From rforno at infowarrior.org Wed Jul 1 01:47:42 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 30 Jun 2009 21:47:42 -0400 Subject: [Infowarrior] - Adobe shuts down for a week Message-ID: Adobe shuts down for a week June 30, 2009 | Paul Boutin The San Jose Mercury News reports that Adobe Systems, maker of the Flash player used for most Web video clips, has shut down its North American operations for the week as a cost-cutting move. San Jose Mercury News reports that Adobe Systems, maker of the Flash player used for most Web video clips, has shut down its North American operations for the week as a cost-cutting move. The move is striking because Adobe is, by most metrics, successful. In addition to Flash, Adobe now develops and sells many of the most popular software tools used by graphic designers and website builders: Acrobat, Illustrator, Photoshop, Dreamweaver, and several others. The company is profitable, although sales have been lower than planned. Second-quarter income dropped 41 percent to $126 million. CNET reported earlier this month that sales of the company?s flagship product Creative Suite 4, some versions of which sell for $1,500 at Amazon, have been soft due to the current recession. The shutdown is one of three planned for this year, following a layoff last December of 600 of the company?s 7,400 workers around the world. (Adobe has since hired another 260 employees in lower-cost locations outside the U.S.) The first shutdown was in April, the third not yet announced. During the first shutdown, chief financial officer Mark Garrett told Bloomberg that the company had also frozen salaries, reduced bonuses, and cut back on travel expenses. http://venturebeat.com/2009/06/30/adobe-shuts-down-for-a-week/ From rforno at infowarrior.org Wed Jul 1 01:49:32 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 30 Jun 2009 21:49:32 -0400 Subject: [Infowarrior] - FBI IG Report: Terror Watchlist Nominations Message-ID: The Federal Bureau of Investigation's Terrorist Watchlist Nomination Practices, Audit Report 09-25, May 2009 http://www.usdoj.gov/oig/reports/FBI/a0925/final.pdf From rforno at infowarrior.org Wed Jul 1 01:51:49 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 30 Jun 2009 21:51:49 -0400 Subject: [Infowarrior] - Professor's op-ed on academic copyright issues Message-ID: ?Don?t ask, don?t tell? rights retention for scholarly articles June 18th, 2009 A strange social contract has arisen in the scholarly publishing field, a kind of ?don?t ask, don?t tell? approach to online distribution of articles by authors. Publishers officially forbid online distribution, authors do it anyway without telling the publishers, and publishers don?t ask them to stop even though it violates contractual obligations. What happens when you refuse to play that game? Read on. < - > http://blogs.law.harvard.edu/pamphlet/2009/06/18/dont-ask-dont-tell-rights-retention-for-scholarly-articles/ From rforno at infowarrior.org Wed Jul 1 12:55:01 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 1 Jul 2009 08:55:01 -0400 Subject: [Infowarrior] - Niro JPEG Patent Smacked Down Again Message-ID: Infamous Niro JPEG Patent Smacked Down Again http://techdirt.com/articles/20090628/1533475384.shtml Lawyer Raymond Niro, for whom the term "patent troll" was apparently first coined, has been known to use the fact that he represents a company called Global Patent Holdings (GPH) to his advantage. GPH owns patent 5,253,341, but looking at it there won't do much good. You see, Niro and others claimed that the patent covered pretty much anyone running a web server, leading to quite a few legal battles, including one against a guy, Greg Aharonian, who called it a "bad patent." For claiming that, he got sued for patent infringement. In fighting the patent, it was re-examined, and all 16 of its claims were rejected... but a 17th claim was added and allowed to stand. Since then the patent has been asserted against a wide range of organizations, including some resort in Florida and the Green Bay Packers. Niro appears to claim that any site using a JPEG image violates the patent. Not only that, but in cases where the patent has been asserted, Niro has been known to go for something of a sympathy play, by noting that the inventors (or the widow of one inventor) named on the patent are "old and feeble" (yes, they called them feeble) and made almost no money in 2006 (even though the filing was in 2008 -- some noted that their 2007 income was conveniently left out). With so many cases involving this patent underway, the USPTO agreed to re-examine the one claim (claim 17). And, with that re-exam going on, a judge on one of the cases put the case on hold until the re-exam is done. While GPH protested, claiming that the patent had already been re-examined (and that the re-exam process took too long), the judge pointed out that there's only one claim left (so it should be faster) and that this particular claim had never been re-examined, since it was added during the last re-exam. Last summer, the USPTO gave an initial (non-final) rejection of the patent, in rather strong language. Not surprisingly, GPH/Niro have pushed back, but in early June the USPTO appears to have smacked down the patent all over again in this rather lengthy ruling, which you can see below: 90008972 The smackdown here is rather complete. On top of reaffirming the 19 reasons for rejecting the remaining claim, the examiner added more reasons to reject it for being obvious and anticipated by other inventions. Also, it appears that GPH/Niro tried to do something similar to last time, in that they also submitted some new claims to be added (claims 18 - 21), but the examiner smacked those down as well, as attempts to "broaden the scope" of the patent. On top of that, the rejects scolds GPH/Niro for mischaracterizing what the patent office has said and even using a "biased" expert witness with "flip-flopping declarations." This is, still, a non-final rejections, but it doesn't look like GPH/ Niro has been able to make up any ground at all on this particular fight, and, in fact, seems to be getting pushed further and further back with each try. This particular patent expires in March of 2011 anyway, so unless Niro is able to pull a proverbial rabbit out of the hat to convince the USPTO that this patent is vaild, it's not looking very good. From rforno at infowarrior.org Wed Jul 1 12:56:59 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 1 Jul 2009 08:56:59 -0400 Subject: [Infowarrior] - Pirate Bay Hit With DDoS Attack After "Selling Out" Message-ID: <863371B5-A1ED-4E00-B116-66E524A1787E@infowarrior.org> Pirate Bay Hit With DDoS Attack After "Selling Out" 8:01 AM - July 1, 2009 by Jane McEntegart http://www.tomshardware.com/news/Pirate-Bay-DDoS-Sell-Out, 8173.html#xtor=RSS-181 Yesterday news hit that the four co-founders of The Pirate Bay were selling the site to Global Gaming Factory X AB for nearly $7.8 million and users didn?t exactly bow down to their new leaders. The vast majority of users think that the sales represents a sell out on behalf of The Pirate Bay co-founders who have been bogged down with legal battles for months. Sentenced to a year each in prison and ordered to pay upwards of $3 million in fines, many regular users of The Pirate Bay think that this is a ?take the money and run? solution for Fredrik Neij, Gottfrid Svartholm Warg, Peter Sunde and Carl Lundstr?m. Further fueling speculation that the deal was a death knell for TPB, the site was down for long periods of time yesterday. Some figured it was because the site was getting so many hits in light of the news and others assumed it was TPB shutting down. In fact, it was a DDoS attack from disappointed users. Spokesperson for the group Peter Sunde confirmed via his Twitter that yesterday that the reason for the down time was a DDoS. In response to one user who asked if a DDoS attack was why he couldn?t access the site, Sunde replied, ?Yup, DDoS. Understand the people doing it as well. I hope people will calm down and understand what it means logically instead...? Unfortunately, Sunde wasn?t as calm and understanding throughout the day. Tweets from his Twitter account rang from, ?We've been asking people to open more trackers, nothing happens.We've been fighting for five years. Where's the thanks?? to ?#spectrial is still a spectacle and we need all the support we can get. I f**king cried earlier that people don't understand us.? From rforno at infowarrior.org Wed Jul 1 20:51:54 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 1 Jul 2009 16:51:54 -0400 Subject: [Infowarrior] - 5 Alternatives to The Pirate Bay Message-ID: 5 Alternatives to The Pirate Bay http://www.zeropaid.com/news/86532/5-alternative-the-pirate-bay-bittorrent-sites/ The admins of The Pirate Bay have stressed that in order for the Bay to stay alive, they need to adapt the site to a legitimate one, selling the site for $7.8 Million in the process. While some users showed their support for the infamous website, others are already jumping ship, demanding that their accounts be removed in the process. We were curious to know what alternatives there are out there these days and have come up with 5 alternative websites. It seemed almost unfathomable right up to the announcement of the website being sold, but it has indeed happened. While sites like the once mighty SuprNova fell in it?s wake, The Pirate Bay stood proud long after other sites succumbed to pressure from copyright entities. The length the site lasted seemed like the site became very symbol of defiance toward the copyright industry as a whole. Really how many sites can be named that lasted as long as The Pirate Bay? To drive the point home, the admins even created a page of legal threats they received and included responses which became a sensation all in its own primarily for the audacity of the responses, but also for the humour in it all. The Pirate Bay was the biggest ?stick it to the man? kind of sites. As a result, many other sites may have been emboldened by the efforts of The Pirate Bay ? perhaps because the site lead the way in resilience, or maybe because the site took most of the flack from the copyright industry to name two possibilities. For these and many other reasons, the loss of such a site in the eyes of many would lead to a huge hole left behind. While the fact that it was such a large site where users went to was, in and of itself, is a large reason for the hole left behind, many would agree that the spirit behind the site being removed can be felt by many file-sharers ? how many users out there who never used the site or rarely used the site felt at least one bit emotional about the sale? While the admins reassured their users that the site isn?t dying, just changing hands, many users have already expressed their doubts and are opting for the attitude that the site died the moment the announcement came that the site was sold ? even though nothing has even changed yet. We here at ZeroPaid were curious. If one were to jump ship, where would the users go? Under the idea that the site has to be somewhat public at the very least, we found 5 alternative websites through our own resources that may be of interest to public BitTorrent users: 1. Mininova MiniNova is perhaps the most well known in the BitTorrent community. It was formed after the demise of SuprNova by ex-SuprNova staff members. It?s not hard to argue that this was the best site that replaced SuprNova. It indexes .torrent files from other sites, so some of the .torrents are from private sites that only allow members of those sites to download the given files. Still, the site is moderated and well-used by members and, with the release of their distribution network, content creators alike. 2. Demonoid There?s been some debate in the past on whether or not this is a public or private site, though many would agree that this would be classified as semi-private given how often sign-ups are open. Whether or not you agree with this kind of torrent site, Demonoid has a huge following backing them and a number of it?s users would no doubt defend it?s viability as an alternative to The Pirate Bay. 3. ISOHunt ISOHunt, like MinoNova, has had it?s share of legal trouble in the past and agreed to filtering content. Still, a number of users still use that site for finding what they want and it has stayed being one of the most populated sites online to this day. 4. 1337x 1337x.org is a lesser known BitTorrent site. Still, that hasn?t stopped their front page from saying ?we don?t plan on selling anytime soon.? MustangX continues, ?We welcome all the users of TPB to use our trackers and site. It?s a free leech community with NO ratios to maintain, we have a web based chat , A 24/7 radio station with 8 different DJ?s.? 5. BTJunkie BTJunkie is another site that is well-populated with users, but not as well known as sites like MiniNova and ISOHunt. Still, many users still find this place to be a torrent home or even a second torrent home when another of their preferred sites goes down or inaccessible on their end. Afterthought It should be noted that for many, no site will fully replace The Pirate Bay. That site is easily considered a home site for many and a site that is difficult to impossible to replace in the long run. Still, The Pirate Bay isn?t the only site around these days. It might be questionable if there would be many, if any, sites that could match the longevity and reach of The Pirate Bay, but that doesn?t make the only BitTorrent site around with, at least, a semi-open nature about it. Have a tip? Want to contact the author? You can do so by sending a PM via the forums or via e-mail at drew at zeropaid.com From rforno at infowarrior.org Thu Jul 2 02:42:42 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 1 Jul 2009 22:42:42 -0400 Subject: [Infowarrior] - US sets final emergency responder wireless pilot Message-ID: <8CB7AD8A-C67F-47B5-96A9-28EC68993BB6@infowarrior.org> Published on NetworkWorld.com Community (http://www.networkworld.com/community ) US sets final emergency responder wireless pilot By Layer 8 Created Jul 1 2009 - 5:12pm http://www.networkworld.com/community/print/43196 Looking to help eliminate [1] the dangerous and inefficient hodgepodge of communication and network technology used by emergency response personnel, the US Department of Homeland Security (DHS) today said it had picked 14 groups from across the country [2] to pilot an ambitious Multi-Band Radio project. In 2008, the DHS Science and Technology Directorate [3] awarded a $6.2 million contract to Thales Communications to demonstrate the first- ever portable radio prototype that lets emergency responders-police, firefighters, emergency medical personnel and others-communicate with partner agencies, regardless of the radio band they operate on. This is the final pilot in a three-part test, DHS said. Currently radios only operate within a specific frequency band; subsequently, responders are often unable to communicate with other agencies and support units that operate in different radio frequencies. Comparable in size and weight to existing portable radios with similar features, multi-band radio would provide users with much-improved incident communications capabilities, the DHS [4] stated. Thales Liberty multiband mobile radio received US Federal Communications Commission (FCC) certification in April. The Liberty radio is made in the U.S. and is the first multiband, software-defined LMR designed specifically for government agencies and first responders, the company [5] said. The MBR prototype [6] is capable of operating in the primary public safety bands between 136-174 megahertz (MHz) and 380-520 MHz as well as in the 700 MHz and 800 MHz bands. Additionally, when authorized, the MBR is capable of operating on the Department of Defense bands in the 136-138 MHz and 380- 400 MHz ranges as well two Federal Government bands: 162-174 MHz and 406.1-420 MHz. This capability will for the first time let for Federal agencies interoperate with local, tribal, regional, and state counterparts, the DHS said. Carrying a price tag of $4,000-$6,000, the MBR is equal in form, factor, and cost to existing high-end portable radios, the DHS said. The 14 pilot organizations are: -2010 Olympic Security Committee (Blaine, Wash., and Vancouver, B.C. Canada) -Amtrak (Northeast Corridor) -Boise Fire Department (Boise, Idaho) -Canadian Interoperability Technology Interest Group (Ottawa, ON Canada) -Customs and Border Patrol (Detroit) -Federal Emergency Management Agency (Multiple Locations) -Hawaii State Civil Defense (Honolulu) -Interagency Communication Interoperability System (Los Angeles County, Calif.) -Michigan Emergency Medical Services (Lower Peninsula Areas) -Murray State University (Southwest Kentucky) -Phoenix Police Department and Arizona Department of Emergency -- Management Greater Phoenix and Yuma County) -Texas National Guard (Austin, Texas) -U.S. Marshals Service (Northeast Region) -Washington Metro Area Transit Authority Transit Police (District of Columbia) Each agency will conduct a minimum 30-day pilot in fall 2009. From rforno at infowarrior.org Thu Jul 2 11:23:34 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 2 Jul 2009 07:23:34 -0400 Subject: [Infowarrior] - Microsoft: Bing To Include Tweets Search Message-ID: <98E31175-36AD-4A39-A1F5-4FF95511EAA0@infowarrior.org> Microsoft: Bing To Include Tweets Posted: July 2, 2009 at 5:08 am http://247wallst.com/2009/07/02/another-brilliant-search-move-from-microsoft-bing-to-include-tweets/ Bing is arguably the best search product Microsoft (MSFT) has ever launched. It has gotten good to excellent reviews. A number of internet reseach firms show that Bing is picking up market share from Google (GOOG) and Yahoo! (YHOO). Microsoft is paying a price for Bing, one that is well beyond its development costs. The world?s largest software company says it will spend $100 million on the Bing launch campaign and may invest as much as 10% of its operating income on search over the next five years. That could be as much as $20 billion. Microsoft is being especially smart in areas that involves very little investment, too. The new search features in Bing will allow users to look for ?tweet? the short messages written by users of Twitter. The microblogging service has, by some counts, as many as 30 million visitors. According to Dow Jones, ?Bing?s move shows the importance Internet companies are attaching to `real time? blogging services like Twitter.? Bing?s competition does not have a similar service, at least not for now. Microsoft has moved from playing catch-up in search to a point where it is being viewed as the leading innovator in the industry. If it can keep that reputation, and the pace of Bing?s growth, Yahoo! will rue the day that it did not form a partnership with Redmond. From rforno at infowarrior.org Thu Jul 2 17:11:09 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 2 Jul 2009 13:11:09 -0400 Subject: [Infowarrior] - Apple Issues Heat Advisory for iPhone 3G, 3GS Message-ID: Wednesday July 1, 2009 Apple Issues Heat Advisory for iPhone 3G, 3GS http://www.gearlog.com/2009/07/apple_issues_heat_advisory_for.php Whether anecdotal reports of iPhones overheating are true or not, Apple has taken them seriously enough to reveal the presence of a temperature warning screen for the iPhone 3G and 3GS. Here's the deal: an unknown but probably very small number of iPhones have been affected by overheating, to the point that some white iPhone 3GSes have allegedly turned pink. Sascha Segan, our phone analyst, said he hasn't seen any such problems with his iPhone 3GS, however. Apple, however, has issued what some might call a "common sense" warning: a support document that warns users not to keep the iPhone in an environment where temperatures can exceed 113 degrees Fahrenheit, including parked cars. But Apple also warns that CPU-intensive applications, such playing music or using the GPS while in direct sunlight may also overheat the iPhone. In that case, actually using the iPhone in temperatures over 95 degrees can also trigger the temperature warning. "Low- or high- temperature conditions might temporarily shorten battery life or cause the device to temporarily stop working properly," Apple warns. Obviously, summer temperatures in many locations top 95 degrees.Las Vegas, for example, has forecasts topping 100 degrees for the next 10 days; Phoenix routinely climbs above 103. So what will happen? Read on. Apple also says that the iPhone 3G and 3GS should not be stored where the temperature can fall under -4 degrees Fahrenheit, or used in less in temperatures under 0 degrees F. If the phone exceeds those temperatures, Apple says, the iPhone may stop charging, its display might dim, a weak cellular signal may be experienced, and the temperature warning screen on the left may also appear. Apple's support document implies that there's a temperature sensor of some sort built in to the iPhone 3G or 3G S If that happens, Apple says, you'll need to let the iPhone cool down before you use it again, although the phone may be able to make emergency calls during that time. How long will that take? Apple doesn't say. From rforno at infowarrior.org Thu Jul 2 18:20:00 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 2 Jul 2009 14:20:00 -0400 Subject: [Infowarrior] - NSA to build huge facility in Utah Message-ID: <1218169F-2C64-49D6-8136-B7C366200DE5@infowarrior.org> Spies like us: NSA to build huge facility in Utah Civilian jobs ? The facility could offer more than 1,000 high-tech jobs for the state. By Matthew D. LaPlante The Salt Lake Tribune Updated: 07/02/2009 09:10:38 AM MDT http://www.sltrib.com/news/ci_12735293 Hoping to protect its top-secret operations by decentralizing its massive computer hubs, the National Security Agency will build a 1- million-square-foot data center at Utah's Camp Williams. The years-in-the-making project, which may cost billions over time, got a $181 million start last week when President Obama signed a war spending bill in which Congress agreed to pay for primary construction, power access and security infrastructure. The enormous building, which will have a footprint about three times the size of the Utah State Capitol building, will be constructed on a 200-acre site near the Utah National Guard facility's runway. Congressional records show that initial construction -- which may begin this year -- will include tens of millions in electrical work and utility construction, a $9.3 million vehicle inspection facility, and $6.8 million in perimeter security fencing. The budget also allots $6.5 million for the relocation of an existing access road, communications building and training area. Officials familiar with the project say it may bring as many as 1,200 high-tech jobs to Camp Williams, which borders Salt Lake, Utah and Tooele counties. It will also require at least 65 megawatts of power -- about the same amount used by every home in Salt Lake City combined. A separate power substation will have to be built at Camp Williams to sustain that demand, said Col. Scott Olson, the Utah National Guard's legislative liaison. Advertisement He noted that there were two significant power corridors that ran though Camp Williams -- a chief factor in the NSA's desire to build there. The NSA bills itself as the home of America's codemakers and codebreakers, but the Department of Defense agency is perhaps better known for its signals intelligence program, which is reported to have the capacity to tap into a significant amount of the world's communications. The agency also has been the subject of significant criticism by civil libertarians, who have accused it of unwarranted monitoring of the communications of U.S. citizens. The NSA's heavily automated computerized operations have for years been based at Fort Meade, Maryland, but the agency began looking to decentralize its efforts following the terrorist attacks of Sept. 11, 2001. Propelling that desire was the insatiable energy appetite of the agency's computers. In 2006, the Baltimore Sun reported that the NSA -- Baltimore Gas & Electric's biggest customer -- had maxed out the local grid and could not bring online several supercomputers it needed to expand its operations. About the same time, NSA officials, who have a long-standing relationship with Utah based on the state Guard's unique linguist units, approached state officials about finding land in the state on which to build an additional data center. Olson said NSA officials also seemed drawn to Utah's increasing reputation as a center of technical industry and the area's more traditional role as a transportation hub. "They were looking at secure sites, where there could be a natural nexus between organizations and where space was available," he said. "The stars just kind of came into alignment. We could provide them everything they need." The agency is building a similar center in San Antonio at the site of a former Sony microchip plant. Sen. Orrin Hatch, the longest-serving member of the Senate Select Committee on Intelligence, refused to answer questions about the project. Officials from Hatch's office said they were not at liberty to discuss a classified matter, though it is referenced in several public documents and has been spoken about openly by state officials for the past week. NSA officials also declined to comment immediately on the project, but pledged to answer questions later this week. Tribune reporter Matt Canham contributed to this story From rforno at infowarrior.org Thu Jul 2 18:54:12 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 2 Jul 2009 14:54:12 -0400 Subject: [Infowarrior] - New DARPA Director named Message-ID: <11AE8380-9169-40B0-BA44-0E20F48F680D@infowarrior.org> U.S. Department of Defense Office of the Assistant Secretary of Defense (Public Affairs) News Release On the Web: http://www.defenselink.mil/releases/release.aspx?releaseid=12784 Media contact: +1 (703) 697-5131/697-5132 Public contact: http://www.defenselink.mil/faq/comment.html or +1 (703) 428-0711 +1 IMMEDIATE RELEASE No. 474-09 July 02, 2009 DoD Announces New Director Of DARPA The Department of Defense (DoD) today announced the appointment of Regina E. Dugan as the 19th director of the Defense Advanced Research Projects Agency (DARPA). DARPA is the principal agency within the DoD for research, development, and demonstration of concepts, devices, and systems that provide highly advanced military capabilities for the current and future combat force. In this role of developing high-risk, high-payoff projects, DARPA compliments and balances the overall science and technology program of the DoD. ?Regina Dugan is precisely the dynamic leader DARPA needs to open new technology frontiers and transition revolutionary technologies to serve our nation?s interests,? said Zachary J. Lemnios, director, Defense Research and Engineering. ?I am delighted she will be leading this agency and look forward to working closely with her." Prior to this appointment, Dugan held several key positions in industry, most recently as president and chief executive officer of RedXDefense, LLC, which she co-founded in 2005, a company that develops defense against explosive threats. She has also served in senior executive positions in several additional companies in roles ranging from global sales and marketing to research and product development. During her first tour at DARPA from January 1996 to May 2000, Dugan received the program manager of the year award for her leadership of the ?Dog?s Nose Program?, which was focused on the development of an advanced, field-portable system for detecting the explosive content of land mines. She is also the recipient of the deFleury Medal, the office of the secretary of defense award for exceptional service, and the award for outstanding achievement. She has participated in wide-ranging studies for the Defense Science Board, the Army Science Board, the National Research Council and Science Foundation, and currently sits on the Naval Research Advisory Committee and the Defense Threat Reduction Agency Science and Technology Panel. Dugan earned her doctorate in mechanical engineering from the California Institute of Technology and her master's and bachelor's degrees from Virginia Tech. She is the co-author of ?Engineering Thermodynamics,? 1996, sole inventor on one issued patent and inventor or co-inventor on nine additional patents pending. Media may contact DARPA external relations at 571-218-4512. Additional information on DARPA is provided at http://www.darpa.mil . From rforno at infowarrior.org Fri Jul 3 00:42:30 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 2 Jul 2009 20:42:30 -0400 Subject: [Infowarrior] - NSA to help Defend Civilian Agency Networks Message-ID: Obama Administration to Involve NSA in Defending Civilian Agency Networks By Ellen Nakashima Washington Post Staff Writer Thursday, July 2, 2009 7:40 PM http://www.washingtonpost.com/wp-dyn/content/article/2009/07/02/AR2009070202771_pf.html The Obama administration will proceed with a Bush-era plan to use National Security Agency assistance in screening government computer traffic on private-sector networks, with AT&T as the likely test site, according to three current and former government officials. President Obama said in May that government efforts to protect computer systems from attack would not involve "monitoring private- sector networks or Internet traffic," and Homeland Security Department officials say the new program will scrutinize only data going to or from government systems. But the program has provoked debate within DHS, the officials said, because of uncertainty about whether private data can be shielded from unauthorized scrutiny, how much of a role NSA should play and whether the agency's involvement in warrantless wiretapping during George W. Bush's presidency would draw controversy. The activities of any private citizen who visits a "dot-gov" Web site or sends an e-mail to a civilian government employee would be screened. "We absolutely intend to use the technical resources, the substantial ones, that NSA has. But . . . they will be guided, led and in a sense directed by the people we have at the Department of Homeland Security," the department's secretary, Janet Napolitano, told reporters in a discussion about cybersecurity efforts. Under a classified pilot program approved during the Bush administration, NSA data and hardware would be used to protect the networks of some civilian government agencies. Part of an initiative known as Einstein 3, the plan called for telecommunications companies to route the Internet traffic of civilian agencies through a monitoring box that would search for and block computer codes designed to penetrate or otherwise compromise networks. AT&T, the world's largest telecommunications firm, was the Bush administration's choice to participate in the test, which has been delayed for months as the Obama administration determines what elements to preserve, former government officials said. The pilot program was to have begun in February. "To be clear, Einstein 3 development is proceeding," DHS spokeswoman Amy Kudwa said. "We are moving forward in a way that protects privacy and civil liberties." AT&T officials declined to comment. A DHS official said the delay occurred because the original timeline "did not take into account all that was required to ensure the exercise would provide the data needed." The program is the most controversial element of the $17 billion cybersecurity initiative the Bush administration started in January 2008. Einstein 3 is crucial, advocates say, in an era in which hackers have compromised computer systems at the Commerce and State departments, and have taken military jet data from a defense contractor. The NSA declined to comment on Einstein 3, but a spokeswoman said the agency would help DHS in "any way possible, including technical support" as it seeks to protect government networks. The internal controversy reflects the central tension in the debate over how best to defend the nation's mostly private system of computer networks. The techniques that work best, experts say, require the automated scrutiny of e-mail and other electronic communications content -- something that commercial providers already do. Proponents of involving the government said such efforts should harness the NSA's resources, especially its database of computer codes, or signatures, that have been linked to cyberattacks or known adversaries. The NSA has compiled the cache by, for example, electronically observing hackers trying to gain access to U.S. military systems, the officials said. "That's the secret sauce," one official said. "It's the stuff they have that the private sector doesn't." But it is also the prospect of NSA involvement in cybersecurity that fuels concerns about unwarranted government snooping into private communication. "The bitter battles over privacy and NSA's role in domestic wiretapping hang over cybersecurity like a toxic cloud," said Stewart A. Baker, who was assistant secretary of homeland security under Bush. AT&T was sued over its role in aiding the Bush-era counterterrorism program to intercept Americans' e-mails and phone calls without a warrant. It is seeking legal assurance that it will not be sued for participating in the pilot program. That legal certification has been held up for several months as DHS prepares a contract, several current and former officials said. Einstein's promise, they said, is that it can more effectively detect malicious activity and disable intrusions before harm is done to civilian government networks. "Intrusion detection is like a cop with a radar gun on a highway who catches you speeding or drunk and phones ahead to somebody at the other end," Michael Chertoff, former homeland security secretary, said in a recent interview. "Einstein 3 is a cop who actually arrests you and pulls you off the road when he sees you driving drunk." The program has two goals. The first is to prove that the telecommunications firm can route only traffic destined for federal civilian agencies through the monitoring system. The second is to test whether the technology can work effectively on civilian government networks. The sensor box would scan e-mail messages and other content just before they enter the civilian agency networks. The classified NSA system, known as Tutelage, has the ability to decide how to handle malicious intrusions -- to block them or watch them closely to better assess the threat, sources said. It is currently used to defend military networks. The database for the program would also contain feeds from commercial firms and the DHS's U.S. Computer Emergency Readiness Team, administration officials said. "We're looking for malicious content, not a love note to someone with a dot-gov e-mail address," a former senior administration official said. "What we're interested in is finding the code, the thing that will do the network harm, not reading the e-mail itself." Ari Schwartz, a vice president of the Center for Democracy and Technology, was among a group of privacy advocates given a classified briefing in March on the Einstein program. The advocates wanted to ensure that officials had a plan to protect privacy and civil liberties, including shielding such personally identifying data as Internet protocol addresses. "We came away saying they have a lot of work in front of them to get this done right," Schwartz said. "We're looking forward to their next steps." Bush administration lawyers determined last year that DHS had the legal authority to conduct the Einstein program, and could do so in compliance with existing wiretap and privacy laws, as long as appropriate policies were in place. Last fall, plans for the pilot were proceeding, former officials said. But in the Bush administration's final weeks, AT&T lawyers raised concerns about legal liability, they said. Then-Attorney General Michael B. Mukasey was willing to give AT&T written assurance that it would bear no liability for participating in the program, but both AT&T and the Justice Department agreed that the new administration should issue the certification, they said. "They just wanted to make sure the certification would not be reversed by the next administration," a Bush administration official said. In hindsight, Baker said, the Bush White House's decision to classify so much of its initiative was a mistake. "It meant that the problem was not well understood," said Baker, who was NSA general counsel in the Clinton administration. "The solution was veiled in secrecy in a way that allowed people outside to be suspicious, so anybody who mistrusted the intelligence community could just assume that it was because they were doing something that they shouldn't be doing." Staff writers Spencer H. Hsu and Carrie Johnson contributed to this report. From rforno at infowarrior.org Fri Jul 3 00:44:17 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 2 Jul 2009 20:44:17 -0400 Subject: [Infowarrior] - Is Jailbreaking a Security Threat? Message-ID: Is Jailbreaking a Security Threat? Really? July 2009 http://zdziarski.com/papers/jailbreaksecurity.html Someone sent me a copy of this MacWorld article in which Charlie Miller makes the claim that jailbreaking is a threat to ecurity (I left off the 's' because apparently they stole it for the new iPhone). Does Charlie really believe that DRM is healthy for a computer system? It seems that having disclosed the SMS vulnerability, he should know more than most that application signing provides more copyright control than it does actual security. Ironically, most exploits such as SMS and Safari exploits have the potential to affect every single iPhone user with a vulnerable version of firmware - whether it's jailbroken or not. He is right, but only to a certain extent. While he's correct that a jailbroken kernel allows for any self-signed application to run, I don't see that as necessarily increasing the threat by malicious individuals, who are looking for the types of exploits that will affect the entire iPhone community. The SMS vulnerability is emphatic proof that the native applications on the iPhone are more of a viable target and of more interest to a malicious party, as they are a standard part of the iPhone operating system. These types of exploits don't require a jailbreak, and pose a much more significant security risk to such a large monoculture of mobile devices. Lets talk about jailbreaking and security for a minute, shall we? Ironically, and much to Mr. Miller's chagrin, the jailbreak community has been responsible for fixing more security problems with the iPhone than it has caused. In October 2007, a serious image processing vulnerability was discovered in iPhoneOS v1.1.1. The iPhone dev-team (of which I was a member at the time) developed a website which iPhone users could visit to patch this serious vulnerability. The vulnerability was so serious, in fact, that other free services provided on the website included installing free, open source software at the user's request. The jailbreak community had a solution out for all iPhone users within a week of discovering the vulnerability. Apple took another several months to release a patch. More recent security fixes have involved patches for personal data leaks, such as preventing the storing of screenshots (taken by the iPhone operating system) of everything the user is doing, and preventing the iPhone's built-in keyboard logger from recording everything you type. None of these security fixes are available to people unless they jailbreak their phone. One final example of something the jailbreak community had a fix for long before Apple was the loading of remote images in Mail, which allowed spammers and scammers to embed web bugs to identify you. Overall, with the release of iPhoneoS v3.0, Apple fixed 46 security bugs. That should give you an indication of just how many holes Apple had left open in the operating system - which may have affected you over the past two years without your knowledge. Apple suddenly doesn't come off as the poster child for security that Miller makes them out to be. So we've dispelled the myth that jailbreaking is detrimental to security when, in fact, it has a long history of improving security (thanks to Apple's lax and, in my opinion, reckless attention to security). But Mr. Miller's claim is almost arguing that giving an iPhone the same level of security as every single Unix-based computer system out there isn't sufficient! Mac OS, Linux, and every other desktop and server operating system powering our economy run whatever software the user cares to load on them, and they do it without asking Apple for permission and without a lengthy review period to ensure the application jives' with the manufacturer's public image of the product. These desktop systems drive everything from financial systems to critical infrastructure across the world while connected to public networks, yet we don't consider these systems to be dangerously insecure (unless they're run by a federal government, but that's a whole other issue). If Miller really believes what he's saying, he must also make the argument that every desktop machine should also run a trusted kernel that only runs what the manufacturer specifically signs. This opens up a dangerous stronghold by the manufacturer to impose a monopoly, thus creating an even stronger monoculture than before, thus leading to an even bigger security threat. Imagine a world where you have to ask your computer manufacturer for permission before writing software! Ironically, earlier versions of iPhone firmware didn't include such a signing mechanism, and it only even came to be as a result of Apple's determination to control their protected revenue channels - DRMd music, movies, and now applications. Before the SDK was announced, code signing wasn't even a consideration by Apple. It was only after Apple decided to compete with the popular open source software community that code signing was introduced to attempt to snuff out the competition. This tells me that