From rforno at infowarrior.org Thu Jan 1 16:07:23 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 1 Jan 2009 11:07:23 -0500 Subject: [Infowarrior] - MS WGA Hypocracy? Message-ID: <5490567F-AB99-4D9F-AA3E-3AB53556FE17@infowarrior.org> According to the MS FAQ on WGA, "No information is collected during the validation process that can be used to identify or contact a user." http://www.microsoft.com/genuine/downloads/FAQ.aspx#ID0EED .....yet this WaPo article reports the following.... http://www.washingtonpost.com/wp-dyn/content/article/2008/12/31/AR2008123103061.html < - > Microsoft contends that much of the bogus software was detected by its Windows Genuine Advantage program, which is automatically installed on users' machines. It scans computers for pirated software and alerts people if it believes their products aren't properly licensed. The counterfeits were also discovered through customs seizures, test purchases by Microsoft and resellers who alerted authorities to suspicious competitors. From rforno at infowarrior.org Thu Jan 1 16:49:41 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 1 Jan 2009 11:49:41 -0500 Subject: [Infowarrior] - Defense Contractors See $$$ in Cyber Security Message-ID: Defense Contractors See $$$ in Cyber Security By Kim Zetter EmailDecember 31, 2008 | 3:27:42 PM Categories: Cybersecurity http://blog.wired.com/27bstroke6/2008/12/defense-contrac.html The profits of (conventional) war must not be as good as they used to be. Lockheed Martin and Boeing have decided the next cash cow is cyber defense. According to Bloomberg, both companies, "eager to capture a share of a market that may reach $11 billion in 2013," have formed new business units to attract money that the U.S. government will be spending to secure U.S. government computers and, no doubt, to break the security of enemy computer systems. The companies awoke to the money-making opportunity after President Bush signed a National Security Directive in January, which is commonly known as the Comprehensive National Cyber Security Initiative and is estimated will cost $30 billion or more to implement. The initiative, which includes the creation of a National Cyber Security Center to be run by the Department of Homeland Security, has been criticized for its secrecy and the role that intelligence agencies may play in the plan. Critics fear the plan is a cover to give U.S. intelligence agencies the unfettered ability to monitor all traffic that passes through the internet. The initiative has many parts, however, one of which is to secure government networks. Despite an abundance of established computer security firms that already have experience securing networks, Boeing launched its cybersecurity division in August, followed by Lockheed in October. Science Applications International Corporation (SAIC) also got in the game, as has Raytheon -- though a Raytheon spokesman wanted Bloomberg to understand that it had been thinking about cashing in on cyber security longer than Boeing and Lockheed Martin were thinking about it. The company acquired its computer security expertise the old- fashioned way -- by buying it. Raytheon purchased three computer network security firms (Oakley Networks, SI Government Solutions and Telemus Solutions Inc) in the last 18 months and says it plans to add 300 more security engineers to its stable in 2009. It's likely the others will be acquiring their expertise this way as well, which will only be good news for computer security firms that have been struggling to stay afloat the last few years when the government and private sector showed little interest in spending money to secure computer networks. ?The whole area of cyber is probably one of the faster-growing areas? of the U.S. budget, Linda Gooden, executive vice president of Lockheed?s Information Systems & Global Services unit, told Bloomberg. ?It?s something that we?re very focused on. I expect there will be a significant focus? under Obama. Lockheed hasn't always been so focused on cyber security or had much of a track record in keeping its own systems secure. Readers may recall that the defense contractor was the victim of a major cyber intrusion in 2003 dubbed Titan Rain. Both Lockheed and the Sandia National Laboratory that Lockheed managed were hit in the attack, resulting in thieves making off with Lockheed schematics and other proprietary and sensitive documents. A Sandia network security analyst named Shawn Carpenter discovered the intrusion and told his superiors, who wanted to keep the break-in quiet. In the interest of national security, Carpenter provided information about the attack to the FBI and was fired by Sandia -- the standard reward for whistleblowers everywhere. Last year a jury awarded Carpenter $4.3 million in a wrongful termination suit. From rforno at infowarrior.org Fri Jan 2 03:07:23 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 1 Jan 2009 22:07:23 -0500 Subject: [Infowarrior] - DHS/TSA "Pre-Crime" Scanner Message-ID: <46C40525-8E9B-46B5-BE4A-887ACA1362A7@infowarrior.org> Futuristic Security Checkpoints Know What You Do Before You Do It Author: TF Category: Tech 10 hours ago http://techfragments.com/news/142/Tech/Futuristic_Security_Checkpoints_Know_What_You_Do_Before_You_Do_It.html New security check points in 2020 will look just like something out of the futuristic movie, The Minority Report. The idea of the new checkpoints will allow high traffic to pass through just as you were walking at a normal pace. No more, waving a wand to get through checkpoints. The new checkpoint can detect if you have plans to set off a bomb before you even enter the building. How does it work? The U.S. Department of Homeland Security is developing a system called Future Attribute Screening Technology, or FAST for short. The system uses cameras to detect slight alterations in pupil sizes, blink rate and even direction of gaze. A laser radar called BioLIDAR measures heart rate and changes between heartbeats. The BioLIDAR can even monitor a persons respiration and track movements in the face, neck, and cheeks. Stressed out? A thermal camera will pick up on this too by gauging changes in the skin temperature. Homeland Security ran a test in September of 140 volunteers using a FAST prototype. The system was very accurately able to pick out people with hostile intent. "We're still very early on in this research, but it is looking very promising," says DHS science spokesman John Verrico. "We are running at about 78% accuracy on mal-intent detection, and 80% on deception." Homeland Security also selected a group of 23 attendees to be civilian "accomplices" in their test. They were each given a "disruptive device" to carry through the portal and, unlike the other attendees, were conscious that they were on a mission. "It does not predict who you are and make a judgment, it only provides an assessment in situations," said Burns. "It analyzes you against baseline stats when you walk in the door, it measures reactions and variations when you approach and go through the portal." From rforno at infowarrior.org Fri Jan 2 03:10:31 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 1 Jan 2009 22:10:31 -0500 Subject: [Infowarrior] - iphone 3G unlock beta Message-ID: <24A75CEB-CC70-4E9C-9926-24E86364E288@infowarrior.org> http://blog.iphone-dev.org/ We have released the 0.9.1 beta yellowsn0w 3G unlock application. Please note the following: BASICS * The unlock works exclusively with baseband 02.28.00. This baseband is provided by the latest firmware update (2.2) from Apple. You?ll need to upgrade to this release using iTunes and then use QuickPwn to activate etc. There are plenty of tutorials about this on iclarified, bigboss, and other established tutorial sites. Because it works on 02.28.00, it is available to everyone on the planet. This means we don?t need to unnecessarily expose holes in earlier basebands, which is an important concern. * The application is a small daemon that is launched on boot. It injects the payload at boot and also whenever there is a baseband reset. You won?t notice anything about it other than that your third- party sim now works. It?s a small program and unobtrusive. There is no GUI (this is by design). * You can add the application using the sources outlined below (coming soon). There are Cydia and Installer sources available, so use whichever you are comfortable using. * yellowsn0w is completely removable through Cydia, the command line, and iTunes. From rforno at infowarrior.org Fri Jan 2 15:00:17 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 2 Jan 2009 10:00:17 -0500 Subject: [Infowarrior] - 9 Muslim Passengers Removed From Jet Message-ID: <23E47C7F-3DC7-48AD-9FDD-2A378915DBE2@infowarrior.org> 9 Muslim Passengers Removed From Jet Others on Flight Say a Remark Was 'Suspicious' http://www.washingtonpost.com/wp-dyn/content/article/2009/01/01/AR2009010101932_pf.html By Amy Gardner Washington Post Staff Writer Friday, January 2, 2009; B01 Officials ordered nine Muslim passengers, including three young children, off an AirTran flight headed to Orlando from Reagan National Airport yesterday afternoon after two other passengers overheard what they thought was a suspicious remark. Members of the party, all but one of them U.S.-born citizens who were headed to a religious retreat in Florida, were subsequently cleared for travel by FBI agents who characterized the incident as a misunderstanding, an airport official said. But the passengers said AirTran refused to rebook them, and they had to pay for seats on another carrier secured with help from the FBI. Kashif Irfan, one of the removed passengers, said the incident began about 1 p.m. after his brother, Atif, and his brother's wife wondered aloud about the safest place to sit on an airplane. "My brother and his wife were discussing some aspect of airport security," Irfan said. "The only thing my brother said was, 'Wow, the jets are right next to my window.' I think they were remarking about safety." Irfan said he and the others think they were profiled because of their appearance. He said five of the six adults in the party are of South Asian descent, and all six are traditionally Muslim in appearance, with the men wearing beards and the women in headscarves. Irfan, 34, is an anesthesiologist. His brother, 29, is a lawyer. Both live in Alexandria with their families, and both were born in Detroit. They were traveling with their wives, Kashif Irfan's sister-in-law, a friend and Kashif Irfan's three sons, ages 7, 4 and 2. AirTran spokesman Tad Hutcheson agreed that the incident amounted to a misunderstanding. But he defended AirTran's handling of the incident, which he said strictly followed federal rules. And he denied any wrongdoing on the airline's part. "At the end of the day, people got on and made comments they shouldn't have made on the airplane, and other people heard them," Hutcheson said. "Other people heard them, misconstrued them. It just so happened these people were of Muslim faith and appearance. It escalated, it got out of hand and everyone took precautions." Hutcheson confirmed that it was ultimately the pilot's decision to postpone the flight. But he said the pilot was influenced not only by the complaints from passengers but by the actions of two federal air marshals on board, who had learned of the incident and reported it to airport police. As a result of that report, federal officials made the decision to order all 104 passengers from the plane and re-screen them and their luggage before allowing the flight to take off for Orlando -- two hours late and without the nine passengers. Ellen Howe, a spokeswoman for the Transportation Security Administration, said the pilot acted appropriately. "For us, it just highlights that security is everybody's responsibility," Howe said. "Someone heard something that was inappropriate, and then the airline decided to act on it. We certainly support [the pilot's] call to do that." Howe added that the TSA's involvement was limited to conducting a security sweep of the plane after the passengers were removed. Airport police officers' only involvement was to hold the passengers in custody until the FBI arrived, said Tara Hamilton, a spokeswoman for the agency that runs the airport. Hutcheson said AirTran is not likely to reimburse the passengers for the additional cost of their replacement tickets on USAirways. He said they were given a full refund for their AirTran fares and may fly on the carrier now that the investigation is complete. The detained passengers said that is not likely. "It was an ordeal," said Abdur Razack Aziz, the family friend who was also detained. "Nothing came out of it. It was paranoid people. It was very sad." From rforno at infowarrior.org Fri Jan 2 15:03:47 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 2 Jan 2009 10:03:47 -0500 Subject: [Infowarrior] - UK: Private firm may track all email and calls Message-ID: <24EDE3A4-81EF-4543-BA68-023BD0498A06@infowarrior.org> http://www.guardian.co.uk/uk/2008/dec/31/privacy-civil-liberties Private firm may track all email and calls 'Hellhouse' of personal data will be created, warns former DPP The private sector will be asked to manage and run a communications database that will keep track of everyone's calls, emails, texts and internet use under a key option contained in a consultation paper to be published next month by Jacqui Smith, the home secretary. A cabinet decision to put the management of the multibillion pound database of all UK communications traffic into private hands would be accompanied by tougher legal safeguards to guarantee against leaks and accidental data losses. But in his strongest criticism yet of the superdatabase, Sir Ken Macdonald, the former director of public prosecutions, who has firsthand experience of working with intelligence and law enforcement agencies, told the Guardian such assurances would prove worthless in the long run and warned it would prove a "hellhouse" of personal private information. "Authorisations for access might be written into statute. The most senior ministers and officials might be designated as scrutineers. But none of this means anything," said Macdonald. "All history tells us that reassurances like these are worthless in the long run. In the first security crisis the locks would loosen." The home secretary postponed the introduction of legislation to set up the superdatabase in October and instead said she would publish a consultation paper in the new year setting out the proposal and the safeguards needed to protect civil liberties. She has emphasised that communications data, which gives the police the identity and location of the caller, texter or web surfer but not the content, has been used as important evidence in 95% of serious crime cases and almost all security service operations since 2004 including the Soham and 21/7 bombing cases. Until now most communications traffic data has been held by phone companies and internet service providers for billing purposes but the growth of broadband phone services, chatrooms and anonymous online identities mean that is no longer the case. The Home Office's interception modernisation programme, which is working on the superdatabase proposal, argues that it is no longer good enough for communications companies to be left to retrieve such data when requested by the police and intelligence services. A Home Office spokeswoman said last night the changes were needed so law enforcement agencies could maintain their ability to tackle serious crime and terrorism. Senior Whitehall officials responsible for planning for a new database say there is a significant difference between having access to "communications data" - names and addresses of emails or telephone numbers, for example - and the actual contents of the communications. "We have been very clear that there are no plans for a database containing any content of emails, texts or conversations," the spokeswoman said. External estimates of the cost of the superdatabase have been put as high as ?12bn, twice the cost of the ID cards scheme, and the consultation paper, to be published towards the end of next month, will include an option of putting it into the hands of the private sector in an effort to cut costs. But such a decision is likely to fuel civil liberties concerns over data losses and leaks. Macdonald, who left his post as DPP in October, told the Guardian: "The tendency of the state to seek ever more powers of surveillance over its citizens may be driven by protective zeal. But the notion of total security is a paranoid fantasy which would destroy everything that makes living worthwhile. We must avoid surrendering our freedom as autonomous human beings to such an ugly future. We should make judgments that are compatible with our status as free people." Maintaining the capacity to intercept suspicious communications was critical in an increasingly complex world, he said. "It is a process which can save lives and bring criminals to justice. But no other country is considering such a drastic step. This database would be an unimaginable hell-house of personal private information," he said. "It would be a complete readout of every citizen's life in the most intimate and demeaning detail. No government of any colour is to be trusted with such a roadmap to our souls." The moment there was a security crisis the temptation for more commonplace access would be irresistible, he said. Other critics of the plan point to the problems of keeping the database secure, both from the point of view of the technology and of deliberate leaks. The problem would be compounded if private companies manage the system. "If there is a breach of security in that database it would be utterly devastating," one said. From rforno at infowarrior.org Fri Jan 2 15:10:12 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 2 Jan 2009 10:10:12 -0500 Subject: [Infowarrior] - List of Banished Words for 2009 Message-ID: <53FA0DE2-CCC2-4634-A5B3-B0B0FBC5D432@infowarrior.org> Lake Superior State University 2009 List of Banished Words Add your comments to the 2009 list "It's that time of year again!" Lake Superior State University "maverick" word-watchers, fresh from the holiday "staycation" but without an economic "bailout" even after a "desperate search," have issued their 34th annual List of Words to Be Banished from the Queen's English for Mis-use, Over-use and General Uselessness. This year's list may be more "green" than any of the previous lists and includes words and phrases that people from "Wall Street to Main Street" say they love "not so much" and wish to have erased from their "carbon footprint." < - > http://www.lssu.edu/banished/current.php From rforno at infowarrior.org Fri Jan 2 16:58:40 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 2 Jan 2009 11:58:40 -0500 Subject: [Infowarrior] - SAIC breached by malware Message-ID: (c/o DanO) Malware blamed in latest SAIC breach January 1st, 2009 by admin http://www.databreaches.net/?p=113 Science Applications International Corporation (?SAIC?), recipient of a number of large government contracts, notified the New Hampshire Attorney General on December 9th of a security breach involving malware. The specific malware was not named, but was described as ?designed to provide backdoor access.? The breach was detected on October 28th. In its letter to an unspecified number of affected individuals, SAIC wrote: This letter is to notify you of a potential compromise of your personal information, including your name and social security number, date of birth, home address, home phone number and clearance level and possibly other personal information necessary to complete government security clearance questionnaires (e.g., SF-8SP or SF-86). We collected this information from you to provide it to the U.S. Government either to enable you to visit a government facility or to assist you in obtaining or updating your government clearance. Our Security personnel routinely receive information regarding malicious software from industry partners. This process led to the recent discovery on October 28, 2008 of malicious software designed to provide backdoor access on a computer used to process your security clearance or visit request. Unfortunately, due to the nature of this malicious software, it avoided our standard cyber security precautions which include using industry-leading software for virus and spyware detection, intrusion detection systems, and firewalls. To help detect and prevent similar attacks, we keep pace with industry best practices and software, we continue to work with our industry partners and we are implementing Trusted Desktop, which removes elevated privileges from users. We have communicated with Defense Security Information Exchange and the Federal Bureau of Investigation regarding this malicious software, and we have sought evidence regarding whether the malicious software was used to access your personal information. To date there is no indication that any of your personal data was accessed. As there is a potential that it could have been accessed, we recommend that you take precautionary measures, including the actions further detailed in Exhibit A attached to this letter, If their description and explanation sounds familiar, it may be because SAIC had another breach almost a year ago where malware (a keylogger) also evaded their detection system. In that breach, it was mostly corporate account data at risk. The nature of the data in this most recent incident is of more concern due to its security implications. As in the previous incident, SAIC did not offer those affected by the recent breach any free services for credit monitoring or repair. From rforno at infowarrior.org Sat Jan 3 06:46:46 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 3 Jan 2009 01:46:46 -0500 Subject: [Infowarrior] - The year in IPv4 addresses: almost 200 million served Message-ID: <11B6CADF-BF2C-4369-8694-0D5F5F7C88AB@infowarrior.org> The