From rforno at infowarrior.org Sun Feb 1 17:43:45 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 1 Feb 2009 12:43:45 -0500 Subject: [Infowarrior] - ACTA hypocrascy Message-ID: <0FD6F5D2-CF3C-4F0A-A50B-FF6AB93E9F69@infowarrior.org> Remember ACTA, the Anti-Counterfeiting Trade Agreement? Here's the US response to FOIA requests to see the deliberation papers, drafts, documents, and proposed treaty languages.....IMHO it's things like this that give "pirates" or "hackers" the moral high ground in this issue when they "circumvent" or "disclose" IP protection schemes made under such dubious claims of secrecy. ---rf http://techdirt.com/articles/20090129/1955073576.shtml < - > Apparently the US Trade Representative is refusing to release most of the documents requested under the FOIA claiming (I kid you not) that to release such documents could "implicate national security or expose the USTR's deliberative processes." But, of course, the USTR had no problem at all sharing all this info with entertainment industry lobbyists. In the few documents that were released, it turns out that the USTR met privately with representatives of various "anti-piracy" lobbying groups multiple times in 2008 -- without bothering to consult with the folks who these laws would actually impact. In other words, they're getting one side of the story. Even worse, those lobbyists have been called out, repeatedly -- by the US government, no less -- for outright fabrications concerning the impact of piracy and counterfeiting. So why is the USTR only relying on them for determining how this trade agreement will work? And why is there no effort to make these negotiations more public so that all stakeholders have a say? From rforno at infowarrior.org Sun Feb 1 17:44:16 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 1 Feb 2009 12:44:16 -0500 Subject: [Infowarrior] - M-Lab network test tools Message-ID: <1D8DCD0C-B5BD-43D8-AA51-3CFAF0D1EA26@infowarrior.org> http://measurementlab.net/measurement-lab-tools.html Use tools running on M-Lab to test your Internet connection. * Network Diagnostic Tool Test your connection speed and receive sophisticated diagnosis of problems limiting speed. * Glasnost Test whether BitTorrent is being blocked or throttled. * Network Path and Application Diagnosis Diagnose common problems that impact last-mile broadband networks. * DiffProbe (coming soon) Determine whether an ISP is giving some traffic a lower priority than other traffic. * NANO (coming soon) Determine whether an ISP is degrading the performance of a certain subset of users, applications, or destinations. M-Lab is at the beginning of its development. As M-Lab develops and more researchers participate, the suite of tests will grow. The tools aim to be as accurate as possible, but because they are in development and attempting to measure complex issues, there may be bugs or errors. There may also be other limitations in the tools; for instance, a slower than expected speed might be the result of the testing server being located geographically far from your computer, rather than a problem with your ISP. If you have questions about the tools themselves, you should direct them to the researcher responsible for the tool. As M-Lab develops, researchers will be able build tools with increasing accuracy and functionality. You may experience delays in running the tools, as they only allow a limited number of simultaneous users at this stage. In order to advance Internet research, all data collected through M- Lab may be made publicly accessible. By using one of the tools, you will generate and send some data back-and-forth with an M-Lab server. The tools collect data related to the particular communication "flows" generated by the tool. These client-server tests do not collect information about your other Internet traffic such as your emails, Web searches or any personally identifiable information, unless you affirmatively provide it in response to a specific request (such as a form that asks you to provide your email address as well). Some researchers may offer client-server tests that use M-Lab, combined with separate components that measure other Internet traffic and do not rely on M-Lab. These tools will only report the client- server test data back to M-lab and will not report any data about your other Internet traffic back to the M-Lab servers. That data will go directly to the researcher responsible for the tool. The tools are all created by individual researchers, not M-Lab itself. The M-Lab servers are currently provided by Google Inc., and may in the future be provided by other organizations and companies. From rforno at infowarrior.org Sun Feb 1 17:58:22 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 1 Feb 2009 12:58:22 -0500 Subject: [Infowarrior] - Local Police Want Right to Jam Wireless Signals Message-ID: (Funny how they keep invoking Mumbai as an example for the need to jam cellular systems. When will these overly-paranoid LEOs realize that the technology is only ONE aspect of a countermeasure, and that a well- trained, coordinated, and disciplined adversary will realize this possibility and thus would not be dependent on constant communications during their operations? While in some cases jamming is a good idea (ie, Inauguration) IMHO all this sort of 'solution' does is *slightly* reduce adverse consequences while increasing collateral ones. ---rf) Local Police Want Right to Jam Wireless Signals By Spencer S. Hsu Washington Post Staff Writer Sunday, February 1, 2009; A02 http://www.washingtonpost.com/wp-dyn/content/article/2009/01/31/AR2009013101548_pf.html As President Obama's motorcade rolled down Pennsylvania Avenue on Inauguration Day, federal authorities deployed a closely held law enforcement tool: equipment that can jam cellphones and other wireless devices to foil remote-controlled bombs, sources said. It is an increasingly common technology, with federal agencies expanding its use as state and local agencies are pushing for permission to do the same. Police and others say it could stop terrorists from coordinating during an attack, prevent suspects from erasing evidence on wireless devices, simplify arrests and keep inmates from using contraband phones. But jamming remains strictly illegal for state and local agencies. Federal officials barely acknowledge that they use it inside the United States, and the few federal agencies that can jam signals usually must seek a legal waiver first. The quest to expand the technology has invigorated a debate about how widely jamming should be allowed and whether its value as a common crime-fighting strategy outweighs its downsides, including restricting the constant access to the airwaves that Americans have come to expect. "Jamming is a blunt instrument," said Joe Farren, vice president of government affairs for the Cellular Telecommunications Industry Association. He and others pointed out that when authorities disable wireless service, whether during a terrorist attack or inside a prison, that action can also stop the calls that could help in an emergency. During November's raids in Mumbai, for example, citizens relied on cellphones to direct police to the assailants. Propelled by the military's experience with roadside bombs in Iraq and Afghanistan, jamming technology has evolved to counter bombs triggered by cellphones, garage openers, remote controls for toy cars or other devices that emit radio signals. Federal authorities rank improvised bombs, which are cheap and adaptable, as one of the greatest terrorist threats to the West. On Inauguration Day, federal authorities were authorized to jam signals at some locations in downtown Washington, according to current and former federal officials. The Secret Service and other officials declined to provide specific details, some of which are classified. Most of the nearly 2 million people attending the swearing-in and along the parade route would have been oblivious to any unusual disruption. "Chances are, you wouldn't even notice it was there," said Howard Melamed, an executive with CellAntenna Corp., a small Coral Springs, Fla., company that produces jamming equipment. If someone in the crowd was on a call, they might have confused the jamming with a dropped signal. "Your phone may go off network," he said. In other cases, "it may never signal, if it's a quick interruption." Industry officials said that radio-jammers work in several ways: They can send a barrage of energy that drowns out signals across multiple bands or produce a surge of energy on a particular frequency. In other instances, the devices detect and disrupt a suspicious signal, a technique known as "scan and jam." Some private citizens, hoping to eliminate cellphone calls in restaurants, churches or theaters, have tapped into an underground market of jamming equipment that has trickled into the United States. But that, too, is illegal under the 70-year-old federal telecommunications act, which bans jamming commercial radio signals. The Federal Communications Commission has begun to crack down on private use, which is punishable by an $11,000 fine. The U.S. military is capable of shutting down communications across a wide area and has done so overseas, including when it has conducted raids to capture suspects. To counter explosives, devices can be set to jam signals for a distance of 50 to 500 meters, for example, or enough to allow a car to pass out of the blast zone of a small bomb. Some federal agencies, including the FBI and the Secret Service, have standing authority to use jamming equipment or can request waivers from the National Telecommunications and Information Administration, a Commerce Department agency, when there is an imminent threat, a federal official said. Jamming has been approved in the past for major events, ranging from State of the Union addresses to visits by certain foreign dignitaries, according to a federal official who spoke on the condition of anonymity because he was not authorized to talk about the subject. After transit bombings in Europe, the Department of Homeland Security reached an agreement in 2006 under the National Communications System with cellphone companies to voluntarily shut down service under certain circumstances, which could disable signals for areas ranging from a tunnel to an entire metropolitan region, a DHS official said. Much of the controversy has been fueled by the growing demands from state and local governments. In the District, corrections officials won permission from the FCC for a brief test of jamming technology at the D.C. jail last month, after citing the "alarming rate" of contraband phones being seized at prisons around the country. "Cell phones are used by inmates to engage in highly pernicious behavior such as the intimidation of witnesses, coordination of escapes, and the conducting of criminal enterprises," D.C. corrections chief Devon Brown wrote to the federal agency. The test has been put on hold because of a legal challenge, but the city will keep seeking permission, said D.C. Attorney General Peter J. Nickles. Texas prison officials made a similar request last fall after a death row inmate placed an illicit call threatening a state legislator, and South Carolina corrections officials said their department staged a test without permission in November. In a pilot project, the FBI deputized about 10 local bomb squads across the country in 2007 so they could use a small number of radio jammers similar to the military equipment used overseas. The local pleas for expanded permission are beginning to get a friendly reception on Capitol Hill. Sen. Joseph I. Lieberman (I- Conn.), chairman of the Senate homeland security committee, plans to introduce legislation that would give law enforcement agencies "the tools they need to selectively jam" communications in the event of a terrorist attack, a spokeswoman said. Sen. Kay Bailey Hutchison (Tex.), the ranking Republican on the Senate Commerce Committee, has introduced a bill that would allow the U.S. Bureau of Prisons and governors to seek waivers from the FCC to jam calling at prisons. "When lives are at stake, law enforcement needs to find ways to disrupt cellphones and other communications in a pinpointed way against terrorists who are using them," New York City Police Commissioner Raymond F. Kelly told a Senate panel Jan. 8. He also cited the Mumbai terrorist attacks, when hostage-takers used media spotters and satellite and mobile phones to help them outmaneuver police at hotels, train stations and other targets. Backing up such requests are the commercial interests that could provide the jammers. Melamed, with CellAntenna, has worked for several years to open what the company forecasts could be a $25 million line of domestic jamming business for itself, and the amount could be more for bigger players such as Tyco and Harris Corp. He said rules that prevent government agencies from blocking signals don't make sense. "We're still trying to figure out how it's in the best interest of the public to prevent bomb squads from keeping bombs from blowing up and killing people," he said. But the cellular industry trade group warns that letting the nation's 18,000 state and local law enforcement agencies decide when and where to jam phone calls would create a messy patchwork of potential service disruptions. Critics warn of another potential problem, "friendly fire," when one agency inadvertently jams another's access to the airwaves, posing a safety hazard in an emergency. Farren said there are "smarter, better and safer alternatives," such as stopping inmates from getting smuggled cellphones in the first place or pinpointing signals from unauthorized callers. Still, analysts said, events such as the Mumbai attacks may tip the debate in favor of law enforcement. "Without something like Mumbai, the national security and public safety cases would not be as compelling," said James E. Katz, director of the Center for Mobile Communication Studies at Rutgers University. "Now, the burden of proof has been shifting to people who don't want these exceptions, rather than the people who do." From rforno at infowarrior.org Sun Feb 1 22:17:54 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 1 Feb 2009 17:17:54 -0500 Subject: [Infowarrior] - HR 45: House Bill to require Fed. License to Own a Gun Message-ID: <819DA539-DAE4-4473-ADC4-D027EE2F9F0A@infowarrior.org> HR 45: House Bill to require Fed. License to Own a Gun http://www.snowflakesinhell.com/2009/01/13/the-cards-are-being-dealt/ We have at least one gun control bill introduced in Congress. Thanks to Jdude for bringing this to my attention. Introduced by Congressman Rush, called HR45. It is a bill that mandates licensing, registration and safe storage for handguns and semi-automatic rifles with detachable magazines. It also provides for inspection, so you surrender your fourth amendment rights by being licensed. It also requires reporting of Lost and Stolen firearms, and you must inform the federal government if you change addresses. Text of Proposed Bill: http://thomas.loc.gov/cgi-bin/query/z?c111:H.R.45.IH: From rforno at infowarrior.org Tue Feb 3 02:58:50 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 2 Feb 2009 21:58:50 -0500 Subject: [Infowarrior] - Google Earth 5.0 Message-ID: <5FE9DA76-ACAF-4FFB-B1BD-ADD1FF827AB9@infowarrior.org> Introducing Google Earth 5.0 Users can dive into the ocean, travel back in time and visit Mars in the newest version of Google Earth SAN FRANCISCO, Calif. (February 2, 2009) ? Google Inc. (NASDAQ: GOOG) today announced the launch of ocean in Google Earth, a new feature that enables users of Google Earth to dive beneath the water surface, explore 3D underwater terrain and browse ocean-related content contributed by leaders in ocean science and advocacy. The new version of Google Earth also introduces Historical Imagery, a feature that enables users to virtually travel back in time through archival satellite and aerial imagery, Touring, which makes it simple to create a narrated tour in Google Earth and share it with the world and Google Mars 3D, which features hi-res imagery and terrain of the red planet. "With this latest version of Google Earth you can not only zoom into whatever part of our planet?s surface you wish to examine in closer detail, you can now dive into the world?s oceans that cover almost three-quarters of the planet and discover new wonders that had not been accessible in previous versions of this magical experience," said The Honorable Al Gore at this morning's launch event in San Francisco. "Moreover, with the new historical imagery feature, you can look back in time and see for yourself the unprecedented pace of change taking place on the Earth ? largely because of human influences. For example, you can watch the melting of the largest glacier in Glacier National Park?the Grinnell Glacier?image by image, for the last decade." "In discussions about climate change, the world's oceans are often overlooked despite being an integral part of the issue," said Eric Schmidt, CEO of Google. "About one-third of the carbon dioxide that we emit into the atmosphere ends up in the oceans. Furthermore, biodiversity loss in our oceans in the next 20-30 years will be roughly equivalent to losing an entire Amazon rainforest, but this goes unnoticed because we can't see it. This is why today's launch of Google Earth 5.0 is so important - it gives us an opportunity to change everyone's perspective." Ocean in Google Earth combines sea floor terrain and expert content to provide users with an opportunity to explore some of the most difficult-to-reach parts of the world. Virtual travelers to Hawaii, for example, can examine underwater volcanoes, see videos about the exotic marine life of the region, read about nearby shipwrecks and contribute photos and videos of favorite surf spots. The ocean feature is on by default in the newest version of Google Earth. As users zoom in on the ocean they will see a dynamic water surface, and once they dive beneath the surface they can navigate 3D sea floor terrain. The feature includes 20 content layers, containing information contributed by the world's leading scientists, researchers, and ocean explorers (for a full list of partners please visit http://earth.google.com/ocean/partners.html). These include: * An "Explore the Ocean" layer containing photos and videos about ocean hot spots around the world contributed by over 80 individuals and organizations * A National Geographic Magazine geo-quiz and overlays from their new Atlas of the Ocean * Videos from the archives of Jacques Cousteau, featuring never- before-seen footage of historic ocean expeditions "What this project helped me begin to understand," said John Hanke, Director of Google Earth and Maps, "is the role the ocean plays in global climate change and the impact that humans are having on the oceans and the creatures that live in it. It was a serious omission on our part not to include a better treatment of the oceans when we launched Google Earth, and I'm very happy that we've been able to address that. We now have a good substrate for publishing and exploring data about the 'other' two-thirds of the planet." The new feature was developed in close collaboration with oceanographer and National Geographic Explorer-in-Residence Sylvia Earle and an advisory council of leading ocean advocates and scientists. "I cannot imagine a more effective way to inspire awareness and caring for the blue heart of the planet than the new ocean in Google Earth, " said Sylvia Earle. "For the first time, everyone from curious kids to serious researchers can see the world, the whole world, with new eyes. In a stroke, Google Earth brings life and character to the blue part of the planet, and makes obvious the many ways land, water, atmosphere and living systems connect. Many 'aha!' moments are sure to come as people discover new patterns, new correlations, and countless personal discoveries while vicariously diving into the waters of the world." The announcement was made this morning at the California Academy of Sciences in San Francisco, one of the nation?s leading institutions for scientific education and research. Following the announcement, local fourth graders participated in an interactive lesson on marine ecosystems, designed specifically by Academy educators to use the new ocean feature. ?Information technology is key to the work that Academy scientists and educators do, and Google Earth is a leading example of such technology,? said Dr. Greg Farrington, Executive Director of the Academy. ?Ocean in Google Earth opens up a new world of opportunities to explore and educate the public about the least understood parts of our planet.? Also launched today: Historical imagery: In previous versions of Google Earth, users could only view only one set of imagery for a given location. Now users can activate a time slider to see both newer and older satellite imagery from around the globe, enabling them to observe a single location's development over time. Touring is a simple new way for users to create narrated tours of imagery and content in Google Earth. By simply pressing the "record" button, users can fly from place to place, zoom in or out and click on content balloons, providing voiceover narration along the way. Whether creating a tour of one's family home or an in-depth study of environmental change, the tours are easy to create and even easier to share. Google Mars 3D is the latest stop on Google's virtual tour of the galaxy. Users can travel to Mars with the click of a button and see high resolution imagery and 3D terrain. They can fly to the top of Olympus Mons, the tallest volcano in our solar system, read geo- located excerpts about different locations on the planet from A Traveler's Guide to Mars, observe where various Mars Rovers and Landers have touched down and much more. GPS Tracking - Previously only available in the Plus and Pro versions of Google Earth, now all users can upload tracks from GPS devices (including many Garmin, Magellan, and NMEA-compatible devices) to Google Earth, making it easy to visualize and record running, hiking and biking routes. Google Earth 5.0 is now available in 41 languages (previously 26):English (US), English (GB), French, Italian, German, Spanish (Spain), Spanish (Latin America), Dutch, Simplified Chinese, Traditional Chinese, Japanese, Korean, Portuguese (Brazil), Russian, Polish, Turkish, Thai, Arabic, Swedish, Finnish, Danish, Portuguese (Portugal), Romanian, Hungarian, Hebrew, Indonesian, Czech, Greek, Norwegian, Vietnamese, Bulgarian, Croatian, Lithuanian, Slovak, Filipino, Slovenian, Serbian, Catalan, Latvian, Ukrainian, and Hindi. Product descriptions, visuals and more can be found at http://sites.pressatgoogle.com/ocean . Broadcast quality b-roll is available at www.thenewsmarket.com/google. About Google Earth Google Earth combines satellite imagery, maps and the power of Google's search service to make the world's geographic information easily accessible and useful. There have been over 500 million unique downloads of Google Earth since the product's launch in June, 2005. Google Earth can be downloaded for free at http://earth.google.com/. About Google Inc. Google's innovative search technologies connect millions of people around the world with information every day. Founded in 1998 by Stanford Ph.D. students Larry Page and Sergey Brin, Google today is a top web property in all major global markets. Google's targeted advertising program provides businesses of all sizes with measurable results, while enhancing the overall web experience for users. Google is headquartered in Silicon Valley with offices throughout the Americas, Europe and Asia. For more information, please visit http://www.google.com . ### Google and Google Earth are trademarks of Google, Inc. All other company and product names may be trademarks of the companies with which they are associated. Media Contact: Kate Hurowitz press at google.com 650-930-3555 From rforno at infowarrior.org Tue Feb 3 13:32:23 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 3 Feb 2009 08:32:23 -0500 Subject: [Infowarrior] - Holder Confirmed As Attorney General Message-ID: <0308A41A-C68F-43D5-9C8C-A0A90FDBD1F7@infowarrior.org> Holder Confirmed As the First Black Attorney General Nominee Overcame Objections in GOP http://www.washingtonpost.com/wp-dyn/content/article/2009/02/02/AR2009020202581_pf.html By Carrie Johnson Washington Post Staff Writer Tuesday, February 3, 2009; A02 The Senate confirmed Eric H. Holder Jr. as the nation's first African American attorney general by a vote of 75 to 21 yesterday, opening a new chapter for a Justice Department that had suffered under allegations of improper political influence and policy disputes over wiretapping and harsh interrogation practices. Holder, 58, will arrive at the Justice Department headquarters in Washington today for a swearing-in ceremony and to greet some of the department's 110,000 employees. "The need for new leadership at the Department of Justice is as critical today as it's ever been," said Senate Judiciary Committee Chairman Patrick J. Leahy (D-Vt.). "This confirmation is going to do a great deal to restore the morale and the purpose throughout the department." The Senate vote occurred four days after Holder overcame concerns by a small but vocal group of GOP lawmakers about his position on national security and gun rights, as well as his recommendations in two controversial clemency decisions by President Bill Clinton. Holder's advocates marshaled critical support from a broad base of federal and state law enforcement groups as well as a bipartisan coalition of former Justice Department leaders, including onetime deputy attorney general James B. Comey, former FBI director Louis J. Freeh and President George W. Bush's terrorism and homeland security adviser Frances Fragos Townsend. By all accounts, Holder is among the most credentialed lawyers ever to become attorney general. He began his career as a public corruption prosecutor before serving as U.S. attorney in the District and as a Superior Court judge. Holder later operated as second in command at the Justice Department during the later years of the Clinton administration. But his service in the Clinton years invited criticism from GOP lawmakers, who also questioned his approach to hot-button terrorism policies. At a grueling seven-hour hearing last month, flanked by his wife and three young children, Holder labeled as "torture" the simulated drowning technique called waterboarding and vowed to make national security his top priority. Holder also said that he would look askance at efforts to "criminalize policy differences" but did not conclusively rule out prosecution of Bush administration officials for their involvement in detainee questioning and warrantless surveillance operations. That issue emerged as a pivot point for conservatives such as Sen. John Cornyn (R- Tex.), who voted in opposition to Holder. Another nay vote came from Sen. Tom Coburn (R-Okla.). Coburn concluded that Holder's recommendation of "neutral leaning toward favorable" in the last-minute 2001 pardon of fugitive financier Marc Rich "should disqualify him from higher office." A significant number of Republicans disagreed and, along with all of the Democrats, cast their votes with the nominee. From Day One, Holder will have a full plate of work. President Obama already has put the attorney general in charge of a task force deliberating where to send nearly 250 terrorism suspects detained at the U.S. military base at Guantanamo Bay, Cuba. Obama last month instructed officials to close the prison within one year. Holder also will play a critical role in developing legal guidelines for interrogation practices and in deciding whether the Obama administration will adopt broad claims of executive power in court cases over warrantless eavesdropping and the firings of nine prosecutors during the Bush years. Holder vowed to revitalize the department's civil rights division, which is supposed to enforce voting and employment laws for minorities. The Justice Department inspector general in January issued a report detailing hiring abuses and racial epithets that proliferated among some former officials there. Post a Comment From rforno at infowarrior.org Tue Feb 3 20:24:42 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 3 Feb 2009 15:24:42 -0500 Subject: [Infowarrior] - Paper: Financial Costs of the No-Fly List Message-ID: Just How Much Does That Cost, Anyway? An Analysis of the Financial Costs and Benefits of the ?No-Fly? List Marcus Holmes The purpose of this article is to identify the financial costs relative to the benefits of the ?no-fly? list. Numerous scholars, security experts, lawyers, non-governmental organizations (NGOs), journalists, and bloggers have commented on the well-known flaws in the current terrorist watch list system. Lawyers have pointed out the many civil liberty issues associated with the list and its hindrance of due process. 1 The American Civil Liberties Union (ACLU) has repeatedly published the many flaws it sees in the way that the list is administrated. 2 Bruce Schneier, a popular security columnist and blogger, documents the various reasons why the no-fly list serves no benefit at all, providing only ?security theatre? rather than actual protection. 3 Each of these analyses is useful and contributes to an understanding of whether or not the no-fly list is, in aggregate, helpful in protecting citizens against terrorism, and at what social and civil liberty cost. What is missing, however, is an analysis of the no-fly list from a financial perspective. This article is interested in understanding the monetary costs of the program. As such, it seeks to answer some basic and fundamental questions that have not yet been answered (or asked): How much does the no-fly list cost to create and maintain? What are the costs of the consequences, both intended and unintended, of the list? How many resources, both governmental and private, are involved in the operation of the list? And, what are the benefits, both tangible (i.e. monetary) and intangible, that the list provides? This is an important set of questions because without understanding the monetary costs of a protection program relative to the benefits, it is difficult to assess whether or not the program is worth the costs. Further, without such an understanding it is impossible to intelligently decide how anti-terror money should be allocated. It is surprising that, given the importance of these questions, they have not been asked and addressed in a systematic fashion. Consequently this article represents a ?first take? at addressing these questions by assessing the financial costs of the no-fly list program. It does not, however, seek to serve as a comprehensive answer to the question of ?is the no-fly list worth the money we are putting into it?? The reason is that one cannot begin to conduct such an analysis without aggregating the costs and benefits first and then placing the no-fly list in context of the other anti-terror programs and their associated costs. The no-fly list might very well be worth the expense if it is the government?s only tool in preventing terrorist attacks. It might also be the case that the list is less valuable given redundancy in the ?layered security? model of securing air travel. These are important questions and ones that can only be addressed after having identified the financial costs and benefits of the program. Thus this article should be viewed as the first step in what will hopefully become a systematic and comprehensive approach to understanding whether or not the no-fly list provides added value in the context of the government?s anti-terrorism campaign. As will be analyzed below, it is estimated that the costs of the no- fly list, since 2002, range from approximately $300 million (a conservative estimate) to $966 million (an estimate on the high end). Using those figures as low and high potentials, a reasonable estimate is that the U.S. government has spent over $500 million on the project since the September 11, 2001 terrorist attacks. Using annual data, this article suggests that the list costs taxpayers somewhere between $50 million and $161 million a year, with a reasonable compromise of those figures at approximately $100 million. Clearly the no-fly list is a program that is not without substantial cost. It represents, at least financially, a large part of the government?s protection of air travel. 4 In order to begin to analyze whether or not the benefits are worth the costs, both must be identified and analyzed. It is that task to which the article will now turn. < - > http://www.hsaj.org/?fullarticle=5.1.6 From rforno at infowarrior.org Wed Feb 4 13:29:48 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 4 Feb 2009 08:29:48 -0500 Subject: [Infowarrior] - Are You Addicted to Information Insecurity? Message-ID: (h/t to multiple sources) Are You Addicted to Information Insecurity? Poor security is like nicotine for some companies. Ben Rothke offers advice on kicking the habit. Ben Rothke, CSO February 02, 2009 http://csoonline.com/article/print/478780 A recent study has a finding that defies reason: close to half of 154 smokers who had surgery to remove early stage lung cancer picked up a cigarette again within 12 months of their operation, and more than one- third were smoking at the one year mark. In fact, 60% of patients who started smoking again did so within two months of surgery. The study, led by researchers at Washington University School of Medicine and published in Cancer Epidemiology, Biomarkers & Prevention confirmed that addictive behaviors are not easily changed. The study's lead author, Mark Walker, Ph.D., a clinical psychologist and Assistant Professor of Medicine at Washington University, summed it up best when he noted, "Patients are all addicted, so you cannot assume they will easily change their behavior simply because they have dodged this particular bullet." He concludes that their choices are driven by insidious addictive cravings for nicotine. In the world of IT, far too many organizations are addicted not to something as tangible as a cigarette, but instead to insecurity. While smokers' actions are driven by cravings for nicotine despite the health hazards, information technology's actions are driven by users' desire for easy access to data, usability, and quick deployment, with a disregard for confidentiality, integrity and availability of that data. These organizations typically know the risk of giving short shrift to security (many have even been bitten by data breaches and malware outbreaks), yet continue with their insecure ways despite clear evidence of its hazards. While we are decades into the IT revolution, too many companies are still not following computer security fundamentals. While each passing year brings greater and fancier security and privacy tools and technologies, not much has changed about how many organizations approach information security. In fact, Forbes noted that during 2008, banks have lost more of their customers' personal data than ever before. Based on this trend, and in light of deteriorating economic conditions, by the time the 2009 security year- in-review articles are written, there is every likelihood that this year will be the worst year on record for information security and privacy. Getting your organization to change its addiction to insecurity won't be easy. It is thought that addictive activities produce beta- endorphins in the brain, which gives the person a feeling of being high. Yet the highs of insecurity can include legal issues, regulatory penalties, negative PR, and much more. In order for enterprises to make those changes to a secure environment, they need to start by executing in the following areas. Time At the macro level, becoming secure takes time. While security vendors will hype appliances that will be up and running in minutes and other security pixie dust, the reality is that creating a secure culture and infrastructure takes time. How much time will it take? Think years, not months. Sort of like the amount of effort it takes to stop smoking. While some can quick cold turkey; the vast majority of people require multiple efforts, with numerous resources, over many year. Many organizations have been insecure for decades or more. Cleaning up such a mess can't happen overnight. Organizations need to think of the big picture over the long-term. Security and privacy are long-term processes that require TLC to do correctly. Some items are quick- kills, but overall, security can't be rushed. The Need for a CISO The CISO is more than simply the corporate security guru. An effective CISO is responsible for strategic planning, skilled negotiating and practical problem solving around not just information security, but also privacy and risk management. Only an individual with strong business savvy and security knowledge can effectively oversee security planning, implement policies and select measures appropriate to business requirements. A good CISO should have a deep understanding of technology, combined with an understanding of the organization's functions, politics and business drivers. A perfect example of a good CISO is one who realizes the imperative in today's environment to secure business applications. Until recently, security was all about securing the perimeter. Now, the perimeter has collapsed and in some enterprises, completely disappeared. Consequently, it is crucial to secure the application. The most recent Symantec Internet Security Threat Report notes that over 60% of today's threats target applications. Far too many organizations still focus on the infrastructure and spend a disproportionately small amount of time and resources on application security. If you are a new CISO, an excellent guide to use is Gartner's The New CISO's Crucial First 100 Days. The report notes that a new CISO must make the most of this critical period, because it represents the first - and sometimes the last - opportunity to set the enterprise's security processes and technologies on an effective course. The bottom line is that unless an company has an effective CISO who oversees, manages and enforces IT security, and who has a seat at the boardroom table, the organization will suffer data breaches and outages, and become a magnet for attacks. Risk Management It is imperative that your security program be based on an effective risk management program. Who poses a greater threat to your organization: a hacker from Estonia or the temporary CPA in the branch office? Unless you have a comprehensive risk management program based on the identification, analysis, mitigation and monitoring of your risks, you will never know the correct answer. And if you don't know that, you will likely be mitigating against non-existent risks. Khalid Kark of Forrester Research astutely notes that true risk management has little to do with technology; it's all about ensuring a rigorous process for consistently identifying, measuring, and reporting your organization's information risks, as well as having regular