to provide the information they requested, he said he needed to contact a lawyer. The agents said they?d sit outside his house until he gave them the information they wanted. Frischling says he received the document anonymously from someone using a Gmail account and determined, after speaking with an attorney, that he might as well cooperate with the agents since he had little information about the source and there was no federal shield law to protect him. The Gmail address consisted of the name ?Mike,? followed by random numbers and letters. Frischling had already deleted the e-mail after publishing the document but said he had learned from previous correspondence with the source that he had been hired as a screener for the TSA in 2009. The agents searched through Frischling?s Blackberry and iPhone and questioned him about a number of phone numbers and messages in the devices. One number listed in his phone under ?ICEMOM? was a quick dial to his mother, in case of emergency. The agents misunderstood the acronym and became suspicious that it was code for his anonymous source and asked if his source worked for ICE ? the U.S. Immigration and Customs Enforcement. The agents then said they wanted to take an image of his hard drive. Frischling said they had to go to WalMart to buy a hard drive, but when they returned were unable to get it to work. Frischling says the keyboard on his laptop was no longer working after they tried to copy his files. The agents left around 11pm. But on Wednesday morning, they came back and, with his consent, seized his laptop, which they promised to return after copying the hard drive. Frischling wrote on his blog that he decided to publish the TSA directive to clear up much of the confusion and speculation that was circulating among the public about changes that were being instituted in airport security procedures after a passenger unsuccessfully tried to ignite a bomb on December 25th using a syringe and explosive chemicals hidden in his underwear. ?We are a free society, knowledge is power and informing the masses allows for public conversation and collective understanding,? Frischling wrote on his blog. ?You can agree or disagree, but you need information to know if you want to agree or disagree. My goal is to inform and help people better understand what is happening, as well as allow them to form their own opinions.? A former federal prosecutor who asked not to be identified told Threat Level that the DHS is being heavy-handed in how it?s handled the matter. ?It strikes me that someone at TSA is apoplectic that somehow there?s a sense that they?re not doing their job right,? he told Threat level. ?To go into this one reporter?s house and copy his computer files and threaten him, it strikes me that they?re more aggressive with this reporter than with the guy who got on this flight.? Chris Elliott, who is based in Florida and writes a column for the Washington Post, MSNBC and others, also received a visit from a DHS special agent named Robert Flaherty around 6:30 Tuesday evening. Elliott wouldn?t discuss the details of the visit with Threat Level, due to the pending legal issues, but he describes in his blog post how he got a knock on his door shortly after finishing dinner and putting his three young children in the bathtub. Flaherty showed him a badge and said he wanted information about the source of the document he published. When Elliott told him he?d need to see a subpoena, Flaherty pulled one out and handed it to Elliott. Elliott told Threat Level they talked for 10 to 20 minutes, but he refused to cooperate. Flaherty left but called on Wednesday to remind Elliott that he had until the end of the business day to comply with the subpoena. ?I really don?t think they thought this one through,? says Elliott about the agents? tactics. Elliott could face a fine and up to a year in jail for failure to comply, according to a statement on the subpoena. The TSA directive was issued by the DHS on Christmas Day, the date of the attempted attack on Northwest Flight 253, and indicates that the directive will expire December 30. The directive applies to anyone operating a scheduled or charter flight departing from a foreign location and destined for the United States. It requires all passengers to undergo a ?thorough pat-down? at the boarding gate, which should concentrate on their upper legs and torso. It also requires physical inspection of all ?accessible property? accompanying passengers at the boarding gate, ?with focus on syringes being transported along with powders and/or liquids.? It also indicates that restrictions against liquids, aerosols, and gels should be strictly adhered to. Heads of state can be exempted from the special screening. Passengers are also required to remain seated during the last hour of the flight, and can not access carry-on baggage during this time or have blankets, pillows or other personal belongings on their lap. Aircraft phones, internet service, TV programming and global positioning systems are to be disabled prior to boarding and during all phases of flight. Flight crews are also prohibited from making any announcement to passengers about the flight path or position over cities and landmarks. The TSA was embarrassed earlier this month after a contract worker posted an improperly-redacted sensitive screening manual on a government site. That document revealed which passengers are more likely to be targeted for secondary screening, who is exempt from screening, TSA procedures for screening foreign dignitaries and CIA-escorted passengers, and extensive instructions for calibrating Siemens walk-through metal detectors. Five TSA workers were put on leave pending an internal investigation into how that document got posted. From rforno at infowarrior.org Thu Dec 31 01:16:59 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Dec 2009 20:16:59 -0500 Subject: [Infowarrior] - Verizon now forcing Bing app on BlackBerry users Message-ID: <8E17093F-032E-4E61-943F-F9BBDC3AB5E2@infowarrior.org> Verizon now forcing Bing app on BlackBerry users updated 06:20 pm EST, Wed December 30, 2009 http://www.electronista.com/articles/09/12/30/bing.shortcut.on.blackberries.cant.be.pulled/ Verizon has stepped up its tie-in with Microsoft by installing a Bing icon on subscribers' BlackBerries without their consent. While just a shortcut to install an app, the carrier prevents customers from removing the link and so far has only provided help moving the icon as well as a guide to installing alternative apps from Google or bookmarking search pages. The provider has tried to spin the forced promotion of Bing by claiming that it isn't hurting existing services despite denying the option of using Google, Yahoo or others in the BlackBerry web browser's search bar. Corporate Communications VP tries to characterize the move in pro-net neutrality terms. "Verizon isn't blocking or degrading anything; just providing a great option for customers," he argues. The move to require Bing is likely prompted by previously undisclosed terms of Microsoft's search deal with Verizon and is made possible in part by the centralized nature of the BlackBerry, whose services beyond just e-mail can be partly controlled by server-side code. BlackBerry App World, for example, can have some apps automatically filtered out at the carrier's discretion, such as VoIP or video streaming services that might compete with its own. Passive updates are not unheard of on rival smartphone platforms such as Android or iPhone, where new features embedded in code have been silently enabled, but changes to their own software are still determined chiefly by user-selected firmware upgrades. From rforno at infowarrior.org Thu Dec 31 01:38:04 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Dec 2009 20:38:04 -0500 Subject: [Infowarrior] - PCAT: Beta Testers Needed Message-ID: <94921957-79F7-4779-A1D1-A407C4D89406@infowarrior.org> (apologies for cross-posting! --rf) > From: Stuart Shulman > Date: December 30, 2009 6:41:20 PM EST > Reply-To: stuart.shulman at gmail.com > > We are seeking hundreds of new BETA testers to load test the Public > Comment > Analysis Toolkit: > > http://pcat.qdap.net > > 200+ users have joined the system since October 30th. Why would you > try > PCAT? > > http://pcat-help.qdap.net/doku.php?id=why_would_i_use_this_system > > It also works well for categorizing blog posts and other text > datasets. Five > sample PCAT-ready blog post datasets are available at: > > http://www.umass.edu/qdap/data.html > > I think you will find the search, peer, credential, memo and coding > nexus in > this software enables unique research opportunities. PCAT also carries > internal measurement tools for inter-rater reliability and > adjudication of > coding decisions or pre-tests. It is a uniquely useful research tool > if you > have large digital text datasets. Best of all, PCAT is a free, Web- > based > platform that enables collaboration across space and time. > > ~Stu > -- > Dr. Stuart W. Shulman > Assistant Professor > Department of Political Science > University of Massachusetts Amherst > 200 Hicks Way > Amherst, MA 01003 > > http://people.umass.edu/stu/ > stu at polsci.umass.edu > 413-545-5375 > > Editor, Journal of Information Technology and Politics > http://www.jitp.net From rforno at infowarrior.org Thu Dec 31 01:43:28 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Dec 2009 20:43:28 -0500 Subject: [Infowarrior] - more