year in IPv4 addresses: almost 200 million served By Iljitsch van Beijnum | Published: January 02, 2009 - 12:31PM CT http://arstechnica.com/news.ars/post/20090102-the-year-in-ipv4-addresses-almost-200-million-served.html One of the first things I do every year on the first of January is have a look at what happened with the IP address stockpile during the previous year. We started 2008 with 1,122.85 million unused addresses left and we ended it with 925.58 million. So the world used up 197.27 million IPv4 addresses in 2008, increasing use of the total address space from 69.7 percent a year ago to 75.3 percent now. The IP address space is managed by the Internet Assigned Numbers Authority (IANA), which is part of ICANN, the people who normally debate the virtues of .xxx domains. IANA maintains a list of 256 blocks of 16,777,216 IPv4 addresses each, identified by the first 8- bit number in an IP address. Each of those "/8" blocks is either delegated to a Regional Internet Registry (RIR), is unallocated (available for future delegation), has legacy status, or is reserved for a special use. The table below shows the overall distribution of IPv4 addresses among the regional registrars. Delegated to/status Blocks +/- 2008 Addresses (millions) Used (millions) Available (millions) AfriNIC 2 33.55 9.18 24.37 APNIC 30 +4 503.32 454.36 48.96 ARIN 31 +4 520.09 446.06 74.03 LACNIC 6 100.66 68.88 31.78 RIPE NCC 26 436.21 423.65 12.56 LEGACY 92 +1 1543.50 1363.29 180.21 UNALLOCATED 34 -9 570.43 570.43 Totals 221 3707.76 2765.42 942.34 APNIC (Asia-pacific region) and ARIN (North America) both got four new /8 blocks last year?ARIN got two of those just before Christmas. LACNIC (Latin America and Caribbean) and especially AfriNIC (Africa) still have a lot of address space to work with, but it looks like the RIPE NCC (Europe, Middle East, former USSR) will be receiving more address space from IANA soon. The block that was added to the legacy pile is 7.0.0.0/8, which was given out to the US DoD Network Information Center, which apparently didn't want this information to appear in the IANA list, but it's now listed as "administered by ARIN." (See my full report for additional caveats.) Things get more interesting when we look at the top 15 list of largest IP address-using countries. The US is still at the top, having 52.4 percent of all IPv4 addresses in use?which includes the vast majority of the legacy space. However, a few years ago this was at 60 percent, so 52 is actually an improvement. Despite that, the US was still the largest user of new IPv4 addresses in 2008 with 50.08 million addresses used. China was a close second with 46.5 million new addresses last year, an increase of 34 percent. Rank Was 2009-01-01 (millions) 2008-01-01 (millions) Increase Country 1 1458.21 1408.15 4% United States 2 3 181.80 135.31 34% China 3 2 151.56 141.47 7% Japan 4 120.29 120.35 0% Europe general 5 86.31 83.50 3% United Kingdom 6 7 81.75 72.46 13% Germany 7 6 74.49 73.20 2% Canada 8 68.04 67.79 0% France 9 66.82 58.86 14% Korea 10 36.26 33.43 8% Australia 11 12 29.75 23.46 27% Brazil 12 11 29.64 24.04 23% Italy 13 16 24.01 19.83 21% Taiwan 14 18 23.18 17.01 36% Russia 15 14 21.67 20.42 6% Spain Although China and Brazil saw huge increases in their address use, suggesting that the developing world is demanding a bigger part of the pie while IPv4 addresses last, what's really going on is more complex. India is still stuck in 18th place between the Netherlands and Sweden at 18.06 million addresses?only a tenth of what China has. And Canada, the UK, and France saw little or no increase in their numbers of addresses, while similar countries like Germany, Korea, and Italy saw double-digit percentage increases. A possible explanation could be that the big player(s) in some countries are executing a "run on the bank" and trying to get IPv4 addresses while the getting is good, while those in other countries are working on more NAT (Network Address Translation) and other address conservation techniques in anticipation of the depletion of the IPv4 address reserves a few years from now. In both cases, adding some IPv6 to the mix would be helpful. Even though last year the number of IPv6 addresses given out increased by almost a factor eight over 2007, the total amount of IPv6 address space in use is just 0.027 percent. From rforno at infowarrior.org Sat Jan 3 06:50:10 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 3 Jan 2009 01:50:10 -0500 Subject: [Infowarrior] - Online Ammo Message-ID: <7E075A69-6097-4A6E-9A77-0CC92A1712EE@infowarrior.org> Online Ammo Submitted by Sheldon Rampton on Fri, 01/02/2009 - 21:54. http://www.prwatch.org/node/8105 This "Air Force Blog Assessment" chart specifies "rules of engagement" for dealing with bloggers.This "Air Force Blog Assessment" chart specifies "rules of engagement" for dealing with bloggers.Viral marketing strategist David Meerman Scott says he was surprised recently to discover that the U.S. Air Force has its own Twitter feed, staffed by Captain David Faggard, who holds the title of Chief of Emerging Technology at the Air Force Public Affairs Agency in the Pentagon. Scott interviewed Faggard and reports that his team's "mission is to use current and developing Web 2.0 applications as a way to actively engage conversations between Airmen and the general public." Faggard says the focus is on "Direct Action within Social Media (blogging, counter-blogging, posting products to YouTube, etc.); Monitoring and Analysis of the Social Media landscape (relating to Air Force and Airmen); and policy and education (educating all Public Affairs practitioners and the bigger Air Force on Social Media)." In addition to a Twitter feed, Scott reports that Capt. Faggard writes The Official Blog of the U.S. Air Force; has pages on YouTube, MySpace and Facebook; helps publicize a Second Life area called Huffman Prairie; contributes to iReport (user name USAFPA); and is on Friendfeed, Digg, Delicious, Slashdot, Newsvine, Reddit. There's Air Force widgets. And there's even a video mashup contest for high schools to show school spirit sponsored by the Air Force. Other branches of the military are also getting into the social networking game, along with other branches of government. The Army also has its own Twitter feed, as does the Department of Homeland Security, the Bush White House, and the U.S. Joint Forces Command, the U.S. Department of State, and the Israeli Consulate in New York. Just a few months ago, U.S. military analysts raised concerns that Twitter and other online social networking technologies could become terrorist tools. It appears they've decided that they can be useful for their own purposes as well. From rforno at infowarrior.org Sun Jan 4 15:42:54 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 4 Jan 2009 10:42:54 -0500 Subject: [Infowarrior] - 12 Ways Porn Has Changed the Web (For Good and Evil) Message-ID: <06EC855A-8427-4688-BA8E-52F03248E9DD@infowarrior.org> 12 Ways Porn Has Changed the Web (For Good and Evil) The sex industry is behind many innovations that today's Netizens can't live without, as well as some nasty bits we wish had never existed. For an industry that many people won't admit they've ever patronized, pornography has had an amazing impact on virtually every new medium, from cave painting to photography. Dirty pictures have been credited with ensuring the future of the VCR, boosting cable TV subscriptions, helping to kill off the Betamax and HD DVD formats, and (perhaps most important) driving the growth of the Internet. In fact, the adult entertainment industry has been on top of many of the Net's most crucial tech innovations--but not because it invented any of them. According to Lewis Perdue, author of Eroticabiz: How Sex Shaped the Internet, "without business and technical pioneers in the online sex business, the World Wide Web would never have grown so big so quickly." (Not that we think size matters.) The innovations happen because porn is "an ecosystem in which participants are willing--indeed forced--to experiment, and where experimentation isn't hobbled by common sense, good taste, or bureaucracy," says Bruce Arnold, principal of Caslon Analytics, a research and analysis firm from Braddon, Australia, that specializes in regulatory issues, demographics, social trends, and technologies. In an industry notorious for erecting walls of secrecy, hard numbers are difficult to come by, and most evidence is anecdotal. Still, it's clear that the adult industry has helped shape the Internet as we know it today, even if it has also been at the forefront of a number of less savory innovations. Let's take a look at a not-entirely-dirty dozen. < - > http://pcworld.about.com/od/web/12-Ways-Porn-Has-Changed-the-W.htm From rforno at infowarrior.org Mon Jan 5 23:32:13 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 5 Jan 2009 18:32:13 -0500 Subject: [Infowarrior] - FBI Launches Hiring Blitz to Fill Over 2, 100 Vacancies Message-ID: FBI Launches Hiring Blitz to Fill Over 2,100 Vacancies http://www.fbi.gov/pressrel/pressrel09/hiringblitz010509.htm Today, the FBI announces a hiring initiative aimed at filling its most critical vacancies. With a hiring goal of over 2,100 professional staff positions, the FBI has implemented this aggressive initiative to fill jobs located throughout its field offices and Headquarters divisions. These vacancies are currently open, with most closing January 16th, and include fields such as: ? Administrative/Clerical ? Automotive Mechanic Professionals ? Compliance and Quality Assurance Professionals ? Electronic Technicians ? Engineering Professionals ? Fingerprint Examiners ? General Education and Training Professionals ? Finance/Accounting/Budget Analysis Professionals ? IT/Computer Science Professionals ? Intelligence/Analytical Professionals ? Language Specialists ? Management and Program Analysis ? Nursing and Counseling Professionals ? Physical/Natural/Social Science Professionals ? Records Management Professionals ? Security Professionals ? Physical Surveillance Professionals ? Human Resources Professionals ?The FBI is like no other career choice you?ve ever considered,? said Assistant Director John Raucci, FBI Human Resources Division. ?Whatever your background or expertise, you will find the FBI exceptionally rewarding. It is challenging, compelling, and important, as the work you perform has a daily impact on the nation?s security and the quality-of-life for all U.S. citizens.? The FBI will host a mega career invitational wherein applicants will be invited for interviews and timely selections will be made. All FBI positions require at least a Top Secret security clearance and all applicants must undergo a thorough background investigation. The investigation includes a polygraph examination; drug screening test; credit and records checks; and extensive interviews with former and current colleagues, neighbors, friends, professors, etc. The FBI will also hire 850 new agents this year. FBI agents come from a broad range of educational disciplines and professions; however, the FBI has special needs for candidates with critical skills in the following areas: foreign language (Arabic, Chinese, Farsi, Hebrew, Hindi, Japanese, Korean, Pashto, Punjabi, Russian, Spanish, Urdu, Somali, Vietnamese, etc.), computer science/information technology, engineering, intelligence, law, law enforcement, military, and physical sciences. Individuals interested in applying for these positions should review vacancy information available online at www.fbijobs.gov. From rforno at infowarrior.org Mon Jan 5 23:40:18 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 5 Jan 2009 18:40:18 -0500 Subject: [Infowarrior] - Panetta to Be Named C.I.A. Director Message-ID: <4181B425-6EAB-4DC2-A7D6-78E4B060DC98@infowarrior.org> January 5, 2009, 2:30 pm Panetta to Be Named C.I.A. Director By Carl Hulse AND Mark Mazzetti http://thecaucus.blogs.nytimes.com/2009/01/05/panetta-to-be-named-cia-director/?hp Update | 4:55 p.m. President-elect Barack Obama has selected Leon E. Panetta, the former congressman and White House chief of staff, to take over the Central Intelligence Agency, an organization that Mr. Obama criticized during the campaign for using interrogation methods he decried as torture, Democratic officials said Monday. Yet the choice encountered early opposition on Capitol Hill, with some senior Democrats questioning why the president-elect would pick a C.I.A. chief without a deep reservoir of intelligence or counterterrorism experience. ?My position has consistently been that I believe the agency is best- served by having an intelligence professional in charge at this time,? said Senator Dianne Feinstein who, as chairman of the Senate Intelligence Committee, would be in charge of Mr. Panetta?s confirmation. Senator Feinstein said that she had not been notified by Mr. Obama?s transition team about the selection. Mr. Panetta has a reputation in Washington as a competent manager with strong background in budget issues, but has little hands-on intelligence experience. If confirmed by the Senate, he will take control of the agency most directly responsible for hunting senior Al Qaeda leaders around the globe, but one that has been buffeted since the Sept. 11 attacks by leadership changes and morale problems. Given his background, Mr. Panetta is a somewhat unusual choice to lead the C.I.A., an agency that has been unwelcoming to previous directors perceived as outsiders, such as Stansfield M. Turner and John M. Deutch. But his selection points up the difficulty Mr. Obama had in finding a C.I.A. director with no connection to controversial counterterrorism programs of the Bush era. Aides have said Mr. Obama had originally hoped to select a C.I.A. head with extensive field experience, especially in combating terrorist networks. But his first choice for the job, John O. Brennan, had to withdraw his name amidst criticism over his role in the formation of the C.I.A?s detention and interrogation program after the Sept. 11 attacks. Members of Mr. Obama?s transition also raised concerns about other candidates, even some Democratic lawmakers with intelligence experience. Representative Jane Harman of California, formerly the senior Democrat on the House Intelligence Committee, was considered for the job, but she was ruled out as a candidate in part because of her early support for some Bush administration programs like the domestic eavesdropping program. In disclosing the pick, officials pointed to Mr. Panetta?s sharp managerial skills, his strong bipartisan standing on Capitol Hill, his significant foreign policy experience in the White House and his service on the Iraq Study Group, the bipartisan panel that examined the war and made recommendations on United States policy. The officials noted that he had a handle on intelligence spending from his days as director of the Office and Management and Budget. Mr. Deutch, now a professor at the Massachusetts Institute of Technology, said Mr. Panetta and Dennis Blair, who was selected by Mr. Obama to become director of national intelligence, were an ?absolutely brilliant team,? and called Mr. Panetta a ?talented and experienced manager of government and a widely respected person with congress.? He said that given global environment, there are indeed good reasons for Mr. Obama to select a C.I.A. veteran to lead the C.I.A. But he said that two of the agency?s most successful directors, John McCone and George H.W. Bush, had little or no intelligence intelligence experience when they took over at C.I.A. ?He will bring a wealth of knowledge of the government to the C.I.A. post and an outside perspective that I think might be helpful at this juncture in the C.I.A.?s history,? said Lee Hamilton, the former chairman of the House Intelligence Committee and a co-chairman of the Iraq Study Group. As C.I.A. director, Mr. Panetta would report to Mr. Blair, a retired admiral. Neither choice has yet been publicly announced. The C.I.A. has settled down from years of turmoil after the Sept. 11 attacks and fallout from flawed intelligence assessments about Iraq?s weapons of mass destruction programs. At the same time, it faces uncertainly about where it fits in the constellation of spy agencies operating under the director of national intelligence. In recent months, Michael V. Hayden, the current C.I.A. director, has clashed with Mike McConnell, the current director of national intelligence, about Mr. McConnell?s efforts to fill top intelligence jobs overseas with officers from across the intelligence community, not just the C.I.A. Mr. Panetta, a native of Monterey, Calif., served eight terms in the House representing his home region before becoming the chief budget adviser to President Bill Clinton in 1993. He then served as Mr. Clinton?s chief of staff from July 1994 to January 1997. Given the focus on the intelligence apparatus in the wake of the terror attacks and the ongoing conflicts in Afghanistan and Iraq, Mr. Obama?s selections in the intelligence field are expected to be closely examined. Mr. Hamilton said that if confirmed, Mr. Panetta will have the advantage of moving to the agency headquarters in Langley, Va. with a strong relationship to Mr. Obama, which can translate into influence within the broader intelligence community. He said Mr. Panetta?s lack of hands-on intelligence experience can be supplemented by others. ?You have to look at the team,? he said. ?You clearly will want intelligence professionals at the highest levels of the C.I.A.,? he said. From rforno at infowarrior.org Mon Jan 5 23:44:01 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 5 Jan 2009 18:44:01 -0500 Subject: [Infowarrior] - Top Internet Providers Cool to RIAA 3-Strikes Plan Message-ID: <8C116DD2-9170-463D-8AB4-F249F587ADEA@infowarrior.org> Top Internet Providers Cool to RIAA 3-Strikes Plan By David Kravets EmailJanuary 05, 2009 | 2:43:15 PMCategories: RIAA Litigation http://blog.wired.com/27bstroke6/2009/01/draft-verizon-o.html Two weeks after the Recording Industry Association of America announced it had struck deals with top internet service providers to cut off unrepentant music sharers, not a single major ISP will cop to agreeing to the ambitious scheme, and one top broadband company says it's not on board. The RIAA's announcement came as it revealed it was closing down its massive litigation campaign, which has targeted more than 30,000 individuals for allegedly sharing copyrighted music on the internet. Instead of federal lawsuits, the RIAA claims it would now rely on a series of accords it had reached with "leading" internet service providers, in which the ISPs have agreed to terminate customers the RIAA catches uploading three times, the association said. But when contacted by Threat Level, none of the leading ISPs acknowledged any such deal. "We are not working with them on this," Verizon spokeswoman Ellen Yu said in a telephone interview. Verizon, based in New York, has 8.5 million broadband subscribers, making it the fourth largest ISP by customer base. Comcast, the nation's second largest ISP, declined to comment, and referred inquiries to the National Cable & Telecommunications Association. The group's vice president, Brian Dietz, said he could not confirm any deals between the RIAA and his association's members, but "we look forward to working constructively with the recording industry and other content providers." The NCTA represents dozens of cable internet providers. Neither AT&T nor Verizon are represented by the group. AT&T, the nation's No. 1 internet service provider with about 14.8 million customers, declined comment through a spokesman. Time Warner Cable, Cox Communications and Charter Communications did not return repeated phone calls for comment. But the RIAA says it really has negotiated an enforcement deal with large ISPs. It just can't identify members of its coalition of the willing. "All I can tell you right now is that we have an agreement on principle with several leading ISPs but not all, and the agreement on principle is confidential," RIAA spokeswoman Cara Duckworth said in an e-mail. The recording industry began targeting individual file sharers five years ago, suing about 30,000 alleged copyright scofflaws. Most of the cases settled out of court for a few thousand dollars. Only one case went to trial, which was ultimately declared a mistrial after a federal judge said he erred when he instructed the jury that "making available" copyrighted music on the internet amounted to unauthorized distribution ? or copyright infringement ? regardless of whether actual downloading by others was shown. The mistrial decision nullified a $222,000 jury verdict against Jammie Thomas of Minnesota for sharing 24 songs on the Kazaa file sharing network. The RIAA's latest plan of enforcement with the ISPs, if it comes to fruition, is also under attack as it only targets uploaders (.pdf). A Thomas retrial is set for March, as the RIAA said it was continuing with cases that were already in the legal pipeline. From rforno at infowarrior.org Tue Jan 6 03:31:48 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 5 Jan 2009 22:31:48 -0500 Subject: [Infowarrior] - Air Security Could Involve Private Jets Message-ID: <5058CDF6-34DB-4E25-8D01-F55D223137BB@infowarrior.org> January 6, 2009 Air Security Could Involve Private Jets By CHRISTINE NEGRONI http://www.nytimes.com/2009/01/06/business/06private.html?pagewanted=print One of the biggest convenience?s of private aviation is the speed with which passengers can get on the plane and off the ground. But that may be about to change. The Department of Homeland Security is proposing to extend to private aviation many of the security rules imposed on commercial airlines. Those include requiring fingerprint- based background checks on pilots, checking passenger names against a government watch list and restricting what items may be carried onto the airplane. The proposal could