interactions with business to calibrate the organization's appetite for risk. Ground Troops War is often started from the air, but the dirty work is fought on the ground. Security products are like the Air Force, sleek and powerful. But for information security to work, you need ground troops, i.e., security Marines (otherwise known as the grunts from your security engineering department). Not only are security engineers invaluable, they are the difference between ensuring that security works and having security hardware and software just doing stuff. The single biggest mistake companies make is expecting security products to solve their security problems in the absence of a good security staff. Policies, Procedures and Awareness Security policies are quite simple?they define the aims and goals of security to the business. The follow-on to policies are security procedures. Effective procedures (often known as SOP?Standard Operating Procedures) ensure that your Chicago firewall administrator, for example, builds and configures a corporate firewall in the same manner as his colleague in Tokyo. Organizations that take the time and effort to create formal information security SOPs demonstrate their commitment to security. By creating SOPs, their costs are drastically lowered (greater ROI), and their level of security is drastically increased. The aviation industry is a good example of an industry that lives and dies (literally) via their SOPs. SOPs are built into job requirements and regulations. Today's airplanes are far too complex to maintain and operate without SOPs Information security might not be as complex as a Boeing 777, but it still requires appropriate SOPs. Security awareness is also essential as information security and associated risks are not intuitive to the average end-user. Awareness is really important in that it develops a first line of defense for the organization. A mistake many CISOs make is that they treat security awareness as a one-size-fits-all program. Different people in your organization need to be trained differently. It is imperative that your awareness program reflect this. Don't use generic templates. Conclusions While computer security is a challenge, insecurity is far too hazardous for any organization to deal with. The fact that tens of millions of credit and debit cards can be compromised, such as the recent breach at Heartland Payment Systems demonstrates that insecure systems hurts everyone; from the CEO, whose job may be on the line, to the consumer, who has to deal with the effects of the breach. Every security breach is a wake-up call, which too many organizations respond to by pressing the snooze button. It's 2009 and organizations must start to heed the plethora of security wake-up calls. If not, the result will be the predictable, just like the outcome of any addictive behavior. Ben Rothke CISSP, QSA (ben.rothke at bt.com) is a Security Consultant with BT Professional Services and the author of Computer Security: 20 Things Every Employee Should Know (McGraw-Hill Professional Education) (McGraw-Hill). From rforno at infowarrior.org Thu Feb 5 17:51:44 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 5 Feb 2009 12:51:44 -0500 Subject: [Infowarrior] - CNN video player is P2P concern Message-ID: <9E4CDE91-FA74-406F-9C67-AF21A145B66E@infowarrior.org> Watch a live video, share your PC with CNN By Brian Livingston Many people who watched live streaming video of the inauguration of U.S. President Barack Obama on Jan. 20 may not realize that their PC was used to send the video to other PCs, too. Clicking "yes" to a CNN.com dialog box installed a peer-to-peer (P2P) application that uses your Internet bandwidth rather than CNN's to send live video to other viewers. The P2P application is called Octoshape Grid Delivery and is managed by Octoshape ApS, a company based in Copenhagen, Denmark. Web surfers who visit CNN.com and select a live video stream for the first time see in their browsers a dialog box, shown in Figure 1, saying, "This site requires the Octoshape Grid Delivery enhancement for Adobe Flash Player." The dialog box doesn't appear when playing an ordinary video file, only when starting a live feed. (Feeds labeled LIVE typically appear in the upper-right corner of CNN.com's home page during business hours.) < - > http://windowssecrets.com/comp/090205#story1 From rforno at infowarrior.org Fri Feb 6 04:34:35 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 5 Feb 2009 23:34:35 -0500 Subject: [Infowarrior] - CIA and NSA Want You to Be Their Friend on Facebook Message-ID: The CIA and NSA Want You to Be Their Friend on Facebook The spy agencies are using the popular social-networking site as part of their recruiting efforts By Alex Kingsbury Posted February 5, 2009 http://www.usnews.com/articles/news/national/2009/02/05/the-cia-and-nsa-want-you-to-be-their-friend-on-facebook_print.htm The online social-networking service Facebook works for finding old classmates or arranging happy hours, so why not use it to help recruit the next generation of spies? That's what's happening now in cyberspace, as the country's intelligence community turns to such sites to attract a wider range of r?sum?s. The CIA now has its own Facebook page, as does the hush-hush National Security Agency, which vacuums up the world's communications for analysis. Both invite Facebook members to register and read information about employment opportunities. It's part of a larger, multiyear hiring push to boost the size of the U.S. intelligence community. But should the country's secret spy agency be encouraging potential hires to publicize their interest in the intelligence field? Apparently, it's not a concern. In the first place, since the groups are not directly moderated, it is impossible to control who registers as a member. Some may enroll on the site out of curiosity. And, of course, none of those who show interest are yet officers in the clandestine service. Even so, once they are on the CIA payroll, employees face no prohibition against keeping social-networking accounts or pages. "While agency officers are not, as a rule, prohibited from maintaining a page on Facebook, they are made aware of precautions to take if they choose to do so," says CIA spokesman George Little. But the Facebook posting shouldn't necessarily cause a run on tinfoil hats. The pages aren't designed to surreptitiously gather information about those who visit the site, as fearful skeptics allege. In reality, says the CIA, they are flashy recruiting posters, "used strictly for informational purposes." "From time to time over the past few years, we have used Facebook to share information on employment opportunities with the agency," says Little. He says it is part of a much broader campaign "leveraging traditional and new advertising media." The NSA, for its part, sees the bleak tech-sector landscape as an opportunity to attract good workers and provide jobs. The Facebook site, according to Don Weber, deputy chief in the NSA's recruitment office, is just another venue where applicants can learn more about the agency, "as well as discuss those opportunities with fellow job seekers and NSA recruiters." The NSA site is four months old and already has nearly 1,000 members, along with a listing of current job openings, from cryptological and language analysts to information system security designers. Nearly 800 Facebook members have joined the CIA group, which is free and does not require approval from a moderator. "Finding the right people to do the job is of the utmost importance," reads the CIA page. "You could be one of those people." It's all a far cry from the historical spy-recruiting process, which traditionally focused on Ivy League campuses or the ranks of the U.S. military. Indeed, staffing the country's clandestine service has been a major focus in the past few years. President Bush ordered the CIA to increase its collection, analysis, and technological workforce by 50 percent?an ambitious goal that the CIA says has nearly been reached. The specifics of how much the agency spends on staffing and how many people it employs are classified. But in his farewell address to the agency at its Virginia headquarters last month, outgoing dDirector Michael Hayden told his employees that increasing human resources had been one of his greatest achievements as chief of the spy service. In the past few years, he said, the CIA has hired "thousands of talented new officers, chosen from hundreds of thousands of skilled Americans seeking to be part of our mission." He told reporters recently that the agency has received between 130,000 and 150,000 job applications since the hiring push began. Moreover, the face of the CIA and the broader intelligence community is changing. Minorities accounted for almost a third of new CIA hires last year, a record. From rforno at infowarrior.org Sat Feb 7 04:12:05 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 6 Feb 2009 23:12:05 -0500 Subject: [Infowarrior] - Google supporting RIAA censorship? Message-ID: Google's New Killer App? Why Are Music Bloggers' Posts Disappearing, and Who Is Deleting Them? By Jeff Weiss Published on February 04, 2009 at 7:37pm http://www.laweekly.com/2009-02-05/music/google-39-s-new-killer-app-why-are-music-bloggers-39-posts-disappearing-and-who-is-deleting-them/all Ryan Spaulding, the proprietor of Boston-based music blog Ryan?s Smashing Life, noticed something odd happening to his archived posts a few months ago. His blog, founded in 2006, has expanded to include four contributors and now rakes in about 25,000 hits a month. Chump change compared to megablogs like Nah Right or Stereogum, which average at least twice that daily, but enough to attract a modicum of ads and a devoted community of readers. But in November, some of Spaulding?s posts, both recent and older, long-forgotten ones, started disappearing from his site. There didn?t seem to be any rhyme or reason to it. One moment they were there, the next they were gone. Confused, he started comparing notes with other music bloggers, and they noticed a trend. A lot of posts across the Web, on everything from Abba to Zappa, had vanished. That, of course, sparked countless e-mail-conspiracy theories. Blogger chat rooms buzzed with speculation about the mysterious force behind the surge in disappeared posts. Open e-mails to the Recording Industry Association of America [RIAA] began popping up at such a rapid rate that you?d think they contained new Justice mp3s. Eventually, though, a consensus emerged: Each post takedown occurred on a blog hosted by the Google-owned Blogger platform, the publishing system used by the majority of mp3 sites, particularly those founded prior to 2007, when the open-source WordPress software became the vogue. Google, the bloggers believe, has quietly changed the methods by which it enforces its user agreement. Whereas in the past, a blog owner would receive a warning before a post?s removal, Google is now simply hitting the delete button. In Spaulding?s case, this means that posts written over the past year or more on Wilco, the Annuals, the Red Hot Chili Peppers, Matisyahu and Earth, Wind & Fire are gone. ?I?d received the label?s press releases and followed their directions, spending my time and energy to promote their albums,? explains a frustrated Spaulding. ?By pulling down my post, they destroyed my intellectual creativity, the very same thing they?re erroneously accusing me of doing. Say someone had linked to that post, or [blog aggregator] Hype Machine ? it?s gone completely. If I go into my Blogger table of contents, it?s gone. Not de-published ? gone.? Spaulding says he plays by the understood rules, and is doing the same thing that thousands of other music bloggers are doing. ?I?m not leaking albums, not putting up three mp3s. Just the one they wanted. And they start erasing everything, with the threat of a lawsuit. People are afraid.? And perhaps they should be. U.K.-based Web-scouring copyright detective Web Sheriff will soon open its first U.S. office, no doubt spurred by its success in policing the Web for unauthorized mp3 leaks. Music bloggers are bracing themselves for a new round of scrutiny, and are taking measures to prevent the RIAA from working its way into their music blogs. After seeing his old posts on Elliott Smith and Tim Hardin disappear without warning, local writer and L.A. Weekly contributor David Greenwald decided to switch his The Rawking Refuses to Stop! blog from the Blogger to the WordPress platform, which is what a lot of old- school Blogger devotees are doing. In Greenwald?s case, he?d received an e-mail from Blogger informing him that the expurgated posts violated the Digital Millennium Copyright Act [DMCA], passed by Congress in 1998 to regulate the then fledgling problem of Internet copyright infringement. Despite multiple e-mail retorts to Blogger, Greenwald has yet to hear back ? a common experience among bloggers whose work has been deleted. ?The first was a collection of Elliott Smith live covers, which actually exists in several other posts on the site, which were untouched,? recalls Greenwald about his own blog. ?You?d think it wouldn?t have any legal problems, given that Smith?s stuff?s on Archive.org and freely traded. In the case of the Hardin post, the mp3 links had been dead for over a year.? Greenwald adds that he?d gladly comply with a takedown notice if given a warning, which is historically how such matters have been handled. In fact, he?s done so in the past. You?d be hard-pressed to find a blogger lacking a few war stories regarding the RIAA or its European arm, the International Federation of the Phonographic Industry. But actual lawsuits have been rare ? other than the infamous 2006 Ryan Adams case, in which two bloggers were sued by Universal Music for leaking part of Adams? Jacksonville City Nights. More recently, Culver City Guns N? Roses fan Kevin Cogill was arrested for uploading unreleased tracks from Chinese Democracy. In the former case, the pair were sentenced to two months? house arrest and two years? probation; the latter case is pending. But lately it?s hard to ignore a certain nervousness permeating the blogosphere, with many sure that the ever-erratic RIAA is continuing its haphazard approach to enforcement. Even the biggest music blogs, such as Nah Right, which rakes in nearly 2,000,000 views each month, are worried. More influential in the hip-hop world than any old media outlet, Nah Right, owned by a writer named Eskay, has become a virtual Canal Street for rap fans, offering everything from news aggregation and leaked singles to Web videos. A post on Nah Right, which operates as a de facto portal for smaller blogs, tacitly implies that the material is cleared for circulation in the piranha pool. In three-plus years of blogging, Eskay has received his fair share of cease-and-desist letters (mostly, he says, from draconian Atlantic Records). But he maintains that anything posted on Nah Right has been expressly approved by either label or artist. When asked, he says, he?s deleted all potentially offending material and is allowed to continue operating with relative impunity. Nonetheless, he worries that the capricious and ever-desperate RIAA might soon crack down further. ?It?s definitely something I think about often,? says Eskay. ?I don?t want to wind up the DJ Drama of the blog world [referring to the Atlanta mixtape kingpin arrested in a January 2007 sting operation for allegedly bootlegging mixtapes]. I try to respect the artists and the labels.? And, really, only the most Luddite of labels would have a problem with Nah Right and its brethren. The dynamics of promotion have changed dramatically, with early online buzz now creating an incubator for later commercial success (see Gnarls Barkley, Arcade Fire and Lily Allen). Even Web Sheriff believes that it?s in the best interests of the labels to dole out at least one or two promotional mp3s prior to an album?s release. John Giacobbi, Web Sheriff?s managing director, says that his company recommends to its clients (XL Recordings, the Domino label and George Michael among them) that they give fans two tracks prior to release. ?At the end of the day, all most blogs are guilty of is overexuberance,? Giacobbi says by phone from the company?s London headquarters. ?Our strategy is to try to engage blogs and fans and articulate the certain ground rules for any prerelease. What they can get for free and what they can?t. For the most part, they?re willing to play by the fair rules of the game.? In late November, Web Sheriff made headlines when it sent a menacing letter to popular Brooklyn band Grizzly Bear, which posted an illegal leak of Animal Collective?s ?Brother Sport? on its band site. Grizzly Bear was forced to publish an apology to Animal Collective, and keep it posted for at least seven days. (There was no mention of whether Grizzly Bear was allowed to watch television during the interval.) Giacobbi says he hasn?t heard of a shift in RIAA blog policy, but admits that such a change wouldn?t surprise him. Nor would it shock Wendy Seltzer, a fellow at Harvard?s Berkman Center for Internet and Society and one of the founders of Chilling Effects Clearinghouse, an organization designed to help Internet users understand their rights in the face of C&D threats. ?It sounds like some arm of the recording industry is getting more aggressive about enforcing copyright, and is pressing Blogger to respond more rapidly,? speculates Seltzer. ?I?m not sure what?s motivating it. Many labels think blogs are good publicity, so I can easily believe that one hand sends out the mp3s and the other bears a C&D letter.? Seltzer noted the Sisyphean nature of stymying offending posts, likening it to a game of Whac-a-Mole, with two or three new sites popping up for each one shut down. One source at the RIAA who declined to speak on the record seems fatalistically resigned to the necessary evils of blog promotion, insisting that there?s been no change in policy: The RIAA continues to send its master list of offending URLs to Google/Blogger, which then deals with the problem. According to the same source, the RIAA?s chief focus has become leak control. But none of this explains why Blogger is deleting year-old Elliott Smith songs that can be legally accessed elsewhere. All arrows, however, point to an unacknowledged switch in Google?s corporate policy. Though its corporate brass declined an interview with L.A. Weekly, Andrew Pederson, a spokesperson for the Mountain View?based company, explained via e-mail, ?When we are notified of content that may violate our terms of service, including clear notices of alleged copyright infringement, we act quickly to review it, and our response may include removing allegedly infringing material. If material is removed, we make a good-faith effort to contact affected bloggers using the e-mail address they set up when they signed up for Blogger. This is in compliance with the DMCA, which requires that users receive notification after material has been removed.? Indeed, nowhere in the fine print of the DMCA does it state that any agency is required to notify bloggers prior to the deletion of their posts. Meaning that in the five years since purchasing Blogger?s parent company, Pyra Labs, Google has been extending warnings as a common courtesy. Now, it just sends an obituary notice. Which raises the question: Did Google finally get fed up dealing with unruly bloggers? Was there some sort of back-office conversation with the RIAA? Does it just really hate MGMT? Whatever the answer, a lot of bloggers are jumping platforms. ?I?m switching to WordPress immediately. The RIAA, or Google, obviously doesn?t seem to know what the labels are doing,? says Heather Browne, the writer of the popular I Am Fuel, You Are Friends, which was recently named one of the U.S.?s five best music blogs in a Stereogum poll. ?Most of the tracks posted are provided to bloggers, and nearly all are willing to take a track down if contacted. Sometimes, people just make a mistake. Cracking down on a couple blogs will never stem the problem of illegal downloading. This is how things have worked since blogs started five years ago. The labels just need to embrace it at some point.? Few industry outlooks come more panoptic than that of Ashley Jex, who writes the Rock Insider blog, plays bass in the Monolators and formerly handled new media for Capitol Records and Suretone Records. Jex foresees a future in which the labels attempt to further assert control over their catalogs, inking deals ? similar to current pacts with sites like YouTube, Imeem and MySpace ? that guarantee them a share of online revenue in exchange for streaming content. ?Blogs will never die, but the golden age of the guerrilla blogger posting whatever they want is coming to an end,? says Jex. ?There will be arrangements for ad-sponsored content that you can put on your blog, in the vein of sites like Hulu. Eventually, there will be software in place within all the major blog platforms ? Movable Type, WordPress and Blogger ? where if you?re trying to post an infringing content, you won?t be able to publish. At least, that?s the direction it seems to be heading.? Perhaps most ominous for music bloggers are the reported conversations between the RIAA and Internet service providers. ISPs already possess the ability to monitor traffic flow based on Web addresses; on the copyright-enforcement horizon is a new tool called ?deep packet inspection.? A technology with the potential to give copyright holders the upper hand in scouring the Web for infringers, deep packet inspection is currently employed primarily in law enforcement. If used for policing copyright infringement, however, it would allow ISPs and the RIAA to decrypt and track files sent across the Internet. Suddenly, a bunch of telecommunications and music companies would be given the ability to monitor files; in essence, to filter the Internet, a frightening proposition that would make a few thousand deleted blog posts look quaint. From rforno at infowarrior.org Sat Feb 7 16:10:47 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 7 Feb 2009 11:10:47 -0500 Subject: [Infowarrior] - ICANN blows $4.6m in stock market Message-ID: <96F11B96-E454-4E30-A972-FFC69874176E@infowarrior.org> (via IP) http://weblog.johnlevine.com/ICANN/icannspec.html?seemore=y If you visit the new dashboard on ICANN's web site, you see some nice bar charts, including one rather large negative number of $4,462,000. If you click the little arrow at the top of the Financial Performance chart, a footnote window pops open where the last sentence is: The large variance to budget is due to investment losses of $4.6 mil. Investment losses? Yup, ICANN's been speculating in the stock market, and has lost $4.6 million, or to put it in concrete terms, the 20 cent fee from 23 million domain registrations. Way back in 1998, ICANN's bylaws said they should establish "reasonable reserves for future expenses and contingencies reasonably related to the legitimate activities of the Corporation". This is perfectly reasonable, any company needs a cash cushion to deal with unforseen bumps in revenue and expense. Fast forward to 2002, when ICANN's finances were still somewhat precarious, due to its bureaucracy expanding faster than its revenues. In his ICANN reform proposal, Stuart Lynn proposed $10 million as an adequate level of reserves to be built up over three years, which still sounds reasonable. As time passed, the money started to flood in a lot faster, so by the 2007-2008 budget year ICANN had $25 million in spare cash, and the reserve goal had now become a full year's revenue, which is ridiculous. (How likely is it that ICANN's income will drop to zero for a full year, and even if it did, there's only a few key functions like IANA and Compliance that couldn't be deferred over a crisis.) At its November 2007 meeting the ICANN board approved an investment policy, which is where they went off the rails. RAJASEKHAR RAMARAJ: ... One is that the money that -- a portion of that annual reserve fund has actually been accumulated so far. And there is an opportunity cost attached to it which seems considerable, because of want of this investment policy. The investment policy will focus actually on safety and performance. That's based on community feedback on that issue, focused on safety, principal safety and performance. STEVE GOLDSTEIN: Thanks. And to add to what my two colleagues have already said, the opportunity cost of just leaving that money in a money market fund as opposed to investing it wisely, depending on what assumptions you make, but it is of the order of a million dollars a year. So it's very important that we have a good investment policy. It appears that ICANN doesn't understand the difference between a reserve and an endowment. A reserve is accumulated surplus cash, held to deal with emergencies. An endowment is a permanent fund where the income (and in unusual circumstances, the principal) supports the operation of the organization. Reserves have to be there when you need them, so they belong in cash: money market, bank deposits, and the like which don't fluctuate. Endowments are typically invested for the long term, with the organization getting some fraction of the income. Unfortunately, ICANN seems to think that its Reserve Fund is an endowment, so according to the 2008 annual financial report, they bought about $16.5M in bonds, and $8.5M in stocks. We don't know in detail what happened between then and now, but it's reasonable to assume that their portfolio tanked with everyone else's, producing the $4.6M investment loss. Well, uh, oops, let's hope they can get by on $20.4M, and the way the market's going, perhaps somewhat less than that. Lest it be unclear, I am not saying that ICANN should have forseen the market crash (well, any more than everyone else in the world should have.) I'm saying that their investment policy is irresponsible. If they could afford to lose $4.6M from their reserves, why did they collect it from us in the first place? From rforno at infowarrior.org Sat Feb 7 16:13:00 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 7 Feb 2009 11:13:00 -0500 Subject: [Infowarrior] - Details emerge of secret ACTA negotiation Message-ID: http://www.keionline.org/blogs/2009/02/03/details-emerge-of-secret-acta/ Details emerge of secret ACTA negotiation There are plans for the next ACTA negotiation to take place in Rabat, Morocco. However, since none of the Obama trade people have been placed at USTR, this might be delayed. The USTR is still maintaining secrecy over details of the negotiation, including the names of participants and all of the proposed texts for negotiations. Despite this, KEI has obtained some documents related to the negotiations. We can report the following: The U.S. and Japan have proposed that willful trademark and copyright infringement on a commercial scale be subject to criminal sanctions, including infringement that has ?no direct or indirect motivation of financial gain.? This will further: include sentences of imprisonment as well as monetary fines sufficiently high to provide a deterrent to future acts of infringement, consistent with a policy of removing the monetary incentive of the infringer There is a section on ?Unauthorized Camcording.? This provides that Each Party shall provide for criminal procedures and penalties to be applied against any person who, without authorization of the holder of copyright or related rights in a motion picture or other audiovisual work, knowingly uses an audiovisual recording device to transmit or make a copy of or transmits to the public the motion picture or other audiovisual work, or any part thereof, from a performance of the motion picture or other audiovisual work in a motion picture exhibition facility open to the public. In the area of Border measures, there is a proposal to delete all references to ?in-transit? goods. Another proposal deals with ?disclosure of information.? Article 2.10: Disclosure of Information With a view to establishing whether an intellectual property right has been infringed under national law and in accordance with national provisions on the protection of personal data, commercial and industrial secrecy and professional and administrative confidentiality, the competent authorities have detained infringing goods, shall inform the right holder of the names and addresses of the consignor, importer, exporter, or consignee, and provide to the right holder a description of the goods, the quantity of the goods, and, if known, the country of origin and name and addresses of producers of the goods. In another section of the proposed text, a proposal on damages reads as follows: Article 2.2: Damages 1. Each Party shall provide that in civil judicial proceedings, its judicial authorities on application of the injured party shall have the authority to order the infringer who knowingly or with reasonable grounds to know, engaged in infringing activity of intellectual property rights to pay the right holder damages adequate to compensate for the actual prejudice the right holder has suffered as a result of the infringement, taking into account all appropriate aspects, inter alia, the lost profits, the value of the infringed good or service, measured by the market price, the suggested retail price, unfair profits and elements other than economic factors or other legitimate measure of value submitted by the right holder. 2. As an alternative to paragraph 1, each Party may establish or maintain a system that provides: (a) pre-established damages, or (b) presumptions for determining the amount of damages1, sufficient to compensate [Option US: fully] the right holder for the harm caused by the infringement.2 3. Where the infringer did not knowingly, or with reasonable grounds knows, engage in infringing activity, each Party may lay down that the judicial authorities may order the recovery of profits or the payment of damages, which may be pre-established. 4. Each Party shall provide that its judicial authorities shall have the authority to order, at the conclusion of civil judicial proceedings, reasonable and proportionate legal costs and other expenses incurred by the successful party shall be borne by the losing party, unless equity does not allow this.. ????? fn1 Such measures [Option J: shall][Option US: may] include the presumption that the amount of damages is (i) the quantity of the goods infringing the right holder?s intellectual property right and actually assigned to third persons, multiplied by the amount of profit per unit of goods which would have been sold by the right holder if there had not been the act of infringement or (ii) a reasonable royalty or (iii) a lump sum on the basis of elements such as at least the amount of royalties or fees which would have been due if the infringer had requested authorization to use the intellectual property right in question. In terms of injunctions, the ACTA text now includes the following proposal for provisional measures: Article 2.6: Provisional Measures 1.Each Party shall provide that its judicial authorities shall have the authority, at the request of the applicant issue an interlocutory injunction intended to prevent any imminent infringement of an intellectual property right. An interlocutory injunction may also be issued, under the same conditions, against an intermediary whose services are being used by a third party to infringe an intellectual property right. The proposed text on injunctions overturns Article 44.2 of the TRIPS and 28 USC 1498 of US Law, as well as several other national laws limiting the use of injunctions (such as the Canada and India limitations on the use of injunctions for architectural plans). Article 2.7: Injunctions Each Party shall ensure that, where a judicial decision is taken finding an infringement of an intellectual property right, the judicial authorities may issue against the infringer an injunction aimed at prohibiting the continuation of the infringement. Where provided for by domestic law, non-compliance with an injunction shall, where appropriate, be subject to a recurring penalty payment, with a view to ensuring compliance. The Parties shall also ensure that right holders are in a position to apply for an injunction against intermediaries whose services are used by a third party to infringe an intellectual property right. U.S. negotiators know, but apparently don?t care, that 28 USC 1498 eliminates the possibility of injunctions for cases where the U.S. government or its contractors infringe patents, copyrights or plant breeder rights. Canadian negotiators are apparently clueless regarding the Canada copyright law limits to the ability to obtain injunctive relief for architectural works: ?40. (1) Where the construction of a building or other structure that infringes or that infringes or that, if completed, would infringe the copyright in some other work has been commenced, the owner of the copyright is not entitled to obtain an injunction in respect of the construction of that building or structure or to order its demolitions. (2) Sections 38 and 42 do not apply in any case in respect of which subsection (1) applies. R.S., 1985, c. C-42, s. 40; 1997, c.24, s.21? U.S. negotiators are also clueless that the U.S. Congress is considering legislation that would eliminate injunctions for certain uses of orphaned copyright works. (One of the pitfalls of secret negotiations is that the negotiators don?t know enough and lack understanding of the broader ramifications of the texts they are negotiating). In terms of institutional details, they are proposing a permanent structure, that will include an ACTA Oversight Council, to supervise ACTA implementation, consider amendments, interpretations, and modifications to the agreement, and establish and delegate responsibilities to ad hoc working groups, as well as: * assisting with resolving any disputes that may arise regarding the interpretation of application of ACTA; * ensuring that ACTA avoids duplication of other international efforts regarding IP enforcement; * seeking input from non-governmental persons or groups, particularly with respect to best practices in the field of intellectual property enforcement; * endorsing best practice guidelines for implementing ACTA; * supporting the efforts of international organizations active in the field of intellectual property enforcement; * assisting non-Party governments with developing assessments of the benefits of accession to ACTA; and * adopting its own rules of procedure. These are only a few elements of the negotiation, and the outline suggests a much larger agreement. These proposals are formally available to cleared corporate lobbyists and informally distributed to corporate lawyers and lobbyists in Europe, Japan and the U.S. They are inexcusably secret from the U.S. Public. If you don?t think this negotiation should take place in secret, contact Senator Leahy, Representative Conyers, Obama IP advisors such as Professor Arti Rai, members of the European Parliament, or people who write editorials. You could contact the European Commission, I suppose, but do they really want transparency? From rforno at infowarrior.org Sat Feb 7 16:13:25 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 7 Feb 2009 11:13:25 -0500 Subject: [Infowarrior] - Putting Together the ACTA Puzzle: Privacy, P2P Major Targets Message-ID: <8C4D9547-3459-41C0-B064-B8F00B3A4E59@infowarrior.org> Putting Together the ACTA Puzzle: Privacy, P2P Major Targets Tuesday February 03, 2009 http://www.michaelgeist.ca/content/view/3660/125/ Negotiations on the Anti-Counterfeiting Trade Agreement resume next month in Morocco, but as the discussions drag on, details on the proposed treaty are beginning to emerge. Obtaining information through official channels such as Freedom of Information requests has been very difficult; however, there is little doubt that lobby groups have been privy to inside information and so reliable sources have begun to sketch a fairly detailed outline of the proposed treaty. There is some good news from the details that have started to emerge. First, the treaty is far from complete as there are six main chapters and some key elements have yet to be discussed. Moreover, it is clear that there is significant disagreement on many aspects of the treaty with the U.S. and Japan jointly proposing language and many countries responding with potential changes or even recommendations that the language be dropped altogether. If that is the good news, the bad news is that most other fears about the scope of ACTA are real. The proposed treaty appears to have six main chapters: (1) Initial Provisions and Definitions; (2) Enforcement of IPR; (3) International Cooperation; (4) Enforcement Practices; (5) Institutional Arrangements; and (6) Final Provisions. Most of the discussion to date has centred on the Enforcement of Intellectual Property Rights chapter. As for the other chapters, the U.S. has supplied some proposed definitions and Canada supplied a "non-paper" on the institutional arrangements once a treaty is concluded that calls for the creation of an "ACTA Oversight Council" that would meet each year to discuss implementations, best practices, and assist other governments who are considering joining ACTA. The work on Enforcement of IPR is broken down into four sections - civil enforcement, border measures, criminal enforcement, and Rights Management Technology/the Internet. The Civil Enforcement proposals call for the availability of civil judicial procedures for the enforcement of any intellectual property right, though some countries would like this limited to copyright and trademark. Parties to the treaty would be required to implement procedures that include the availability of statutory damages for copyright and trademark infringement (some countries would like this to be optional, while the U.S. would like the damages provisions expanded to patent infringement) as well as court costs. Additional required remedies include orders to destroy the infringing goods without compensation. The proposals also call for significant mandated information disclosure, including ordering alleged infringers to disclose information regarding any person or third parties involved in any aspect of the infringement (some countries want this deleted and others are seeking to preserve privacy protections). The Border Measures proposals are also still subject to considerable disagreement. Some countries are seeking de minimum rules, the removal of certain clauses, and a specific provision to put to rest fears of iPod searching customs officials by excluding personal baggage that contains goods of a non-commercial nature. The U.S. is pushing for broad provisions that cover import, export, and in-transit shipments. The proposals call for provisions that would order authorities to suspend the release of infringing goods for at least one year, based only on a prima facie claim by the rights holder. Customs officers would be able to block shipments on their own initiative, supported by information supplied by rights holders. Those