on.... Federal court restricts Taser use by police References: <4B3BA43C.7080203@gekidodesigns.com> Message-ID: <404550DD-ED19-4789-B8CA-308E068648A4@infowarrior.org> Begin forwarded message: From: Mike W Date: December 30, 2009 2:04:28 PM EST Subject: Re: [Infowarrior] - Federal court restricts Taser use by police In related news, the 4 policemen involved in the Dziekanski death in Vancouver could face misconduct charges: http://bit.ly/7JCVFq From rforno at infowarrior.org Thu Dec 31 03:41:31 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Dec 2009 22:41:31 -0500 Subject: [Infowarrior] - Despite Intelligence Overhaul, Shadow of 9/11 Is Cast Again Message-ID: December 31, 2009 News Analysis Despite Intelligence Overhaul, Shadow of 9/11 Is Cast Again By SCOTT SHANE http://www.nytimes.com/2009/12/31/us/31intel.html WASHINGTON ? The finger-pointing began in earnest on Wednesday over who in the alphabet soup of American security agencies knew what and when about the Nigerian man charged with trying to blow up an airliner. But the harshest spotlight fell on the very agency created to make sure intelligence dots were always connected: the National Counterterrorism Center. The crown jewel of intelligence reform after the Sept. 11, 2001, attacks, the center was the hub whose mission was to unite every scrap of data on threats and suspects, to make sure an extremist like Umar Farouk Abdulmutallab, the would-be bomber, would never penetrate the United States? defenses. ?N.C.T.C. is supposed to be the nerve center,? said Amy B. Zegart, who studies intelligence at the University of California, Los Angeles. ?It?s the fusion center of all fusion centers. So if something was missed, that?s where the blame is going to go.? Officials at the counterterrorism center ? a small agency in a modern glass building in suburban Virginia ? maintained a stoic silence on Wednesday, noting that the review ordered by President Obama was still under way. But those who led the major studies of how the United States government failed to prevent the Sept. 11 attacks watched the unfolding story of the Christmas Day attack with growing dismay. ?It?s totally frustrating,? said Thomas H. Kean, chairman of the national Sept. 11 commission. ?It?s almost like the words being used to describe what went wrong are exactly the same.? Eleanor Hill, staff director of the joint Congressional inquiry into Sept. 11, called the emerging story ?eerily similar to the disconnects and missteps we investigated.? ?There seems to have been the same failure to put the pieces of the puzzle together and get them to the right people in time,? Ms. Hill said. Their dissections of the 2001 attacks came out years afterward, based on a mountain of classified records and hundreds of interviews. By contrast, the review of how Mr. Abdulmutallab was permitted to board a Detroit-bound airliner with explosives in his underpants has barely started. A full account may show that the failures were not as egregious as they appeared on Wednesday, or as Mr. Obama has suggested. But two critical pieces of information appear never to have been connected: National Security Agency intercepts of Qaeda operatives in Yemen talking about using a Nigerian man for an attack, and a warning from Mr. Abdulmutallab?s father to American diplomats in Nigeria about the son?s radicalization in Yemen. If the National Counterterrorism Center or any other agency had those two items and never linked them, Congress and the public will want to know why. The echoes of Sept. 11 are obvious. Before the attacks on New York and the Pentagon, the N.S.A., the Central Intelligence Agency and the Federal Bureau of Investigation all had gathered bits of intelligence about the future hijackers. The C.I.A. sounded the alarm about an impending attack, including the now-famous President?s Daily Brief of Aug. 6, 2001, titled, ?Bin Laden Determined to Strike in U.S.? But the information that could have unraveled the plot remained at each of the three agencies and was never put together. The remedy, proposed by the Sept. 11 commission and passed by Congress in 2004, was to place a single director of intelligence over the nation?s 16 spy agencies. At the core would be the National Counterterrorism Center. In 2004 and since, critics of the intelligence reorganization complained that the new spy czar had too little power and merely added a cumbersome layer of bureaucracy. But even the critics applauded the counterterrorism center, which now must defend its performance. Ms. Zegart, author of ?Spying Blind: The C.I.A., the F.B.I., and the Origins of 9/11,? said she was especially disheartened that the near- miss last week was, once again, on an airplane. ?This is textbook Al Qaeda 2001,? she said. ?They tried to hit the hardest target we have, the one on which the most money and attention has been spent since 2001. And yet we didn?t prevent it.? Some observers of counterterrorism cautioned against claims that nothing had improved since 2001. Intelligence analysts from one agency now routinely serve for a time in another agency, to develop personal ties. Databases of suspected terrorists are far more complete and accessible. The ban on hoarding data is strictly enforced. ?It is the death penalty if you are not sharing threat information,? said Kip Hawley, who headed the Transportation Security Administration until January. That agency, for example, participates in daily briefings run by the counterterrorism center, and at times National Security Agency analysts visit counterparts at the T.S.A. to walk them through intercepts, he said. Yet the flood of intelligence collected against a scattered and shadowy terrorist network continues to grow, threatening to overwhelm the system, said Matthew M. Aid, an intelligence historian whose book, ?The Secret Sentry,? examines the N.S.A. The eavesdropping agency, tracking e-mail and cellphone traffic around the world, each day collects four times the volume of information stored in the Library of Congress, Mr. Aid said. ?To pluck out the important threats is an almost impossible task,? he said. In the case of Mr. Abdulmutallab, the N.S.A. appears to have captured critical intercepts, and his father provided the name that would have allowed American agencies to take action. For Mr. Kean, of the Sept. 11 commission, it is the father?s role that should have moved even the most jaded bureaucracy. ?Think of what it took for the father, one of the most respected bankers in Nigeria, to walk into the American Embassy and turn in his own son,? Mr. Kean said. ?The father?s a hero. His visit by itself should have been enough to set off all kinds of alarms.? Eric Lipton contributed reporting. From rforno at infowarrior.org Thu Dec 31 04:33:51 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Dec 2009 23:33:51 -0500 Subject: [Infowarrior] - IBM patents LOL and IMO Message-ID: (c/o Anonymous) United States Patent 7,640,233 December 29, 2009 Resolution of abbreviated text in an electronic communications system Inventors: Baartman; Randall Paul (Rochester, MN), Carey; James Edward (Rochester, MN), Illg; Jason J. (Rochester, MN), Mysak; John Stephen (Rochester, MN) Assignee: International Business Machines Corporation (Armonk, NY) Filed: August 29, 2006 http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PALL&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.htm&r=1&f=G&l=50&s1=7,640,233.PN.&OS=PN/7,640,233&RS=PN/7,640,233 Text-based mediums tend to be a preferred means of communication, depending on the situation. By their nature, IM, SMS, and e-mail typically lend themselves to brief, spontaneous text communication. Users are frequently in a hurry, multi-tasking, or possibly on-the-go when communicating in these mediums. IM, SMS, and e-mail are therefore particularly popular for their convenience in situations where users want quick, prompt, real-time communication. Furthermore, typical browser chat windows, PDA screens, and mobile phone screens are all usually quite compact. Keyboards found on most mobile phones and PDAs are also quite compact, often requiring users to type with only a few fingers. These factors have fostered the evolution of shorthand notation, wherein users abbreviate words and phrases to communicate using fewer keystrokes. For example, typing abbreviations like LOL ("laughing out loud") and IMO ("in my opinion") shorten the number of characters required in messages and expedite the communication process. However, as with any nonverbal communication, the effectiveness of text communication is often limited. The use of shorthand in conversational writing can make it difficult for people to understand one another. A complicating factor is that individual users commonly develop their own jargon, so that the shorthand notation of one user does not always agree with shorthand notation of another user. While a number of software applications are available for facilitating text communication, such as IM, these applications have failed to optimally address the use of shorthand notation and evolving jargon. Confusion and misunderstandings often result due to misinterpretation. The flow of communication between users is further disrupted when one a user stops to ask another user for the meaning of a shorthand term rather than proceeding to author a reply. Therefore, an improved electronic messaging system is needed. In particular, there is a need for easier, more efficient, and more precise ways to handle shorthand notation and jargon contained within text communication. More particularly, it would be desirable to have a method for determining the meaning of shorthand notation and jargon without interrupting the flow of communication. From rforno at infowarrior.org Thu Dec 31 16:39:09 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 31 Dec 2009 11:39:09 -0500 Subject: [Infowarrior] - =?windows-1252?q?OT=3A_2010=3A_Welcome_to_Orwell?