affect 10,000 previously exempt air operators, including not only wealthy businessmen like Microsoft?s co-founder, Paul Allen, who owns a Boeing 757, but also fractional jet ownership companies and even some recreational fliers. The proposal to extend the jurisdiction of the Transportation Safety Administration to include private jets has angered many. Organizations representing private airplane owners have complained so vigorously that the Transportation Department has extended the comment period for the proposal and scheduled a series of public meetings. The first will be held Tuesday at Westchester County Airport in White Plains, one of the nation?s busiest for private and corporate aviation. ?Businesses have airplanes in order to transport what they produce, sometimes because it?s too difficult or impossible to carry onto an airliner,? said Ed Bolen, president of the 8,000-member National Business Aviation Association. ?Tool companies that can?t take their own products, sporting goods companies that can?t take their own products on to their own airplanes, that doesn?t make sense.? Even airplanes the size of commercial airliners, if operated privately, are currently exempt from the 9/11 security measures. It is this inconsistency that prompted the proposed regulation. In its notice, published in the Federal Register last October, the Transportation Security Administration suggests that the improvements in safeguarding public air carriers have shown the weaknesses in private operations. ?Terrorists may view general aviation aircraft as more vulnerable and thus attractive targets.? In an interview, Christopher White, a spokesman for the security agency, said: ?What we?re looking to do is address risk based on size and weight. Whether it?s public or private doesn?t matter. It?s based on the weight of the plane.? The proposal would affect owners of any airplane weighing more than 12,500 pounds ? considered ?large? by federal standards. For the most part, these are jet aircraft. But even a Beechcraft King Air 350, a twin-engine turboprop that seats 11, would be included. The idea that large planes are flown for the most part by large companies that can afford to hire a security chief, pay to check passengers against the watch list and security auditing is a misconception, according to the business aviation association. Eighty-five percent of its members are small to midsize businesses, the association says, and many of the planes they fly are small enough to fit, nose to tail, across the width of a Boeing 747. ?The size of the aircraft they have picked is very, very small,? Mr. Bolen said. ?To suggest that an airplane weighing 12,500 pounds is similar to a commercial transport airplane doesn?t hold water.? On Tuesday, more than a hundred aircraft owners are expected to argue that the proposed rule will have a major impact on general aviation. For the smaller operators, in particular, they say, the requirements may be too onerous. ?We want the feedback from the community. We need their input to be able to make sure it works for everyone,? said Michal Morgan, general manager of business operations for the T.S.A. Final action on the proposal is not expected before late spring. The Westchester meeting is the first of five scheduled nationwide, a response to the request from the general aviation industry and a letter to the Department of Homeland Security from Representative Sam Graves, a Missouri Republican who is a private pilot. ?My focus is rare antique airplanes and rare vintage warbirds,? Mr. Graves said. ?Some of these not-for-profits, they give rides to help support the upkeep and maintenance of the airplane, and this will place an undue burden on them.? Private jet owners are also angry that the security agency is proposing to hand security functions over to private companies, notable since the T.S.A. was created after 9/11 in part because of concerns that private companies had failed to adequately screen passengers at commercial airports. In seeking to significantly expand the number of airplane operators subject to security, the T.S.A. would depend on private firms that it would certify. ?They?re expanding their regulatory scope so dramatically and outsourcing regulatory oversight,? said Andy Cebula, executive vice president for government affairs at the Aircraft Owners and Pilots Association. ?That?s like the most basic responsibility of government to go out and enforce its regulations.? Hiring security experts to conduct audits on so many private airplane operations is expected to be the most expensive part of the regulation. Airplane operators would pay about 83 percent of the total costs, estimated at $196 million annually. The T.S.A. calculates that would represent about $44 a flight. The price is certain to be a large part of the debate at the public meetings, with proponents of general aviation arguing that the T.S.A. is trying to fix something that is not broken and the government arguing that reducing the risk of using airplanes as terror weapons is worth the increased supervision. From rforno at infowarrior.org Tue Jan 6 18:45:08 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 Jan 2009 13:45:08 -0500 Subject: [Infowarrior] - WTF, Apple? Message-ID: <9A255CD8-3E48-43AF-A1F6-716A07042F8E@infowarrior.org> Perhaps I give too much credit and common sense to people, but who in their right mind would sacrifice a removable laptop battery for promises of extended battery life between charges? As with the iPhone, if the battery goes, you need to send it into Apple --- didn't anyone @ Cupertino think folks MIGHT have a privacy issue with this? Or of those that do, would be willing to wipe and rebuild their machines just to get a routine part replaced since it'll be out of their positive control? Not to mention, if you're on travel, you've got a nonfunctional MacBrick when formerly you could swap a battery yourself in your hotel room/on the plane/train/conference venue. Yes, Apple just announced such a beast @ Macworld this afternoon. Apple, you really messed this one up. -rf From rforno at infowarrior.org Tue Jan 6 18:53:50 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 Jan 2009 13:53:50 -0500 Subject: [Infowarrior] - Livejournal Fires 40% of staff Message-ID: <7F1399D5-67DD-4F36-99AF-EDE487B7B3D0@infowarrior.org> http://valleywag.gawker.com/5124184/the-russian-bear-slashes-a-social-network The Russian Bear Slashes a Social Network By Owen Thomas, 2:24 AM on Tue Jan 6 2009, 28,824 views The bubble in social networking has burst, decisively. LiveJournal, the San Francisco-based arm of Sup, a Russian Internet startup, has cut 12 of 28 U.S. employees ? and offered them no severance, we're told. The quirky site, part blog and part social network, is best known for its users' weird obsessions ? like the troublesome clique of Harry Potter erotica writers, whose outr? tastes ran afoul of LiveJournal's efforts to comply with U.S. child-pornography laws. (Oddly, the site also gained a following in Russia, which led to its acquisition by Sup.) All that adds up to an environment even more distasteful to advertisers than the typical social site. The company's product managers and engineers were laid off, leaving only a handful of finance and operations workers ? which speaks to a website to be left on life support. Matt Berardo, a Yahoo executive hired on last summer, has also left. The company's Moscow-based management has told employees it blames the "global economic downturn" ? the kind of pat excuse every boss is giving for layoffs, even when mismanagement or a bad business plan is really to blame. The brutal, abrupt cuts suggest something different: That Sup founder Andrew Paulson (above), who paid an estimated $30 million for LiveJournal a little over a year ago, has realized his expensive mistake in buying at the top of the bubble. Someone familiar with the company tells us Paulson lost the CEO job last summer to Annelies van den Belt, a former News Corp. executive, and was given the meaningless title of chairman; he's essentially out of the company now. Executives at Six Apart, the blog-software company which sold LiveJournal to Sup, are happily counting the money in its bank. And they should consider themselves lucky that Vox, the LiveJournal knockoff it started, hasn't been more popular. At this point, having a larger social network in the portfolio would be a drag on the company's value. LiveJournal, founded by engineer Brad Fitzpatrick in 1999, predated most blogging services and social networks, and anticipated many of their features. (Some of Fitzpatrick's software is vital to the operation of Facebook and other large sites today.) But Fitzpatrick never figured out how to turn it into a business. Instead, he sold it to Six Apart, which didn't have much more luck. The weakest in the herd are always the first to fall. Facebook and MySpace, so far, have resisted layoffs. A host of also-ran social networks ? Hi5, MyYearbook, and other obscurities ? could be next. It's only a matter of time before investors reach the same apparent conclusion as Paulson: that there's a lot of fuss in running a social network, but not that much money. From rforno at infowarrior.org Tue Jan 6 19:18:11 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 Jan 2009 14:18:11 -0500 Subject: [Infowarrior] - Apple Offers Songs Without Copy Protection on ITunes Message-ID: <5025D867-1F31-4FDF-849C-D80403DB0F87@infowarrior.org> But does "without copy protection" mean "not watermarked with the purchaser's identity" as well? -rf Apple Offers Songs Without Copy Protection on ITunes (Update1) http://www.bloomberg.com/apps/news?pid=20601087&sid=aHgsHF0mOTOY&refer=home By Connie Gugliemo Jan. 6 (Bloomberg) -- Apple Inc. will offer all music sold through its iTunes music store without copy protection and will introduce variable pricing for tracks. Songs will cost 69 cents, 99 cents and $1.29 starting in April, with most albums priced at $9.99, Apple marketing head Phil Schiller said today at the Macworld conference in San Francisco. He spoke in place of Steve Jobs, who said yesterday that he is undergoing treatment for a ?hormone imbalance,? which led to him losing weight last year. About 8 million songs will be offered without copy- protection software as part of the iTunes Plus service starting today, Apple said. The other 2 million songs in its catalog will be available without such software by the end of March. Universal Music Group, Sony BMG and Warner Music Group will offer songs without copy-protection software. EMI Group started offering such tracks on iTunes in 2007. ITunes, introduced in 2001, has benefited from the popularity of Apple?s dominant iPod music player. The service is now the biggest source of music in the U.S., ahead of Wal-Mart Stores Inc. and Best Buy Inc., according to NPD Group in Port Washington, New York. Apple fell $1.26 to $93.32 at 2 p.m. New York time in Nasdaq Stock Market trading. The shares dropped 57 percent in 2008. To contact the reporter on this story: Connie Guglielmo in San Francisco at cguglielmo1 at bloomberg.net Last Updated: January 6, 2009 14:01 EST From rforno at infowarrior.org Wed Jan 7 01:40:44 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 Jan 2009 20:40:44 -0500 Subject: [Infowarrior] - CNN's Sanjay Gupta, new Surgeon General? Message-ID: <6F020B48-CD71-4408-B221-E68D5427C667@infowarrior.org> Obama Wants Journalist Gupta for Surgeon General http://voices.washingtonpost.com/the-trail/2009/01/06/obama_wants_journalist_for_sur.html?hpid=topnews By Howard Kurtz President-elect Barack Obama has offered the job of surgeon general to Dr. Sanjay Gupta, the neurosurgeon and correspondent for CNN and CBS, according to two sources with knowledge of the situation. Gupta has told administration officials that he wants the job, and the final vetting process is under way. He has asked for a few days to figure out the financial and logistical details of moving his family from Atlanta to Washington but is expected to accept the offer. When reached for comment today, Gupta did not deny the account but declined to comment. The offer followed a two-hour Chicago meeting in November with Obama, who said that Gupta could be the highest-profile surgeon general in history and would have an expanded role in providing health policy advice, the sources said. Gupta later spoke with Tom Daschle, Obama's White House health czar and nominee for Health and Human Services secretary, and other advisers to the president-elect. The Michigan-born son of parents who were born in India, Gupta has always been drawn to health policy. He was a White House fellow in the late 1990s, writing speeches and crafting policy for Hillary Clinton. His appointment would give the administration a prominent official of South Asian descent and a skilled television spokesman. Gupta, who hosts "House Call" on CNN, has discussed the job offer with his bosses at CBS and CNN to make sure he could be released from his contractual obligations, the sources said. His role as journalist and physician have sometimes overlapped. During the 2003 Iraq invasion, Gupta was embedded with a Navy unit called Devil Docs and, while covering its mission, performed brain surgery five times, the first of which was on a 2-year-old Iraqi boy. Gupta's only hesitation in taking the post is said to involve the financial impact on his pregnant wife and two children if he gives up his lucrative medical and journalistic careers. But he is expected to accept the position within days. Kurtz hosts CNN's weekly media program, "Reliable Sources." From rforno at infowarrior.org Wed Jan 7 15:23:18 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 7 Jan 2009 10:23:18 -0500 Subject: [Infowarrior] - Rare peek at DHS's files on travelers Message-ID: A rare peek at Homeland Security's files on travelers Posted by: Sean O'Neill, Monday, Dec 22, 2008, 12:12 PM The oversize white envelope bore the blue logo of the Department of Homeland Security. Inside, I found 20 photocopies of the government's records on my international travels. Every overseas trip I've taken since 2001 was noted. I had requested the files after I had heard that the government tracks "passenger activity." Starting in the mid-1990s, many airlines handed over passenger records. Since 2002, the government has mandated that the commercial airlines deliver this information routinely and electronically. < - > http://current.newsweek.com/budgettravel/2008/12/whats_in_your_government_trave.html From rforno at infowarrior.org Wed Jan 7 15:25:18 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 7 Jan 2009 10:25:18 -0500 Subject: [Infowarrior] - Judge: No state secrets privilege, OKs wiretap suit Message-ID: <16A7D8EA-44F2-444D-A705-E11884B8ED92@infowarrior.org> Judge doesn't buy state secrets privilege, OKs wiretap suit By Julian Sanchez | Published: January 06, 2009 - 01:31PM CT http://arstechnica.com/news.ars/post/20090106-judge-doesnt-buy-state-secrets-privilege-oks-wiretap-suit.html A federal judge ruled Monday that a lawsuit filed by an Islamic charity alleging that it was illegally wiretapped by the National Security Agency may proceed, and issued a stinging rebuke to government lawyers who have repeatedly sought to invoke the state secrets privilege to block litigation. The case, Al Haramain v. Bush, is unusual in that?unlike the Electronic Frontier Foundation's more publicized suits against the NSA and complicit telecoms?the plaintiffs in this case know that the directors of the Al-Haramain Islamic Foundation were specifically subject to warrantless surveillance, thanks to a government blunder that put a classified memo in the hands of the charity's lawyers. An appellate court ruled last year that the secret document had to be turned over to the government, and so could not be used to establish standing to sue. But in an opinion issued this summer, Judge Vaughn Walker, who has been handling a spate of suits concerning the NSA's super-secret "Stellar Wind" program, decided that the foundation could still seek to show they'd been spied upon using public evidence. On Monday, Walker concluded that they had met that burden. "Without a doubt," he wrote, plaintiffs have alleged enough to plead 'aggrieved persons' status so as to proceed to the next step in proceedings." Blocked from using the secret memo, attorneys for Al Haramain assembled a timeline, drawing on FBI memoranda and Congressional testimony, suggesting that the government had been privy to conversations between foundation directors in which they discussed people with links to Osama bin Laden. The foundation's assets were frozen in 2004 when it was classified as a "Specially Designated Global Terrorist" group?a designation the government acknowledged to be partially based on classified documents derived from surveillance. The Justice Department has repeatedly sought to block the suit by invoking national security concerns. Urging the court to reject the foundation's circumstantial evidence as insufficient, they argued that the court "cannot exercise jurisdiction based on anything less than the actual facts." But in language echoing previous rulings, Walker rejected that argument, noting that Congress had made specific provision within the Foreign Intelligence Surveillance Act for "aggrieved persons" to seek redress for improper surveillance. A core principle of jurisprudence is that statutes should be read in a way that does not render any provision meaningless, and Walker reasoned that Congress would not have explicitly provided for in camera review of classified documents if the government could simply cry "state secrets" in the face of litigation. For the same reason, he concluded that it had to be possible for plaintiffs to establish their standing to sue without relying on the government's voluntary disclosure of classified information. At times, a note of irritation crept into Walker's even, judicial language. At one point, he described the government's argument as "without merit," and characterized another as "circular." He also seemed impatient with the Justice Department's refusal to provide any classified documents addressing Al Haramain's specific claims for review in chambers. "It appears... that defendants believe they can prevent the court from taking any action under 1806(f) by simply declining to act," wrote Walker. They will have to act now. Walker is giving the government two weeks to turn over the secret document that launched the case. Barring any surprises, his in camera review should confirm what we've known all along: that Al Haramain was subject to warrantless wiretapping. He also ordered the government to begin the process of securing security clearances for Al Haramain's attorneys, which will grant them the limited access to classified material needed to participate in the case. The government will have until February 13 to comply with that order. They must also review documents related to the case in order to determine whether any can safely be declassified. A hearing later this month will set the schedule for future proceedings in the case. From rforno at infowarrior.org Wed Jan 7 17:03:54 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 7 Jan 2009 12:03:54 -0500 Subject: [Infowarrior] - DoJ 2009 Cyber Security Expo Message-ID: <39F0354D-2DFC-4C73-8064-E9C1EEA8C798@infowarrior.org> 2009 Cyber Security Expo http://www.fbcinc.com/dojcyber/default.aspx PURPOSE The 1st Cyber Security Conference is presented by the Department of Justice as a demonstration of its unwavering commitment to protect its information systems. The Cyber Security Conference will focus on cyber security threats and vulnerabilities, increased awareness, and discussions of the defensive capabilities available to the Agency. DOJ?s IT security goal is to protect its information systems through Enterprise solutions, information sharing and collaboration across its Components - Together We are Strong! WHO SHOULD ATTEND The DOJ Cyber Security Conference is a ?Can?t Miss? for IT security professionals, senior and junior management officials involved in cyber security, or anyone interested in the exciting aspects of information security. The primary attendees will be DOJ IT employees and contractors, but other federal IT employees from agencies doing business with DOJ are encouraged to attend, space permitting. The Cyber Security Conference will specifically benefit individuals with significant IT security responsibilities such as chief information officers (CIOs), authorizing officials, information system security officers and managers (ISSOs and ISSMs), system owners, information owners, system administrators and agency executives. This is an opportunity to network, trade ideas, and discuss critical issues within your respective organizations, DOJ colleagues, and industry partners. The conference features keynote and lunchtime speakers, panel discussions and session ?Threads? from senior officials. Attendees will gain a better understanding by attending specific topics, with an opportunity to gain a broader understanding by attending the entire ?thread?. Attendance at specified sessions will meet the requirement for annual IT security training under the Federal Information Systems Management Act (FISMA). http://www.fbcinc.com/dojcyber/default.aspx From rforno at infowarrior.org Wed Jan 7 17:26:17 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 7 Jan 2009 12:26:17 -0500 Subject: [Infowarrior] - Obama picks RIAA's favorite lawyer for a top Justice post Message-ID: <44056B70-25CB-4EBD-AA14-5E5BA7AAEF7B@infowarrior.org> January 6, 2009 2:55 PM PST Obama picks RIAA's favorite lawyer for a top Justice post Posted by Declan McCullagh http://news.cnet.com/8301-13578_3-10133425-38.html As a presidential candidate, Barack Obama won applause from legal adversaries of the recording industry. Stanford law professor Larry Lessig, the doyen of the "free culture" movement, endorsed the Illinois senator, as did Google