same officers would have the power to levy penalties if the goods are infringing. Moreover, the U.S. would apparently like a provision that absolves rights holders of any financial liability for storage or destruction of the infringing goods. The Criminal Enforcement proposals make it clear that the U.S. would like ACTA to go well beyond cases of commercial counterfeiting. Indeed, their proposal would extend criminal enforcement to both (1) cases of a commercial nature; and (2) cases involving significant willful copyright and trademark infringement even where there is no direct or indirect motivation of financial gain. In other words, peer- to-peer file sharing would arguably be captured by the provision. The treaty would require each country to establish a laundry list of penalties - including imprisonment - sufficient to deter future acts of infringement. Moreover, trafficking in fake packaging for movies or music would become a criminal act as would unauthorized camcording. All of these provisions are obviously subject to change since the treaty is still very much a work-in-progress. This may sound repetitive, but citizens of the many countries involved in the ACTA negotiations should not have to rely on leaks and speculation to learn what their governments are proposing. All governments should support a more transparent process that begins with full public disclosures of drafts as well as more robust public consultation and participation. From rforno at infowarrior.org Sat Feb 7 16:17:21 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 7 Feb 2009 11:17:21 -0500 Subject: [Infowarrior] - Is technology eating our brains? Message-ID: <356AEF1B-8008-4829-8A1A-4961C03C9AF8@infowarrior.org> Is technology eating our brains? * Peter Munro * February 7, 2009 http://www.watoday.com.au/national/is-technology-eating-our-brains-20090207-80gj.html?page=-1 THERE was a time when technology sought to save us from daily drudgery. Labour-saving devices such as automatic washing machines, dishwashers, the drive-through carwash and electric drill made lives easier by saving us from sweating out mundane tasks. Machines made us free to waste as much time as we pleased, and we did. A classic advertisement in the early 1900s for a hand-operated washer boasted that it could "transform Blue Monday into a bright and happy day" ? saving women (and it was always women) time, labour, nerves and strength. Today's technologies, though, seem dedicated to a pursuit higher than happiness, even. Google can connect us to a source ? any source ? within a fraction of a second, while mobile phones mean the world is more portable, accessible and simultaneously more demanding. But in the course of making our lives more convenient, have these technologies also made us more stupid? Modern marvels are less labour-savers than brain-savers. Mobile phones remember your partner's number, your parents' and even your own ? so you don't have to. Technology is equally adept at recalling birthdays and anniversaries of relatives and close friends. You don't need to think about the path to their homes, because Google or GPS does it for you. Take a taxi in Melbourne and you soon discover that navigation, that most adventurous of learned human skills, has been outsourced to a console on the dashboard. Arguably, these are piddling concerns. Why bother the brain with dross when technology can pick up the slack? But deeper thought, too, seems to be skipping away in a ready stream of information. Some argue our unique capacity for original thought, innovation and imagination is being stultified by the spread of new technology. Author Nicholas Carr, writing in The Atlantic last year, worried someone, or something, had tinkered with his brain, remapping the circuits and reprogramming his memory. The influence of the internet meant he was not thinking the way he used to. Once he could immerse himself in a book and spend hours strolling through prose. "Now my concentration often starts to drift after two or three pages. I get fidgety, lose the thread, begin looking for something else to do. I feel as if I'm always dragging my wayward brain back to the text." "Is Google making us stupid?" he asked. But the answer was already staring at him through the computer screen. "What the net seems to be doing is chipping away my capacity for concentration and contemplation," he wrote. "My mind now expects to take in information the way the net distributes it: in a swiftly moving stream of particles. Once I was a scuba diver in the sea of words. Now I zip along the surface like a guy on a jet-ski." I skim, therefore I am. Robert Fitzgerald, associate dean in the faculty of education at the University of Canberra, says there is indeed a "dumb side" to technology. "My children are immensely good at jumping on Google and finding things, but I wonder to what extent these are productive searches and to what extent they are hit-and- miss," he says. American media critic Neil Postman once asked if we had known the impact the motor vehicle would have on life, would we have embraced it so thoroughly. Fitzgerald says it's time we asked the same question of computers. "If you look at very early computer applications, particularly in the area of education, they were about simple cognitive skills such as addition, subtraction and memory devices. There was a sense of relieving us from some of the more simple but tedious tasks of intellectual function. "But now we need to recognise some of those routine, tedious tasks are quite fundamental to higher-level tasks. Having calculators in schools certainly allows children to calculate more quickly, but if they don't have an understanding of the equation, if they don't have the capacity to establish the answer, then they're at the mercy of technology. If it is faulty, they will never know the answer is wrong." Indeed, Google was proved fallible only last weekend, when a system error meant links to all search results were flagged with the warning: "This site may harm your computer." Tellingly, the internet behemoth initially tried to blame the mishap on human error ? but not its own. If not making us stupid, as such, Google seems to be making us intellectually lazy. Its search engine attracts several hundred million queries a day, but relatively few users venture beyond the first page of results. It is enough to take what comes first and fastest, scan through an article and move on. If you slow down while skimming across the water, you sink. American psychologist Maryanne Wolf, author of Proust and the Squid: The Story and Science of the Reading Brain, argues we are becoming "mere decoders of information" obtained online, rather than interpreters. Technology might lead us two ways, she says. Children might become so accustomed to immediate, on-screen information they fail to probe for deeper levels of insight, imagination and knowledge. Or the need to multitask and prioritise vast pools of information could see them develop equally, if not more valuable, skills. Stephanie Trigg, professor of English literature at the University of Melbourne, says technology has helped her students become more adept at finding and extracting information for study. "I think technology is making us more savvy at working out what we need from various websites, but the downside is it's starting to affect students' capacity to read long works of fiction. You have to train yourself to read at different speeds for different purposes," she says. "But I don't think their mental faculties are affected by the constant temptation to check their mobile phones. I don't think technology is making us stupid; maybe it's producing a different form of attention and concentration where you become more clever at working out what you need and reading between the lines. You get better and faster at processing information." A study by Dublin's Trinity College in 2007 found a quarter of Britons don't know their home phone number, while only a third can recall more than three birthdays of their immediate family. Six out of 10 claimed they suffered "information overload", but more than half admitted they used the same password across different bank accounts. Recall was worse among the younger set. Only 40 per cent of those aged under 30 could remember the birthdays of close relatives, against 87 per cent of those aged over 50. Of course, this doesn't denote stupidity. We now need to have these numbers and dates committed to memory as much as we need to know, in the developed world at least, how to use a hand-operated washer. We have outsourced parts of our memory, letting the machines do the thinking for us. And some argue releasing our brains of such small fry might free us to ponder weightier matters. Professor Sue Trinidad, dean of teaching and learning at Curtin University of Technology, says technologies such as computer games are preparing children for success in the 21st century. "Digital natives" are developing special skills to sift through information quickly and use scanning to effectively pick out what's important to them, she writes by email. "These digital natives are in a 3D, multifunctional, fast, instant, mobile world where you want it now and get it now." In this world, spending time or grey matter memorising phone numbers and birthdates might be more hindrance than help. But Nicholas Carr, for one, argues something much more significant is being lost in the rush of technology. "I argue that what the net might be doing is rewiring the neural circuitry of our brains in a way that diminishes our capacity for concentration, reflection and contemplation," he writes on his blog, Rough Type. "The net is sapping us of a form of thinking ? concentrated, linear, relaxed, reflective, deep ? that I see as central to human identity." WHAT is technology doing to our minds? Professor Christos Pantelis, scientific director of the Melbourne Neuropsychiatry Centre at the University of Melbourne, says the brain is forever changing and being moulded, "but whether it's rewiring itself based on technological advances, we don't know". He studies changes in the structure and function of the adolescent brain, which is particularly malleable in those areas involved in problem-solving, planning and flexible thinking. "The brain is changing during adolescence and early adulthood in very specific ways, up to about the age of 25. That means there is the potential to modify the way the brain is maturing during this critical phase of development, and you might hypothesise that what we do, and how we interact with the world, will have a direct effect on that," he says. "From my perspective, I would have thought technology helps to extend our abilities. It helps us to look at things in different ways, and in that regard I would have considered technological advances are actually a plus and assist us in all our endeavours. But you could also argue the other way; that training our mind to remember things is also a good thing and if we're not doing that so much maybe we're missing out somewhere. It's a good hypothesis to test: in what ways will the next generation exposed to these technologies see their brain changed by them?" What little study exists in this area is inconclusive. Scientists at University College London have found people demonstrate "a form of skimming activity" when using the internet for research. More than half of e-journal users in the study, published last year, viewed no more than three pages of an article or book before "bouncing" to another site. Almost two-thirds of users never returned to a source they had visited. Little time was spent evaluating information for relevance, accuracy or authority. The researchers warned of the emergence of a whole new form of reading behaviour, whereby users "power browsed" through titles, content pages and abstracts. But a separate study, published in the American Journal of Geriatric Psychiatry last year, instead suggested internet searches enhance brain power. Researchers at the University of California, Los Angeles, scanned the brains of 24 volunteers aged 55-76, half of whom had no prior internet search experience, while they were online or reading a book. During online searches, the brains of those who reported using the internet regularly showed increased stimulation, particularly in those regions associated with complex reasoning and decision-making. Within five days, the internet novices showed the same increase in activity in their frontal lobes. The study was led by neuroscientist Gary Small, a professor at UCLA's Semel Institute for Neuroscience and Human Behaviour, and author of iBrain: Surviving the Technological Alteration of the Modern Mind. He argues that as the brain shifts towards, and is energised by, new technological skills, it simultaneously drifts away from fundamental social skills. The cognitive gains made by younger generations in adapting to and processing new technologies come at the cost of such age-old social skills as reading facial expressions and body language. "Our social interactions may become awkward, and we tend to misinterpret, and even miss, subtle, non-verbal messages," he writes. "The dramatic conclusion would be we're drifting into an autistic society, but that would be overshooting." To where, then, might we be drifting? The dark imaginings of science fiction may offer some guide. Nicholas Carr cites Stanley Kubrick's film 2001: A Space Odyssey, and that scene where astronaut Dave Bowman coolly disconnects the memory circuits that control the artificial "brain" of malfunctioning supercomputer HAL. The humans act with almost "robot-like efficiency", while it is the machine that expresses anguish and loss. "That's the essence of Kubrick's dark prophecy: as we come to rely on computers to mediate our understanding of the world, it is our own intelligence that flattens into artificial intelligence," Carr argues. Robert Fitzgerald, from the University of Canberra, instead alludes to Ridley Scott's Alien trilogy. In a scene in the sequel, Lieutenant Ellen Ripley dons a mechanical "exosuit" to fight her alien foe ? spitting out that memorable line, "Get away from her, you bitch!" "For me, that exosuit is sort of symbolic for the way technology can expand our human capacities," Fitzgerald says. "But I suspect what we've got at the moment are very small fragments of that exosuit, with nothing really fully functioning or connected yet. We're really in the very early days in terms of the development of new internet technologies. While we have seen quite remarkable developments in the rates of blog use or wikis, I suspect five years down the track we will not recognise those technologies we're currently using ? they'll be more intuitive, more integrated, more intelligent." But will we be more intelligent as well? Our intelligence ultimately might reveal itself in the smarts of those same technologies, which have the capacity either to increase the sum of deep intelligence or leave us skating on the surface. But here's a sobering thought: if the key to human intelligence lies beyond the first page of a Google search, or in the last paragraph of a lengthy newspaper article, will we ever find it? From rforno at infowarrior.org Sat Feb 7 16:20:44 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 7 Feb 2009 11:20:44 -0500 Subject: [Infowarrior] - Report Calls Online Threats to Children Overblown Message-ID: <890D1FC6-E4CB-4804-B15E-833A52E0E7C7@infowarrior.org> (Dunno how I missed this one....--rf) January 14, 2009 Report Calls Online Threats to Children Overblown By BRAD STONE http://www.nytimes.com/2009/01/14/technology/internet/14cyberweb.html?_r=2&pagewanted=print The Internet may not be such a dangerous place for children after all. A task force created by 49 state attorneys general to look into the problem of sexual solicitation of children online has concluded that there really is not a significant problem. The findings ran counter to popular perceptions of online dangers as reinforced by depictions in the news media like NBC?s ?To Catch a Predator? series. One attorney general was quick to criticize the group?s report. The panel, the Internet Safety Technical Task Force, was charged with examining the extent of the threats children face on social networks like MySpace and Facebook, amid widespread fears that adults were using these popular Web sites to deceive and prey on children. But the report concluded that the problem of bullying among children, both online and offline, poses a far more serious challenge than the sexual solicitation of minors by adults. ?This shows that social networks are not these horribly bad neighborhoods on the Internet,? said John Cardillo, chief executive of Sentinel Tech Holding, which maintains a sex offender database and was part of the task force. ?Social networks are very much like real-world communities that are comprised mostly of good people who are there for the right reasons.? The 278-page report, released Tuesday, was the result of a year of meetings between dozens of academics, experts in childhood safety and executives of 30 companies, including Yahoo, AOL, MySpace and Facebook. The task force, led by the Berkman Center for Internet and Society at Harvard University, looked at scientific data on online sexual predators and found that children and teenagers were unlikely to be propositioned by adults online. In the cases that do exist, the report said, teenagers are typically willing participants and are already at risk because of poor home environments, substance abuse or other problems. Not everyone was happy with the conclusions. Richard Blumenthal, the Connecticut attorney general, who has forcefully pursued the issue and helped to create the task force, said he disagreed with the report. Mr. Blumenthal said it ?downplayed the predator threat,? relied on outdated research and failed to provide a specific plan for improving the safety of social networking. ?Children are solicited every day online,? Mr. Blumenthal said. ?Some fall prey, and the results are tragic. That harsh reality defies the statistical academic research underlying the report.? In what social networks may view as something of an exoneration after years of pressure from law enforcement, the report said sites like MySpace and Facebook ?do not appear to have increased the overall risk of solicitation.? Attorneys general like Mr. Blumenthal and Roy Cooper of North Carolina publicly accused the social networks of facilitating the activities of pedophiles and pushed them to adopt measures to protect their youngest users. Citing studies that showed tens of thousands of convicted sex offenders were using MySpace, they pressured the networks to purge those people from their membership databases. The attorneys general also charged the task force with evaluating technologies that might play a role in enhancing safety for children online. An advisory board composed of academic computer scientists and forensics experts was created within the task force to look at technologies and ask companies in the industry to submit their child- protection systems. Among the systems the technology board looked at included age verification technologies that try to authenticate the identities and ages of children and prevent adults from contacting them. But the board concluded that such systems ?do not appear to offer substantial help in protecting minors from sexual solicitation.? One problem is that it is difficult to verify the ages and identities of children because they do not have driver?s licenses or insurance. From rforno at infowarrior.org Sun Feb 8 04:40:59 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 7 Feb 2009 23:40:59 -0500 Subject: [Infowarrior] - Wikileaks: CRS Reports Bonanza Message-ID: <8C5B8B67-3E94-43A0-BE1B-9D97EB1AE0FA@infowarrior.org> http://wikileaks.org/wiki/Change_you_can_download:_a_billion_in_secret_Congressional_reports WIKILEAKS PRESS RELEASE Sat Feb 8 02:27:22 GMT 2009 For immediate release. "Change you can download" Wikileaks has released nearly a billion dollars worth of quasi-secret reports commissioned by the United States Congress. The 6,780 reports, current as of this month, comprise over 127,000 pages of material on some of the most contentious issues in the nation, from the U.S. relationship with Israel to abortion legislation. Nearly 2,300 of the reports were updated in the last 12 months, while the oldest report goes back to 1996. The release represents the total output of the Congressional Research Service (CRS) electronically available to Congressional offices. The CRS is Congress's analytical agency and has a budget in excess of $100M per year. Open government lawmakers such as Senators John McCain (R-Arizona) and Patrick J. Leahy (D-Vermont) have fought for years make the reports public, with bills being introduced--and rejected--almost every year since 1998. CRS reports are highly regarded as non-partisan, in-depth, and timely. The reports top the list of the "10 Most-Wanted Government Documents" compiled by the Washington based Center for Democracy and Technology[1]. The Federation of American Scientists, in pushing for the reports to be made public, stated that the "CRS is Congress' Brain and it's useful for the public to be plugged into it,"[2]. While Wired magazine called their concealment "The biggest Congressional scandal of the digital age"[3]. Although all CRS reports are legally in the public domain, they are quasi-secret because the CRS, as a matter of policy, makes the reports available only to members of Congress, Congressional committees and select sister agencies such as the GAO. Members of Congress are free to selectively release CRS reports to the public but are only motivated to do so when they feel the results would assist them politically. Universally embarrassing reports are kept quiet. Each time the topic of opening up the reports comes up, it runs into walls erected by opposing lawmakers such as Sen. Ted Stevens (R-Alaska), who "like many members of Congress, views CRS as an extension of his staff,". If the reports were made public, "every time a member requests a particular document, the public may infer that he's staking out a particular policy position." (Aaron Saunders, Stevens' spokesman, Washington Post, 2007)[4]. However that hasn't stopped a grey market forming around the documents. Opportunists smuggle out nearly all reports and sell them to cashed up special interests--lobbyists, law firms, multi-nationals, and presumably, foreign governments. Congress has turned a blind eye to special interest access, while continuing to vote down public access. Opposition to public availability comes not only from members of Congress but, also, from within the CRS. One might think that the CRS, as an agency of the Library of Congress, would institutionally support having a wider audience. But an internal memo reveals the CRS lobbying against the idea and opposing bills (S. Res. 54 and H.R. 3630) which would have given the public access to its reports (Project on Government Secrecy, FAS, 2003)[5]. The first line pushed by the CRS is the one that appeals most to Congressional members--open publication would prevent spin control. The memo states this in delicate terms, referring to such spin failures as "Impairment of Member Communication with Constituents". Of course the CRS doesn't really care about politicians facing much needed voter discipline, but it does have reasons of its own to avoid public oversight. Institutionally, the CRS has established an advisory relationship with members of Congress similar to the oversight-free relationship established between intelligence agencies and the office of the President. Free from meaningful public oversight of its work, the CRS, as "Congress's brain", is able to influence Congressional outcomes, even when its reports contain errors. Arguably, its institutional power over congress is second only to the parties themselves. Public oversight would reduce its ability to exercise that influence without criticism. That is why it opposes such oversight, and that is why such oversight must be established immediately. In 1913 Supreme Court Justice Louis Brandeis, a forceful proponent for open government, stated "Sunlight is the best disinfectant; electric light the most efficient policeman". Those wise words are still true today. Welcome, Congress, to our generation's electric sun. http://wikileaks.org/wiki/Change_you_can_download:_a_billion_in_secret_Congressional_reports From rforno at infowarrior.org Sun Feb 8 05:19:50 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 8 Feb 2009 00:19:50 -0500 Subject: [Infowarrior] - App Store DRM cracked, but what's the point? Message-ID: <73A275A5-CC3C-49DA-86B1-937EE9CF93C1@infowarrior.org> App Store DRM cracked, but what's the point? Poetic Justice thy name is Crackulous. In just the last 48 hours, the free app that cracks App Store DRM has been appropriated and resold by unscrupulous metapirates. There have been 20,000 downloads so far?and over 10 million iPhones sold. By Erica Sadun | Last updated February 2, 2009 12:52 http://arstechnica.com/apple/news/2009/02/poetic-justice-watch-crackulous-released-pirated-re-sold.ars Sunday, warez site Funky Space Monkey announced the release of Crackulous 0.9, a GUI front end to xCrack. Crackulous, as the name suggests, removes the DRM from App Store software, allowing users to distribute pirated programs outside of App Store channels without the developers or Apple getting paid. Crackulous was developed at Hackulo.us, a donation-supported forum dedicated to, well, stealing software. There's really no way to put a good spin on it. Crackulous is the brainchild of iPhone pirate Salad Fork, who notoriously called an early leak of his software "absolutely disgusting and downright insulting." Back in November, Mr. Fork became outraged when his pirating software was pirated and released without his consent or control. Today, he must be experiencing another wave of stress: the otherwise free Crackulous software has already been repirated and is being sold for ten bucks a pop in a new wave of poetic justice. What Crackulous does According to the Crackulous v.9 specs, the software lets you "[c]rack Applications from the App Store! Share them with the community! Crackulous can crack multiple applications at a time, with the most POWERFUL and EASIEST to use application available." Here's how it works: users pay for and download a legitimate copy of each application from the App Store. Then they apply the Crackulous crack to create a version that can be distributed and run from a jailbroken file system. Finally they upload the cracked version to a warez site, where the software is hosted for downloads. Once cracked, the Hackulo.us onsite FAQ strongly encourages users to upload their application to Appulous, their online repository for cracked iPhone apps. Appulous members can then download the pirated software for free. Like Hackulous, Appulous is presumably supported by donations to cover hosting and bandwidth costs. A rather touching notice at the bottom of the main Appulous page mentions that "Appulo.us, its logo, website, and web application are Copyright ?2008 Appulo.us. iPhone and iPod Touch are registered trademarks of Apple, Inc. All other contents are copyrighted and trademarked by their respective owners." It's good to see that the Appulous owners are so scrupulous about enforcing copyright. Pirated pirating As of today, the Hackulo.us forum mods claim they've hosted over 20,000 legitimate downloads, for whatever value of "legitimate" they may be using. In this case, they refer to people who have not appropriated the Crackulous software and are attempting to sell that software for profit. Because, yes, once again Crackulous has been pirated. The Crackulous.net site is selling Crackulous for $10 a pop?at least for now. The price is due to head up to $20 per copy, making the current $10 PayPal price a Great Bargain. Amusingly, the Crackulous.net site accuses the (original) free version of being malware and adds in its "Is Cracukulous illegal" FAQ: "Of course not! Even the folks in Cupertino use Crackulous for testing iPhone applications and sharing them with their friends and family." Whoever developed this site surely had quite the sense of humor. In a fit of indignant ire, the Crackulous developers are offended that the fruits of their hard work and effort are being distributed by and profited from others. The Hackulo.us announcement notes that one such party (by which we assume they refer to Crackulous.net) has reported earnings of $40, or 4 copies at $10 per copy. They write, "We've had well over 20,000 legitimate downloads, so his 4 isn't much of a penetration -- but hey, it's fun to virtually punch pathetic losers like this in the face." Effect on App Store and developers To date, there have been approximately 500 million App Store downloads, serving approximately 10 million iPhones. Compared to that 10 million+ number, the 20,000 users of Crackulous represent an extremely limited subset of users. Yes, each Crackulous user can provide a copy of software that may reach thousands of users, but on the whole, Crackulous does not seem to present a serious threat to the App Store ecosystem. Crackulous and Appulous users are limited to those who have taken the time to jailbreak their iPhones and, beyond that, to the minority who actively engage in software pirating. The biggest cost to developers looks as if it will be to support users who have not paid for their licenses and who are using application-specific services such as Web bandwidth or tech support for products they haven't bought. These costs are real and serious but they're unlikely to tip a developer from being able to operate with profits into losing money. Apple is probably not going to do more than issue a few take-down notices in order to affirmatively protect its rights. As for developers, dealing with pirates is part of the normal status quo of the software business. For now, there's little that can be done. From rforno at infowarrior.org Mon Feb 9 01:41:39 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 8 Feb 2009 20:41:39 -0500 Subject: [Infowarrior] - Hathaway to Head Obama Cybersecurity Post Message-ID: <02ABAF28-39D7-4CD2-95E2-D404BB349F69@infowarrior.org> Hathaway to Head Cybersecurity Post http://online.wsj.com/article/SB123412824916961127.html By SIOBHAN GORMAN WASHINGTON -- President Barack Obama will tap a top aide to President George W. Bush's intelligence director to head his cybersecurity effort, according to government officials familiar with the decision. An announcement is expected as early as Monday. The appointment of Melissa Hathaway, a former consultant at Booz Allen Hamilton, is the president's first major decision on cybersecurity. She will lead a review of the government's efforts to secure computer networks against spies, terrorists and economic criminals and is expected to then head a new White House office of cybersecurity. Ms. Hathaway helped develop a Bush administration cybersecurity initiative, which was expected to cost around $30 billion over five years, with spending this year of about $6 billion. Ms. Hathaway's new job is to carry out a 60-day review of the initiative and recommend a path forward. On the campaign trail, Mr. Obama criticized the Bush administration for being too slow to address cyber threats and said he would create a "national cyber adviser" who would report directly to the president. "As president, I'll make cyber security the top priority that it should be in the 21st century," he said in a speech in July. He equated cyber threats with those of nuclear and biological weapons in a campaign ad he ran at the time.? The decision to hold a review, however, suggests that any big moves are being put off for the time being. After his election, Mr. Obama established a transition team dedicated to tackling cybersecurity. Some experts on the team were members of a national commission that recommended consolidating government cyber efforts into one office that would report directly to the president. It would remove major responsibilities from the Department of Homeland Security. National Security Adviser James Jones, however, wanted more study of the issue and ordered an independent review, which resulted in the appointment of Ms. Hathaway to the White House post to conduct the review, according to one person familiar with the matter. Ms. Hathaway will be a senior director at the National Security Council, which puts her at the same level as her predecessor in the Bush administration and a few rungs down from directly reporting to the president. Roger Cressey, a former top security aide in the Clinton White House, said he was disappointed the post isn't higher- level. "They need a nationally known person to run cyber from the White House," he said. "Otherwise it's just old wine in a new bottle." A senior intelligence official said the review is part of Mr. Jones's effort to reorient the National Security Council to address more comprehensively problems such as cybersecurity and climate change that span government agencies. Before joining the Obama administration, Mr. Jones was part of a group called the Project on National Security Reform, which is working with the administration on bridging agency divides on national-security issues ranging from terrorism to pandemic flu. National Security Council spokesman Ben Chang said he couldn't comment on personnel decisions that haven't been announced. Ms. Hathaway was one of a few trusted aides whom Mr. Bush's director of national intelligence, Mike McConnell, brought with him from Booz Allen Hamilton. Mr. McConnell left the McLean, Va., consulting firm for the top intelligence post in 2007. At Booz Allen, Ms. Hathaway specialized in cybersecurity strategies. Mr. McConnell asked her to lead his cybersecurity study effort, which grew into the Comprehensive National Cybersecurity Initiative that President Bush started a year ago. From rforno at infowarrior.org Mon Feb 9 13:07:16 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 Feb 2009 08:07:16 -0500 Subject: [Infowarrior] - UK government plans travel database Message-ID: Government plans travel database The government is compiling a database to track and store the international travel records of millions of Britons. Computerised records of all 250 million journeys made by individuals in and out of the UK each year will be kept for up to 10 years. The government says the database is essential in the fight against crime, illegal immigration and terrorism. But opposition MPs and privacy campaigners fear it is a significant step towards a surveillance society. The intelligence centre will store names, addresses, telephone numbers, seat reservations, travel itineraries and credit card details of travellers. Big Brother Shadow home secretary Chris Grayling said: "The government seems to be building databases to track more and more of our lives. "The justification is always about security or personal protection. But the truth is that we have a government that just can't be trusted over these highly sensitive issues. We must not allow ourselves to become a Big Brother society." Liberal Democrat home affairs spokesman Chris Huhne said: "This is another example of an intrusive database without any public debate about safeguards on its use. "We are sleepwalking into a surveillance state and should remember that George Orwell's 1984 was a warning, not a blueprint." A spokesman for campaign group NO2ID said: "When your travel plans, who you are travelling with, where you are going to and when are being recorded you have to ask yourself just how free is this country?" The e-Borders scheme covers flights, ferries and rail journeys and the Home Office says similar schemes run in other countries including the US, Canada, Spain and Australia. Minister of State for borders and immigration Phil Woolas said the government was determined to ensure the UK's border remained one of the toughest in the world. "Our hi-tech electronic borders system will allow us to count all passengers in and out of the UK and [it] targets those who aren't willing to play by our rules," he said. "Already e-Borders has screened over 75 million passengers against immigration, customs and police watch-lists, leading to over 2,700 arrests for crimes such as murder, rape and assault." Story from BBC NEWS: http://news.bbc.co.uk/go/pr/fr/-/1/hi/uk/7877182.stm Published: 2009/02/08 13:03:23 GMT ? BBC MMIX From rforno at infowarrior.org Mon Feb 9 13:13:11 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 Feb 2009 08:13:11 -0500 Subject: [Infowarrior] - Bundeswehr builds Cyberwar Unit Message-ID: (translated from the original German via the Fish.....