= =?windows-1252?q?=92s_World?= Message-ID: <51F0ABC7-F7BD-4445-8176-3BD35282EA49@infowarrior.org> 2010: Welcome to Orwell?s World by John Pilger, December 31, 2009 http://original.antiwar.com/pilger/2009/12/30/2010-welcome-to-orwells-world/ In Nineteen Eighty-Four, George Orwell described a superstate called Oceania, whose language of war inverted lies that "passed into history and became truth. ?Who controls the past,? ran the Party slogan, ?controls the future; who controls the present controls the past.?" Barack Obama is the leader of a contemporary Oceania. In two speeches at the close of the decade, the Nobel Peace Prize winner affirmed that peace was no longer peace, but rather a permanent war that "extends well beyond Afghanistan and Pakistan" to "disorderly regions and diffuse enemies." He called this "global security" and invited our gratitude. To the people of Afghanistan, which America has invaded and occupied, he said wittily: "We have no interest in occupying your country." In Oceania, truth and lies are indivisible. According to Obama, the American attack on Afghanistan in 2001 was authorized by the United Nations Security Council. There was no UN authority. He said the "the world" supported the invasion in the wake of 9/11 when, in truth, all but three of 37 countries surveyed by Gallup expressed overwhelming opposition. He said that America invaded Afghanistan "only after the Taliban refused to turn over [Osama] bin Laden." In 2001, the Taliban tried three times to hand over bin Laden for trial, reported Pakistan?s military regime, and were ignored. Even Obama?s mystification of 9/11 as justification for his war is false. More than two months before the Twin Towers were attacked, the Pakistani foreign minister, Niaz Naik, was told by the Bush administration that an American military assault would take place by mid-October. The Taliban regime in Kabul, which the Clinton administration had secretly supported, was no longer regarded as "stable" enough to ensure America?s control over oil and gas pipelines to the Caspian Sea. It had to go. Obama?s most audacious lie is that Afghanistan today is a "safe haven" for al-Qaeda?s attacks on the West. His own national security adviser, General James Jones, said in October that there were "fewer than 100" al-Qaeda in Afghanistan. According to US intelligence, 90 percent of the Taliban are hardly Taliban at all, but "a tribal localized insurgency [who] see themselves as opposing the US because it is an occupying power." The war is a fraud. Only the terminally gormless remain true to the Obama brand of "world peace." Beneath the surface, however, there is serious purpose. Under the disturbing General Stanley McChrystal, who gained distinction for his assassination squads in Iraq, the occupation of one of the most impoverished countries is a model for those "disorderly regions" of the world still beyond Oceania?s reach. This is known as COIN, or counter-insurgency network, which draws together the military, aid organizations, psychologists, anthropologists, the media, and public relations hirelings. Covered in jargon about winning hearts and minds, its aim is to pit one ethnic group against another and incite civil war: Tajiks and Uzbeks against Pashtuns. The Americans did this in Iraq and destroyed a multi-ethnic society. They bribed and built walls between communities who had once inter- married, ethnically cleansing the Sunni and driving millions out of the country. The embedded media reported this as "peace," and American academics bought by Washington and "security experts" briefed by the Pentagon appeared on the BBC to spread the good news. As in Nineteen Eighty-Four, the opposite was true. Something similar is planned for Afghanistan. People are to be forced into "target areas" controlled by warlords bankrolled by the Americans and the opium trade. That these warlords are infamous for their barbarism is irrelevant. "We can live with that," a Clinton-era diplomat said of the persecution of women in a "stable" Taliban-run Afghanistan. Favored western relief agencies, engineers, and agricultural specialists will attend to the "humanitarian crisis" and so "secure" the subjugated tribal lands. That is the theory. It worked after a fashion in Yugoslavia where the ethnic-sectarian partition wiped out a once peaceful society, but it failed in Vietnam where the CIA?s "strategic hamlet program" was designed to corral and divide the southern population and so defeat the Viet Cong ? the Americans? catch-all term for the resistance, similar to "Taliban." Behind much of this are the Israelis, who have long advised the Americans in both the Iraq and Afghanistan adventures. Ethnic cleansing, wall-building, checkpoints, collective punishment, and constant surveillance ? these are claimed as Israeli innovations that have succeeded in stealing most of Palestine from its native people. And yet for all their suffering, the Palestinians have not been divided irrevocably and they endure as a nation against all odds. The most telling forerunners of the Obama Plan, which the Nobel Peace Prize winner and his strange general and his PR men prefer we forget, are those that failed in Afghanistan itself. The British in the 19th century and the Soviets in the 20th century attempted to conquer that wild country by ethnic cleansing and were seen off, though after terrible bloodshed. Imperial cemeteries are their memorials. People power, sometimes baffling, often heroic, remains the seed beneath the snow, and invaders fear it. "It was curious," wrote Orwell in Nineteen Eighty-Four, "to think that the sky was the same for everybody, in Eurasia or Eastasia as well as here. And the people under the sky were also very much the same, everywhere, all over the world ? people ignorant of one another?s existence, held apart by walls of hatred and lies, and yet almost exactly the same people who ? were storing up in their hearts and bellies and muscles the power that would one day overturn the world." From rforno at infowarrior.org Thu Dec 31 16:51:17 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 31 Dec 2009 11:51:17 -0500 Subject: [Infowarrior] - AT&T Tells FCC It's Time to Cut the Cord Message-ID: <26981BBE-5101-4436-9C8E-10264E42B898@infowarrior.org> AT&T Tells FCC It's Time to Cut the Cord http://www.pcworld.com/businesscenter/article/185649/atandt_tells_fcc_its_time_to_cut_the_cord.html By Tony Bradley In response to a Notice of Inquiry released by the FCC to explore how to transition to a purely IP-based communications network, AT&T has declared that it's time to cut the cord. AT&T told the FCC that the death of landlines is a matter of when , not if, and asked that a firm deadline be set for pulling the plug. AT&T said in its response to the FCC that "with each passing day, more and more communications services migrate to broadband and IP-based services, leaving the public switched telephone network ("PSTN") and plain-old telephone service ("POTS") as relics of a by-gone era." It also stated "It makes no sense to require service providers to operate and maintain two distinct networks when technology and consumer preferences have made one of them increasingly obsolete." Moving to VoIP Providers like Vonage have been delivering VoIP (Voice over IP) for consumers over broadband Internet connections for years. I should know, I was one of the charter members. I haven't had an actual POTS landline for at least five years. While my local telephone providers wanted to nickel and dime me for "features" like caller ID and voicemail, Vonage has reliably provided all-inclusive service for $24.95 for as long as I can remember. While Vonage is still a major player in the consumer VoIP market, just about every communications entity has joined in the game now. VoIP phone services are offered as a bundled service along with broadband Internet service, and digital cable TV by major players like Comcast, Verizon, and AT&T itself. Transition to Mobile The way wireless phone plans are set up now, it is hard to argue in favor of keeping both a mobile phone and a home phone--even a VoIP line. You can get unlimited minutes of talk time with all of the bells and whistles you can imagine--caller ID, call forwarding, etc. Many plans come with unlimited data, unlimited text messaging, and more. With all of that service in your hip pocket, do you really need a phone attached to your wall? The number of U.S. households that have ditched the landline entirely in favor of relying solely on mobile phones doubled between 2006 and 2009. A quarter of U.S. households no longer have a landline of any kind, and that number will continue to grow. No Dial Tone One of the last remaining reasons for maintaining a standard POTS landline is the fact that in most cases the POTS line maintains a dial tone and the ability to make and receive calls during catastrophes and emergencies. When Hurricane Ike hit here in the Houston area, there was no power for days, or even