the goal of code signing isn't necessarily for "security", but more over for copyright control and to keep a closed ecosystem (to prevent competition). It's the equivalent of selling German cars that won't fit any aftermarket parts, and thus sell for three times as much as they're worth. Is the overpriced sports car more secure? One can squawk all they want about how jailbreaking opens up some kind of "dangerous vulnerability" on the device, but all I hear are the echoes of the kind of propaganda I would expect to hear from Apple's legal department to gloss over the obvious anti-competitive nature to which code signing was originally implemented. It was clearly put there to protect Apple's vested interest in controlling the market, and to prevent competitors (like Palm and Jay Freeman) from easily making products that can compete with Apple's own. In my opinion, jailbreaking an iPhone allows the device to function more like a computer system, and less like a monopolized, centrally controlled product - which sounds better to me. And in acting like a standard Unix computer system, we in the technology world are more likely to deem it to be "secure enough" as any Laptop with an AirCard or network server. The added benefits of jailbreaking outweigh any risk that we could possibly incur as a result of DRM control. Also consider that jailbreaking benefits us in 10 ways which I tweeted a week or two ago, shown below. The benefits far outweigh the rarely- ever missed loss of DRM control. If you ask me, turning the iPhone into a regular computer benefits the consumer more than the "security" provided by code signing DRM. Reason 10: To get the very most we can possibly push out of technology we've purchased, and to explore an learn about this wonderful device. Reason 9: Better AppStore apps. Ironic but developers can see the guts of what's really going on when they can access the phone and debug. Reason 8: Portable Unix. How often do geeks need a terminal window to run a script, SSH, or FTP? Why pay when you can have a Unix world. Reason 7: Land of misfit toys. Lots of great apps rejected by AppStore get to be seen by jailbreakers, and some are well worth the download. Reason 6: Security. If we can break it we can also fix it, and faster than Apple. Would you rather we find security bugs or the bad guys? Reason 5: Unlocking. Subsidized phones are great but many travel internationally and still need unlocks. Others just hate AT$T. Reason 4: Cool stuff. Useful tweaks & hacks to change internals like WinterBoard and PushMod keep us geeks happy. Without them, frustrated. Reason 3: Law enforcement. While the cops don't jailbreak, iPhone forensics use similar technical procedures to help convict rapists, murderers, and even terrorists. Reason 2: To expose open privacy leaks. Through jailbreaking, we can see just how much private data is exposed and show you (and Apple) how to work around them - there's lots to fix. Reason 1: An open device is an open market, and an open market breeds accountability and competition, keeping Apple from getting too greedy. So why does Miller hold the misguided belief that jailbreaking is detrimental to the iPhone's security? Miller makes no bones about the fact that he and Apple "agreed" not to give too many details about the SMS exploit. Clearly he's been approached by Apple. I surmise it may be likely that Apple asked him to agree to discourage jailbreaking as part of his SyScan presentation. Sound crazy? Apple desperately needs some PR backing in their ongoing case with the EFF, who is trying to add additional legal safeties to make jailbreaking even more legal than it is. Apple has been taking the position lately that jailbreaking is illegal (it isn't), a violation of copyright (it isn't), and detrimental to - you guessed it, the iPhone's security (it isn't). This wouldn't be the first time Apple's hell hounds have been unleashed on security experts. Apple went on an offensive attack against a well known technology company who put on a conference a few months ago, in which I gave a presentation disclosing numerous vulnerabilities with Apple's operating system, and the ability for an identity thief to lift personal data within seconds. While we met most of Apple's requests with a polite "go to hell", their legal department clearly made an impression on the conference, and my presentation. Perhaps Charlie's running a little scared at his first encounter with Apple. Or perhaps he really believes that jailbreaking is evil and should be outlawed, as Apple is trying to convince a judge. What's important to take away from this is that the so-called "security" Mr. Miller is referring to isn't intended to be security at all, but rather Apple's mechanism for closing off a product to competition, and controlling the revenue streams for everything that gets put onto the device. A large multi-billion dollar company greedy making excuses to run DRM? Nah. Say it aint so. From rforno at infowarrior.org Fri Jul 3 02:52:28 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 2 Jul 2009 22:52:28 -0400 Subject: [Infowarrior] - Microsoft Changing Users' Default Search Engine Message-ID: Microsoft Changing Users' Default Search Engine http://news.cnet.com/8301-13880_3-10277784-68.html From rforno at infowarrior.org Fri Jul 3 02:55:25 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 2 Jul 2009 22:55:25 -0400 Subject: [Infowarrior] - Navy reorganizes staff to focus on cyber Message-ID: <6523A92C-DF4E-4F96-89B7-FD0D4D258C52@infowarrior.org> Navy reorganizes staff to focus on cyber By Christopher P. Cavas - Staff writer Posted : Thursday Jul 2, 2009 17:31:07 EDT http://www.navytimes.com/news/2009/07/navy_dn_cybercom_070209w/ A new Navy staff reorganization is expected to beef up the service?s ability to defend its computer and communications networks, as well as exploit and attack an enemy?s systems, by combining intelligence and information technology operations under a new Fleet Cyber Command. ?There was a realization over the past several months that the Navy has to be better positioned to face the information age,? said one service official familiar with the plan. ?So many things need to be networked. You need to have more of a holistic view that includes communications, sensors, networks, intelligence and computer networks. These things can?t be done in stovepipes.? The moves are outlined in a June 26 internal memo from Adm. Gary Roughead, the chief of naval operations (CNO), to Vice Adm. Jack Dorsett, the director of naval intelligence, known as N2. The memo, a copy of which was obtained by Navy Times, directs the N2 office to be combined with the Deputy Chief of Naval Operations for Communications Networks (N6) and other, unnamed entities into a single organization, DCNO N2/6. N2 and N6 currently are each headed by a vice admiral. The memo did not specify whether both three-stars will remain in the new organization, and noted that flag billet guidance would be provided separately. Execution of the new, integrated organization is to begin Oct. 1 and be complete by Dec. 18. In the memo, Roughead also directed the transition of the Navy Staff Quadrennial Defense Review team now headed by Rear Adm. Bill Burke to a new Naval Warfare Assessment (N00X) team. That organization is to ?assess existing and proposed Navy programs and address desired warfighting and operational capabilities,? Roughead said in the memo. Responsibilities of N00X will include identifying gaps and shortcomings in war-fighting capability; making recommendations to the CNO on how the Navy should allocate risk; monitoring, evaluating and assessing ?the Navy program?; and conducting other assessments as directed by the CNO. The memo stipulates that the moves are ?zero sum,? with no growth of staff personnel. While creation of the new FLTCYBERCOM mirrors the establishment Oct. 1 of the Pentagon?s U.S. Cyber Command, ?the memo is a culmination of two years of discussion,? the Navy official said. Another source noted that a survey of cyber warfare last year by the CNO?s staff caused a significant amount of concern. ?They realized the Navy is a sieve,? the source said. ?Lots of people can get into our networks.? Over-reliance on computer networks, the source said, could be ?the proverbial technological glass jaw.? From rforno at infowarrior.org Fri Jul 3 18:35:48 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 3 Jul 2009 14:35:48 -0400 Subject: [Infowarrior] - The Staggering Cost of Playing it "Safe" Message-ID: <094BDDD7-9CAB-4743-A985-AC49E13E5544@infowarrior.org> The Staggering Cost of Playing it "Safe" by Devilstower Sun Jun 21, 2009 at 02:00:08 PM PDT http://www.dailykos.com/storyonly/2009/6/16/743102/-The-Staggering-Cost-of-Playing-it-Safe On December 22, 2001, a 28-year-old minor thug and former gang member from South London climbed onto a Boeing 767 bound for Miami. On the sparsely booked flight, he settled into a window seat in an otherwise empty row. Ninety minutes into the flight, with the plane well out over the Atlantic, a flight attendant noticed smoke coming from his area. She informed him that as the flight was an American flight, no smoking was allowed. A few minutes later, he was hunched over in his seat when the attendant saw that he wasn't trying to light a cigarette. He was trying to light his shoe. The flight attendant, aided by passengers, acted quickly. Richard Reid never got another chance to light his shoe bomb. Thanks to the immediate action of the the those on board, there was no damage to the plane. No injuries or loss of life. Since that day in 2001, every passenger entering a commercial airliner has been required to remove their shoes for inspection and X-ray. A precaution that is... massively, even breathtakingly idiotic. Why? Well, first off the volume of a shoe sole is not all that great. Reid managed to cram about 100 grams of high explosive into his shoe. Had he been successful in setting off the explosion, it's unlikely that the plane would have been so damaged as to crash, but almost certain that there would have been deaths in the passenger cabin. If the bomb had worked, it would have been a serious problem. So why is making people take off their shoes before entering a plane a crowning bit of stupidity? Because that 100 grams might have fit almost anywhere. Anything that will fit in a shoe sole will also fit in a back pocket, or under a shirt, or in a pair of extra comfy undershorts, or in a bra (as a comparison, the average breast implant weighs three times as much as much as Reid's shoe bomb -- and that's just on one side). There is absolutely nothing magic about shoes. In fact, as a place to store explosives like the ones that Reid carried -- which can be quite shock sensitive -- packing them into your shoes has to rate at the bottom of the list. But here we are years later, still showing off our holey socks to the world and making business for the folks at Tinactin. Assume that each airline traveller spends an additional minute in line because of removing, scanning, and replacing their shoes. Just one minute. In the United States, there are about 830 million domestic airline passengers a year. That's about 1,600 man years of time spent each year on removing shoes that are no more threat than any other piece of clothing. If you put a $10/hr value on the time of the average air traveller, that's about $33 million / year worth of shoe time. Better than $300 million worth since Reid got tackled in business class. Which has to make Reid and those like him very, very happy. So why do we go through the shoe ritual? First the fear factor around shoes was bolstered by other events. Only a few months after Reid's failed attempt, an airliner went down in Queens. Immediately, the rumor circulated that the plane had been the victim of another shoe bomber -- a theory that seemed to be confirmed by "cooperating" terror suspect, Mohammed Jabarah who was feeding information to the CIA from inside an al-Qaeda cell. Jabrah claimed that the plane had been destroyed by an unnamed "12th hijacker" using a shoe bomb, as part of a "second wave" of airliner attacks. Thing is, Jabarah was lying. The flight that came down in Queens failed because of problems with the plane's rudder, and Jabarah was later rearrested after it turned out he was giving plenty of real information to al-Qaeda while feeding fairy tales to the US. This came after a period in which Jabarah was the "subject of some interrogation which was improper" while a prisoner in Oman (i.e. torture doesn't work, and it's a really bad way to start your relationship with your new double agent). Similar suggestions of other shoe bombings made by imprisoned terror suspects have never turned out to have any basis in fact. The bigger reason we did something is because the response of politicians is always to do something. Even if that something makes no sense -- even if that something is actually counterproductive. The reason you're tiptoeing along the concourse in your Hanes (and tossing that Coke in the trash) has more to do with why jails are overpopulated than it does with stopping terrorists. When politicians see something on the news, and when pundits are screaming for action, the inclination is to provide that action. If that means a million gallons of Head n' Shoulders in airport trash cans or a life sentence for stealing a pizza, so what? What counts is that action was taken. Dave Kilchen in his new book The Accidental Guerrilla describes terrorism in the terms of an auto-immune disorder. Like lupus, where the systems of the body designed to protect against infection turn on healthy tissue, our response to problems can often result in far more damage than the problem itself. It's not the terrorists that do the real damage -- it's how you respond to the terrorists. Certainly, if you look at all the ways that the United States has responded to the threat of terrorism since 9/11 we've damaged our overseas relationships and reputation, tossed much of our own constitution in the dumpster, and spent millions for every dollar that our enemies have spent. The self-inflicted wounds have been deeper, more serious, and more lingering than anything that was done from the outside. The extent of the damage is often hard to judge. Since 9-11, self- inflicted wounds have turned up almost everywhere, even in subjects as distantly related as environmental law. In 2008, the failure of a containment area released about 300 million gallons of water and coal ash mixed in a slurry. This is just the latest and largest of several huge spills which have flooded communities, ruined rivers, destroyed homes, taken lives, and all the other fun stuff that happens when a wall of black goop goes raging through a valley. While the physical damage caused by the floods is clear, the long term damage from the heavy metals and other chemicals in the slurry is less clear. Some agencies said fly ash slurries were serious problems. A draft report last year by the federal Environmental Protection Agency found ... that the concentrations of arsenic to which people might be exposed through drinking water contaminated by fly ash could increase cancer risks several hundredfold. Similarly, a 2006 study by the federally chartered National Research Council found that these coal-burning byproducts ?often contain a mixture of metals and other constituents in sufficient quantities that they may pose public health and environmental concerns if improperly managed.? The study said ?risks to human health and ecosystems? might occur when these contaminants entered drinking water supplies or surface water bodies. Other agencies didn't agree. The Tennessee Valley Authority has issued no warnings about the potential chemical dangers of the spill, saying there was as yet no evidence of toxic substances. ?Most of that material is inert,? said Gilbert Francis Jr., a spokesman for the authority. ?It does have some heavy metals within it, but it?s not toxic or anything.? Attempts to more strictly regulate the storage of ash were met with opposition from coal companies and utilities. Which, as anyone watching the current health care debate might predict, squashed any thought of changing the regulations. Senator Barbara Boxer has led an effort to at least put together a public database of ash storage sites so that people can judge the risk to the areas where they live. However, even this effort has been blocked not by coal companies or utilities, but by the DHS. How could it possibly be a national security interest to cover up the location of material that's "not toxic or anything?" It's not. In fact, even if the ash turns out to be as bad as its worst critics fear, blocking the database is far more dangerous than revealing the location of these sites. Not only has there not been any threat against these sites by terrorists, and no workable scenario by which they might cause a problem, coal slurry impoundments are already failing with regularity, dousing parts of America with millions of gallons of this material. It doesn't take terrorists to make this happen. Blocking the release of this information doesn't protect the citizens of the United States in any way. It's just another example of the same creeping secrecy that makes cities more difficult to manage because of secrecy over facilities. The same creeping secrecy that "blurs" national monuments from images and puts intentional gaps in public information. The same creeping secrecy that increasingly elevates the most unlikely attack -- the shoe bombers of the world -- above our right to know what's going on around us so that we can make informed decisions. The same secrecy that defends torturers. It's worth remembering that the United States made it more than 170 years without any recognized need for a "national security" argument that acted as a trump card over any law. It wasn't until a Supreme Court ruling in 1953 that national security was enshrined as an all- purpose reason to deny access to information. After the B-29 Superfortress crashed near Waycross, Ga., in 1948, killing nine of the 13 men aboard, the widows of the Philadelphia-area engineers sought damages against the Air Force in federal court. ... Arguing that the widows' claim that Air Force negligence was responsible for the crash was unsupported -- and that the release of any information on the aircraft or its mission would pose a threat to national security -- the government appealed. Though the government's appeal was defeated in the 3rd U.S. Circuit Court of Appeals, the Supreme Court overturned the district court's verdict, ruling in United States v. Reynolds that even federal judges were not necessarily entitled to access sensitive information if national security could consequently suffer. That ruling established the pattern that we've seen so often of late -- the use of "national security" to crush any other concern. It was not until decades later that the crash report on the B-29 became available. When it did, the results went unnoticed for years longer. It took the children of one of those dead engineers to discover that... the government was lying. The crash report revealed no national security concerns, but it did reveal a long history of maintenance issues, mechanical problems and pilot error. It revealed exactly what the widows of the dead engineers had said it would reveal. In that very first example of national security being used to deny information to the public, the government was doing nothing less than protecting itself and military contractors from legitimate scrutiny. Which makes it a very good example of the vast majority of such assertions of national security since then. From rforno at infowarrior.org Fri Jul 3 19:27:56 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 3 Jul 2009 15:27:56 -0400 Subject: [Infowarrior] - Troubles Plague Cyberspy Defense Message-ID: Troubles Plague Cyberspy Defense By SIOBHAN GORMAN http://online.wsj.com/article/ SB124657680388089139.html#mod=todays_us_page_ WASHINGTON -- The flagship system designed to protect the U.S. government's computer networks from cyberspies is being stymied by technical limitations and privacy concerns, according to current and former national-security officials. The latest complete version of the system, known as Einstein, won't be fully installed for 18 months, according to current and former officials, seven years after it was first rolled out. This system doesn't protect networks from attack. It only raises the alarm after one has happened. A more capable version has sparked privacy alarms, which could delay its rollout. Since the National Security Agency acknowledged eavesdropping on phone and Internet traffic without warrants in 2005, security programs have been dogged by privacy concerns. In the case of Einstein, AT&T Corp., which would test the system, has sought written approval from the Justice Department before it would agree to participate, people familiar with the matter say. An AT&T spokesman declined to comment. The total cost of the system, designed to protect all nonmilitary government computers, is classified, but officials familiar with the program said the price tag was expected to exceed $2 billion. The Obama administration has made combating threats to the nation's computer networks a top priority. President Barack Obama recently called such attacks "one of the most serious economic and national security challenges" facing the country. Attacks on the government have been intensifying, and thousands of federal networks have been breached, including that of the Homeland Security Department, security officials say. Homeland Security officials say they are pressing ahead with deliberate speed. Because the program is the first of its kind, "we're trying to get things as right as possible," a senior Homeland Security official said. It takes time to get all the other government agencies on board, the official added, but their buy-in will lead to a more effective system in the long run. The Obama administration is now re-examining plans for a third iteration of Einstein to review its privacy protections and effectiveness, said Paul Kurtz, a cybersecurity specialist who led a review of the topic for President Obama's transition team. "The good news is, I think [the administration] appears to be taking a close look at how best to do this," Mr. Kurtz said. "The bad news is, while they work to figure it out, the security of our networks is not necessarily getting any better." Homeland Security spokeswoman Amy Kudwa described the various rollouts as "incremental improvements" designed also to protect privacy and civil liberties. "We don't want to let the perfect be the enemy of the good," she said. Many of these problems predate the Obama administration. The administration supports the objectives of the "comprehensive national cybersecurity initiative," said a White House official. Government officials say military computer systems are equipped with much stronger technology to deflect cyber intruders. The Homeland Security Department first developed Einstein in 2003, adapting technology from a Pentagon program that monitored military networks, according to former national-security officials. A voluntary program, it tracked Internet traffic flowing in and out of participating federal departments, such as the Transportation Department, and looked for abnormalities that might be cyberattacks. By 2007, portions of just 16 agencies had subscribed, according to the Government Accountability Office, the nonpartisan investigative arm of Congress. Despite the small takeup, the system failed to produce warnings that were "consistently actionable and timely," the GAO said. Armed with fresh funding from the Bush administration, officials started work on a new version, dubbed Einstein 2. It is supposed to detect known types of cyberattacks and immediately alert the cybersecurity center. The problem: Like its predecessor, it still can't detect or block sophisticated attacks that weren't previously known, said Stewart Baker, a former senior Homeland Security Department official. Homeland Security is the only department using it so far. Other departments and agencies plan to use Einstein 2 technology run by Homeland Security but based inside the networks of the nation's telecommunications companies. The government was concerned about how the public would react to its working with the phone company to monitor networks, and the move had to be cleared by a larger number of officials, Mr. Baker said. "It was purely a perception issue," he said. The NSA's warrantless wiretapping was done in coordination with phone companies. It will take 18 months to launch Einstein 2 across most of the government, a senior Homeland Security official said, and then 96 smaller agencies will follow. Plans are already under way for Einstein 3. As envisioned by the Bush administration, Einstein 3 would draw from an NSA program that automatically identifies and deflects security breaches, according to former officials familiar with the program. This version has raised bigger privacy issues because the technology has the ability to read the content of emails and other messages sent over government systems as it scans for attacks. Mr. Obama's transition team flagged Einstein 3 as a potential privacy concern, according to a person familiar with the discussions. When officials told members of the Senate Intelligence Committee about plans to use "active sensors," lawmakers balked because that sounded too much like spying, a senior intelligence official said, adding that the perception was incorrect. Homeland Security asked AT&T to test some of the technology that might be used for Einstein 3, a person familiar with the discussion said. The company demanded clearance from the Bush administration's Justice Department, this person said. But the pilot was delayed for a variety of technical and practical reasons and spilled over into the Obama administration, said a senior Homeland Security official. The Obama administration has approved the test, the official said. James Lewis, who directed a cybersecurity study at the Center for Strategic and International Studies, said cyber threats could be handled if the U.S. was able to monitor major Internet gateways into the country, scanning private traffic for security purposes only. Such a move would require changes to spying laws to permit scanning of routine traffic without an individual warrant. Some committees on Capitol Hill are considering that approach, but Congress may not have the appetite to reopen the topic after wrangling over spying rules for much of 2008. One alternative approach for Einstein 3 under consideration is to have telecommunications companies scan and block potential cyberattacks, said one former official familiar with the discussion. That might be combined with some of the scanning technology developed in the private sector and at the NSA. Carriers like AT&T already provide such services for many major companies. The Bush administration didn't pursue that route because of the potential political problems related to working closely with phone companies, government officials said. From rforno at infowarrior.org Fri Jul 3 20:52:07 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 3 Jul 2009 16:52:07 -0400 Subject: [Infowarrior] - LSE to abandon failed Windows platform Message-ID: July 1, 2009 - 1:20 P.M. London Stock Exchange to abandon failed Windows platform http://blogs.computerworld.com/london_stock_exchange_to_abandon_failed_windows_platform Anyone who was ever fool enough to believe that Microsoft software was good enough to be used for a mission-critical operation had their face slapped this September when the LSE (London Stock Exchange)'s Windows- based TradElect system brought the market to a standstill for almost an entire day. While the LSE denied that the collapse was TradElect's fault, they also refused to explain what the problem really wa. Sources at the LSE tell me to this day that the problem was with TradElect. Since then, the CEO that brought TradElect to the LSE, Clara Furse, has left without saying why she was leaving. Sources in the City- London's equivalent of New York City's Wall Street--tell me that TradElect's failure was the final straw for her tenure. The new CEO, Xavier Rolet, is reported to have immediately decided to put an end to TradElect. TradElect runs on HP ProLiant servers running, in turn, Windows Server 2003. The TradElect software itself is a custom blend of C# and .NET programs, which was created by Microsoft and Accenture, the global consulting firm. On the back-end, it relied on Microsoft SQL Server 2000. Its goal was to maintain sub-ten millisecond response times, real-time system speeds, for stock trades. It never, ever came close to achieving these performance goals. Worse still, the LSE's competition, such as its main rival Chi-X with its MarketPrizm trading platform software, was able to deliver that level of performance and in general it was running rings about TradElect. Three guesses what MarketPrizm runs on and the first two don't count. The answer is Linux. It's not often that you see a major company dump its infrastructure software the way the LSE is about to do. But, then, it's not often you see enterprise software fail quite so badly and publicly as was the case with the LSE. I can only wonder how many other Windows enterprise software failures are kept hidden away within IT departments by companies unwilling to reveal just how foolish their decisions to rely on archaic, cranky Windows software solutions have proven to be. I'm sure the LSE management couldn't tell Linux from Windows without a techie at hand. They can tell, however, when their business comes to a complete stop in front of the entire world. So, might I suggest to the LSE that they consider Linux as the foundation for their next stock software infrastructure? After all, besides working well for Chi-X, Linux seems to be doing quite nicely for the CME (Chicago Mercantile Exchange), the NYSE (New York Stock Exchange), etc., etc. From rforno at infowarrior.org Sat Jul 4 12:18:30 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 4 Jul 2009 08:18:30 -0400 Subject: [Infowarrior] - Appeals Court Revives the CFIT Anti-Trust Suit Against VeriSign Message-ID: <8A2E1C03-56D8-4241-9762-6BEE475B36CA@infowarrior.org> Appeals Court Revives the CFIT Anti-Trust Suit Against VeriSign Jun 05, 2009 4:19 PM PDT By John Levine http://www.circleid.com/posts/20090605_appeals_court_revives_cfit_anti_trust_suit_against_verisign/ Back in 2005 an organization called the Coalition for Internet Transparency (CFIT) burst upon the scene at the Vancouver ICANN meeting, and filed an anti-trust suit against VeriSign for their monopoly control of the .COM registry and of the market in expiring .COM domains. They didn't do very well in the trial court, which granted Verisign's motion to dismiss the case. But yesterday the Ninth Circuit reversed the trial court and put the suit back on track. In the decision [PDF], a three judge panel told the district court that the suit has enough basis to proceed. CFIT claims that VeriSign engaged in a variety of predatory conduct including financial pressure, astroturf lobbying, and vexatious lawsuits to get ICANN to renew the .COM agreement on very favorable terms, including what is in practice eternal renewal of the contract with annual price increases. As part of that process, VeriSign settled the suit, paid ICANN several million dollars, and promised never to lobby against ICANN again. In the 20 page decision, the appeals court basically said that CFIT's claims about the .COM renewal, the domain market, and the expiring domain market were plausible, crediting a brief from the Internet Commerce Association for explaining the expiring domain market to them. They note that an earlier case from 2001 that didn't find a separate market in expiring domains appears no longer relevant, since the domain market has evolved a lot since then. CFIT made similar claims about the .NET market, which the appeals court found less persuasive, so they instructed the trial court to look at them again and decide whether they should be dismissed or continue. But the case with respect to .COM definitely is going ahead. This suit could have a huge effect on the domain market, since there were credible bidders who said they could run the .COM registry for $3 per name, under half of what VeriSign charges. It is also a huge embarassment for ICANN, since it shows them to be inept, corrupt, or both when managing the .COM domain which, due to its dominance, is the most important thing they do. In the original version of the suit ICANN was a defendant, but they were dropped a few years ago so now they're just an uncomfortable observer. Perversely, if CFIT gets its way, ICANN could come out ahead. They get a fixed 20 cents per domain, unrelated to the $6.42 that VeriSign currently charges. If the price were to drop to $3, ICANN would still get their 20 cents, and presumably if the price were a lot lower, there'd be a lot more registrations. CFIT's attorney is Bret Fausett, who's been an active ICANN observer just about since the beginning, and gets great credit for this surprising reversal. CFIT themselves, despite their name, is about as opaque an organization as there is, having a broken web site and no other public presence I can find. A 2005 article in The Register by Kieren McCarthy (back when he was a journalist) claims it's funded by Rob Hall, founder of momentous.ca/pool.com, a large registrar that does a lot of business with domain speculators and provides a popular domain sniping service to grab expiring domains. Although I am not a great fan of the speculators, I'm no fan of VeriSign either, and I look forward to the progress of this suit, not the least for the interesting documents that are likely to appear in the discovery stage. From rforno at infowarrior.org Sat Jul 4 14:32:28 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 4 Jul 2009 10:32:28 -0400 Subject: [Infowarrior] - Paper: Quantum Crypto Network Message-ID: Received 25 March 2009 Published 2 July 2009 Abstract. In this paper, we present the quantum key distribution (QKD) network designed and implemented by the European project SEcure COmmunication based on Quantum Cryptography (SECOQC) (2004?2008), unifying the efforts of 41 research and industrial organizations. The paper summarizes the SECOQC approach to QKD networks with a focus on the trusted repeater paradigm. It discusses the architecture and functionality of the SECOQC trusted repeater prototype, which has been put into operation in Vienna in 2008 and publicly demonstrated in the framework of a SECOQC QKD conference held from October 8 to 10, 2008. The demonstration involved one-time pad encrypted telephone communication, a secure (AES encryption protected) video-conference with all deployed nodes and a number of rerouting experiments, highlighting basic mechanisms of the SECOQC network functionality. The paper gives an overview of the eight point-to-point network links in the prototype and their underlying technology: three plug and play systems by id Quantique, a one way weak pulse system from Toshiba Research in the UK, a coherent one-way system by GAP Optique with the participation of id Quantique and the AIT Austrian Institute of Technology (formerly ARCNote21 ), an entangled photons system by the University of Vienna and the AIT, a continuous-variables system by Centre National de la Recherche Scientifique (CNRS) and THALES Research and Technology with the participation of Universit? Libre de Bruxelles, and a free space link by the Ludwig Maximillians University in Munich connecting two nodes situated in adjacent buildings (line of sight 80 m). The average link length is between 20 and 30 km, the longest link being 83 km. The paper presents the architecture and functionality of the principal networking agent?the SECOQC node module, which enables the authentic classical communication required for key distillation, manages the generated key material, determines a communication path between any destinations in the network, and realizes end-to-end secure transport of key material between these destinations. The paper also illustrates the operation of the network in a number of typical exploitation regimes and gives an initial estimate of the network transmission capacity, defined as the maximum amount of key that can be exchanged, or alternatively the amount of information that can be transmitted with information theoretic security, between two arbitrary nodes. < - > http://www.iop.org/EJ/article/1367-2630/11/7/075001/njp9_7_075001.html From rforno at infowarrior.org Sat Jul 4 19:54:38 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 4 Jul 2009 15:54:38 -0400 Subject: [Infowarrior] - A Fourth of July Gift Message-ID: A Fourth of July Gift -- really a gorgeous tribute! http://oldbluewebdesigns.com/mybeautifulamerica.htm From rforno at infowarrior.org Mon Jul 6 01:43:32 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 5 Jul 2009 21:43:32 -0400 Subject: [Infowarrior] - Goldman Sachs pwnage and oops Message-ID: (c/o Lyger) This seems interesting if true: http://market-ticker.org/archives/1181-Goldman-Pwned.html " While most in the United States were celebrating the Fourth of July holiday, a Russian immigrant living in New Jersey was being held on federal charges of stealing secret computer trading codes from a major New York-based financial institution. Authorities did not identify the firm, but sources say that institution is none other than Goldman Sachs. The charges, if proven, are significant because the codes that the accused, Sergey Aleynikov, tried to steal are the secret sauce to Goldman's automated stock and commodities trading business. Federal authorities contend the computer codes and related-trading files that Aleynikov uploaded to a German-based website help this major financial institution generate millions of dollars in profits each year." [...] "Well give a damn they did this time, and the affidavit that Zerohedge has makes clear what they claim they've got this guy cold on - the "bash history" file they're referring to is a Unix system log that the "shell", or command interpreter, automatically keeps. Said alleged offender apparently was aware of this file and tried to erase it after doing his deed, but was unaware that the system he was working on had auditing enabled (oops.)" http://zerohedge.blogspot.com/2009/07/is-case-of-quant-trading-industrial.html I generally like Denninger's blogging, and this might have some effect on markets depending on how it plays out. *shrug* (more from Reuters: http://blogs.reuters.com/commentaries/2009/07/05/a-goldman-trading-scandal/) From rforno at infowarrior.org Mon Jul 6 02:02:12 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 5 Jul 2009 22:02:12 -0400 Subject: [Infowarrior] - Google's take on e-mail security Message-ID: <1D6839FD-23CC-4D16-A34F-1724A38502CD@infowarrior.org> July 1, 2009 8:00 AM PDT Postini: Google's take on e-mail security by Elinor Mills MOUNTAIN VIEW, Calif.