----rf) 07.02.2009 17:45 Telepolis http://www.heise.de/newsticker/Medienbericht-Bundeswehr-baut-Cyberwar-Einheit-auf--/meldung/127082 Media report: German Federal Armed Forces develop ?Cyberwar unit? The German Federal Armed Forces develop at present allegedly a ?Cyberwar unit?, which do not only protect the own IT-infrastructure against attacks, but also investigations and manipulations on strange computers and/or ?in opposing nets? would drive through are. After information mirror exists the troop of several dozen in Rhine brook with Bonn kasernierten graduate of computer science of the German Federal Armed Forces universities. At present - so that Hamburg news magazines - the ?hackers practice in uniform?, fully still operationally should them only in the next year be. Organizational the top secret unit is assigned and by Brigadier General Friedrich Wilhelm Kriesel is led allegedly to the command strategic clearing-up. With the German Federal Armed Forces so far no statement was to be gotten to the report. After the Basic Law the German defense army may not notice tasks in the interior, however there are plans since longer to eliminate this prohibition. World-wide the experts argue whether a term is correct such as Cyberwar, because there are no dead ones and injured ones in such a war, on the other hand one however apparent exists agreement over the fact that the protection against such threats ranks among the tasks of the armed forces of a country. And even if the Cyberattacke on Estonia did not go through afterwards as ?war?, then meanwhile each state, which operates a substantial electronic IT-infrastructure, takes potenzielle threats by Cyberattacken seriously. (PEM/Telepolis) From rforno at infowarrior.org Mon Feb 9 13:16:59 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 Feb 2009 08:16:59 -0500 Subject: [Infowarrior] - French fighter planes grounded by computer virus Message-ID: French fighter planes grounded by computer virus French fighter planes were unable to take off after military computers were infected by a computer virus, an intelligence magazine claims. by Kim Willsher in Paris Last Updated: 9:52PM GMT 07 Feb 2009 http://www.telegraph.co.uk/news/worldnews/europe/france/4547649/French-fighter-planes-grounded-by-computer-virus.html The aircraft were unable to download their flight plans after databases were infected by a Microsoft virus they had already been warned about several months beforehand. At one point French naval staff were also instructed not to even open their computers. Microsoft had warned that the "Conficker" virus, transmitted through Windows, was attacking computer systems in October last year, but according to reports the French military ignored the warning and failed to install the necessary security measures. The French newspaper Ouest France said the virus had hit the internal computer network at the French Navy. J?rome Erulin, French navy spokesman told the paper: "It affected exchanges of information but no information was lost. It was a security problem we had already simulated. We cut the communication links that could have transmitted the virus and 99 per cent of the network is safe." However, the French navy admitted that during the time it took to eradicate the virus, it had to return to more traditional forms of communication: telephone, fax and post. Naval officials said the "infection"' was probably due more to negligence than a deliberate attempt to compromise French national security. It said it suspected someone at the navy had used an infected USB key. The Sicmar Network, on which the most sensitive documents and communications are transmitted was not touched, it said. "The computer virus problem had no effect on the availability of our forces." The virus attacked the non-secured internal French navy network called Intramar and was detected on 21 January. The whole network was affected and military staff were instructed not to start their computers. According to Liberation newspaper, two days later the chiefs of staff decided to isolate Intramar from the military's other computer systems, but certain computers at the Villacoublay air base and in the 8th Transmissions Regiment were infected. Liberation reported that on the 15 and 16 January the Navy's Rafale aircraft were "nailed to the ground" because they were unable to "download their flight plans". The aircraft were eventually activated by "another system". Liberation also reported that Microsoft had identified the Conficker virus in the autumn of 2008 and had advised users from October last year to update their security patches. IntelligenceOnline reports that "at the heart of the (French) military, the modifications were, for the most part, not done." It was only on the 16 January "three months later" that the navy chiefs of staffs began to act. "At that point, the chiefs of staff and the defence ministry had no idea how many computers or military information systems were vulnerable to having been contaminated by the virus," said Liberation. The French press also reported that the only consolation for the French Navy was that it was not the only ones to have fallen victim to the virus. It said that a report in the military review Defense Tech revealed that in the first days of January 2009 the British Defence Ministry had been attacked by a hybrid of the virus that had substantially and seriously infected the computer systems of more than 24 RAF bases and 75 per cent of the Royal Navy fleet including the aircraft carrier Ark Royal. From rforno at infowarrior.org Mon Feb 9 19:09:44 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 Feb 2009 14:09:44 -0500 Subject: [Infowarrior] - The Non-Terrorist Watchlist Message-ID: <03554958-C212-4E57-9BC0-6D177B49AB47@infowarrior.org> House Approves Whitelist of People Who Aren't Terrorists By David Kravets EmailFebruary 04, 2009 | 4:02:24 PM http://blog.wired.com/27bstroke6/2009/02/house-approves.html The House overwhelmingly adopted legislation this week mandating the creation of a new kind of terrorist watchlist: a database of people who aren't terrorists, but are routinely flagged at airports anyway. The U.S. government maintains a list of about a million names of suspected terrorists that is crosschecked with passenger names ahead of airline boarding. The list has been dogged for years by sloppy name matches that have ensnared innocent travelers, children, prominent politicians and government officials, the U.S. Conference of Catholic Bishops' secretary of education and all men named David Nelson. Under the new plan, approved late Tuesday 413-3, innocent victims of the terrorist watchlist must prove to the Department of Homeland Security, through an undetermined appeals process, that they are not terrorists. They would then get their names put on what the legislation calls the "Comprehensive Cleared List." The legislation is another attempt to assist wrongly flagged passengers and would supersede the troubled DHS Traveler Redress Inquiry Program, which has been criticized for being slow or unresponsive to flier complaints. The FAST Redress Act, if approved by the Senate, requires the government to report within 240 days on its progress in implementing the new list. From rforno at infowarrior.org Tue Feb 10 23:12:40 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 10 Feb 2009 18:12:40 -0500 Subject: [Infowarrior] - Panel employs full-court press for cybersecurity Message-ID: <539D46FE-DB62-417D-AE1C-DEBEA1D39676@infowarrior.org> Panel employs full-court press for cybersecurity ? By William Jackson ? Feb 09, 2009 ? http://gcn.com/articles/2009/02/09/cyber-commission-full-court-press.aspx An expert commission plans to continue its effort to see recommendations for cybersecurity implemented governmentwide Members of the panel that offered the Obama administration a blueprint for improving the nation's cybersecurity say they want to have a voice in shaping the government's information technology policy. In its December 2008 report, the Commission on Cyber Security for the 44th Presidency concluded that the nation's cyber infrastructure is too fragile and too critical to be trusted to individual agencies, and protecting that infrastructure requires a comprehensive strategy directed by the White House. In a recent statement, the Center for Strategic and International Studies (CSIS), which established the commission, said, "The new administration has cybersecurity high on its agenda, and it is making a serious effort to take what has already been done and improve our national cyber posture. But there is much to be done. Building cybersecurity will be a long-term effort." Some panel members want to continue the dialog with government officials through an ongoing series of meetings. Denise Zheng, program coordinator and research assistant for technology and public policy at CSIS, said that although the program's details are still being discussed, the members envision continuing the public format in which the commission developed its report. CSIS established the commission in 2007 in response to the growing challenges to government information systems. Its goal was to produce concrete recommendations that the new administration could implement quickly. The commission's co-chairmen were Rep. Jim Langevin (D-R.I.), then chairman of the House Homeland Security Committee's Emerging Threats, Cybersecurity, and Science and Technology Subcommittee; Rep. Michael McCaul (R-Texas), the subcommittee's former ranking member; retired Air Force Lt. Gen. Harry Raduege, chairman of the Deloitte Center for Network Innovation at Deloitte and Touche; and Scott Charney, corporate vice president of Microsoft's Trustworthy Computing Group. The commission also included 50 other members from government, industry and academia. James Lewis, director of technology and public policy at CSIS, served as project director. The commission held 19 briefings to gather data in the past year. Its primary findings were that cybersecurity is a major national security issue, but that in addressing it, the government must respect privacy and civil liberties concerns. "Only a comprehensive national security strategy that embraces both the domestic and international aspects of cybersecurity will improve the situation," the commission members wrote in their report. They recommended that the Homeland Security Department and the Office of Management and Budget, which took the lead on cybersecurity during the Bush administration, maintain their operational responsibilities. Meanwhile, a new National Office for Cyberspace and a new cybersecurity directorate at the National Security Council would take the overall lead on cybersecurity. The commission also recommended that the government build on President Bush's Comprehensive National Cyber Security Initiative. "While the CNCI is not comprehensive and unnecessary secrecy reduced its effect, we believe it is a good place to start," the commissioners wrote in their report. Among the topics panel members hope to discuss with government officials: ? Provisions for cybersecurity in the stimulus package Congress is now considering. ? Executive branch leadership on the issue. ? Legislation that addresses the security of government systems, including reform of the Federal Information Security Management Act. ? Review of law enforcement and investigative authorities related to cybersecurity. ? A six-month report card on the government's efforts to secure cyberspace. ? Federal IT acquisition policies. ? International standards and initiatives. ? Classification of cyber initiatives. ? Building an enduring security framework and public/private partnerships. From rforno at infowarrior.org Wed Feb 11 02:39:30 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 10 Feb 2009 21:39:30 -0500 Subject: [Infowarrior] - How The World Almost Came To An End At 2PM Message-ID: <5F9C8CFA-04A0-4D41-B27E-708CB1ED1059@infowarrior.org> How The World Almost Came To An End At 2PM On September 18 Posted by Tyler Durden at 12:56 PM http://zerohedge.blogspot.com/2009/02/how-world-almost-came-to-end-at-2pm-on.html LiveLeak has caught a scary moment of previously undisclosed insight by Paul Kanjorski where he reveals some facts that have not been captured by the media previously. At 2 minutes and 20 seconds in the video below, Democratic Representative Kanjorski explains how the Federal Reserve told Congress members about a "tremendous draw-down of money market accounts in the United States, to the tune of $550 billion dollars." According to Kanjorski, this electronic transfer occurred over the period of an hour or two. And it gets worse. Kanjorski paraphrases the following disclosure by Bernanke and Paulson: On Thursday (Sept 18), at 11am the Federal Reserve noticed a tremendous draw-down of money market accounts in the U.S., to the tune of $550 billion was being drawn out in the matter of an hour or two. The Treasury opened up its window to help and pumped a $105 billion in the system and quickly realized that they could not stem the tide. We were having an electronic run on the banks. They decided to close the operation, close down the money accounts and announce a guarantee of $250,000 per account so there wouldn't be further panic out there. If they had not done that, their estimation is that by 2pm that afternoon, $5.5 trillion would have been drawn out of the money market system of the U.S., would have collapsed the entire economy of the U.S., and within 24 hours the world economy would have collapsed. It would have been the end of our economic system and our political system as we know it. We are no better off today than we were 3 months ago because we have a decrease in the equity positions of banks because other assets are going sour by the moment. Interestingly, Kanjorski, and likely more and more Democrats, are starting to shift to the camp that more time is needed to make a correct decision this time (which may explain Geithner's decision to postpone the "bank-rescue" announcement by one day to Tuesday), instead of rushing into another half-baked plan. Very scary stuff. http://zerohedge.blogspot.com/2009/02/how-world-almost-came-to-end-at-2pm-on.html From rforno at infowarrior.org Wed Feb 11 02:45:19 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 10 Feb 2009 21:45:19 -0500 Subject: [Infowarrior] - Sirius XM Prepares for Possible Bankruptcy Message-ID: February 11, 2009 Sirius XM Prepares for Possible Bankruptcy By ANDREW ROSS SORKIN and ZACHERY KOUWE http://www.nytimes.com/2009/02/11/technology/companies/11radio.html?_r=1&pagewanted=print Last summer, Mel Karmazin was rattling off his trademark one-liners to talk up the future of Sirius XM Radio, the combined company he ran that had just been blessed by regulators. He was planning to cut costs and expand a business that was already a fixture in the lives of millions of Americans. ?Forty-three cents a day ? it?s not even vending machine coffee,? he said at the time, parrying a question about whether the softening economy might hurt subscriptions. But now Sirius XM, the satellite radio company, has problems with much bigger price tags. It has hired advisers to prepare for a possible bankruptcy filing, people involved in the process said. That would, of course, be a grim turn of events for the normally upbeat Mr. Karmazin, Sirius XM?s chief executive, who had hoped to create a mobile entertainment juggernaut with stars like the shock jock Howard Stern. A bankruptcy would make Sirius XM one of the largest casualties of the credit squeeze. With over $5 billion in assets, it would be the second- largest Chapter 11 filing so far this year, according to Capital IQ. The filing by Smurfit-Stone, with assets of $7 billion, has been the year?s biggest to date. Sirius XM, which never turned a profit when both companies were independent, is laden with $3.25 billion in debt. Its business model has been dependent, in part, on the ability to roll over its enormous debts ? used to finance sending satellites into space and attract talent like Mr. Stern (who was paid $100 million a year) ? at low rates for the foreseeable future until it could turn a profit. The company?s success and failure is also tied to the faltering fortunes of the automobile industry, which sells vehicles with its radio technology installed and represented the largest customer base among Sirius XM?s 20 million subscribers. Sirius XM owes about $175 million in debt payments at the end of February that it is unlikely to be able to pay. Sirius XM?s problems could pave the way for a takeover by EchoStar, the TV satellite company, which has bought up Sirius XM?s debt. Mr. Karmazin has been locked in talks with EchoStar?s chief executive, Charles W. Ergen, over Sirius XM?s options, people involved in the talks said. The men are said not to get along, these people said, and Mr. Karmazin had rebuffed Mr. Ergen?s takeover advances before. Sirius XM hired Joseph A. Bondi of Alvarez & Marsal and Mark J. Thompson, a bankruptcy lawyer with Simpson, Thacher & Bartlett, to help prepare a Chapter 11 filing, these people said. Documents and analysis are close to completion and a filing could come in days, according to a person familiar with the matter. The threat of bankruptcy by Sirius XM could also be part of a negotiating dance with Mr. Ergen, who could decide to convert his debt into equity instead of demanding payment. In addition to the $175 million due in February, EchoStar also owns $400 million more of Sirius XM?s debt due in December. If Sirius XM files for bankruptcy, EchoStar could seek in court to take over the company. Mr. Ergen, however, may be able to negotiate to convert his shares before bankruptcy at an attractive rate and gain control of the company, these people said. For Mr. Karmazin, the sale or bankruptcy of Sirius XM would be one of his first failures. He founded Infinity Broadcasting, sold it to CBS and later merged the combined companies into Viacom, where he had a notoriously difficult relationship with Sumner M. Redstone, the chairman, before being ousted. Mr. Karmazin, ever an optimist, had bought two million shares of Sirius XM at $1.37 a share in August. Before that, he had bought 20 million shares at an average price of $5 each. But since the summer the company?s prospects have dimmed. In December, Mr. Karmazin started to sound alarm bells, but he remained optimistic. ?I?m not trying to paint the rosy picture, because we have challenges connected to our liquidity and certainly our stock price is dreadful,? he said at the time. ?But, you know, our revenues are growing double digits. We?re growing subscribers. We?re not losing subscribers.? A spokeswoman for Mr. Karmazin declined to comment. A spokesman for EchoStar could not be reached. Mr. Karmazin staked the success of the merger deal on nearly $400 million in annual cost savings and the potential to gain new subscribers through deals with auto companies. Placing more satellite radios in vehicles, he argued, would persuade consumers to add radios in their homes and boats and as portable devices. But satellite radio failed to win over many younger listeners, and competition from free Internet radio, MP3 players and high-definition terrestrial radio began drastically slowing Sirius XM?s subscriber growth. From rforno at infowarrior.org Fri Feb 13 13:25:26 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Feb 2009 08:25:26 -0500 Subject: [Infowarrior] - =?windows-1252?q?Record_Labels_Turn_ISPs_Into_=91?= =?windows-1252?q?Copyright_Cops=92_to_Deter_Piracy?= Message-ID: Record Labels Turn ISPs Into ?Copyright Cops? to Deter Piracy Email | Print | A A A http://www.bloomberg.com/apps/news?pid=20601109&sid=agXjCIONibps&refer=home# By Kristen Schweizer and Adam Satariano Feb. 13 (Bloomberg) -- The world?s biggest record companies sued college students, a 12-year-old girl and a dead woman and still failed to stamp out music piracy. Now they?re turning to Internet service providers. Universal Music Group, Warner Music Group Corp., EMI Group and Sony Music Entertainment have gained leverage through court and government actions to pressure ISPs into warning customers not to steal music -- in some cases with a threat to cut service. Crowded networks are helping to soften U.S. and European access providers? resistance to working with record companies. Irish phone company Eircom, in a settlement with music labels, said last month it will unplug customers who ignore illegal-download warnings. A law being drafted in France would do the same, while Britain may require ISPs to pass information on offenders to rights holders. The four largest U.S. labels have struck preliminary accords to work more closely with ISPs. ?There has been an international push by the rights holders to pursue a similar strategy across the world,? said Danny O?Brien, international outreach coordinator for the San Francisco-based Electronic Frontier Foundation, which advocates expanded digital rights for consumers. ?The end goal is the same: co-opt Internet service providers as copyright cops.? Millions spent suing alleged pirates have earned the music industry negative press while failing to stop the practice. Today, 95 percent of music downloads are illegal, according to London?s International Federation of the Phonographic Industry. Piracy Costs Piracy in the U.K. cost 180 million pounds ($265 million) last year, according to Jupiter Research. U.S. record companies? 2007 losses were $5.3 billion, according to the Institute of Policy Innovation in Lewisville, Texas. That?s fed a decline in the industry. New York-based Warner Music, the only publicly traded music company, has fallen 93 percent from a May 2006 high. Universal Music, the largest record company, is owned by Paris-based Vivendi SA, EMI is privately held and Sony Music is owned by Japan?s Sony Corp. ?The network service provider is the logical place for us to go to protect our business,? Michael Nash, Warner Music?s executive vice president for digital, said in an interview. Some artists have embraced the anarchy of the Web. Radiohead released the album ?In Rainbows? on the Internet and allowed fans to pay what they wanted. Wilco, in a dispute with Warner?s Reprise Records, released ?Yankee Hotel Foxtrot? for free, and Nine Inch Nails singer Trent Reznor, without a label, offered fans options to purchase his 36- track instrumental album, from giving some songs away to charging $300 for a limited edition. In a three-month test, U.K. Internet providers agreed to send warning letters to users caught sharing files illegally. Denmark?s largest provider, TDC, blocked access last month to The Pirate Bay, a repository of free music, films and books. Breakthrough ISPs haven?t volunteered for the role of watchdog, because they could lose business, said John Kennedy, chairman of the Phonographic Federation. ?One of the biggest breakthroughs recently is that ISPs are concerned about usage of their bandwidth,? Kennedy said. ?File- sharing is huge traffic.? The Recording Industry Association of America, the Washington-based trade group, warned ISPs in May 2008 it may push for laws addressing piracy. That added urgency to ?years of conversations,? RIAA Chairman Mitch Bainwol said in an interview. AT&T Inc., the largest U.S. telephone company, and the biggest cable network, Comcast Corp., are among those cooperating, CNET.com reported on Jan. 28, citing unidentified people with knowledge of the matter. AT&T, based in Dallas, and Philadelphia-based Comcast declined to comment. Verizon Communications Inc. isn?t participating, spokesman David Fish said. Music Monitors Eircom settled the February 2008 lawsuit to avoid the threat that record labels would monitor its network. ?We will not install monitoring equipment on our network and no customer information will be handed over to record companies,? spokesman Paul Bradley said. Some ISPs argue they shouldn?t be watchdogs. ?Copyright infringement isn?t a criminal offense,? said Adam Liversage, spokesman for BT Group Plc, Britain?s biggest provider. The threat of being disconnected would change the behavior of 72 percent of illegal downloaders in the U.K., a study by London-based Entertainment Media Research showed, while 74 percent would change their habits in France, an Ipsos poll found. Unlimited Downloads A letter isn?t enough, said Geoff Taylor, head of the British Phonographic Industry. ?File-sharers are only likely to change their behavior if they know that letters are the first step in a process. The Isle of Man, a self-governed island of 80,000 people in the Irish Sea, has proposed charging Internet subscribers for unlimited music downloads. Revenue would be distributed to copyright holders. Warner Music, whose artists include Kid Rock and Metallica, is exploring ISP fees in the U.S. The company hired former Geffen Records executive Jim Griffin, who?ll initially focus on universities, Nash said. ISPs have a responsibility to act because they?ve allowed illegal transfers, said Barry Bergman, president of the U.S. Music Manager?s Forum. ?The ISPs have a direct relationship with the pirates,? said Bergman, whose group pushed for stronger U.S. copyright laws. ?It?s very important that they step up to the plate.? To contact the reporters on this story: Kristen Schweizer in London at kschweizer1 at bloomberg.netAdam Satariano in San Francisco at asatariano1 at bloomberg.net Last Updated: February 12, 2009 23:40 EST From rforno at infowarrior.org Fri Feb 13 14:10:15 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Feb 2009 09:10:15 -0500 Subject: [Infowarrior] - OT: The Audacity of Audaciousness Message-ID: Umm....."change we can believe in?" Where? "More transparency?" Same question. --rf The Audacity of Audaciousness By Dana Milbank Friday, February 13, 2009; A03 http://www.washingtonpost.com/wp-dyn/content/article/2009/02/12/AR2009021203435_pf.html It takes a certain amount of nerve to have an event at the National Press Club and then ban the press from covering it. It takes another level of chutzpah entirely to admit members of the general public to your event at the National Press Club, recruit a news organization as the co-sponsor and then tell the press they can't cover it. But that's exactly what former Obama campaign manager David Plouffe and Georgetown University did yesterday. Plouffe was listed as the keynote speaker at the luncheon yesterday for "Transition 2009," sponsored by Georgetown University and Politico. The public was invited to the event -- students free of charge and everybody else for a fee. But at the last minute, Georgetown announced that Plouffe's speech would be "closed press," even though the speech was being given in the National Press Club ballroom, described on a plaque at the door as "the sanctum sanctorum of American journalists." National Press Club President Donna Leinwand fired off an e-mail to Plouffe and his agents stating her "strong opposition" to the press banishment from its own club. "If Mr. Plouffe wants to keep secrets," she said, "Mr. Plouffe should stay at home." Politico editor John Harris called it "a surprise to me and an unhappy one." Harris pulled out as moderator of the speech and said his publication was disassociating itself from the luncheon. Un-sponsoring part of the two-day event, however, was rather tricky. The Politico emblem was still emblazoned on signs outside the ballroom and on the lanyards and name tags for attendees. This sort of mess has become a trademark of the former Obama campaign manager. Plouffe still keeps his Obama ties -- over the weekend he sent out an e-mail in his name to millions from barackobama.com titled "Urgent message from President Obama" -- yet he is also profiting from them. He is reported to have received as much as $2 million for his forthcoming book, "The Audacity to Win," and he can't give his material away in public speeches. Plouffe's Audacity to Cash Out caused some embarrassment for him over the weekend, when he flew to Azerbaijan to give a speech to a group tied to that country's repressive leader. The title of that speech, "The Power of Democracy," took on an ironic meaning when journalists were ordered to leave the auditorium before it began. Banishing the press from the National Press Club was not as easy. Georgetown spokeswoman Rachel Pugh said the speech was "closed at the request of the speaker" before agreeing to let reporters in as long as they did not report on anything they heard there. But Plouffe, confronted at a reception before the speech, blamed Georgetown. "The conversation in there, at the university's request, is off the record," he said. "It's not my choice." Oh? The question was put to Rob Manuel, dean of Georgetown's School of Continuing Studies. "We are honoring his decision to be off the record," he said. To circumvent the off-the-record rules, a Washington Post reporter put on a sandwich board with the messages "unPLOUFFEable" and "what the Plouffe?" and then handed out notebooks and pens to regular citizens who, because they were not reporters, were free to report on the speech. They provided a full account of his nearly 90-minute talk. On Sarah Palin: "She was our best fundraiser and organizer in the fall." On the primary victory over Hillary Clinton: "Really by February 17, mathematically, the night of the Wisconsin primary, it's over. We had to endure 3 1/2 months of pure hell before we secured the nomination." On the New Hampshire primary: "Our sense was if we won Iowa that would be enough to shoot us past her. . . . We should have found a way to remove the pressure to win." On the Texas primary: "The biggest mistake I made in this campaign." On Internet organizing: "We had hundreds of thousands of people who signed up to be rapid responders. So when John McCain's attacking us on Bill Ayers, and other silly issues, those people were sending out the facts." The crucial moment of the general election: "McCain's suspension of his campaign . . . From that point on, people saw McCain as more unsteady and erratic." McCain's "celebrity" ad: "We just sat back and said he's doing huge damage to himself with independent women voters. When you coupled Palin to it, it was explosive and really destructive." Interesting stuff, sure, but nothing newsworthy and nothing out of school. So why did Plouffe have the press removed from the press club? After the speech, Plouffe again blamed Georgetown. "They wanted to have a candid exchange," he said. Nearby, a Georgetown event staffer tried to prevent the questioning of Plouffe. "Seriously, this is going to be a scene," she warned. "I really do recommend that you not do this." Plouffe was whisked away, and the press club was again open to the press. For a video version of this column and more excerpts of Plouffe's speech, go to http://blog.washingtonpost.com/roughsketch. From rforno at infowarrior.org Fri Feb 13 17:46:44 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Feb 2009 12:46:44 -0500 Subject: [Infowarrior] - Experian to stop selling FICO scores to consumers Message-ID: Experian to stop selling FICO scores to consumers The credit bureau will provide the data only to commercial customers such as lenders, potentially putting home buyers at a disadvantage. Scores will still be available from TransUnion and Equifax. < - > http://www.latimes.com/business/la-fi-fico13-2009feb13,0,6470593.story From rforno at infowarrior.org Fri Feb 13 17:48:38 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Feb 2009 12:48:38 -0500 Subject: [Infowarrior] - Net Monitoring May Be Authorized by Stimulus Amendment Message-ID: Alert! - Internet Monitoring May Be Authorized by Stimulus Amendment http://lauren.vortex.com/archive/000505.html Greetings. We've all heard about nasty items being sneaked into the federal economic stimulus package, now in final negotiations between the House and Senate. What you probably haven't heard is that Senator Feinstein of here in California (who usually has good ideas, but occasionally brings forth legislative aberrations) has apparently tried to slip a provision into the legislation that could open to the door to widespread monitoring of Internet traffic by ISPs. The amendment, seemingly offered without any public debate, would require that the Broadband Technology Opportunities Program (that is, the broadband stimulus portion of the overall stimulus legislation) permit "reasonable network management practices such as deterring unlawful activity, including [c-porn] and copyright infringement." The possibility exists that this amendment will find its way into the final wording of the stimulus package being worked on by the House/ Senate conference committee, which could be finalized by the end of today. You'll note that the term "monitoring" is not included in the very short wording of the amendment. But the term "network management" is a can of worms. If the amendment's sponsors had only wanted to assure that existing mechanisms for DMCA (and other) "take down" notices would be protected, they could have said this explicitly. But content-related "network management" implies active inspection (e.g. DPI - Deep Packet Inspection") of actual Internet traffic at the IP level, then the reporting to authorities of, and/or blocking of, associated "offending" data traffic. It was to be expected that c-porn would be the hook used as the first item to try justify Internet monitoring. But by then moving to copyright infringement and any other "unlawful activity," the camel's nose has come explicitly much farther under the tent toward the possibility of pervasive Internet monitoring. Of course, we know that any such monitoring would likely find itself deeply embroiled in court battles, and readily available encryption foils such techniques as a matter of course. But this amendment, as worded, appears to set a very dangerous precedent. Again, if its sponsors didn't intend to potentially open a Pandora's Box of Internet monitoring, the term "network management" shouldn't have been used in this manner. As other observers have also alerted, this amendment should immediately be withdrawn from any consideration, and defeated in its current form. From rforno at infowarrior.org Fri Feb 13 17:52:38 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Feb 2009 12:52:38 -0500 Subject: [Infowarrior] - Stimulus bill is 1071 pages Message-ID: <11AD3D81-C63B-4FCD-8E66-509B49BAD3A2@infowarrior.org> I have to wonder what other "stimulus" is in this bill ...... and if it gets passed w/o reading it, are we looking at another USA PATRIOT- like outcome? They passed that major bill w/o reading it, too......and under similar air of national emergency!!! --rf Democratic Senator Predicts None of His Colleagues 'Will Have the Chance' to Read Final Stimulus Bill Before Vote Friday, February 13, 2009 By Ryan Byrnes and Edwin Mora (CNSNews.com) ? Sen. Frank Lautenberg (D-N.J.) predicted on Thursday that none of his Senate colleagues would "have the chance" to read the entire final version of the $790-billion stimulus bill before the bill comes up for a final vote in Congress. ?No, I don?t think anyone will have the chance to [read the entire bill],? Lautenberg told CNSNews.com. < - > The final bill, crafted by a House-Senate conference committee, was posted on the Website of the House Appropriations Committe late Thurday in two PDF files. The first PDF was 424 pages long and the second PDF was 575 pages long, making the total bill 999 pages long. The House is expected to vote on this 999-page bill Friday, and the Senate either later Friday or Saturday. [Editor's note: The first PDF, as posted on the House Appropriations Committee website as of 8:20 AM Friday morning, had grown by 72 pages to 496 pages, increasing the length of the total document to 1,071 pages. http://cnsnews.com/public/content/article.aspx?RsrcID=43478 From rforno at infowarrior.org Fri Feb 13 18:20:46 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Feb 2009 13:20:46 -0500 Subject: [Infowarrior] - Pirate Bay trial starts on Monday Message-ID: <6D8908EB-290E-4411-9233-746D61254515@infowarrior.org> Pirate Bay trial starts on Monday Published: 12 Feb 09 16:56 CET Online: http://www.thelocal.se/17554/20090212/ http://www.thelocal.se/17554/20090212/ Operators of The Pirate Bay stand trial on Monday in Stockholm. The four defendants from the popular file-sharing web site are charged with being accessories to breaking copyright law and may face fines or up to two years in prison if found guilty. Hans Fredrik Neij, Gottfrid Svartholm Warg, Peter Sunde and Carl Lundstr?m are accused of 33 cases of alleged copyright infringement. The trial will last 13 days, public prosecutor H?kan Roswall told The Local. As organizers of the site, the defendants are ?promoting other people's infringements of copyright laws," according to charges filed by Roswall in January 2008. Roswall declined to comment on the case while it is still ongoing but when charges were filed he called for the four to pay damages of 1.2 million kronor ($185,000) to the Swedish state. The Pirate Bay is a bittorrent tracker which allows registered users to download files from other members? enabling movies, music, games and software to be downloaded for free. "It's not merely a search engine. It's an active part of an action that aims at, and also leads to, making copyright protected material available," Roswall told Reuters in January 2008. The Pirate Bay argue on their web site that, ?only torrent files are saved at the server. That means no copyrighted and or illegal materials are stored by us. It is therefore not possible to hold the people behind The Pirate Bay responsible for the material that is being spread using the tracker.? Defendant Sunde was defiant when he told Reuters, "it's idiotic. There is no legal ground (for the charges)." Premises connected to The Pirate Bay were first raided in 2006. The complexity of the case led to delays in charges being filed and the case being bought to court. The site is also facing sizable compensation claims from record companies and the Motion Picture Association of the United States. "The record companies can go screw themselves," said Pirate Bay founder Gottfrid Svartholm Warg to The Local on learning of the claims in March 2008. The Pirate Bay is ranked as the 109th most popular web site on the internet by web information company Alexa. The four defendants have run the site since 2004 after it was started in 2003 by the Swedish anti-copyright organization Piratbyr?n. Revenue is made from advertisers as members are not charged to use the site. Stay tuned to The Local for comprehensive coverage of the trial. And brush up on the background to the case with a look through our archived articles on The Pirate Bay. From rforno at infowarrior.org Fri Feb 13 23:03:24 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Feb 2009 18:03:24 -0500 Subject: [Infowarrior] - Apple Says Jailbreaking iPhones Is Illegal, Dammit Message-ID: <11FC06DB-3206-442B-8A5B-A2BC32CE8EC1@infowarrior.org> (I'm really getting more fed up with Apple with each passing week......