CEO Eric Schmidt and even the Pirate Party. That was then. As president-elect, one of Obama's first tech-related decisions has been to select the Recording Industry Association of America's favorite lawyer to be the third in command at the Justice Department. And Obama's pick as deputy attorney general, the second most senior position, is the lawyer who oversaw the defense of the Copyright Term Extension Act--the same law that Lessig and his allies unsuccessfully sued to overturn. Obama made both announcements on Monday, saying that his picks "bring the integrity, depth of experience and tenacity that the Department of Justice demands in these uncertain times." The soon-to-be-appointees: Tom Perrelli for associate attorney general and David Ogden for deputy attorney general. Campaign rhetoric aside, this should be no surprise. Obama's selection of Joe Biden as vice president showed that the presidential hopeful was comfortable with someone with firmly pro-RIAA views. Biden urged the criminal prosecutions of copyright-infringing peer-to-peer users and tried to create a new federal felony involving playing unauthorized music. Perrelli is currently a partner in the Washington offices of Jenner and Block, where he represented the RIAA in a a slew of cases, including a high-profile bid to unmask file sharers without the requirement of a judge reviewing the evidence first. Verizon initially lost to the RIAA, but eventually prevailed in 2003 when a federal appeals court ruled the record labels' strategy under the Digital Millennium Copyright Act was unlawful. Perrelli has represented the RIAA in other lawsuits against individual file sharers. One filed in Michigan accuses a university student of distributing "hundreds of sound recordings over his system without the authorization of the copyright owners." A lawsuit against a Princeton University student makes similar arguments; Perrelli and his colleagues also tried to force Charter Communications to give up the names of 93 file-trading subscribers. A 2004 summary of a Boston lawsuit written by Harvard's Berkman Center--which opposed the RIAA in this and a current case--quotes Perrelli as telling a federal judge that it would be easy to determine who was using a wireless network to share music. "It is correct that the actual downloader may be someone else in the household," he said, but any errors can be determined easily after a "modest amount of discovery." An article on his law firm's Web site says that Perrelli represented SoundExchange before the Copyright Royalty Board--and obtained a 250 percent increase in the royalty rate for music played over the Internet by companies like AOL and Yahoo. Perrelli previously worked in the Clinton Justice Department. An article in Legal Times titled "Building an Entertainment Beast in D.C." says that in 2002, Perrelli used Jenner's reputation as an appellate law firm to "get a meeting with officials at the RIAA, at a time when Internet file-sharing entities like Napster were threatening the music business." A year later, in 2003, the law firm recruited Steven Fabrizio, previously the RIAA's senior vice president for business and legal affairs, and business began booming (the RIAA also used the Jenner law firm to write a friend-of-the-court brief in the copyright extension lawsuit). If confirmed by the Senate, which is unlikely to pose much of a hurdle, Perrelli would oversee the department's civil division, the antitrust division, and the civil rights division. Obama's choice for deputy attorney general--the second-in-command at Justice--is David Ogden, who's currently a partner at the WilmerHale law firm. As assistant attorney general for the civil division, Ogden was responsible for organizing the defense of the Child Online Protection Act, or COPA, an antiporn law that has been challenged by the ACLU in court for more than a decade with no resolution. His department also successfully defended the Sonny Bono Copyright Term Extension Act before the U.S. Supreme Court. Ogden's biography at Wilmer Hale says only that he represents the "media and Internet industries, as well as major trade and professional associations," without listing details. The Justice Department, barring exceptional cases, has a duty to defend laws enacted by Congress. Perrelli, on the other hand, went out of his way to recruit the RIAA as a very lucrative client: his law firm bills some partners' time at a princely $1,000 an hour. During his confirmation hearing, it will be instructive to see if senators ask whether his zealous anti-file sharing advocacy can make him an objective civil servant--especially when these same politicians want the Justice Department to sue peer-to-peer pirates at taxpayer's expense. (Then again, if that proposal becomes law, Perrelli's surely the right man for the job.) It will also be instructive to see if this week's news prompts some of the RIAA's longtime adversaries to moderate their enthusiasm for Obama's technology policies. Declan McCullagh, CNET News' chief political correspondent, chronicles the intersection of politics and technology. He has covered politics, technology, and Washington, D.C., for more than a decade, which has turned him into an iconoclast and a skeptic of anyone who says, "We oughta have a new federal law against this." E-mail Declan. From rforno at infowarrior.org Fri Jan 9 03:41:27 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 8 Jan 2009 22:41:27 -0500 Subject: [Infowarrior] - NYPD wants tech to disrupt wireless communications Message-ID: <4BF86CB4-FA21-41A3-B752-461EE355DF4B@infowarrior.org> NYPD wants tech to disrupt wireless communications RAW STORY Published: Thursday January 8, 2009 http://rawstory.com/news/2008/NYPD_wants_tech_to_disrupt_wireless_0108.html In a Thursday testimony before the Senate Committee on Homeland Security and Governmental Affairs, New York City Police Commissioner Raymond Kelly revealed that his department is seeking technology that can disrupt cell phone and other wireless communications in the event of a crisis. Kelly also said that in such events as a mass casualty attack on American soil, the media can pose a threat by revealing key police tactics, which could be relayed to said attackers. Later in his testimony, Kelly revealed that the New York harbor is vulnerable to attack. He also emphasized his wish to see wiretap warrant requests to the FISA court expedited. This movement by the department comes on the heels of the "relative simplicity of this attack" in Mumbai, where "10 people with basic weapons" managed to wreak bloody havoc in the city for three days, Kelly said. "Public-private interactions are crucial and must be developed before an incident occurs," Charles Allen, intelligence chief at the Department of Homeland Security, told the Senate committee. "Target knowledge was paramount to the effectiveness of the attack" in Mumbai. Allen emphasized that shopping malls should have evacuation plans. A deceptively-simple tool, the cell phone, was also put to deadly effect by the Mumbai attackers, Kelly reminded. Transcripts of intercepted telephone calls showed that the militants used the mobile devices to keep up to date on law enforcement's advances and to receive encouragement for their bloody rampage. "When lives are at stake, law enforcement needs to find ways to disrupt cell phones and other communications in a pinpointed way against terrorists who are using them," he suggested. "I think what we take away from this is a very sober thought that soft targets can create, for political effect, exactly what extremists want," Allen added. He recalled alleged links between Lashkar-e-Taiba and Al-Qaeda, warning that "informal linkages go back between Al-Qaeda and Lashkar-e- Taiba, and that should give us something to worry about as well." With wire reports. From rforno at infowarrior.org Fri Jan 9 03:44:33 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 8 Jan 2009 22:44:33 -0500 Subject: [Infowarrior] - Wage Cyberwar Against Hamas, Surrender Your PC Message-ID: Wage Cyberwar Against Hamas, Surrender Your PC By Noah Shachtman EmailJanuary 08, 2009 | 1:10:27 PMCategories: Info War, Sabras http://blog.wired.com/defense/2009/01/israel-dns-hack.html A group of Israeli students and would-be cyberwarriors have developed a program that makes it easy for just about anyone to start pounding on pro-Hamas websites. But using this "Patriot" software, to join in the online fight, means handing over control of your computer to the Israeli hacker group. "While you're running their program, they can do whatever they want with your computer," Mike La Pilla, manager of malicious code operations at Verisign iDefense, the electronic security firm. The online collective "Help Israel Win" formed in late December, as the current conflict in Gaza erupted. "We couldn't join the real combat, so we decided to fight Hamas in the cyber arena," "Liri," one the group's organizers, told Danger Room. So they created a simple program, supposedly designed to overload Hamas-friendly sites like qudsnews.net and palestine-info.info. In recent years, such online struggles have become key components in the information warfare that accompanies traditional bomb-and-bullets conflicts. Each side tries to recruit more and more people -- and more and more computers -- to help in the network assaults. Help Israel Win says that more than 8,000 people have already downloaded and installed its Patriot software. It's a small part of a larger, increasingly sophisticated propaganda fight between supporters of Israel and Hamas that's being waged over the airwaves and online. Help Israel Win, which has websites in Hebrew, English, Spanish, French, Russian and Portugese, doesn't say much about how the program functions -- only that it "unites the computer capabilities of many people around the world. Our goal is to use this power in order to disrupt our enemy's efforts to destroy the state of Israel. The more support we get, the more efficient we are." Analysis from iDefense and the SANS Institute, however, reveals that computer users put their PCs at risk when they run the Patriot software. The program connects a computer to one of a number of Internet Relay Chat (IRC) servers. Once the machine is linked up, Help Israel Win can order it to do just about anything. The Patriot program does something "fishy," SANS Institute security specialist Bojan Zdrnja said, by retrieving "a remote file and sav[ing] it on the local machine as TmpUpdateFile.exe." That could easily be a "trojan," Zdrnja said, referring to a program that sneaks malicious code onto a computer. "While at the moment it does not appear to do anything bad (it just connects to the IRC server and sites there -- there also appeared to be around 1,000 machines running this when I tested this) the owner can probably do whatever he wants with machines running this," Zdrnja wrote. Liri, with Help Israel Win, conceded that "the Patriot code could be used as a trojan. However, "practically it is not used as such, and will never be." "The update option is used to fix bugs in the client, and not to upload any malicious code... never have and never will," Liri said. "The project will close right after the war is over, and we have given a fully functional uninstaller to [remove] the application." It's also unclear how much the Patriot program is really helping the Israeli side in the online information war. La Pilla has been monitoring Help Israel Win's IRC servers for days. "They didn't make us download and install anything. Didn't make us [attack] anybody. I was basically just sitting idle on their network." The group claims to have shut down sarayaalquds.org and qudsvoice.net. But, as of now, the rest of the group's pro-Hamas targets remain online. Meanwhile, Help Israel Win has had to shift from website to website, as they come under attack from unknown assailants. From rforno at infowarrior.org Fri Jan 9 03:50:11 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 8 Jan 2009 22:50:11 -0500 Subject: [Infowarrior] - Ebook DRM provider goes dark, books disappear Message-ID: <38F7E6CD-726A-405E-9342-1B4665A4C896@infowarrior.org> (Is why I still prefer hardcopy to PDF, and hardbacks to Kindle. And why none of my books ever released electronically had any DRM whatsoever.....much to my publishers' annoyance. I told 'em whatever a customer could do with a real book is what I wanted them to do with the electronic version. --rf) Ebook DRM provider goes dark, the books you paid for disappear Posted by Cory Doctorow, January 8, 2009 12:55 PM | permalink Hudson sez, "Fictionwise used Overdrive to provide DRM encrypted ebooks to their customers and Overdrive has informed them that they will be shutdown on 30 January with no reason given. Since Fictionwise doesn't have the decryption keys, they are not able to provide new versions of the books to all customers." Fictionwise strives to maintain your purchases indefinitely, but our terms of service do not guarantee they will be available forever. Forever is a long time. We have control of our MultiFormat files and we have control of the Secure eReader format, so that gives us the ability to ensure we will continue to be able to deliver those formats to you. However, as noted above, other formats are delivered through third party aggregators. We do not have legal control of those third party servers. If those third party servers "go dark" for one reason or another, we have no way to continue delivering those files. And publishers wonder why their customers rip books off on #bookwarez sites rather than paying for them... http://www.boingboing.net/2009/01/08/ebook-drm-provider-g.html From rforno at infowarrior.org Sat Jan 10 05:14:30 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 10 Jan 2009 00:14:30 -0500 Subject: [Infowarrior] - (Under)mining Privacy in Social Networks Message-ID: <88A117DD-7EE1-426C-9C11-135737452B74@infowarrior.org> (Under)mining Privacy in Social Networks Monica Chew Dirk Balfanz Ben Laurie? {mmc,balfanz,benl}@google.com Google Inc. Paper PDF: http://w2spconf.com/2008/papers/s3p2.pdf Article: http://www.newscientist.com/blogs/shortsharpscience/2009/01/what-your-social-network-can-r.html From rforno at infowarrior.org Mon Jan 12 17:04:59 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 Jan 2009 12:04:59 -0500 Subject: [Infowarrior] - Too many U.S. agencies tackle cybersecurity threats Message-ID: <9064301B-E39D-4C7F-8712-BB6E65811D7C@infowarrior.org> oo many U.S. agencies tackle cybersecurity threats Published: Jan. 9, 2009 at 3:44 PM http://www.upi.com/Security_Industry/2009/01/09/Too_many_US_agencies_tackle_cybersecurity_threats/UPI-76491231533856/ By LOREN B. THOMPSON UPI Outside View Commentator ARLINGTON, Va., Jan. 9 (UPI) -- Within the U.S. federal government, most of the funding allocated to information security and offensive cyber operations is spent by agencies of the Department of Defense. The biggest player is the National Security Agency at Fort Meade, Md., which since the early days of the Cold War has been engaged in collecting and analyzing signals intelligence. The NSA appears to have lead responsibility for securing all intelligence networks, and it shares expertise with the Defense Information Systems Agency that oversees military networks. U.S. Strategic Command is the lead combatant command responsible for information operations and cybersecurity. In addition, each of the military departments of the Department of Defense -- the U.S. Army, U.S. Navy and U.S. Air Force -- has a dedicated command for managing information networks and assuring their security. Although it receives much less money for network operations and security than the Department of Defense, the U.S. Department of Homeland Security is the lead federal agency for coordinating national cyberdefense initiatives. The Department of Homeland Security maintains a National Cyberspace Response System that includes the U.S. Computer Emergency Readiness Team. This is the best-known domestic responder to cyber incidents. A National Cyber Security Center was recently established within the Department of Homeland Security to oversee the Comprehensive National Cybersecurity Initiative begun by the Bush administration in early 2008. That initiative, which extends over many years and entails dozens of different projects, is supposed to integrate the security efforts of both defense and civil agencies in addressing all of the U.S. government's cyber vulnerabilities. However, as this brief description of U.S. organization for cyberdefense demonstrates, the structure of the U.S. government does not lend itself to timely and consistent implementation of network- security measures. The threat is evolving too fast and on too many fronts. No single agency can address the entire cyber challenge, because it crosses all organizational and operational boundaries. Various departments or agencies of the federal government may wish to lead the cybersecurity effort, but they all lack the authority to direct actions by organizations outside their budget or chain of command. Only the White House has the power to lead such a multifaceted undertaking, and the National Security Council is the logical mechanism within the White House to take on that task. Without White House leadership, bipartisan support and public awareness, it is unlikely that the United States can defeat the danger to its vital information networks. From rforno at infowarrior.org Tue Jan 13 13:05:38 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 13 Jan 2009 08:05:38 -0500 Subject: [Infowarrior] - The Drew Verdict Makes Us All Hackers Message-ID: <72E03F2B-BD35-40D2-AEDD-071601536D68@infowarrior.org> The Drew Verdict Makes Us All Hackers Mark Rasch, 2009-01-09 http://www.securityfocus.com/columnists/489?ref=rss Last month, Lori Drew ? the middle-aged Missouri mother who participated in a plan to deceive a 13-year-old girl that ultimately led to the girl's suicide ? was convicted by a Los Angeles federal jury of several misdemeanor counts of unauthorized access to MySpace's computers. The ultimate verdict was perhaps the worst possible outcome, from both a legal and a social standpoint. The final ruling could pose a genuine threat of widespread civil and criminal litigation against almost everyone, especially security researchers and white-hat hackers. The government argued that Drew, together with her daughter and a post- adolescent employee, created a fictitious MySpace user account in the name of a 16-year-old boy, and used that account not only to obtain information about the girl, but ultimately to "intentionally inflict severe emotional distress," the indictment charges. However, the jury didn't buy it. They rejected the government's argument about motive, noting to at least one reporter that there was no evidence that the messages Drew sent through MySpace were malicious. However, the jury did convict Drew of electronic trespass ? that is, hacking. What is left of the government's theory is that, if you violate the terms-of-service of any online agreement, you are using the services in excess of your authorization. While the risks of an actual criminal prosecution may be minimal, from a legal perspective the precedent is disastrous. For example, the Google TOS expressly says that you have to have the capacity to contract before you can use the service: Thus, a 16-year-old boy who does a Google search technically violates the TOS and commits a crime. What is worse is that, if I am asked for legal advice, I would have to say that it is technically a crime, but that you would be unlikely to be prosecuted. This undoubtedly will have a chilling effect on all kinds of conduct that should be permitted even though it is technically in violation of some provision of a terms-of-service agreement. A legal pretzel When the Federal Computer Fraud and Abuse Act, 18 USC 1030 was drafted in the early 1980s, it was intended to fix a loophole in the law. If a person "broke in" to a house, an office, a store, or some physical place, they could be convicted of criminal trespass. If they did so with the intent to commit some crime, they could be convicted of a more serious crime ? say, for example, burglary. But there was no similar crime for breaking in to a computer, computer system, or computer network. Hence, the new statute. Originally, the statute distinguished between breaking in (accessing without authorization) and stealing something (obtaining certain kinds of protected information), recognizing that not all kinds of information should be protected under federal criminal law. Over the years however, the requirements of the statute were progressively weakened. Accessing a computer without authorization ? never a particularly well-defined concept to begin with ? morphed into the even more ambiguous "exceeding the scope of authorization" to access a computer. Instead of protecting certain classes of information ? such as financial transaction or classified secrets ? the statute now permits prosecution of people who obtained any kind of information, including publicly available information. Moreover, the misdemeanor provisions of the federal law now make it a crime to, in interstate commerce, intentionally exceed authorized access to a computer and thereby obtain information. Essentially, the new statute took vague, ambiguous, and undefined concepts of authorization, access, computer, and information, and made them even more convoluted. It vests in the prosecutor and the jury the sole discretion about whether or not a particular action constitutes a crime. Felonies and misdemeanors Had the jury been convinced that the government had proven that Lori Drew intended to commit some crime or tort in creating the fictitious account, then a felony conviction would have at least been understandable. The jury wanted to "punish" Drew. The problem is that the jury stated that they were not convinced that Drew had intent to commit any crime