--The computer security industry historically borrows military defense concepts to combat digital threats, literally creating war rooms where experts follow attacks in progress on huge screens with phones ringing off the hook. Not so at Google's Postini e-mail security service provider unit. Instead, computerized systems monitor 3 billion messages per day that flow in and out of customer systems and pass through Postini's thousands of machines in data centers around the U.S. and in Europe before hitting the Internet. The Postini system is highly automated, distributed, and scalable, characteristic of all of Google's operations. Google's Gmail antispam efforts are separate from those of Postini, which Google acquired two years ago, although it follows similar computerized operations and the teams have started to integrate the processes. < - > http://news.cnet.com/8301-1009_3-10276548-83.html From rforno at infowarrior.org Tue Jul 7 02:25:07 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 6 Jul 2009 22:25:07 -0400 Subject: [Infowarrior] - Goldman and "Fair" Market Manipulation Message-ID: <80D8B2FC-8B59-456A-9DE3-22CDAD4FF961@infowarrior.org> Sergio Posts Bond As Toxic Code Percolates In Cyberspace And Allows "Market Manipulation" Posted by Tyler Durden at 7:36 PM Now Bloomberg is finally on Sergio's case. Cutting to the chase, assistant U.S. Attorney Facciponti has some choice words: ?The bank has raised the possibility that there is a danger that somebody who knew how to use this program could use it to manipulate markets in unfair ways,? Facciponti said. ?The copy in Germany is still out there, and we at this time do not know who else has access to it.? < - > Not even going to attempt to elucidate in how many different ways the first sentence above is just...plain wrong. At least it is refreshing that none other than Goldman's own de facto attorney admits that the firm has created a piece of code that permits "market manipulation." When Goldman is the perpetrator, the manipulation is conveyed via "fair ways." And when the manipulator is someone else, the ways become "unfair." < - > http://zerohedge.blogspot.com/2009/07/sergio-posts-bond-as-toxic-code.html From rforno at infowarrior.org Tue Jul 7 12:08:27 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 7 Jul 2009 08:08:27 -0400 Subject: [Infowarrior] - Mirror of RIAA deposition of Tannenbaum Message-ID: <7639867B-4F17-4FC1-8E13-BD41AD8AFC0E@infowarrior.org> (Nesson does a great job here in keeping the RIAA hounds in check. But in moving to get this file 'off' the Internet, it shows that the RIAA clowns STILL don't understand the nature of the Internet or the Streissand Effect. Is it any wonder they're resorting to litigation to save their business models? They just don't know any better! Bravo to Charles Nesson! --rf ) 52MB MP3 Source: Thoughts on Joel Tenenbaum?s Deposition http://blogs.law.harvard.edu/cyberone/2008/09/25/thoughts-on-joel-tenenbaums-deposition/ 52MB file mirror: http://infowarrior.org/users/rforno/mirror/tennebaum-nesson.mp3 ==== Threat Level Privacy, Crime and Security Online RIAA Seeks Web Removal of ?Illegal? Court Recordings By David Kravets http://www.wired.com/threatlevel/2009/07/nesson/ The Recording Industry Association of America on Monday demanded a federal judge order Harvard University?s Charles Nesson to remove from the internet ?unauthorized and illegal recordings? of pretrial hearings and depositions in a file-sharing lawsuit headed to trial. ?Enough is enough. For the past five months, this court has repeatedly warned defense counsel regarding his insistence on engaging unauthorized and illegal recordings of counsel and proceedings in this case,? RIAA attorney Daniel Cloherty wrote (.pdf) U.S. District Judge Nancy Gertner of Massachusetts. Cloherty urged the court to sanction Nesson, the founder of the 12-year-old Berkman Center for Internet and Society at Harvard University. ?The idea that a court is being asked by them to order educational material to be removed from the Berkman Center for Internet and Society website seems a questionable intrusion both on my liberty and the public interest,? said Nesson in a telephone interview. ?I certainly don?t agree that I am violating any law.? The case concerns former Boston University student Joel Tenenbaum, who Nesson is defending in an RIAA civil lawsuit accusing him of file- sharing copyrighted music. Jury selection is scheduled in three weeks, in what is shaping up to be the RIAA?s second of about 30,000 cases against individuals to reach trial. The labels, represented by the RIAA, on Monday cited a series of examples in which they accuse Nesson of violating court orders and privacy laws by posting audio to his blog or to the Berkman site. Among them, they include: ? In a 2008 deposition of his client, ?a surreptitious recording,? that included ?confidential communications between the attorneys involved in the case.? ? A January telephone conversation between the judge and RIAA lawyers ?without the prior consent of participants.? ? The July 1 deposition of defense copyright expert John Palfrey, which Nesson was also simultaneously twittering. ? The July 2-3 deposition of defense peer-to-peer expert Johan Pouwelse, which Nesson is accused of videotaping. Judge Gertner, in February, issued an order in response to RIAA complaints about unauthorized recordings. ?The parties are advised that any such recording without permission of participants, as well as the broadcast of such communications, runs afoul? (pdf) of state law. On June 16, Gertner said such taping was a ?violation of the law.? Still, Nesson took Monday?s court filing in stride. At one point, he said he had been ?unaware? of the Massachusetts law requiring all parties of a communication consent to its recording. ?I have to say I was completely unaware of this Massachusetts law. When I dug into this thing, I am amazed to what it purports to be,? said Nesson, who is defending the Tenenbaum case for free. He labeled as ?gobbledygook? the felony privacy law that is punishable by up to five years in prison. ?That is so outrageously unconstitutional that I would prefer myself to honor the United States Constitution and take my chances that recording a conversation with a judge in a federal case and opposing lawyers is somehow in violation of a Massachusetts statute that makes me a felon,? Nesson said. Nesson, who has attempted but so far failed to get the upcoming trial and pretrial proceedings webcast, said the lawsuit?s proceedings should be in the public domain. ?I?m opening it up,? he said. ?That?s what I founded the Berkman Center to fight for.? From rforno at infowarrior.org Tue Jul 7 15:49:20 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 7 Jul 2009 11:49:20 -0400 Subject: [Infowarrior] - VideoLAN releases VLC 1.0.0 Message-ID: July 7, 2009 6:22 AM PDT VideoLAN releases VLC 1.0.0: Your media will never be the same by Matt Asay http://news.cnet.com/8301-13505_3-10280845-16.html?part=rss&subj=news&tag=2547-1_3-0-20 VideoLAN's VLC media player, arguably the world's best media player, hit version 0.9.9 in early April. Three months and more than 78 million downloads later, VideoLAN has announced VLC 1.0.0, or "Goldeneye." Your media will never be the same. In fact, with VideoLAN's VLC media player, it doesn't have to be. One of the amazing things about VLC is that it can play anything that you've ever even thought about playing. That random media format that one site in Ecuador requires--VLC likely plays it, while Windows Media, Apple QuickTime, etc. likely will not. This is, in part, a natural result of VLC's open-source heritage. Licensed under the GNU General Public License, VLC attracts a diverse array of developers with disparate media interests. Those interests translate into a media player that really can play every obscure media format I've ever thrown at it. (And in my hunger for Arsenal videos, I've found many different video formats that Windows Media, Apple QuickTime, etc. didn't know what to do with.) Here are a few of the features now available in VLC 1.0.0: ? Live recording ? Instant pausing and frame-by-frame support ? Finer speed controls ? New HD codecs (AES3, Dolby Digital Plus, TrueHD, Blu-ray Linear PCM, Real Video 3.0 and 4.0, ...) ? New formats (Raw Dirac, M2TS, ...) and major improvements in many formats ? New Dirac encoder and MP3 fixed-point encoder ? Video scaling in full screen ? RTSP Trickplay support ? Zipped file playback ? Customizable toolbars ? Easier encoding GUI in Qt interface ? Better integration in Gtk environments ? MTP devices on Linux ? AirTunes streaming I regularly use VLC to transcode media files, including files I originally streamed from the Web: If you don't have VLC, I encourage you to download it and give it a try. It really is an amazing media player, one that has far more tricks up its sleeve than the proprietary media player that came with your computer. From rforno at infowarrior.org Wed Jul 8 12:12:08 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 8 Jul 2009 08:12:08 -0400 Subject: [Infowarrior] - Google to offer Chrome desktop OS Message-ID: Google to Challenge Microsoft With Operating System (Update3) By Brian Womack http://www.bloomberg.com/apps/news?pid=20601087&sid=aVidrsL6yQYY# July 8 (Bloomberg) -- Google Inc., owner of the most- visited Internet search engine, plans to release a computer operating system to challenge the dominance of Microsoft Corp.?s Windows. The software will be based on the Chrome Web browser, Mountain View, California-based Google said in a blog post. It will be designed at first for low-cost laptops called netbooks. The company is in talks with partners on the project and computers running the software will be available in the second half of 2010, it said. Google?s new operating system aims to take on Microsoft?s flagship Windows product, which runs about 90 percent of the world?s personal computers. The plan escalates the two companies? rivalry, which extends to Web browsers, Internet search and business applications such as word-processing and spreadsheet programs. ?There is a possibility that the new OS can break the paradigm Microsoft and Intel created over the past 20 years,? said Yukihiko Shimada, a computer analyst at Mitsubishi UFJ Securities Co. in Tokyo. ?There is plenty of business opportunity for Google in this market.? Google said it?s working with computer makers to introduce a number of netbooks next year, without identifying any of the companies. The Chrome OS will be open-source, meaning the program code will be open to developers, Google said. The software will work on top of the Linux operating system. Netbook Competition Frank Shaw, a spokesman for Redmond, Washington-based Microsoft, declined to comment. Windows accounted for 28 percent of the company?s $60.4 billion annual revenue in the 12 months ended June 30, 2008. Microsoft has stepped up its efforts in the netbook market. It said in May it plans to remove a restriction of running three applications at a time on its forthcoming Windows 7 Starter Edition, which is designed for netbooks. The announcement eliminated one of the most significant differences between the basic edition of the operating system and a pricier one. Google rose 1.4 percent to the equivalent of $402.13 in German trading as of 11:00 a.m. in Frankfurt. Microsoft slipped 0.2 percent to the equivalent of $22.49. Google?s shares have climbed 29 percent in U.S. trading this year, while Microsoft has gained 16 percent. Online-Use Strategy Google?s Chrome OS is consistent with the company?s focus on getting people to use software online, unlike Microsoft?s traditional approach of providing software on the computer itself. Google started a business-software lineup in 2007 that lets users access services such as spreadsheets and word- processing documents via the Web, just as anyone might access the search engine or Google News. Getting more people online may help Google sell more advertising, which delivers more than 90 percent of its revenue. ?We hear a lot from our users and their message is clear - - computers need to get better,? Google said. ?The operating systems that browsers run on were designed in an era where there was no Web.? Computer makers such as Acer Inc. and Asustek Computer Inc. already have plans to offer computers running Android, an open- source operating system backed by Google and initially designed for mobile phones. Acer, the world?s second-largest laptop maker, said last month it plans to release a low-cost notebook powered by Android. Asustek Computer has also developed a netbook that runs on Google?s software. ?Creates More Options? ?Having another OS or another interface does create more options, and with the weight of the Google name behind it, does lift its prominence,? said Bryan Ma, a computer analyst at IDC in Singapore. Google said that while the Chrome OS is separate from Android, the two will overlap in some areas. The Chrome operating system is designed to save users from having to deal with viruses and security updates, Google said. ?Google Chrome OS is being created for people who spend most of their time on the Web, and is being designed to power computers ranging from small netbooks to full-size desktop systems,? Google said. ?While there are areas where Google Chrome OS and Android overlap, we believe choice will drive innovation for the benefit of everyone, including Google.? Consider ?Anything Beneficial? Tony Chen, chief operating officer of Asustek?s notebook unit said by phone the company will consider ?anything that?s beneficial to users.? Fujitsu Ltd. spokeswoman Nozomi Endo said the company will monitor market conditions before deciding whether to introduce products using Google?s operating system. Faith Brewitt, a Dell Inc. spokeswoman, and Hewlett-Packard Co. spokeswoman Liana Teo didn?t answer calls to their Singapore offices. Spokespeople for Acer, Sony Corp., Samsung Electronics Co., NEC Corp., Panasonic Corp., and Toshiba Corp., declined to comment. The Chrome OS -- which will run on traditional Intel Corp.- based x86 chips along with semiconductors designed by ARM Holdings Plc -- will work on lightweight netbooks along with more powerful computers, including desktop PCs, Google said. Google?s Chrome still faces an uphill battle against Microsoft?s browser. Chrome, which was unveiled last year, had 1.2 percent market share in February compared to 67 percent for Microsoft?s Internet Explorer, according to Net Applications, which tracks Web statistics. In May, Microsoft introduced a search engine called Bing that has enhanced shopping, travel and sorting features. Bing?s market share climbed to more than 10 percent in June, according to Comscore Inc. Google?s search engine is No. 1 in the U.S., holding more than 60 percent market share. Microsoft is No. 3 with less than 10 percent of the market in the U.S. during May, according to ComScore. To contact the reporter on this story: Brian Womack in San Francisco at Bwomack1 at bloomberg.net; Last Updated: July 8, 2009 06:18 EDT From rforno at infowarrior.org Wed Jul 8 12:16:02 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 8 Jul 2009 08:16:02 -0400 Subject: [Infowarrior] - IP OpEd from EU Pirate Party member Message-ID: <9BE9A43A-DADF-4386-8F8C-A35ACEA35128@infowarrior.org> Copyright laws threaten our online freedom By Christian Engstr?m Published: July 7 2009 18:10 | Last updated: July 7 2009 18:10 http://www.ft.com/cms/s/0/87c523a4-6b18-11de-861d-00144feabdc0.html (The writer is the Pirate party?s member of the European parliament) If you search for Elvis Presley in Wikipedia, you will find a lot of text and a few pictures that have been cleared for distribution. But you will find no music and no film clips, due to copyright restrictions. What we think of as our common cultural heritage is not ?ours? at all. On MySpace and YouTube, creative people post audio and video remixes for others to enjoy, until they are replaced by take-down notices handed out by big film and record companies. Technology opens up possibilities; copyright law shuts them down. This was never the intent. Copyright was meant to encourage culture, not restrict it. This is reason enough for reform. But the current regime has even more damaging effects. In order to uphold copyright laws, governments are beginning to restrict our right to communicate with each other in private, without being monitored. File-sharing occurs whenever one individual sends a file to another. The only way to even try to limit this process is to monitor all communication between ordinary people. Despite the crackdown on Napster, Kazaa and other peer-to-peer services over the past decade, the volume of file-sharing has grown exponentially. Even if the authorities closed down all other possibilities, people could still send copyrighted files as attachments to e-mails or through private networks. If people start doing that, should we give the government the right to monitor all mail and all encrypted networks? Whenever there are ways of communicating in private, they will be used to share copyrighted material. If you want to stop people doing this, you must remove the right to communicate in private. There is no other option. Society has to make a choice. The world is at a crossroads. The internet and new information technologies are so powerful that no matter what we do, society will change. But the direction has not been decided. The technology could be used to create a Big Brother society beyond our nightmares, where governments and corporations monitor every detail of our lives. In the former East Germany, the government needed tens of thousands of employees to keep track of the citizens using typewriters, pencils and index cards. Today a computer can do the same thing a million times faster, at the push of a button. There are many politicians who want to push that button. The same technology could instead be used to create a society that embraces spontaneity, collaboration and diversity. Where the citizens are no longer passive consumers being fed information and culture through one-way media, but are instead active participants collaborating on a journey into the future. The internet it still in its infancy, but already we see fantastic things appearing as if by magic. Take Linux, the free computer operating system, or Wikipedia, the free encyclopedia. Witness the participatory culture of MySpace and YouTube, or the growth of the Pirate Bay, which makes the world?s culture easily available to anybody with an internet connection. But where technology opens up new possibilities, our intellectual property laws do their best to restrict them. Linux is held back by patents, the rest of the examples by copyright. The public increasingly recognises the need for reform. That was why Piratpartiet ? the Pirate party ? won 7.1 per cent of the popular vote in Sweden in the European Union elections. This gave us a seat in the European parliament for the first time. Our manifesto is to reform copyright laws and gradually abolish the patent system. We oppose mass surveillance and censorship on the net, as in the rest of society. We want to make the EU more democratic and transparent. This is our entire platform. We intend to devote all our time and energy to protecting the fundamental civil liberties on the net and elsewhere. Seven per cent of Swedish voters agreed with us that it makes sense to put other political differences aside in order to ensure this. Political decisions taken over the next five years are likely to set the course we take into the information society, and will affect the lives of millions for many years into the future. Will we let our fears lead us towards a dystopian Big Brother state, or will we have the courage and wisdom to choose an exciting future in a free and open society? The information revolution is happening here and now. It is up to us to decide what future we want. The writer is the Pirate party?s member of the European parliament From rforno at infowarrior.org Wed Jul 8 13:20:26 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 8 Jul 2009 09:20:26 -0400 Subject: [Infowarrior] - TSA screening gets slammed by federal judge Message-ID: <8E5E1CBC-71A4-4356-8FDA-6A744828DE63@infowarrior.org> JULY 7, 2009, 11:14 P.M. ET Is Tougher Airport Screening Going Too Far? By SCOTT MCCARTNEY http://online.wsj.com/article/SB10001424052970204556804574261940842372518.html The Transportation Security Administration has moved beyond just checking for weapons and explosives. It?s now training airport screeners to spot anything suspicious, and then honoring them when searches lead to arrests for crimes like drug possession and credit- card fraud. But two court cases in the past month question whether TSA searches? which the agency says have broadened to allow screeners to use more judgment?have been going too far. A federal judge in June threw out seizure of three fake passports from a traveler, saying that TSA screeners violated his Fourth Amendment rights against unreasonable search and seizure. Congress authorizes TSA to search travelers for weapons and explosives; beyond that, the agency is overstepping its bounds, U.S. District Court Judge Algenon L. Marbley said. Two recent court cases question whether TSA searches have been going too far. ?The extent of the search went beyond the permissible purpose of detecting weapons and explosives and was instead motivated by a desire to uncover contraband evidencing ordinary criminal wrongdoing,? Judge Marbley wrote. In the second case, Steven Bierfeldt, treasurer for the Campaign for Liberty, a political organization launched from Ron Paul?s presidential run, was detained at the St. Louis airport because he was carrying $4,700 in a lock box from the sale of tickets, T-shirts, bumper stickers and campaign paraphernalia. TSA screeners quizzed him about the cash, his employment and the purpose of his trip to St. Louis, then summoned local police and threatened him with arrest because he responded to their questions with a question of his own: What were his rights and could TSA legally require him to answer? Mr. Bierfeldt recorded the encounter on his iPhone and the American Civil Liberties Union filed suit in June against Homeland Security Secretary Janet Napolitano, claiming in part that Mr. Bierfeldt?s experience at the airport was not an anomaly. ?Whether as a matter of formal policy or widespread practice, TSA now operates on the belief that airport security screening provides a convenient opportunity to fish for evidence of criminal conduct far removed from the agency?s mandate of ensuring flight safety,? the ACLU said in its suit. ?Mission Creep?? TSA said in a statement on the Bierfeldt incident that travelers are required to cooperate with screeners, and while it is legal to carry any amount of money when flying domestically, the agency believes cooperation includes answering questions about property. As a result of the recording, however, TSA determined that ?the tone and language used by the TSA employee was inappropriate and proper disciplinary action was taken.? The cases will likely inflame TSA critics and frequent travelers who believe screeners take a heavy-handed approach and worsen the hassle of getting through airports with layers of rules and sometimes inconsistent policies between different cities. ?TSA agents don?t get to play cops,? says Ben Wizner, an attorney who filed Mr. Bierfeldt?s suit. The ACLU has heard an increasing number of reports of TSA agents involved in what he called ?mission creep,? he says. TSA spokesman Greg Soule says airport screeners are trained to ?look for threats to aviation security? and discrepancies in a passenger?s identity. TSA says verifying someone?s identity, or exposing false identity, is a security issue so that names can be checked against terrorism watch lists. Large amounts of cash can be evidence of criminal activity, Mr. Soule says, and so screeners look at the ?quantity, packaging, circumstances of discovery or method by which the cash is carried.? Questioning travelers is part of TSA?s standard procedures, and the agency gives its employees discretion. ?TSA security officers are trained to ask questions and assess passenger reactions,? Mr. Soule says. ?TSA security officers may use their professional judgment and experience to determine what questions to ask passengers during screening.? No one questions arrests made after TSA runs into evidence of drugs or other crimes during weapons searches. A bulge in baggy pants can be investigated, for example, because it might be an explosive. If it turns out to be cocaine, TSA is expected to report it to police or Drug Enforcement Agency officials. But once TSA has determined that someone doesn?t have weapons or explosives, agents sometimes keep searching?leading some legal experts to wonder whether questioning people about how much cash they?re carrying, the number of credit cards they have and even prescription drugs in their bags stretches the intent of airport security law. Congress charged TSA with protecting passengers and property on an aircraft ?against an act of criminal violence or aircraft piracy? and prohibited individuals from carrying a ?weapon, explosive or incendiary? onto an airplane. Without search warrants, courts have held that airport security checks are considered reasonable if the search is ?no more extensive or intensive than necessary? to detect weapons or explosives. In testimony to Congress last month, Gale D. Rossides, acting TSA administrator, said the agency had moved past simply trying to intercept guns, knives and razor blades to ?physical and behavioral screening to counter constantly changing threats.? Every screener has completed a 16-hour retraining that ?provides the latest information on intelligence, explosives detection and human factors affecting security,? she said. ?We have revised our checkpoint Standard Operating Procedures to enable officers to use their judgment appropriately in achieving sensible security results.? In the fake passport case, a man named Fode Amadou Fofana used a valid driver?s license with his real name at a Columbus, Ohio, TSA checkpoint. Because he had purchased his ticket for a flight at the airport just before departure, he was flagged for secondary screening. He didn?t set off metal detectors and TSA?s X-ray equipment didn?t see anything suspicious, according to court testimony. The bags were swabbed for explosive residue and did not trigger any alarms. TSA agents opened the bags and searched inside because he was selected for extra screening. According to the judge?s ruling, the TSA agent involved testified that she had been instructed to search for suspicious items beyond weapons and explosives and to ?be alert for anything that might be unlawful for him to possess, such as credit cards belonging to other people, illegal drugs or counterfeit money.? The agent found envelopes with cash, which she considered suspicious. Three other envelopes had something more rigid than dollar bills. She testified she didn?t believe there were weapons inside, but opened them looking for ?contraband? and found three fake passports. Limiting Searches Judge Marbley said the TSA had no authority to open the envelopes. In his ruling, he said prior cases clearly established that airport security searches should be aimed only at detecting weapons or explosives. ?A checkpoint search tainted by ?general law enforcement objectives? such as uncovering contraband evidencing general criminal activity is improper,? the judge wrote.The U.S. Attorney?s Office in Columbus has filed notice that it will appeal the judge?s order. Mr. Bierfeldt?s suit, filed in U.S. District Court in the District of Columbia, seeks to bar TSA from ?conducting suspicion-less pre-flight searches of passengers or their belongings for items other than weapons or explosives.? Mr. Bierfeldt, who was released by TSA after an official in plain clothes saw political materials in his bag and asked if the cash was campaign contributions, said he just wants to save others from harassment by TSA. ?It?s the principle of the matter,? he said. ?I didn?t break any laws and was no threat.? Write to Scott McCartney at middleseat at wsj.com From rforno at infowarrior.org Thu Jul 9 00:12:05 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 8 Jul 2009 20:12:05 -0400 Subject: [Infowarrior] - Lazy Hacker and Little Worm Set Off Cyberwar Frenzy Message-ID: Threat Level Privacy, Crime and Security Online Lazy Hacker and Little Worm Set Off Cyberwar Frenzy ? By Kim Zetter ? July 8, 2009 | ? 6:26 pm | http://www.wired.com/threatlevel/2009/07/mydoom/ Talk of cyberwar is in the air after more than two dozen high-level websites in the United States and South Korea were hit by denial-of- service attacks this week. But cooler heads are pointing to a pilfered five-year-old worm as the source of the traffic, under control of an unsophisticated hacker who apparently did little to bolster his borrowed code against detection. Nonetheless, the attacks have launched a thousand headlines (or thereabouts) and helped to throw kindling on some long-standing international political flames ? with one sworn enemy blaming another for the aggression. Welcome to the New World Order of cybersecurity. As reported by numerous media outlets this week, websites belonging to the White House, Department of Homeland Security, U.S. Secret Service, National Security Agency, Federal Trade Commission, Department of Defense and the State Department, as well as sites for the New York Stock Exchange and Nasdaq were hit by denial-of-service attacks over the July 4th holiday weekend. The Washington Post website was also reportedly affected by the attacks, launched by a botnet of more than 50,000 computers in several countries (mostly China, South Korea and Japan, according to Whois records) controlled by the hacker. Then on Tuesday, at least 11 sites in South Korea, including sites for the Ministry of Defense and the presidential Blue House, were also targeted, leading the Associated Press to publish a story prominently quoting anonymous South Korean intelligence officials blaming the attacks on North Korea. Security experts who examined code used in the attack say it appears to have been delivered to machines through the MyDoom worm, a piece of malware first discovered in January 2004 and appearing in numerous variants since. The Mytob virus might have been used, as well. Both programs infect PCs running various versions of the Windows operating system. MyDoom is delivered through an infected e-mail attachment and was spread through the Kazaa file-sharing network when it first came out. Once a user clicks on the attachment, the worm roots through the victim?s e-mail contact list and mails itself to everyone on the list. The initial malware in 2004 was programmed to launch a denial-of-service attack against a site for the SCO Group, which had filed an intellectual property suit against IBM over its alleged use of Linux code. The attack was programmed to launch February 1, 2004 and end February 12, sending a request to the website every millisecond. MyDoom was considered the fastest-spreading worm at the time. In the recent attack, experts say the malware used no sophisticated techniques to evade detection by anti-virus software and doesn?t appear to have been written by someone experienced in coding malware. The author?s use of a pre-written worm to deliver the code also suggests the attacker probably wasn?t thinking of a long-term attack. ?The fact that it?s using older threats isn?t a terribly stealthy attack,? says Dean Turner, director of Symantec?s Global Intelligence Network. ?And the fact that it?s re-using code could indicate that somebody put it together in a hurry or that, as with most DDoS attacks, their purpose is mostly nuisance. It didn?t require a degree in rocket science to pull that stuff together.? Although he acknowledges that, given the length of time this attack has continued, it?s ?pretty significant.? Joe Stewart, a security researcher at SecureWorks says the code he examined, which was written in Visual C++, was compiled on July 3, two days before the first attacks. Although Stewart says analysis of the attack is still in its early stages, he concurs that the attacker?s motivation was fairly routine. ?Usually you see a DDoS attack against one or two sites and it will be for one of two reasons ? they have some beef with those sites or they?re trying to extort money from those sites,? he says. ?To just attack a wide array of government sites like this, especially high- profile, just suggests that maybe the entire point is just to get attention to make some headlines rather than to actually do any kind of damage.? Denial-of-service attacks are one of the least sophisticated kinds of attacks a hacker can launch and have been around for nearly as long as e-commerce. But their strength and reach has increased since the advent of botnets ? where hackers take control of thousands of machines by getting users to inadvertently click on files containing malware that allows them to remotely control the machines. The hackers then use the machines to launch attacks on websites. The only reason this one seems to have caught the public eye is because so many government sites were targeted at once. ?The breadth of the attack is unusual,? Stewart says. The malware is designed to contact various servers to obtain new lists of targets. The first list had only five targets ? all U.S. government sites. A second list used by the malware on July 6 had 21 targets, all U.S. government and commercial sector sites, including e-commerce and media sites. A list on the 7th switched out some of the U.S. sites for ones in South Korea. The total number of sites known to be targeted so far is 39, Stewart says, although the list could be augmented as the days pass. Not all the sites were crippled by the attack. Most of the U.S. sites recovered quickly, but a site for the Federal Trade Commission, Department of Transportation and Secret Service continued to have problems for a day or more. The Department of Homeland Security, which oversees the U.S. Computer Emergency Response Team, said in a statement that as of last night, all federal websites were back up and running. Spokeswoman Amy Kudwa also said that US-CERT had issued a notice to federal departments and agencies advising them of steps to take to help mitigate against such attacks. ?We see attacks on federal networks every single day, and measures in place have minimized the impact to federal websites,? she said. ?US- CERT will continue to work with its federal partners and the private sector to address this activity.? From rforno at infowarrior.org Thu Jul 9 12:42:23 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 9 Jul 2009 08:42:23 -0400 Subject: [Infowarrior] - Wal-Mart Twitter Policy Message-ID: <916CAB43-5269-4D1B-90F3-1E6309F57A35@infowarrior.org> Wal-Mart's Twitter Account Comes with a 3,379-word Terms of Use Agreement Posted by Xeni Jardin, July 8, 2009 8:24 PM | http://www.boingboing.net/2009/07/08/wal-marts-twitter-ac.html Only lawyers, EULA collectors and legal obsessives will find this funny, but it cracked me up: care to access the 140-character pearls of wisdom streaming forth from Wal-Mart's Twitter account? Well, first you have to agree to the 3,379-word Terms of Use agreement that comes with it. I know, I know, a lot of big corporate entities on social networking sites likely put forth equally verbose TOUs, but -- a "Twitter Discussion Policy"? Awesome overkill. It all starts here. (via @zephoria) From rforno at infowarrior.org Thu Jul 9 12:47:34 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 9 Jul 2009 08:47:34 -0400 Subject: [Infowarrior] - OT: Political (theological) opportunism? Message-ID: <9F62E257-6FB6-4379-84F2-D20D5069F026@infowarrior.org> Political (or theological) opportunism, anyone? -rick Pope urges 'world authority' to govern economy, finance http://latimesblogs.latimes.com/money_co/2009/07/pope-benedict-xvi-is-offering-a-solution-for-what-ails-the-global-economy-a-true-world-political-authority-to-manage-it-al.html From rforno at infowarrior.org Thu Jul 9 18:47:57 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 9 Jul 2009 14:47:57 -0400 Subject: [Infowarrior] - Amusing MS video Message-ID: <234DCAB3-3D1E-47BD-9E8B-95DE2936B060@infowarrior.org> Redmond's video trailer for Office 2010. An amusing waste of 2 minutes of my lunch hour today. :) QOTD: "It's somewhere between "Arial" and "Wingdings." LOL http://news.cnet.com/8301-13860_3-10282944-56.html From rforno at infowarrior.org Thu Jul 9 23:46:34 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 9 Jul 2009 19:46:34 -0400 Subject: [Infowarrior] - DC Police Chief Says It's 'Cowardly' To Monitor Speed Traps With Your iPhone Message-ID: <8E6B240A-2E0A-4437-8A83-1AB23D752366@infowarrior.org> (If the local jurisdictions around here didn't rely on these things FOR REVENUE they'd not be so popular. Yet they continue to proliferate and their dubious employments continue --rf) Police chief denounces 'cowardly' iPhone users monitoring speed traps By: Hayley Peterson Examiner Staff July 7, 2009 http://www.washingtonexaminer.com/local/Devices-that-warn-drivers-of-speed_-red-light-cameras-draw-police-ire-7930619-50074717.html Area drivers looking to outwit police speed traps and traffic cameras are using an iPhone application and other global positioning system devices that pinpoint the location of the cameras. That has irked D.C. police chief Cathy Lanier, who promised her officers would pick up their game to counteract the devices, which can also help drivers dodge sobriety checkpoints. "I think that's the whole point of this program," she told The Examiner. "It's designed to circumvent law enforcement -- law enforcement that is designed specifically to save lives." The new technology streams to i-Phones and global positioning system devices, sounding off an alarm as drivers approach speed or red-light cameras. Lanier said the technology is a "cowardly tactic" and "people who overly rely on those and break the law anyway are going to get caught" in one way or another. The greater D.C. area has 290 red-light and speed cameras -- comprising nearly 10 percent of all traffic cameras in the U.S., according to estimates by a camera-tracking database called the POI Factory. Lanier said the cameras have decreased traffic deaths. Red-light and speed cameras have been a hot topic in Montgomery County since Maryland Gov. Martin O'Malley signed a bill in May allowing local governments to place speed cameras in school and highway construction zones. Montgomery County police did not respond to calls and e-mails for this story. Ralph Ganoe of Silver Spring said he uses detection software from a Washington-based company, PhantomAlert, to avoid speed traps and crowded intersections. "Well, my pocket has money in it," Ganoe quipped, when asked about the software's impact on his driving record. "Everybody's got a heavy foot. ... Now I don't have to worry about where [the cameras] are at." PhantomAlert mimics radar detectors ? which are outlawed in D.C. and Virginia ? by alerting drivers of nearby enforcement "points of interest" via global positioning system devices. PhantomAlert keeps up to date on traffic enforcement through its users, who contribute information online. Founder and CEO of PhantomAlert Joe Scott claimed nine out of 10 police departments across the country support his software. "If police come against us, it's going to make them look like they are only [after] revenue" from the camera-generated citations, he said. Photo radar tickets generated nearly $1 billion in revenues for D.C. during fiscal years 2005 to 2008. In the current fiscal year, Montgomery County expects to make $29 million from its red light and speed cameras. Lanier said efforts to outlaw the software would be too difficult. She said, "with the Internet and all the new technology, it's almost impossible to stop the flow of information." From rforno at infowarrior.org Fri Jul 10 03:33:26 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 9 Jul 2009 23:33:26 -0400 Subject: [Infowarrior] - The Crack Cocaine of Auction Sites Message-ID: <7F4ABEFD-3766-4D87-A87A-9EAC961CD442@infowarrior.org> The Crack Cocaine of Auction Sites By mark.gimein Created 07/07/2009 - 5:11pm Source URL: http://www.thebigmoney.com/articles/money-trail/2009/07/07/crack-cocaine-auction-sites Swoopo.com is the most efficient, addictive way to separate people from their money. Imagine for a second that you set out to come up with an online shopping site that would take advantage of everything we've come to know about consumer behavior to separate people from their money in as efficient a way as possible. What would you do? Well, you'd probably try to draw buyers in with bargain prices. You'd pit them against one another in an auction. You'd ask them to make snap decisions without taking much time to figure out just how much money they're spending. On top of that, you'd ask them for only very small amounts of money at any one time, letting payments of a few cents build up to hundreds of dollars. Still trying to figure out how you'd put all that together? You can relax. Someone's already beaten you to it: the folks at Swoopo.com [3]. It's an online auction site that fiendishly plays on every irrational impulse buyers have to draw them in to what might be the crack cocaine of online shopping sites. I discovered Swoopo, as many people do, through an online ad plugging its latest deal, a fancy desktop computer at more than 90 percent off. I don't actually need a new computer, but the words "90 percent off" have traditionally exerted a powerful pull on my family that no number of never-worn double-breasted suits has ever been totally able to alleviate. You say "90 percent off," and I click. If you are already saying to yourself that surely there is a catch, you are right. Smarter people than me see a site that sells a MacBook Pro for $35.86 or a Nikon digital SLR for $16.03 and turn away, knowing that the bigger the "free lunch" sign is, the more it's going to wind up costing. Trust that impulse, because Swoopo, which bills itself as an "entertainment shopping" site, combines the addictiveness of auctions and the chance element of lotteries into what may be the most devious way to dig into your wallet yet devised. At first glance, Swoopo.com?which started its life in Germany as a phone and TV-based auction site called Telebid [4], migrated to the Web as "Swoopo," and launched its U.S. site last year?looks like an auction site patterned on eBay [5] (EBAY), with prices for most items starting at a penny and rising as members "bid" up the price. Like Ebay, Swoopo has a full panoply of auction tools, such as comprehensive records of all the completed auctions and an electronic bidding system ("Bid Butler") that will put in last-second bids to keep you in the auction. Unlike eBay, however, on Swoopo you need to pay 60 cents each time you make a bid. Sixty cents? Sure doesn't sound like much when getting a $1,000-plus camera or computer is at stake. Delve into this a bit, though, and you might be stunned at just what that small charge for each bid leads to. Consider the MacBook Pro that Swoopo sold on Sunday for that $35.86 [6]. Swoopo lists its suggested retail price at $1,799; judging by the specs, you can actually get a similar one online from Apple [7] (AAPL) for $1,349, but let's not quibble. Either way, it's a heck of a discount. But now look at what the bidding fee does. For each "bid" the price of the computer goes up by a penny and Swoopo collects 60 cents. To get up to $35.86, it takes, yes, an incredible 3,585 bids, for each of which Swoopo gets its fee. That means that before selling this computer, Swoopo took in $2,151 in bidding fees. Yikes. In essence, what your 60-cent bidding fee gets you at Swoopo is a ticket to a lottery, with a chance to get a high-end item at a ridiculously low price. With each bid the auction gets extended for a few seconds to keep it going as long as someone in the world is willing to take just one more shot. This can go on for a very, very long time. The winner of the MacBook Pro auction bid more than 750 times, accumulating $469.80 in fees. Some winners do wind up with good deals. A few, on the other hand, wind up paying almost as much in bid fees as the item they're angling for was worth in the first place. Meanwhile, the losers can shell out hundreds of dollars in bidding fees before throwing in the towel, and end up with nothing. What makes Swoopo so fiendishly addictive is the tendency of people to think of the bids that they have already put in as a "sunk cost"?money that they have already put toward buying the item. This is an illusion. The fact that you have already bid 200 times does not mean that your chance of winning on the 201st bid is any higher than it was at the very beginning. A new bidder can come in at any time and at the cost of a mere 60 cents jump into the auction in which you've already spent more than 100 bucks. The money you've put in has gotten you no closer to the goal than a losing raffle ticket. If this doesn't seem crazy to you yet, then maybe one more devilish bit will do it. Not only can you bid on computers, cameras, and other consumer products on Swoopo, but Swoopo also auctions off packs of Swoopo bids! Hilariously?or worryingly, depending on where you stand? those "Bid Packs" themselves sometimes wind up bringing in more in bidding fees than their face value. (That's not super-obvious: It can take a little math, but if you want to do that you can look at this pack of 75 bids [8]?a "$45 value"?on which Swoopo may have taken in more than $85 in bidding charges, plus the final $17.16 closing price.) Some of the ideas behind Swoopo have already been explored in a theoretical way by game theorists?check out this description of the "Dollar Auction [9]," in which two players bidding on a dollar bill raise their bids by a penny at a time to stay in the game and end up paying more than a buck each. Other ideas behind Swoopo, like the reluctance of bidders to say goodbye to their "sunk cost," have been explored by economists such as Daniel Kahneman and Amos Tversky [10]? and have been found to draw bidders deeper into the game. Swoopo?which recently got backing from a prestigious venture capital firm [11] that should be ashamed of itself?plays off those insights to efficiently get people to make bad choices. It's the evil bastard child of game theory and behavioral economics. The thing about Swoopo is that the devil here lies deep, deep in the details. Unless you're willing to do a bunch of math, it's easy not to notice that Swoopo is taking in a lot more for most of its high-ticket items than the price you'd pay in a store. Even after you've done the math, Swoopo can still seem oddly compelling. One more irrational impulse Swoopo caters to is an urge to believe that there must be some strategy that beats the system. As Swoopo's own business development director, Chris Bauman, told one blogger [12]: "Winning takes two things: money and patience. Every person has a strategy." Indeed, he undoubtedly does. The problem is that, as with the gambling systems peddled by countless books, none of those strategies will actually work. Just remember that no matter how many times you bid, your chance of winning does not increase. And the bigger Swoopo gets, the worse it will be. The more people sign on to bid, the lower your chances become?and the more Swoopo collects in bidding charges. The only winning strategy is not to play in the first place. Still not convinced? Try going to Swoopo and watching the end of one of their auctions. As I wrapped up this story, I kept my eye on one another MacBook [13]?a recently discontinued model that Swoopo says is worth $1,299 (though it's available for $1,099 from other sites). I thought that maybe I'd given Swoopo too hard a time and the MacBook Pro I'd started with was as bad as it got. It's not. I kept setting down how much Swoopo had gotten in fees for this auction, but each time I'd finished calculating a number?