--rf) Apple Says Jailbreaking iPhones Is Illegal, Dammit For the first time ever, Apple has said publicly that jailbreaking iPhones is illegal. In comments filed with the US copyright office, Apple says that jailbreaking is copyright infringement and a violation of the DMCA. < - > http://i.gizmodo.com/5153101/apple-says-jailbreaking-iphones-is-illegal-dammit From rforno at infowarrior.org Sat Feb 14 00:17:41 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Feb 2009 19:17:41 -0500 Subject: [Infowarrior] - ICANN accepting public comments on Fast-flux Hosting report References: <20090214000425.GB83810@biggins.networkcommand.com> Message-ID: Begin forwarded message: > From: "Jon O." > > I wanted to draw your attention to the "Fast Flux Hosting Initial > Report" on the ICANN site: > http://icann.org/en/public-comment/#ff-initial > > > At the link above, ICANN is accepting public comments on this subject > and I would encourage those of you who have strong views or good ideas > to submit a comment. At the very least, comments from interested > parties/orgs will show that we are concerned and would like some > kind of > action or enhancement to be taken by ICANN to mitigate risk cause by > fast-flux hosting. > > The comment period will be closed 15-FEB-09 (2 days). > > What kind of action could be taken? The relevant section in the ICANN > report is on [Page 9]: > > http://gnso.icann.org/issues/fast-flux-hosting/fast-flux-initial-report- > 26jan09.pdf > What technical (e.g. changes to the way in which DNS updates operate) > and policy (e.g. changes to registry/registrar agreements or rules > governing permissible registrant behavior) measures could be > implemented > by registries and registrars to mitigate the negative effects of fast > flux? > > The WG wishes to emphasize that fast flux needs better definition and > more research. The ideas are presented here as a draft, to record > incremental progress. The solutions fall into two categories based on > the type of involvement expected of ICANN and its contracted or > accredited parties (gTLD registries and registrars): those that would > require only the availability of additional or more accurate > information, which could be used (or not used) by other parties > engaged > in anti-fraud and related activities as they saw fit (information > gathering); and those that would require or at least benefit from some > degree of active participation by ICANN and/or registries and > registrars > to identify and deter fraudulent or other "malicious" behavior (active > engagement). > > - Information Gathering - information sharing proposals discussed > included the following ideas: > > o Make additional non-private information about registered domains > available through DNS based queries; > > o Publish summaries of unique complaint volumes by registrar, by TLD > and > by name server; > > o Encourage ISPs to instrument their own networks; > > o Cooperative, community initiatives designed to facilitate data > sharing > and the identification of problematic domain names. > > - Active Engagement - ideas for active engagement that were discussed > included: > > o Adopt accelerated domain suspension processing in collaboration with > certified investigators / responders; > > o Establish guidelines for the use of specific techniques such as very > low TTL values; > > o Identify name servers as static or dynamic in domain registrations > by > the registrant; > > o Charge a nominal fee for changes to static name server IP addresses; > > o Allow the Internet community to mitigate fast-flux hosting in a way > similar to how it addresses other abuses; > > o Stronger registrant verification procedures > From rforno at infowarrior.org Sat Feb 14 15:41:43 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 14 Feb 2009 10:41:43 -0500 Subject: [Infowarrior] - Blackwater rebrands itself Message-ID: Blackwater is now Xe. Just Xe. Blackwater rebrands itself http://www.newsobserver.com/917/v-print/story/1405570.html The era of Blackwater is over. The Eastern North Carolina-based private security company had exemplified the problems of using private soldiers in combat zones. Now, after losing its contract to guard U.S. diplomats in Iraq, it is changing its name. Company officials announced Friday that the group of businesses formerly called Blackwater Worldwide will now be known as "Xe," pronounced like the letter Z. The company provided no information on how it chose the name. The attempt to rebrand itself comes as six former employees face manslaughter charges for a shooting that killed 17 civilians in Baghdad. The company has also faced intense scrutiny since four of its employees were massacred and two of them hung from a bridge in Fallujah in 2004. In January, the Iraqi government denied Blackwater a license to operate there, and its workers are expected to leave the country this spring. Company spokeswoman Anne Tyrrell said the new name reflects a new focus. After earning more than $1 billion in federal contracts from the Bush administration, mostly for providing security to U.S. diplomats in Iraq, she said the company will no longer pursue new security contracts. She said it will now work mostly on training law enforcement officers and military troops in such areas as weapons handling and hostage rescue. "This company will continue to provide personnel protective services for high-threat environments when needed by the U.S. government," Blackwater president Gary Jackson said in a memo to employees, "but its primary mission will be operating our training facilities around the world, including the flagship campus in North Carolina." The company runs what is believed to be the world's largest privately owned firearms training facility. Its headquarters is in the northeastern North Carolina town of Moyock, and it has smaller sites in Illinois and San Diego. Aside from its Iraq work, the company also guards U.S. diplomats in Afghanistan. However, some members of Congress -- including Sen. John Kerry, chairman of the Senate Foreign Relations Committee -- have called for the company to be fired. Blackwater's chief executive, Erik Prince, a former Navy SEAL, founded the company in 1997 in a remote, swampy area of the state. It operated in relative obscurity until the Fallujah massacre in 2004. Images of the ambush were flashed around the world after a mob dragged the bodies of the contractors through the streets and hung two charred corpses from a bridge. The incident set off a battle that left 36 U.S. military members and 600 Iraqi civilians dead. A congressional inquiry found that the for- profit company used unarmored vehicles to save money and cut essential personnel from the mission. 'So corrupt' Kathryn Helvenston-Wettengel, whose son Scott Helvenston was one of the Blackwater employees killed in the massacre, said Friday that the name change made sense. "I'm not surprised at all," she said "They've become so corrupt, I don't think they could get a contract under Blackwater's name. So, good luck." Hers is among four families suing Blackwater, alleging that the company failed to provide armored vehicles, machine guns, proper maps or the full complement of six guards outlined in the company's contract. In addition to that incident, Blackwater has been involved in nearly 200 shooting incidents in Iraq. In 2007, company contractors were accused of killing 17 innocent civilians in Baghdad. Six former employees have been charged with manslaughter. Iraqi officials said that record of violence was behind their decision last month to deny Blackwater's permit. Tyrrell, the company spokeswoman, said the name change has been part of a gradual process of redefining the company. "Of course, the past is a factor in all decisions made by the company," she said. "We're changing the name because we're taking the company to a place where we think it is no longer described by the name Blackwater." (Staff writer Jay Price contributed to this report.) kristin.collins at newsobserver.com or 919-829-4881 Comics, crosswords and coupons... only in The N&O print edition. Subscribe Now! Staff writer Jay Price contributed to this report. SOME MEANINGS OF XE * The symbol for the element Xenon, a colorless, odorless gas * XE.com, a currency and foreign exchange rate Web site * X-Entertainment, a pop culture Web site for Generation X * Chi Epsilon, a civil engineering honor society * A gender-neutral pronoun invented to avoid sexism in language XE, MEET XE Steven Dengler, CEO of XE, the Canadian-based currency exchange services company, said Friday that he was surprised at Blackwater's choice of name. His company's Web site, XE.com, is one of the most popular destinations on the Web. On any given day, it's usually ranked between No. 250 and No. 380 for traffic, he said. "Why on earth they'd want to name themselves the same thing as such a well-established brand, I don't know," Dengler said. "We just think they made a bad mistake." He paused to speak while adding a line to his company's Wikipedia entry saying that it had no relationship with the company once known as Blackwater. The currency exchange XE's lawyers were still looking into the issue, but Dengler said that at first blush the change seemed unlikely to have any serious effect on his XE, and the Moyock firm doesn't appear to be engaged in any of the same lines of work. "We have our trademark registered all over the world, but we certainly don't have anything registered under 'mercenary army,' " he said. -- JAY PRICE From rforno at infowarrior.org Sat Feb 14 15:47:24 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 14 Feb 2009 10:47:24 -0500 Subject: [Infowarrior] - EFF: Legal Guide for Bloggers Message-ID: Legal Guide for Bloggers http://www.eff.org/issues/bloggers/legal From rforno at infowarrior.org Sun Feb 15 15:24:02 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 15 Feb 2009 10:24:02 -0500 Subject: [Infowarrior] - YouTube: Free Downloads of College Lectures Message-ID: <9A5D48DF-6EA9-47C5-A900-35D2ECC88EA9@infowarrior.org> New From YouTube: Free Downloads of College Lectures http://chronicle.com/wiredcampus/article/3615/new-from-youtube-free-downloads-of-college-lectures YouTube began testing a new feature that lets users download videos posted to the site from partner institutions ? including colleges ? rather than just watching the videos in a streaming format. That means people can grab lectures from Duke and Stanford Universities and several institutions in the University of California system to watch any time, with or without an Internet connection. YouTube partners have the option of charging users for such downloads, but all the universities have offered to make their lecture videos free instead, using Creative Commons licenses that restrict usage to non-commercial purposes and prohibit derivative work. Some universities already allow users to download lectures through campus Web sites or through Apple?s iTunesU using Creative Commons licenses. But Obadiah Greenberg, a strategic-partner manager at YouTube, said in an interview this week that the site?s new feature would allow an even larger audience to take advantage of such content. Scott Stocker, director of Web communications for Stanford, said the university had made audio and video content available for download through Apple?s iTunesU since 2007. But Mr. Stocker said that iTunesU and YouTube attract different audiences: Users of iTunesU generally search out content to download to their devices, while YouTube users stumble upon content through videos embedded on blogs or links shared among friends. Mr. Stocker said Stanford had no plans to charge money for its video downloads, since the university sees giving away lectures as part of its educational mission. Other YouTube partners participating in the test include a weekly Web show hosted by Dan Brown of Lincoln, Neb., and Khan Academy, a non- profit organization that offers video lectures on subjects like physics and finance for 99 cents per download. ?David Shieh From rforno at infowarrior.org Sun Feb 15 21:51:21 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 15 Feb 2009 16:51:21 -0500 Subject: [Infowarrior] - PBS Frontline: Inside the Meltdown Message-ID: press release FRONTLINE INVESTIGATES HOW THE ECONOMY WENT SO BAD SO FAST FRONTLINE Presents Inside the Meltdown Tuesday, February 17, 2009, at 9 P.M. ET on PBS www.pbs.org/frontline/meltdown On Thursday, Sept. 18, 2008, the astonished leadership of the U.S. Congress was told in a private session by the chairman of the Federal Reserve that the American economy was in grave danger of a complete meltdown within a matter of days. ?There was literally a pause in that room where the oxygen left,? says Sen. Christopher Dodd (D-Conn.). FRONTLINE producer Michael Kirk goes behind closed doors in Washington and on Wall Street to investigate how the economy went so bad so fast and why emergency actions by Federal Reserve Chairman Ben Bernanke and Secretary of the Treasury Henry Paulson failed to prevent the worst economic crisis in a generation on Inside the Meltdown, airing Tuesday, Feb. 17, 2009, at 9 P.M. ET on PBS (check local listings). As the housing bubble burst and trillions of dollars? worth of toxic mortgages began to go bad in 2007, fear spread through the massive firms that form the heart of Wall Street. By the spring of 2008, burdened by billions of dollars of bad mortgages, the investment bank Bear Stearns was the subject of rumors that it would soon fail. ?Rumors are such that they can just plain put you out of business,? Bear Stearns? former CEO Alan ?Ace? Greenberg tells FRONTLINE. The company?s stock had dropped from $171 to $57 a share, and it was hours from declaring bankruptcy. Ben Bernanke acted. ?It was clear that this had to be contained. There was no doubt in his mind,? says Bernanke?s colleague economist Mark Gertler. Bernanke, a former economics professor from Princeton, specialized in studying the Great Depression. ?He more than anybody else appreciated what would happen if it got out of control,? Gertler explains. To stabilize the markets, Bernanke engineered a shotgun marriage between Bear Sterns and the commercial bank JPMorgan, with a promise that the federal government would use $30 billion to cover Bear Stearns? questionable assets tied to toxic mortgages. It was an unprecedented effort to stop the contagion of fear that seemed to be threatening the rest of Wall Street. While publicly supportive of the deal, Secretary Paulson, a former Wall Street executive with Goldman Sachs, was uncomfortable with government interference in the markets. That summer, he issued a warning to his former colleagues not to expect future government bailouts, saying he was concerned about a legal concept known as moral hazard. Within months, however, Paulson would witness the virtual collapse of the giant mortgage companies Fannie Mae and Freddie Mac and preside over their takeover by the federal government. The episode sent shockwaves through the economy as confidence in Wall Street began to evaporate. Within days, in September 2008, another investment bank, Lehman Brothers, was on the brink of collapse. Once again, there were calls for Bernanke and Paulson to bail out the Wall Street giant. But Paulson was under intense political pressure from conservative Republicans in Washington to invoke moral hazard and let the company fail. ?You had a conservative secretary of the Treasury and conservative administration. There was right-wing criticism over Bear Stearns,? says Congressman Barney Frank (D-Mass.), chairman of the House Financial Services Committee. Paulson pushed Lehman?s CEO Dick Fuld to find a buyer for his ailing company. But no company would buy Lehman unless the government offered a deal similar to the one Bear Stearns had received. Paulson refused, and Lehman Brothers declared bankruptcy. FRONTLINE then chronicles the disaster that followed. Within 24 hours, the stock market crashed, and credit markets around the world froze. ?We?re no longer talking about mortgages,? says economist Gertler. ?We?re talking about car loans, loans to small businesses, commercial paper borrowing by large banks. This is like a disease spreading.? ?I think that the secretary of the Treasury could not fully comprehend what that linkage was and the extent to which this would materialize into problems,? says former Lehman board member Henry Kaufman. Paulson was thunderstruck. ?This is the utter nightmare of an economic policy-maker,? Nobel Prize-winning economist Paul Krugman tells FRONTLINE. ?You may have just made the decision that destroyed the world. Absolutely terrifying moment.? In response, Paulson and Bernanke would propose?and Congress would eventually pass?a $700 billion bailout plan. FRONTLINE goes inside the deliberations surrounding the passage of the legislation and examines its unsuccessful implementation. ?Many Americans still don?t understand what has happened to the economy,? FRONTLINE producer/director Michael Kirk says. ?How did it all go so bad so quickly? Who is responsible? How effective has the response from Washington and Wall Street been? Those are the questions at the heart of Inside the Meltdown.? Inside the Meltdown is a FRONTLINE co-production with Kirk Documentary Group, Ltd. The writer, producer and director is Michael Kirk. The producer and reporter is Jim Gilmore. FRONTLINE is produced by WGBH Boston and is broadcast nationwide on PBS. Funding for FRONTLINE is provided through the support of PBS viewers. Major funding for FRONTLINE is provided by The John D. and Catherine T. MacArthur Foundation. Additional funding is provided by the Park Foundation. FRONTLINE is closed-captioned for deaf and hard-of-hearing viewers and described for people who are blind or visually impaired by the Media Access Group at WGBH. FRONTLINE is a registered trademark of WGBH Educational Foundation. The executive producer of FRONTLINE is David Fanning. pbs.org/pressroom Promotional photography can be downloaded from the PBS pressroom. Press contacts Diane Buxton (617) 300-5375 diane_buxton at wgbh.org Alissa Rooney (617) 300-5314 alissa_rooney at wgbh.org From rforno at infowarrior.org Sun Feb 15 21:19:13 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 15 Feb 2009 16:19:13 -0500 Subject: [Infowarrior] - Growing up in a risk averse society Message-ID: <88CAA74D-1156-44BF-9BFD-0ECFAE06C273@infowarrior.org> Growing up in a risk averse society Tim Gill 2007 ?8.50 + p&p 96 pp Col illus ISBN 978 1 903080 08 5 Buy from Central Books Buy in Aus/NZ Free PDF of the Summary Free PDF of the Book (2.6 MB) Free PDF of the Book (text only) http://www.gulbenkian.org.uk/publications/education/no-fear No Fear joins the increasingly vigorous debate about the role and nature of childhood in the UK. Over the past 30 years activities that previous generations of children enjoyed without a second thought have been relabelled as troubling or dangerous, and the adults who permit them branded as irresponsible. No Fear argues that childhood is being undermined by the growth of risk aversion and its intrusion into every aspect of children?s lives. This restricts children?s play, limits their freedom of movement, corrodes their relationships with adults and constrains their exploration of physical, social and virtual worlds. Focusing on the crucial years of childhood between the ages of 5 and 11 ? from the start of statutory schooling to the onset of adolescence ? No Fear examines some of the key issues with regard to children?s safety: playground design and legislation, antisocial behaviour, bullying, child protection, the fear of strangers and online risks. It offers insights into the roles of parents, teachers, carers, the media, safety agencies and the Government and exposes the contradictions inherent in current attitudes and policies, revealing how risk averse behaviour ironically can damage and endanger children?s lives. In conclusion, No Fear advocates a philosophy of resilience that will help counter risk aversion and strike a better balance between protecting children from genuine threats and giving them rich, challenging opportunities through which to learn and grow. Tim Gill is one of the UK?s leading writers and thinkers on childhood. His work focuses on children?s play and free time. He appears regularly on national TV and radio and has written for The Guardian and The Independent, as well as parenting and trade magazines and academic journals. He was Director of the Children?s Play Council from 1997?2004 and, in 2002, was seconded to Whitehall to lead the first ever Government-sponsored review of children?s play. From rforno at infowarrior.org Sun Feb 15 21:09:47 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 15 Feb 2009 16:09:47 -0500 Subject: [Infowarrior] - The Coming Swarm Message-ID: The Coming Swarm By JOHN ARQUILLA Published: February 14, 2009 http://www.nytimes.com/2009/02/15/opinion/15arquilla.html WITH three Afghan government ministries in Kabul hit by simultaneous suicide attacks this week, by a total of just eight terrorists, it seems that a new ?Mumbai model? of swarming, smaller-scale terrorist violence is emerging. The basic concept is that hitting several targets at once, even with just a few fighters at each site, can cause fits for elite counterterrorist forces that are often manpower-heavy, far away and organized to deal with only one crisis at a time. This approach certainly worked in Mumbai, India, last November, where five two-man teams of Lashkar-e-Taiba operatives held the city hostage for two days, killing 179 people. The Indian security forces, many of which had to be flown in from New Delhi, simply had little ability to strike back at more than one site at a time. While it?s true that the assaults in Kabul seem to be echoes of Mumbai, the fact is that Al Qaeda and its affiliates have been using these sorts of swarm tactics for several years. Jemaah Islamiyah ? the group responsible for the Bali nightclub attack that killed 202 people in 2002 ? mounted simultaneous attacks on 16 Christian churches in Indonesia on Christmas Eve in 2000, befuddling security forces. Even 9/11 itself had swarm-like characteristics, as four small teams of Qaeda operatives simultaneously seized commercial aircraft and turned them into missiles, flummoxing all our defensive responses. In the years since, Al Qaeda has coordinated swarm attacks in Saudi Arabia, Tunisia, Turkey, Yemen and elsewhere. And at the height of the insurgency in Iraq, terrorists repeatedly used swarms on targets as small as truck convoys and as large as whole cities. This pattern suggests that Americans should brace for a coming swarm. Right now, most of our cities would be as hard-pressed as Mumbai was to deal with several simultaneous attacks. Our elite federal and military counterterrorist units would most likely find their responses slowed, to varying degrees, by distance and the need to clarify jurisdiction. While the specifics of the federal counterterrorism strategy are classified, what is in the public record indicates that the plan contemplates having to deal with as many as three sites being simultaneously hit and using ?overwhelming force? against the terrorists, which probably means mustering as many as 3,000 ground troops to the site. If that?s an accurate picture, it doesn?t bode well. We would most likely have far too few such elite units for dealing with a large number of small terrorist teams carrying out simultaneous attacks across a region or even a single city. Nightmare possibilities include synchronized assaults on several shopping malls, high-rise office buildings or other places that have lots of people and relatively few exits. Another option would be to set loose half a dozen two-man sniper teams in some metropolitan area ? you only have to recall the havoc caused by the Washington sniper in 2002 to imagine how huge a panic a slightly larger version of that form of terrorism would cause. So how are swarms to be countered? The simplest way is to create many more units able to respond to simultaneous, small-scale attacks and spread them around the country. This means jettisoning the idea of overwhelming force in favor of small units that are not ?elite? but rather ?good enough? to tangle with terrorist teams. In dealing with swarms, economizing on force is essential. We?ve actually had a good test case in Iraq over the past two years. Instead of responding to insurgent attacks by sending out large numbers of troops from distant operating bases, the military strategy is now based on hundreds of smaller outposts in which 40 or 50 American troops are permanently stationed and prepared to act swiftly against attackers. Indeed, their very presence in Iraqi communities is a big deterrent. It?s small surprise that overall violence across Iraq has dropped by about 80 percent in that period. For the defense of American cities against terrorist swarms, the key would be to use local police officers as the first line of defense instead of relying on the military. The first step would be to create lots of small counterterrorism posts throughout urban areas instead of keeping police officers in large, centralized precinct houses. This is consistent with existing notions of community-based policing, and could even include an element of outreach to residents similar to that undertaken in the Sunni areas of Iraq ? even if it were to mean taking the paradoxical turn of negotiating with gangs about security. At the federal level, we should stop thinking in terms of moving thousands of troops across the country and instead distribute small response units far more widely. Cities, states and Washington should work out clear rules in advance for using military forces in a counterterrorist role, to avoid any bickering or delay during a crisis. Reserve and National Guard units should train and field many more units able to take on small teams of terrorist gunmen and bombers. Think of them as latter-day Minutemen. Saudi Arabia, Tunisia, Turkey and Yemen all responded to Qaeda attacks with similar ?packetizing? initiatives involving the police and armed forces; and while that hasn?t eliminated swarm attacks, the terrorists have been far less effective and many lives have been saved. As for Afghanistan, where the swarm has just arrived, there is still time to realize the merits of forming lots of small units and sprinkling them about in a countrywide network of outposts. As President Obama looks to send more troops to that war, let?s make sure the Pentagon does it the right way. Yes, the swarm will be heading our way, too. We need to get smaller, closer and quicker. The sooner the better. John Arquilla teaches in the special operations program at the Naval Postgraduate School and is the author of ?Worst Enemy: The Reluctant Transformation of the American Military.? From rforno at infowarrior.org Sun Feb 15 20:36:43 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 15 Feb 2009 15:36:43 -0500 Subject: [Infowarrior] - FBI turns to fraud after focus on terror Message-ID: FBI turns to fraud after focus on terror AFP Published: Saturday February 14, 2009 http://rawstory.com/news/afp/FBI_turns_to_fraud_after_focus_on_t_02142009.html With the economic crisis unrelenting, the United States is stepping up its fight against white collar crime, which has been trumped by the fight on terror. "Let's give our law enforcement agencies the tools and resources they need, said Senator Patrick Leahy, Chairman of the Senate Judiciary Committee, at a a hearing Wednesday. "All the ordinary Americans who have suffered the brunt of this (economic crisis) want to know that we're doing everything possible" to combat white collar crime, he added. In the most sensational case of its kind in years, former Nasdaq stock exchange chairman Bernard Madoff was arrested in early December after allegedly confessing to his two sons and to the FBI that he had run a 50-billion-dollar pyramid fraud known as a Ponzi scheme. Investors caught in Madoff's alleged fraud include Hollywood celebrities, charities, universities, and major financial institutions including UBS, HSBC, JP Morgan Chase, BNP Paribas and Citigroup. Over the past few years, the FBI has been steadily beefing up its teams fighting white collar crime -- fraud and corruption that has had disastrous consequences for families and the balance of the financial system. "After 9/11, we moved almost 2,000 criminal investigative resources over to national security matters, particularly counter-terrorism," FBI Deputy Director John Pistole told Leahy's committee. "We have been gradually moving those back. And have done that in terms of priority areas, such as this mortgage fraud and the corporate fraud area which is potentially as significant in terms of long-term complex investigations." But since 2005, investigations by the federal law enforcement agency on real estate fraud has almost tripled, from 721 cases in 2005 to 1,800 cases currently being investigated, according to Pistole. "And of course, we expect an upward trend to continue," he warned. Corporate fraud and corruption cases number 530, 38 of which are directly tied to the mortgage industry, such as US mortgage finance giants Fannie Mae and Freddie Mac. A surge in foreclosures took place following the collapse of the housing market in 2006 and the related subprime mortgage crisis that triggered the financial crisis in August 2007. Leahy, a Democrat, has introduced legislation with Republican Senator Charles Grassley and Democratic Senator Ted Kaufman to assist the federal government in investigating and prosecuting financial fraud. "I want to make sure that we're able to go after them. And I want to make sure that we can recover whatever assets we can. But I want to see people prosecuted," Leahy said. But the challenge is mostly tied to available resources -- in terms of staff and finances -- with financial investigations as complex as those involving organized crime or drug trafficking. "The primary near-term security concern of the United States is the global economic crisis and its geopolitical implications," National Intelligence Director Dennis Blair told a Senate panel Thursday. In the aftermath of the September 11, 2001 attacks, terrorism had been cited as the top US security concern. The FBI now has 240 agents assigned to mortgage fraud and related investigations, with over 100 more agents working on corporate fraud matters, Pistole said. The agency also sponsors 55 mortgage fraud task forces or working groups across the country. But some lawmakers expressed concern that more still needs to be done to address the rising problem of mortgage and corporate fraud. "Mr Pistole, clearly, you don't have enough FBI agents," Kaufman said. "Now, we've done a scrub of all our criminal investigative resources," Pistole acknowledged. Between 1986 and 1995, during the savings and loans crisis, the FBI assigned some 1,000 agents, in addition to financial and other analysts, through a series of 27 strike forces across the United States, Pistole said. Dozens of federal prosecutors were also engaged in legal proceedings. From rforno at infowarrior.org Sun Feb 15 20:25:39 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 15 Feb 2009 15:25:39 -0500 Subject: [Infowarrior] - The Arrival of the Internet to Israel: The Local Diffusion of a Global Technology Message-ID: <48CC62E1-1ADE-4419-88E4-F88F181F89AF@infowarrior.org> The Arrival of the Internet to Israel: The Local Diffusion of a Global Technology http://www.sociothink.com/ Abstract: http://www.sociothink.com/abstract.html Full PDF: http://www.sociothink.com/ This subject matter of this study is the first decade of Internet connectivity in Israel. This study looks into the infrastructure, the physicality, the bureaucracy, and institutional aspects of the Internet. It is about the struggles between the various actors involved in bringing the Internet to Israel and other relevant actors, and decisions that were made by the state and non-governmental organizations, such as the Inter-University Computing Center, as part of that process. It is not about the things that people were doing with the Internet, or the meanings that the general public attributed to it. Rather, it focuses on the nitty-gritty of the arrival of the Internet to Israel and its diffusion around the country: which connections were made? When? What problems were involved? It also investigates the social, political, and cultural background against which the Internet can be seen to be spreading throughout the country: what kind of regime did Israel have in the mid-80s? And in the mid-90s? How might these changes be related to the introduction of the Internet-not in the sense that one caused the other, but in terms of the broader processes of change that characterized Israel during those years, such as globalization and liberalization? This study focuses on the technology of the Internet: on the cables and wires that carry the Internet around the world; on the legal and administrative processes that are called into play as the Internet reaches a new country. Thus, while not driven by a new social phenomenon such as Internet dating or the uses of social networking sites, this study nonetheless sheds light on the social contexts in which the processes described in the course of this dissertation are embedded. By not taking the technology for granted, this study shows that the infrastructure behind the Internet is also a social phenomenon with a political economy, no less than the social and cultural forms that are based on that infrastructure. < - > From rforno at infowarrior.org Sun Feb 15 20:33:23 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 15 Feb 2009 15:33:23 -0500 Subject: [Infowarrior] - Google Calendar suffers data 'leak' Message-ID: <0E9F8434-043F-490F-8588-7099FC031169@infowarrior.org> Google Calendar suffers data 'leak' The Yomiuri Shimbun http://www.yomiuri.co.jp/dy/national/20090215TDY02303.htm Some users of Google Calendar, a personal schedule management service on the Internet run by Google Inc., have mistakenly disclosed more than 1,500 items of personal information, it has been learned. The Yomiuri Shimbun has confirmed that anyone was able to view the personal schedule data in question, which was posted on nine user calendars. Earlier this month, Google stopped the public calendar search function of the service, which enabled users to search other users' calendars, without providing users in Japan with an explanation. Even now, however, the calendars of users can be viewed by other users if they know the relevant calendar address. The free calendar service can be accessed by personal computer or cell phone just by typing in a user ID. The calendar can be used as a personal memorandum or by a group of specified users. On the initial settings page, the options for sharing the information with selected users and making all information public are close to each other. Some users have been confused about the difference between the two options, with some mistakenly thinking they have to check both boxes to be able to use the calendar on more than one device or to share the calendar with friends. However, once a user has chosen "Share all information on this calendar," it makes his or her calendar available to all users. A 39-year-old surgeon who works at a hospital in Tokushima Prefecture mistakenly disclosed on his personalized Google Calendar from April last year about 150 items of information, including the names of patients and their conditions. In one case, the information contained a patient's name and indicated that the patient had been operated on to fit a colostomy bag. The hospital explained that the surgeon probably was not aware the calendar was viewable to other users because he thought it was personalized. Apparently the hospital has yet to decide how to explain the information leak to patients. A lawyer in his 30s unwittingly disclosed his schedule, which included the names of clients, appointment dates and court schedules. Some of the disclosed data was sufficient to identify the individuals involved. "I meant to share the calendar only within our office," said the lawyer, who works at a law firm in the Tohoku region. "Putting information up on the Net is dangerous." Other cases include a company in Kyushu that unwittingly disclosed the date it was going to pay out bonuses, and a nail salon in Tokyo that unintentionally revealed a record of internal memos, including what to do with fees when customers expressed dissatisfaction with their service. "We don't have any information on specific personal information leaks," Yoshito Funabashi, the public relations department director of Google Japan, said after the company removed the public calendar search function. While a brief notice appeared on Google's English-language site, the company has not explained to Japanese users why the change was made. Since the calendars are still viewable by typing in the relevant addresses, users who mistakenly set up their calendars to be shared with other users are still at risk of disclosing personal information. Funabashi described the removal of the public calendar search function as "an improvement to enhance convenience." Only last year, Google had problems with its map information service, Google Maps, when maps of schoolchildren's homes made for teachers using the service were mistakenly made accessible to other users of the Internet service, revealing private information about the children and their homes. (Feb. 15, 2009) From rforno at infowarrior.org Mon Feb 16 14:52:23 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 16 Feb 2009 09:52:23 -0500 Subject: [Infowarrior] - Facebook's new ToS Message-ID: <201872F8-411B-4478-8C8C-D84ED49D8758@infowarrior.org> Facebook's New Terms Of Service: "We Can Do Anything We Want With Your Content. Forever." By Chris Walters, 6:14 PM on Sun Feb 15 2009, 82,243 views Facebook's terms of service (TOS) used to say that when you closed an account on their network, any rights they claimed to the original content you uploaded would expire. Not anymore. Now, anything you upload to Facebook can be used by Facebook in any way they deem fit, forever, no matter what you do later. Want to close your account? Good for you, but Facebook still has the right to do whatever it wants with your old content. They can even sublicense it if they want. < - > http://consumerist.com/5150175/facebooks-new-terms-of-service-we-can-do-anything-we-want-with-your-content-forever From rforno at infowarrior.org Mon Feb 16 14:54:30 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 16 Feb 2009 09:54:30 -0500 Subject: [Infowarrior] - NZ "Internet Blackout" protest Message-ID: <622145CD-6050-4174-82C1-F8152F3708F2@infowarrior.org> Copyright infringement is wrong, but should people, schools, and hospitals have their internet connections and websites cut off due to accusations of copyright infringement? - This is what all this protest is about - New Zealand now have arguably the world's most harshest copyright enforcement law in history - Sections 92A and C of the amended Copyright Act which establish a guilt upon accusation principle < - > http://www.neowin.net/news/main/09/02/16/new-zealand-internet-blackout-protest-against-copyright-law From rforno at infowarrior.org Mon Feb 16 20:22:27 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 16 Feb 2009 15:22:27 -0500 Subject: [Infowarrior] - Security Assessment of TCP protocol Message-ID: (c/o DR) The United Kingdom's Centre for the Protection of National Infrastructure has just released the document "Security Assessment of the Transmission Control Protocol (TCP)", on which I have had the pleasure to work during the last few years. The motivation to produce this document is explained in the Preface of the document as follows: - ---- cut here ---- The TCP/IP protocol suite was conceived in an environment that was quite different from the hostile environment they currently operate in. However, the effectiveness of the protocols led to their early adoption in production environments, to the point that to some extent, the current world?s economy depends on them. While many textbooks and articles have created the myth that the Internet protocols were designed for warfare environments, the top level goal for the DARPA Internet Program was the sharing of large service machines on the ARPANET. As a result, many protocol specifications focus only on the operational aspects of the protocols they specify, and overlook their security implications. While the Internet technology evolved since it early inception, the Internet?s building blocks are basically the same core protocols adopted by the ARPANET more than two decades ago. During the last twenty years, many vulnerabilities have been identified in the TCP/IP stacks of a number of systems. Some of them were based on flaws in some protocol implementations, affecting only a reduced number of systems, while others were based in flaws in the protocols themselves, affecting virtually every existing implementation. Even in the last couple of years, researchers were still working on security problems in the core protocols. The discovery of vulnerabilities in the TCP/IP protocol suite usually led to reports being published by a number of CSIRTs (Computer Security Incident Response Teams) and vendors, which helped to raise awareness about the threats and the best mitigations known at the time the reports were published. Unfortunately, this also led to the documentation of the discovered protocol vulnerabilities being spread among a large number of documents, which are sometimes difficult to identify. For some reason, much of the effort of the security community on the Internet protocols did not