weeks in some areas. No power means no broadband Internet, which means VoIP phone services like Vonage don't work. No power to cell towers means no bars on your cell signal and no wireless service. Some broadband VoIP providers have solutions to address at least short- term power outages. AT&T provides its UVerse customers with a UPS (uninterruptable power supply) battery back-up that maintains power to the broadband router at least for a while. Emergency services, and the ability to place 911 calls have also been an issue. With a POTS landline it is easy to match a phone number with a physical address, but with broadband VoIP you could be calling from around the corner or around the world and the 911 operators can't tell. There are solutions in place for 911 calls via broadband VoIP, but users who drop landlines entirely in favor of wireless phones may have issues getting timely emergency service. Those are issues that will have to be worked out, though. The future marches on, and it is fair for AT&T and other traditional POTS providers to want to drop the obsolete, unprofitable technology and focus their resources on the universal broadband and IP communications of tomorrow. From rforno at infowarrior.org Thu Dec 31 16:53:41 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 31 Dec 2009 11:53:41 -0500 Subject: [Infowarrior] - WH: Mandated exemptions can strengthen copyright Message-ID: <51298B60-9012-43FE-9A6A-B339B2B6FEE9@infowarrior.org> http://arstechnica.com/tech-policy/news/2009/12/obama-admin-mandated-exemptions-can-strengthen-copyright.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss Obama admin: Mandated exemptions can strengthen copyright In voicing initial support for a WIPO draft treaty, the US makes clear that "better copyright" does not always equal "more copyright." By Nate Anderson | Last updated December 30, 2009 9:30 PM The Obama administration has offered up a strange mix of copyright policies in its first year (both ACTA and Creative Commons, for instance), but it has at least made clear that "better copyright law" does not always mean "more copyright protection." In the middle of December, for instance, the administration took a stand in support of a World Intellectual Property Organization treaty on copyright exceptions for the blind. The final bit of the US statement of support is worth quoting in full (emphasis added): We recognize that some in the international copyright community believe that any international consensus on substantive limitations and exceptions to copyright law would weaken international copyright law. The United States does not share that point of view. The United States is committed to both better exceptions in copyright law and better enforcement of copyright law. Indeed, as we work with countries to establish consensus on proper, basic exceptions within copyright law, we will ask countries to work with us to improve the enforcement of copyright. This is part and parcel of a balanced international system of intellectual property. It's a call for "balanced" copyright taken directly to the WIPO?and it's one opposed by the deepest-pocketed copyright holders. Here's why. No U-turns on the copyright highway The copyright treaty in question (PDF) was proposed by Brazil, Ecuador, and Paraguay in May 2009 as way to guarantee worldwide access to copyrighted materials by the blind. In its current draft form, the treaty lays out mandatory copyright exceptions that every signatory must adopt. These include making "accessible" copies of works even without the permission of the copyright holder (usually on a non- profit basis, and after paying a government-determined fee to the rightsholder). As for DRM, groups making works available for the blind or sight-impaired would be allowed to bypass or break DRM in order to access a work. This might not sound hugely controversial; after all, the market for large-print or Braille works is (relatively) small and compensation would still need to be paid. But what bothers big rightsholders is the fact that a WIPO treaty might switch from specifying only mandatory copyright enforcement principles (the current approach) to also specifying some mandatory exceptions to copyright. Isn't that right, Steven Metalitz, DC copyright lawyer extraordinaire and repeated representative of the MPAA and RIAA? The uniform approach within this global framework has been to set minimum standards of copyright protection, subject to certain exceptions or limitations which are permissible, but not mandatory. As a corollary, none of the existing treaties bars national legislation that provides stronger protection than the global minimum standard, or that declines to recognize a permissible limitation or exception... The draft treaty would turn this long-standing principle on its head, demanding that signatories limit copyright protection to an extent not even permissible under the existing treaties... Viewed in context, the draft treaty appears to many as the not-so-thin edge of a wedge to be driven into the long- standing structure of global copyright norms. It advocates a U-turn in the approach to global copyright norms that would almost certainly not be restricted to the issue of access for the visually impaired, or even for the disabled community generally. Adoption of this proposal would be used to justify its radical approach?mandating in national law exceptions and limitations that reach far beyond what would be even permissible under global norms today?in many other fields of copyright law. Read that again if it didn't sink in. (It's from Metalitz's commentary on the draft treaty (PDF), helpfully provided to the government.) Providing stronger mandatory copyright protections and enforcement mechanisms (think ACTA) is totally normal, right, and proper; providing stronger exceptions to copyright is "radical" and a "U- turn." And in this context, a U-turn would be a Very Bad Thing indeed. There's no interest in balance here, and no real attempt to act like there should be. Copyright protections move naturally and logically in only one direction, toward stronger enforcement mandates. Governments are allowed to pass certain exemptions to copyright, but if they don't, and a host of blind people have limited access to certain works, too bad. The US Chamber of Commerce, while going out of its way to laud the goals of the treaties, has the same objections (PDF): international mandates are only for enforcement, not for exceptions. The current international intellectual property framework is based on harmonizing national laws or establishing 'minimum standards' of protection subject to flexibilities that permit limited exceptions... The treaty proposal takes the exact opposite approach by seeking to establish 'necessary minimum flexibilities,' which threaten to undermine existing norms in copyright... If the 'minimum flexibilities' approach were adopted, even in an agreement limited in scope to accessibility of copyrighted works for persons with certain disabilities, this approach could be adopted in other areas well. In other words, patent and trademark regimes might also be subjected to the humiliation of having to accept mandated limits and exceptions. The Chamber of Commerce has some ideas about how WIPO might better handle the issue of making works more accessible to the blind; the main suggestion is supporting "further studies" on how nations around the world handle the issue. Such a "best practices" report, whenever it might eventually be finished, could then be used to start thinking about a better approach. WIPO actually already commissioned and received such a report?230+ pages of just such material, replete with case studies from around the globe, which was published in 2007. That report focused on copyright law and how nations handled exceptions for the blind, but the Chamber doesn't want copyright law changed; they would prefer that future reports focus on "the efforts of the private sector" instead. The treaty as it stands does raise all sorts of legitimate questions. (Should the traditional "three-step test" for deciding if national copyright exemptions meet international treaty obligations be scrapped, for instance, in favor of mandated exemptions that rely on no such test? Can better results be achieved using existing treaties?) What's interesting about the debate isn't the treaty itself but the resistance?indeed, the bewilderment?of those who truly see mandated copyright enforcement as some natural state of affairs for international treaties and who will brook no move to a system that balances mandated enforcement with mandated exemptions. And what's more interesting still is that the current stance of the Obama administration on these issues is to challenge this idea. Take a look again at the statement we opened with: "We recognize that some in the international copyright community believe that any international consensus on substantive limitations and exceptions to copyright law would weaken international copyright law. The United States does not share that point of view." Now, the issue of what constitutes "balanced copyright" is hugely debatable, and it's an argument worth having. Indeed, the administration may be making a veiled reference to ACTA in its statement that the US will work to "establish consensus on proper, basic exceptions within copyright law, [and] will ask countries to work with us to improve the enforcement of