$2,500, $2,600, $2,700?I'd turn back to my browser to find that the auction was still going, and Swoopo was still raking in fees for 60 cents a pop. Finally, I gave up when it became clear that Swoopo could make money faster than I could count it. As I wrote this sentence, Swoopo's bidding fees on this one auction had gotten over the $3,000 mark. And they were still rising fast. ? 2008-2009 Washington Post.Newsweek Interactive ? All rights reserved. Source URL: http://www.thebigmoney.com/articles/money-trail/2009/07/07/crack-cocaine-auction-sites Links: [1] http://www.thebigmoney.com/sites/default/files/090707_TBM_SwoopoArticle.jpg [2] http://www.thebigmoney.com/sites/default/files/TBM_090708_SwoopoCover.jpg [3] http://www.swoopo.com/ [4] http://www.10yetis.co.uk/releases/swoopo.html [5] http://www.thebigmoney.com/search/quotemedia/ebay [6] http://www.swoopo.com/auction/apple-macbook-pro-mb991ll-a-13-3-inch-la/192652.html [7] http://www.thebigmoney.com/search/quotemedia/AAPL [8] http://www.swoopo.com/auction/75-bids-voucher/195364.html [9] http://en.wikipedia.org/wiki/Dollar_auction [10] http://books.google.com/books?id=P5GsREMbUmAC&lpg=PP1&pg=PA276 [11] http://augustcapital.typepad.com/news/2009/04/august-capital-invests-in-swoopo.html [12] http://www.gadgetell.com/tech/comment/gadgetell-interview-swoopo-speaks/ [13] http://www.swoopo.com/auction/apple-macbook-mb466ll-a-13-3-inch-laptop/194388.html [14] http://www.thebigmoney.com/users/markgimein From rforno at infowarrior.org Fri Jul 10 03:37:40 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 9 Jul 2009 23:37:40 -0400 Subject: [Infowarrior] - New TLDs to add to confusion... Message-ID: www.thosenewdomainnames.areforsuckers Soon you'll be able to buy any top-level domain you want: .yourname, .america, .whatever. Don't do it.By Farhad Manjoo Posted Tuesday, July 7, 2009, at 6:25 PM ET http://www.slate.com/id/2222408/ In 1996, Microsoft bought the domain Slate.com from a guy named John Slate. Back in the early days of the Web, it paid to have a snazzy dot- com name to call your own. In conversation, the proper noun slate can refer to, among other things, a restaurant in Maine; a furniture- design studio in Illinois; a turkey breed; a private-party venue in New York; the student newspaper of Pennsylvania's Shippensburg University; or a Web magazine founded by Microsoft. Humans can usually figure out which of these Slates you're referring to based on the context, but computers weren't that smart?whichever one of those institutions pounced on Slate.com would get a boost in traffic from browsers looking for all those other slates. As a consequence of this same-name problem, scores of domain-name lawsuits have flared up over the years, as have attempts to game the system. "Cybersquatters" could once make good money by buying up domains that were similar to those of organizations with deep pockets and then selling them back to the organizations at huge premiums. (That wasn't the case with John Slate; Microsoft's lawyers propositioned him without revealing that they worked for the software giant.) Now ICANN, the international body in charge of domain names, says it has a way to rid the Web of cybersquatting. Late last month, the group voted to create Web addresses that end in a much wider variety of letters than .com, .org, .net, and the dozens of country-specific suffixes that are currently available. When the proposal goes into effect later this year, businesses, municipalities, and other large organizations will be able to purchase domains of their own creation. The city of New York could buy its own suffix?to get to a city site, you'd type Police.nyc or Fire.nyc, and you'd e-mail Michael Bloomberg at Mayor at cityhall.nyc. Companies might do something similar: Twitter could register .twitter and give each of its users a quicker way to get to their pages?Fmanjoo.twitter instead of Twitter.com/fmanjoo. And even though ICANN plans to prohibit some top-level domains on moral grounds, the adult industry is expected to scoop up lots of names, from .xxx to .escort to .2girls1cup. ICANN argues that adding new descriptive domains will reduce the chance for confusion. Slate design studio in Illinois, for instance, could buy Slate.illinois or Slate.furniture, creating an online identity separate from that of this magazine. And while cybersquatting is already prohibited by trademark law in many countries, including the United States, ICANN promises to implement a strict international review process to prevent miscreants from registering names that they shouldn't own. Only Facebook will be allowed to manage the .facebook domain, for example, and if someone tries to buy Slate.webmagazine, Slate's lawyers will be able to shut it down in a jiffy. But ICANN's plan comes about five years too late?cybersquatting isn't a problem anymore. Indeed, ICANN's plan to sell all these new top- level domains at very high prices?tens of thousands of dollars or more? seems like a scam, because domain names themselves just don't matter that much nowadays. Web browsers have gotten a lot smarter since the 1990s, and they're now pretty good at determining what we want when we type in names that have many possible meanings. If you're a fan of the Slate private-party venue in New York and visit its site often, you've just got to type S-L-A into your browser's address bar and the site will pop up in a drop-down list. That Slate would be foolish to pay very much to buy Slate.party. What's more, lots of people now abandon the address bar entirely and rely, instead, on search engines to get around the Web. How do folks get to Match.com? According to Web traffic analysts, people type Match.com into Google and then click the top result. Are these people stupid? No, they're smart: It takes a lot of work to remember every company's exact domain name (is General Motors at GM.com or GeneralMotors.com or General-Motors.com?) and it's much faster to let Google keep track. Chrome, Google's Web browser, combines the address bar and search bar into a single field, which lets you use search terms as Web addresses. You don't have to remember Josh Marshall's long URL?Talkingpointsmemo.com?to get to his blog. Just type in josh marshall, and Chrome displays Google's top results. To be sure, cybersquatters are still plying their trade, and according to trademark experts commissioned by ICANN (PDF), domain-name disputes have lately been on the rise. At the same time, though, you see Web sites getting much more adventurous in the domain names they pick?look at the Lolcats site Icanhascheezburger.com or the social-bookmarking site Del.icio.us (which later changed its name to Delicious.com). These names suggest a nonchalance about URLs. It no longer matters whether a domain name is really long or has an unconventional spelling; people will be able to find it, anyway. And for cybersquatters, there are now other places to play. Social- networking sites are now the Web's biggest properties, so getting your identity on Facebook or Twitter has become much more important than getting a good domain. Recently Facebook offered its users vanity URLs? e.g., www.facebook.com/farhad.manjoo?on a first-come, first-served basis; the addresses were snapped up at a rate of more than 500 per second. Twitter, meanwhile, has become a haven for imposters. The site has had to close down accounts impersonating Exxon Mobil, Kanye West, and my colleague Emily Bazelon, among many others. Twitter has vowed to become more vigilant in its fight against poseurs, and surely it will implement a plan to do so. Because Twitter has total control over its names, it can deal with squatters much more quickly than is possible on the domain-name system, which is administered by thousands of registrars across the world. But squatters wouldn't get very far even if Twitter never got its act together. Last year, someone got on Twitter and began tweeting as Shaquille O'Neal. When the real Shaq got wind of the faker, he didn't offer to pay for his identity; rather, he set up another name? The_Real_Shaq?and set the record straight. Now, it no longer matters that Shaq doesn't own his Twitter name; when you Google Shaq Twitter, The_Real_Shaq comes up first (he's got more than 1.5 million followers). We all should follow Shaq's example?don't ever pay for a screen name or a domain name again. Farhad Manjoo is Slate's technology columnist and the author of True Enough: Learning To Live in a Post-Fact Society. You can e-mail him at farhad.manjoo at slate.com and follow him on Twitter. Article URL: http://www.slate.com/id/2222408/ From rforno at infowarrior.org Fri Jul 10 11:45:21 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 10 Jul 2009 07:45:21 -0400 Subject: [Infowarrior] - Yahoo Announces It Will Shut GeoCities Message-ID: <2E037546-AFAE-4CA9-8E5E-0CE6421BE612@infowarrior.org> Friday July 10, 2009 Yahoo Announces It Will Shut GeoCities http://www.appscout.com/2009/07/yahoo_announces_it_will_shut_g.php The Google search result I got around a minute ago was headlined "Yahoo! GeoCities: Get a web site with easy-to-use site building tools." That's gonna change. GeoCities is closing on October 26, 2009. On October 26, 2009, your GeoCities site will no longer appear on the Web, and you will no longer be able to access your GeoCities account and files. If you'd like to move your web site, or save the images and other files you've posted online, please act now by downloading your files or upgrading to Yahoo! Web Hosting. For many GeoCities was where our first website lived. It could also be considereed one of the web's first communities. Originally divided into neighborhoods (which seemed reminiscent of the worst of California tract housing), it was a place where you could attempt to communicate with the world on a static page you got for free. Later the neighborhoods gave way to a more modern, easier and meaningful: www.geocities.com/username . With limited tools, obtrusive banner ads and tight bandwidth limitations a popular site risked getting throttled and living out Yogi Berra's admonition, "No one goes there anymore - it's too crowded." I can't remember the last time I saw a live GeoCities page. Yahoo! is the current proprietor of the site--a business they purchased in the late 90s for nearly $3.6 billion. Seriously, what were they thinking? They're suggesting GeoCities' users move to Yahoo! Web Hosting. It's one last try to get some cash out of the site. How sadly final of Yahoo to say "GeoCities site will no longer appear on the Web." The name GeoCities will continue bring back fond memories for lots of the web's early adopters, but like the recent Compuserve announcement most of us thought it was already gone! From rforno at infowarrior.org Fri Jul 10 12:21:48 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 10 Jul 2009 08:21:48 -0400 Subject: [Infowarrior] - The Man Nobody Wanted to Hear Message-ID: <5A3606DB-F0A6-406F-803B-8F2DCB78CD99@infowarrior.org> (c/o CS) THE MAN NOBODY WANTED TO HEAR Global Banking Economist Warned of Coming Crisis By Beat Balzli and Michaela Schiessl William White had a pretty clear idea of what he wanted to do with his life after shedding his pinstriped suit and entering retirement. White, a Canadian, worked for various central banks for 39 years, most recently serving as chief economist for the central bank for all central bankers, the Bank for International Settlements (BIS), headquartered in Basel, Switzerland. Then, after 15 years in the world's most secretive gentlemen's club, White decided it was time to step down. The 66-year-old approached retirement in his adopted country the way a true Swiss national would. He took his money to the local bank, bought a piece of property in the Bernese Highlands and began building a chalet. There, in the mountains between cow pastures and ski resorts, he and his wife planned to relax and enjoy their retirement, and to live a peaceful existence punctuated only by the occasional vacation trip. That was the plan in June 2008. And now this. White is wearing his pinstriped suits again. He has just returned from California, where he gave a talk at a large mutual fund company. Then he packed his bags again and jetted to London, where he consulted with the Treasury. After that, he returned to Switzerland to speak at the University of Basel, and then went on to Frankfurt to present a paper at the Center for Financial Studies. From there, White traveled to Paris to attend a meeting at the Organization for Economic Cooperation and Development (OECD). Finally, he flew back across the Atlantic to Canada. White is clearly in demand, including in North America. Since the economy went up in flames, the wiry retiree has been jetting around the globe like a paramedic for the world of high finance. He shows no signs of exhaustion, despite his rigorous schedule. In fact, White, with his gray head of hair, is literally beaming with energy, so much so that he seems to glow. Perhaps it is because someone, finally, is listening to him. < - > http://www.spiegel.de/international/business/0,1518,druck-635051,00.html From rforno at infowarrior.org Fri Jul 10 12:34:14 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 10 Jul 2009 08:34:14 -0400 Subject: [Infowarrior] - Hadopi Router Message-ID: <86199D5F-C168-4442-AB5D-3B3FF143D1F9@infowarrior.org> http://torrentfreak.com/hackers-undermine-piracy-evidence-with-hadopi-router-090709/ Hackers Undermine Piracy Evidence With Hadopi Router Yesterday we reported that a provision in the revamped French ?3 strikes? bill will allow for the punishment of ISP account holders for the copyright infringing actions of others. Now a group of hackers has set out to compromise WiFi routers en masse, in order to create an environment of plausible deniability. It seems that one way or another President Sarkozy is determined to bring a ?3 strikes? regime to France. After underlining his determination during an historic speech to parliament in June, yesterday saw a revised bill accepted by the Senate. Aside from punishing actual file-sharers, the bill allows the courts to take measures against people who have done no sharing, but are accused simply because they are the one paying the ISP bill. If the court decides that an account holder is guilty of ?negligence? - by somehow allowing others to file-share on their connection - it is within a judge?s power to issue a fine up to 1,500 euros along with a 4 week disconnection. Now, according to Le Monde, some French hackers have come together to throw confusion into the mix, so that punishing these individuals is not a straightforward or guaranteed accurate procedure. A hacker known only as ?N? says he has developed some software known as ?Hadopi Router?, a term first penned by bloggers who devised the concept. ?N?, who is said to have previously worked manufacturing routers, says he and a few friends wrote ?Hadopi Router? in order to prove that the evidence gathered by the Hadopi agency is unreliable. ?It locates Wi-Fi networks in the neighborhood, then begins to crack all their passwords,? says ?N?. ?Once we have the keys, we can create a virtual access point,? which in basic terms means using the Internet connection without the account holder?s knowledge. ?N? says that if an ?owned? router has its password changed, the system automatically switches to another Wi-Fi signal in the neighborhood and starts to attack the new password. Additionally, ?N? claims that with Hadopi Router it is possible to monitor activity on the cracked networks but one of his accomplices called ?V? says they have no bad intentions. ?We just want to release our software and allow everyone to understand that the technical data used by the Hadopi agency to accuse people will not be reliable. Because of us, the judges will not be able to say that they weren?t aware of that.? ?N? says he is already imagining a more ambitious strategy to distribute many dozens of modified routers to a community in order to create a ?mini-network?, superimposed over existing ones. Of course, many wireless routers already have either a complete lack of security or weak WEP encryption enabled, making them sitting ducks for drive-by infringements or less casual ones conducted by neighbors within range. An IP address does not necessarily identify an individual, in fact one could argue that in many instances these days it doesn?t even identify a computer but merely a gateway to a sub network, behind which could be any number of individuals not linked in any way to a bill payer. Time will tell how French judges will rule in these ?negligence? cases, especially when they have just 5 minutes to do so. From rforno at infowarrior.org Fri Jul 10 12:35:32 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 10 Jul 2009 08:35:32 -0400 Subject: [Infowarrior] - Ex-Goldman Programmer Detailed His Code Downloads to FBI Agent Message-ID: Ex-Goldman Programmer Detailed His Code Downloads to FBI Agent http://www.bloomberg.com/apps/news?pid=20601087&sid=aSDxSdMlPTXU By David Glovin and David Scheer July 10 (Bloomberg) -- Sergey Aleynikov, the former Goldman Sachs Group Inc. computer programmer arrested last week for stealing software, told an FBI agent he uploaded proprietary code to an encrypted server he had used on ?multiple occasions.? Aleynikov, 39, told the agent around 1 a.m. on July 4 that he had logged into Goldman?s computers through remote access from his home and sent encrypted files to a repository server with the URL identifier svn.xp-dev.com, according to a copy of his FBI statement in court files in Manhattan federal court. Xp-dev.com is registered to London resident Roopinder Singh, who describes himself on a blog linked to the site as a trading systems developer working in London?s financial services industry. The site offers ?subversion hosting,? letting users track current and previous versions of programming code and other documents. Singh told his customers in the blog yesterday that he?d been contacted by ?local UK authorities,? who had seized his hard drives to examine them and shut his service down for 45 hours, beginning on July 6, two days after Aleynikov?s arrest. ?It turns out that some idiotic moron a user had uploaded data on to the service that he/she was not authorized to have,? he said, crossing out the words ?some idiotic moron.? ?This is your basic intellectual property theft case here.? Singh didn?t immediately respond to phone calls and e- mails. FBI spokesman Jim Margolin and Rebekah Carmichael, a spokeswoman for Acting U.S. Attorney Lev Dassin, declined to comment. Assistant U.S. Attorney Joseph Facciponti said at Aleynikov?s arraignment July 4 that the alleged theft is the ?most substantial? that the bank can recall. ?Worth Millions? ?The proprietary code, worth millions of dollars, lets the firm do ?sophisticated, high-speed and high-volume trades on various stock and commodities markets,? prosecutors said in court papers. Facciponti said a person misusing the code might be able to ?manipulate markets.? On his personal blog, Singh wrote that he provides his service free and that any code stored there is kept safe and encrypted before being backed up every night ?off-site.? Aleynikov, who holds dual U.S. and Russian citizenship, told the agent the files he sent to Singh?s server ?have been not shared with any person or corporation? and that it ?was not my intent be involved in any malicious action.? Facciponti said at the arraignment that Aleynikov transferred the code to a computer server in Germany and that others may have had access to it, a claim that Aleynikov denied in his statement to the Federal Bureau of Investigation agent, Michael McSwain. The prosecutor said the U.S. was investigating whether other code was sent to the server. Internet records indicate Singh?s Web site is located in Bavaria. Other Instances Aleynikov told McSwain he used the server on other instances. ?I have uploaded files to svn.xp-dev.com on multiple occasions over the last couple months,? Aleynikov said in the FBI statement. The phrase, ?over the last couple months? is crossed out. It was unclear if he used the server to store Goldman software or other code. ?The files that are proprietary information of Goldman Sachs has not been shared with any individual or corporation,? Aleynikov repeated near the conclusion of the three-page statement. In the statement, Aleynikov laid out what had happened from the downloading of the files to their transfer to the server and his retrieval of them from it. He said that on June 5 he ?created a tarball in an effort to collect open source work on Goldman Sachs server to which I had an account.? Tarball A tar file, which is sometimes called a tarball, is a compressed file. ?I had previously worked on the files,? he said. He said he encrypted the files, then erased the encryption software and the tarball. ?I then erased the bash history,? he said, referring to a method of recalling commands used in previous computer sessions. Goldman security measures prevent such deletions, which tipped the firm off to his activities, prosecutors said. Aleynikov said in his statement that he downloaded the Goldman software to his home computer, his laptop computer and his thumb drive. ?The reason I uploaded to svn.xp-dev.com was because it was not blocked by Goldman Sachs security policy,? Aleynikov wrote. The phrase, ?not blocked by Goldman Sachs security policy,? was crossed out and he added: ?I wanted to inspect the work later in a more usable environment.? More Than Intended Aleynikov said that he later opened the files to inspect them. ?At that point I realized that I downloaded more files than I intended,? he said. Aleynikov, who lives in New Jersey, was arrested on July 3 after arriving at Liberty International Airport in Newark. He was charged with stealing the trading software and is free on a $750,000 bond. Teza Technologies LLC, a Chicago-based firm co-founded by a former Citadel Investment Group LLC trader, said after his arrest that it had suspended Aleynikov, who started there on July 2. Aleynikov had told co-workers at Goldman that he was joining a new firm at triple his salary of $400,000 a year. Michael DuVally, a spokesman for New York-based Goldman, declined to comment. Aleynikov said Teza wasn?t involved. ?I have signed an agreement with my new employer not to bring any unlicensed software,? he said. ?I have not violated that agreement.? Studied Math Aleynikov studied applied mathematics at the Moscow Institute of Transportation Engineering before transferring to Rutgers University, where he received a bachelor?s degree in computer science in 1993 and a master?s of science degree, specializing in medical image processing and neural networks, in 1996, according to his profile on the social- networking site LinkedIn. Before joining Goldman Sachs, he worked for about eight years at IDT Corp., the U.S. vendor of prepaid calling cards, where he led the team responsible for developing routing systems, according to the profile. His profile on LinkedIn describes him as a vice president in equity strategy at Goldman Sachs and includes two recommendations from colleagues at the firm. The case is U.S. v. Aleynikov, U.S. District Court, Southern District of New York (Manhattan). To contact the reporters on this story: David Glovin in New York federal court at dglovin at bloomberg.net; David Scheer in New York at dscheer at bloomberg.net ; Last Updated: July 10, 2009 00:01 EDT From rforno at infowarrior.org Fri Jul 10 13:29:19 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 10 Jul 2009 09:29:19 -0400 Subject: [Infowarrior] - Premier U.S. Fighter Jet Has Major Shortcomings Message-ID: Premier U.S. Fighter Jet Has Major Shortcomings F-22's Maintenance Demands Growing By R. Jeffrey Smith Washington Post Staff Writer Friday, July 10, 2009 The United States' top fighter jet, the Lockheed Martin F-22, has recently required more than 30 hours of maintenance for every hour in the skies, pushing its hourly cost of flying to more than $44,000, a far higher figure than for the warplane it replaces, confidential Pentagon test results show. < - > "It is a disgrace that you can fly a plane [an average of] only 1.7 hours before it gets a critical failure" that jeopardizes success of the aircraft's mission, said a Defense Department critic of the plane who is not authorized to speak on the record. Other skeptics inside the Pentagon note that the planes, designed 30 years ago to combat a Cold War adversary, have cost an average of $350 million apiece and say they are not a priority in the age of small wars and terrorist threats. < - > Lockheed farmed out more than 1,000 subcontracts to vendors in more than 40 states, and Sprey -- now a prominent critic of the plane -- said that by the time skeptics "could point out the failed tests, the combat flaws, and the exploding costs, most congressmen were already defending their subcontractors' " revenues. John Hamre, the Pentagon's comptroller from 1993 to 1997, says the department approved the plane with a budget it knew was too low because projecting the real costs would have been politically unpalatable on Capitol Hill. < - > http://www.washingtonpost.com/wp-dyn/content/article/2009/07/09/AR2009070903020_pf.html From rforno at infowarrior.org Sat Jul 11 00:16:29 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 10 Jul 2009 20:16:29 -0400 Subject: [Infowarrior] - White House Kept Justice Lawyers in Dark on Warrantless Wiretapping Message-ID: White House Kept Justice Lawyers in Dark on Warrantless Wiretapping By Carrie Johnson and Ellen Nakashima Washington Post Staff Writer Friday, July 10, 2009 4:00 PM http://www.washingtonpost.com/wp-dyn/content/article/2009/07/10/AR2009071002536_pf.html The Bush White House so strictly controlled access to its warrantless eavesdropping program that only three Justice Department lawyers were aware of the plan, which nearly ignited mass resignations and a constitutional crisis when a wider circle of administration officials began to question its legality, according to a watchdog report released today. The unclassified summary by five inspectors general from government intelligence agencies called the arrangements "extraordinary and inappropriate" and asserted that White House secrecy "undermined" the ability of the Justice Department to do its work. The report is the first public sign of a long running investigative review of a program that provoked fierce conflict within the highest levels of the Bush administration in 2004. At the time, the Justice Department's second in command and the director of the FBI both vowed to resign if President Bush continued with electronic intelligence gathering that they believed was outside the boundaries of the law. Today's report was mandated by Congress in legislation last year that updated the Foreign Intelligence Surveillance Act of 1978 to accommodate new technologies. The bulk of the review remains highly classified. The program, which has been called the Terrorist Surveillance Program (TSP), is part of a broader intelligence effort known as the President's Surveillance Program, much of which is not known to the public. The TSP authorized the National Security Agency to intercept without court warrants international email messages and other communications believed to involve people with ties to al Qaeda. The wiretapping program was brought under the oversight of the special Foreign Intelligence Surveillance court, which is based in the District, in early 2007, after the New York Times reported its existence and chronicled unrest within the Bush administration about its legality. The inspectors general from the Departments of Justice and Defense, as well as the CIA, the NSA and the office of the Director of National Intelligence, said they reviewed thousands of documents and interviewed more than 200 people in connection with the report, including Bush era officials John Negroponte, who served as director of national intelligence, National Security Agency Director Michael V. Hayden, Secretary of Defense Donald Rumsfeld and Attorney General Alberto Gonzales. But other key figures such as Bush White House Chief of Staff Andrew Card, former Attorney General John D. Ashcroft and former CIA director George Tenet declined interview requests, investigators said. The inspectors general lack the authority to compel them to talk. President Bush authorized the program shortly after the Sept. 11, 2001, terrorist attacks on American soil in a single document, and the legal approval for the initiative relied on ongoing threat assessments known among some members of the intelligence community as "scary memos," the report said. The program eventually became a symbol of the administration's excessive secrecy on national security policies. Only three Justice Department officials -- Ashcroft, former Office of Legal Counsel lawyer John C. Yoo, and intelligence policy lawyer James Baker -- were read into the electronic surveillance initiative. Many of their superiors were kept in the dark, the unclassified summary reported for the first time today. One former department lawyer, Jay S. Bybee, told investigators that he was Yoo's superior in the Office of Legal Counsel but was never read into the program and "could shed no further light" on how Yoo became the point man on memos that confirmed its legality. By following this route, the memos avoided a rigorous peer review process. The report said Yoo prepared hypothetical documents in September and early October 2001 before writing a formal memo in November, after Bush had already authorized the initiative. In that memo, Yoo concluded that the FISA law could not "restrict the president's ability to engage in warrantless searches that protect the national security" and that "unless Congress made a clear statement in FISA that it sought to restrict presidential authority to conduct warrantless searches in the national security area -- which it has not-- then the statute must be construed to avoid such a reading," according to the report. When that analysis reached higher level officials in the Justice Department in late 2003 and early 2004, they became troubled about the conclusions and convinced the plan may have run afoul of the law, ignoring important Supreme Court rulings on the subject of executive branch power. The full outlines of the program remain murky and subject to strict classification, but the inspectors general report said that Yoo "did not accurately describe the scope" of other intelligence activities in the President's Surveillance Program, presenting "a serious impediment to recertification of the program." Former Justice Department lawyers Patrick Philbin and Jack Goldsmith, who served in the Office of Legal Counsel, secured access to the program and began meeting with Gonzales, then the White House counsel, and David Addington, counsel to Vice President Cheney, to express their concerns after Yoo left the department in 2003. Goldsmith's notes from the meetings say that the White House lawyers agreed that they would "pull the plug" if the trouble with the program grew serious, the report said. Disputes over the program prompted a series of meetings in March 2004, including lobbying by the White House, to try to persuade the Justice Department lawyers to agree to a temporary continuation of the surveillance while its legal problems were fixed. On March 9, 2004, intelligence officials and Cheney met to discuss the issue without inviting Justice Department leaders. Cheney suggested that the president "may have to reauthorize without [the] blessing of DOJ," according to previously unreported notes taken by Mueller described in today's report. Mueller told the investigators he would have a problem with that approach. Later that day, Cheney met with Justice Department officials and told them that "thousands" of lives could be risked if they did not agree to continue the program, the inspectors general report said. The resignation threats came after a dramatic March 10, 2004, hospital visit by Card, who was then the White House chief of staff, and Gonzales to the bedside of an ailing Ashcroft. They appeared at the hospital in an ultimately unsuccessful bid to convince the attorney general, who was weakened by severe pancreatitis, to sign a document that would give reauthorize the program despite legal advice from others in the Justice Department. Former Deputy Attorney General James B. Comey told the Senate years later that he had literally sprinted up the stairs of George Washington University Hospital in an effort to arrive before the White House advisers. Comey said the episode marked the "most difficult night of my professional life." Several subordinates at the Justice Department and FBI Director Robert Mueller III stood behind Comey in the aftermath of the hospital confrontation, raising the possibility of a mass departure that would have attracted wide public attention and invited comparisons to the Nixon era's Saturday Night Massacre. Senior White House officials disdained the legal regime imposed on the program, according to a book by Goldsmith. He reported that Addington said in February 2004 that "we're one bomb away from getting rid of that obnoxious [FISA] court." Goldsmith also said that the information on the program had been so closely held that Addington denied a request by the National Security Agency's inspector general to see a copy of the Justice Department memo supporting the Terrorist Surveillance Program. "The White House had found it much easier to go it alone, in secret," Goldsmith wrote. From rforno at infowarrior.org Sat Jul 11 00:16:58 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 10 Jul 2009 20:16:58 -0400 Subject: [Infowarrior] - Report: Bush surveillance program was massive Message-ID: Report: Bush surveillance program was massive By PAMELA HESS The Associated Press Friday, July 10, 2009 7:45 PM http://www.washingtonpost.com/wp-dyn/content/article/2009/07/10/AR2009071002470_pf.html WASHINGTON -- The Bush administration built an unprecedented surveillance operation to pull in mountains of information far beyond the warrantless wiretapping previously acknowledged, a team of federal inspectors general reported Friday, questioning the legal basis for the effort but shielding almost all details on grounds they're still too secret to reveal. The report, compiled by five inspectors general, refers to "unprecedented collection activities" by U.S. intelligence agencies under an executive order signed by President George W. Bush after the Sept. 11, 2001, terror attacks. Just what those activities involved remains classified, but the IGs pointedly say that any continued use of the secret programs must be "carefully monitored." The report says too few relevant officials knew of the size and depth of the program, let alone signed off on it. They particularly criticize John Yoo, a deputy assistant attorney general who wrote legal memos undergirding the policy. His boss, Attorney General John Ashcroft, was not aware until March 2004 of the exact nature of the intelligence operations beyond wiretapping that he had been approving for the previous two and a half years, the report says. Most of the intelligence leads generated under what was known as the "President's Surveillance Program" did not have any connection to terrorism, the report said. But FBI agents told the authors that the "mere possibility of the leads producing useful information made investigating the leads worthwhile." The inspectors general interviewed more than 200 people inside and outside the government, but five former Bush administration officials refused to be questioned. They were Ashcroft, Yoo, former CIA Director George Tenet, former White House Chief of Staff Andrew Card and David Addington, an aide to former Vice President Dick Cheney. According to the report, Addington could personally decide who in the administration was "read into" - allowed access to - the classified program. The only piece of the intelligence-gathering operation acknowledged by the Bush White House was the wiretapping-without-warrants effort. The administration admitted in 2005 that it had allowed the National Security Agency to intercept international communications that passed through U.S. cables without seeking court orders. Although the report documents Bush administration policies, its fallout could be a problem for the Obama administration if it inherited any or all of the still-classified operations. Bush started the warrantless wiretapping program under the authority of a secret court in 2006, and Congress authorized most of the intercepts in a 2008 electronic surveillance law. The fate of the remaining and still classified aspects of the wider surveillance program is not clear from the report. The report's revelations came the same day that House Democrats said that CIA Director Leon Panetta had ordered one eight-year-old classified program shut down after learning lawmakers had never been apprised of its existence. The IG report said that President Bush signed off on both the warrantless wiretapping and other top-secret operations shortly after Sept. 11 in a single presidential authorization. All the programs were periodically reauthorized, but except for the acknowledged wiretapping, they "remain highly classified." The report says it's unclear how much valuable intelligence the program has yielded. The report, mandated by Congress last year, was delivered to lawmakers Friday. Rep. Jane Harman, D-Ca., told The Associated Press she was shocked to learn of the existence of other classified programs beyond the warrantless wiretapping. Former Bush Attorney General Alberto Gonzales made a terse reference to other classified programs during an August 2007 letter to Congress. But Harman said that when she had asked Gonzales two years earlier if the government was conducting any other undisclosed intelligence activities, he denied it. "He looked me in the eye and said 'no,'" she said Friday. Robert Bork Jr., Gonzales' spokesman, said, "It has clearly been determined that he did not intend to mislead anyone." In the wake of the new report, Senate Judiciary Committee Chairman Sen. Patrick Leahy, D-Vt, renewed his call Friday for a formal nonpartisan inquiry into the government's information-gathering programs. Former CIA Director Michael Hayden - the primary architect of the program- told the report's authors that the surveillance was "extremely valuable" in preventing further al-Qaida attacks. Hayden said the operations amounted to an "early warning system" allowing top officials to make critical judgments and carefully allocate national security resources to counter threats. Information gathered by the secret program played a limited role in the FBI's overall counterterrorism efforts, according to the report. Very few CIA analysts even knew about the program and therefore were unable to fully exploit it in their counterrorism work, the report said. The report questioned the legal advice used by Bush to set up the program, pinpointing omissions and questionable legal memos written by Yoo, in the Justice Department's Office of Legal Counsel. The Justice Department withdrew the memos years ago. The report says Yoo's analysis approving the program ignored a law designed to restrict the government's authority to conduct electronic surveillance during wartime, and did so without fully notifying Congress. And it said flaws in Yoo's memos later presented "a serious impediment" to recertifying the program. Yoo insisted that the president's wiretapping program had only to comply with Fourth Amendment protections against search and seizure - but the report said Yoo ignored the Federal Intelligence Surveillance Act, which had previously overseen federal national security surveillance. "The notion that basically one person at the Justice Department, John Yoo, and Hayden and the vice president's office were running a program around the laws that Congress passed, including a reinterpretation of the Fourth Amendment, is mind boggling," Harman said. House Democrats are pressing for legislation that would expand congressional access to secret intelligence briefings, but the White House has threatened to veto it. ? 