result in official documents (RFCs) being issued by the IETF (Internet Engineering Task Force). This basically led to a situation in which ?known? security problems have not always been addressed by all vendors. In addition, in many cases vendors have implemented quick ?fixes? to the identified vulnerabilities without a careful analysis of their effectiveness and their impact on interoperability. Producing a secure TCP/IP implementation nowadays is a very difficult task, in part because of the lack of a single document that serves as a security roadmap for the protocols. Implementers are faced with the hard task of identifying relevant documentation and differentiating between that which provides correct advice, and that which provides misleading advice based on inaccurate or wrong assumptions. There is a clear need for a companion document to the IETF specifications that discusses the security aspects and implications of the protocols, identifies the existing vulnerabilities, discusses the possible countermeasures, and analyses their respective effectiveness. This document is the result of a security assessment of the IETF specifications of the Transmission Control Protocol (TCP), from a security point of view. Possible threats are identified and, where possible, countermeasures are proposed. Additionally, many implementation flaws that have led to security vulnerabilities have been referenced in the hope that future implementations will not incur the same problems. This document does not aim to be the final word on the security aspects of TCP. On the contrary, it aims to raise awareness about a number of TCP vulnerabilities that have been faced in the past, those that are currently being faced, and some of those that we may still have to deal with in the future. Feedback from the community is more than encouraged to help this document be as accurate as possible and to keep it updated as new vulnerabilities are discovered. - ---- cut here ---- The document is available at CPNI's web site: http://www.cpni.gov.uk/Products/technicalnotes/Feb-09-security-assessment-TCP.aspx From rforno at infowarrior.org Mon Feb 16 21:10:11 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 16 Feb 2009 16:10:11 -0500 Subject: [Infowarrior] - As Data Collecting Grows, Privacy Erodes Message-ID: As Data Collecting Grows, Privacy Erodes NOAM COHEN Published: Monday, February 16, 2009 at 5:24 a.m. Last Modified: Monday, February 16, 2009 at 5:24 a.m. http://www.heraldtribune.com/article/20090216/ZNYT05/902163009/2193/SPORTS?Title=As_Data_Collecting_Grows__Privacy_Erodes THERE are plenty of people who can muster outrage at Alex Rodriguez, the Yankees third baseman who is the latest example of win-at-any-cost athletes. But I?d prefer to see him as at the cutting edge of another scourge ? the growing encroachment on privacy. The way Mr. Rodriguez?s positive steroid test result became public followed a path increasingly common in the computer age: third-party data collection. We are typically told that personal information is anonymously tracked for one reason ? usually something abstract like making search results more accurate, recommending book titles or speeding traffic through the toll booths on the thruways. But it is then quickly converted into something traceable to an individual, and potentially life-changing. In Mr. Rodriguez?s case, he participated in a 2003 survey of steroid use among Major League Baseball players. No names were to be revealed. Instead, the results were supposed to be used in aggregation ? to determine if more than 5 percent of players were cheating ? and the samples were then to be destroyed. It is odd that most of the news coverage described the tests as ?anonymous.? If the tests were truly anonymous, of course, Mr. Rodriguez would still be thought of as a clean player ? as he long had insisted he was. But when federal prosecutors came calling, as part of a steroid distribution case, it turned out that the ?anonymous? samples suddenly had clear labels on them. As a friend put it in an e-mail message: ?Privacy is serious. It is serious the moment the data gets collected, not the moment it is released.? ? To Jonathan Zittrain, a professor of Internet law at Harvard, there is an obvious explanation for this kind of repurposing of information ? there is so much information out there. Supply creates demand, he argues. ?This is a broader truth about the law,? he writes in an e-mail message. ?There are often no requirements to keep records, but if they?re kept, they?re fair game for a subpoena.? And we are presented with what Professor Zittrain calls the ?deadbeat dad? problem. There are government investigators, divorcing spouses, even journalists, who have found creative ways to exploit the material. ?So many databases,? he writes, ?as simple as highway toll collection records or postal service address changes, lend themselves to other uses, such as finding parents behind on their child support payments.? Perhaps a more direct explanation is that data collection is part of what Cindy Cohn, the legal director of the Electronic Frontier Foundation, calls ?the surveillance business model.? That is, there is money to be made from knowing your customers well ? with a depth unimaginable before Internet cookies allowed companies to track obsessively online behavior. ?We took whatever was done offline and put it on steroids,? she said, perhaps with the Rodriguez case in the back of her mind. ?It requires compliance with the kind of promises that comes with this kind of data collection.? The foundation argues that online service providers ? social networks, search engines, blogs and the like ? should voluntarily destroy what they collect, to avoid the kind of legal controversies the baseball players? union is now facing. The union is being criticized for failing to act during what apparently was a brief window to destroy the 2003 urine samples before the federal prosecutors claimed them. ?You don?t want to know that stuff,? she says, speaking of the ordinary blogger collecting data on every commenter. ?You don?t want to get a subpoena. For ordinary Web sites it is a cost to collect all this data.? The digital format makes it easy to cling to material that normally would be disposed of or would disintegrate. Storage is cheap and practically limitless. And Ms. Cohn says of the people who dominate the Internet, ?the people who design software, in my experience, tend to be pack rats.? Journalists are sometimes advised to destroy their notes every few months so that they can?t be used in a lawsuit. Yet, somehow you want those notes ? you see only how they could set you free, or lead you back to a new story, not prove your guilt. Even though Google is most frequently viewed as the most worrisome collector of personal data ? the mail you send, the documents you write, the books you read ? Ms. Cohn said, ?I have a higher confidence that Google will do what it says ? because Google has lots of people watching them ? than other, smaller sites.? As a legal director, she focuses on holding organizations responsible for their promises to customers. The foundation is suing AT&T for cooperating with the government?s surveillance of telephone calls ? ?they broke their promises to their customers ? ?we are going to route your phone calls, not be an agent of the state.? ? In an online opinion column for The New York Times, Doug Glanville, a former teammate of Mr. Rodriguez who was part of the steroid survey, begins by writing that ?there was one clear moment when I wanted to be treated like a number.? It was, he said, ?the day in 2003 that I went in for a drug test as a member of the Texas Rangers.? I?m here to tell him that being treated as a number may be cruel comfort. On the Internet, he can be tracked by investigators quite content to think of him as a number: they call it his IP address. All rights reserved. This copyrighted material may not be re-published without permission. Links are encouraged. From rforno at infowarrior.org Mon Feb 16 21:14:53 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 16 Feb 2009 16:14:53 -0500 Subject: [Infowarrior] - Pirate Bay P2P Trial Begins in Sweden Message-ID: <5789BCF6-E998-430A-8F20-BAAF744A0D00@infowarrior.org> Pirate Bay P2P Trial Begins in Sweden Author: Wesley Roberts Category: Tech 6 hours ago http://techfragments.com/news/446/Tech/Pirate_Bay_P2P_Trial_Begins_in_Sweden.html The Pirate Bay's copyright infringement trial is now under way in Sweden, becoming one of the most watched P2P trials. The site is accused of helping users illegally downloaded movies, music, computer games, and more from its web site. If the site owners are convicted, they could spend two years in prison and a fine around $150,000. In addition, many of the leading companies in the motion picture industries are wanting an additional $14.3 million. The Pirate Bay is the world's largest source for BitTorrent trackers, while they do not host illegal content they do provide a means of finding such content. In May 2006 the company was raided by Swedish police who seized their servers and in January of last year the owners were charged with the copyright infringement. The International Federation of Phonographic Industry (IFPI) which is representing the case of music and film producers, made a statement about the case on Friday. Stating, For people who make a living out of creativity or in a creative business, there is scarcely anything more important than to have your rights protected by the law. Copyright exists to ensure that everyone in the creative world from the artist to the record label, from the independent film producer to the TV programme maker - can choose how their creations are distributed and get fairly rewarded for their work. The operators of The Pirate Bay have violated those rights and, as the evidence in Court will show, they did so to make substantial revenues for themselves. That kind of abuse of the rights of others cannot be allowed to continue, and that is why these criminal proceedings are so important for the health of the creative community. The criminal prosecution of The Pirate Bay is about protecting creators from those who violate their rights and deprive them of their deserved rewards. The Pirate Bay has hurt creators of many different kinds of works, from music to film, from books to TV programmes. It has been particularly harmful in distributing copyrighted works prior to their official release. This damages sales of music at the most important time of their lifecycle." said John Kennedy the CEO and Chairman of IFPI. The evidence in this case will show that The Pirate Bay is a commercial business which made substantial amounts of money for its operators, despite their claim to be only interested in spreading culture for free." The Pirate Bay is currently run by Gottfrid Svartholm (anakata), Fredrik Neij (TiAMO) and Peter Sunde (brokep). On 15 November 2008, The Pirate Bay announced that it had reached over 25 million unique peers. The Pirate Bay has about 3,400,000 registered users so far. It's the world's largest BitTorrent tracker and is ranked as the 109th most popular website by Alexa Internet. From rforno at infowarrior.org Tue Feb 17 00:58:25 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 16 Feb 2009 19:58:25 -0500 Subject: [Infowarrior] - Announcing GCTIP - New Forums for Internet Transparency, Performance, and ISP Issues Message-ID: February 16, 2009 Announcing GCTIP - New Forums for Internet Transparency, Performance, and ISP Issues http://lauren.vortex.com/archive/000506.html Greetings. I'm pleased to announce the availability of a new venue for discussion, reporting, analysis, information sharing, queries, and consumer assistance regarding Internet performance, transparency, and measurement, plus a wide range of topics associated with consumers and their interactions with Internet Service Providers (ISPs). Called GCTIP Forums, this project -- The Global Coalition for Transparent Internet Performance -- is the outgrowth of a network measurement workshop meeting sponsored by Vint Cerf and Google at their headquarters in June, 2008 for a number of academic network measurement researchers and other related parties. This is the same meeting that formed the genesis of the open platform M-Lab (Measurement Lab) project that was recently announced. GCTIP was the original name for the mailing list that I maintained for that Google meeting and subsequent discussions (full disclosure: I helped to organize the agenda for the meeting and also attended). Unless we know what the performance of the Internet for any given users really is -- true bandwidth performance, traffic management, port blocking, server prohibitions, Terms of Service concerns, and a wide range of other parameters, it's impossible for anyone who uses Internet services to really know if they're getting what they're paying for, if their data is being handled appropriately in terms of privacy and security, and all manner of other crucial related issues. While transparency and related concerns do have impacts on "network neutrality" issues, neither GCTIP nor GCTIP Forums are oriented toward network neutrality discussions. The purpose of GCTIP Forums is to provide a free discussion environment to act as a clearinghouse for all stakeholders (technical, consumers, ISPs, government-related, etc.) to interact on the range of "network transparency" and associated topics. The focus is on collecting, analyzing, and disseminating reports relating to Internet measurement/test data -- plus associated concerns, discussions, etc., in manners that are most useful to the network community at large. There are many groups working in the network measurement area, but surprisingly little data sharing, coordination, or ongoing reporting in a form that is useful to most ordinary Internet consumers or other interested observers. An area of particular concern is helping to assure that measurement tests and perceived consumer problems with their ISPs aren't misinterpreted by users resulting in unfair or simply wrong accusations against those ISPs. I feel strongly that consumers need a place to go with these sorts of issues where the broader community and experts can help interpret what's really going on. Guilty firms should be exposed, but the innocent must not be inappropriately branded. All current GCTIP Forums topics can be viewed without signing up on the system. Simple registration is required to post new discussion threads and replies, but no non-administrative topics are currently pre-moderated (any reported materials confirmed to be inappropriate will be deleted promptly). GCTIP Forums exist to enable the exchange of relevant ideas, queries, data, and other information for anyone concerned about the Internet worldwide. The Forums are seeded with five top-level discussion topics to get things rolling, but suggestions for additional categories are welcome. New threads (e.g. discussions of particular measurement tools, measurement results, specific ISP issues and concerns, etc.) can be created by registered users, starting right now. Please note that I am running GCTIP on my own dime at this point. At such a time as any outside support funding becomes available for the project (which would be very much appreciated!) it will be publicly announced of course. Spread the word! This is your chance to help yourself and everyone else better understand what the Internet is really doing, and by extension, where it is going tomorrow. Thanks very much. --Lauren-- From rforno at infowarrior.org Tue Feb 17 12:11:23 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 Feb 2009 07:11:23 -0500 Subject: [Infowarrior] - Wikileaks Funding Request Message-ID: <20D197FF-D56F-4BD1-BDB2-24ABE121AE0D@infowarrior.org> Wikileaks has no formal funding until late in the year. Help us urgently raise $80k to cover expenses over the next three months or our primary operations will shutdown. The mission is too important to allow this--every day people count on us in a way that is really quite extraordinary. Wikileaks' reputation for unbowed defence of both human rights principles and people continues to win accolades, but these prizes, as nice as they are, do not pay the bills (if you are aware of some that do, please nominate us for them). Making matters more demanding, this week saw the commencement of a spectacular three week trial in Stockholm of two of our technical people by the US recording industry on an indirectly related matter; PRQ founders also host the censorship resistant file-sharing site, the Pirate Bay, on which we released the recent Congressional Research Reports collection, for example. Husband and wife volunteers, Jim and Jennifer McCain have prepared the following helpful pledge and flyers, thanks to the UK based My Society. Feel free to roll your own and spread the word in your own special way: http://pledgebank.com/save-wl See also: https://secure.wikileaks.org/ Stand with us! WIKILEAKS/SUNSHINE PRESS From rforno at infowarrior.org Tue Feb 17 12:14:13 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 Feb 2009 07:14:13 -0500 Subject: [Infowarrior] - Why Google's Software Update Tool Is Evil Message-ID: <9426512E-61E1-4219-A0DD-53B660A527B7@infowarrior.org> Why Google's Software Update Tool Is Evil By Scott Gilbertson EmailFebruary 13, 2009 | 1:42:20 PMCategories: Google http://blog.wired.com/business/2009/02/why-googles-sof.html The recently released desktop app Google Earth 5 contained a little surprise for many Mac OS X users ? it installed Google's automated Update Engine without clearly asking. Worse, the latest version of Google Earth won't work without the Update Engine running in the background. We mentioned the new update policy in our initial review, but given Google's lack of transparency, or what users perceive as a lack of transparency about the update, it bears a closer look. Sneaking an auto-updater into a software package without clearly pointing it out during the installation process is a bad idea, one that Google has promised to change with a new, more informative splash screen. But, offering no way to turn the update software off is downright evil, according to many upset users in the Google Earth Group. Most of us have dozens of applications installed on our PCs, many of which check for updates when the application is active. So why does the Google Updater have to run all the time in the background? Wil Shipley, a longtime Mac developer and author of the award-winning Delicious Library, says, "This is a classic case of designing like a computer scientist instead of like a user: 'Well, it seems cleaner architecturally for us to have a central update server, instead of the same update module in each program the user runs!'" Shipley goes on to point out that "anything running in the background is a potential security risk." Shipley's own Delicious Library checks for updates when it launches, a system he calls "ideal." A spokesperson for software maker Adobe confirmed the company's Creative Suite 4 also has no need for an always-running updater. Instead, Adobe's apps rely on a standalone updater that runs each time you launch one of the Creative Suite applications, like Photoshop or Illustrator. Google is relatively new to the desktop software game, particularly the Mac side. And, despite plenty of best practice examples from those who came before, the company is repeating the same amateur mistakes that most desktop software makers have long since abandoned. Here are a few reasons why an always-active daemon (software speak for a tiny app that runs in the background) for handling software updates is a bad idea: 1. It opens up an always-on tunnel to Google. While Google may be confident its update servers will never be compromised, how confident are you? If a third party gains control of that server, it can inject nearly any code it wants into your machine. 2. It?s always on, always looking for update. On an expensive, pay- by-the-megabyte EVDO network? Google Updater doesn?t care and will suck down any available updates without asking, costing you money. 3. Google updates Google Earth or Picasa or Gtalk, but the update ends up having a bug that wipes data from your drive. Sorry, too late ? the auto-updater already grabbed the latest version without asking. Kiss your data goodbye. 4. Administering a large network that needs to be locked down and tightly controlled? Cross Google software off your list. All the above problems apply, but they're cascaded across your network for added headaches. A Google spokesperson defended the Updater with a canned response, stating that "updates provide bug fixes, fix security vulnerabilities, ensure that applications are still compatible with other software updates." But as Shipley says, "it's incredibly intrusive to have some idiotic daemon whose whole purpose is just to look for updates." Comparing it to the real world, Shipley says an always-running background app is "like having a person at your company whose full- time job is to see if there's, like, a new version of QuickBooks out yet." There's an easy fix for this controversy: Just follow the standard best practices of desktop software. Have your updater check in with the server at each launch. It works for Microsoft, it works for Apple, it works for Adobe, it works for nearly every software maker on the market. The audience of offended users may be small in the case of Google Earth, but it's safe to assume that a Mac version of Google's Chrome Browser will likely use the same update policy and that could hurt the browser?s ability to entice users into switching. We hate to break it to you Google, but you aren't special, and your software updates are no more critical than anyone else's. At the very least, offer users a way to turn off auto-updates. The web may belong to Google, but your desktop and the applications running on it should remain in your control. From rforno at infowarrior.org Tue Feb 17 12:44:54 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 Feb 2009 07:44:54 -0500 Subject: [Infowarrior] - Academic Paper: ISP Ineffectiveness as Copyright Cops Message-ID: <6336DCA3-3A66-4D6E-BE88-190E7381C2C6@infowarrior.org> Keep Looking: The Answer to the Machine is Elsewhere Andrew A. Adams University of Reading - School of Systems Engineering Ian Brown University of Oxford - Oxford Internet Institute Computers and Law, 2009 Abstract: It is over a decade since the signing of the World Intellectual Property Organization's "Internet treaties". These treaties' "anti- circumvention" rules ban the creation, distribution or use of tools that bypass Technological Protection Measures (TPMs) even for otherwise legal purposes. However, while these legal changes have not stopped the widespread unauthorized sharing of copyright works, they have impeded computer security research, retarded innovation in technology and commerce, and blocked groups such as visually impaired users from accessing locked-up material. Given the failure of TPMs to stop large-scale infringement, right holders have more recently been lobbying for requirements to be imposed upon Internet Service Providers to monitor customers' communications to detect and prevent copyright infringement. Unfortunately such requirements would be likely to have even less impact upon levels of infringement, representing a massively disproportionate invasion of users' privacy. This article examines the misconceptions that lie behind these hybrid techno-legal copyright enforcement systems, and suggests that innovation in business models is much more likely to effectively protect the interests of creators than technological enforcement mandated via copyright law. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1329703 From rforno at infowarrior.org Tue Feb 17 12:46:27 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 Feb 2009 07:46:27 -0500 Subject: [Infowarrior] - Fmr Mi5 head: UK gov exploiting terror fears Message-ID: http://www.guardian.co.uk/uk/2009/feb/17/government-exploiting-terrorism-fear Government accused of exploiting terrorism fear * Press Association * guardian.co.uk, Tuesday 17 February 2009 06.08 GMT The former head of MI5 Dame Stella Rimington has accused the government of exploiting people's fear of terrorism to restrict civil liberties. In an outspoken interview she said ministers risked handing a victory to terrorists by making people "live in fear and under a police state". Rimington, who stood down as the security service's director general in 1996, also accused the US of going too far, claiming the Guant?namo Bay camp and allegations of torture had been a recruiting sergeant for extremists. Her comments came as a report by a panel of leading judges and lawyers warned measures to tackle terrorism had undermined international human rights laws. In an interview with the Spanish newspaper La Vanguardia, Rimington said: "Since I have retired I feel more at liberty to be against certain decisions of the government, especially the attempt to pass laws which interfere with people's privacy." In the interview, published in the Daily Telegraph, she continued: "It would be better that the government recognised that there are risks, rather than frightening people in order to be able to pass laws which restrict civil liberties, precisely one of the objects of terrorism: that we live in fear and under a police state." Rimington, 73, has been a harsh critic of the government's policies, including attempts to extend pre-charge detention for terror suspects to 42 days and the controversial ID cards plan. She added: "The US has gone too far with Guant?namo and the tortures. MI5 does not do that. "Furthermore it has achieved the opposite effect: there are more and more suicide terrorists finding a greater justification." A study published yesterday by the International Commission of Jurists (ICJ) found "many states have fallen into a trap set by terrorists" by introducing measures which undermined the values they sought to protect. The panel warned that exceptional "temporary" counter-terrorism measures were becoming permanent features of law and practice. The report condemned the use of "notorious" counter-terrorism tactics such as torture, disappearances, arbitrary and secret detention. The president of the ICJ, former Irish president Mary Robinson, said: "Seven years after 9/11 it is time to take stock and to repeal abusive laws and policies enacted in recent years." "Human rights and international humanitarian law provide a strong and flexible framework to address terrorist threats." The report was seized upon by the Conservatives, who claimed the government's attempts to extend the detention time limit to 42 days was the kind of measure condemned by the report. The Shadow security minister, Baroness Neville-Jones, said: "The Conservative party is committed to ensuring that security measures are proportionate and adhere to the rule of law." The Liberal Democrat foreign affairs spokesman, Ed Davey, said: "This is damning testament to just how much liberty has been ineffectually sacrificed in the 'war on terror'." From rforno at infowarrior.org Tue Feb 17 12:53:36 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 Feb 2009 07:53:36 -0500 Subject: [Infowarrior] - =?windows-1252?q?Facebook=92s_Users_Ask_Who_Owns_?= =?windows-1252?q?Information?= Message-ID: February 17, 2009 Facebook?s Users Ask Who Owns Information By BRIAN STELTER http://www.nytimes.com/2009/02/17/technology/internet/17facebook.html?hp=&pagewanted=print Reacting to an online swell of suspicion about changes to Facebook?s terms of service, the company?s chief executive moved to reassure users on Monday that the users, not the Web site, ?own and control their information.? The online exchanges reflected the uneasy and evolving balance between sharing information and retaining control over that information on the Internet. The subject arose when a consumer advocate?s blog shined an unflattering light onto the pages of legal language that many users accept without reading when they use a Web site. The pages, called terms of service, generally outline appropriate conduct and grant a license to companies to store users? data. Unknown to many users, the terms frequently give broad power to Web site operators. This month, when Facebook updated its terms, it deleted a provision that said users could remove their content at any time, at which time the license would expire. Further, it added new language that said Facebook would retain users? content and licenses after an account was terminated. Mark Zuckerberg, the chief executive of Facebook, said in a blog post on Monday that the philosophy ?that people own their information and control who they share it with has remained constant.? Despite the complaints, he did not indicate the language would be revised. The changes in the terms of service had gone mostly unnoticed until Sunday, when the blog Consumerist cited them and interpreted them to mean that ?anything you upload to Facebook can be used by Facebook in any way they deem fit, forever, no matter what you do later.? Given the widespread popularity of Facebook ? by some measurements the most popular social network with 175 million active users worldwide ? that claim attracted attention immediately. The blog post by Consumerist, part of the advocacy group Consumers Union, received more than 300,000 views. Users created Facebook groups to oppose the changes. To some of the thousands who commented online, the changes meant: ?Facebook owns you.? Facebook moved swiftly to say it was not claiming to own the material that users upload. It said the terms had been updated to better reflect user behavior ? for instance, to acknowledge that when a user deletes an account, any comments the user had posted on a page remain visible. ?We certainly did not ? and did not intend ? to create any new right or interest for Facebook in users? data by issuing the new terms,? said Barry Schnitt, a Facebook spokesman. Greg Lastowka, an associate professor at the Rutgers School of Law who is writing a book on Internet law, said Facebook?s language was not unusual. ?Most Web sites today offer terms of service that are designed to protect and further the interests of the company writing the terms, and most people simply agree to terms without reading them.? For Facebook, the ability to store users? data and use their names and images for commercial purposes is important as it seeks to make more money from the virtual interactions of friends. But balancing the desire for sharing with the need for control remains a challenge for Facebook as it turns five years old this month. ?We?re at an interesting point in the development of the open online world where these issues are being worked out,? Mr. Zuckerberg wrote. Amid the evolution, at least a few members are showing their uneasiness about the stance that Facebook is taking. Some members, including Sasha Frere-Jones, the pop critic and staff writer for The New Yorker, said they had deleted their accounts to show their opposition to the new terms. ?Zuckerberg?s response to the protest is just the modern version of ?Ignore the fine print, ma?am, just sign here,? ? Mr. Frere-Jones wrote in an e-mail message. ?Why would anyone trust a company with his or her personal information, especially when that company?s explicit legal language claims eternal rights to exploit that information, and there is good reason to expect that they will?? From rforno at infowarrior.org Tue Feb 17 12:57:31 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 Feb 2009 07:57:31 -0500 Subject: [Infowarrior] - Anonymous Caller? New Service Says, Not Any More Message-ID: Anonymous Caller? New Service Says, Not Any More A new service set for launch Tuesday allows cellphone users to unmask the Caller ID on blocked incoming calls, obtaining the phone number, and in some cases the name and address, of the no-longer-anonymous caller. The service, called TrapCall, is offered by New Jersey's TelTech systems, the company behind the controversial SpoofCard Caller ID spoofing service. The new service is likely to be even more controversial ? and popular. "What?s really interesting is that they?ve totally taken the privacy out of Caller ID," says former hacker Kevin Mitnick, who alpha-tested the service. TrapCall's basic unmasking service is free, and includes the option of blacklisting unwanted callers by phone number. It also allows you to listen to your voicemail over the web. It's currently available to AT&T and T-Mobile subscribers, with support for the other major carriers due within weeks, says TelTech president Meir Cohen. < - > http://blog.wired.com/27bstroke6/2009/02/trapcall.html From rforno at infowarrior.org Tue Feb 17 13:44:26 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 Feb 2009 08:44:26 -0500 Subject: [Infowarrior] - more on... - Fmr Mi5 head: UK gov exploiting terror fears References: <499ABAB1.601@comcast.net> Message-ID: Begin forwarded message: > From: "J. H. van Baal" > Date: February 17, 2009 8:25:05 AM EST > > this is exactly why I was underwhelmed by the alarmist article the > other day by the chap at the Navy Postgraduate School. > > Are terrorists a threat to us? Statistically, no, no more than > being struck by lightning or if you live in certain neighborhoods a > drive-by shooting. > > The real problems are to be found on Wall Street, in the jobs now > done overseas, the bad mortgages, the black heart of G W Bush, the > accounting skills of Bernie Madoff. > > Yes, "terrorists" killed however many people in Mumbai. More people > than that die in Mumbai every day from hunger, and from preventable > diseases. But is that newsworthy? > > Yes, people died in the events of 11 September. Physicians kill > many more thousands of people than that every year in America. So > do cigarettes and prescribed drugs. I don't mean to diminish the > deaths of terror victims in any way. I do want to point out that if > one filters out the media circus nature of these rare occurances, > what do we really have in terms of human mortality? I know this > sounds harsh and unfeeling. But think about it. > > The consequences of unbridled capitalism are far worse than the > media events associated with "terrorism". > > And is the phenomenal cost associated with antiterrorism really > worth the expenditure in terms of return? Is the existence of a > brain dead organization like the TSA really justified? > > Antiterrorism is by nature a police action. Military response is > inappropriate. Iraq is a complete disaster. Afghanistan is none of > our business. Osama should be been pursued by international police > action, not by military intervention, before G W Bush singlehandedly > destroyed the world's sympathy. AlQaida is not a country, it's an > organization. Afghanistan is not a country either, come to think of > it. War is declared by one country against another. The war on > terror is no more likely to succeed than the war on drugs, another > sad farce. > > Joseph From rforno at infowarrior.org Tue Feb 17 21:12:57 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 Feb 2009 16:12:57 -0500 Subject: [Infowarrior] - Prosecution Drops Some Charges Against The Pirate Bay Message-ID: <5571136C-5670-4EC8-9377-69DC094E8F55@infowarrior.org> Prosecution Drops Some Charges Against The Pirate Bay By Wired Staff EmailFebruary 17, 2009 | 12:27:29 PMCategories: Yo Ho Ho Special correspondent Oscar Swartz reports. http://blog.wired.com/27bstroke6/2009/02/prosecution-dro.html STOCKHOLM ? Prosecutors dropped half of the charges in the landmark trial of The Pirate Bay file sharing site Tuesday, leaving observers stunned and prompting questions about the government's preparedness in the long-awaited criminal proceeding. "I will drop all charges that relate to producing infringing copies and will hence restrict the prosecution to the act of making works available to the public," prosecutor Hakan Roswall announced at the opening of the second day of the trial. "When I talk about making something available to the public I mean making available torrent files." At an intermission, Roswall refused to clarify the change of heart to reporters. "As you can see I have a lot of other things to think about," he said. "There will be new adjusted charges distributed on paper tomorrow, Wednesday." Four men associated with the defiant BitTorrent tracking site are on trial for contributory copyright infringement. Hans Fredrik Neij, Gottfrid Svartholm Warg, Peter Sunde and Carl Lundstr?mface face up to two years in prison each, in addition to fines as high as $180,000. The Pirate Bay's supporters quickly claimed victory in the blogosphere, and many expressed astonishment at the course-correction. This was, after all, supposed to be the seminal piracy prosecution, with Hollywood throwing the kitchen sink at a few defiant Swedish computer nerds. Peter Danowsky, the attorney representing the music labels, downplayed the reduction in charges. "It?s a largely technical issue that changes nothing in terms of our compensation claims and has no bearing whatsoever on the main case against The Pirate Bay," he said in a statement. "In fact it simplifies the prosecutor?s case by allowing him to focus on the main issue, which is the making available of copyrighted works." The move is remarkable because of the extensive groundwork the content industries and the prosecutor has laid for the case. The Motion Pictures Association and other plaintiffs had collected evidence for many months by participating in file-sharing torrent swarms, dumping screenshots of downloads in progress and collecting information before the raid on May 31, 2006, in which 195 computers were trucked away by the police. The prosecutor led an investigation for two-and-a-half years after that. The prosecution has specified 21 works of music, nine movies and three computer games that were allegedly infringed. The Pirate Bay defendants were not charged with direct copyright infringement, but only in assisting in committing such acts. Under Swedish law, prosecutors must therefore prove the defendants engaged in "facilitating for other people to make available a copyright protected work via transmission on the internet" in a specific file on a specific date. The hitch in the prosecutor's plan hinges on Pirate Bay's dual- functionality. The site includes a "tracker" that coordinates communication between peers downloading and uploading files. But it also has a searchable index that merely lists the torrent files available through a variety of trackers, not just The Pirate Bay's. The prosecutor now appears to agree with the defendants that he cannot prove that the specific files at issue were handled by Pirate Bay's trackers. The only thing that is left is "assisting making available" the torrent files, a charge that the prosecution evidently hopes to press based on Pirate Bay's index alone. The move may have been prompted in part by the defendants' opening statements. On Monday, Pirate Bay co-founder Fredrik Neij discussed so called "trackerless torrents," which use a Distributed Hash Table, or DHT, and don't rely on a torrent tracker at all. "We believe he