or tort. Lori Drew was ultimately convicted only of having exceeded the scope of her permission to use the MySpace account by violating the MySpace's terms-of-service agreement. They were likewise not persuaded that Drew hadn't "intentionally" exceeded the scope of her authorization, because she never saw the terms-of-service. One juror commented to Wired News that "I always read the terms of service ... If you choose to be lazy and not go though that entire agreement or contract of agreement then absolutely you should be held liable." So what we are left with is a plain vanilla breach of contract case leading to incarceration. This is made all the worse by the fact that, unlike the Drew juror claims, most of us either do not read or do not strictly comply with the terms-of-service agreement, which are written by lawyers to both protect the website or hosting service or, at a minimum, to limit their liability. Thus, things like allowing your children to do a Google search violates criminal law. Using a work computer for a non-business purpose may be grounds not only for dismissal, but also for incarceration, even if no harm results. The same concept has been repeatedly used in civil lawsuits claiming that a breach of a terms of service constitutes a "trespass to chattels." Thus, a corporate website which says something like "by using this website, you agree never to criticize this company" would not only open someone to breach of contract liability, but also to trespass prosecution. Of course, the federal criminal law does have an exception. It permits authorized law enforcement or intelligence activities, so that the cops can lie. Entities like Perverted Justice, which pose as adolescents online to lure child predators would be repeat criminals themselves. Children who themselves lie about their identities to ward off predators would similarly be subject to prosecution. While the threat of actual criminal prosecution for any of these terms- of-service breaches is small, if you were to ask me ? based on the Drew case ? whether any of these actions were "legal," I would have to answer "no." While we clearly do not want to encourage or reward irresponsible and malicious conduct like that Drew alleged committed, we similarly do not want to criminalize essentially innocent conduct, which is for what she was convicted. This would have a chilling effect on a range of otherwise permissible behavior. The trial judge has the option to dismiss the charges ? either on factual or legal grounds. Factually, there is scant evidence that Drew personally created the fictitious account or read ? or had the opportunity to read ? the terms-of-service agreement she is convicted of violating. For the judge to overturn the verdict from a legal standpoint, he would have to conclude that merely exceeding the scope of a terms-of-service agreement does not itself constitute a violation of a statute which makes it a misdemeanor to, in interstate commerce, "intentionally exceed authorized access to a computer and thereby obtain information." We make lots of things crimes in this country. Spitting on the sidewalk, jaywalking, and even double parking. Let's not add breach of terms-of-service agreements to the mix. From rforno at infowarrior.org Tue Jan 13 13:07:49 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 13 Jan 2009 08:07:49 -0500 Subject: [Infowarrior] - Litigation Nation Message-ID: Litigation Nation By George F. Will Sunday, January 11, 2009; Page B07 http://www.washingtonpost.com/wp-dyn/content/article/2009/01/09/AR2009010902353.html Called to a Florida school that could not cope, police led the disorderly student away in handcuffs, all 40 pounds of her 5-year-old self. In a Solomonic compromise, schools in Broward County, Fla., banned running at recess. Long Beach, N.J., removed signs warning swimmers about riptides, although the oblivious tides continued. The warning label on a five-inch fishing lure with a three-pronged hook says "Harmful if swallowed"; the label on a letter opener says "Safety goggle recommended." No official at the Florida school would put a restraining arm around the misbehaving child lest he or she be sued, as a young member of Teach for America was, for $20 million (the school settled for $90,000), because the teacher put a hand on the back of a turbulent seventh-grader to direct him to leave the classroom. Another teacher's career was ruined by accusations arising from her having positioned a child's fingers on a flute. A 2004 survey reported that 78 percent of middle and high school teachers have been subjected to legal threats from students bristling with rights. Students, sensing the anxiety that seizes schools when law intrudes into incidental relations, challenge teachers' authority. Someone hurt while running at recess might sue the school district for inadequate supervision of the runner, as Broward County knows: It settled 189 playground lawsuits in five years. In Indiana, a boy did what boys do: He went down a slide headfirst -- and broke his femur. The school district was sued for inadequate supervision. Because of fears of such liabilities, playgrounds all over America have been stripped of the equipment that made them fun. So now in front of televisions and computer terminals sit millions of obese children, casualties of what attorney and author Philip Howard calls "a bubble wrap approach to child rearing" produced by the "cult of safety." Long Beach removed the warning signs because it is safer to say nothing: Reckless swimmers injured by the tides might sue, claiming that the signs were not sufficiently large or shrill or numerous, or something. Only a public outcry got the signs restored. ad_icon Defensive, and ludicrous, warning labels multiply because aggressiveness proliferates. Lawsuits express the theory that anyone should be able to sue to assert that someone is culpable for even an idiotic action by the plaintiff, such as swallowing a fishing lure. A predictable byproduct of this theory is brazen cynicism, encouraged by what Howard calls trial lawyers "congregating at the intersection of human tragedy and human greed." So: A volunteer for a Catholic charity in Milwaukee ran a red light and seriously injured another person. Because the volunteer did not have deep pockets, the injured person sued the archdiocese -- successfully, for $17 million. The thread connecting such lunacies is a fear permeating American life. It is, alas, a sensible fear arising from America's increasingly perverse legal culture that is the subject of what surely will be 2009's most needed book on public affairs -- Howard's "Life Without Lawyers: Liberating Americans From Too Much Law." A nation in which the proportion of lawyers in the workforce almost doubled between 1970 and 2000 has become ludicrously dense with laws. Now legal self-consciousness is stifling the exercise of judgment. Today's entitlement culture inculcates the idea that everyone is entitled to a life without danger, disappointment or aggravation. Any disagreement or annoyance can be aggressively "framed in the language of legal deprivation." Law is essential to, but can stifle, freedom. Today, Howard writes, "Americans increasingly go through the day looking over their shoulders instead of where they want to go." The land of the free and the home of the brave has become "a legal minefield" through which we timidly tiptoe lest we trigger a legal claim. What should be routine daily choices and interactions are fraught with legal risk. Time was, rights were defensive. They were to prevent government from doing things to you. Today, rights increasingly are offensive weapons wielded to inflict demands on other people, using state power for private aggrandizement. The multiplication of rights, each lacking limiting principles, multiplies nonnegotiable conflicts conducted with the inherent extremism of rights rhetoric, on the assumption, Howard says, "that society will somehow achieve equilibrium if it placates whomever is complaining." But in such a society, dazed by what Howard calls "rule stupor" and victimized by litigious "victims," the incentives are for intensified complaining. Read Howard's book, and weep for the death of common sense. georgewill at washpost.com From rforno at infowarrior.org Tue Jan 13 23:40:00 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 13 Jan 2009 18:40:00 -0500 Subject: [Infowarrior] - Genachowski to Lead F.C.C. Message-ID: <423B4CF9-C80E-4AF5-9153-FBD7220C1D4A@infowarrior.org> Obama to Select Genachowski to Lead F.C.C. By Stephen Labaton http://thecaucus.blogs.nytimes.com/2009/01/13/obama-to-select-genachowski-to-lead-fcc/?hp President-elect Barack Obama intends to nominate Julius Genachowski , an adviser on technology issues and longtime friend, to become the next chairman of the Federal Communications Commission, advisers to Mr. Obama said. Mr. Genachowski, 46, was a major fund-raiser for the Obama campaign who also played a leading role in the campaign?s highly successful online strategy. He remains very close to Mr. Obama?both men went to Columbia College and Harvard Law School and the two served together on the Harvard Law Review. They also were basketball buddies. During the campaign, Mr. Genachowski shaped many of Mr. Obama?s telecom policies. He advocated an open Internet in the debate over so- called ?net neutrality,?? and media-ownership rules that promote a diversity of voices on the airwaves. People involved in the transition said that Mr. Genachowski was a top candidate for both the chairmanship and a new White House position overseeing technology issues that has not been fully defined yet. If confirmed, one of his first challenges at the commission will be what to do about the problems plaguing the conversion to digital television. The Obama transition team has asked Congress to delay the conversion, set for Feb. 17, because millions of viewers have been unable to obtain coupons to pay for converter boxes that would enable their sets to receive signals once all broadcasters lose their analog signal. (The conversion will not affect viewers who subscribe to cable or satellite television services.) The chairmanship of the F.C.C. has played a more expansive role in regulating the economy, particularly with the rise of the Internet and wireless communications over the last 20 years. Now, as the new administration plans to make the expansion of broadband and Internet services a significant part of its stimulus package, Mr. Genachowski, with his close ties to Mr. Obama, could wind up with an even bigger role than his predecessors in shaping economic policy. After graduating from law school, Mr. Genachowski clerked for federal appeals court judge Abner J. Mikva after Mr. Obama turned down the same job. Mr. Genachowski then clerked for Supreme Court Justice David H. Souter. He was chief counsel to Reed Hundt, a chairman of the Federal Communications Commission, during the Clinton administration. He then worked for eight years as a senior executive at Barry Diller?s IAC/Interactive Corporation. He also founded an investment and advisory firm for digital media companies and co-founded the country?s first commercial ?green?? bank. From rforno at infowarrior.org Wed Jan 14 05:03:12 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 Jan 2009 00:03:12 -0500 Subject: [Infowarrior] - Congress follows Obama to YouTube Message-ID: Congress follows Obama to YouTube RAW STORY Published: Tuesday January 13, 2009 http://rawstory.com/news/2008/Congress_follows_Obama_to_YouTube_0113.html WASHINGTON (AFP) - The US Senate and House of Representatives have launched YouTube channels following a presidential election in which the video-sharing website played an influential role. Steve Grove, head of news and politics at Google-owned YouTube, announced the creation of the channels, youtube.com/senatehub, and youtube.com/househub, in a post on the YouTube blog on Monday that also featured appearances in a YouTube video by the Democratic and Republican leaders of the chambers. Grove said members of the US Congress would be "posting videos direct from their Washington offices, as well as clips of floor speeches and committee hearings alongside additional behind-the-scenes footage from Capitol Hill." "The House Hub and Senate Hub are the digital equivalents of a backstage pass to your government," Grove said. Both Democratic president-elect Barack Obama and his Republican rival John McCain made heavy use of YouTube during the presidential race, posting official campaign videos on the site and encouraging its use by supporters. Since his November 4 election victory, Obama has also been putting his weekly addresses to the nation on YouTube. The Senate and House hubs on YouTube each provide a map of the United States which links to a congressional representative's individual YouTube channel, if they have one. YouTube viewers can subscribe to a particular channel, post videos on the site or ask their legislator questions. "Find your Senator and Representative on YouTube and make a connection ... and if your elected representative doesn't have a YouTube channel yet, give them a call or an email and encourage them to get started," Grove said. "These YouTube channels have the potential to make Congress more transparent and accessible than ever before -- but only if you continue to connect and engage with your government on the site," he added. From rforno at infowarrior.org Thu Jan 15 01:32:58 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 Jan 2009 20:32:58 -0500 Subject: [Infowarrior] - Ricardo 'KHAAAAAN!' Montalban dies at 88 Message-ID: <44174C1D-E433-4C2C-875A-AE225C9F0B05@infowarrior.org> He'll always be Khan Noonian Singh to me . ---rf Ricardo Montalban dies at 88 'Fantasy Island' star was an Emmy winner By Duane Byrge Jan 14, 2009, 04:39 PM ET http://www.hollywoodreporter.com/hr/content_display/news/e3ifd8da3b8f313b1485de7cee780e2549d Ricardo Montalban, who became a household name for his performance as the wish-granting Mr. Roarke on "Fantasy Island," died Wednesday at his home in Los Angeles. The actor was 88. Montalban's death was announced at a meeting of the city council by president Eric Garcetti, who represents the district where the actor lived. Garcetti did not give a cause of death. Although he was best known as the charming Roarke on ABC's 1978-84 hit series, Montalban was also a gifted character actor who won an Emmy for his portrayal of a Sioux chief in the miniseries "How the West Was Won." Montalban's suave manner and patriarchal dignity became his trademarks, and for a period in his late career, he served as the TV pitchman for Chrysler. His dignified intonation -- "rich Corinthian leather" with his regal rolling of the "R's" -- caught viewers' favor and was widely repeated. Montalban could also play the most dastardly villains, most memorably his portrayal as the diabolical Khan in the second "Star Trek" movie, "The Wrath of Khan." Because he had played the role during the TV series with such menace, the film producers brought back the character for the film. Earlier, he had done turns in "Escape From the Planet of the Apes" and "Conquest of the Planet of the Apes" (1971). A good sport, Montalban joined such other acting straight arrows as Robert Stack and Leslie Nielsen to spoof their images in "The Naked Gun" (1988). His tall-dark-and-handsome looks won him a number of "Latin lover" roles during his days under contract at MGM in the 1940s. Along with Fernando Lamas, he played a number of romantic Latin leads during the 1940s and '50s for MGM. Montalban won distinction in his first leading role opposite Cyd Charisse in "Fiesta" (1947), a romantic bullfighter extravaganza that starred Esther Williams. He gave a gritty performance as a U.S. soldier in "Battleground" (1949), the foxhole saga of the Battle of the Bulge, which won a screenplay Oscar as well as best picture and best director nominations. Because of his dark looks appearance, Montalban was cast in an array of ethnic roles during the '50s, including American Indian and even Japanese. He delivered one of his most memorable performances as a Kabuki actor in "Sayonara" (1957), which starred Marlon Brando and Red Buttons. He went on to co-star during this period in a wide range of films, from "Cheyenne Autumn" (1964) to "The Singing Nun" (1966). During the 1960s, he was active in TV, making guest appearances on a wide range of shows, including: "The Virginian," "Ben Casey," "Burke's Law," "The Defenders," "Dr. Kildare" and "The Man From U.N.C.L.E." In later years, he sometime appeared as himself, including an appearance on "Dynasty" in 1981. Born Ricardo Gonzalo Pedro Montalban y Merino on Nov. 25, 1920, he spent much of his youth living not far from the Los Angeles Coliseum. He returned to Mexico as a young adult to begin his movie career, where he played in a wide array of romantic fodder. During this period, he also performed on the stage, landing small parts on Broadway. After his U.S. movie debut in "Fiesta," he was cast in such lightweight fare as "The Kissing Bandit" (1948), where he did a lively turn as a dancer, "Neptune's Daughter" (1949), "Two Weeks With Love" (1950), "Sombrero" (1953) and "Latin Lovers" (1953), among other films. Most recently, he played the grandfather in "Spy Kids 2: Island of Lost Dreams" (2002) as well as Senor Senior Senior on the Disney Channel series "Kim Possible." Since the mid 1990s, Montalban had been plagued by back problems after a difficult operation on his spine to repair an injury he received when filming "Across the Wide Missouri" (1951). Plagued with pain, he was often confined to a wheelchair. Montalban married Georgiana Young, who was Loretta Young's sister, in 1944. The couple had four children. From rforno at infowarrior.org Thu Jan 15 13:46:34 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Jan 2009 08:46:34 -0500 Subject: [Infowarrior] - FISA Court Rules Wiretapping Program Legal Message-ID: <14A5A0A6-E781-4E5D-BD90-ADFAD0740032@infowarrior.org> January 16, 2009 Intelligence Court Rules Wiretapping Program Legal By ERIC LICHTBLAU http://www.nytimes.com/2009/01/16/washington/16fisa.html?_r=1&hp=&pagewanted=print WASHINGTON ? A federal intelligence court, in a rare public opinion, is expected to issue a major ruling validating the power of the president and Congress to wiretap international phone calls and intercept e-mail messages without a court order, even when Americans? private communications may be involved. The court decision is expected to be disclosed as early as Thursday in an unclassified, redacted form. It was made in December by the Foreign Intelligence Surveillance Court of Review, which has issued only two prior rulings in its 30-year history. The decision marks the first time since the disclosure of the National Security Agency?s warrantless eavesdropping program three years ago that an appellate court has addressed the constitutionality of the federal government?s wiretapping powers. In validating the government?s wide authority to collect foreign intelligence, it may offer legal credence to the Bush administration?s repeated assertions that the president has constitutional authority to act without specific court approval in ordering national security eavesdropping. The appeals court is expected to uphold a secret ruling issued last year by the intelligence court that it oversees, known as the Foreign Intelligence Surveillance, or FISA, court. In that initial opinion, the secret court found that Congress had acted within its authority in August of 2007 when it passed a hotly debated law known as the Protect America Act, which gave the executive branch broad power to eavesdrop on international communications, according to someone familiar with the ruling. The Justice Department declined to comment on the matter; so did a spokesman for the FISA and appeals courts. The court ruling grew out of a previously undisclosed challenge from a telecommunications provider, which questioned the constitutional authority of the executive branch in ordering it to capture and turn over international communications without court authority, according to the person with knowledge of the opinion. The telecommunications company, which was not identified, apparently refused to comply with the order and instead challenged the legal basis of the order under the 2007 law in a claim before the FISA court. The FISA court rejected the telecommunication companies? challenge. It found that the Protect America Act did not violate the Constitution because the Fourth Amendment, which prohibits unreasonable searches and seizures, contained an exception for the collection of foreign intelligence information, according to the person familiar with theon. The opinion is not expected to directly rule on the legality of the once-secret operation authorized by President Bush between October 2001 and early 2007, which allowed the National Security Agency to eavesdrop on the international communications of Americans suspected of ties to terrorists. The disclosure of the program?s existence in The New York Times in December 2005 set off a national debate on wiretapping, privacy and the limits of presidential power. Critics charged that Mr. Bush had violated a 1978 law requiring that the government obtain a court order to listen in on Americans? communications. Still, the new ruling is expected to have broad implications for federal wiretapping law, because it is the first time that any appeals court has ruled on the constitutional question of the president?s wiretapping power. It could also influence a number of court challenges now pending in federal court in California against telecommunications companies that took part in the N.S.A. program. Last year, Congress approved legal immunity against lawsuits for the telecommunications companies, but a federal judge has yet to decide whether the lawsuits should be thrown out. The Protect America Act was a temporary, six-month