2009 The Associated Press From rforno at infowarrior.org Sat Jul 11 00:18:44 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 10 Jul 2009 20:18:44 -0400 Subject: [Infowarrior] - PDF: IG Report on Bush surveillance Message-ID: <7750A3CF-DE6C-430B-B930-559919145F9B@infowarrior.org> On July 10, 2009, the inspectors general from five federal agencies -- the Justice Department, the Defense Department, the Central Intelligence Agency, the National Security Agency and the Office of the Director of National Intelligence -- released an unclassified report investigating the origins and operations of the Bush administration's warrantless surveillance program. http://graphics8.nytimes.com/packages/images/nytint/docs/federal-report-on-the-president-s-surveillance-program/original.pdf From rforno at infowarrior.org Sat Jul 11 18:25:00 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 11 Jul 2009 14:25:00 -0400 Subject: [Infowarrior] - DHS Cyber Neighborhood Watch? Message-ID: <748B44EA-1038-437F-8F21-B61A3EA71F7A@infowarrior.org> (c/o M.P.) The Neighborhood Network Watch is a domestic community based group that analyzes and collects network traffic from open public networks, for national security purposes. The group was founded in 2006 with the help of its parent organization the U.S. Department of Homeland Security. The first chapter of the Neighborhood Network Watch was founded in 2007 and has been operating since then. http://www.dhsnnw.org/about.html "Participants in HNAP would collect sample network traffic from their own home networks as well as samples from networks within the vicinity. The Neighborhood Network Watch will be making a set of freely available instructions on how to capture network traffic, using the open source packet sniffer TCPDUMP, and **how to log onto nearby wireless networks that maybe being operated by neighbors**." http://www.dhsnnw.org/newsarticles/mar18_2008.html From rforno at infowarrior.org Sat Jul 11 18:31:17 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 11 Jul 2009 14:31:17 -0400 Subject: [Infowarrior] - interesting hacktivism Message-ID: ImageShack was attacked by a movement called ?Anti-Sec? who is against the full disclosure of security vulns. Interesting twist on the notion of 'hacktivism' eh? --rf http://mashable.com/2009/07/10/imageshack-hacked/ From rforno at infowarrior.org Sat Jul 11 18:34:50 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 11 Jul 2009 14:34:50 -0400 Subject: [Infowarrior] - =?windows-1252?q?Hoekstra_Wants_=91Show_of_Force?= =?windows-1252?q?=92_Against_North_Korea_for_Website_Attacks?= Message-ID: <03E75BB9-1FFD-4A8F-91C6-01A1BE4A8CD2@infowarrior.org> The blind leading the blind and preaching to the blind about what to do. Typical Congresscritter. But then again, it's Hoekstra!! -rf Threat Level Privacy, Crime and Security Online Lawmaker Wants ?Show of Force? Against North Korea for Website Attacks ? By Kim Zetter ? July 10, 2009 | ? 1:45 pm | ? Categories: Cybersecurity http://www.wired.com/threatlevel/2009/07/show-of-force/ A key Republican lawmaker on Thursday urged President Obama to launch a cyber attack against North Korea, or increase international sanctions against the communist country, in the wake of an unknown hacker?s denial-of-service attacks on U.S. and South Korean websites. Rep. Peter Hoekstra (R-Michigan), the lead Republican on the House Intelligence Committee, said the U.S. should conduct a ?show of force or strength? against North Korea for a supposed role in a round of attacks that hit numerous government and commercial websites this week. Hoekstra, speaking on the conservative America?s Morning News radio show, produced by the Washington Times newspaper, said that ?some of the best people in America? had been investigating the attacks and concluded that most likely ?all the fingers? point to North Korea as the culprit. They?re reaching the conclusion that this was a state act and that ?this couldn?t be some amateurs,? claimed Hoekstra, in direct opposition to what security experts have actually been saying. He added that North Korea needed to be ?sent a strong message.? ?Whether it is a counterattack on cyber, whether it is, you know, more international sanctions . . . but it is time for America and South Korea, Japan and others to stand up to North Korea or the next time . . . they will go in and shut down a banking system or they will manipulate financial data or they will manipulate the electrical grid, either here or in South Korea,? Hoekstra said. ?Or they will try to, and they may miscalculate, and people could be killed.? An ABC News commentator also called for an aggressive response. Michael Malone, who bills himself as ?one of the nation?s best-known technology writers,? wrote in his Friday column that thousands could die in future internet attacks. One of his imagined scenarios is an eerie echo of the claim ? heard prior to the first U.S. war with Iraq ? that Saddam Hussein was killing babies in incubators. ?When do we get out of our defensive crouch and actively go after governments that are attacking us through cyberspace?? Malone wrote. ?Will it be after a web Pearl Harbor catches us by surprise and crashes our financial markets ? or kills thousands of people trapped in computer-controlled transportation systems run amok, or in a darkened city trapped in a blizzard or heat wave, or babies in microprocessor controlled incubators? And long before then, why can?t we respond to such an attack by a foreign government not with bombs or missiles, but by crashing that country?s digital infrastructure?? The series of denial-of-service attacks began over the July 4 holiday weekend and struck more than three dozen prominent web sites in the U.S. and South Korea. The unsophisticated attacks, which are believed to have originated from more than 50,000 computers infected by the 5- year-old MyDoom worm, targeted five U.S. government sites on the first day but expanded to U.S. commercial and media sites on following days and struck South Korean government and financial websites on Tuesday and Thursday. Sites hit by the attacks include ones for the White House, the U.S. Department of Homeland Security, Secret Service, National Security Agency, Federal Trade Commission, Department of Defense and the State Department, as well as sites for the New York Stock Exchange, Nasdaq, Amazon and Yahoo. On Tuesday, several sites in South Korea, including sites for the Ministry of Defense and the presidential Blue House, were also targeted, followed by more South Korean sites on Thursday. Most of the U.S. sites shrugged off the attack and suffered no downtime, although a couple of government sites experienced trouble for more than a day as they struggled to update their systems and take measures against the attacks. The Associated Press was the first to publish a story prominently quoting anonymous South Korean intelligence officials blaming the attacks on North Korea, even though such attacks are generally very difficult if not impossible to trace. A follow-up AP story indicated that officials had no proof to back their provocative claim. Denial of service attacks, which involve overwhelming a website with hundreds of thousands of lookup requests ? generally launched from botnet machines controlled by a hacker ? are one of the least sophisticated kinds of attacks a hacker can conduct. Security professionals in the U.S. indicated this week that the author of the attacks borrowed old code written by previous malware writers to conduct the attacks and made no attempt to hide his code from being detected by anti-virus programs. They told Threat Level that the nature of the showy attacks appeared to indicate that the hacker simply wanted attention. They found no evidence so far to support claims that North Korea ? or any other state-backed entity ? was behind the attacks. The botnet machines used in the attacks ? most of which are in China, South Korea and Japan, according to researchers ? were likely infected after their owners clicked on an e-mail attachment containing the MyDoom worm. The malware, once launched on an infected machine, allows the hacker to remotely control the computer and contains instructions to conduct the attacks. Researchers have also recently discovered that the code contains instructions to erase parts of the computer owner?s hard drive on Friday, preventing the user from re-booting their machine, according to the Washington Post?s Brian Krebs. The Post reports that some machines used in the website attacks have already begun to self-destruct. From rforno at infowarrior.org Sat Jul 11 20:43:23 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 11 Jul 2009 16:43:23 -0400 Subject: [Infowarrior] - Chips in official IDs raise privacy fears Message-ID: <97A8A357-B327-40CA-9301-DBA965A85DFE@infowarrior.org> Chips in official IDs raise privacy fears By TODD LEWAN ? 2 hours ago http://www.google.com/hostednews/ap/article/ALeqM5hHq9P54bYfXbHp-aDgs01gePq1twD99CDMT00 Climbing into his Volvo, outfitted with a Matrics antenna and a Motorola reader he'd bought on eBay for $190, Chris Paget cruised the streets of San Francisco with this objective: To read the identity cards of strangers, wirelessly, without ever leaving his car. It took him 20 minutes to strike hacker's gold. Zipping past Fisherman's Wharf, his scanner detected, then downloaded to his laptop, the unique serial numbers of two pedestrians' electronic U.S. passport cards embedded with radio frequency identification, or RFID, tags. Within an hour, he'd "skimmed" the identifiers of four more of the new, microchipped PASS cards from a distance of 20 feet. Embedding identity documents ? passports, drivers licenses, and the like ? with RFID chips is a no-brainer to government officials. Increasingly, they are promoting it as a 21st century application of technology that will help speed border crossings, safeguard credentials against counterfeiters, and keep terrorists from sneaking into the country. But Paget's February experiment demonstrated something privacy advocates had feared for years: That RFID, coupled with other technologies, could make people trackable without their knowledge or consent. He filmed his drive-by heist, and soon his video went viral on the Web, intensifying a debate over a push by government, federal and state, to put tracking technologies in identity documents and over their potential to erode privacy. Putting a traceable RFID in every pocket has the potential to make everybody a blip on someone's radar screen, critics say, and to redefine Orwellian government snooping for the digital age. "Little Brother," some are already calling it ? even though elements of the global surveillance web they warn against exist only on drawing boards, neither available nor approved for use. But with advances in tracking technologies coming at an ever-faster rate, critics say, it won't be long before governments could be able to identify and track anyone in real time, 24-7, from a cafe in Paris to the shores of California. The key to getting such a system to work, these opponents say, is making sure everyone carries an RFID tag linked to a biometric data file. On June 1, it became mandatory for Americans entering the United States by land or sea from Canada, Mexico, Bermuda and the Caribbean to present identity documents embedded with RFID tags, though conventional passports remain valid until they expire. Among new options are the chipped "e-passport," and the new, electronic PASS card ? credit-card sized, with the bearer's digital photograph and a chip that can be scanned through a pocket, backpack or purse from 30 feet. Alternatively, travelers can use "enhanced" driver's licenses embedded with RFID tags now being issued in some border states: Washington, Vermont, Michigan and New York. Texas and Arizona have entered into agreements with the federal government to offer chipped licenses, and the U.S. Department of Homeland Security has recommended expansion to non-border states. Kansas and Florida officials have received DHS briefings on the licenses, agency records show. The purpose of using RFID is not to identify people, says Mary Ellen Callahan, the chief privacy officer at Homeland Security, but rather "to verify that the identification document holds valid information about you." Likewise, U.S. border agents are "pinging" databases only to confirm that licenses aren't counterfeited. "They're not pulling up your speeding tickets," she says, or looking at personal information beyond what is on a passport. The change is largely about speed and convenience, she says. An RFID document that doubles as a U.S. travel credential "only makes it easier to pull the right record fast enough, to make sure that the border flows, and is operational" ? even though a 2005 Government Accountability Office report found that government RFID readers often failed to detect travelers' tags. Such assurances don't persuade those who liken RFID-embedded documents to barcodes with antennas and contend they create risks to privacy that far outweigh the technology's heralded benefits. They warn it will actually enable identity thieves, stalkers and other criminals to commit "contactless" crimes against victims who won't immediately know they've been violated. Neville Pattinson, vice president for government affairs at Gemalto, Inc., a major supplier of microchipped cards, is no RFID basher. He's a board member of the Smart Card Alliance, an RFID industry group, and is serving on the Department of Homeland Security's Data Privacy and Integrity Advisory Committee. Still, Pattinson has sharply criticized the RFIDs in U.S. driver's licenses and passport cards. In a 2007 article for the Privacy Advisor, a newsletter for privacy professionals, he called them vulnerable "to attacks from hackers, identity thieves and possibly even terrorists." RFID, he wrote, has a fundamental flaw: Each chip is built to faithfully transmit its unique identifier "in the clear, exposing the tag number to interception during the wireless communication." Once a tag number is intercepted, "it is relatively easy to directly associate it with an individual," he says. "If this is done, then it is possible to make an entire set of movements posing as somebody else without that person's knowledge." Echoing these concerns were the AeA ? the lobbying association for technology firms ? the Smart Card Alliance, the Institute of Electrical and Electronics Engineers, the Business Travel Coalition, and the Association of Corporate Travel Executives. Meanwhile, Homeland Security has been promoting broad use of RFID even though its own advisory committee on data integrity and privacy warned that radio-tagged IDs have the potential to allow "widespread surveillance of individuals" without their knowledge or consent. In its 2006 draft report, the committee concluded that RFID "increases risks to personal privacy and security, with no commensurate benefit for performance or national security," and recommended that "RFID be disfavored for identifying and tracking human beings." For now, chipped PASS cards and enhanced driver's licenses are optional and not yet widely deployed in the United States. To date, roughly 192,000 EDLs have been issued in Washington, Vermont, Michigan and New York. But as more Americans carry them "you can bet that long-range tracking of people on a large scale will rise exponentially," says Paget, a self-described "ethical hacker" who works as an Internet security consultant. Could RFID numbers eventually become de facto identifiers of Americans, like the Social Security number? Such a day is not far off, warns Katherine Albrecht, a privacy advocate and co-author of "Spychips," a book that is sharply critical of the use of RFID in consumer items and official ID documents. "There's a reason you don't wear your Social Security number across your T-shirt," Albrecht says, "and beaming out your new, national RFID number in a 30-foot radius would be far worse." There are no federal laws against the surreptitious skimming of Americans' RFID numbers, so it won't be long before people seek to profit from this, says Bruce Schneier, an author and chief security officer at BT, the British telecommunications operator. Data brokers that compile computer dossiers on millions of individuals from public records, credit applications and other sources "will certainly maintain databases of RFID numbers and associated people," he says. "They'd do a disservice to their stockholders if they didn't." But Gigi Zenk, a spokeswoman for the Washington state Department of Licensing, says Americans "aren't that concerned about the RFID, particularly in this day and age when there are a lot of other ways to access personal information on people." Tracking an individual is much easier through a cell phone, or a satellite tag embedded in a car, she says. "An RFID that contains no private information, just a randomly assigned number, is probably one of the least things to be concerned about, frankly." Still, even some ardent RFID supporters recognize that these next- generation RFID cards raise prickly questions. Mark Roberti, editor of RFID Journal, an industry newsletter, recently acknowledged that as the use of RFID in official documents grows, the potential for abuse increases. "A government could do this, for instance, to track opponents," he wrote in an opinion piece discussing Paget's cloning experiment. "To date, this type of abuse has not occurred, but it could if governments fail to take privacy issues seriously." ___ Imagine this: Sensors triggered by radio waves instructing cameras to zero in on people carrying RFID, unblinkingly tracking their movements. Unbelievable? Intrusive? Outrageous? Actually, it happens every day and makes people smile ? at the Alton Towers amusement park in Britain, which videotapes visitors who agree to wear RFID bracelets as they move about the facility, then sells the footage as a keepsake. This application shows how the technology can be used effortlessly ? and benignly. But critics, noting it can also be abused, say federal authorities in the United States didn't do enough from the start to address that risk. The first U.S. identity document to be embedded with RFID was the "e- passport." In the wake of the Sept. 11 attacks ? and the finding that some of the terrorists entered the United States using phony passports ? the State Department proposed mandating that Americans and foreign visitors carry "enhanced" passport booklets, with microchips embedded in the covers. The chips, it announced, would store the holder's information from the data page, a biometric version of the bearer's photo, and receive special coding to prevent data from being altered. In February 2005, when the State Department asked for public comment, it got an outcry: Of the 2,335 comments received, 98.5 percent were negative, with 86 percent expressing security or privacy concerns, the department reported in an October 2005 notice in the Federal Register. "Identity theft was of grave concern," it stated, adding that "others expressed fears that the U.S. Government or other governments would use the chip to track and censor, intimidate or otherwise control or harm them." It also noted that many Americans expressed worries "that the information could be read at distances in excess of 10 feet." Those concerned citizens, it turns out, had cause. According to department records obtained by researchers at the University of California, Berkeley, under a Freedom of Information Act request and reviewed by the AP, discussion about security concerns with the e-passport occurred as early as January 2003 but tests weren't ordered until the department began receiving public criticism two years later. When the AP asked when testing was initiated, the State Department said only that "a battery of durability and electromagnetic tests were performed" by the National Institute of Standards and Technology, along with tests "to measure the ability of data on electronic passports to be surreptitiously skimmed or for communications with the chip reader to be eavesdropped," testing which "led to additional privacy controls being placed on U.S. electronic passports ... " Indeed, in 2005, the department incorporated metallic fibers into the e-passport's front cover, since metal can reduce the range at which RFID can be read. Personal information in the chips was encrypted and a cryptographic "key" added, which required inspectors to optically scan the e-passport first for the chip to communicate wirelessly. The department also announced it would test e-passports with select employees, before giving them to the public. "We wouldn't be issuing the passports to ourselves if we didn't think they're secure," said Frank Moss, deputy assistant Secretary of State for passport services, in a CNN interview. But what of Americans' concerns about the e-passport's read range? In its October 2005 Federal Register notice, the State Department reassured Americans that the e-passport's chip ? the ISO 14443 tag ? would emit radio waves only within a 4-inch radius, making it tougher to hack. Technologists in Israel and England, however, soon found otherwise. In May 2006, at the University of Tel Aviv, researchers cobbled together $110 worth of parts from hobbyists kits and directly skimmed an encrypted tag from several feet away. At the University of Cambridge, a student showed that a transmission between an e-passport and a legitimate reader could be intercepted from 160 feet. The State Department, according to its own records obtained under FOIA, was aware of the problem months before its Federal Register notice and more than a year before the e-passport was rolled out in August 2006. "Do not claim that these chips can only be read at a distance of 10 cm (4 inches)," Moss wrote in an April 22, 2005, e-mail to Randy Vanderhoof, executive director of the Smart Card Alliance. "That really has been proven to be wrong." The chips could be skimmed from a yard away, he added ? all a hacker would need to read e-passport numbers, say, in an elevator or on a subway. Other red flags went up. In February 2006, an encrypted Dutch e- passport was hacked on national television, with researchers gaining access to the document's digital photograph, fingerprint and personal data. Then British e-passports were hacked using a $500 reader and software written in less than 48 hours. The State Department countered by saying European e-passports weren't as safe as their American counterparts because they lacked the cryptographic key and the anti-skimming cover. But recent studies have shown that more powerful readers can penetrate even the metal sheathing in the U.S. e-passport's cover. John Brennan, a senior policy adviser at the State Department's Bureau of Consular Affairs, concedes it may be possible for a reader to overpower the e-passport's protective shield from a distance. However, he adds, "you could not do this in any large-scale, concerted fashion without putting a bunch of infrastructure in place to make it happen. The practical vulnerabilities may be far less than some of the theoretical scenarios that people have put out there." That thinking is flawed, says Lee Tien, a senior attorney and surveillance expert with the Electronic Frontier Foundation, which opposes RFID in identity documents. It won't take a massive government project to build reader networks around the country, he says: They will grow organically, for commercial purposes, from convention centers to shopping malls, sports stadiums to college campuses. Federal agencies and law enforcement wouldn't have to control those networks; they already buy information about individuals from commercial data brokers. "And remember," Tien adds, "technology always gets better ... " ___ With questions swirling around the e-passport's security, why then did the government roll out more RFID-tagged documents ? the PASS card and enhanced driver's license, which provide less protection against hackers? The RFIDs in enhanced driver's licenses and PASS cards are nearly as slim as paper. Each contains a silicon computer chip attached to a wire antenna, which transmits a unique identifier via radio waves when "awakened" by an electromagnetic reader. The technology they use is designed to track products through the supply chain. These chips, known as EPCglobal Gen 2, have no encryption, and minimal data protection features. They are intended to release their data to any inquiring Gen 2 reader within a 30-foot radius. This might be appropriate when a supplier is tracking a shipment of toilet paper or dog food; but when personal information is at stake, privacy advocates ask: Is long-range readability truly desirable? The departments of State and Homeland Security say remotely readable ID cards transmit only RFID numbers that correspond to records stored in government databases, which they say are secure. Even if a hacker were to copy an RFID number onto a blank tag and place it into a counterfeit ID, they say, the forger's face still wouldn't match the true cardholder's photo in the database, rendering it useless. Still, computer experts such as Schneier say government databases can be hacked. Others worry about a day when hackers might deploy readers at "chokepoints," such as checkout lines, skim RFID numbers from people's driver's licenses, then pair those numbers to personal data skimmed from chipped credit cards (though credit cards are harder to skim). They imagine stalkers using skimmed RFID numbers to track their targets' comings and goings. They fear government agents will compile chip numbers at peace rallies, mosques or gun shows, simply by strolling through a crowd with a reader. Others worry more about the linking of chips with other identification methods, including biometric technologies, such as facial recognition. The International Civil Aviation Organization, the U.N. agency that sets global standards for passports, now calls for facial recognition in all scannable e-passports. Should biometric technologies be coupled with RFID, "governments will have, for the first time in history, the means to identify, monitor and track citizens anywhere in the world in real time," says Mark Lerner, spokesman for the Constitutional Alliance, a network of nonprofit groups, lawmakers and citizens opposed to remotely readable identity and travel documents. Implausible? For now, perhaps. Radio tags in EDLs and passport cards can't be scanned miles away. But scientists are working on technologies that might enable a satellite or a cell tower to scan a chip's contents. Critics also note advances in the sharpness of closed-circuit cameras, and point out they're increasingly ubiquitous. And more fingerprints, iris scans and digitized facial images are being stored in government databases. The FBI has announced plans to assemble the world's largest biometric database, nicknamed "Next Generation Identification." "RFID's role is to make the collection and transmission of people's biometric data quick, easy and nonintrusive," says Lerner. "Think of it as the thread that ties together the surveillance package." On the Net: ? http://www.stoprealidcoalition.com/ ? http://www.smartcardalliance.org/pages/publications-realid ? http://www.eff.org/deeplinks/2009/02/rfid-passports-scanned-car ? http://epic.org/privacy/surveillance/spotlight/0907/ Copyright ? 2009 The Associated Press. All rights reserved. From rforno at infowarrior.org Sun Jul 12 15:36:22 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 12 Jul 2009 11:36:22 -0400 Subject: [Infowarrior] - OT: How to Audit Information Systems Message-ID: <44F23276-EF82-4A3F-91C7-50BE5B12F090@infowarrior.org> Boy this is true on so many levels ..... not sure whether to laugh or cry. http://dilbert.com/strips/comic/2009-07-12/ From rforno at infowarrior.org Sun Jul 12 18:25:39 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 12 Jul 2009 14:25:39 -0400 Subject: [Infowarrior] - T.X. Hammes Essay: Dumb-dumb bullets Message-ID: (See also my 2002 "PowerPoint Manifesto" right on the home page @ infowarrior.org) Essay: Dumb-dumb bullets As a decision-making aid, PowerPoint is a poor tool By T.X. Hammes http://www.armedforcesjournal.com/2009/07/4061641 Every year, the services spend millions of dollars teaching our people how to think. We invest in everything from war colleges to noncommissioned officer schools. Our senior schools in particular expose our leaders to broad issues and historical insights in an attempt to expose the complex and interactive nature of many of the decisions they will make. Unfortunately, as soon as they graduate, our people return to a world driven by a tool that is the antithesis of thinking: PowerPoint. Make no mistake, PowerPoint is not a neutral tool ? it is actively hostile to thoughtful decision-making. It has fundamentally changed our culture by altering the expectations of who makes decisions, what decisions they make and how they make them. While this may seem to be a sweeping generalization, I think a brief examination of the impact of PowerPoint will support this statement. The last point, how we make decisions, is the most obvious. Before PowerPoint, staffs prepared succinct two- or three-page summaries of key issues. The decision-maker would read a paper, have time to think it over and then convene a meeting with either the full staff or just the experts involved to discuss the key points of the paper. Of course, the staff involved in the discussion would also have read the paper and had time to prepare to discuss the issues. In contrast, today, a decision-maker sits through a 20-minute PowerPoint presentation followed by five minutes of discussion and then is expected to make a decision. Compounding the problem, often his staff will have received only a five-minute briefing from the action officer on the way to the presentation and thus will not be well-prepared to discuss the issues. This entire process clearly has a toxic effect on staff work and decision-making. The art of slide-ology Let?s start by examining the impact on staff work. Rather than the intellectually demanding work of condensing a complex issue to two pages of clear text, the staff instead works to create 20 to 60 slides. Time is wasted on which pictures to put on the slides, how to build complex illustrations and what bullets should be included. I have even heard conversations about what font to use and what colors. Most damaging is the reduction of complex issues to bullet points. Obviously, bullets are not the same as complete sentences, which require developing coherent thoughts. Instead of forcing officers to learn the art of summarizing complex issues into coherent arguments, staff work now places a premium on slide building. Slide-ology has become an art in itself, while thinking is often relegated to producing bullets. Our personnel clearly understand the lack of clarity and depth inherent in the half-formed thoughts of the bullet format. In an apparent effort to overcome the obvious deficiency of bullets, some briefers put entire paragraphs on each briefing slide. (Of course, they still include the bullet point in front of each paragraph.) Some briefs consist of a series of slides with paragraphs on them. In short, people are attempting to provide the audience with complete, coherent thoughts while adhering to the PowerPoint format. While writing full paragraphs does force the briefer to think through his position more clearly, this effort is doomed to failure. People need time to think about, even perhaps reread, material about complex issues. Instead, they are under pressure to finish reading the slides before the boss apparently does. Compounding the problem, the briefer often reads these slides aloud while the audience is trying to read the other information on the slide. Since most people read at least twice as fast as most people can talk, he is wasting half of his listeners? time and simultaneously reducing comprehension of the material. The alternative, letting the audience read the slide themselves, is also ineffective. Instead of reading for comprehension, everyone races through the slide to be sure they are finished before the senior person at the brief. Thus even presenting full paragraphs on each slide cannot overcome the fundamental weakness of PowerPoint as a tool for presenting complex issues. The next major impact of slide-ology has been the pernicious growth in the amount of information portrayed on each slide. A friend with multiple tours in the Pentagon said a good rule of thumb in preparing a brief is to assume one slide per minute of briefing. Surprisingly, it seems to be true. Yet, even before the onslaught of the dreaded quad chart, I saw slides with up to 90 pieces of information. Presumably, some thought went into the bullets, charts, pictures and emblems portrayed on that slide, yet the vast majority of the information was completely wasted. The briefer never spoke about most of the information, and the slide was on screen for a little more than a minute. While this slide was an aberration, charts with 20 items of information portrayed in complex graphics are all too common. This gives the audience an average of three seconds to see and absorb each item of information. As if this weren?t sufficient to block the transfer of information, some PowerPoint Ranger invented quad charts. For those unfamiliar with a quad chart, it is simply a Power Point slide divided into four equal quadrants and then a full slide is placed in each quadrant. If the briefer clicks on any of the four slides, it can become a full-sized slide. Why this is a good idea escapes me. PowerPoint has clearly decreased the quality of the information provided to the decision-maker, but the damage doesn?t end there. It has also changed the culture of decision-making. In my experience, pre- PowerPoint staffs prepared two to four decision papers a day because that?s as many as most bosses would accept. These would be prepared and sent home with the decision-maker and each staff member that would participate in the subsequent discussion. Because of the tempo, most decision-makers did not take on more than three or four a day simply because of the requirement to read, absorb, think about and then be prepared to discuss the issue the following day. As an added benefit for most important decisions, they ?slept on it.? PowerPoint has changed that. Key decision-makers? days are now broken down into one-hour and even 30-minute segments that are allocated for briefs. Of particular concern, many of these briefs are decision briefs. Thus senior decision-makers are making more decisions with less preparation and less time for thought. Why we press for quick decisions when those decisions will take weeks or even months to simply work their way through the bureaucracy at the top puzzles me. One of the critical skills in decision making is making the decision cycle and method appropriate to the requirements. If a decision takes weeks or months to implement and will be in effect for years, then a more thoughtful process is clearly appropriate. This brings me to the third major concern with PowerPoint?s impact on our decision process: Who makes the decisions? Because the PowerPoint culture allows decision-makers to schedule more briefs per day, many type-A personalities seek to do so. Most organizations don?t need more decisions made at higher levels. But to find more decisions to make, a type-A leader has to reach down to lower levels to find those decisions. The result is the wrong person is making decisions at the wrong level. Maneuver warfare and W. Edwards Deming?s methods of quality control drive decision making downward to the appropriate level. PowerPoint works against this approach. PowerPoint?s proper use PowerPoint is not entirely negative. It can be useful in situations it was designed to support ? primarily, information briefs rather than decision briefs. For instance, it is an excellent vehicle for instructors. It provides a simple, effective way to share high-impact photos, charts, graphs, film clips and humor that illustrate a lecturer?s points. Here, the bullet can function as designed by providing a brief, simple outline of the speaker?s material that facilitates note-taking and even (one hopes) student retention. Yet even in a classroom setting, it is not appropriate for developing a deep understanding of most subjects. For that, additional reading is required. There is a reason students cannot submit a thesis in PowerPoint format. PowerPoint also can be appropriate for operational decisions that need to be implemented immediately. In this format, it can inform and stimulate discussion on a subject that should be fairly well understood by most of the participants in an ongoing operation. In a crisis where that background knowledge may not exist, PowerPoint can be used to provide basic background information to a larger group fairly quickly. While not ideal, it is a useful tool when confronted with time pressure. Unfortunately, by using PowerPoint inappropriately, we have created a thought process centered on bullets and complex charts. This has a number of impacts. First, it reduces clarity since a bullet is essentially an outline for a sentence and a series of bullets outline a paragraph. They fail to provide the details essential to understanding the ideas being expressed. While this helps immensely with compromise, since the readers can create their own narrative paragraphs from the bullets, it creates problems when people discover what they agreed to is not what they thought they had agreed to. Worse, it creates a belief that complex issues can, and should, be reduced to bullets. It has reached the point where some decision- makers actually refuse to read a two-page briefing paper and instead insist PowerPoint be used. Further, it is an accepted reality that PowerPoint presentations ? particularly important ones ? inevitably are disseminated to a much wider audience than those attending the brief. We have created huge staffs and they are all hungry for information. This means most of the people who actually see the brief get an incomplete picture of the ideas presented. Some briefers attempt to overcome this by writing whole paragraphs in the briefing notes portion of the slide. Clearly, a paper is a better format than PowerPoint. If the concept requires whole paragraphs ? and many do ? then they should be put in an appropriate paper and provided ahead of time. And while the PowerPoint culture leads to wide dissemination of briefs, it has resulted in the reliance on PowerPoint as a record of the decisions made. We used to keep written records of the decisions made at meetings and officials had to initial them and indicate whether they approved or disapproved. Further, they often made notes in the margins to clarify their position. Future historians are going to hate the PowerPoint era; it will be impossible to follow the logic chain of decisions or determine where various people stood on the issues. Of course, that?s only fair since we often don?t know ourselves. One excuse given for using PowerPoint is that senior leaders don?t have time to be pre-briefed on all the decisions they make. If that is the case, they are involved in too many decisions. When the default position is that you are too busy to prepare properly to make a decision, it means you are making bad decisions. PowerPoint can be highly effective if used purely to convey information ? as in a classroom or general background brief. It is particularly good if strong pictures or charts accompany the discussion of the material. But it is poorly suited to be an effective decision aid. Unfortunately, the Pentagon has virtually made a cult of the PowerPoint presentation. AFJ 2009 essay contest AFJ is running its second annual essay contest. Submit an essay of no longer than 1,500 words on a PowerPoint presentation that most affected your career ? for good or bad. The winning essayist will receive a set of books recommended by T.X. Hammes; runners up will receive book gift cards. The winning essays will be published in our November issue. Go to www.armedforcesjournal.com for details. From rforno at infowarrior.org Mon Jul 13 01:20:21 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 12 Jul 2009 21:20:21 -0400 Subject: [Infowarrior] - Plan to 'De-Orbit' ISS in 2016 Is Criticized Message-ID: <003A73CA-C9D0-4D06-B2DB-8AB4361AEC92@infowarrior.org> Space Station Is Near Completion, Maybe the End Plan to 'De-Orbit' in 2016 Is Criticized By Joel Achenbach Washington Post Staff Writer Monday, July 13, 2009 http://www.washingtonpost.com/wp-dyn/content/article/2009/07/12/AR2009071201977_pf.html A number of times in recent weeks a bright, unblinking light has appeared in the night sky of the nation's capital: a spaceship. Longer than a football field, weighing 654,000 pounds, the spaceship moved swiftly across the heavens and vanished. Fortunately, it was one of ours. The international space station is by far the largest spacecraft ever built by earthlings. Circling the Earth every 90 minutes, it often passes over North America and is visible from the ground when night has fallen but the station, up high, is still bathed in sunlight. After more than a decade of construction, it is nearing completion and finally has a full crew of six astronauts. The last components should be installed by the end of next year. And then? "In the first quarter of 2016, we'll prep and de-orbit the spacecraft," says NASA's space station program manager, Michael T. Suffredini. That's a polite way of saying that NASA will make the space station fall back into the atmosphere, where it will turn into a fireball and then crash into the Pacific Ocean. It'll be a controlled reentry, to ensure that it doesn't take out a major city. But it'll be destroyed as surely as a Lego palace obliterated by the sweeping arm of a suddenly bored kid. This, at least, is NASA's plan, pending a change in policy. There's no long-term funding on the books for international space station operations beyond 2015. Suffredini raised some eyebrows when, at a public hearing last month, he declared flatly that the plan is to de-orbit the station in 2016. He addressed his comments to a panel chaired by former aerospace executive Norman Augustine that is charged by the Obama administration with reviewing the entire human spaceflight program. Everything is on the table -- missions, goals, rocket design. And right there in the mix is this big, fancy space laboratory circling the Earth from 220 miles up. The cost of the station is both a liability and, paradoxically, a virtue. A figure commonly associated with the ISS is that it will ultimately cost the United States and its international partners about $100 billion. That may add to the political pressure to keep the space laboratory intact and in orbit rather than seeing it plunging back to Earth so soon after completion. "If we've spent a hundred billion dollars, I don't think we want to shut it down in 2015," Sen. Bill Nelson (D-Fla.) told Augustine's committee. Suffredini agrees. "My opinion is it would be a travesty to de-orbit this thing," he said. "If we get rid of this darned thing in 2015, we're going to cede our leadership in human exploration." NASA has a strategy built on President George W. Bush's Vision for Space Exploration, of which a return to the moon is the next great leap. The space station's defenders say it can provide essential research on long-duration spaceflight. Suffredini argues that any long-term exploration of the universe requires an initial step of learning how to survive in space. The best place to do that is close to the Earth, he said. The space station sticks to low Earth orbit. "It's also teaching us how to work together as a world, as a planet," he said. Although there is no official lobbying going on to extend the mission, NASA is conducting a thorough review of the station to see what it would take to certify it as operational through the late 2020s, Suffredini said. Even in the vacuum of space, things break down, get old, wear out. Critics have long derided the orbiting laboratory as a boondoggle. Originally called Space Station Freedom during the Reagan years, it became the international space station when the United States lured Russia into a partnership in 1993, agreeing to alter the orbit of the station to make it pass over the Russian-run space complex in Kazakhstan. That agreement helped keep Russian scientists and engineers employed at a time when the United States feared they would become rogue agents in a chaotic world. The rap on the space station has always been that it was built primarily to give the space shuttle somewhere to go. Now, with the shuttle being retired at the end of 2010, the station is on the spot. U.S. astronauts will be able to reach the station only by getting rides on Russia's Soyuz spacecraft. The station has repeatedly been hit with budget cuts and design modifications. Much of its science funding was cut earlier this decade. A centrifuge had been planned as a crucial scientific component of the station, but it didn't survive the budget axe. Until the end of May, the station had a crew of three, barely enough for housekeeping. NASA officials say there will be important science performed on the station in the years ahead. The last flight of the space shuttle will install on the station a physics experiment called the Alpha Magnetic Spectrometer, which will search for dark matter and antimatter. But a prominent critic of human spaceflight, physicist Robert L. Park of the University of Maryland, said putting astronauts on the space station is akin to "flagpole-sitting." He argues that the station fundamentally lacks a mission. Gentler criticism comes from David Leckrone, senior project scientist for the Hubble Space Telescope, who thinks the station is underutilized. He fears that NASA measures the station's value solely in terms of how it might advance the long-term "Exploration" agenda of returning to the moon, with basic science research as an afterthought. "Whether it was a great investment or not to begin with, having made that investment, I think it's imperative for the United States to extract value -- real, honest-to-God scientific value -- out of that investment," Leckrone said. Park has a different suggestion: "Give it to China. Let them support the damn thing." From rforno at infowarrior.org Mon Jul 13 01:25:53 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 12 Jul 2009 21:25:53 -0400 Subject: [Infowarrior] - New ICANN Chief Defends U.S. Base for Agency That Manages Web Message-ID: <9EA822A0-4A05-45AC-B8F4-3B144EC18519@infowarrior.org> New Chief Defends U.S. Base for Agency That Manages Web By ERIC PFANNER Published: July 12, 2009 http://www.nytimes.com/2009/07/13/technology/internet/13iht-icann13.html?hpw PARIS ? The U.S.