copyright." In other words, we support a treaty for the blind even as we push for ACTA. Based on our own reading of the ACTA leaked drafts to date, it's not yet clear this is really "balance" in any meaningful sense of the word (and it's certainly not "transparency"), but it is heartening to see the US actually supporting the idea that copyright legislation will need tweaking over time?and that tweaking does not always move in one direction. When you're going the wrong way, driving faster isn't the answer; a U- turn is. From rforno at infowarrior.org Thu Dec 31 16:54:36 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 31 Dec 2009 11:54:36 -0500 Subject: [Infowarrior] - Kingston admits to insecure USB drives Message-ID: <00635887-A405-4D85-808C-90577440E038@infowarrior.org> Kingston admits to insecure USB drives All is not sound in Kingston town By David Neal Thursday, 31 December 2009, 12:20 http://www.theinquirer.net/inquirer/news/1567064/kingston-admits-insecure-usb-drives MEMORY MAKER Kingston Technologies has confessed to security problems with a few of its secure USB drives. In a security alert posted on its website the company released a brief statement about the drives, going so far as to ask owners to send them back. Once they've deleted their photos of course. "It has recently been brought to our attention that a skilled person with the proper tools and physical access to the drives may be able to gain unauthorized access to data contained on the following Kingston Secure USB drives," the firm writes. The affected drives are the DataTraveler BlackBox, Secure and Elite. It's worth noting that the latter two are subtitled the 'Privacy Edition' and that on its product pages the firm boasts of their government certified encryption and a whole lot of other things that are meaningless now. While most companies will issue an alert and ask users to do their own tinkering, in this instance the firm is doing a factory recall, although not in so many words. It says, "Contact Tech Support to arrange for a factory update of your drive", it says, adding, "Before sending your DataTraveler back to Kingston, please make sure you backup the data and then delete the contents of the drive. Once we receive your drive and apply the factory update process, any data still on the drive will be deleted." ? From rforno at infowarrior.org Thu Dec 31 17:38:42 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 31 Dec 2009 12:38:42 -0500 Subject: [Infowarrior] - The Google Decade Ends Message-ID: <4EC2F192-68A9-45AC-AB75-39C22B1D4993@infowarrior.org> The Google Decade Ends By chris.thompson Created 12/31/2009 - 12:24am If the search king hasn?t ripped up your business yet, just wait. http://www.thebigmoney.com/print/4732 As we near the end of the second decade of the Internet as a mass medium, no one can deny that the last 10 years have been all about Google [2] (GOOG). When the aughts began, Google was a clever search algorithm with a little venture capital but no CEO, no substantial brand recognition, and no clear way to make money. Now, it?s a verb, a tech empire, and a public company with a market capitalization just shy of $200 billion (and sitting on $20 billion in cold, hard cash). But perhaps the best way to assess Google?s impact on our lives is to tally the firms that had never imagined the company would ever matter to them but now see it as lethal. Year after year, Larry Page and Sergey Brin thought up new industries to penetrate and disrupt, sending old companies into utter disarray. Google went from a simple search and page-ranking algorithm to a mortal threat to the media, the entertainment industry, telecommunications, traditional advertising models?even coal mining. Today, in corporate boardrooms across the country, executives are looking at their companies? long-term prospects and asking themselves: When will Google try to kill us? Company by company, industry by industry, the growth of Google can be measured by the rivals who are dead, dying, or struggling to live. Here?s a sampling of the butcher?s bill. In 2000, the conventional wisdom around search looked utterly different than it does today. Companies like Yahoo [3] (YHOO), Lycos, Altavista, GoTo, and Excite all thought that the key to making money was to keep people staring at their Web sites for as long as possible. That way, you could flash garish banner ads at them, or pop-ups that distracted people as they searched for something that typically had nothing to do with the ads? content. In some cases, search engines offered companies a deal: Pay us a wad of cash, and your firm will rise in the search result rankings, regardless of how relevant it is to the search itself. Larry and Sergey rejected every one of these principles, hewing to the notion that search should be, you know, useful. They worked overtime to rank search results as accurately as possible and made sure you found what you wanted and got off of Google?s pages as quickly as you could. No banner ads would clutter their home page, and no pop-ups would slow the loading time. No one would be able to bribe their way to the top of the list. At the time, this seemed the very height of silliness. How else were you going to make money? But once Google thought up selling small, contextually relevant text ads next to the results, its money problems were over. In 2001, the company turned its first profit and went on from there. One by one, its rivals in those early days started to die off, being gobbled up by other firms and turned into specialty services. Only Yahoo and Ask.com remain?along with newcomer Bing?and Yahoo is desperately trying to find a way back to its glory years. Meanwhile, another line of businesses faced a mortal threat from Google: advertising agencies. Google adopted a concept from GoTo known as ?cost-per-click,? in which advertisers paid only when someone clicked on their text link. In addition, Google?s vast amount of search data gave advertisers an unprecedented amount of information about their targets. Google could match advertisers to their target audiences more accurately than anyone had ever been able to do. Before Google, advertising was an art, in which Madison Avenue offered oblique advice on how to reach customers. After Google, it was a science?and all those witch doctors were suddenly a lot less relevant. And Google was far from done. With these scalps hanging from its belt, the company had established its core business. Now, almost to pass the time, Larry and Sergey began to wonder what other industries they could disrupt. Shortly after 9/11, a badly shaken Google engineer named Krishna Bharat decided that he had to do something to make the world a better place. And what the world needed now more than ever, he decided, was fast and easy access to international news, especially given the conflict that was about to play out in the Middle East. Using his ?20 percent time? to play around, he invented Google News. Although newspapers hadn?t exactly been growing prior to this moment, the launch of Google News was a bullet aimed straight at the old media and typified Google?s seemingly naive attitude toward industries it was mauling. Thanks in large part to Google News, Craigslist, and Google?s core advertising business, traditional media went into a tailspin. Newspaper advertising revenue would drop by 9.4 percent in 2007, and 17.7 percent the following year. The Tribune Company, the Philadelphia Inquirer, and the Philadelphia Daily News all filed for bankruptcy. The Knight-Ridder chain would be broken up. The Boston Globe nearly closed down. The two major newspapers closest to the GooglePlex were hit hard as well; the San Jose Mercury News was forced to lay off 200 reporters and editors, and the San Francisco Chronicle began posting annual $60 million losses. Google isn?t the only reason for this catastrophe, but media moguls have all but declared war on it nonetheless. Rupert Murdoch?s News Corp. [4] (NWS), Dean Singleton?s national suburban newspaper chain, and the Dallas Morning News have all announced plans to charge subscriptions for their content?and ban the Google News spybots from scanning and indexing their pages. Meanwhile, Google was blithely menacing another outpost of traditional media: the book publishing business. In 2004 the company launched Google Book Search, a massive effort to digitally scan, archive, and present to the public millions of books from the country?s largest libraries. From Google?s perspective, this was a classic case of doing well by doing good; the company would expose millions to excerpts of books they could never access otherwise, and Google would dramatically expand its universe of searchable information. But to authors and publishing houses, who watched as book sales grew flatter and flatter with every year, the plan was practically an invitation to piracy. How easy would it be, they asked, for garden-variety hackers to download millions of copyrighted books and offer them for free? The Authors Guild and the Association of American Publishers sued Google for copyright infringement in 2005. The resulting proposed settlement may have satisfied the plaintiffs, but it unsettled untold numbers of copyright holders, who realized that the settlement would give Google the right to publish copyrighted material without informing the authors. And since the settlement empowered Google to sell digital copies of books online, it also unnerved another