measure that gave the president the authority to collect international phone calls and e- mail messages in large batches in search of possible terrorist connections without getting individual warrants. The international communications of Americans could be collected, so long as the target of the wiretapping operations was outside the United States. The law drew strong objections from congressional Democrats, who blocked its renewal in early 2008 despite repeated warnings from President Bush that national security would be compromised. Ultimately, Congress approved a plan last June that authorized the same basic framework for international eavesdropping ? along with the long-sought immunity for the phone companies ? but added some restrictions. Barack Obama, then a United States senator, was highly critical of the presidential wiretapping power claimed by Mr. Bush, and threatened to filibuster the final bill. But he ultimately voted for it, angering some of his liberal supporters. His administration is expected to examine possible changes in wiretapping law and operations, a review that will probably be affected by the findings of the FISA appeals court. From rforno at infowarrior.org Fri Jan 16 18:12:27 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Jan 2009 13:12:27 -0500 Subject: [Infowarrior] - FISA Court Opinion online Message-ID: <3A0E68A5-67E5-4AB8-87DC-8048E6206EDE@infowarrior.org> The redacted FISA Court of Review case mentioned in the DoJ release from 15 Jan 09 is online at: http://www.uscourts.gov/newsroom/2009/FISCR_Opinion.pdf From rforno at infowarrior.org Fri Jan 16 21:37:02 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Jan 2009 16:37:02 -0500 Subject: [Infowarrior] - 42,500 security in DC for Inauguration Message-ID: <289824E4-C465-4E94-A09D-DB213E979C53@infowarrior.org> Washington Mobilizes 42,500-Strong Security Force for Inaugural http://www.bloomberg.com/apps/news?pid=20601070&sid=arV52TnPtSII&refer=politics By Jeff Bliss Jan. 16 (Bloomberg) -- When senior FBI official Joseph Persichini takes his 5 a.m. jog down Washington?s National Mall, he imagines everything that could go wrong at Barack Obama?s inaugural next week. He said he thinks about the possibility of a sleet storm, bombing, chemical attack or -- perhaps hardest to guard against -- the lone gunman bent on turning a celebration into a national tragedy. ?I?m thinking about what the schedule is, and what we?re doing, and what are the issues we?re facing,? said Persichini, assistant director in charge of the Federal Bureau of Investigation?s Washington Field Office. ?You don?t understand the magnitude until you go out there right on the Mall.? As many as 2 million people -- double the number for any previous inauguration -- are expected to fill the Mall on Jan. 20 to witness the swearing-in of the first black president. While officials said they haven?t received any credible threats, they have prepared an unprecedented security effort. It will be overseen by the U.S. Secret Service and will include 7,500 active-duty soldiers, 10,000 National Guard troops and 25,000 law-enforcement officers, security officials said. Federal officials haven?t projected the total cost, though Maryland, Virginia and the District of Columbia said they are spending tens of millions of dollars. Finding Gaps For the past six months, security officials have been trying to identify gaps in their planning, and for the past month officials have been testing their responses to scenarios with table-top exercises. Many days, Persichini and other federal, state and city law- enforcement authorities are on the phone by 4:30 a.m. to discuss security concerns. On Inauguration Day, the city will be honeycombed with communication command centers staffed with officials from the Secret Service, FBI, police and fire departments, intelligence agencies, the Federal Emergency Management Agency and the Department of Homeland Security. Washington?s Metropolitan Police Department is working with 99 federal, state and local law-enforcement agencies to double its force of 4,100 officers. The FBI will have 600 agents on duty, a 20 percent increase from the 2005 inauguration. All 1,600 Capitol Police officers will be on duty. Chemical, Biological The U.S. Army will have a brigade at Fort Stewart, Georgia, ready to respond to a chemical and biological attack. Within 48 hours, hundreds of planes and helicopters could fly to the Washington region if needed. Even the ceremonial guards at the inauguration are prepared to change out of their dress uniforms to help out in the event of a security event. The effort will even include inspectors, behavioral experts, air marshals and canine teams from the Transportation Security Administration, who are usually deployed at airports. The Bureau of Alcohol, Tobacco and Firearms is sending bomb experts and dog handlers. Helping to monitor crowds will be 94 surveillance cameras spread throughout the city as well those in subway stations and in helicopters, Washington Police Chief Cathy Lanier said. The 16 U.S. intelligence agencies are providing a stream of information on overseas terrorist groups. Obama supporters drawn to the president-elect?s promise to make government more transparent and welcoming may be jarred when they see the Mall, which in the days preceding the event is beginning to resemble a fortress wrapped in fencing and fortified with concrete jersey barriers. Security officials said the record crowds will make these security measures essential. ?No one should be in an environment that they?re losing their life for celebrating the inauguration of the president of the United States,? said Major General Richard Rowe, commander of the U.S. Army Military District of Washington. City of Charter Buses Inaugural activities will be spread over four days for the first time. They begin with a concert Jan. 18 featuring Bruce Springsteen and Beyonce Knowles and will culminate in with 10 official balls and a plethora of unofficial celebrations on the night of Jan. 20. So far, 3,000 charter buses have registered for parking spaces; officials said as many as 10,000 may come. The Washington Metropolitan Area Transit Authority will provide rush- hour service from 4 a.m. on Jan. 20 through 3 a.m. the next day, City Administrator Dan Tangherlini said. The Metro usually closes at midnight on weekdays. Jumbotron TVs More than 20 Jumbotron TV screens will be set up on the Mall and along the parade route so people won?t crowd parts of the city for a better view, officials said. Lanier said city officials realized they would need a different plan from previous inaugurals after the spontaneous response to Obama?s victory on Election Night. Thousands took to the city?s streets, setting off sparklers and shouting from cars. Although ?they were hugging police officers,? the size of the crowds signaled potential problems, she said. Anyone wishing to stand along the route of the inauguration parade will have to go through some type of screening, including metal detectors, said Mark Sullivan, director of the Secret Service. On Inauguration Day, two bridges connecting Washington to Virginia will be closed to all traffic except tour buses, emergency vehicles and pedestrians. Vehicles also will be restricted within a seven-block section west of the White House. Parade-Route Balconies Security officials are taking special care with buildings near the festivities. Parking garages in some will be shut down the day before. Guests attending the Air Transport Association?s party at its Pennsylvania Avenue headquarters -- along the parade route -- will have to be pre-cleared because the building has balconies, spokesman David Castelveter said. While most of the crowds are expected to be in a celebratory mood, the Washington Peace Center is staging a rally of 3,000 outside the FBI building, calling for President George W. Bush?s arrest. The group is protesting the Iraq invasion and the use of interrogation techniques on terror suspects that critics said amounted to torture. At the other end of the political spectrum, the Westboro Baptist Church, a Topeka, Kansas-based group known for its anti- gay slogans and its description of Obama as ?an antichrist,? will picket at a Washington park. White Supremacists Mark Potok, director of the intelligence project at the Southern Poverty Law Center, an organization in Montgomery, Alabama, that monitors racist and extremist groups, said white supremacists angered by Obama?s election are likely to stay home rather than tangle with hordes of his supporters. If you?re a racist in such a crowd, ?you might not come back with your nose intact,? he said. Officials are asking those attending the inaugural to send text messages rather than call. They are concerned that if too many people send pictures from their cell phones, the mobile communications network could be overloaded. Public officials also are warning anyone who comes to the city to be prepared for cold weather and lots of walking. ?This is not throwing the family in the van and heading down for a visit at the Air and Space Museum,? Maryland Governor Martin O?Malley told reporters this week. ?You need to have a plan.? One resident said he felt hemmed in by the security and expected crowds. ?Everyone is very concerned about the ability to move around,? said Wright Andrews, whose lobbying firm on Pennsylvania Avenue is hosting an inaugural party. ?We?re not making as big a deal of it as usual? as a consequence. For his part, Rowe, the Washington military commander, said he would sleep on an air mattress in his office to ensure that he is at his post on Jan. 20. Security officials said the measures may seem like overkill, though they would rather do too much than too little. In the event of an incident, ?we would be criticized heavily after the fact for not taking precautions up front,? Lanier said. To contact the reporter on this story: Jeff Bliss in Washington jbliss at bloomberg.net . Last Updated: January 16, 2009 00:01 EST From rforno at infowarrior.org Tue Jan 20 14:47:04 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Jan 2009 09:47:04 -0500 Subject: [Infowarrior] - Legal Threats Against Security Researchers Message-ID: <47DD28B4-C88B-476B-897A-C25DC1F1A3D5@infowarrior.org> http://attrition.org/errata/legal_threats/ Legal Threats Against Security Researchers How vendors try to save face by stifling legitimate research It has been clear for years that businesses have dropped ethics in favor of profit. Protecting the bottom line is usually more important than doing the right thing, even if it means providing a better product to their customers. Companies fear negative publicity, especially if said publicity challenges the security of their products. It doesn't matter that just about every company and product ships with numerous vulnerabilities, and adding security is a band-aid solution rather than an integral part of the development life cycle. Rather than work with researchers who are frequently providing what would otherwise be high-dollar specialized consulting for free, some companies opt to go take the muddy road and pursue legal action against the researchers. This action is one of desperation, and attempt to silence and stifle legitimate research and free speech. Invariably, this ends up being a huge negative PR move, much worse than what would occur with the publication of said research without the legal murk. [Table with companies, researchers and incidents] http://attrition.org/errata/legal_threats/ From rforno at infowarrior.org Tue Jan 20 19:02:17 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Jan 2009 14:02:17 -0500 Subject: [Infowarrior] - Payment Processor Breach May Be Largest Ever Message-ID: <30DD0698-B893-4707-9108-CABEA3807483@infowarrior.org> Payment Processor Breach May Be Largest Ever http://voices.washingtonpost.com/securityfix/2009/01/payment_processor_breach_may_b.html?hpid=topnews A data breach last year at Princeton, N.J., payment processor Heartland Payment Systems may have led to the theft of more than 100 million credit and debit card accounts, the company said today. If accurate, such figures may make the Heartland incident one of the largest data breaches ever reported. Robert Baldwin, Heartland's president and chief financial officer, said the company, which processes payments for more than 250,000 businesses, began receiving fraudulent activity reports late last year from MasterCard and Visa on cards that had all been used at merchants which rely on Heartland to process payments. Baldwin said 40 percent of transactions the company processes are from small to mid-sized restaurants across the country. He declined to name any well-known establishments or retail clients that may have been affected by the breach. Heartland called U.S. Secret Service and hired two breach forensics teams to investigate. But Baldwin said it wasn't until last week that investigators uncovered the source of the breach: A piece of malicious software planted on the company's payment processing network that recorded payment card data as it was being sent for processing to Heartland by thousands of the company's retail clients. Baldwin said Heartland does not know how long the malicious software was in place, or how many accounts may have been compromised. The stolen data includes names, credit and debit card numbers and expiration dates. "The transactional data crossing our platform, in terms of magnitude... is about 100 million transactions a month," Baldwin said. "At this point, though, we don't know the magnitude of what was grabbed." The company stressed that no merchant data or cardholder Social Security numbers, unencrypted personal identification numbers (PIN), addresses or telephone numbers were jeopardized as a result of the breach. The data stolen includes the digital information encoded onto the magnetic stripe built into the backs of credit and debit cards. Armed with this data, thieves can fashion counterfeit credit cards by imprinting the same stolen information onto fabricated cards. "The nature of the [breach] is such that card-not-present transactions are actually quite difficult for the bad guys to do because one piece of information we know they did not get was an address," Baldwin said. As a result, he said, the prospect of thieves using the stolen data to rack up massive amounts of fraud at online merchants "is not impossible, but much less likely." Avivah Litan, a fraud analyst with Gartner Inc., questioned the timing of Heartland's disclosure -- a day in which many Americans and news outlets are glued to coverage of Barack Obama's inauguration as the nation's 44th president. "This looks like the biggest breach ever disclosed, and they're doing it on inauguration day?" Litan said. "I can't believe they waited until today to disclose. That seems very deceptive." Officials from the U.S. Secret Service could not be immediately reached for comment. Baldwin said Heartland worked to disclose the breach last week. "Due to legal reviews, discussions with some of the players involved, we couldn't get it together and signed off on until today," Baldwin said. "We considered holding back another day, but felt in the interests of transparency we wanted to get this information out to cardholders as soon as possible, recognizing of course that this is not an ideal day from the perspective of visibility." The Heartland disclosure follows a year of similar breach disclosures at several major U.S. cards processors. On December 23, RBS Worldpay, a subsidiary of Citizens Financial Group Inc., said a breach of its payment systems may have affected more than 1.5 million people. In March 2008, Hannaford Brothers Co. disclosed that a breach of its payment systems -- also aided by malicious software -- compromised at least 4.2 million credit and debit card accounts. In early 2007, TJX Companies Inc., the parent of retailers Marshalls and TJ Maxx said a number of breaches over a three-year period exposed more than 45 million credit and debit card numbers. In 2005, a breach at payment card processor CardSystems Solutions jeopardized roughly 40 million credit and debit card accounts. From rforno at infowarrior.org Wed Jan 21 14:03:44 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Jan 2009 09:03:44 -0500 Subject: [Infowarrior] - RIAA Fears 'Manipulation' of Courtroom Web Broadcast Message-ID: <91A9DFAD-A090-41B9-A38F-52F4C95790A0@infowarrior.org> ....and yet these were the same idiots who, last week, were told by the judge in the trial that since the declared rationale for these lawsuits was 'public education' they should have no problems with it being broadcast to the world. Again, the RIAA flails in confused panic. RIAA-Think Translation: "ZMG! They might take something existing in digital form out of context!!! Oh, noes! How will people *ever* learn from this?" You'd think they'd have some new material by now.......there's only so much flailing around that we can laugh at. --rf RIAA Fears 'Manipulation' of Courtroom Web Broadcast By David Kravets EmailJanuary 20, 2009 | 4:16:18 PMCategories: RIAA Litigation http://blog.wired.com/27bstroke6/2009/01/riaa-fears-mani.html The Recording Industry Association of America is objecting to the webcasting of pretrial arguments in an upcoming file-sharing trial. The RIAA claims that the re-runs "will be readily subject to editing and manipulation by any reasonably tech-savvy individual." That is among the arguments the RIAA is making in urging a federal appeals court to reverse a Massachusetts federal judge's order that would allow the pretrial broadcast this Thursday. The broadcast, assuming it goes forward, will include a Boston University student and his attorney challenging the RIAA's copyright infringement case. It is believed to be the first time a U.S. federal trial court has allowed a live internet stream from the courtroom. "Petitioners are concerned that, unlike a trial transcript, the broadcast of a court proceeding through the internet will take on a life of its own in that forum," the RIAA wrote (.pdf) the U.S. 1st Circuit Court of Appeals. "The broadcast will be readily subject to editing and manipulation by any reasonably tech-savvy individual. Even without improper modification, statements may be taken out of context, spliced together with other statements and broadcast (sic) rebroadcast as if it were an accurate transcript. Such an outcome can only do damage to Petitioner's case." The RIAA is taking exception to the fact that the feed will be distributed on the Berkman Center for Internet and Society's website. The head of the center is Charles Nesson, who is defending Joel Tennenbaum, the defendant in the case. "Accordingly, in the name of 'public interest,' the district court has directed the general public to a website replete with propaganda regarding the Defendant's position in connection with this case, and that is specifically designed to promote Defendant's interests in this case," the RIAA wrote. Last week, U.S. District Judge Nancy Gertner of Massachusetts granted the over-the-internet coverage for the 2 p.m. hearing. Only a handful of U.S. trial judges have ever allowed cameras in their courtrooms during a live proceeding. Most of the states grant local judges the discretion whether to allow cameras. "At previous hearings and status conferences, the Plaintiffs have represented that they initiated these lawsuits not because they believe they will identify every person illegally downloading copyrighted material. Rather, they believe that the lawsuits will deter the Defendants and the wider public from engaging in illegal file-sharing activities. Their strategy effectively relies on the publicity resulting from this litigation," Gertner wrote in granting the internet coverage. The 1st Circuit did not indicate when it would rule. The RIAA also said the broadcast "creates a serious risk of unfairly infecting the pool from which the jury in this case will be selected." The RIAA, which has sued about 30,000 individuals on allegations of copyright infringement, claims it is winding down its 5-year-old litigation campaign. The recording industry's litigation and lobbying arm told the circuit court that, "The public interest will not be served by broadcasting a single snippet of these proceedings, because doing so places a misleading emphasis on a limited aspect of the judicial process." From rforno at infowarrior.org Wed Jan 21 15:36:52 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Jan 2009 10:36:52 -0500 Subject: [Infowarrior] - SCOTUS won't review COPA decision Message-ID: <82327526-F53C-4C7F-A9A3-0AEF2C3020FA@infowarrior.org> Supreme Court won't revive online content law http://news.yahoo.com/s/ap/20090121/ap_on_go_su_co/scotus_internet_blocking WASHINGTON ? The government lost its final attempt Wednesday to revive a federal law intended to protect children from sexual material and other objectionable content on the Internet. The Supreme Court said it won't consider reviving the Child Online Protection Act, which lower federal courts struck down as unconstitutional. The law has been embroiled in court challenges since it passed in 1998 and never took effect. It would have barred Web sites from making harmful content available to minors over the Internet. A federal appeals court in Philadelphia ruled that would violate the First Amendment, because filtering technologies and other parental control tools are a less restrictive way to protect children from inappropriate content online. The act was passed the year after the Supreme Court ruled that another law intended to protect children from explicit material online ? the Communications Decency Act ? was unconstitutional. The Bush administration had pressed the justices to take the case. They offered no comment on their decision to reject the government's appeal. Five justices who ruled against the Internet blocking law in 2004 remain on the court. The case is Mukasey v. ACLU. 08-565. From rforno at infowarrior.org Thu Jan 22 00:29:29 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Jan 2009 19:29:29 -0500 Subject: [Infowarrior] - Obama to Sign Order Shutting Guantanamo in a Year Message-ID: <01D90AE4-A67C-4203-9DA0-E33929443DA5@infowarrior.org> Obama to Sign Order Shutting Guantanamo in a Year By LARA JAKES and DAVID ESPO The Associated Press Wednesday, January 21, 2009; 6:37 PM http://www.washingtonpost.com/wp-dyn/content/article/2009/01/21/AR2009012101765_pf.html WASHINGTON -- The Associated Press has learned that President Barack Obama plans to sign an executive order Thursday to close the Guantanamo Bay detention center within a year and halt military trials of terror suspects held there. The executive order was one of three expected imminently on how to interrogate and prosecute al-Qaida, Taliban or other foreign fighters believed to threaten the United States. A senior Obama aide said the president would sign the order on Thursday, fulfilling his campaign promise to shut down a facility that critics around the world say violates domestic and international detainee rights. The aide spoke on condition of anonymity because the event has not yet been announced. ? 