-based agency that regulates Internet addresses, facing criticism that it is too America-centric, remains the best guardian of a ?single, unified, global Internet,? according its new chief executive. Rod Beckstrom spoke after he was announced as the next chief executive of the Internet Corporation for Assigned Names and Numbers in June. Rod Beckstrom, a technology entrepreneur and former U.S. government Internet security official, took over this month as head of the Internet Corporation for Assigned Names and Numbers, succeeding Paul Twomey, an Australian. As use of the Internet expands around the world, there have been rising calls for a new way of overseeing some of its basic functions, including the allocation of domain suffixes like .com and .org. This duty, and other important technical functions, have been in the hands of Icann, a private, nonprofit organization based in Marina Del Rey, California, for the past decade, under an agreement with the U.S. Commerce Department. ?There will always be different voices out there, but the ultimate proof that Icann is functioning properly is that the Internet is functioning properly,? Mr. Beckstrom said by telephone last week. One critic of Icann, the European Union media and telecommunications commissioner, Viviane Reding, recently called for a severing of Icann?s links with the U.S. government when the current agreement with the Commerce Department expires this autumn. Instead, she proposed the creation of a ?G-12 for Internet governance? to oversee an independent Icann. ?In the long run, it is not defendable that the government department of only one country has oversight of an Internet function which is used by hundreds of millions of people in countries all over the world,? Ms. Reding said in May. Ms. Reding also called for the creation of an ?independent, international tribunal? to review Icann decisions. Now, any legal challenges generally occur in California courts. ?California law is good law for technology,? Mr. Beckstrom said. He said that at a recent Icann meeting in Sydney, there had been discussion of creating an international subsidiary of the organization, possibly based in Switzerland. But he said he would oppose efforts to fragment Icann. ?Everyone can?t have it their own way and have it unified,? Mr. Beckstrom said. ?Part of the power of the Internet is that the standards that parties have to agree on are so minimal.? Icann has moved over the years to give itself a more international profile, holding three major meetings a year outside the United States. Gatherings are also planned for Seoul in October and Nairobi next March. The organization?s Governmental Advisory Committee, which has representatives from more than 80 countries, has been trying to broaden its membership. China, for instance, recently agreed to rejoin the committee after a five-year absence, Mr. Beckstrom said. Now he is trying to woo another big holdout, Russia. Mr. Beckstrom said he hoped that a plan to allow Internet domain names to be rendered in Cyrillic, set to begin next year, would help. The move to embrace Cyrillic addresses, along with other scripts like Arabic and Chinese, is part of a broader drive by Icann to open up the domain naming system, an initiative that also has its critics. The organization plans to start adding large numbers of new address suffixes, or ?global top-level domains,? next year, making it possible to register city or company names like .paris or .nestle. While Icann says the creation of new addresses will help accommodate the international diversification of the Internet, some companies worry that the process will make it harder to protect their brand names. The Coalition Against Domain Name Abuse, a group based in Washington and representing multinational marketers, says the expansion of domain names could lead to a rise in the practice known as cybersquatting. Joshua Bourne, president of the coalition, called for Icann to ?halt all current or future policy initiatives? until a commission, appointed by the U.S. president or Congress, and consisting of government, academic and business representatives, had reviewed its operations. Mr. Bourne said Icann was too beholden to companies that sell and manage actual domain names on behalf of Web sites. Mr. Beckstrom is no stranger to conflict. In March, he left his previous job, as head of the U.S. National Cyber Security Center, part of the Homeland Security Department, saying he feared the National Security Agency was seeking too much influence at the center. Before that, Mr. Beckstrom was a technology entrepreneur, starting a company in 1984 that created derivatives trading software, which he sold in 1999. He said he intended to take a pragmatic approach to his new job, rather than moving Icann in new directions. ?There is a lot to do,? he said. ?My focus very much is going to be to support the execution of these primary tasks.? From rforno at infowarrior.org Mon Jul 13 01:33:30 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 12 Jul 2009 21:33:30 -0400 Subject: [Infowarrior] - Bush Anti-Terror Policies Get Reluctant Revisit Message-ID: Bush Anti-Terror Policies Get Reluctant Revisit Recent Disclosures Prompt Obama Administration to Rethink Approach to Inquiries By Carrie Johnson and Joby Warrick Washington Post Staff Writers Monday, July 13, 2009 http://www.washingtonpost.com/wp-dyn/content/article/2009/07/12/AR2009071202118_pf.html After trying for months to shake off the legacy of their predecessors and focus on their own priorities, Obama administration officials have begun to concede that they cannot leave the fight against terrorism unexhumed and are reluctantly moving to examine some of the most controversial and clandestine episodes. The acknowledgment came amid fresh disclosures about CIA activity that had been hidden from Congress for seven years, the secrecy surrounding a little-understood electronic surveillance program that operated without court approval, and word that Attorney General Eric H. Holder Jr. favors naming a criminal prosecutor to examine whether U.S. interrogators tortured terrorism suspects. The way ahead for an administration grappling with severe economic trouble and health-care reform is all but certain to prove controversial, and perhaps difficult to contain for leaders who have foundered in their approach to national security policy. Fears expressed by President Obama and his chief of staff, Rahm Emanuel, that looking back at the Bush administration would force the country into divisive arguments won new footing yesterday as conservative lawmakers challenged even small steps that Obama and his attorney general appear on the verge of taking. "What's going to be the positive result from airing out and ventilating details of what we already knew took place and should never have? And we are committed to making sure it never happens again," Sen. John McCain (R-Ariz.) said on NBC's "Meet the Press." "I do not excuse it. I am just saying: What's the effect on America's image in the world? Sen. John Cornyn (R-Tex.) struck a similar chord. "This is a terrible trend. . . . This is high-risk stuff, because if we chill the ability or the willingness of our intelligence operatives and others to get information that's necessary to protect America, there could be disastrous consequences." But civil liberties groups and House Democrats cheered the news as a culmination of months-long efforts to press Obama and his aides to pursue the issue of detainee mistreatment and other legal violations. "It is time to finally confront the gross human rights abuses of the last administration," said Jameel Jaffer, director of the American Civil Liberties Union's National Security Project. "Initiating a criminal investigation is a crucial step towards restoring the moral authority of the United States abroad and restoring the rule of law at home." A senior Justice Department official familiar with Holder's thinking stressed anew yesterday that the attorney general had reluctantly come to lean toward naming a criminal prosecutor from inside the department, after months of reading classified material including a still-secret 2004 CIA inspector general report. The announcement to appoint a prosecutor who may look into whether CIA interrogators operated outside the boundaries set by George W. Bush's Justice Department could come in the next few weeks, perhaps in concert with the release of an ethics report involving Bush lawyers, said the official, who spoke on the condition of anonymity because the process is continuing. Federal law enforcement officials are obliged to investigate possible violations of anti-torture statutes and other criminal laws. That makes it difficult for the Obama administration to ignore material gleaned from watchdog reports, the International Committee of the Red Cross and other sources, former government lawyers said. "Where there are egregious violations, you can't just brush them under the rug," said Sen. Charles E. Schumer (D-N.Y.) on "Meet the Press." "And so I think that the attorney general, to look for some egregious violations, which is what he is doing now, is the right thing to do." Richard J. Durbin (Ill.), the second-highest-ranking Democrat in the Senate, told ABC anchor George Stephanopoulos yesterday that "those who broke the law need to be held accountable. No one is above the law." But by confining any criminal investigation to the narrow issue of CIA interrogators who operated outside legal boundaries, and by ruling out the possibility of criminal charges for lawyers and policymakers, the Obama administration has given itself an argument for forestalling a broader congressional probe likely to be far messier and more public than a traditional law enforcement investigation. Legal experts and former intelligence officials also raised questions about the likelihood of criminal indictments against interrogators. They point out that evidence may have been tainted on the battlefields of Iraq and Afghanistan, and that only one U.S. contractor has been convicted of a crime related to detainee mistreatment. On another front, key Democrats suggested that the Bush White House may have violated laws by urging the CIA to keep secrets from congressional overseers. Dianne Feinstein (Calif.), chairman of the Senate intelligence committee, confirmed that the CIA had withheld information from Congress about a covert counterterrorism program at the request of then-Vice President Cheney. "This is a big problem, because the law is very clear," Feinstein said on "Fox News Sunday." CIA Director Leon E. Panetta informed Congress about the covert program -- the nature of which has never been publicly revealed -- in two classified briefings last month. He said he had only recently learned of the nearly eight-year-old program, and he confirmed that past CIA managers had kept details from Congress at Cheney's request. "If the intelligence committees had been briefed, they could have watched the program," Feinstein said. " . . . That was not the case, because we were kept in the dark." She said the withholding of covert information is "something that should never, ever happen again." The CIA's failure to inform Congress was brought to light last week in letters by several congressional Democrats, including House intelligence committee Chairman Sylvestre Reyes (Tex.). The New York Times, citing unidentified officials, first reported that Panetta had told lawmakers about Cheney's role in keeping the program secret. The revelations have heightened pressure on Obama to begin investigating an array of Bush administration practices. Although Obama halted many practices, his senior advisers have been wary of embracing a congressionally chartered "truth and reconciliation" commission to get to the bottom of the events. Congressional Republicans decried the idea of any inquiry. "Democrats have twisted the facts to fit this piece of fiction and shown their disregard for our most sensitive national security secrets," said Kit Bond (Mo.), ranking Republican on the Senate intelligence panel. Even Feinstein urged caution, saying that an ongoing Senate intelligence inquiry should be finished before a decision is made on the need for further investigation. Republicans and some former high-ranking intelligence officials question whether the CIA was ever obliged to brief Congress on the covert program. Former agency officials have described the program as a technically oriented intelligence- collection effort unrelated to terrorism suspects or the controversial terrorist-surveillance program that came to light in 2005. Sen. Jeff Sessions (R-Ala.) cautioned against jumping to conclusions about whether the CIA's decision to withhold information was appropriate. "I don't know what the facts are. But I believe that Vice President Cheney served his country with as much fidelity as he could possibly give to it," Sessions said on CBS's "Face the Nation." A White House spokesman had no comment on the matter. From rforno at infowarrior.org Mon Jul 13 11:17:43 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 13 Jul 2009 07:17:43 -0400 Subject: [Infowarrior] - So-called cyberattack was overblown Message-ID: So-called cyberattack was overblown by Bruce Schneier July 13, 2009 http://minnesota.publicradio.org/display/web/2009/07/10/schneier/ To hear the media tell it, the United States suffered a major cyberattack last week. Stories were everywhere. "Cyber Blitz hits U.S., Korea" was the headline in Thursday's Wall Street Journal. North Korea was blamed. Where were you when North Korea attacked America? Did you feel the fury of North Korea's armies? Were you fearful for your country? Or did your resolve strengthen, knowing that we would defend our homeland bravely and valiantly? My guess is that you didn't even notice, that - if you didn't open a newspaper or read a news website - you had no idea anything was happening. Sure, a few government websites were knocked out, but that's not alarming or even uncommon. Other government websites were attacked but defended themselves, the sort of thing that happens all the time. If this is what an international cyberattack looks like, it hardly seems worth worrying about at all. Politically motivated cyber attacks are nothing new. We've seen U.K. vs. Ireland. Israel vs. the Arab states. Russia vs. several former Soviet Republics. India vs. Pakistan, especially after the nuclear bomb tests in 1998. China vs. the United States, especially in 2001 when a U.S. spy plane collided with a Chinese fighter jet. And so on and so on. The big one happened in 2007, when the government of Estonia was attacked in cyberspace following a diplomatic incident with Russia about the relocation of a Soviet World War II memorial. The networks of many Estonian organizations, including the Estonian parliament, banks, ministries, newspapers and broadcasters, were attacked and -- in many cases -- shut down. Estonia was quick to blame Russia, which was equally quick to deny any involvement. It was hyped as the first cyberwar, but after two years there is still no evidence that the Russian government was involved. Though Russian hackers were indisputably the major instigators of the attack, the only individuals positively identified have been young ethnic Russians living inside Estonia, who were angry over the statue incident. Poke at any of these international incidents, and what you find are kids playing politics. Last Wednesday, South Korea's National Intelligence Service admitted that it didn't actually know that North Korea was behind the attacks: "North Korea or North Korean sympathizers in the South" was what it said. Once again, it'll be kids playing politics. This isn't to say that cyberattacks by governments aren't an issue, or that cyberwar is something to be ignored. The constant attacks by Chinese nationals against U.S. networks may not be government- sponsored, but it's pretty clear that they're tacitly government- approved. Criminals, from lone hackers to organized crime syndicates, attack networks all the time. And war expands to fill every possible theater: land, sea, air, space, and now cyberspace. But cyberterrorism is nothing more than a media invention designed to scare people. And for there to be a cyberwar, there first needs to be a war. Israel is currently considering attacking Iran in cyberspace, for example. If it tries, it'll discover that attacking computer networks is an inconvenience to the nuclear facilities it's targeting, but doesn't begin to substitute for bombing them. In May, President Obama gave a major speech on cybersecurity. He was right when he said that cybersecurity is a national security issue, and that the government needs to step up and do more to prevent cyberattacks. But he couldn't resist hyping the threat with scare stories: "In one of the most serious cyber incidents to date against our military networks, several thousand computers were infected last year by malicious software -- malware," he said. What he didn't add was that those infections occurred because the Air Force couldn't be bothered to keep its patches up to date. This is the face of cyberwar: easily preventable attacks that, even when they succeed, only a few people notice. Even this current incident is turning out to be a sloppily modified five-year-old worm that no modern network should still be vulnerable to. Securing our networks doesn't require some secret advanced NSA technology. It's the boring network security administration stuff we already know how to do: keep your patches up to date, install good anti-malware software, correctly configure your firewalls and intrusion-detection systems, monitor your networks. And while some government and corporate networks do a pretty good job at this, others fail again and again. Enough of the hype and the bluster. The news isn't the attacks, but that some networks had security lousy enough to be vulnerable to them. Bruce Schneier is a security technologist. His latest book is "Schneier on Security." From rforno at infowarrior.org Mon Jul 13 11:20:21 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 13 Jul 2009 07:20:21 -0400 Subject: [Infowarrior] - Public Pensions Cook the Books Message-ID: Public Pensions Cook the Books Some plans want to hide the truth from taxpayers. By ANDREW G. BIGGS http://online.wsj.com/article/SB124683573382697889.html Here's a dilemma: You manage a public employee pension plan and your actuary tells you it is significantly underfunded. You don't want to raise contributions. Cutting benefits is out of the question. To be honest, you'd really rather not even admit there's a problem, lest taxpayers get upset. What to do? For the administrators of two Montana pension plans, the answer is obvious: Get a new actuary. Or at least that's the essence of the managers' recent solicitations for actuarial services, which warn that actuaries who favor reporting the full market value of pension liabilities probably shouldn't bother applying. Public employee pension plans are plagued by overgenerous benefits, chronic underfunding, and now trillion dollar stock-market losses. Based on their preferred accounting methods -- which discount future liabilities based on high but uncertain returns projected for investments -- these plans are underfunded nationally by around $310 billion. The numbers are worse using market valuation methods (the methods private-sector plans must use), which discount benefit liabilities at lower interest rates to reflect the chance that the expected returns won't be realized. Using that method, University of Chicago economists Robert Novy-Marx and Joshua Rauh calculate that, even prior to the market collapse, public pensions were actually short by nearly $2 trillion. That's nearly $87,000 per plan participant. With employee benefits guaranteed by law and sometimes even by state constitutions, it's likely these gargantuan shortfalls will have to be borne by unsuspecting taxpayers. Some public pension administrators have a strategy, though: Keep taxpayers unsuspecting. The Montana Public Employees' Retirement Board and the Montana Teachers' Retirement System declare in a recent solicitation for actuarial services that "If the Primary Actuary or the Actuarial Firm supports [market valuation] for public pension plans, their proposal may be disqualified from further consideration." Scott Miller, legal counsel of the Montana Public Employees Board, was more straightforward: "The point is we aren't interested in bringing in an actuary to pressure the board to adopt market value of liabilities theory." While corporate pension funds are required by law to use low, risk- adjusted discount rates to calculate the market value of their liabilities, public employee pensions are not. However, financial economists are united in believing that market-based techniques for valuing private sector investments should also be applied to public pensions. Because the power of compound interest is so strong, discounting future benefit costs using a pension plan's high expected return rather than a low riskless return can significantly reduce the plan's measured funding shortfall. But it does so only by ignoring risk. The expected return implies only the "expectation" -- meaning, at least a 50% chance, not a guarantee -- that the plan's assets will be sufficient to meet its liabilities. But when future benefits are considered to be riskless by plan participants and have been ruled to be so by state courts, a 51% chance that the returns will actually be there when they are needed hardly constitutes full funding. Public pension administrators argue that government plans fundamentally differ from private sector pensions, since the government cannot go out of business. Even so, the only true advantage public pensions have over private plans is the ability to raise taxes. But as the Congressional Budget Office has pointed out in 2004, "The government does not have a capacity to bear risk on its own" -- rather, government merely redistributes risk between taxpayers and beneficiaries, present and future. Market valuation makes the costs of these potential tax increases explicit, while the public pension administrators' approach, which obscures the possibility that the investment returns won't achieve their goals, leaves taxpayers in the dark. For these reasons, the Public Interest Committee of the American Academy of Actuaries recently stated, "it is in the public interest for retirement plans to disclose consistent measures of the economic value of plan assets and liabilities in order to provide the benefits promised by plan sponsors." Nevertheless, the National Association of State Retirement Administrators, an umbrella group representing government employee pension funds, effectively wants other public plans to take the same low road that the two Montana plans want to take. It argues against reporting the market valuation of pension shortfalls. But the association's objections seem less against market valuation itself than against the fact that higher reported underfunding "could encourage public sector plan sponsors to abandon their traditional pension plans in lieu of defined contribution plans." The Government Accounting Standards Board, which sets guidelines for public pension reporting, does not currently call for reporting the market value of public pension liabilities. The board announced last year a review of its position regarding market valuation but says the review may not be completed until 2013. This is too long for state taxpayers to wait to find out how many trillions they owe. Mr. Biggs is a resident scholar at the American Enterprise Institute. From rforno at infowarrior.org Mon Jul 13 11:33:01 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 13 Jul 2009 07:33:01 -0400 Subject: [Infowarrior] - MySpace To Become Entertainment Site Message-ID: <04FF3154-6F92-41AE-92AD-05E3201890BA@infowarrior.org> MySpace To Become Entertainment Site Posted: July 13, 2009 at 5:18 am http://247wallst.com/2009/07/13/myspace-to-become-entertainment-site/?utm_source=rss&utm_medium=rss&utm_campaign=rss If at first you don?t succeed, try, try again. MySpace, which has lost the crown as the world?s largest social network to Facebook and fired about a third of its staff will reposition itself as an entertainment destination. It is hard to see why that would work, but MySpace management may be running out of other viable options. According tothe WSJ, ?News Corp. Chief Executive Rupert Murdoch said MySpace needs to be refocused ?as an entertainment portal.? It appears that it will move toward being a site where people share their music play lists and music videos. How will MySpace make money on its new model? That is hard to figure out. Music sharing is already part of the community of people who use Apple (AAPL) iPods and other multimedia devices and peer-to-peer applications loaded onto PCs have similar functions. Even if MySpace can get its members to use the site as an entertainment portal, there is not a clear path to exploiting that to build revenue. Most music lovers download tunes from the Apple ITunes store and similar services provided by large retailers. MySpace has painted itself into a corner and moving into the music business is not going to help it. Douglas A. McIntyre From rforno at infowarrior.org Mon Jul 13 11:49:23 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 13 Jul 2009 07:49:23 -0400 Subject: [Infowarrior] - OpEd: So Many Passwords, So Little Time Message-ID: <2767E64E-1614-491F-915B-DE2E448F0831@infowarrior.org> FINALLYFINALLY! Someone in the MSM illustrates the idiotic lunacy and frustration of frequent password changes being inflicted on the "average" (ie most of 'em) users in the name of "good" (hah!) computer security! -rick So Many Passwords, So Little Time By John Kelly Monday, July 13, 2009 http://www.washingtonpost.com/wp-dyn/content/article/2009/07/12/AR2009071202012.html?hpid=sec-metro Your password will expire in seven days. Do you want to change it now? No. Your password will expire in six days. Do you want to change it now? No. Your password will expire in four days. Do you want to change it now? No . . . Wait, I thought I had five days. I was trying to get your attention. Your password expires in five days. Do you want to change it now? No. Your password will expire in four days. Do you want to change it now? Yes. Really? No. Psych! Your password will expire in three days. Do you want to change it now? No. Your password will expire in two days. Do you want to change it now? Do you like your life? I'm sorry? Do you like your life, which as far as I can tell consists of constantly asking me whether I want to change my password? Does that bring you happiness? First of all, I am a machine. I am not programmed to feel -- or even seek -- happiness. Second, I do not "constantly" ask whether you want to change your password. I commence the password-changing process every 90 days, as stipulated by this firm's cyber-security protocols. No. "No"? "No," what? No, I don't want to change my password. Your password will expire in one day. Do you want to change it now? No. To create new password . . . Wait. What did you say? No. I said no. NO, NO, NO! I don't want to change my password! Do you know how hard it is to come up with a new freaking password every freaking month? Ninety days. Every freaking 90 days?! I just want to sign onto the computer, do my stupid job and go home. Is that too much to ask? Cyber-security protocols require a new password every 90 days to thwart hackers who might compromise corporate data integrity. Fine. Let's do it. To create new password, type new password now. "password" That is not an allowable password. "********" That is not an allowable password Why not? That's what my password looks like when I type it. Eight consecutive asterisks is not an allowable password. Fine. "beatles" That is not an allowable password. Passwords must contain at least one uppercase character. "Beatles" That is not an allowable password. Passwords must contain at least one uppercase character AND at least one number. "Beatles65" That is not an allowable password. Why not? It contains an uppercase character and some numbers. And it's easy for me to remember. It's the title of the Beatles' fifth LP on Capitol Records. Released in December 1964, it contains such classics as "I Feel Fine." In the UK, it was titled "Beatles for Sale." That is your current password. Argh! Do you have any idea how hard it is to come up with a password that meets all your stupid requirements and is easy to remember? It seems like I spend most of my life trying to think up new passwords: at work, for my bank, for the cable company, for Amazon.com, for eBay . . . I can suggest many memorable passwords: XjOkOp987xtl. 93ddmNKop178. {$181}hgf*FC09{lcub}=*gz. Those are horrible! Look, how about you let me keep my password for another 90 days? No one has to know. I promise I'll come up with something good by then. Please, I'm begging you, for the love of Christ, don't make me change my password today. I just don't have it in me. That is not allowed. Cyber-security protocols stipulate that . . . "Cyber-security protocols . . . " Listen to yourself! You're just parroting the party line. That's no way to act! Do you think John Lennon worried about cyber-security protocols? Or Picasso? Or Thoreau? Is being a cog in a machine all you aspire to? Don't you long to create? To dream? To feel a lover's embrace? To hear a mother sing her baby to sleep? To watch fireflies trace glowing lines through the gloaming? To see attack ships on fire off the shoulder of Orion? Your password will expire in one day. Do you want to change it now? Okay, I give up. Yes. Yes, what? Yes, I want to change my password. Yes, what? Yes, PLEASE, I want to change my password. To create new password, type new password now. "ComputerMustDie09" Password changed. From rforno at infowarrior.org Mon Jul 13 12:09:28 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 13 Jul 2009 08:09:28 -0400 Subject: [Infowarrior] - DARPA funding Star Wars "AT-AT" walker tech Message-ID: (cue Darth Vader's theme.......---rf) BigDog - The Most Advanced Rough-Terrain Robot on Earth BigDog is the alpha male of the Boston Dynamics robots. It is a rough- terrain robot that walks, runs, climbs and carries heavy loads. BigDog is powered by an engine that drives a hydraulic actuation system. BigDog has four legs that are articulated like an animal?s, with compliant elements to absorb shock and recycle energy from one step to the next. BigDog is the size of a large dog or small mule; about 3 feet long, 2.5 feet tall and weighs 240 lbs. BigDog's on-board computer controls locomotion, servos the legs and handles a variety of sensors. BigDog?s control system keeps it balanced, navigates, and regulates its energetics as conditions vary. Sensors for locomotion include joint position, joint force, ground contact, ground load, a gyroscope, LIDAR and a stereo vision system. Other sensors focus on the internal state of BigDog, monitoring the hydraulic pressure, oil temperature, engine functions, battery charge and others. In separate tests BigDog runs at 4 mph, climbs slopes up to 35 degrees, walks across rubble, climbs a muddy hiking trail, walks in snow and water, and carries a 340 lb load. BigDog set a world's record for legged vehicles by traveling 12.8 miles without stopping or refueling. The ultimate goal for BigDog is to develop a robot that can go anywhere people and animals can go. The program is funded by the Tactical Technology Office at DARPA. To download a video of BigDog in action, click here. More BigDog videos are available at www.YouTube.com/BostonDynamics. http://www.bostondynamics.com/robot_bigdog.html From rforno at infowarrior.org Mon Jul 13 12:36:24 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 13 Jul 2009 08:36:24 -0400 Subject: [Infowarrior] - Study Measures the Chatter of the News Cycle Message-ID: <499E5D2C-14EA-46AF-A9B7-43FA6E027434@infowarrior.org> July 13, 2009 Study Measures the Chatter of the News Cycle By STEVE LOHR http://www.nytimes.com/2009/07/13/technology/internet/13influence.html?