major player in book sales: Amazon (AMZN). And in 2006, Google threw the entertainment industry into a tizzy when it bought YouTube for $1.65 billion. Soon, users were uploading clips from The Daily Show and music videos onto the site, and Google?which planned to sell ads next to YouTube content?didn?t seem to care that other companies owned the work. Or, rather, its leaders claimed that it was up to the owners of that work to notify Google when someone in the world uploaded a five-minute clip of copyrighted material?even though policing someone else?s Web site would take enormous amounts of time and resources. This attitude left Hollywood, the television networks, and the music industry livid, and Viacom [5](VIA.B) led the charge when, in 2007, it sued Google for $1 billion in copyright infringement damages. Earlier this year, Google added another group to its enemies list: the telecoms. In March, Google launched Google Voice, a new service that promises?or threatens?to change the telephone forever. With Google Voice, users can consolidate their home phone, cell phone, and work phone numbers into a single number that they can keep even when moving to a new city. More importantly, it made phone calls, even long- distance calls, virtually free. Everyone from AT&T [6] (T) to eBay [7] (EBAY), which produces Skype, suddenly realized that they, too, were in the path of the Google juggernaut. In the meantime, Google has almost accidentally challenged the viability of countless other industries. Its release of Google Maps wiped out the business plan of AOL?s MapQuest. In 2007, Google announced a scheme to invest millions in renewable energy, with the express intent of reducing Americans? reliance on the coal industry. Larry and Sergey have personally invested a small fortune in manufacturing electric cars, which can?t make Big Oil very happy. This year, Google announced that users of Android-based smartphones would be able to use GPS navigation services for free?upending the whole point of the TomTom, which you actually have to buy. There?s just one case of a company picking a fight with Google, rather than the other way around. As Google showed the world how much money you can make on search, the tech world?s great behemoth, Microsoft, jumped into the business and took direct aim at the industry?s leader. But just as quickly, Google struck back, developing products that directly compete with Microsoft?s core business. Following its cloud- based computing model, the company rolled out Google Apps, a line of word-processing and spreadsheet services that goes head to head with the Microsoft Office software. Gmail competes directly with Hotmail. Google?s Chrome browser is designed to eat into Internet Explorer. And with the recent launch of the Chrome operating system, Google is offering an alternative to the Windows operating system. Google is now locked in a global war with one of the largest technology companies on Earth. If there?s one company that Google has historically been perfectly amicable with, it?s Apple [8] (AAPL). The two firms share a similar creativity-is-God ethos, and until recently Google CEO Eric Schmidt sat on Apple?s board of directors. But that friendship came to an end when Google decided to get into the business of selling ads on mobile smartphones. The company launched Android, its mobile Internet operating system, and gave it away to anyone, from Samsung to Motorola, who wanted to build a device that would go head to head with Apple?s iPhone. (Almost as a postscript, Google has launched the Chrome browser for Mac, which will directly compete with Apple?s Safari.) And after numerous smartphone manufacturers spent millions developing these phones, Google recently announced that it had built its own smartphone and may release it for sale in January. Companies that once depended on Google to help them compete with Apple now worry that the search giant may compete with them?and keep all the niftiest Android apps, which are key to any mobile device?s value, for itself. Of course, Google has stumbled a few times during the decade, particularly in the area of social media. Google Video, the company?s initial answer to the rise of YouTube, fizzled out. Knol, its attempt to build an alternative to Wikipedia, languishes somewhere in a dark corner of the Internet. And Orkut, Google?s effort to challenge MySpace, has itself been eclipsed by Facebook. And of all these challenges, none has yet proved lethal to the companies or industries in Google?s crosshairs. In fact, of the 150 products Google offers, only two?AdWords and AdSense?make significant amounts of money. In fact, Google?s threats have forced many industries to race to adapt to a new Internet reality that was coming anyway. Record labels and some movie studios have cut deals to offer content on YouTube and share revenue, for example. And NBC, News Corp., and Disney [9] were spurred to develop Hulu, the video-hosting site that may well signal a new revenue model for the entertainment industry. But consider all the mortal foes Google has racked up in the last decade. Microsoft. Amazon. Viacom. News Corp. AT&T. Every publishing house and newspaper in America. That?s quite a list for two men who once merely aspired to put the Gettysburg Address on your screen in a microsecond or two. What other businesses will they disrupt in the coming years? Will they set up a hedge fund, as Sergey Brin once suggested? Will they start predicting the weather? Just last week, the Federal Trade Commission reportedly began an investigation into whether Google was scanning local restaurant and business reviews posted on sites like TripAdvisor and OpenTable, organizing them on Google Maps, and selling ads next to content it didn?t generate. In industry after industry, by offering services for nothing, Google has metastasized the modern economic dilemma: Everything is free, but no one has a job. This was probably inevitable, and maybe we should thank Google for forcing us to face reality now, and in such a dramatic fashion. But as we look back on the last 10 years, one thing is clear: Google should change its slogan from ?Don?t be evil? to ?Be everywhere.? ?2009 WashingtonPost.Newsweek Interactive Co. LLC Source URL: http://www.thebigmoney.com/articles/0s-1s-and-s/2009/12/31/google-decade-ends Links: [1] http://www.thebigmoney.com/sites/default/files/091230_TBM_googleDecadeARTICLE.jpg [2] http://www.thebigmoney.com/search/quotemedia/goog [3] http://www.thebigmoney.com/search/quotemedia/yhoo [4] http://www.thebigmoney.com/search/quotemedia/nws [5] http://www.thebigmoney.com/search/quotemedia/via.b [6] http://www.thebigmoney.com/search/quotemedia/t [7] http://www.thebigmoney.com/search/quotemedia/ebay [8] http://www.thebigmoney.com/search/quotemedia/aapl [9] http://www.thebigmoney.com/search/quotemedia/dis [10] http://www.thebigmoney.com/users/christhompson From rforno at infowarrior.org Thu Dec 31 17:40:23 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 31 Dec 2009 12:40:23 -0500 Subject: [Infowarrior] - The Evil (Cyber) Empire Message-ID: <9B7659E6-9A0C-4F8C-9CFA-0A599957C91E@infowarrior.org> The Evil (Cyber) Empire Inside the world of Russian hackers. By Yulia Taratuta, Igor Ivanov, Svetlana Zaitseva, and Mikhail Zygar | Russky Newsweek http://www.newsweek.com/id/228674/output/print Did Russian hackers manage to steal tens of millions of dollars from Citigroup? While The Wall Street Journal reports that the FBI is investigating the alleged loss, the financial organization denies losing money in such a security breach. It may take awhile to uncover the truth, but reports of the attack have cast yet another spotlight into the shadowy world of cybercrime. This report, adapted from a cover package by NEWSWEEK's Russia-language partner,Russky Newsweek, takes a closer look at those behind this global threat. (Click here for a look at the world's top 10 spammers). The assaults may seem to be political. In 2007, a cyberattack on Estonia, home of the popular Internet phone company Skype, paralyzed the country's entire government. Then, when the Russia-Georgia conflict flared in 2008, software suddenly became available to anyone wanting to wage their own personal cyberwar on the Georgian capital of Tbilisi. And later that year, Lithuania too became a cyber-victim when it vetoed negotiations between Russia and the European Union. Indeed, NATO takes the threat of cyber-warfare so seriously that it signed off on a special report on the topic during its parliamentary assembly last October. "Although there is no conclusive evidence that the cyberattacks in Georgia were executed or sanctioned by the Russian government," the NATO report notes, "there is no evidence that it tried to stop them, either." Russian lawmaker Nikolai Kovalyov angrily dismisses these allegations as propaganda from the Cold-War era. "The report does not contain a single piece of evidence of the mythical Russian cyberthreat or a Russian trail from the cross-border cyberattacks," he says. Still, NATO has little doubt that?official or no?the attacks have a common Russian thread: the Russian Business Network (RBN), a shadowy cyberstructure that is reported to have sold hacking tools and software for accessing U.S. government systems. According to the NATO investigators, however, political subversion is little more than a sideline for these hackers. Their real goal: stealing money through scams, spam, and infiltrating