2009 The Associated Press From rforno at infowarrior.org Thu Jan 22 12:45:53 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Jan 2009 07:45:53 -0500 Subject: [Infowarrior] - NSA spied on everyone, targeted journalists Message-ID: http://rawstory.com/news/2008/Whistleblower_Bushs_NSA_targeted_reporters_0121.html Whistleblower: NSA spied on everyone, targeted journalists David Edwards and Muriel Kane Published: Wednesday January 21, 2009 Former National Security Agency analyst Russell Tice, who helped expose the NSA's warrantless wiretapping in December 2005, has now come forward with even more startling allegations. Tice told MSNBC's Keith Olbermann on Wednesday that the programs that spied on Americans were not only much broader than previously acknowledged but specifically targeted journalists. "The National Security Agency had access to all Americans' communications -- faxes, phone calls, and their computer communications," Tice claimed. "It didn't matter whether you were in Kansas, in the middle of the country, and you never made foreign communications at all. They monitored all communications." Tice further explained that "even for the NSA it's impossible to literally collect all communications. ... What was done was sort of an ability to look at the metadata ... and ferret that information to determine what communications would ultimately be collected." According to Tice, in addition to this "low-tech, dragnet" approach, the NSA also had the ability to hone in on specific groups, and that was the aspect he himself was involved with. However, even within the NSA there was a cover story meant to prevent people like Tice from realizing what they were doing. "In one of the operations that I was in, we looked at organizations, just supposedly so that we would not target them," Tice told Olbermann. "What I was finding out, though, is that the collection on those organizations was 24/7 and 365 days a year -- and it made no sense. ... I started to investigate that. That's about the time when they came after me to fire me." When Olbermann pressed him for specifics, Tice offered, "An organization that was collected on were US news organizations and reporters and journalists." "To what purpose?" Olbermann asked. "I mean, is there a file somewhere full of every email sent by all the reporters at the New York Times? Is there a recording somewhere of every conversation I had with my little nephew in upstate New York?" Tice did not answer directly, but simply stated, "If it was involved in this specific avenue of collection, it would be everything." He added, however, that he had no idea what was ultimately done with the information, except that he was sure it "was digitized and put on databases somewhere." Tice first began alleging that there were illegal activities going on at both the NSA and the Defense Intelligence Agency in December 2005, several months after being fired by the NSA. He also served at that time as a source for the New York Times story which revealed the existence of the NSA's wireless wiretapping program. Over the next several months, however, Tice was frustrated in his attempts to testify before Congress, had his credibility attacked by Bill O'Reilly and Rush Limbaugh, and was subpoenaed by a federal grand jury in an apparent attempt at intimidation. Tice is now coming forward again now because George Bush is finally out of office. He told Olbermann that the Obama administration has not been in touch with him about his latest revelations, but, "I did send a letter to, I think it's [Obama intelligence adviser John] Brennan -- a handwritten letter, because I knew all my communications were tapped, my phones, my computer, and I've had the FBI on me like flies on you-know-what ... and I'm assuming that he gave the note to our current president -- that I intended to say a little bit more than I had in the past." This video is from MSNBC's Countdown, broadcast Jan. 21, 2009. http://rawstory.com/news/2008/Whistleblower_Bushs_NSA_targeted_reporters_0121.html From rforno at infowarrior.org Thu Jan 22 13:25:51 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Jan 2009 08:25:51 -0500 Subject: [Infowarrior] - FOIA Requests Revisited - favoring disclosure Message-ID: Key takeaway: "All agencies should adopt a presumption in favor of disclosure" - http://thefoiablog.typepad.com/the_foia_blog/2009/01/foia-executive-order.html THE WHITE HOUSE Office of the Press Secretary For Immediate Release January 21, 2009 January 21, 2009 MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES SUBJECT: Freedom of Information Act A democracy requires accountability, and accountability requires transparency. As Justice Louis Brandeis wrote, "sunlight is said to be the best of disinfectants." In our democracy, the Freedom of Information Act (FOIA), which encourages accountability through transparency, is the most prominent expression of a profound national commitment to ensuring an open Government. At the heart of that commitment is the idea that accountability is in the interest of the Government and the citizenry alike. The Freedom of Information Act should be administered with a clear presumption: In the face of doubt, openness prevails. The Government should not keep information confidential merely because public officials might be embarrassed by disclosure, because errors and failures might be revealed, or because of speculative or abstract fears. Nondisclosure should never be based on an effort to protect the personal interests of Government officials at the expense of those they are supposed to serve. In responding to requests under the FOIA, executive branch agencies (agencies) should act promptly and in a spirit of cooperation, recognizing that such agencies are servants of the public. All agencies should adopt a presumption in favor of disclosure, in order to renew their commitment to the principles embodied in FOIA, and to usher in a new era of open Government. The presumption of disclosure should be applied to all decisions involving FOIA. The presumption of disclosure also means that agencies should take affirmative steps to make information public. They should not wait for specific requests from the public. All agencies should use modern technology to inform citizens about what is known and done by their Government. Disclosure should be timely. I direct the Attorney General to issue new guidelines governing the FOIA to the heads of executive departments and agencies, reaffirming the commitment to accountability and transparency, and to publish such guidelines in the Federal Register. In doing so, the Attorney General should review FOIA reports produced by the agencies under Executive Order 13392 of December 14, 2005. I also direct the Director of the Office of Management and Budget to update guidance to the agencies to increase and improve information dissemination to the public, including through the use of new technologies, and to publish such guidance in the Federal Register. This memorandum does not create any right or benefit, substantive or procedural, enforceable at law or in equity by any party against the United States, its departments, agencies, or entities, its officers, employees, or agents, or any other person. The Director of the Office of Management and Budget is hereby authorized and directed to publish this memorandum in the Federal Register. BARACK OBAMA # # # From rforno at infowarrior.org Thu Jan 22 15:49:57 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Jan 2009 10:49:57 -0500 Subject: [Infowarrior] - Blair Pledges New Approach to Counterterrorism Message-ID: <02311279-F699-4ECA-A5A3-0A0D2194BA2D@infowarrior.org> January 23, 2009 Blair Pledges New Approach to Counterterrorism By SCOTT SHANE http://www.nytimes.com/2009/01/23/us/politics/23blaircnd.html?_r=1&hp=&pagewanted=print WASHINGTON ? Dennis C. Blair, the retired admiral who is President Obama?s choice as the nation?s top intelligence official, pledged in testimony to be delivered on Thursday that he would require counterterrorism programs to operate ?in a manner consistent with our nation?s values, consistent with our Constitution and consistent with the rule of law.? Mr. Blair appeared to drawing a sharp contrast with Bush administration policies. He indirectly criticized the eavesdropping without warrants by the National Security Agency and harsh interrogation methods used by the Central Intelligence Agency during the Bush presidency. ?The intelligence agencies of the United States must respect the privacy and civil liberties of the American people, and they must adhere to the rule of law,? Mr. Blair said in testimony prepared for his confirmation hearing before the Senate Intelligence Committee, scheduled to begin at 10 a.m. Thursday. Addressing complaints that the intelligence agencies have evaded Congressional oversight and skirted the law, Mr. Blair promised a different approach. ?I do not and will not support any surveillance activities that circumvent established processes for their lawful authorization,? he said in the testimony. ?I believe in the importance of independent monitoring, including by Congress, to prevent abuses and protect civil liberties.? In an unusual comment from a man who will head the most secret agencies of government, he said, ?There is a need for transparency and accountability in a mission where most work necessarily remains hidden from public view.? He said that if confirmed, he would ?communicate frequently and candidly with the oversight committees, and as much as possible with the American people.? On the issue of detainee treatment, perhaps the most divisive security issue since 2001, Mr. Blair called torture ?not moral, legal or effective? and said any interrogation program would have to comply with the Geneva Conventions, the Convention against Torture and the Constitution. Mr. Blair is a sixth-generation Naval officer whose last job in the military was to command all American forces in the Pacific. Though not a career intelligence professional, he served for two years as a senior C.I.A. official. He referred indirectly to the flawed intelligence before the Iraq war, when the Bush White House pressed the agencies for information on the threat posed by Saddam Hussein. ?There is an obligation to speak truth to power,? he said, adding that he would honestly present ?unpleasant? facts to the president. He said he would seek an ?extremely important balance? for the 16 intelligence agencies, which employ about 100,000 people, suggesting that he would emphasize the soft power of diplomacy and economic development as well as the tougher counterterrorism efforts that got most attention under President Bush. He said that in addition to backing the military and intelligence operatives in hunting down terrorists, the agencies should support ?policymakers who are looking for opportunities to engage and work with Arab and Muslim leaders who are striving for a progressive and peaceful future for their religion and their countries.? From rforno at infowarrior.org Fri Jan 23 01:56:06 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Jan 2009 20:56:06 -0500 Subject: [Infowarrior] - WH Outlines Cyber Security Strategy Message-ID: <4D17D448-3198-4D18-9971-FB06BF545B61@infowarrior.org> Posted at 09:40 AM ET, 01/22/2009 Obama Administration Outlines Cyber Security Strategy http://voices.washingtonpost.com/securityfix/?hpid=news-col-blog President Barack Obama's administration has sketched out a broad new strategy to protect the nation's most vital information networks from cyber attack and to boost investment and research on cyber security. The key points of the plan closely mirror recommendations offered late last year by a bipartisan commission of computer security experts, which urged then president-elect Obama to set up a high-level post to tackle cyber security, consider new regulations to combat cyber crime and shore up the security of the nation's most sensitive computer networks. The strategy, as outlined in a broader policy document on homeland security priorities posted on the Whitehouse.gov Web site Wednesday, states the following goals: * Strengthen Federal Leadership on Cyber Security: Declare the cyber infrastructure a strategic asset and establish the position of national cyber advisor who will report directly to the president and will be responsible for coordinating federal agency efforts and development of national cyber policy. * Initiate a Safe Computing R&D Effort and Harden our Nation's Cyber Infrastructure: Support an initiative to develop next-generation secure computers and networking for national security applications. Work with industry and academia to develop and deploy a new generation of secure hardware and software for our critical cyber infrastructure. * Protect the IT Infrastructure That Keeps America's Economy Safe: Work with the private sector to establish tough new standards for cyber security and physical resilience. * Prevent Corporate Cyber-Espionage: Work with industry to develop the systems necessary to protect our nation's trade secrets and our research and development. Innovations in software, engineering, pharmaceuticals and other fields are being stolen online from U.S. businesses at an alarming rate. * Develop a Cyber Crime Strategy to Minimize the Opportunities for Criminal Profit: Shut down the mechanisms used to transmit criminal profits by shutting down untraceable Internet payment schemes. Initiate a grant and training program to provide federal, state, and local law enforcement agencies the tools they need to detect and prosecute cyber crime. * Mandate Standards for Securing Personal Data and Require Companies to Disclose Personal Information Data Breaches: Partner with industry and our citizens to secure personal data stored on government and private systems. Institute a common standard for securing such data across industries and protect the rights of individuals in the information age. While it remains to be seen what resources the Obama administration may devote to these goals, it is an encouraging sign to see the new White House give the vital challenges of cyber security such prominence so soon. From rforno at infowarrior.org Fri Jan 23 13:19:42 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 23 Jan 2009 08:19:42 -0500 Subject: [Infowarrior] - Tice: NSA even collected credit card records Message-ID: <2C30009E-A821-4BA1-976E-CE07852780A1@infowarrior.org> http://rawstory.com/news/2008/Whistleblower_NSA_collected_credit_card_records_0122.html Whistleblower: NSA even collected credit card records David Edwards and Stephen C. Webster Published: Thursday January 22, 2009 Ex-analyst believes program actually the remnants of 'Total Information Awareness,' shut down by Congress in 2003 On Wednesday night, when former NSA analyst Russell Tice told MSNBC's Keith Olbermann that the Bush administration's National Security Agency spied on everyone in the United States, specifically targeting journalists, the Countdown host was so flabbergasted that Tice was invited back for a second interview. On Thursday, he returned to the airwaves with expanded allegations against the NSA, claiming the agency collected Americans' credit card records, and adding that he believes the massive, warrantless data vacuum to be the remnants of the Total Information Awareness program, shut down by Congress in 2003. Asked for comment by Olbermann's staff, the agency responded, "NSA considers the constitutional rights of US citizens to be sacrosanct. The intelligence community faces immense challenges in protecting our nation. No matter the challenges, NSA remains dedicated to performing its mission under the rule of law." Olbermann ran the quote under a banner which read, "Non-denial denial." "As far as the wiretap information that made it though NSA, there was also data-mining that was involved," Tice told Olbermann during the pair's second interview. "At some point, information from credit card records and financial transactions was married in with that information." At this point on the audio track, Olbermann can be heard taking a deep breath. "So, lucky American citizens, tens of thousands of whom are now on digital databases at NSA, who have no idea of this, also have that information included in those digital files that have been warehoused," said Tice. "... Do you have any idea what all this stuff was used for?" asked the stunned host. "The obvious explanation would be, if you did have a potential terrorist, you'd want to know where they're spending money, whether they purchased an airline ticket, that sort of thing," said Tice. "But, once again, we're talking about tens of thousands of innocent US citizens that have been caught up into this trap. They have no clue. "This thing could sit there for 10 years, then all the sudden it marries up with something else and 10 years from now and they get put on a no-fly list and they of course won't have a clue why." Tice added that "in most cases," spied-upon Americans didn't have to do anything suspicious in order to trigger the surveillance. "This is garnered from algorithms that have been put together to try to just dream up scenarios that might be information that is associated with how a terrorist could operate," he said. Ultimately, the technical explanation boils down to this: "If someone just talked about the daily news and mentioned something about the Middle East, they could easily be brought to the forefront of having that little flag put by their name that says potential terrorist," said Tice. "Do you know, or do you have an educated guess, as to who authorized this? Who developed this?" asked Olbermann. "I have a guess, where it was developed," he replied. "I think it was probably developed out of the Department of Defense, and this is probably the remnants of Total Information Awareness, that came out of DARPA. That's my guess, I don't know that for sure." Olbermann then asked if Tice knows who had access to the data. "I started looking into this, and that's when ultimately they came after me to fire me," said Tice. "They must have realized that I'd stumbled onto something, and after that point I of course had no ability to find anything else out." Tice concluded that he does not know if the program, as he understands it, continues to this day, and he refused to specifically state which media organizations the Bush administration's NSA had targeted for surveillance. This video is from MSNBC's Countdown, broadcast Jan. 22, 2009 http://rawstory.com/news/2008/Whistleblower_NSA_collected_credit_card_records_0122.html From rforno at infowarrior.org Fri Jan 23 14:19:01 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 23 Jan 2009 09:19:01 -0500 Subject: [Infowarrior] - BSA's antipiracy enforcer picked for DOJ post Message-ID: This can't be good.....