dropped charges after having googled all night about DHT," an upbeat Peter Sunde, one of the defendants, told Wired.com later. Fredrik Neij and Gottfrid Svartholm Warg boasted that they were just scratching the surface of the flaws in the government's case, and that they would raise deeper technical points later in the trial. It remains to be seen whether facilitating making torrent files available is enough to commit the criminal act of assisting in copyright infringement. "Absolutely not," claimed Rick Falkvinge, the leader of The Pirate Party. "If they can claim that facilitating for others to publish a torrent file, which contains no copyright protected information whatsoever, then this shows that they want to shut down the internet for good." From rforno at infowarrior.org Wed Feb 18 21:00:24 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Feb 2009 16:00:24 -0500 Subject: [Infowarrior] - Facebook Retreats on Terms of Service Message-ID: <25A1768D-BA4D-4B5D-87FE-9067558E6696@infowarrior.org> Facebook Retreats on Terms of Service http://voices.washingtonpost.com/fasterforward/2009/02/facebook_retreats_on_terms_of.html#more After a long weekend of increasingly bitter reaction to recent revisions of its "terms of service," Facebook hit the Undo button on the changes late last night. It reinstated the previous terms and said it would take some time to hear its users. Facebook chief privacy officer Chris Kelly e-mailed a little after 11 last night, writing that "we're rolling back to the previous terms of use for now and listening to some more input from our userbase and outside groups." (Disclaimer: As you can see from my own Facebook page, I've known Chris since college, where we worked on the same school paper.) The offending item in Facebook's Feb. 4 revision to its terms of service--"TOS" for short--was a long paragraph that made some sweeping claims to the words, pictures and other media uploaded by Facebook users: You hereby grant Facebook an irrevocable, perpetual, non- exclusive, transferable, fully paid, worldwide license (with the right to sublicense) to (a) use, copy, publish, stream, store, retain, publicly perform or display, transmit, scan, reformat, modify, edit, frame, translate, excerpt, adapt, create derivative works and distribute (through multiple tiers), any User Content you (i) Post on or in connection with the Facebook Service or the promotion thereof subject only to your privacy settings or (ii) enable a user to Post, including by offering a Share Link on your website and (b) to use your name, likeness and image for any purpose, including commercial or advertising, each of (a) and (b) on or in connection with the Facebook Service or the promotion thereof. You represent and warrant that you have all rights and permissions to grant the foregoing licenses. The older, now reinstated terms of service made many of the same claims but also included these sentences: You may remove your User Content from the Site at any time. If you choose to remove your User Content, the license granted above will automatically expire, however you acknowledge that the Company may retain archived copies of your User Content. Facebook does not assert any ownership over your User Content; rather, as between us and you, subject to the rights granted to us in these Terms, you retain full ownership of all of your User Content and any intellectual property rights or other proprietary rights associated with your User Content. As Facebook users soon realized, the new TOS said nothing about what would happen to their data if they canceled their accounts. The Consumerist blog summarized the changes as "We Can Do Anything We Want With Your Content. Forever." Facebook founder Mark Zuckerberg semi-apologized for the new phrasing in a blog post, calling them "overly formal" while insisting that "In reality, we wouldn't share your information in a way you wouldn't want." Users were not convinced, posting rebuttals on their own blogs--and, of course, in a Facebook group organized to oppose the changes. The company's management seems to have decided this was an argument it could not win. Smart move, but we'll have to see what it does next. Will the next TOS revision be written only for lawyers, or for the Facebook user base at large? As I asked in an e-mail to Chris Kelly yesterday: "When these terms were drafted, were they not assessed with an eye towards how they'd look to the general public?" I'm sympathetic to the people who have to write these documents. Writing something that will stand up in court, even against the loopiest litigation, is not easy, and it's not always possible to do so in language that looks right to laypeople. (For several years, my job here involved asking outside writers to agree to the moderately tangled legalese in the Post's standard freelance agreement before I could assign them any stories.) But the costs of bad publicity can be a lot higher than the hourly rates for whatever legal help is needed to slap down a frivolous lawsuit--which could happen regardless of how airtight a site's contracts might be. An hour or so after the rollback of the terms of service, Zuckerberg posted a new item on Facebook's blog. He pledged that the next revision of the terms would, in fact, be written for people without J.D. degrees, and with the help of individual Facebook users: Our next version will be a substantial revision from where we are now. It will reflect the principles I described yesterday around how people share and control their information, and it will be written clearly in language everyone can understand. Since this will be the governing document that we'll all live by, Facebook users will have a lot of input in crafting these terms. The post closed with an invitation to join a new group, "Facebook Bill of Rights and Responsibilities," to discuss these changes. If all 175 million-plus Facebook users join in, it may take a while to see some sort of consensus emerge from that conversation. But one unambiguous upside does seem clear in all this: People won't take "trust me" for an answer and are actually reading these documents, then trying to hold the corporations behind them accountable. From rforno at infowarrior.org Thu Feb 19 03:58:37 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Feb 2009 22:58:37 -0500 Subject: [Infowarrior] - The Agreeable Cat Message-ID: Here's one way to get around those pesky EULAS..... :) http://www.ohesso.com/essays/essay006.htm From rforno at infowarrior.org Thu Feb 19 04:03:43 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Feb 2009 23:03:43 -0500 Subject: [Infowarrior] - USAF unplugging bases from Internet Message-ID: <49FB0F54-B76D-4F59-A123-54BF2C9DC1C7@infowarrior.org> (Somehow I don't think this is going to prevent unauthorized Internet connections from said bases....just slightly raise the bar. But we shall see...---rf) Air Force Unplugs Bases' Internet Connections By Noah Shachtman EmailFebruary 18, 2009 | 1:36:09 PM http://blog.wired.com/defense/2009/02/air-force-cuts.html Pr20060221a It was considered a harsh, if necessary, measure when the U.S. military decided in November to ban all USB drives and removable media from its networks to stop a worm assault. But compared to what the Air Force's leaders are doing now, that step seems downright wimpy. The air service is cutting off its bases' internet connections, if they don't comply with strict network security rules. Recently, internet access was cut off at Maxwell Air Force Base in Alabama, because personnel at the facility "hadn't demonstrated ? in our view at the headquarters ? their capacity to manage their network in a way that didn't make everyone else vulnerable," Air Force Chief of Staff Gen. Norton Schwartz tells InsideDefense.com: "This is the kind of effort that's required up and down the line." ... The internet shutdown at the Alabama base was in response to a specific, "significant" intrusion that threatened the entire service's networks, according to Schwartz. The Maxwell event served as an example to everyone in the Air Force "that this is not voluntary, that this is the real deal, that we have standards and we will collectively enforce those standards or you won't be on the net," said Schwartz. Network administrators at Air Force bases already put strict limitations on what sites their troops can and cannot visit. Many airmen can't access Danger Room, for example ? or any site with the word "blog" in the URL. That's in addition to Defense Department-wide bans on YouTube, MySpace and other social networking sites. From rforno at infowarrior.org Thu Feb 19 12:38:32 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 19 Feb 2009 07:38:32 -0500 Subject: [Infowarrior] - Apple, Mozilla, Skype and DMCA Message-ID: Apple tells Copyright Office Jailbreaking iPhone is Illegal; Mozilla & Skype Support EFF's Request for an Exemption to the DMCA http://www.iphonehacks.com/2009/02/apple-tells-copyright-office-jailbreaking-iphone-illegal-mozilla-skype-support-effs-request-for-an-e.html For the 2009 rulemaking, Electronic Frontier Foundation (EFF) has filed an exemption request with the U.S. Copyright Office to the Digital Millennium Copyright Act (DMCA) related to iPhone jailbreaking which allows iPhone owners to install iPhone apps that have not been approved on the App Store (due to various reasons). Things have just got more interesting as Mozilla, Skype and Cydia have added their support behind EFF's push to get the U.S. Copyright Office to grant DMCA exception so users can jailbreak their iPhone without fear of copyright infringement penalties. Apple had recently told the U.S. Copyright Office that it believes jailbreaking an iPhone is a violation of the DMCA and infringes on its copyright. Apple also informed the Copyright Office that the exception request by Electronic Frontier Foundation (EFF) was not acceptable as the very act of jailbreaking the iPhone results in copyright infringement. As per Apple the current method of jailbreaking the iPhone uses unauthorized modifications to the copyrighted bootloader and OS, resulting in the infringement of the copyrights in those programs. EFF's argument is that jailbreaking iPhone is protected under fair-use doctrines, and that the Copyright Office should grant an exemption because "the culture of tinkering (or hacking, if you prefer) is an important part of our innovation economy." However, Apple disagreed and pointed out that few users of jailbroken iPhones actually used tools (such as PwnageTool and QuickPwn) and did not jailbreak it themselves. But things just got a lot more interesting as companies such as Mozilla and Skype have just given their support to EEF's exception request. CEO of Mozilla, John Lilly said in an interview with Computerworld: "This is not us criticizing Apple," "But it's the principle of the thing. Choice is good for users, and choice shouldn't be criminalized. The Internet is too important for all of us for that." Mozilla's general counsel, Harvey Anderson, wrote in the comments submitted to the Copyright Office: "Given the choice, would we work on a platform where the sole company controlling it makes us unwelcome, or would we work on a platform, like Linux, where we are welcome? The answer is going to be easy for us," Anderson also pointed out that: "These devices contain Internet Web browser, and are therefore effectively users' doorway to the Internet -- a public commons. Consumers should be entitled to use any software program they choose to access the Internet." The last statement seems to clearly highlights Mozilla's interest in getting a DMCA exemption so that they can release their mobile browser for the jailbroken iPhone. It indicates that Mozilla might be taking the unofficial approach as they feel that their iPhone app will not get approved by Apple as it would be a direct competition to iPhone's Safari browser. It is also interesting to see Skype adding their voice behind EFF's exemption request. It indicates that they are also planning to launch their iPhone app only for the jailbroken iPhone (and not on the App Store as it was speculated) so that users can make cheap VoIP calls using their iPhone over Wi-Fi as well as their data connection. iPhone's SDK currently restricts VoIP calls only over Wi-Fi network. Cydia was the other software developer who joined Mozilla and Skype in supporting the EFF's petition. Cydia app is equivalent to the App Store in the iPhone hacking world as it lets users install iPhone applications from any source, rather than just the App Store. In his remarks submitted to the U.S. Copyright Office, Jay Freeman of Saurik, Cydia's developer, said: "Cydia is now installed on 1.6 million devices worldwide, at least a quarter of which are within the United States." We will keep you posted on this developing story. Thanks David for the tip! What do you think about jailbreaking? Do you think Apple is right in making it illegal? Should the Copyright Office accept EFF's request for an exception to the DMCA? It will be great to get your feedback in the comments below. From rforno at infowarrior.org Fri Feb 20 03:11:38 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 19 Feb 2009 22:11:38 -0500 Subject: [Infowarrior] - Wired: DatalossDb.Org Message-ID: Here's a rather good in-depth article about a robust grassroots effort that provides unbiased, high quality data regarding data loss, compliance, and other relevant PII issues. No hype, just substance. (Disclosure: I am good friends with these folks and respect them as kindred, community-minded securitygeeks.) Wired Article: Group Spots Giant Hacks by Combing Small Newspapers http://blog.wired.com/27bstroke6/2009/02/volunteer-group.html OSF DatalossDB site: http://datalossdb.org/ A sincere "thank you" to these guys for their efforts in working this very important issue facing our ever-wired world. -rick From rforno at infowarrior.org Fri Feb 20 13:15:26 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 Feb 2009 08:15:26 -0500 Subject: [Infowarrior] - Swiss bank secrecy under threat after UBS tax deal Message-ID: Swiss bank secrecy under threat after UBS tax deal Thu Feb 19, 2009 5:49pm EST http://www.reuters.com/article/rbssFinancialServicesAndRealEstateNews/idUSTHO95689820090219?feedType=RSS&feedName=rbssFinancialServicesAndRealEstateNews&rpc=22&sp=true By Lisa Jucca and Jonathan Lynn ZURICH/BERNE, Feb 19 (Reuters) - Switzerland defended on Thursday its landmark decision allowing bank giant UBS to transfer client data to the United States in a tax settlement that experts say will dilute bank secrecy laws. UBS AG (UBSN.VX: Quote, Profile, Research, Stock Buzz)(UBS.N: Quote, Profile, Research, Stock Buzz) agreed late on Wednesday to pay a hefty $780 million fine and disclose the identity of some clients after U.S. investigators accused it of helping wealthy Americans to dodge taxes. The deal had the blessing of the government and the financial regulator. Some experts say the settlement, a new step in the growing global fight against tax evasion, opens cracks in the country's tough bank secrecy laws and potentially could undermine the $7 trillion global offshore banking industry. [ID:nLJ100097] Swiss newspapers said the U.S. authorities had cracked Swiss bank secrecy, accusing the government of "capitulating." "For Switzerland, (the settlement) is a true catastrophe for the country's first industry, that is to say the banking sector," Geneva lawyer Charles Poncet, a former member of the Swiss parliament, told Radio Suisse Romande. [ID:nLJ412106] Finance Minister Hans-Rudolf Merz, who is also the Swiss president under a system that rotates the position each year, said the government had no choice but to let UBS settle the case to avoid criminal charges that could have threatened its existence and undermined Switzerland's economy. The combined liabilities of UBS and rival Credit Suisse Group AG (CSGN.VX: Quote, Profile, Research, Stock Buzz) are equivalent to about seven times Switzerland's gross domestic product. "It became evident that if the American authorities would bring UBS to an indictment ... the whole threat would have been falling also on our economy," Merz told journalists, but added that Swiss bank secrecy remained in place. The probe added to the uncertainties hanging over UBS, which has written down more toxic assets than any other European bank during the credit crisis and suffered billions of dollars in client withdrawals. UBS shares rose on news of the deal. Switzerland does not consider tax evasion a crime and Swiss law prohibits disclosure of client data or names unless the country's authorities believe the client has committed a serious crime such as money laundering or tax fraud. Both Merz and UBS Chairman Peter Kurer said on Thursday the data concerned solely cases of tax fraud. "We tolerated a company culture which did not respect foreign laws," Kurer admitted on television on Thursday. But the unprecedented step in this case was that the data was handed over before a Swiss administrative court had the chance to say whether any fraud had been committed. "The agreement between UBS and the U.S. department of justice raises serious questions about the rule of law," Swiss business group Economiesuisse said. "It is irritating that among friendly states the legal ways are bypassed by the U.S." MOVE TOWARDS TRANSPARENCY The financial crisis is adding pressure on offshore centres such as Switzerland, which alone manages one third of the world's undeclared wealth, to stop helping clients hide their money from the tax man as governments seek funds to pay for more spending. Thousands of wealthy Westerners avoid taxes by hiding assets in Switzerland and other offshore centres and U.S. lawmakers say tax havens deprive Washington of $100 billion a year. The UBS tax settlement could set a precedent for similar deals with other banks or by other jurisdictions. "We highlight that any success by the US tax authority could encourage tax authorities in other jurisdictions to pursue a similar strategy," Merrill Lynch analysts said in a note. Germany has said it wants Switzerland put on a tax haven blacklist and launched a probe last year into German nationals stashing assets in Liechtenstein. The German Finance Ministry said it had taken note of the UBS deal, but had no more comment. U.S. President Barack Obama also wants to get tough on tax havens and helped introduce a Senate bill to this end in 2007. Former UBS banker Bradley Birkenfeld, who once smuggled a client's diamonds into the United States in toothpaste, said he and other UBS bankers helped the bank earn $200 million a year managing $20 billion in assets held in offshore tax havens. [ID:nN18464440] POSITIVE FOR UBS UBS's $780 million fine was lower than some media reports had expected and its shares were up 4.7 percent to 12.79 francs by 1455 GMT, outperforming the DJ index of European bank stocks, which was up 1.2 percent . Vontobel analysts said in a note: "It is very positive for UBS to have closed off the case now as it will enable them to move forwards again and to start to build up its reputation." [ID:nLJ100097] UBS said it will book the settlement charge in its 2008 accounts, which will be published in an audited form in March. Merz said in an interview with Swiss television that UBS did not need another cash injection because of the fine. "Its capitalisation is quite OK. Its capital ratio is above 11 percent," Merz said, adding that liquidity was available and that January had been a good month. UBS, which took $49 billion in writedowns in 2007 and 2008 due to the credit crisis, had to be rescued by the Swiss state last year through a 6 billion Swiss franc ($5.19 billion) cash injection. Officials described the agreement with the United States as one of the biggest tax settlements ever, although less than media reports that suggested the fine could be as high as 2 billion Swiss francs ($1.7 billion). The settlement was the largest for UBS since it and Credit Suisse paid $1.25 billion after failing to return wealth to relatives of Holocaust victims. Swiss financial regulator FINMA, which played a key role in the settlement, said UBS had to hand over a limited amount of client data to avert criminal charges. "Such charges could have had drastic consequences for UBS and its liquidity situation and ultimately put its existence at risk," the authority said. Swiss media say UBS turned over 250 client names out of an estimated 17,000 U.S. clients who have concealed their identities and their accounts and hold $20 billion in assets. The agreement settles the criminal investigations against the bank but not a civil case by the Internal Revenue Service, the U.S. tax collector. The IRS is seeking the names of thousands of UBS clients. (Additional reporting by Rupert Pretterklieber, Jason Rhodes, Stephanie Nebehay and Katie Reid; Writing by John Stonestreet; Editing by David Holmes, Erica Billingham and Andre Grenon) ($1=1.173 Swiss Franc) ? Thomson Reuters 2008. All rights reserved. Users may download and print extracts of content from this website for t From rforno at infowarrior.org Sat Feb 21 02:13:38 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 Feb 2009 21:13:38 -0500 Subject: [Infowarrior] - Brilliant, Adobe (vuln) Message-ID: This just in from Adobe --- comments follow below. Release date: February 19, 2009 Vulnerability identifier: APSA09-01 CVE number: CVE-2009-0658 "A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.....Adobe is planning to release updates to Adobe Reader and Acrobat to resolve the relevant security issue. Adobe expects to make available an update for Adobe Reader 9 and Acrobat 9 by March 11th, 2009. Updates for Adobe Reader 8 and Acrobat 8 will follow soon after, with Adobe Reader 7 and Acrobat 7 updates to follow. In the meantime, Adobe is in contact with anti-virus vendors, including McAfee and Symantec, on this issue in order to ensure the security of our mutual customers. A security bulletin will be published on http://www.adobe.com/support/security as soon as product updates are available.......Adobe categorizes this as a critical issue......" Source: http://www.adobe.com/support/security/advisories/apsa09-01.html .... thanks, Adobe. You tell us there's a CRITICAL "issue" (not "problem") facing our systems and data that's being actively exploited, and yet you tell us NOTHING that would help us monitor this thing or do something (short of not using Acrobat) to help reduce our exposure other than the classic 'update our antivirus products' advice. Then, you tell us we're going to be vulnerable for a few more weeks until you fix the problem? In essence, what you are telling the bad guys is, "you've got a few weeks' Window of Exposure to play with, go ahead and have fun with our customers!" --- and what you're telling the good guys (and your customers) is, "you're at risk, but we're not going to say how or why and just trust us to protect you when we're ready and according to our schedule.....and if something bad happens to your data, don't blame us for it -- remember, you agreed to our EULA terms and conditions." How reassuring. How vendor-friendly, too. I suspect nobody will view Adobe's brilliant security advisory as a form of "Irresponsible Disclosure" --- which I believe it is -- especially since saying nothing about a critical security problem can be just as (if not more) irresponsible than saying something at all. Double standards, apply within. Here we go again. -rick infowarrior.org From rforno at infowarrior.org Sun Feb 22 17:50:25 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 22 Feb 2009 12:50:25 -0500 Subject: [Infowarrior] - (Idiotic) Bill proposes ISPs, Wi-Fi keep logs for police Message-ID: <458E4C8C-EB26-46EE-9B11-CC9EE679316C@infowarrior.org> So is every home wifi user going to be trained (at taxpayer expense) on how to set up logging on their wifi devices? Not to mention, most home-use wifi devices/access points don't have the storage capability to support such prolonged data retention. IMHO this is more idiotic politicians blathering about something they know nothing about --- and again, wrap their delusions up in a kitzhy acroym designed to make it sound feel-good and effective -- The "Internet Safety Act" --- AKA, the "Internet Stopping Adults Facilitating the Exploitation of Today's Youth Act" Same stuff, different year..... --rf Bill proposes ISPs, Wi-Fi keep logs for police by Declan McCullagh http://news.cnet.com/8301-13578_3-10168114-38.html Republican politicians on Thursday called for a sweeping new federal law that would require all Internet providers and operators of millions of Wi-Fi access points, even hotels, local coffee shops, and home users, to keep records about users for two years to aid police investigations. The legislation, which echoes a measure proposed by one of their Democratic colleagues three years ago, would impose unprecedented data retention requirements on a broad swath of Internet access providers and is certain to draw fire from businesses and privacy advocates. "While the Internet has generated many positive changes in the way we communicate and do business, its limitless nature offers anonymity that has opened the door to criminals looking to harm innocent children," U.S. Sen. John Cornyn, a Texas Republican, said at a press conference on Thursday. "Keeping our children safe requires cooperation on the local, state, federal, and family level." Joining Cornyn was Texas Rep. Lamar Smith, the senior Republican on the House Judiciary Committee, and Texas Attorney General Greg Abbott, who said such a measure would let "law enforcement stay ahead of the criminals." Two bills have been introduced so far--S.436 in the Senate and H.R. 1076 in the House. Each of the companion bills is titled "Internet Stopping Adults Facilitating the Exploitation of Today's Youth Act," or Internet Safety Act. Each contains the same language: "A provider of an electronic communication service or remote computing service shall retain for a period of at least two years all records or other information pertaining to the identity of a user of a temporarily assigned network address the service assigns to that user." Translated, the Internet Safety Act applies not just to AT&T, Comcast, Verizon, and so on--but also to the tens of millions of homes with Wi- Fi access points or wired routers that use the standard method of dynamically assigning temporary addresses. (That method is called Dynamic Host Configuration Protocol, or DHCP.) "Everyone has to keep such information," says Albert Gidari, a partner at the Perkins Coie law firm in Seattle who specializes in this area of electronic privacy law. The legal definition of electronic communication service is "any service which provides to users thereof the ability to send or receive wire or electronic communications." The U.S. Justice Department's position is that any service "that provides others with means of communicating electronically" qualifies. That sweeps in not just public Wi-Fi access points, but password- protected ones too, and applies to individuals, small businesses, large corporations, libraries, schools, universities, and even government agencies. Voice over IP services may be covered too. Under the Internet Safety Act, all of those would have to keep logs for at least two years. It "covers every employer that uses DHCP for its network," Gidari said. "It covers Aircell on airplanes--those little pico cells will have to store a lot of data for those in-the- air Internet users." In the Bush administration, Attorney General Alberto Gonzales had called for a very similar proposal, saying that subscriber information and network data should be logged for two years. Until Gonzales' remarks in 2006, the Bush administration had generally opposed laws requiring data retention, saying it had "serious reservations" about them. But after the European Parliament approved such a requirement for Internet, telephone and VoIP providers, top administration officials began talking about the practice more favorably. After Gonzales left the Justice Department, the political will for data retention legislation seemed to ebb for a time, but then FBI Director Robert Mueller resumed lobbying efforts last spring. This tends to be a bipartisan sentiment: Attorney General Eric Holder, a Democrat, said in 1999 that "certain data must be retained by ISPs for reasonable periods of time so that it can be accessible to law enforcement." Rep. John Conyers, the Democratic chairman of the House Judiciary Committee, said that FBI proposals for data retention legislation "would be most welcome." Smith, who sponsored the House version of the Internet Safety Act, had previously introduced a one-year requirement as part of a law-and- order agenda in 2007. A 1996 federal law called the Electronic Communication Transactional Records Act regulates data preservation. It requires Internet providers to retain any "record" in their possession for 90 days "upon the request of a governmental entity." Because Internet addresses remain a relatively scarce commodity, ISPs tend to allocate them to customers from a pool based on whether a computer is in use at the time. (Two standard techniques used are the Dynamic Host Configuration Protocol and Point-to-Point Protocol over Ethernet.) In addition, Internet providers are required by another federal law to report child pornography sightings to the National Center for Missing and Exploited Children, which is in turn charged with forwarding that report to the appropriate police agency. The Internet Safety Act is broader than just data retention. Other portions add criminal penalties to other child pornography-related offenses, increase penalties for sexual exploitation of minors, and give the FBI an extra $30 million for the "Innocent Images National Initiative." From rforno at infowarrior.org Mon Feb 23 04:09:02 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 22 Feb 2009 23:09:02 -0500 Subject: [Infowarrior] - Revenge on the UK's arch-snooper Message-ID: <094BC366-7F84-4A4D-9283-6B0023236B37@infowarrior.org> What a perfect revenge on the arch snooper http://www.guardian.co.uk/commentisfree/2009/feb/22/jacqui-smith-expenses-inquiry o Carole Cadwalladr o The Observer, Sunday 22 February 2009 Hardly anyone actually shoots themselves in the foot or literally gets egg on their face, so it was a real pleasure last week, in so many ways, to witness Jacqui Smith being hoist with her own petard. A petard was, in the original French, an explosion of intestinal gas which, in turn, gave its name to a small bomb, such as the one that erupted across the papers last week, when the neighbours of her sister's house in Peckham, south London, came forward and told the press that she was only there a couple of days a week. Because, in the small matter of whether she was right to pocket ?116,000 of additional expenses by claiming that the back bedroom she rents off sister is her "main home", as opposed to the house she owns in her constituency in Redditch where her husband and children happen to live, this turns out to be critical testimony. Standards Commissioner John Lyon twice turned down requests to investigate the matter. It was only when some neighbours, Dominic and Jessica Taplin, wrote to him and repeated the claims they made to a newspaper, that she is there rather less than the four nights a week that she claims, that he agreed to open an inquiry. It's this that's the real beauty of the story. Residents on the online East Dulwich forum (East Dulwich being what you call Peckham if you happen to live there) declared themselves outraged at the behaviour of the neighbours, with words like "snitch", "curtain-twitchers", "grassers" and "narks" being bandied about (apparently "Dominic and Jessica Taplin represent all that's worst about the new smug arriviste elements of East Dulwich"). This is the world that Jacqui Smith has created. The only shame is that they didn't capture her on CCTV. If you want to rat out your neighbours, allow the home secretary to enumerate the ways. Do you know someone who claims more from the state than they're entitled to? Who is "picking the pockets of law-abiding taxpayers"? Not politicians over-egging their allowances, obviously, but "benefit thieves". If so, call 0800 854 440 now. "We're closing in with hidden cameras. We're closing in with every means at our disposal." Do they own more than one mobile phone? Then call 0800 789 321. "Terrorists need communication. They often collect and use many pay-as- you-go mobile phones, as well as swapping Sim cards and handsets." No mobile phones? What about if they're "hanging around"? Or, as the Home Office-funded radio advertisement puts it: "How can you tell if they're a normal everyday person or a terrorist? The answer is that you don't have to. If you call the confidential Anti-Terrorist Hotline on 0800 789 321, the specialist officers you speak to will analyse the information. They'll decide if and how to follow it up. You don't have to be sure. If you suspect it, report it." It's such a lovely turn of phrase, that. If you suspect it, report it. Don't wait for evidence. Or question your own prejudices. If someone's not a "normal everyday person" exactly like you, then they could well be a member of al-Qaida. What flawless logic that is. We're already described as "a surveillance state" by Privacy International, one in five of all CCTV cameras ever made are currently in Britain, and Smith is drawing up plans to intercept every phone call we make and every email we send. The Taplins weren't snitches - they were perfect citizens in her New Model Army. And while her critics invoke the analogy of the Stasi, a more accurate comparison would be with a suburb in Connecticut, circa 1961. Because for all its period atmosphere with Kate Winslet in a little pill-box hat, Revolutionary Road, the film for which she may or may not win an Oscar tonight, feels a curiously contemporary affair. Not just for its critique of capitalism, the profound sense of emptiness that afflicts the characters despite, or maybe because of, their material comforts, but because of the hermetic vision of suburbia it offers: a conformity of living, of beliefs, aspirations and behaviour that is rigorously policed by family, friends and neighbours. If you suspect it, report it. And if you live by the sword, Jacqui, you must be prepared to die by it too. From rforno at infowarrior.org Mon Feb 23 14:04:27 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Feb 2009 09:04:27 -0500 Subject: [Infowarrior] - Nigerian Accused in Scheme to Swindle Citibank Message-ID: <2D2A335D-2D9E-48D3-9ACD-5860101B62D4@infowarrior.org> Nigerian Accused in Scheme to Swindle Citibank http://www.nytimes.com/2009/02/21/nyregion/21scam.html?