the networks of Western banks. Reportedly started by someone operating under the name "Flyman," RBN is known as the mother of cybercrime among online investigators. Fran?ois Paget, senior expert for the McAfee company, says that RBN began as an Internet provider and offered "impenetrable" hosting for $600 a month. This meant a guarantee that it would not give out information about its clients, no matter what business they were in. Aleksandr Gostev, director of Kaspersky Labs, a global research and threat analysis center, believes that RBN's servers are located in Panama. "Confidential data about clients can be obtained only by a court decision," a Newsweek source familiar with the situation says. "But what court do you apply to if criminal ties are discovered? A Panamanian court?" Paget says that RBN was once known as the most active criminal group in the virtual world. Crime researchers are uncertain as to whether RBN itself was a real organization or whether it just offered a virtual home to cybergangs. According to one study, the network comprised 406 addresses and 2090 domain names by the end of 2007. That same year, the group?hounded both by Russian and American law- enforcement agencies?seemed to disappear. That, however, may have been an illusion. RBN may have vanished, but the host organization gave birth to multiple evil offspring operated by Russian expats and deployed on servers in China, Turkey, Ukraine, and the United States. "The world got about 10 RBNs," says Gostev. The original RBN was behind the cyberattack on Estonia, Paget says, and, according to a study by the U.S. Cyber Consequences Unit (US? CCU), one of its successors was behind the virtual assault on Georgia. RBN's real money, though, is believed to come from sources that include spam, child porn, online casinos, and phishing scams to steal bank passwords and card numbers. One of RBN's most prosperous businesses is Internet pharmacies, with the international organization Spamhaus naming Canadian Pharmacy as the main propagator of criminal cyberschemes. Sources in the market say that this is a drug-selling network comprising several dozen virtual pharmacies making sales, mostly to the U.S. The name of the main Web site to which the pharmacies relay their orders?glavmed.com?is distinctly Russian; the illegally-copied medications are said to be made in India. Those who order from these sites are likely to have their e-mail addresses harvested and sold to spammers, who then inundate them with offers for everything ranging from pharmaceuticals to porn. According to Dmitry Golubov, who describes himself as the leader of the Internet Party of Ukraine, a group of 20 to 25 people account for 70 percent of the world's spam. "A database of active e-mails costs money," says Golubov. "For example, a million addresses of purchasers of access to porn resources costs $25,000 to $30,000." Golubov prefers not to discuss his own Internet profits, although he too is said to have been part of RBN. The McAfee company calls him the No. 1 carder?hackers who steal from bank cards?in the world. In a conversation with Russky Newsweek, however, Dmitry Golubov denied everything. "On September 29, 2009, the Solomensky District court in Kiev dropped the criminal case against me for lack of corpus delicti," he says, adding that he is not aware that he is in trouble with the law outside Ukraine. Like the original RBN, many of its spinoffs are under scrutiny. The company Hoster McColo, registered in California, was pushed offline following a petition by the U.S. Federal Trade Commission (FTC) citing it for spam and what is known as distributed denial of service attacks. (The company's founder, racer Nikolai McColo, was killed when he crashed into a metal pillar during one of his high-speed nighttime drives in Moscow in 2007.) Another RBN affiliate, the Atrivo company, had its license revoked and was disconnected from the Internet on a charge of disseminating porn and viruses and theft of information. EstDomains, an Estonian subsidiary of the "mother of cyberterrorism," suffered a similar disconnect at the FTC's initiative, when the host 3FN, a Russian-language service created by a native of Latvia, was forced out of operation. And last January the company Ukrtelegrup, another mainstay of cybercrime, bit the dust. It had been accused of creating a program that made it possible to steal users' personal information, including financial data. The hacker community, however, doesn't believe that RBN is dead. "RBN's cause is alive even now," one authoritative member insists. Certainly, the cause counts for more than the location. After the attack on Estonia, Russian lawmaker Kovalyov noted angrily that 60 percent of the disruptive traffic came from the United States and 30 percent from China. Only 10 percent came from Russia, he said. That Estonia was attacked primarily from American territory hardly means that the culprits were on American soil. In effect, hackers can operate virtually from anywhere in the world. Via viruses, hackers create "botnets" that utilize zombie PCs in foreign lands to send out spam, or, say, launch a cyberattack. In other words, unsuspecting users become the source of the malicious traffic?and physical distance no longer offers any protection against crime or political subversion. Translated from the Russian by Steven Shabad Find this article at http://www.newsweek.com/id/228674 ? 2009 From rforno at infowarrior.org Thu Dec 31 17:43:59 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 31 Dec 2009 12:43:59 -0500 Subject: [Infowarrior] - =?windows-1252?q?=91Free=92_TV_Could_Cost_More_Du?= =?windows-1252?q?e_to_Fox=92s_Demands?= Message-ID: ?Free? TV Could Cost More Due to Fox?s Demands ? By Eliot Van Buskirk ? December 30, 2009 | ? 5:43 pm | ? Categories: Commerce, Media, Miscellaneous, Video http://www.wired.com/epicenter/2009/12/free-tv-isnt-free-but-could-cost-more-due-to-foxs-demands/ Time Warner Cable responded to Fox Network's demands for more money by posting this "ransom note" on its RollOverorGetTough.com site. For football fans with Time Warner Cable subscriptions, 2010 could start out on the wrong foot, now that Fox Network has threatened to pull its programming, including the traditional New Year?s Day Sugar Bowl and Cotton Bowl football games ? unless the cable giant agrees to pay Fox more money. If these companies fail to come to an agreement before the ball drops in Times Square Thursday night at midnight, Fox and its affiliate networks will disappear from Time Warner Cable. Alternatively, if the two companies come to an agreement before then, your cable or satellite bill will likely increase by $12 to $20 per year, as the price hike spreads through the rest of the industry. In a last-minute bid to stave off the impending outage, Sen. John Kerry (D-Massachusetts) asked both companies to agree to binding arbitration supervised by the FCC, keeping Fox programming on Time Warner until they agree on a new rate. Time Warner agreed to this, as one would expect, because it would avoid an outage and buy them more time to negotiate. Fox has yet to reciprocate, also as one would expect, because arbitration would take its only trump card ? a service disruption ? off the table. (Update: News Corps. told employees to expect an outage.) Unless something changes within the next 30-plus hours, Time Warner Cable subscribers will lose Fox programming on New Year?s Day. This would inconvenience millions, but it?s not ?the end of free TV? some are calling it. First, Fox?s over-the-air broadcasts will remain free for anyone with an antenna and digital receiver who lives within range of a local Fox affiliate. Time Warner advises its customers on its Get Tough or Roll Over website that if Fox pulls its programming, they should buy rabbit ears or an HDTV receiver in order to grab those bowl games, NFL games, American Idol, House and 24 out of the air. It?s a hassle, but it?s free. Second, the networks? ?free? stations are not free for cable and satellite to retransmit, contrary to what has been reported elsewhere. Pay-TV networks routinely pay television networks and affiliates through a mix of cash, free advertising and barter, according to Multichannel News senior finance editor Mike Farrell. For instance, he said it?s common for a cable company to gain the right to retransmit a given network?s programming (Fox, NBC) in exchange for paying for the broadcasters? cable-only channels (Fox Soccer Channel, MSNBC). The only difference this time around is that Fox is asking for $1 per subscriber per month, which represents a significant increase over what Time Warner is paying now. And Time Warner will pass some, if not all, of that increase on to consumers. Fox's KeepFoxOn.com website encourages viewers to demand that Time Warner acquiesce to its proposed price increase before midnight on Thursday night. ?A buck is a lot ? that?s a big increase,? said Farrell. ?From all these retransmission deals, the broadcasters always say that they got cash, and the cable guys always say they didn?t pay cash, but [rather they trade] in-kind services and advertising?. The increases are just getting so much that they can?t offset it anymore, and they have to pass some of this on to people.? Cable and satellite providers already pay networks and many affiliate stations between 15 and 60 cents per subscriber per month, depending on market size, according to Miller Tabak analyst David Joyce. So this is not about ?the end of free television.? It?s about customers paying more for television ? even if the weak ad market improves. ?At $1 per subscription, the ramifications are big for the broader industry, and it ultimately means consumers will pay in the end,? said IDC analyst Danielle Levitas. ?The recession has brought this whole thing to a head,? said Farrell. ?Advertising revenue at stations and for broadcast networks has been dismal, and practically every [network] has said that they want the dual revenue stream that cable networks get.? The price increase Fox specifically is asking for won?t cost subscribers much, at first anyway. Joyce predicted in a Dec. 21 report that even if Time Warner agrees to pay $1 per subscriber per month to Fox Network and 15 cents to Fox affiliate stations, it would have a minimal impact on the company?s costs ?