--rf Obama picks BSA's antipiracy enforcer for high-level post Posted by Declan McCullagh http://news.cnet.com/8301-13578_3-10148807-38.html?part=rss&subj=news&tag=2547-1_3-0-20 For his vice president, Barack Obama chose Joe Biden, a senator with a long history of aiding the Recording Industry Association of America. Then Obama picked the RIAA's favorite lawyer, Tom Perrelli, for a top Justice Department post. Now, as one of his first official actions as president, Obama has selected the Business Software Alliance's top antipiracy enforcer and general counsel, Neil MacBride, for a senior Justice Department post. Among other duties, MacBride has been responsible for the BSA's program that rewarded people for phoning in tips about suspected software piracy. Neil MacBride, vice president of antipiracy and general counsel to the Business Software Alliance, Obama's pick for associate deputy attorney general. MacBride was also an aide to Vice President Joe Biden. All of these choices are well-qualified for their jobs, of course, and there's little reason to believe that Obama's copyright-litigator- turned-DOJer will have to leap any real Senate hurdles. (MacBride was appointed as associate deputy attorney general, a position does not require Senate confirmation, and previously worked on copyright and other issues as chief counsel to then-Sen. Biden.) Still, the elevation of RIAA and BSA lawyers must feel like a poke in the eye to the copyleft and progressive crowd, who spent over a year showering Obama with praise. Public Knowledge called Obama's election an "important" victory, while Free Press lauded it as "a sea change in leadership that allows us to go from playing defense to offense." Stanford professor Larry Lessig--probably the best known "free culture" proponent--went so far as to plead for all of his friends to "do something this time" by voting for Obama over his Republican rival. "Neil MacBride will serve the country well in his new position at the Justice Department," Robert Holleyman, BSA's president, said in a statement on Thursday. BSA has opposed changes to the Digital Millennium Copyright Act's anti- circumvention section, once saying that legislation to allow backup copies of DVDs or video games would provide a "safe harbor for pirates who could easily claim that the 'intent' of their actions were legal." Early in the campaign, Obama told CNET News that he would support such a law, but hedged it by saying his support was "in concept" only. (He also claimed at the time to oppose retroactive immunity for telcos that illegally opened their networks to the National Security Agency, and we know how that turned out.) Obama has fulfilled some of his campaign promises with surprising rapidity. On Wednesday, he ordered government agencies to be more open and Internet-friendly. On Thursday, he announced that the Guantanamo Bay prison would be closed within a year. But copyright policy is far from Guantanamo, either in symbolic import or in partisan divisiveness. It's no coincidence that the most-loathed copyright bill in recent memory was written by a Democrat, or that a Hollywood Democrat pushed through yet another expansion of copyright law last year. Nor is it a coincidence that the president of the RIAA gives money only to Democratic causes and politicians, or that Bill Clinton signed the Digital Millennium Copyright Act into law by saying he was "pleased" to sign a measure preventing "piracy in the digital age." (Trivia for Democrats: Clinton used the same type of signing statement that Bush became famous for, saying "I will construe" the legislation in a way that enhanced the power of the executive branch.) Obama's most important copyright pick likely will be the so-called White House IP czar, created by the new Pro-IP Act. Speculation has included lobbyist Hal Ponder of the American Federation of Musicians; Michele Ballantyne of the RIAA (who has ties to Obama transition chief John Podesta); or Alec French of NBC Universal. It's likely that the incoming IP czar--the full title is Intellectual Property Enforcement Coordinator and it requires Senate confirmation-- will be influential in intra-administration copyright debates. But it would be foolhardy to deny the influence of the world's largest law firm, also known as the Justice Department, which has tossed around its considerable bulk in recent policy spats. Some examples: A Justice Department official said in 2002 that the agency could begin to prosecute peer-to-peer pirates, and it still has the power to do so today. The department intervened in the RIAA's civil lawsuit against Jammie Thomas on the side of the record labels. It published an extensive report in 2004 calling for more powers and a law permitting lawsuits against companies that sell products that "induce" copyright infringement. In 2007, it proposed sweeping new legislation to outlaw "attempted" but unsuccessful copyright infringement. This is where Obama is sending the RIAA (Tom Perrelli) and BSA (Neil MacBride) lawyers. Two days into an administration is far too soon to evaluate its policies, of course, especially when important vacancies exist. But it may be possible that when Candidate Obama offered the usefully vague promise that he would "reform our copyright and patent systems," he had in mind something rather different than what many of his most enthusiastic Internet supporters did. From rforno at infowarrior.org Fri Jan 23 15:28:38 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 23 Jan 2009 10:28:38 -0500 Subject: [Infowarrior] - Remembering The Mac Message-ID: <51656AEF-9FBB-45DD-BE17-D4C3A4C880B8@infowarrior.org> The Mac computer turns 25 tomorrow..... Are today's Macs related to the Mac Daddy? http://news.cnet.com/8301-13579_3-10147692-37.html?part=rss&subj=news&tag=2547-1_3-0-20 ...my response would be that I wish the Mac's vendor would focus once again on producing great computers and quality operating systems [1] than seeming to focus primarily on nifty consumer apps and devices. Other than that, until fairly recently I've been rather happy with my Mac and pretty content with the quality of stuff coming out of Cupertino. Happy 25th anyway! --rf [1] The OSX 10.5.6 upgrade fiasco, coupled with a new problem I've noticed regarding Mail 3.0 creating zombie processes after *each* message sent -- allegedly the result of 10.5.6 -- thus requiring me to shut down Mail several times during the day to avoid my CPU grinding to a halt. (the '(AddressBookSync)' issue) First OSX problem I've had in a LONG time. I don't care how many Jesusphone apps you have downloaded from the Apple Store -- fix your effing operating systems and stop hyping the gadgets. From rforno at infowarrior.org Fri Jan 23 17:14:46 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 23 Jan 2009 12:14:46 -0500 Subject: [Infowarrior] - Worst-ever threat to UK privacy Message-ID: <082C94C1-ED2A-4956-B4DE-C8370DBDA157@infowarrior.org> Worst-ever threat to UK privacy: write your MP now! Posted by Cory Doctorow, January 23, 2009 3:07 AM | permalink http://www.boingboing.net/2009/01/23/worstever-threat-to.html Glyn sez, "Hidden in the new Coroners and Justice Bill is one clause (cl.152) amending the Data Protection Act. It would allow ministers to make 'Information Sharing Orders', that can alter any Act of Parliament and cancel all rules of confidentiality in order to use information obtained for one purpose to be used for another." "This single clause is as grave a threat to privacy as the entire ID Scheme. Combine it with the index to your life formed by the planned National Identity Register and everything recorded about you anywhere could be accessible to any official body. If Information Sharing Orders come to pass, they could (for example) immediately be used to suck up material such as tax records or electoral registers to build an early version of the National Identity Register. But the powers apply to any information, not just official information. They would permit data trafficking between government agencies and private companies - your medical records are firmly in their sights - and even with foreign governments." http://www.boingboing.net/2009/01/23/worstever-threat-to.html From rforno at infowarrior.org Sat Jan 24 05:13:17 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 24 Jan 2009 00:13:17 -0500 Subject: [Infowarrior] - NetSol DNS DDOS Outage causes Internet Problems Message-ID: <1AC6479B-8D6E-43E4-9C60-27B00FCEEB37@infowarrior.org> Network Solutions Under Large Scale DDoS Attack, Millions of Websites Potentially Unreachable * Jan 23, 2009 2:55 PM PST http://www.circleid.com/posts/print/20090123_network_solutions_down_ddos_attack/ By CircleID Reporter Update Received from Network Solutions Jan 23, 2009 7:27PM PST "DNS queries for web sites should be responding normally. Thank you all for your understanding. As always, we will continue to work to take measures to prevent these and other types of technical issues caused by third parties that may impact our customers." * * * Network Solutions is having problems with "all" its name servers, according to their tech support and a recent post on North American Network Operators' Group (NANOG) mailing list indicates that it has been under very large-scale UDP/53 DDoS attack for the last 48 hour period. As a result, domain names hosted with Network Solutions' Worldnic have been affected. Network Solutions is one of the leading domain registrars and DNS hosting providers in the world, managing more than 7.6 million domain names. Update Received from Network Solutions Jan 23, 2009 2:58 PM PST Shashi Bellamkonda of network Soltions has provided CircleID the following update: "I posted an update on our blog (http://cli.gs/ V12h9p) and we have been communicating to our customers on Twitter (http://twitter.com/netsolcares ) and have an IVR giving customers an update. The update is: There is a spike in DNS query volumes that is causing latency for the delay in web sites resolving. This is a result of a DDOS attack. We are taking measures to mitigate the attack and speed up queries." From rforno at infowarrior.org Sun Jan 25 23:01:17 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 25 Jan 2009 18:01:17 -0500 Subject: [Infowarrior] - WoW: 4.5 million copies of EULA-compliant spyware Message-ID: 4.5 million copies of EULA-compliant spyware Oct 06 2005, 05:07 (UTC+0) hoglund writes: http://www.rootkit.com/blog.php?newsid=358 I recently performed a rather long reversing session on a piece of software written by Blizzard Entertainment, yes - the ones who made Warcraft, and World of Warcraft (which has 4.5 million+ players now, apparently). This software is known as the 'warden client' - its written like shellcode in that it's position independant. It is downloaded on the fly from Blizzard's servers, and it runs about every 15 seconds. It is one of the most interesting pieces of spyware to date, because it is designed only to verify compliance with a EULA/ TOS. Here is what it does, about every 15 seconds, to about 4.5 million people (500,000 of which are logged on at any given time): The warden dumps all the DLL's using a ToolHelp API call. It reads information from every DLL loaded in the 'world of warcraft' executable process space. No big deal. The warden then uses the GetWindowTextA function to read the window text in the titlebar of every window. These are windows that are not in the WoW process, but any program running on your computer. Now a Big Deal. I watched the warden sniff down the email addresses of people I was communicating with on MSN, the URL of several websites that I had open at the time, and the names of all my running programs, including those that were minimized or in the toolbar. These strings can easily contain social security numbers or credit card numbers, for example, if I have Microsoft Excel or Quickbooks open w/ my personal finances at the time. Once these strings are obtained, they are passed through a hashing function and compared against a list of 'banning hashes' - if you match something in their list, I suspect you will get banned. For example, if you have a window titled 'WoW!Inmate' - regardless of what that window really does, it could result in a ban. If you can't believe it, make a dummy window that does nothing at all and name it this, then start WoW. It certainly will result in warden reporting you as a cheater. I really believe that reading these window titles violates privacy, considering window titles contain alot of personal data. But, we already know Blizzard Entertainment is fierce from a legal perspective. Look at what they have done to people who tried to make BNetD, freecraft, or third party WoW servers. Next, warden opens every process running on your computer. When each program is opened, warden then calls ReadProcessMemory and reads a series of addresses - usually in the 0x0040xxxx or 0x0041xxxx range - this is the range that most executable programs on windows will place their code. Warden reads about 10-20 bytes for each test, and again hashes this and compares against a list of banning hashes. These tests are clearly designed to detect known 3rd party programs, such as wowglider and friends. Every process is read from in this way. I watched warden open my email program, and even my PGP key manager. Again, I feel this is a fairly severe violation of privacy, but what can you do? It would be very easy to devise a test where the warden clearly reads confidential or personal information without regard. This behavior places the warden client squarely in the category of spyware. What is interesting about this is that it might be the first use of spyware to verify compliance with a EULA. I cannot imagine that such practices will be legal in the future, but right now in terms of law, this is the wild wild west. You can't blame Blizz for trying, as well as any other company, but this practice will have to stop if we have any hope of privacy. Agree w/ botting or game cheaters or not, this is a much larger issue called 'privacy' and Blizz has no right to be opening my excel or PGP programs, for whatever reason. -Greg From rforno at infowarrior.org Mon Jan 26 00:47:34 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 25 Jan 2009 19:47:34 -0500 Subject: [Infowarrior] - More on.....WoW: 4.5 million copies of EULA-compliant spyware References: Message-ID: <3082876B-358D-497C-8A69-31A1825F1D88@infowarrior.org> The subject says "More on...."' but in reality it should be viewed as "moron" for I did not read the date of the blog item I posted in that last message. Hat tip to J. for pointing that out to me.[1] My goof! -rf [1] - Which was during my WoW-playing day, and I thought it sounded a bit familiar when I first read it tonight. Duh! Begin forwarded message: > From: Richard Forno > Date: January 25, 2009 6:01:17 PM EST > To: Infowarrior List > Subject: [Infowarrior] - WoW: 4.5 million copies of EULA-compliant > spyware > Reply-To: rforno at infowarrior.org > > 4.5 million copies of EULA-compliant spyware > Oct 06 2005, 05:07 (UTC+0) > hoglund writes: > > http://www.rootkit.com/blog.php?newsid=358 From rforno at infowarrior.org Tue Jan 27 02:52:43 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Jan 2009 21:52:43 -0500 Subject: [Infowarrior] - New Law Will Require Camera Phones to 'Click' Message-ID: <8ACE7F2E-B9A7-4757-97DB-4B2EB1F8DA53@infowarrior.org> New Law Will Require Camera Phones to 'Click' Author: Michael Horton Category: Tech 8 hours ago A new bill is being introduced called, Camera Phone Predator Alert Act, which would require any mobile phone containing a digital camera to sound a tone whenever a photograph is taken with the camera's phone. It would also prohibit such a phone from being equipped with a means of disabling or silencing the tone. While its a good gesture, I do not believe having such a law would deter criminals from hacking their camera phones to take pictures in inappropriate ways. Also, the real criminals would not even use a camera phone but would probably use other devices such as a hidden camera. Regardless, at least with the bill signed into law it would allow prosecution and jail time for individuals that get caught with a camera phone that does not make the noise. One question does remain, what if you have a camera phone that doesn't make the noise at all or is suppressible? Would older phones still be covered under this new law? http://techfragments.com/news/318/Tech/New_Law_Will_Require_Camera_Phones_to_Click.html From rforno at infowarrior.org Wed Jan 28 22:49:31 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 28 Jan 2009 17:49:31 -0500 Subject: [Infowarrior] - AT&T, Comcast 1st to help RIAA snooping? Message-ID: <4D1EFD1B-E687-4025-B33F-1316A1D662C1@infowarrior.org> AT&T, Comcast 1st to help RIAA snooping? http://www.electronista.com/articles/09/01/28/att.and.comcast.help.riaa/ Both AT&T and Comcast should be the first Internet providers to give in to the RIAA's monitoring program, according to sources speaking with CNET. Three separate contacts allege that the respective DSL and cable providers have tentatively agreed to forward warnings when the RIAA believes its songs are being shared illegally and would volunteer to punish repeated offenders. These could include user-specific traffic throttling and even suspension or a permanent disconnection after multiple alleged infractions. Neither AT&T nor Comcast has signed a formal agreement and could still withdraw, the insiders claim. Among the issues still remaining are financial compensation for the lost revenue from customers forced off the network as well the cost responsibilities for warning notices. None of the parties involved have been asked to inspect traffic themselves. Both of the two companies as well as four other, unnamed providers are said to be worried about being discovered collaborating with the RIAA and may avoid committing to a deal to avoid the negative press and customer defections that would likely follow from the association. The RIAA has hurt its reputation through its previous tactic of collecting information independently and resorting directly to lawsuits, which in multiple instances have resulted in mistaken accusations as well as countering racketeering lawsuits that charge the RIAA with unfairly forcing customers to pay large settlements rather than contest threatened copyright lawsuits in court. Neither Comcast nor RIAA is willing to comment. AT&T won't either confirm or deny its involvement but maintains that it believes "consumer education" is the solution to thwarting music piracy and that it wouldn't automatically cut off access to its customers. Most American Internet carriers have until now been hesitant to actively cooperate in enforcing copyrights and often defend themselves with safe harbor, which relieves them from taking responsibility for piracy committed on their networks. France currently implements a "three strikes" system promoted by the RIAA's European equivalent, the IFPI, that imposes a strict escalating punishment system which disconnects users after three distinctly identified violations. From rforno at infowarrior.org Fri Jan 30 17:53:43 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Jan 2009 12:53:43 -0500 Subject: [Infowarrior] - Feds allege plot to destroy Fannie Mae data Message-ID: <83ED993B-1AB3-4096-8C1A-56B96AD85495@infowarrior.org> (Once again, the higher-probability risk of successful cyber- malfeasance is the insider, not some rogue nefarious cyberdude overseas..and interestingly, in this particular allegation, the method of attack -- a logic bomb -- is an OLD OLD method......--rf) Feds allege plot to destroy Fannie Mae data Jan 30 10:54 AM US/Eastern http://www.breitbart.com/article.php?id=D961I79O0&show_article=1 URBANA, Md. (AP) - The Justice Department says it foiled a plot by a fired Fannie Mae contract worker in Maryland to destroy all the data on the mortgage giant's 4,000 computer servers nationwide. The U.S. Attorney's Office says 35-year-old Rajendrasinh Makwana, of Glen Allen, Va., is scheduled for arraignment Friday in U.S. District Court in Baltimore on one count of computer intrusion. U.S. Attorney Rod Rosenstein says Makwana was fired Oct. 24. Rosenstein says that on that day, Makwana programmed a computer with a malicious code that was set to spread throughout the Fannie Mae network and destroy all data this Saturday. Makwana's federal public defender did not immediately return a call seeking comment. Washington-based Fannie Mae is the largest U.S. mortgage finance company. Copyright 2009 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed. From rforno at infowarrior.org Sat Jan 31 00:26:59 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Jan 2009 19:26:59 -0500 Subject: [Infowarrior] - Terrorism Threat Hyped, Says Think Tank Message-ID: Terrorism Threat Hyped, Says Think Tank By Matthew Harwood, securitymanagement.com 01/26/2009 http://www.securitymanagement.com/news/terrorism-threat-hyped-says-think-tank-005103 USA: The United States needs to adopt a more "grown-up approach" to counterterrorism, argues Benjamin Friedman of the Cato Institute?a libertarian think tank. The core strategy, he says, should revolve around "less fear- mongering" and "more confidence." Friedman points to three recent examples of bureaucrats and reporters hyping terrorist doomsday scenarios that he argues, while possible, would not destroy the foundations of U.S. democratic society. During the confirmation hearing of Dennis Blair for Director of National Intelligence, Senator Kit Bond said: "Our entire way of life is just a few moments away from annihilation if terrorists succeed in obtaining a weapon of mass destruction." "Nonsense," Friedman replies. Even if terrorists did detonate a nuclear device on American soil, he says, the United States way of life has survived multiple wars and natural disasters. It would survive a nuclear, biological, or chemical attack too. "The danger to American values comes more from our reaction to terrorism than the thing itself," he says. "What?s more, these sorts of incidents are not nearly as likely as you generally hear." Second, Friedman takes on The Washington Times for reporting rumors that al Qaeda militants inadvertently killed themselves while playing with the deadly bubonic plague, otherwise known as the Black Death. "What they fail to point out is that, if an outbreak did occur, it was probably a natural occurrence," he writes. Finally, Friedman criticizes a recent article from Government Executive for repeating the fear that terrorists could detonate a dirty bomb and blanket Manhattan in the radioactive plume. "The article dwells on this possibility without giving any space to plausibility," Friedman writes. "Dispersing radioactive material (here cesium-137) in a plume that engulfs an area the size of Manhattan would be quite difficult. Nor is it clear that the long-term increase in background 'radiation' would have adverse health consequences in more than a few square blocks." While national security officials should worry about these scenarios, the media should also be cognizant of reporting how likely each scenario is, Friedman argues. The Atlantic's blogger and national correspondent, James Fallows, agrees with Friedman and levels some additional ire on the Department of Homeland Security's Terrorism Threat Level sign at Reagan National Airport. Really, what is the point of this? 99.9 percent of the people who look at it don't even see it any more, since it's just part of the "boy who cried wolf" ignorable background. Anyone who does think about it has to wonder: Is there a threat to the entire country? Just to Washington? Is there new information? Is there anything different I'm supposed to do? Does this sign have any purpose other than to make me just a little bit more fearful and a little bit more accepting of anything done in the name of "security"? Fallows' advice to the new president: tear down this sign.