_r=1&partner=rss&emc=rss&pagewanted=all By BENJAMIN WEISER Published: February 20, 2009 Swindles in which someone overseas seeks access to a person?s bank account are so well known that most potential victims can spot them in seconds. But one man found success by tweaking the formula, prosecutors say: Rather than trying to dupe an account holder into giving up information, he duped the bank. And instead of swindling a person, he tried to rob a country ? of $27 million. To carry out the elaborate scheme, prosecutors in New York said on Friday, the man, identified as Paul Gabriel Amos, 37, a Nigerian citizen who lived in Singapore, worked with others to create official- looking documents that instructed Citibank to wire the money in two dozen transactions to accounts that Mr. Amos and the others controlled around the world. The money came from a Citibank account in New York held by the National Bank of Ethiopia, that country?s central bank. Prosecutors said the conspirators, contacted by Citibank to verify the transactions, posed as Ethiopian bank officials and approved the transfers. Mr. Amos was arrested last month as he tried to enter the United States through Los Angeles, a prosecutor, Marcus A. Asner, said in Federal District Court in Manhattan. Mr. Amos, who was charged with one count of conspiracy to commit bank and wire fraud, told a federal magistrate judge, ?I?m not guilty, sir.? The judge, Andrew J. Peck, ordered him detained pending a further hearing. If convicted, he could face up to 30 years in prison, prosecutors said. The fraud was uncovered after several banks where the conspirators held accounts returned money to Citibank, saying they had been unable to process the transactions, and an official of the National Bank of Ethiopia said that it did not recognize the transactions, according to a complaint signed by an F.B.I. agent, Bryan Trebelhorn. A Citigroup spokeswoman said: ?We have worked closely with law enforcement throughout the investigation and are pleased it has resulted in this arrest. Citi constantly reviews and upgrades its physical, electronic and procedural safeguards to detect, prevent and mitigate theft.? A spokesman for the Ethiopian Embassy in Washington said, ?We are aware of this unfortunate story.? He said the embassy was not involved in the legal proceedings, and declined further comment. Officials at the National Bank of Ethiopia could not be reached by phone for comment. Prosecutors said the scheme began in September, when Citibank received a package with documents purportedly signed by officials of the Ethiopian bank instructing Citibank to accept instructions by fax. There was also a list of officials who could be called to confirm such requests. The signatures of the officials appeared to match those in Citibank?s records and were accepted by Citibank, the complaint says. In October, Citibank received two dozen faxed requests for money to be wired, and it transferred $27 million to accounts controlled by the conspirators in Japan, South Korea, Australia, China, Cyprus and the United States, the complaint says. Citibank called the officials whose names and numbers it had been given to verify the transactions, prosecutors said. The numbers turned out to be for cellphones in Nigeria, South Africa and Britain used by the conspirators. Citibank, in its investigation, later determined the package of documents had come via courier from Lagos, Nigeria, rather than from the offices of the National Bank of Ethiopia, in Addis Ababa. Citibank has credited back the lost funds to the National Bank of Ethiopia, said one person who was briefed about the situation. From rforno at infowarrior.org Mon Feb 23 14:06:01 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Feb 2009 09:06:01 -0500 Subject: [Infowarrior] - The End of Second Life Message-ID: <292786FB-6C0F-40E9-8593-66B001CA1442@infowarrior.org> The End of Second Life By Owen Thomas, 12:00 PM on Sun Feb 22 2009, 20,980 views Those who can't do, teach. Second Life, the most overhyped virtual world, has been abandoned even by its most fervent journalistic promoters, like Reuters and Wired. It's now pitching itself as an online schoolhouse. How fitting, since Second Life, a piece of software which allows users to move "avatars" representing themselves around in a three- dimensional space and decorate themselves and their virtual land, resembles nothing so much as a failed academic experiment. < - > http://valleywag.gawker.com/5158190/the-end-of-second-life From rforno at infowarrior.org Mon Feb 23 14:20:17 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Feb 2009 09:20:17 -0500 Subject: [Infowarrior] - FBN Wins FOIA Lawsuit Against Treasury Message-ID: <49B7C284-2DD1-4B03-A573-687B996B13DF@infowarrior.org> Friday, February 20, 2009 FOX Business Wins FOIA Lawsuit Against Treasury http://www.foxbusiness.com/story/markets/fox-business-wins-foia-lawsuit-treasury/# FOX Business Network has won a victory against the Treasury Department in its Freedom of Information Act request for details about the government?s bailout plan. Judge Richard J. Holwell of the U.S. District Court for the Southern District of New York said in a decision Friday that the government is directed to comply with FOX Business?s request under the FOIA ?within 30 days and to produce a Vaughn index with 45 days.? That means Treasury must comply with FOX Business?s request by Monday, March 23, and must produce a Vaughn index by Monday, April 6. A Vaughn index details which documents have been withheld and why. FOX Business sued Treasury on Dec. 18 over failure to provide information on the bailout funds or respond to FBN?s expedited requests filed under the FOIA. The initial request, filed on Nov. 25, sought actual data on the use of the bailout funds for American International Group (AIG: 0.5389, 0, 0%) and the Bank of New York Mellon (BK: 22.82, 0, 0%), and an additional request, filed on Dec. 1, sought similar data on the bailout funds for Citigroup (C: 2.02, 0, 0%). FBN asked the Treasury Department to identify, among other issues, the troubled assets purchased, any collateral extended, and any restrictions placed on these financial institutions for their participation in this program. The FOIA complaint was filed by FOX News Network, LLC, as owner of FBN. Both FOX Business and FOX News Network are owned by News Corp. (NWSA: 6.04, 0, 0%). From rforno at infowarrior.org Mon Feb 23 17:46:24 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Feb 2009 12:46:24 -0500 Subject: [Infowarrior] - Right.Org Message-ID: Right.org is a grassroots online community created by a few friends who were outraged by the bailouts. http://www.right.org From rforno at infowarrior.org Tue Feb 24 02:05:40 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Feb 2009 21:05:40 -0500 Subject: [Infowarrior] - White House Internet Team Announced References: <7574802A-4174-4FB6-AC9E-0ECE3238CD59@farber.net> Message-ID: (via IP) See also http://lostintransition.nationaljournal.com/2009/02/obama-names-tech-policy-official.php Obama Names Tech Policy Official by WINTER CASEY Kei Koizumi has been appointed assistant director for federal research and development at the White House Office of Science and Technology Policy, where he will be working on federal R&D budget issues and tracking funding. Koizumi served on the Obama transition team as part of the Technology, Innovation & Government Reform Policy Working Group. He said the group talked a lot about science funding in the stimulus bill and brainstormed ways to implement the Obama campaign agenda within the first 100 days of office. Koizumi last served as the longtime director of the R&D budget and policy program at the American Association for the Advancement of Science, an international nonprofit organization. While at AAAS, Koizumi was the principal budget analyst, editor, and writer for annual reports on federal R&D and for updated analysis on federal R&D on the association's Web site. Koizumi, who considers himself a Democrat, said he is "happy to be entering public service after 14 years in the nonprofit sector." On Feb 23, 2009, at 2:01 PM, Tim Jones wrote: http://www.thenation.com/blogs/state_of_change/410988/obama_announces_white_house_internet_team Staff Information from Press Secretary Robert Gibbs: Macon Phillips, Director of New Media Since the election, Phillips has served as Director of New Media for the Presidential Transition Team, developing Change.gov and overseeing the transition's overall online communications. Prior to that, he served as the Deputy Director of New Media for Obama for America, managing the day to day operations of the campaign's online program. Before the campaign, Macon led Blue State Digital's strategy practice, working with clients like the Democratic National Committee and Senator Ted Kennedy. Cammie Croft, Deputy New Media Director Croft comes to the White House from the Obama-Biden Transition Project, where she served as the Deputy New Media Director, specializing in online communications. Prior to that, as the New Media Rapid Response Manager for the Obama for America campaign, she oversaw efforts to integrate new media and communications, including managing websites such as FighttheSmears.com and UndertheRadar.com. Before joining the campaign, Croft built the tracking and media monitoring program at Progressive Accountability, a rapid-response communications advocacy campaign that provided video of Republican Presidential candidates for the mass public. Croft also worked as the Rapid Response Mobilization Director for Americans Against Escalation in Iraq, where she led their new media efforts, working with MoveOn.org's online tools to mobilize Americans opposed to the war. Jason Djang, Deputy Director for Video Djang served on the New Media video teams for both Obama for America and the Obama-Biden Transition Project as an editor and producer. Prior to joining the campaign, he worked in documentary film and television in New York City and Los Angeles. Jesse Lee, Online Programs Director Lee worked in the New Media department for the Transition team doing online outreach, having done online communications for the Democratic National Committee during election season. Prior to that he was Senior New Media Advisor to Speaker Nancy Pelosi for the 110th Congress, having worked for the Democratic Congressional Campaign Committee online from 2004-2006. Katie Stanton, Director of Citizen Participation Katie Jacobs Stanton joins the New Media team as Director of Citizen Participation. Prior to this role, Stanton was at Google where she was a Principal in the New Business Development team responsible for OpenSocial, Google Moderator, and various election-related initiatives. From rforno at infowarrior.org Tue Feb 24 15:33:48 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 24 Feb 2009 10:33:48 -0500 Subject: [Infowarrior] - =?windows-1252?q?Google=92s_Gmail_service_crashes?= =?windows-1252?q?_across_world?= Message-ID: http://www.telegraph.co.uk/scienceandtechnology/technology/google/4797727/Googles-Gmail-service-crashes-across-world.html Google?s Gmail service crashes across world Google?s web-based email service, Gmail, has crashed this morning, leaving millions of users from Britain to Australia unable to send and receive messages. By Claudine Beaumont Last Updated: 2:50PM GMT 24 Feb 2009 Google?s Gmail service has suffered a worldwide crash preventing millions of users from accessing their mail The email service went offline at around 10.25am GMT, and the outage appears to have affected users throughout the UK as well as across Europe, and even as far afield as Australia and India. It appears that only web-based Gmail access is affected, and users can continue to send and receive messages using other devices, such as mobile phones and third-party mail clients. Google could not confirm what had caused the outage. ?A number of users are having difficulty accessing Gmail,? said the company in a statement. ?We are working to resolve the problem. We know how important Gmail is to users, so we take issues like this very seriously, and we apologise for the inconvenience. ?We are posting status updates about the problem at mail.google.com/ support.? Bloggers and Twitter users were quick to flag up issues with the service. Google?s web-based email system is usually fairly robust, and suffers little downtime, so many internet users were left baffled by the problems and at a loss as to what to do. Many Twitter messages offered workarounds to the problem, such as using mobile email applications, while other Gmail users said they would simply down tools and make a cup of tea and wait for the issue to be resolved. Several major companies, including Telegraph Media Group and The Guardian, have switched to using the Google Apps suite in place of conventional desktop email. Google Apps allows users to work collaboratively on documents via the web, as well as share calendars, and provides instant messaging and chat alongside Gmail email services. From rforno at infowarrior.org Wed Feb 25 03:20:42 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 24 Feb 2009 22:20:42 -0500 Subject: [Infowarrior] - The Formula That Killed Wall Street Message-ID: <82E7D57A-433A-4710-92FB-D4477DCC4FD0@infowarrior.org> Recipe for Disaster: The Formula That Killed Wall Street By Felix Salmon Email 02.23.09 In the mid-'80s, Wall Street turned to the quants?brainy financial engineers?to invent new ways to boost profits. Their methods for minting money worked brilliantly... until one of them devastated the global economy. A year ago, it was hardly unthinkable that a math wizard like David X. Li might someday earn a Nobel Prize. After all, financial economists? even Wall Street quants?have received the Nobel in economics before, and Li's work on measuring risk has had more impact, more quickly, than previous Nobel Prize-winning contributions to the field. Today, though, as dazed bankers, politicians, regulators, and investors survey the wreckage of the biggest financial meltdown since the Great Depression, Li is probably thankful he still has a job in finance at all. Not that his achievement should be dismissed. He took a notoriously tough nut?determining correlation, or how seemingly disparate events are related?and cracked it wide open with a simple and elegant mathematical formula, one that would become ubiquitous in finance worldwide. For five years, Li's formula, known as a Gaussian copula function, looked like an unambiguously positive breakthrough, a piece of financial technology that allowed hugely complex risks to be modeled with more ease and accuracy than ever before. With his brilliant spark of mathematical legerdemain, Li made it possible for traders to sell vast quantities of new securities, expanding financial markets to unimaginable levels. His method was adopted by everybody from bond investors and Wall Street banks to ratings agencies and regulators. And it became so deeply entrenched?and was making people so much money?that warnings about its limitations were largely ignored. Then the model fell apart. Cracks started appearing early on, when financial markets began behaving in ways that users of Li's formula hadn't expected. The cracks became full-fledged canyons in 2008?when ruptures in the financial system's foundation swallowed up trillions of dollars and put the survival of the global banking system in serious peril. < - > http://www.wired.com/techbiz/it/magazine/17-03/wp_quant?currentPage=all From rforno at infowarrior.org Wed Feb 25 03:27:10 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 24 Feb 2009 22:27:10 -0500 Subject: [Infowarrior] - Gmail chat invaded by phishing scam Message-ID: <335A0118-A5B7-42A4-B6F6-065C799C137B@infowarrior.org> Gmail chat invaded by phishing scam Chat ?buddies? send links to URLs that infect other machines By Brad Reed , Network World , 02/24/2009 http://www.networkworld.com/news/2009/022409-gmail-chat-is-invaded-by-phishing-scam.html Google?s e-mail service has been invaded by a phishing scam that is using instant messaging to dupe unsuspecting users into giving up their passwords. Once users? Gmail chats are hacked, the phishers take over users? chat accounts and send out messages to other users purportedly linking to a ?funny video.? When users click on the link, they are directed to a Website called ?ViddyHo,? where they are prompted to enter in their Gmail names and passwords. The Website then steals users? account information and uses their chat accounts to send out more messages. Optimizing Infrastructure Control: Download now Blogger Nathan Burke looked up domain name information for viddyho.com and discovered that the Website has only been in existence for the past week. He also notes that viddyho.com is targeting several different chat protocols besides Gmail, including AOL Instant Messenger, ICQ, Yahoo! Messenger, MSN Messenger and MySpace. The Gmail phishing scam first broke out just hours after Google?s Gmail experienced a significant service outage this morning. It is unknown at this point whether the outage is connected to the phishing scam. From rforno at infowarrior.org Wed Feb 25 03:29:48 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 24 Feb 2009 22:29:48 -0500 Subject: [Infowarrior] - DvD Jon's newest Mac app Message-ID: <4233D7FF-9FA7-48C5-84B0-B90F5598A7B3@infowarrior.org> (App link: http://www.doubletwist.com/dt/Home/Index.dt) http://www.tuaw.com/2009/02/24/dvd-jons-doubletwist-sends-and-shares-your-media/ DVD Jon's Doubletwist sends and shares your media by Mike Schramm on Feb 24th 2009 Why, you might wonder, would we want another media program -- isn't iTunes enough? But a new app called Doubletwist (by DVD Jon, creator of the old DeCSS DRM-stripping software) looks to answer that question by taking an iTunes-style interface, and expanding it to pretty much anything you'd want to do with media -- send it to your own phones and portable devices, upload it to sites like Facebook or YouTube, or even send it off to your friends, even those who don't have the app. We first heard about Doubletwist about a year ago, but there wasn't a Mac version to speak of (so who cares, right?). But the Mac version is now out in public beta, and it's pretty impressive -- you can basically ignore file types, formats, or anything else that would keep you from sending a video, audio, or photo file from your computer out into the great blue yonder. There are a few other screencasts floating around as well, including this demo of the way the app works with pretty much any device you want, from iPod to Blackberry to even Android, the Sony PSP, and soon, the Nintendo DSi. It seems very enticing (though I'm doubtful that all of the video converting and sharing really goes as fast as it looks in the video). But if you want to find out for yourself, have at it -- DoubleTwist is currently a free beta download for Intel 10.5 and up users. From rforno at infowarrior.org Thu Feb 26 13:57:33 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 26 Feb 2009 08:57:33 -0500 Subject: [Infowarrior] - CIA Adds Economy To Threat Updates Message-ID: <7D24D21A-EA92-4042-A755-318322456724@infowarrior.org> CIA Adds Economy To Threat Updates White House Given First Daily Briefing By Joby Warrick Washington Post Staff Writer Thursday, February 26, 2009; A04 http://www.washingtonpost.com/wp-dyn/content/article/2009/02/25/AR2009022503389_pf.html The daily White House intelligence report that catalogs the top security threats to the nation has a grim new addition, reflecting the realities of the age: a daily update on the global financial crisis and its cascading effects on the stability of countries through the world. The first Economic Intelligence Briefing report was presented to the White House yesterday by the CIA, the agency's new director, Leon Panetta, revealed at a news conference. The addition of economic news to the daily roundup of terrorist attacks and surveillance reports appears to reflect a growing belief among intelligence officials that the economic meltdown is now preeminent among security threats facing the United States. "We've seen the impact of a worldwide recession occur throughout the world," said Panetta, who described the agency's newest product at his first news briefing since his confirmation. Instigated at the request of the White House, the daily report will ensure that U.S. policymakers are "not surprised" by the aftershocks from bank failures and rising unemployment, he said. The spy agency is following worrisome trends in many corners of the globe, from East Asia to Latin America. In private meetings yesterday, Latin American intelligence officials warned their U.S. counterparts of a crisis spreading throughout the hemisphere, particularly in Argentina, Ecuador and Venezuela, Panetta said. "Clearly, it's related: What happens in the economy, and what's happening as a result of that, is affecting the stability of the world," he said. Other key intelligence officials have raised similar alarms in other settings. The new director of national intelligence, Dennis C. Blair, told a Senate panel this month that economic woes have largely replaced terrorism as the country's No. 1 security challenge. Blair repeated the theme yesterday in testimony before the House intelligence committee, noting that three European governments have fallen because of economic issues. Central and Eastern Europe "are under tremendous strain," and much of Eurasia, Latin American and sub- Saharan Africa lack sufficient cash reserves and access to international aid, he said. "Our analysis indicates that economic crisis increases the risk of regime-threatening instability if it continues for a one- or two-year period," Blair said. "Instability can loosen the fragile hold that many developing countries have on law and order." The economic crunch adds to a formidable list of global concerns facing the new administration's security team. Panetta said the CIA continues to regard al-Qaeda as a serious threat, as the terrorist movement retains its stronghold along the Pakistan-Afghanistan border and gains momentum in Somalia and Yemen. From rforno at infowarrior.org Thu Feb 26 14:40:07 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 26 Feb 2009 09:40:07 -0500 Subject: [Infowarrior] - Colonel: Army has working electropulse grenades Message-ID: Colonel: US Army has working electropulse grenades By Lewis Page ? Get more from this author Posted in Science, 12th February 2009 13:54 GMT http://www.theregister.co.uk/2009/02/12/electropulse_grenades/ Contradicting previous reports, a US Army electronic-warfare colonel has apparently confirmed the existence of working non-nuclear electromagnetic pulse (EMP) ordnance - apparently so portable that it is even available in hand-grenade size. The revelation came at a blogger roundtable (press conference) held in order to introduce the US Army's new electronic-warfare specialist career field. The briefing was reported by the war-hacks at Military.com: "EMP grenade technology is out there, but I've never had my hands on one," said Col Laurie Buckhout, chief of the newly formed Electronic Warfare Division, Army Operations, Readiness and Mobilization... The target may be a small building or a village, she said, and so a small jammer could be used, or EMP grenades. The conventional method of generating an EMP powerful enough to disable electronics over a large area is the detonation of a nuclear weapon. However, militaries worldwide have long wished to have such a capability in less-drastic form. This has led to extensive speculation on pulse bombs powered by conventional explosives, or High Powered Microwave (HPM) raygun-style kit*. Even the highly advanced US forces hadn't been generally thought to have developed a successful pulse-bomb yet, with most reports indicating that such a capability remains a few years off (as has been the case for decades). Furthermore, the pulse ordnance has usually been seen as large and heavy, in the same league as an aircraft bomb or cruise missile warhead - or in the case of an HPM raygun, of a weapons-pod or aircraft payload size. Now, however, it appears that in fact the US military has already managed to get the coveted pulse-bomb tech down to grenade size. Colonel Buckhout apparently envisages the Army electronic warfare troopers of tomorrow lobbing a pulse grenade through the window of an enemy command post or similar, so knocking out all their comms. The existence of pulse bombs one can clip to one's belt would also imply that bigger ones have been made. (US military-sponsored efforts to develop EMP-proof radars might lend this some credence, it wasn't for the agency involved.) It would seem that the unstoppable droid assassins, prowling aerial hunter-killers etc of the future have been stymied before they even properly got their boots on got booted up. Nonetheless, despite the apparently authoritative nature of the source, we're going to file this one under "unconfirmed". Read the Military.com report here. *US Justice Department labs say they have built a "small working prototype" portable microwave rifle, potentially able to act as a tracking radar unit, a heat/pain raygun, or a millimetre wave through- clothes nudie perv scanner of the sort which has caused controversy in airport use. From rforno at infowarrior.org Thu Feb 26 14:54:07 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 26 Feb 2009 09:54:07 -0500 Subject: [Infowarrior] - Army's New Manual Emphasizes eWar Message-ID: <579589B3-5AC5-43C9-BCFD-C882C403A707@infowarrior.org> http://www.military.com/news/article/armys-new-manual-emphasizes-ewar.html February 26, 2009 Army's New Manual Emphasizes eWar Associated Press FORT LEAVENWORTH, Kan. - For the first time since the end of the Cold War, the Army is updating its plans for electronic warfare, calling for more use of high-powered microwaves, lasers and infrared beams to attack enemy targets and control angry crowds. The new manual, produced at Fort Leavenworth and set for release today, also is aimed at protecting Soldiers against remote-controlled roadside bombs and other nontraditional warfare used by increasingly sophisticated insurgents. "The war in Iraq began to make us understand that there are a lot of targets that we should be going after in the offensive or defensive mode to protect ourselves," said Col. Laurie Buckhout, chief of the Army's electronic warfare division in Washington, D.C. The 112-page manual, a copy of which was obtained by The Associated Press before its release at the Association of the United States Army meeting in Fort Lauderdale, Fla., doesn't offer specifics on new equipment or gadgetry but lays out in broad terms the Army's fear that without new equipment and training, U.S. forces may be at a deadly disadvantage. The Army has let its electronic warfare capabilities lapse since the early 1990s, when nascent insurgencies were less sophisticated and less deadly. Army patrols currently rely on specially trained Air Force and Navy members whose electronic expertise helps sniff out improvised explosive devices, which have killed more than 1,700 U.S. troops since the war began. The new doctrine directs the Army, which has put a premium on fighting insurgents in Iraq's most populous cities, to use technology that can distinguish enemy threats from common technologies such as radios or cell phones used by civilians or friendly forces. It also calls on the Army to develop and deploy directed-energy weapons, which would produce a concentrated beam of electromagnetic energy or atomic or subatomic particles to blind, disrupt or destroy targets. Such technology could be used in a variety of attack modes against enemy equipment, facilities or personnel. Among the first tangible changes: The Army is in the process of training 1,500 Soldiers and officers in electronic warfare at Fort Sill, Okla., by September 2010, giving the military its largest electronic warfare cadre. The cost to implement the doctrine is unclear. Army officials say funding for development and training will likely come from internal budget shifts, though they don't rule out asking Congress for money down the road. Roadside bombs weren't seen as a top threat when U.S.-led forces invaded Iraq in 2003. But insurgents, resigned to losing head-on fights with American troops, increased their use of the devices and changed the dynamics of the war. IEDs are assembled from a variety of explosives, such as plastics or mortar shells, then detonated with a radio signal. In many cases, an IED explodes beneath a vehicle when the bomb is literally called by an insurgent. The ease with which IEDs are built has a sparked urgency for the Army's new effort. Also, developing the doctrine and training Soldiers positions the Army to adapt to changing technologies and streamline its approach by reducing reliance on other branches, officials say. "We had this capability since we had radios but let it lapse," said Lt. Col. Fred Harper, capabilities manager for the Army's computer network and electronic warfare activities. "We didn't have (an enemy) that had the capabilities. That whole environment has changed." Barry Watts, a senior fellow with the Center for Strategic and Budgetary Assessments in Washington, said the Army is smart to develop its own electronic warfare capabilities but questions how fast the service can get up to speed, "Especially when they have been out of it for a long time." From rforno at infowarrior.org Thu Feb 26 19:58:42 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 26 Feb 2009 14:58:42 -0500 Subject: [Infowarrior] - Cybersecurity Budget item Message-ID: <56EA16F7-648C-4A4D-B7F3-8AA649A155C9@infowarrior.org> http://www.gpoaccess.gov/usbudget/fy10/pdf/fy10-newera.pdf p71 and 72 of the FY10 budget overview document just released, in the DHS section: "Funding of $355 million is targeted to make private and public sector cyber infrastructure more resilient and secure These funds will support the base operations of the National Cyber Security Division, as well as initiatives under the Comprehensive National Cybersecurity Initiative to protect our information networks." ....again, this DC-based cybercynic thinks more of the same stuff. I gather this 355$ is for "stuff" and "services" to overlay on the existing infrastructure. But how about teaching folks how to build resilient and secure networks in the first place, so there's less "stuff" we need to use/buy/fund/administer on top of an already-flawed foundation? -rick From rforno at infowarrior.org Fri Feb 27 01:27:36 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 26 Feb 2009 20:27:36 -0500 Subject: [Infowarrior] - NSA Should Oversee Cybersecurity, Intel Chief Says Message-ID: <55E0523C-AE84-48EB-B6F7-39B0C97BAF7D@infowarrior.org> NSA Should Oversee Cybersecurity, Intel Chief Says By Kim Zetter EmailFebruary 26, 2009 | 2:55:06 PMCategories: Cybersecurity http://blog.wired.com/27bstroke6/2009/02/nsa-should-over.html Despite the fact that many Americans distrust the National Security Agency for its role in the Bush Administration's warrantless wiretapping program, the agency should be entrusted with securing the nation's telecommunications networks and other cyber infrastructures, President Obama's director of national intelligence told Congress on Wednesday. Director of National Intelligence Admiral Dennis Blair told the House intelligence committee (.pdf) that the NSA, rather than the Department of Homeland Security which currently oversees cybersecurity, has the smarts and the skills to secure cyberspace. "The National Security Agency has the greatest repository of cyber talent," Blair said. "[T]here are some wizards out there at Fort Meade who can do stuff." Blair added that "because of the offensive mission that they have, they?re the ones who know best about what?s coming back at us and it?s defenses against those sorts of things that we need to be able to build into wider and wider circles." He acknowledged that the agency had a trust handicap to overcome due to its role in the Bush Administration's secret domestic spying program, and therefore asked Congress to help convince the public that it's the right agency for the task. "I think there is a great deal of distrust of the National Security Agency and the intelligence community in general playing a role outside of the very narrowly circumscribed role because of some of the history of the FISA issue in years past. . . . So I would like the help of people like you who have studied this closely and served on commissions, the leadership of the committee and finding a way that the American people will have confidence in the supervision, in the oversight of the role of NSA so that it can help protect these wider bodies. So, to me, that?s one of the keys things that we have to work on here in the next few months." Blair is not without support for his view. Paul Kurtz, who led the cybersecurity group on Obama's transition team and was part of Bush's White House National Security Council, recently told Forbes that he supports the NSA taking a prominent role in cybersecurity. The "NSA has the vast majority of expertise in information assurance inside the U.S. government," Kurtz said. "We have to tap that expertise while respecting privacy and civil liberties. I believe NSA can play a key role with proper oversight." Obama recently tasked Melissa Hathaway, cybercoordination executive for the Office of the Director of National Intelligence, to conduct a 60-day review of Bush's Comprehensive National Cyber Security Initiative, a secretive, $30 billion, multi-year plan to address cybersecurity issues. Hathaway, a former management consultant at Booz Allen Hamilton, helped develop the classified plan, which many people have criticized for being too secretive, and has since been overseeing its implementation. She is also being touted as the likely candidate to assume the permanent role of cybersecurity czar when Obama fills the position -- a job that will likely be elevated to a presidential advisory position. From rforno at infowarrior.org Fri Feb 27 12:18:27 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 Feb 2009 07:18:27 -0500 Subject: [Infowarrior] - Optimised to Fail: Card Readers for Online Banking Message-ID: url: http://www.cl.cam.ac.uk/~sjm217/papers/fc09optimised.pdf Optimised to Fail: Card Readers for Online Banking Saar Drimer, Steven J. Murdoch, and Ross Anderson Computer Laboratory, University of Cambridge, UK http://www.cl.cam.ac.uk/users/ {sd410,sjm217,rja14} Abstract. The Chip Authentication Programme (CAP) has been intro- duced by banks in Europe to deal with the soaring losses due to online banking fraud. A handheld reader is used together with the customer?s debit card to generate one-time codes for both login and transaction au- thentication. The CAP protocol is not public, and was rolled out with- out any public scrutiny. We reverse engineered the UK variant of card readers and smart cards and here provide the ?rst public description of the protocol. We found numerous weaknesses that are due to design er- rors such as reusing authentication tokens, overloading data semantics, and failing to ensure freshness of responses. The overall strategic error was excessive optimisation. There are also policy implications. The move from signature to PIN for authorising point-of-sale transactions shifted liability from banks to customers; CAP introduces the same problem for online banking. It may also expose customers to physical harm. Keywords: banking security, reverse engineering, authentication, liability, chip and PIN Paper @ url: http://www.cl.cam.ac.uk/~sjm217/papers/fc09optimised.pdf From rforno at infowarrior.org Fri Feb 27 15:48:07 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 Feb 2009 10:48:07 -0500 Subject: [Infowarrior] - Infowarcon 2009 Message-ID: <79080EFA-1714-4E6A-A987-17617FC6BFD9@infowarrior.org> Infowarcon 2009 is coming! The event is hosted by the IO Institute of the Association of Old Crows in partnership with the National Defense University. April 22-24 2009 at the Gayloard National Resort & Convention Center just outside Washington, DC. Agenda and registration information available at: http://www.infowarcon.com/ FYI I am moderating the US Cybersecurity panel session on 24 April. Guests on the panel will include SA Jim Christie, Mudge, Bob Gourley, among others. -rick infowarrior.org From rforno at infowarrior.org Fri Feb 27 19:05:28 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 Feb 2009 14:05:28 -0500 Subject: [Infowarrior] - Sagebase.Org for pharma researchers Message-ID: http://sagebase.org/ Vision: Create an open access, integrative bionetwork evolved by contributor scientists working to eliminate human disease. Sage is a new, not-for-profit medical research organization established in 2009 to revolutionize how researchers approach the complexity of human biological information and the treatment of disease. Sage?s objectives are: ? to build and support an open access platform and databases for building innovative new dynamic disease models ? to interconnect scientists as contributors to evolving, integrated networks of biological data Background Sage resulted from the realization that the needs and potentials of clinical and molecular data to inform drug development are greater than the resources or capacity of any one company or institute. Sage is a legacy of successful proof of principle work accomplished at Rosetta Inpharmatics, a subsidiary of Merck & Co., Inc. in Seattle. Core human and intellectual property resources from this effort are seeding Sage?s growth. The primary output from Sage will be an open access platform available in the public domain. An incubation period of three to five years is anticipated in which new project data are generated, critical tools for building and mining disease models are developed and governing rules for sharing, accessing, and contributing to the platform are established. Sage is a distributed research organization with nodes embedded within core academic partner facilities. Collaborating scientists from both the nonprofit and commercial sectors will contribute to projects building and using innovative new databases and tools. More detailed information will be available soon. From rforno at infowarrior.org Sat Feb 28 21:25:26 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 28 Feb 2009 16:25:26 -0500 Subject: [Infowarrior] - "Classified But Leaked" OK in wiretap court case Message-ID: <59BF263F-7558-4015-A057-AB3CA5F671F7@infowarrior.org> Appeals Court Allows Classified Evidence in Spy Case By David Kravets EmailFebruary 27, 2009 | 3:49:39 PMCategories: Surveillance http://blog.wired.com/27bstroke6/2009/02/appeals-court-a.html A federal appeals court dealt a blow to the Obama administration Friday when it refused to block a judge from admitting top secret evidence in a lawsuit weighing whether a U.S. president may bypass Congress, as President George W. Bush did, and establish a program of eavesdropping on Americans without warrants. The legal brouhaha concerns U.S. District Judge Vaughn Walker's decision in January to admit as evidence a classified document allegedly showing that two American lawyers for a now-defunct Saudi charity were electronically eavesdropped on without warrants by the Bush administration in 2004. The lawyers ? Wendell Belew and Asim Ghafoor ? sued the Bush administration after the U.S. Treasury Department accidentally released the top secret memo to them. The courts had ordered the document, which has never been made public, returned and removed from the case after the Bush administration declared it a state secret. The document's admission to the case is central for the two former lawyers of the Al-Haramain Islamic Foundation charity to acquire legal standing so they may challenge the constitutionality of the warrantless-eavesdropping program Bush publicly acknowledged in 2005. Absent intervention from the U.S. Supreme Court, the one-line decision (.pdf) by the 9th U.S. Circuit Court of Appeals means the lawyers' case is the only lawsuit likely to litigate the merits of a challenge to Bush's secret eavesdropping program adopted in the aftermath of the Sept. 11 terror attacks. "We're trying to establish a legal precedent: A rule that the president must comply with legislation passed by Congress," said Jon Eisenberg, the attorney for the two lawyers. "The president is not above the law. This case is important to establish a legal precedent." The lawyers' suit looked all but dead in July when they were initially blocked from using the document to prove they were spied on. They were forced to return it to the government after it was declared a state secret. But last month, Walker said the document could be used in the case because there was sufficient, anecdotal evidence unrelated to the document that suggests the lawyers for the Al-Haramain charity were spied upon. Without the document, the lawyers didn't have a case. The Bush and the Obama administration's said the document's use in the trial was a threat to national security. The document at issue isn't likely to ever become public. Walker's Jan. 5 order only allows lawyers in the case to view it, and they are forbidden to publicly discuss its contents. Bush acknowledged the existence of the so-called Terror Surveillance Program in 2005. It authorized the NSA to intercept, without warrants, international communications to or from the United States that the government reasonably believed involved a member or agent of al-Qaeda, or affiliated terrorist organization. Congress authorized such spying activity in July. The Electronic Frontier Foundation claims the TSP went further, and accuses the nations' telecommunication companies of funneling all electronic communications to the National Security Agency without warrants. However, as part of the spy bill approved in July, the government immunized the telcos from lawsuits accusing them of being complicit with the Bush administration. The Obama administration on Thursday urged Judge Walker, the same judge in the Al-Haramain case, to dismiss the EFF's challenge to the immunity legislation. Walker's decision is pending. The U.S. government had designated Al-Haramain a terror organization The Justice Department declined comment. From rforno at infowarrior.org Sat Feb 28 21:26:53 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 28 Feb 2009 16:26:53 -0500 Subject: [Infowarrior] - RIAA layoffs Message-ID: <2D970560-1685-40D9-BEE6-2638319929AB@infowarrior.org> My heart bleeds for them......*not* --rf RIAA Staff Cuts May Be Far Deeper Than Reported http://www.hypebot.com/hypebot/2009/02/is-the-.html RUMORS There is no doubt that major staff reductions and changes are underway at the RIAA. But one seemingly knowledgeable but unconfirmed source tells Hypebot that the cuts run much deeper than previously reported. RIAA "It is about 90-100+ people across the US and global offices - anti-piracy, coordinated IFPI/BPI etc - trust me it's a bloodbath... (Major label heads) Hands, Morris are squeezing the ____ out of these guys after the ISP failure and a major budget cut. (The) RIAA as you know it is probably history by Tuesday of next week, a formal announcement is being drafted for drop next week. The new group is a aggregate of IFPI + remaining pieces of BPI + RIAA - (a) new leaner, coordinated group...DC offices are getting closed except for one part of one floor on Conn. Ave., just for the address." Hypebot has asked the RIAA to comment. Readers please send info on the layoffs privately to hypebot(at)skylineonline(dot)com.