- and, by extension, subscribers? cable bills. But as Fox?s agreements with other pay-TV providers expire, which will happen over the next three years, he estimates that Fox Networks would earn an additional $472 million in annual revenue from cable and satellite providers. The other networks will likely follow Fox?s lead in demanding higher fees, driving up pay-TV companies? costs even further. The networks have long been jealous of cable channels that charge pay-TV companies for programming that includes advertisements. This gives them dual revenue streams, and those fees helps them weather a lean ad market. In other words, Fox and the News Corp.?s cable channels (also a part of these negotiations, according to Joyce) could be leveraging the recession to push through price increases they?ve been contemplating for some time. Earlier this month, CBS head Les Moonves told investors he expected to rake in $250 million in additional network retransmission fees in 2012 (affiliates would receive additional payments). Extrapolating this to the other three networks, that?s an extra $2 billion or so per year that cable and satellite providers would have to pay to television studios, according to Farrell, should the Fox model spread. Those costs will be passed on to television subscribers, as Time Warner admits on its website. Given that approximately 100 million American households subscribe to pay television services, an increase to $1 per subscriber per month would increase the average American household?s cable or satellite bill by $20 per year. Analysts expect Fox to settle for 60 cents or so, rather than $1 ? a scenario that would increase the average subscriber?s bill by about $12 per year instead. Nobody wants to pay more for cable or satellite programming, and losing Fox?s New Year?s Eve special or these bowl games on New Year?s Day would certainly rile thousands of Time Warner cable subscribers. But ?the end of free TV?? Hardly. Even if that were true, we?d still have the internet. From rforno at infowarrior.org Thu Dec 31 17:54:09 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 31 Dec 2009 12:54:09 -0500 Subject: [Infowarrior] - =?windows-1252?q?Delta_Says_Security_Failures_Put?= =?windows-1252?q?_Travelers_in_=91Peril=92_=28Update2=29?= Message-ID: Delta Says Security Failures Put Travelers in ?Peril? (Update2) Share Business ExchangeTwitterFacebook| Email | Print | AAA http://www.bloomberg.com/apps/news?pid=20601087&sid=a8lLgFyRkgT8&pos=9# By Mary Jane Credeur Dec. 31 (Bloomberg) -- Delta Air Lines Inc. Chief Executive Officer Richard Anderson said he?s ?disappointed? government security implemented in the past decade failed to prevent an attempted terrorist attack on Christmas Day. International screening and passenger watch lists started after the September 2001 attacks and the 1996 explosion of TWA Flight 800 over the Atlantic Ocean shouldn?t have let another incident happen, Anderson said in a weekly recorded message to employees. A Nigerian man tried to blow up a flight by Delta?s Northwest unit Dec. 25, the U.S. Department of Justice said. ?We?re obviously disappointed that given all the work we?ve put in to building the advance passenger notification system, and following all the screening guidelines since TWA 800 and after 9/11, to have this occur again is disappointing to all of us,? Anderson said. Terrorism was suspected in the TWA flight until the National Transportation Safety Board determined a wiring short-circuit caused fuel-tank vapors to explode. He said the air travel security efforts ?over the last decade really ought to give us a better result than the peril our crew and passengers faced on Christmas.? The airline, based in Atlanta, will ?make our points clear in Washington? as the government reviews what happened, Anderson said. President Barack Obama has called for an investigation of what he called the ?systemic failure? of security procedures that allowed Umar Farouk Abdulmutallab to get through security in Nigeria and Amsterdam with explosives in his underwear. Not on List Abdulmutallab tried to detonate the device as Flight 253 prepared to land in Detroit, the Department of Justice said. Other passengers subdued him, and the plane landed safely. The Nigerian man?s father had warned officials at the U.S. embassy in Nigeria that he was worried about his son?s extremist views, U.S. authorities said. Abdulmutallab had been placed on a watch list known as the Terrorist Identities Datamart Environment, or TIDE, though he wasn?t on the ?no-fly? list that would have kept him off the plane, officials said. Obama was scheduled to receive preliminary results of the government inquiry today. The Netherlands and Nigeria said yesterday they will start using full-body scanners on passengers to detect explosives. Delta and Northwest, carriers that merged in 2008, received a single operating certificate today from the U.S. Federal Aviation Administration that allows the airlines to combine flight schedules and ticketing. Delta fell 3 cents to $11.34 at 12:21 p.m. in New York Stock Exchange composite trading. The shares have fallen 1 percent this year. To contact the reporter on this story: Mary Jane Credeur in Atlanta at mcredeur at bloomberg.net . Last Updated: December 31, 2009 12:25 EST From rforno at infowarrior.org Thu Dec 31 22:00:22 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 31 Dec 2009 17:00:22 -0500 Subject: [Infowarrior] - FCC Chairman Spams Facebook Friends Message-ID: <9806F1A6-B5DD-476E-8F53-4BF40B25B2AB@infowarrior.org> December 31, 2009, 3:20 pm Whoops! F.C.C. Chairman Spams Facebook Friends By BRAD STONE http://bits.blogs.nytimes.com/2009/12/31/whoops-fcc-chairman-spams-facebook-friends/?hp Update | 3:27 p.m. Adding statement from Facebook at the end. Facebook scam artists have closed out 2009 by snagging a prominent victim: Julius Genachowski, chairman of the Federal Communications Commission. On Friday morning at around 10:30 a.m., Mr. Genachowski sent his Facebook friends this puzzling message: ?Adam got me started making money with this.? It was followed by a link to a Web page that is no longer active. The messages indicated that Mr. Genachowski?s account had been taken over by a malicious program that was using it to send out spam. As of Friday afternoon Mr. Genachowski?s Facebook profile was no longer visible on the site. A Facebook spokesman, Larry Yu, said the company learned of the problem this morning and suspended the account, as it routinely does in such cases. An F.C.C. spokeswoman declined to comment. The chairman is by no means alone in getting inadvertently embroiled in social networking scams that can be embarrassing. I wrote about such scams earlier this month, noting that the humiliation sown by these attacks is usually just a byproduct of spammer efforts to get people to click on various links. It?s not clear how Mr. Genachowski?s Facebook account was compromised; perhaps he or a family member clicked on a malicious link, allowing his account to be taken over. The most important question: Who the heck is Adam? Update: Facebook sent this statement, which indicates that if Mr. Genachowski wants to continue to use Facebook, he will have to get some education about the safe use of this particular form of communication. We take security very seriously and have devoted significant resources towards helping our users protect their accounts. We?ve developed complex automated systems that detect and flag Facebook accounts that are likely to be compromised (based on anomalous activity like lots of messages sent in a short period of time, or messages with links that are known to be bad). Because Facebook is a closed system, we have a tremendous advantage over email. That is, once we detect a phony message, we can delete that message in all inboxes across the site. We also block malicious links from being shared and work with third parties to get phishing and malware sites added to browser blacklists or taken down completely. Users whose accounts have been compromised are put through a remediation process, where they must take steps to re-secure their account and learn security best practices. This is what happened with Chairman Genachowski?s account. To combat these threats, however, we need users? help too. You can protect yourself by never clicking on strange links, even if they?ve been sent by friends, and by being wary of sites that ask you to download or upgrade software. We educate people about online security through our Facebook Security Page, which has well over one million fans.