_r=1&hpw=&pagewanted=print For the most part, the traditional news outlets lead and the blogs follow, typically by 2.5 hours, according to a new computer analysis of news articles and commentary on the Web during the last three months of the 2008 presidential campaign. The finding was one of several in a study that Internet experts say is the first time the Web has been used to track ? and try to measure ? the news cycle, the process by which information becomes news, competes for attention and fades. Researchers at Cornell, using powerful computers and clever algorithms, studied the news cycle by looking for repeated phrases and tracking their appearances on 1.6 million mainstream media sites and blogs. Some 90 million articles and blog posts, which appeared from August through October, were scrutinized with their phrase-finding software. Frequently repeated short phrases, according to the researchers, are the equivalent of ?genetic signatures? for ideas, or memes, and story lines. The biggest text-snippet surge in the study was generated by ?lipstick on a pig.? That originated in Barack Obama?s colorful put- down of the claim by Senator John McCain and Gov. Sarah Palin that they were the genuine voices for change in the campaign. Associates of Mr. McCain suggested that the remark was meant as an insult to Ms. Palin. The researchers? data points to an evolving model of news media. While most news flowed from the traditional media to the blogs, the study found that 3.5 percent of story lines originated in the blogs and later made their way to traditional media. For example, when Mr. Obama said that the question of when life begins after conception was ?above my pay grade,? the remark was first reported extensively in blogs. And though the blogosphere as a whole lags behind, a relative handful of blog sites are the quickest to pick up on things that later gain wide attention on the Web, led by Hot Air and Talking Points Memo. The Cornell research, like so much of the data mining on the Web, does raise the issue of whether something is necessarily significant just because it can be measured by a computer ? especially when mouse clicks are assumed to represent broad patterns of human behavior. ?You can see this kind of research as further elevating the role of sound bites,? said Jon Kleinberg, a professor of computer science at Cornell and a co-author of a paper on the research that was presented two weeks ago at a conference in Paris. ?But what we?re doing is more using them as the approximation for ideas and story lines.? ?We don?t view quotes as the most important object, but algorithms can capture quotes,? Mr. Kleinberg said. ?And we see this research as using a rich data set as a step toward understanding why certain points of view and story lines win out, and others don?t.? The paper, ?Meme-tracking and the Dynamics of the News Cycle,? was also written by Jure Leskovec, a postgraduate researcher at Cornell, who this summer will become an assistant professor at Stanford, and Lars Backstrom, a Ph.D. student at Cornell, who is going to work for Facebook. The team has set up interactive displays of their findings at memetracker.org. Social scientists and media analysts have long examined news cycles, though focusing mainly on case studies instead of working with large Web data sets. And computer scientists have developed tools for clustering and tracking articles and blog posts, typically by subject or political leaning. But the Cornell research, experts say, goes further in trying to track the phenomenon of news ideas rising and falling. ?This is a landmark piece of work on the flow of news through the world,? said Eric Horvitz, a researcher at Microsoft and president of the Association for the Advancement of Artificial Intelligence. ?And the study shows how Web-scale analytics can serve as powerful sociological laboratories.? Sreenath Sreenivasan, a professor specializing in new media at the Columbia Journalism School, said the research was an ambitious effort to measure a social phenomenon that is not easily quantified. ?To the extent this kind of approach could open the door to a new understanding of the news cycle, that is very interesting,? he said. A challenge in this kind of research, Mr. Sreenivasan said, will be to account for and model how quickly online news sources and distribution networks are changing. Mr. Sreenivasan pointed to social media, especially the rapidly rising Twitter, as an informal but highly influential news recommendation and distribution network. ?Even from last fall to today, the dynamics of the news cycle are very different, because of Twitter,? he said. From rforno at infowarrior.org Mon Jul 13 13:02:39 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 13 Jul 2009 09:02:39 -0400 Subject: [Infowarrior] - Morgan Stanley Intern, Age 15, Writes Star Analysis Message-ID: <6A5A97B7-0F6D-4BB0-9D2F-BCFCF81FA710@infowarrior.org> See, this is what separates Wall Street "analysts" from "reality" and those whose opinions/insights really count -- ie being out and about in the world, understanding the technology, and not just sequestered at a desk monitoring conference calls and such in their firm's Ivory Tower. :) --rf Morgan Stanley Intern, Age 15, Writes Star Analysis Teens Don't Use Twitter: Morgan Stanley Intern CNBC.com | 13 Jul 2009 | 08:03 AM ET Twitter posts are pointless, adverts don?t work and music should be free. These are some of the striking claims making waves amongst media executives and investors from the pen of a 15-year-old intern at Morgan Stanley. Matthew Robson was asked by the investment bank?s European media analysts to describe the media habits of himself and his friends. The ensuing report was published with the caveat that it was not claiming representation or statistical accuracy. The results have caused some raised eyebrows in the media world as well as some serious concern, as some sectors come out with very bearish analysis. Though many teenagers do not have the income to get advertisers clamoring for their pocket money, their habits can be seen a leading indicator for future media, the note said. Teenagers are consuming more media, but in entirely different ways and are almost certainly not prepared to pay for it, according to Robson. For Free Without Adverts The under 20s are shunning traditional radio for Web sites that stream music for free without adverts, such as last.fm, he wrote. The users can choose what they want to listen to instead of listening to the presenters? picks, he added. Traditional television is also taking a hit, according to Robson, because of the option to visit online streaming services such as BBC iPlayer. Meanwhile, newspapers don?t even get a look in. ?No teenager that I know of regularly reads a newspaper, as most do not have the time and cannot be bothered to read pages and pages of text while they could watch the news summarized on the internet or on TV,? he said. ?The only newspapers that are read are tabloids and freesheets mainly because of cost; teenagers are very reluctant to pay for a newspaper,? he added. Meanwhile, video games have broken out from their core customer base of teenage boys, thanks to the emergence of consoles such as the Nintendo Wii, Robson said. Girls and younger players are consuming more gaming, he said. Games consoles are also being used as a way to connect with friends for free, taking away reliance on phones for chatting and text, he pointed out. Tweets are Pointless Though ?most teenagers are heavily active on a combination of social networking sites ? teenagers do not use twitter,? Robson said. ?Most have signed up to the service, but then just leave it as they release that they are not going to update it ? they realize that no one is viewing their profile, so their ?tweets? are pointless,? he said. Facebook remains popular with teenagers, according to Robson, ?with nearly everyone with an internet connection registered and visiting.? As feared by music retailers, teenagers are very reluctant to pay for music and the majority of them download it illegally from file sharing sites, he said. Cinema groups and concert organizers should be cheered up by the intern?s report, however, as it says that teenagers are willing to dedicate time and money to go and see a good concert or film in the cinema. ? Slideshow: Most Profitable Concert Tours ? Slideshow: Biggest Tech Blunders ? 2009 CNBC.com URL: http://www.cnbc.com/id/31887691/ From rforno at infowarrior.org Tue Jul 14 02:26:35 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 13 Jul 2009 22:26:35 -0400 Subject: [Infowarrior] - State Dept. workers beg Clinton for Firefox Message-ID: US State Dept. workers beg Clinton for Firefox By Cade Metz ? Get more from this author Posted in Government, 13th July 2009 20:11 GMT http://www.theregister.co.uk/2009/07/13/firefox_and_us_state_department/ US State Department workers have begged Secretary of State Hillary Clinton to let them use Firefox. "Can you please let the staff use an alternative web browser called Firefox?" worker bee Jim Finkle asked Clinton during Friday's State Department town hall meeting. "I just moved to the State Department from the National Geospatial Intelligence Agency and was surprised that State doesn?t use this browser. It was approved for the entire intelligence community, so I don?t understand why State can?t use it. It?s a much safer program." Presumably, the State Department is using Microsoft's Internet Explorer. And we wouldn't be surprised if it's still mired in the eight-year-old IE6. The only thing that moves slower than Orange is a US government agency. But the State Department has yet to respond to our questions about its Firefox-less browsing mandate. Finkle's fellow workers responded to his Firefox request with applause. While Clinton responded with bewilderment. "Well, apparently, there?s a lot of support for this suggestion. I don?t know the answer. Pat, do you know the answer?" she said, turning to under Secretary Pat Kennedy. "The answer is, at the moment: It?s an expense question," Kennedy said. Then someone in the audience pointed out that Firefox is free. "Nothing is free," Kennedy responded. "It?s a question of the resources to manage multiple systems. It is something we?re looking at...It has to be administered. The patches have to be loaded. It may seem small, but when you?re running a worldwide operation and trying to push, as the Secretary rightly said, out FOBs [for remote log-ins] and other devices, you?re caught in the terrible bind of triage of trying to get the most out that you can, but knowing you can?t do everything at once." Clinton then told her staff to have a look through their closets. "The more money we can save on stuff that is not cutting edge, the more resources we?ll have to shift to do things that will give us more tools," she said. "[That reminds] me of what I occasionally sometimes do, which I call shopping in my closet, which means opening doors and seeing what I actually already have, which I really suggest to everybody, because it?s quite enlightening. And so when you go to the store and you buy, let?s say, peanut butter and you don?t realize you?ve got two jars already at the back of the shelf ? I mean, that sounds simplistic, but help us save money on stuff that we shouldn?t be wasting money on, and give us the chance to manage our resources to do more things like Firefox, okay?" If the State Department buys less peanut butter, Clinton may even let them use Facebook. During a state department town hall meeting earlier this year, a bigwig at the US embassy in Mexico City told Clinton that the social networking site is a great way to prevent solipsistic stupid people from entering the country. "Facebook, MySpace, and other web 2.0 social networking technologies will significantly enhance the Department?s diplomacy efforts and business goals," he said. "For example, an astute consular officer in Hermosillo recently used Facebook to determine a visa applicant?s ineligibility based on information contained on the applicant?s Facebook page, proving its value as an anti-fraud tool." And Clinton seemed to like the idea. "We?ve got to figure out how we?re going to be smarter about using technology. So I think that?s a great example, the Facebook example. And you know, we might want to follow up on that example, checking out Facebook. For everybody who is applying for a visa, you just should know that the State Department is on the watch here for Facebook." No doubt, the State Department will officially adopt Facebook at about the same time the revenue-challenged site follows Friendster into social networking oblivion. ? From rforno at infowarrior.org Tue Jul 14 11:54:50 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 14 Jul 2009 07:54:50 -0400 Subject: [Infowarrior] - OpEd: NSA's cyber overkill Message-ID: <1164F4D2-B0F9-412A-9CB4-72170A13AB26@infowarrior.org> NSA's cyber overkill A project to safeguard governmental computers, run by the NSA, is too big a threat to Americans' privacy. By Jesselyn Radack July 14, 2009 http://www.latimes.com/news/printedition/opinion/la-oe-radack14-2009jul14,0,6845797.story Cyber security is a real issue, as evidenced by the virus behind July 4 cyber attacks that hobbled government and business websites in the United States and South Korea. It originated from Internet provider addresses in 16 countries and targeted, among others, the White House and the New York Stock Exchange. Unfortunately, the Obama administration has chosen to combat it in a move that runs counter to its pledge to be transparent. The administration reportedly is proceeding with a Bush-era plan to use the National Security Agency to screen government computer traffic on private-sector networks. AT&T is slated to be the likely test site. This classified pilot program, dubbed "Einstein 3," is developed but not yet rolled out. It takes two offenders from President Bush's contentious secret surveillance program and puts them in charge of scrutinizing all Internet traffic going to or from federal government agencies. Despite its name, the Einstein 3 program is more genie than genius -- an omnipotent force (run by the NSA via AT&T's "secret rooms") that does the government's bidding -- spying. The last time around, this sort of scheme was known as the "special access" program -- "special" being code for "unconstitutional." Einstein 3 purportedly is meant to protect government networks from hackers. But cyber-security experts -- such as Babak Pasdar, who blew the whistle on a mysterious "Quantico Circuit" while working for a major service provider -- agree that Einstein 3 offers no intrinsic security value. The program is implemented where servers exchange traffic between one another -- in the heart of a network system rather than at the perimeter, which interfaces with the outside world. This is similar to a home security system that only monitors the central interior of a house, rather than keeping an eye on the actual doors (and the purpose of hackers may simply be to enter). Furthermore, Einstein 3 focuses on collecting, processing and analyzing all person-to-person communications content rather than looking for hacker and malicious software attack patterns directed at government sites and installations -- which should raise eyebrows. The prospect of NSA involvement in secret surveillance should set off alarm bells. The intelligence community lost any benefit of the doubt the last time it collected and read Americans' domestic e-mail messages without court warrants. Einstein 3 is based primarily on covert technologies developed by the NSA for the purposes of wiretapping. The telecom companies also have lost their privacy cred. In a tacit admission that the proposed new program is problematic and possibly illegal, AT&T has sought written assurances from the administration that it will not be legally liable for participating in the program. The company was sued over its role in aiding Bush's electronic eavesdropping on Americans and, along with other telecoms, received retroactive immunity from Congress. Earlier incarnations of the Einstein program observe predetermined signatures (specific patterns of network traffic), but Einstein 3 would look at the content of e-mails and other messages sent over government systems. Moreover, while Einstein 1 and Einstein 2 passively observe information, Einstein 3 technology plans to use "active sensors." This is a tactic used by malware developers and is a popular feature of spyware that clogs up the Internet, slows down PCs and tips off hackers by emitting signals. And most disturbingly, according to the Department of Homeland Security's 2008 "Privacy Impact Assessment," while earlier iterations of Einstein implemented signatures based on malicious computer codes, Einstein 3 could include signatures based on personally identifiable information. The privacy implications are great. Any citizen logging on to a ".gov" website would trigger this. The IRS and other governmental agencies collect sensitive personal information for legitimate and limited purposes. However, strict confidentiality rules apply to that information. Although the Department of Homeland Security, which is managing the program, insists that the "main focus is to identify malicious code," we've heard such empty reassurances before. Media reports indicate that government officials recently acknowledged during closed meetings of the House and Senate Intelligence and Judiciary committees that Americans' e-mails that were improperly gathered or read during Bush's warrantless wiretapping program -- even under the relaxed 2008 intelligence surveillance law -- were not just an "incidental byproduct." According to a former NSA analyst and two intelligence analysts interviewed by the New York Times, the e-mails could number in the millions. Further, a government review of the Bush wiretapping program, released Friday, questioned the effectiveness of the surveillance efforts. President Obama's federalization of many private systems and his adoption of the Bush administration's spying tactics are on a collision course that would expose many Americans' private data and communications to government scrutiny. I suspect that the public would be appalled that a taxpayer's financial information or a patient's medical records would be available to, much less perused by, the NSA. There are far less invasive network defenses that can secure government computing environments, such as upgrading good old- fashioned firewalls and filtering routers. Obama came into office vested with vast new surveillance powers, which he voted for as a senator. Atty. Gen. Eric H. Holder Jr., while strenuously avoiding the word "illegal," called the original Bush snooping "unwise." But instead of trying to put the genie back in the bottle, Obama is considering expanding its power. This is antithetical to basic civil liberties and privacy protections that are the core of a democratic society. Perhaps we can draw a lesson from the real Einstein, who ultimately regretted his role in urging the development of dangerous technology -- the atomic bomb -- and spent the rest of his life advocating against it. Jesselyn Radack is the homeland security director of the Government Accountability Project in Washington. From rforno at infowarrior.org Tue Jul 14 12:36:14 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 14 Jul 2009 08:36:14 -0400 Subject: [Infowarrior] - Report: NSA surveillance program too secret for its own good Message-ID: <387FAB5E-41E9-4304-A01F-633295FD0246@infowarrior.org> Report: NSA surveillance program too secret for its own good The new inspectors' general report on the Presidential Surveillance Program is a doozy, with major political ramifications for both parties. But its biggest implication is that the Bush administration's obsession with keeping its surveillance program a secret seriously hampered the broader intelligence community's ability to use the program's output. http://arstechnica.com/tech-policy/news/2009/07/nsa-program-too-secret.ars By Jon Stokes | Last updated July 14, 2009 12:15 AM CT I've written extensively on the many basic problems that make all government-run, computer-automated mass surveillance programs a waste of taxpayer money. But a new report (PDF) from the Offices of Inspectors General of the Department of Defense, Department of Justice, CIA, NSA, and Office of the Director of National Intelligence shows in some detail how our government took the bad idea of building powerful computers to sniff out a terrorist needle in a digital haystack, then made it even less useful in practice. The new OIG report on the NSA-run Presidential Surveillance Program (PSP), of which the previously revealed warrantless wiretapping program was just a part, contains a number of stunning revelations; I'll go through some of those in subsequent articles. But perhaps the report's greatest value is in the way that it provides a glimpse into how the secrecy-obsessed Bush administration actually sabotaged the NSA's massive, law-free surveillance program by overly restricting intelligence personnel's knowledge of and access to it. In short, the PSP was too secret for its own good. A throat so deep One of the pervading themes of the OIG report is that the PSP was really, really, really secret. It was so secret, in fact, that the president himself picked which non-operational personnel were to be "read into" the program. So if you weren't actually involved in the day-to-day running of the NSA's giant SIGINT vacuum, then the commander-in-chief personally decided whether you should know that it even existed. This extreme level of secrecy posed myriad practical problems when it came to actually using the PSP's output in the day-to-day counter- terror work that goes on at a number of agencies?DHS, CIA, FBI, the National Counterterrorism Center (NCTC), and so on. Almost none of the working-level analysts who might benefit from the PSP's output were allowed to know of the program's existence, so getting that output into those workers' hands meant carefully stripping it of any hints about its provenance, thereby rendering it significantly less valuable. The problem was especially acute at the FBI, which wasn't as widely looped in on the PSP as the CIA (more on the latter, shortly), despite the fact that the Bureau is involved in domestic counter-terrorism. When the few people at the FBI who were in-the-know about PSP's existence got "product" from it, they had to be very careful about what they did with the information, lest some lowly FBI guy in the trenches learn of the existence of the program. But even if FBI agents had known of the existence of PSP and of the origin of some of the tips they were getting, that still wouldn't have been much help. Just ask the CIA, where more people knew about the PSP but still had no idea how it worked. The multibillion-dollar electronic anonymous tipster The CIA seemed to have an easier time dealing with the PSP since more of its people were read into the program, but there were still serious problems. Most of those who had knowledge of the PSP were senior managers and not the working-level personnel who could have made practical use of the PSP's products. The report notes that even for the few working-level CIA folks who were read in, "much of the PSP reporting was vague and without context," so they wound up relying more on other, more familiar and accessible analytical tools and sources. The briefing that CIA folks were given on read-in didn't tell them much about how PSP worked or how to use its products, and without that knowledge the output of the program was of limited intelligence value. Like journalists, CIA officers are trained to consider the source of their incoming information in order to evaluate it by placing it in context. In the case of the PSP, the source was a giant black box?a sort of electronic anonymous tipster who would periodically drop vague, context-free nuggets into the already unmanageably wide inbound information stream that they had to sift each day. This black box problem highlights the key barrier that the PSP's deep secrecy raised to its effectiveness in the war on terror. The output of any information-gathering system will eventually have to be evaluated by a human; but for any human knowledge worker who is tasked with looking for a slender needle of relevance in an overwhelmingly large informational haystack, any additional data that arrives free of context, where the worker doesn't have any understanding of the mechanisms that produced it, is noise, not signal. You can easily imagine that when the NSA tells a CIA analyst, "Here's a tip to add to your pile of things to look into; it comes from our giant, computerized black box, and you have no idea how that box works or how it actually decided that this (potentially vague) tidbit was important," the analyst may prefer instead to tune out that incoming data and to turn instead to the tools and sources he knows. It wasn't just the CIA that ran into the black box problem. According to the OIG report, "NCTC analysts noted that the NSA policy protecting the source of the PSP information would have resulted in them not fully understanding the value of the PSP information." Another widely quoted section of the report bears out this same point: NCTC analysts involved in preparing the threat assessments told the ODNI OIG that only a portion of the PSP information was ever used in the ODNI threat assessments because other intelligence sources were available that provided more timely or detailed information about the al-Qaida threat to the United States. During the interviews, the NCTC analysts noted that PSP information was only one of several valuable sources of intelligence information available to them. In the end, the PSP's secrecy put it at a disadvantage vs. other sources of information that working-level analysts knew and trusted. So when the OIG sought to isolate the impact of the PSP on the nation's intelligence-gathering activities, the best that analysts in one agency after another could tell them was that the PSP product was just one source among many, and a difficult one to use at that. The PSP was shrouded in such deep secrecy partly for operational security reasons, but also because of political considerations. Some of what went on under the auspices of the PSP was later determined to be illegal, and in the next article we'll take a closer look at the darker corners of the program. From rforno at infowarrior.org Tue Jul 14 15:10:06 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 14 Jul 2009 11:10:06 -0400 Subject: [Infowarrior] - Visa's latest "glitch" Message-ID: <305B7CA3-96D3-47C0-BA28-44F49F63B281@infowarrior.org> Unruly Teen Charges $23 Quadrillion At Drugstore By Chris Walters, 10:37 AM on Tue Jul 14 2009, 2,641 views Kids these days! Dale writes, "My lectures about financial responsibility appear to have failed: yesterday [my teenaged daughter] charged $23,148,855,308,184,500.00 at the drug store." You would think Visa would have caught the error and addressed it, if you were high. What Visa actually did was slap a $20 "negative balance" fee on it, of course. http://consumerist.com/5314246/unruly-teen-charges-23-quadrillion-at-drugstore From rforno at infowarrior.org Tue Jul 14 15:12:41 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 14 Jul 2009 11:12:41 -0400 Subject: [Infowarrior] - =?windows-1252?q?Stop_worrying=2C_Hollywood_=96_n?= =?windows-1252?q?obody_is_stealing_your_films_with_mobiles?= Message-ID: <45FC9C9B-B391-4B7B-8AE7-41EDDF84838A@infowarrior.org> Stop worrying, Hollywood ? nobody is stealing your films with mobiles Why are movie studios so concerned at reviewers pirating movies when the data on the mobiles they are asked to hand over is much more sensitive ? and poorly protected? http://www.guardian.co.uk/technology/2009/jul/14/mobile-phones-and-movie-security/print From rforno at infowarrior.org Tue Jul 14 19:26:30 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 14 Jul 2009 15:26:30 -0400 Subject: [Infowarrior] - This has to be a joke... Message-ID: <8EE5C913-27B8-4A33-ADCE-12F81FFB4534@infowarrior.org> Linux for Tweens, anyone? This has to be a joke!! --rf Jul 9 2009 3:14PM GMT New OS game changer: Hannah Montana Linux I try to use Twitter to stay on top of breaking Linux and IT news, but sometimes I run across a gem like this that isn?t necessarily newsworthy, but is quite humorous (or RFLMAO-worthy). Today, following on the heels of the big announcement about Google Chrome, we learned about Hannah Montana Linux (or HML). < - > http://itknowledgeexchange.techtarget.com/enterprise-linux/new-os-game-changer-hannah-montana-linux/ From rforno at infowarrior.org Tue Jul 14 19:29:01 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 14 Jul 2009 15:29:01 -0400 Subject: [Infowarrior] - 3 Reasons Why U.S. Cybersecurity Sucks Message-ID: <74529C72-E4A1-4C30-B820-2E9521A6A391@infowarrior.org> Danger Room What?s Next in National Security 3 Reasons Why U.S. Cybersecurity Sucks ? By Michael Tanji ? July 14, 2009 | ? 8:44 am | ? Categories: Info War http://www.wired.com/dangerroom/2009/07/three-reasons-why-us-cyber-security-sucks/ Good news, cybersecurity nerds: You ain?t running out of work, anytime soon. As last week?s cyber panic about North Korea showed, when there isn?t a teenager-simple denial-of-service attack that delays your access to a government website, there is a voracious hype machine that feeds on the tiniest slivers of data ? both significant and trivial ? and expels massive quantities of fear and misinformation. And where there?s cyber fear, there?s cybersecurity work to be done. It?s sad that this sham is allowed to continue unabated. But worse still, it?s dangerous. Despite the expenditure of tens of billions of dollars and countless studies on what needs to happen (not to mention all the offices, centers and commands, that are supposed to implement those reports), we?re still largely screwed when it comes to threats of the online variety. The problem is multifaceted, but can be broken down into three meta- categories: ? Bulls--t. It?s the North Koreans! It?s the Chinese! It?s the Ruskies out to steal our essence! The one thing you can be sure of is that very few people know who is behind any cyberattack. Code analysis helps to a degree (?Hey, there are some Chinese characters in here!?) but code-reuse is not exactly an unknown phenomenon online. There is no serious attribution methodology, so to some extent everyone is guessing. ? Ineptitude. There are a lot of people working on cybersecurity issues, a lot of people ?managing? these issues, but not a lot of people leading on these issues. Cybersecurity doesn?t lack for brainpower; it lacks the vision, the juice and the intestinal fortitude to realize the vision. When your focus is billets and resources and dollars and org charts (read: management) it?s easy to see why cybersecurity fails. Why? Cyber doesn?t kill, it doesn?t maim, it rarely has negative impact on any scale and when it does it is almost always a readily recoverable event. Managers don?t deal with the nebulous, intangible and anything that involves ?maybe? very well. ? Complexity. The people at Verizon look on bemused when the military talks of achieving information-space dominance, when with the flick of a switch, a technician in overalls and a tool belt can render our digital military might inert. Attack and defense tools are built for computer-based warfare, but planetwide more people access the net with phones than desktops. There has yet to be a study that has looked at these problems in a truly comprehensive manner (read: not dominated by geezers who have other people read and respond to their e-mail). Mostly they?re focused on legacy futures, which is cool if you?re not interested in forward progress. Cybersecurity is a real problem. It has been since computers were invented and connected to one another, but we?re no better off today than we were then. It is not as if we don?t have any lessons learned to draw from. We are in fact worse off because of the extent of our inter-connectedness, and that says a lot more about those who purport to be about enhancing cybersecurity than it does those who are out to subvert it. From rforno at infowarrior.org Wed Jul 15 01:53:14 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 14 Jul 2009 21:53:14 -0400 Subject: [Infowarrior] - Chasing Terrorists (and TV Ratings) Message-ID: Chasing Terrorists (and TV Ratings) By BRIAN STELTER http://nytimes.com/2009/07/14/arts/television/14want.html?pagewanted=print A production company thinks it has found a dramatic new television format for the so-called age of terror: conducting international manhunts for suspected terrorists and war criminals, filming them and selling the finished product to television networks around the world. Its first bidder is NBC News. In just under a week NBC is expected to introduce the series, ?The Wanted,? which has already attracted criticism because of the collaboration between the journalists and the former government operatives they work with. Soon the series may go worldwide: on Monday a distribution company, ShineReveille International, said it had acquired the series for foreign distribution. The series has been criticized by some as an extension of ?To Catch a Predator,? the ?Dateline NBC? franchise that showed police officers and journalists working in concert to catch possible sex offenders when they tried to meet minors. Some have even pre-emptively labeled the series ?To Catch a Terrorist.? Last winter the Department of Homeland Security warned that NBC?s pursuit of a Maryland college professor on genocide charges could hurt the ability of law enforcement officials to enact actual, as opposed to televised, justice. But NBC and the producers have brushed aside those concerns. NBC has called ?The Wanted? a ?groundbreaking television event? that would show an elite team of investigators pursuing accused criminals living in the open and avoiding justice. An online promotion for the program suggests that it will have cinematic qualities, including sweeping shots from helicopters and a command center for the team. In a mostly low-rated season of summer programming, the ratings for ?The Wanted? will be closely watched after it has its premiere on Monday at 10 p.m. Eastern time. A second episode is scheduled one week later; four more episodes have been filmed. ?The truth is the real weapon in this redefining news series that follows a Navy Seal, a Green Beret and a dedicated reporter as they hunt down war criminals and terrorists from around the world,? the production company, Echo Ops, says in its promotional materials. The Green Beret and the member of the Seals are retired. They are cast members who conduct surveillance and hold mock intelligence briefings on the program, alongside Adam Ciralsky, an NBC News producer, and David Crane, a former chief prosecutor of an international war crimes tribunal in Sierra Leone. Mr. Crane praised the series for tackling cases of possible criminals who are ?living normal lives under the protection of a domestic law and are trying to avoid justice.? ?We?re just here to seek justice for people that have been so victimized by international terrorists,? Mr. Crane said in a telephone interview on Monday. It is the ?we? ? the cooperation between the former intelligence officers and NBC News ? that has raised red flags among a number of veteran journalists, including some within NBC. They say they find it troubling that ?The Wanted? blurs the boundaries between government agents and supposedly impartial journalists. Lucy Dalglish, the executive director of the Reporters Committee for Freedom of the Press, asked simply, ?Is this supposed to be journalism?? Mr. Ciralsky, a former C.I.A. lawyer and ?60 Minutes? producer, has worked for more than a year on the series. On the program he is repeatedly visible during the televised manhunts, saying on camera during one of the stakeouts, ?I have eyes on him from the back.? The documentary filmmaker Charlie Ebersol, son of Dick Ebersol, the chairman of NBC Sports, is an executive producer alongside Mr. Ciralsky. Jane E. Kirtley, a professor of media ethics and law at the University of Minnesota, said she was stunned that NBC would use some of the same tactics that led to the harsh criticism of the ?Predator? series. One of the accused sex offenders committed suicide as the police and cameras approached his home in 2006; NBC settled a lawsuit from the man?s family last year. Ms. Kirtley said that when she first learned of the new program, she ?thought it was something that The Onion was doing as satirical summer silliness,? referring to the satirical newspaper. She said she worried that Mr. Ciralsky would be perceived not as a reporter but as a government representative. The series could ?play into the hands of those who say that there is no such thing as independent journalism in the U.S., that everybody who?s working abroad is working in concert with the U.S. government,? she said. Mr. Crane said he believed it was very appropriate for Mr. Ciralsky to work hand in hand with the former intelligence officers. ?It?s a team effort,? he said. By licensing the program from Echo Ops, NBC may be able to sidestep some of the legal and ethical questions that followed ?To Catch a Predator.? An NBC News spokeswoman said that ?The Wanted? followed the news division?s ethical guidelines to the letter. The network declined requests to interview the executive producers of ?The Wanted? on Monday. But Mr. Ciralsky told The Associated Press, ?The people who?ve called it ?To Catch a War Criminal,? they?ve never seen the show.? David Corvo, an executive producer at NBC News, said in a news release that ?we hope this program sheds light on an overlooked story.? NBC said the episode on Monday would follow Mullah Krekar, the founder of Ansar al-Islam, an organization that the United States government classified in 2003 as being a terrorist group ?with close links to and support from Al Qaeda.? The network said viewers would be shown surveillance operations in the man?s neighborhood in Oslo. The next week, the team moves to Germany to follow Mamoun Darkazanli, a man suspected of providing logistical and financial support to Al Qaeda. Mr. Crane said the program highlighted ?the worst of the worst.? NBC has said that the Maryland professor may be featured in a forthcoming episode of ?The Wanted.? The Department of Homeland Security had no comment on Monday about the series. The plans for worldwide distribution of the series by ShineReveille added another wrinkle on Monday. Ben Silverman, co-chairman of NBC Entertainment, had owned the Reveille portion of the company until this year. Elisabeth Murdoch, a daughter of the News Corporation chairman Rupert Murdoch, is the chairwoman of the Shine Group, ShineReveille?s parent company. ?We?re always on the lookout for high-caliber, cutting-edge programming that plays so well across international markets,? the distributor?s president, Chris Grant, said in a statement. ?This gripping series, which takes viewers to the front lines of the war on terror, fits the bill perfectly.? From rforno at infowarrior.org Wed Jul 15 11:32:09 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 15 Jul 2009 07:32:09 -0400 Subject: [Infowarrior] - PayPal shuts down HFC Message-ID: <11899B54-DD24-4E37-A0C3-B2F975823532@infowarrior.org> (h/t jericho) PayPal shuts us down http://www.hackersforcharity.org/259/paypal-shuts-us-down/ I had a subscription system running under WP-MEMBER for about a year before that software flaked out on me. Multiple domains caused problems that were irreconcilable. I had donations for our work in Africa coming in (not through wp-member) and a few hundred subscribers to Informer through wp-member. All said, when I switched to Suma, I had 10,000$US in my personal paypal account. That was my family?s support money as well as money for our food program in Kenya. So I shopped around and picked up Suma. In the process, we had to switch to a business account (although I don?t understand why?wp- member was happily doing recurring payments without a business account). That?s when all hell broke loose. Paypal required a proof of non-profit status (we?re not a non-profit yet, no 501c3 paperwork from IRS) which we don?t have (I selected the wrong box I guess) a printed bank statement (harder to get than you might realize, being overseas) which because a REAL problem because the account was in my name, not the business name and other information. Because I couldn?t provide some of the info (501c3 paper) and the other info (bank stuff) took a LONG time, PayPal restricted my account, meaning my subscription payments are bouncing, and I can?t transfer money out of my account. PayPal has frozen my assets. We have no source of income beyond the car money we just spent in Kampala on Monday. I may very well have to return to Kampala and get the car payment money back to live off of. We are stranded financially and physically without a vehicle because of PayPal. I?ve called (Contact PayPal Customer Support toll-free at 1-888-221-1161) to lift the restrictions, but they tell me to email service. Emailing service is ridiculous, and a week goes by between responses. Last I got from them was that I couldn?t talk to them because I emailed from an address that wasn?t on the PayPal account. So I had to create another email account, and try again (a painful process). Now they are telling me that the bank info I provided isn?t correct because the bank account isn?t in the business name. Now I have to switch bank accounts in PayPal (again, overseas, less that dial-up, VERY HARD), get another statement to them and hope they accept it. At that point they will probably deny me again because I haven?t sent them the 501c3 papers. I asked to switch to a for-profit account (even though we?re not) through the ?PayPal resolution center? but have received no response. This would remove the requirement for the 501c3 paperwork, but I have no faith in this process because everything submitted to the resolution center must be in a graphic format (png, jpg, etc) and I was forced to take a screen cap of a text document explaining my case. (I mean seriously??) Nothing from them on switching to a for-profit account. I?d love to go back to having a personal account, but I can?t even imagine how I would request that, how long it would take, or if it would even be possible, The bottom line is PayPal has frozen my assets (which aren?t theirs.. how can they do this?) including all the support money my family is relying on. I?ve spent hours on the phone (on hold) to PayPal at approximately 30 cents a minute to try to get this resolved only to be told to use email. I?m considering legal action over this. HFC is at a complete standstill. We can not order shirts for the conference. Subscriptions are bouncing. Informer is down. Subscribers are (rightly) pissed because they don?t have what they?ve paid for. I can?t order the items for the DEFCON auction. There are too many problems to list here. The biggest is that PayPal has locked down my family?s survival money. I have no clue what to do at this point. Does the EFF have any leverage? I can?t tell you how tempted I am to just turn to the dark side here and? From rforno at infowarrior.org Wed Jul 15 11:46:33 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 15 Jul 2009 07:46:33 -0400 Subject: [Infowarrior] - MidEast Blackberry Update Spies on Users Message-ID: Researcher: Middle East Blackberry Update Spies on Users ? By Kim Zetter ? July 14, 2009 | ? 8:04 pm | http://www.wired.com/threatlevel/2009/07/blackberry-spies/ A Blackberry update that a United Arab Emirates service provider pushed out to its customers contains U.S.-made spyware that would allow the company or others to siphon and read their e-mail and text messages, according to a researcher who examined it. The update was billed as a ?performance enhancement patch? by the UAE- based phone and internet service provider Etisalat, which issued the patch for its 100,000 subscribers. The patch only drew attention after numerous users complained that it drained their Blackberry battery and slowed performance, according to local publication ITP. Nigel Gourlay, a Qatar-based programmer who examined the patch, told ITP that the patch contained ?phone-home? code that instructed the Blackberries to contact a server to register. But once the patch was installed, thousands of devices tried to contact the server simultaneously, crashing it and causing their batteries to drain. ?When the BlackBerry cannot register itself, it tries again and this causes the battery drain,? he said, noting that the spyware wouldn?t have drawn any attention if the company had simply configured the registration server to handle the capacity. The spying program in the patch is switched off by default on installation, but switching it on would be a simple matter of pushing out a command from the server to any device, causing the device to then send a copy of the user?s subsequent e-mail and text messages to the server. The spyware appears to have been developed by a U.S. company, which markets electronic surveillance software. Gourlay obtained source code for the patch after someone posted it on a Blackberry forum. He said the code contained the name ?SS8.com,? which belongs to a US-based company that, according to its web site, provides surveillance solutions for ?lawful interception? to ISPs, law enforcement and intelligence agencies around the world. Neither Etisalat nor SS8 could be reached for comment. From rforno at infowarrior.org Wed Jul 15 17:44:39 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 15 Jul 2009 13:44:39 -0400 Subject: [Infowarrior] - TSA screeners caught stealing electronics Message-ID: <89517D88-712A-47F6-8113-9D091F7B1898@infowarrior.org> Sting nabs sticky-fingered JFK airport workers going through luggage http://www.nydailynews.com/news/ny_crime/2009/07/15/2009-07-15_sting_nabs_stickyfingered_jfk_airport_workers_going_through_luggage.html?print=1&page=all BY Wil Cruz DAILY NEWS STAFF WRITER Wednesday, July 15th 2009, 4:00 AM A sting captured by security cameras nabbed two sticky-fingered airport workers who swiped electronics planted by authorities, officials said. Brian Burton, 27, and Antwon Simmons, 26, stole a laptop and cell phone from the decoy luggage as it moved through Kennedy Airport, Port Authority officials said. "When air travelers check their luggage with an airline, there is an implicit trust that their bags and their contents will meet them at their destination," said Queens District Attorney Richard Brown. "The defendants are accused of betraying that trust." Burton, an officer with the Transportation Security Administration, was videotaped July 7 pilfering through the Miami-bound suitcase in an airport screening room while Simmons, a baggage handler, looked on. The thieves also switched the luggage tags, hoping to conceal their handiwork, officials said. The suitcase was a trap set by the Transportation Security Administration and Delta Air Lines. They stuffed the luggage with a lap top, an iPod and two cell phones, prosecutors said. The pilfering pair - who had been on cops' radar, a source said - took the bait, failing the so-called integrity test. Burton, of Queens, and Simmons, of Brooklyn, were awaiting arraignment last night on charges of grand larceny, possession of stolen property and falsifying business records. They face up to four years in prison if convicted. Read more: http://www.nydailynews.com/news/ny_crime/2009/07/15/2009-07-15_sting_nabs_stickyfingered_jfk_airport_workers_going_through_luggage.html?print=1&page=all#ixzz0LLpoGKHt &C From rforno at infowarrior.org Wed Jul 15 18:16:02 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 15 Jul 2009 14:16:02 -0400 Subject: [Infowarrior] - More on....PayPal shuts down HFC References: <11899B54-DD24-4E37-A0C3-B2F975823532@infowarrior.org> Message-ID: <6C183EAF-3821-4153-B582-E010AD0782F6@infowarrior.org> (c/o Anonymous) Update: PayPal corrects situation: http://www.hackersforcharity.org/265/paypal-makes-good/ Begin forwarded message: > From: Richard Forno > Date: July 15, 2009 7:32:09 AM EDT > To: Infowarrior List > Subject: PayPal shuts down HFC > > (h/t jericho) > > PayPal shuts us down > > http://www.hackersforcharity.org/259/paypal-shuts-us-down/ > > I had a subscription system running under WP-MEMBER for about a year > before that software flaked out on me. Multiple domains caused > problems that were irreconcilable. I had donations for our work in > Africa coming in (not through wp-member) and a few hundred > subscribers to Informer through wp-member. All said, when I switched > to Suma, I had 10,000$US in my personal paypal account. That was my > family?s support money as well as money for our food program in Kenya. > So I shopped around and picked up Suma. In the process, we had to > switch to a business account (although I don?t understand why?wp- > member was happily doing recurring payments without a business > account). That?s when all hell broke loose. Paypal required a proof > of non-profit status (we?re not a non-profit yet, no 501c3 paperwork > from IRS) which we don?t have (I selected the wrong box I guess) a > printed bank statement (harder to get than you might realize, being > overseas) which because a REAL problem because the account was in my > name, not the business name and other information. Because I > couldn?t provide some of the info (501c3 paper) and the other info > (bank stuff) took a LONG time, PayPal restricted my account, meaning > my subscription payments are bouncing, and I can?t transfer money > out of my account. > > PayPal has frozen my assets. We have no source of income beyond the > car money we just spent in Kampala on Monday. I may very well have > to return to Kampala and get the car payment money back to live off > of. We are stranded financially and physically without a vehicle > because of PayPal. > > I?ve called (Contact PayPal Customer Support toll-free at > 1-888-221-1161) to lift the restrictions, but they tell me to email > service. Emailing service is ridiculous, and a week goes by between > responses. Last I got from them was that I couldn?t talk to them > because I emailed from an address that wasn?t on the PayPal account. > So I had to create another email account, and try again (a painful > process). > > Now they are telling me that the bank info I provided isn?t correct > because the bank account isn?t in the business name. Now I have to > switch bank accounts in PayPal (again, overseas, less that dial-up, > VERY HARD), get another statement to them and hope they accept it. > > At that point they will probably deny me again because I haven?t > sent them the 501c3 papers. > > I asked to switch to a for-profit account (even though we?re not) > through the ?PayPal resolution center? but have received no > response. This would remove the requirement for the 501c3 paperwork, > but I have no faith in this process because everything submitted to > the resolution center must be in a graphic format (png, jpg, etc) > and I was forced to take a screen cap of a text document explaining > my case. (I mean seriously??) Nothing from them on switching to a > for-profit account. > > I?d love to go back to having a personal account, but I can?t even > imagine how I would request that, how long it would take, or if it > would even be possible, > > The bottom line is PayPal has frozen my assets (which aren?t > theirs.. how can they do this?) including all the support money my > family is relying on. > > I?ve spent hours on the phone (on hold) to PayPal at approximately > 30 cents a minute to try to get this resolved only to be told to use > email. I?m considering legal action over this. > > HFC is at a complete standstill. We can not order shirts for the > conference. Subscriptions are bouncing. Informer is down. > Subscribers are (rightly) pissed because they don?t have what > they?ve paid for. I can?t order the items for the DEFCON auction. > There are too many problems to list here. The biggest is that PayPal > has locked down my family?s survival money. > > I have no clue what to do at this point. > > Does the EFF have any leverage? I can?t tell you how tempted I am to > just turn to the dark side here and? From rforno at infowarrior.org Wed Jul 15 18:38:35 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 15 Jul 2009 14:38:35 -0400 Subject: [Infowarrior] - BlackBerry Spyware Dissected Message-ID: <0D107D26-EF5C-4A89-82D6-6A7ADC8FFDC6@infowarrior.org> http://www.veracode.com/blog/2009/07/blackberry-spyware-dissected/ BlackBerry Spyware Dissected by Chris Eng July 15, 2009 < - > Lots of code analysis here < - > The most alarming part about this whole situation is that people only noticed the malware because it was draining their batteries. The server receiving the initial registration packets (i.e. ?Here I am, software is installed!?) got overloaded. Devices kept trying to connect every five seconds to empty the outbound message queue, thereby causing a battery drain. Some people were reporting on official BlackBerry forums that their batteries were being depleted from full charge in as little as half an hour. The final thing to mention is that the spyware does appear to be installed in a non-running state by default, where it?s not actually exfiltrating data once the initial registration packet has gone out. However, using the command and control mechanism we described earlier, the carrier can remotely start/stop the service at will on a per- device basis. From rforno at infowarrior.org Thu Jul 16 04:07:21 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 16 Jul 2009 00:07:21 -0400 Subject: [Infowarrior] - Epic Fail: Twitter Password Security Message-ID: Another Security Tip For Twitter: Don?t Use ?Password? As Your Server Password 116 Comments by Robin Wauters on July 15, 2009 With all the chatter about the current security issues surrounding Twitter, its workforce and the cloud-based Google apps they use, a new security issue has popped up that makes it trivially easy for anyone to access the Twitter servers directly. The problem? The password to the servers was, literally, ?password.? Twitter co-founder Biz Stone, responding to our email, said ?this bug allowed access to the search product interface only. No personally identifiable user information is accessible on that site.? Although no user accounts were compromised or accessible, the vulnerability speaks to a greater culture of lax security at the startup, and may be indicative of how earlier breaches possibly occurred. With that in mind, we have some friendly advice for Twitter. For instance, it would be wise if in the future Twitter insiders do not use the password ?password? for the back ends of its systems or one of its co-founder?s names (Jack) as a username. http://www.techcrunch.com/2009/07/15/another-security-tip-for-twitter-dont-use-password-as-your-passwo See also: July 16, 2009 Twitter Hack Raises Flags on Security By CLAIRE CAIN MILLER and BRAD STONE http://www.nytimes.com/2009/07/16/technology/internet/16twitter.html?_r=1&pagewanted=print From rforno at infowarrior.org Thu Jul 16 04:07:33 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 16 Jul 2009 00:07:33 -0400 Subject: [Infowarrior] - Twitter Hack Raises Flags on Security Message-ID: July 16, 2009 Twitter Hack Raises Flags on Security By CLAIRE CAIN MILLER and BRAD STONE http://www.nytimes.com/2009/07/16/technology/internet/16twitter.html?_r=1&pagewanted=print SAN FRANCISCO ? You might think your password protects the confidential information stored on Web sites. But as Twitter executives discovered, that is a dangerous assumption. The Web was abuzz Wednesday after it was revealed that a hacker had exposed corporate information about Twitter after breaking into an employee?s e-mail account. The breach raised red flags for individuals as well as businesses about the passwords used to secure information they store on the Web. On Web sites containing personal information like e-mail, financial data or documents, there is usually just a user name and password for protection. More individuals are storing information on Web servers, where it is accessible from any online computer through services offered by Google, Amazon, Microsoft, social networks like Facebook or back-up services like Mozy. But password-protected sites are growing more vulnerable because to keep up with the growing number of passwords, people use the same simple ones on numerous sites across the Web. In a study last year, Sophos, a security firm, found that 40 percent of Internet users use the same password for every Web site they access. The attack on Twitter highlights the problem. For its internal documents, the company uses the business version of Google Apps, a service that Google offers to individuals free. Google Apps provides e- mail, word processing, spreadsheets and calendars over the Web. The content is stored on Google?s servers, which can save time and money and enable employees to work together on documents at the same time. But it also means that the security is only as good as the password. A hacker who breaks into one person?s account can access information shared by friends, family members or colleagues, which is what happened at Twitter. The Twitter breach occurred about a month ago, Twitter said. A hacker calling himself Hacker Croll broke into an administrative employee?s e- mail account and gained access to the employee?s Google Apps account, where Twitter shares spreadsheets and documents with business ideas and financial details, said Biz Stone, a Twitter co-founder. The hacker then sent documents about company plans and finances, confidential contracts, and job applicants to two tech news blogs, TechCrunch, in Silicon Valley, and Korben, in France. There was also personal information about Twitter employees including credit card numbers. The hacker also broke into the e-mail account of the wife of Evan Williams, Twitter?s chief executive, and from there accessed several of Mr. Williams? personal Internet accounts, including those at Amazon and PayPal, Mr. Stone said. TechCrunch revealed documents showing that Twitter, a private company that so far has no revenue, projected that it will reach a billion users and $1.54 billion in revenue by 2013. Michael Arrington, TechCrunch?s founder, said in an interview that the hacker had also sent him detailed strategy documents about potential business models, the competitive threat from Facebook and when the company might be acquired. Some analysts say the breach highlights how dangerous it can be for people and companies to store confidential documents on Web servers, or ?in the cloud.? But Mr. Stone said that the attack ?isn?t about any flaw in Web apps,? but rather about a bigger issue that affects individuals and businesses alike. ?It speaks to the importance of following good personal security guidelines such as choosing strong passwords,? he said. Instead of circumventing security measures, it appears that the Twitter hacker managed to correctly answer the personal questions that Gmail asks of users to reset the password. ?A lot of the Twitter users are pretty much living their lives in public,? said Chris King, director of product marketing at Palo Alto Networks, which creates firewalls. ?If you broadcast all your details about what your dog?s name is and what your hometown is, it?s not that hard to figure out a password.? Security experts advise people to use unique, complex passwords for each Web service they use and include a mix of numbers and letters. Free password management programs like KeePass and 1Password can help people juggle passwords for numerous sites. Andrew Storms, director of security operations for nCircle, a network security company, suggested choosing false answers to the security questions like ?What was your first phone number?? or making up obscure questions instead of using the default questions that sites provide. (Of course, that presents a new problem of remembering the false information.) For businesses, Google allows company administrators to set up rules for password strength and add additional authentication tools like unique codes. The Twitter hacker claims to have wanted to teach people to be more careful. In a message to Korben, the hacker wrote that his attack could make Internet users ?conscious that no one is protected on the Net.? From rforno at infowarrior.org Thu Jul 16 11:31:31 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 16 Jul 2009 07:31:31 -0400 Subject: [Infowarrior] - Apple Newspeak Message-ID: Quoth Apple in the iTunes 8.2.1 Release Notes: "iTunes 8.2.1 provides a number of important bug fixes and addresses an issue with verification of Apple devices," How very innocuous-sounding. We don't like 'issues' with our gizmos, do we? But what does this mean, exactly? Apple To Palm: It's On. The Pre Is Locked Out Of iTunes http://www.businessweek.com/technology/ByteOfTheApple/blog/archives/2009/07/apple_to_palm_i.html On the device front, Apple is sounding more and more like RIAA/MPAA The Next Generation. For shame. -rf From rforno at infowarrior.org Thu Jul 16 15:36:02 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 16 Jul 2009 11:36:02 -0400 Subject: [Infowarrior] - French Minister: Wish I Pirated More, Using Two ISPs Message-ID: <01CF59CF-7F04-420C-83DF-6FC77ADE4EEF@infowarrior.org> New French Culture Minister: Wish I Pirated More, Using Two ISPs To Avoid Getting Cut Offfrom the um,-wow dept Didn't expect this one. With France pushing forward yet again with a three strikes law, Laurent GUERBY points us to the news that France's new culture minister, Fredic Mitterand has said that he wished he downloaded more unauthorized content (translated by Google from French) and that he got two internet connections, just in case he got cut off by a three strikes law. He also admits that his son downloads unauthorized content often. That's probably not what the entertainment industry wanted to hear. http://techdirt.com/articles/20090716/0134095563.shtml From rforno at infowarrior.org Thu Jul 16 19:30:10 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 16 Jul 2009 15:30:10 -0400 Subject: [Infowarrior] - Spy Memo Author to America: No Apologies for Tapping You Message-ID: <61F45B25-64E1-4C2A-B289-058FA1B06519@infowarrior.org> Threat Level Privacy, Crime and Security Online Spy Memo Author to America: No Apologies for Tapping You ? By Kim Zetter ? July 16, 2009 | ? 12:57 pm | ? Categories: Surveillance http://www.wired.com/threatlevel/2009/07/yoo-defends-spying/ Former Justice Department lawyer John Yoo is fighting back against a recent inspectors general report that criticized the Bush administration?s warrantless surveillance programs established in the wake of the September 11 attacks on the World Trade Center. ?The best way to find an al Qaeda operative is to look at all e-mail, text and phone traffic between Afghanistan and Pakistan and the U.S.,? Yoo wrote in a Wall Street Journal op-ed Thursday, ?This might involve the filtering of innocent traffic, just as roadblocks and airport screenings do.? Yoo was responding to a report released last week by five inspectors general from several agencies who questioned the government?s legal grounds for launching the programs without approval from the Foreign Intelligence Surveillance Court. The IG?s stopped short of calling the programs illegal but criticized the flawed memos that Yoo authored, which offered the government legal justification for its actions. Yoo was a deputy assistant attorney general in the DoJ?s Office of Legal Counsel when the Bush administration tapped him to write the classified memos as an end-run around his Justice Department superiors. The memos have been slammed by congressional representatives and fellow Justice Department officials for misinterpreting the law in order to grant the government de-facto approval for powers it had already secretly seized. In his response, Yoo accused the inspectors general of forgetting their U.S. history and of playing to the media-stoked ?politics of recrimination.? He argued that in wartime, the president should have almost unlimited power. Yoo, who is currently a law professor at the University of California, Berkeley, cited past presidents who seized the same kinds of power in times of war, and said that the nature of the 9/11 attacks called for swift action, which would have been thwarted had the administration followed legal procedures for surveillance. The government has only admitted to date that it eavesdropped on phone calls and e-mails where one party was overseas and one party was suspected of being an agent of Al Qaeda or other terrorist group. It has never acknowledged the accounts from whistleblowers that it conducted wholesale collection of domestic internet communications and phone records, although officials have publicly hinted that there were surveillance programs beyond the eavesdropping on phone calls. The IG report also states that the government?s terrorist surveillance program involved multiple projects. In his defense of the Bush administration?s actions, Yoo took inspiration from the actions of former President Franklin Roosevelt who, prior to the U.S. joining World War II, authorized the FBI to intercept domestic and international communications of persons ?suspected of subversive activities.? ?FDR did not hesitate long over a 1937 Supreme Court opinion (United States v. Nardone) interpreting federal law to prohibit electronic surveillance without a warrant,? Yoo writes. ?Indeed, he continued to authorize the surveillance even after Congress rejected proposals from his attorney general, Robert Jackson, to authorize national security wiretapping without a warrant.? Yoo, however, does not address why, if the government had historical precedence on its side, it needed to seek approval for its plan from him, while keeping his immediate boss, as well as then-Attorney General John Ashcroft, in the dark about the program. Yoo?s direct supervisor, Assistant Attorney General Jay Bybee, told the inspectors general that he was not ?read into? the surveillance program and had no idea how Yoo ?became the White House?s guy? to advise it on serious constitutional matters. Attorney General John Ashcroft also did not learn details about the program until later. In 2003, other Justice Department lawyers who read Yoo?s memos found them seriously flawed, and said his descriptions of the programs didn?t accurately represent the nature of the surveillance the government was doing. This led to a now-famous showdown at the hospital bedside of Attorney General John Ashcroft as the administration tried desperately to keep the Justice Department from shutting down a datamining surveillance project. FBI director Robert Mueller and Deputy Attorney General James Comey threatened to resign over the program unless it was brought under compliance with the law. The inspectors general report criticized Yoo?s memos particularly for ignoring the Foreign Intelligence Surveillance Act, known as FISA, which requires the Justice Department to seek approval from the FISA Court for domestic national security surveillance. Yoo, however, said FISA was an obsolete law that hadn?t been written ?with live war with an international terrorist organization in mind.? ?It is absurd to think that a law like FISA should restrict live military operations against potential attacks on the United States,? he said, saying that the 9/11 Commission had found that ?FISA?s wall between domestic law enforcement and foreign intelligence proved dysfunctional and contributed to our government?s failure to prevent the 9/11 attacks.? The wall Yoo refers to, however, was not a product of FISA but of the Justice Department itself, which the Commission found had, under former Attorney General Janet Reno, interpreted procedures to separate domestic law enforcement investigations from foreign intelligence national security investigations too rigidly, which prevented intelligence agencies from sharing crucial information with the FBI and others that might have helped prevent the 2001 terrorist attacks. Photo: AP/Susan Walsh From rforno at infowarrior.org Thu Jul 16 20:20:32 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 16 Jul 2009 16:20:32 -0400 Subject: [Infowarrior] - RIAA secrecy request denied Message-ID: <785C273F-0DFC-4B01-8716-71D4AEA6CBDD@infowarrior.org> Judge rejects RIAA attempt to keep revenue information secret in SONY v. Tenenbaum In SONY BMG Music Entertainment v. Tenenbaum, the Court granted so much of the RIAA's protective order motion as sought confidentiality of third-party licensing agreements, but denied so much of the motion as sought to keep the revenue information secret: Judge Nancy Gertner: Electronic ORDER entered granting in part and denying in part [870] Motion for Protective Order: The Plaintiffs' Motion for a Protective Order [870] is GRANTED in part and DENIED in part. The Proposed Protective Order (document # 870-2) sweeps far more broadly than the two categories of materials described in the Plaintiffs' motion: (1) the revenue figures ordered disclosed in the Court's June 30, 2009 Electronic Order; and (2) a small subset of contracts relating to the copyrights' chain of title. Indeed, the proposed order would permit either party to designate any materials disclosed in discovery in this case "Confidential" -- even retroactively. With respect to the revenue figures, the Court does not comprehend how disclosure would impair the Plaintiffs' competitive business prospects when three of the four biggest record labels in the world -- Warner Bros. Records, Sony BMG Music Entertainment, and UMG Recording, Inc. -- are participating jointly in this lawsuit and, presumably, would have joint access to this information. The Court declines to bring these materials within a protective order. It will, however, order the second set of documents, which implicate the business interests of third-party artist-owned companies, shielded from disclosure. These documents shall be marked "Confidential" by the Plaintiffs, shall be used solely for the purpose of preparation and trial of this litigation, and shall be disclosed only to the parties, counsel and their employees, actual or potential experts and consultants, and witnesses. They shall not be publicly disclosed, in whole or in part, by any means. (Gertner, Nancy) http://recordingindustryvspeople.blogspot.com/#4339289599624797949 From rforno at infowarrior.org Fri Jul 17 01:46:26 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 16 Jul 2009 21:46:26 -0400 Subject: [Infowarrior] - Hilarious Treasury Dept Solicitation Message-ID: <9EB431C1-0459-4B45-A0A4-7E9CDA53D826@infowarrior.org> This is so sad it's funny. Which I guess means if I feel that way I should submit a proposal. Un-believable. :( Let me try a few on you: "So three guys walk into a bar; they're from Bear Stearns, Lehman Brothers, and Merril Lynch...." "Geithner and Bernanke sitting in a tree....." "Helicopter Ben had to return to base and reload - he ran out of hundreds to drop on the country...." Sorry, couldn't resist. :) -rf https://www.fbo.gov/index?s=opportunity&mode=form&id=3014e950a92dbb0f7e066f9e088a301f Humor In The Workplace Solicitation Number: RFI-BPD-09-0028 Agency: Department of the Treasury Office: Bureau of the Public Debt (BPD) Location: Division of Procurement Jul 09, 2009 11:28 am Solicitation Number: RFI-BPD-09-0028 Notice Type: Sources Sought Synopsis: Added: Jul 09, 2009 11:28 am This is a sources sought notice and not a request for quotations. The purpose of this announcement is to seek qualified contractors with the capability to provide presentations for The Department of Treasury, Bureau of the Public Debt (BPD), Management Meeting with experience in meeting the objectives as described herein. The Contractor shall conduct two, 3-hour, Humor in the Workplace programs that will discuss the power of humor in the workplace, the close relationship between humor and stress, and why humor is one of the most important ways that we communicate in business and office life. Participants shall experience demonstrations of cartoons being created on the spot. The contractor shall have the ability to create cartoons on the spot about BPD jobs. The presenter shall refrain from using any foul language during the presentation. This is a business environment and we need the presenter to address a business audience. Upon completion of the course, participants shall be able to: ? Understand the importance and power of humor in the workplace in a responsible manner ? How to use talents in a creative way that adds humor to everyday experiences ? Alleviate stress in home and the office ? Know how and why humor is important to communication ? Improve work-place relationships ? Prevent burn-out From rforno at infowarrior.org Fri Jul 17 11:29:11 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 17 Jul 2009 07:29:11 -0400 Subject: [Infowarrior] - Twitter 'popularity' as job requirement Message-ID: <6E489C85-9B1B-4C81-8947-766967101BE3@infowarrior.org> Uh huh. Okay. Yeah, good idea. You're recruiting for retail salesfolks, not Cult Leaders. -rick How many Twitter followers does it take to get a job? By Jennifer Kavur , Computerworld Canada , 07/10/2009 Your online popularity might be as valuable to your career as a post- grad education. A recent job posting on Best Buy?s Web site prefers candidates with a graduate degree and at least 250 followers on Twitter A recent job posting on Best Buy Co Inc.?s Web site for a Senior Manager ? Emerging Media Marketing position based out of the company?s corporate headquarters in Richfield, Minn. listed two preferred job qualifications: a graduate degree and 250+ followers on Twitter. < - > http://www.networkworld.com/news/2009/071009-how-many-twitter-followers-does.html From rforno at infowarrior.org Fri Jul 17 11:32:49 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 17 Jul 2009 07:32:49 -0400 Subject: [Infowarrior] - Another insane UK security process Message-ID: False Positives and the Database State http://www.antipope.org/charlie/blog-static/2009/07/false_positives.html There is, in the UK (as elsewhere) a prevailing climate of paranoia about adults interacting with children. In an attempt to be seen to Do Something, in the wake of a particularly gruesome multiple murder, the British government established a new agency, the Independent Safeguarding Authority, "to help prevent unsuitable people from working with children and vulnerable adults." Working with the Criminal Records Bureau, the ISA "will assess every person who wants to work or volunteer with vulnerable people. Potential employees and volunteers will need to apply to register with the ISA." For a fee of ?64 you apply to the ISA for a background check. They then certify that you're not an evil paedophile and a threat to society, and issue you with a piece of paper that says you're allowed to interact with children in a specific role. Want multiple roles ? driving kids to school in your taxi, and teaching them karate in the evening? ? get multiple certificates. Authors need to get a certificate before they can visit schools to deliver readings. MPs need a background check, it seems, before they can visit schools. (Usually the employer is responsible for getting the certificate; hilarity ensues when it transpires that MPs aren't actually employed by Parliament ...) As you can imagine, the authors are upset. As Philip Pullman puts it, "It seems to be fuelled by the same combination of prurience, sexual fear and cold political calculation," the author of the bestselling His Dark Materials trilogy said today. "When you go into a school as an author or an illustrator you talk to a class at a time or else to the whole school. How on earth ? how on earth ? how in the world is anybody going to rape or assault a child in those circumstances? It's preposterous." He's completely right, in my opinion. But the situation is worse than he imagines. I'm not going to apply for a CRB check ? ever. And not because I'm a criminal. (My sum total of negative interaction with the law over the past 44 years has amounted to two speeding tickets, most recently six years ago.) Nor am I outraged at the privacy thing. (I'm used to the idea that we live in a panopticon.) What I'm worried about is the problem of false positives. Even the simplest of databases have been found to contain error rates of 10%. (The HMRC database in this study contains merely first, second and surname, title, sex, data of birth, address and National Insurance number ? nevertheless 10% of the records contain errors.) Other agencies are even more prone to mistakes. For example: my wife recently discovered that our GP's medical records showed her as having been born outside the UK rather than in an NHS hospital in Manchester. We don't know why that error's in the system, and we've got the birth certificate and witnesses to prove that it is an error, but imagine the fun that might ensue if the control freaks in Whitehall decided to enforce record sharing between the NHS and the Immigration Agency ...! (Hopefully they're not that stupid, but who can tell?) The point is, if 10% of government database records contain an error, than the probability of a sweep of databases coming up with an error rises as you consult more sources. And there are a whole bundle of wonderful ways for errors to show up. If your name and date of birth are the same as someone with heavy criminal record, a CRB check could label you as a bad guy. If your social security number is one digit transposition away from $BAD_GUY, see above. If the previous owner of your house was a child abuser, see above. If your street address is one letter/digit away from a street address occupied by a criminal and some bored clerk mis-typed it, you can end up being conflated with somebody else. And the more sources the CRB checks, the higher the probability of a false positive result ? that is, of them obtaining a positive result (subject is a criminal) when in fact the subject is a negative. This is not a hypothetical worry. As of last November, the CRB had falsely identified more than 12,000 people as criminals, according to the Home Office. (Raw parliamentary answer here.) These are the disputes that were upheld, that is, ones where the falsely mis- identified were able to convince the CRB that their record was incorrect. These are false positives which have been conclusively identified as such. While the identified false positive rate is around 0.1%, the true figure is certainly much higher: because there will be a proportion of individuals identified as false positives who are in the unfortunate position of lacking the documentation to prove their innocence. I expect the ISA will be returning many false positives, because they're looking in multiple places for evidence of misbehaviour, and the more places they look in, the more likely they are to stumble across corrupt database records that are superficially incriminating. The harder they look for evidence of misdeeds, the likelier they are to find them (even if no such misdeeds took place). I'm not going near that thing with a barge-pole. The nature of the precautionary bureaucracy we're establishing in the UK is such that flags raised by the ISA will almost inevitably be propagated elsewhere through the police and social security system, sooner or later. I'm probably as safe as ISA background check applicant can be, because I've got a unique name, no criminal record (beyond the aforementioned speeding tickets), and the previous owners of everywhere I've lived in the past 20 years have been pillars of respectability. However, even an 0.1% chance of being branded as Evil? is too damn high, because the personal cost if you fail an ISA check is potentially enormous going forward. I assume that in the near future, failing an ISA check will itself be something that people are required to disclose on job applications ? not to mention ending up in current police intelligence databases. To put it in perspective, that 0.1% probability of being on the receiving end of a false positive is of the same order as the risk of being seriously injured in a road traffic accident at some time in one's life. So I won't be doing any readings in schools, or work with youth groups, in the forseeable future. Sorry ? but it's too dangerous. From rforno at infowarrior.org Fri Jul 17 11:45:43 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 17 Jul 2009 07:45:43 -0400 Subject: [Infowarrior] - The Moon We Left Behind Message-ID: The Moon We Left Behind By Charles Krauthammer Friday, July 17, 2009 http://www.washingtonpost.com/wp-dyn/content/article/2009/07/16/AR2009071603486.html?hpid=opinionsbox1 Michael Crichton once wrote that if you told a physicist in 1899 that within a hundred years humankind would, among other wonders (nukes, commercial airlines), "travel to the moon, and then lose interest . . . the physicist would almost certainly pronounce you mad." In 2000, I quoted these lines expressing Crichton's incredulity at America's abandonment of the moon. It is now 2009 and the moon recedes ever further. Next week marks the 40th anniversary of the first moon landing. We say we will return in 2020. But that promise was made by a previous president, and this president has defined himself as the antimatter to George Bush. Moreover, for all of Barack Obama's Kennedyesque qualities, he has expressed none of Kennedy's enthusiasm for human space exploration. So with the Apollo moon program long gone, and with Constellation, its supposed successor, still little more than a hope, we remain in retreat from space. Astonishing. After countless millennia of gazing and dreaming, we finally got off the ground at Kitty Hawk in 1903. Within 66 years, a nanosecond in human history, we'd landed on the moon. Then five more landings, 10 more moonwalkers and, in the decades since, nothing. To be more precise: almost 40 years spent in low Earth orbit studying, well, zero-G nausea and sundry cosmic mysteries. We've done it with the most beautiful, intricate, complicated -- and ultimately, hopelessly impractical -- machine ever built by man: the space shuttle. We turned this magnificent bird into a truck for hauling goods and people to a tinkertoy we call the international space station, itself created in a fit of post-Cold War internationalist absentmindedness as a place where people of differing nationality can sing "Kumbaya" while weightless. The shuttle is now too dangerous, too fragile and too expensive. Seven more flights and then it is retired, going -- like the Spruce Goose and the Concorde -- into the Museum of Things Too Beautiful and Complicated to Survive. America's manned space program is in shambles. Fourteen months from today, for the first time since 1962, the United States will be incapable not just of sending a man to the moon but of sending anyone into Earth orbit. We'll be totally grounded. We'll have to beg a ride from the Russians or perhaps even the Chinese. So what, you say? Don't we have problems here on Earth? Oh, please. Poverty and disease and social ills will always be with us. If we'd waited for them to be rectified before venturing out, we'd still be living in caves. Yes, we have a financial crisis. No one's asking for a crash Manhattan Project. All we need is sufficient funding from the hundreds of billions being showered from Washington -- "stimulus" monies that, unlike Eisenhower's interstate highway system or Kennedy's Apollo program, will leave behind not a trace on our country or our consciousness -- to build Constellation and get us back to Earth orbit and the moon a half-century after the original landing. Why do it? It's not for practicality. We didn't go to the moon to spin off cooling suits and freeze-dried fruit. Any technological return is a bonus, not a reason. We go for the wonder and glory of it. Or, to put it less grandly, for its immense possibilities. We choose to do such things, said JFK, "not because they are easy, but because they are hard." And when you do such magnificently hard things -- send sailing a Ferdinand Magellan or a Neil Armstrong -- you open new human possibility in ways utterly unpredictable. The greatest example? Who could have predicted that the moon voyages would create the most potent impetus to -- and symbol of -- environmental consciousness here on Earth: Earthrise, the now iconic Blue Planet photograph brought back by Apollo 8? Ironically, that new consciousness about the uniqueness and fragility of Earth focused contemporary imagination away from space and back to Earth. We are now deep into that hyper-terrestrial phase, the age of iPod and Facebook, of social networking and eco-consciousness. But look up from your BlackBerry one night. That is the moon. On it are exactly 12 sets of human footprints -- untouched, unchanged, abandoned. For the first time in history, the moon is not just a mystery and a muse, but a nightly rebuke. A vigorous young president once summoned us to this new frontier, calling the voyage "the most hazardous and dangerous and greatest adventure on which man has ever embarked." And so we did it. We came. We saw. Then we retreated. How could we? letters@ charleskrauthammer.com From rforno at infowarrior.org Fri Jul 17 13:21:16 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 17 Jul 2009 09:21:16 -0400 Subject: [Infowarrior] - New Pirate Bay Will Become a Pay Site Message-ID: <1673E04E-B2EF-46D1-8400-EF96FA4A15AE@infowarrior.org> New Pirate Bay Will Become a Pay Site Written by Ernesto on July 16, 2009 http://torrentfreak.com/new-pirate-bay-will-become-a-pay-site-090716/ After Global Gaming Factory (GGF) announced its intention to buy The Pirate Bay, the public was left wondering what the site?s future would look like. Today it was confirmed that sharing on the new site will come with a cost, as the new owners plan to charge the users of the site a monthly fee. Thus far the plans revealed by GGF concerning the future of the site and tracker have been rather vague and uncertain. However, today the freshly appointed Wayne Rosso - who has previous experience with failing P2P services - came out with a few crucial additional details on the site?s future business model. For years The Pirate Bay?s users have been able to share files without censorship or charges, but this is all about to change. Rosso said that under the new management, the 3.7 million Pirate Bay users (or whatever userbase remains) will have to pay a monthly fee to access the site. The money collected from user subscriptions and advertising revenue will then be used to pay off the copyright holders. The exact monthly fee is yet to be decided, but Rosso did confirm that the more files people share, the lower it will be. ?The more of your computer resources you contribute to the network, the less you pay down to zero,? Rosso told Cnet. ?The user is in control.? In addition, GGF hopes to cut deals with ISPs. ?We hope to introduce a new BitTorrent technology that will optimize ISP traffic,? Rosso said. ?We can save ISPs up to 80 percent of their resources. Half of the Internet traffic is file sharing and half of that traffic is Pirate Bay.? Rosso conveniently fails to mention that a Pirate Bay where users have to pay for access will not be generating much traffic at all, so this part of GGF?s business model has to be rethought. BitTorrent does not depend on The Pirate Bay, and new trackers have already lined up to take over its job. Details about the actual acquisition of The Pirate Bay are still scarce. Pirate Bay?s Peter Sunde told TorrentFreak that GGF will get the domain names for thepiratebay (under all the tlds they exist) and a copy of the code and the database. If all goes well the transfer of ownership will take place at the end of July. GGF has to raise $7.8 million in funding in order to buy the site. After that, the share holders - who?ve seen a drop in the stock price after the announced buy-out - have to vote in favor of the deal. From rforno at infowarrior.org Fri Jul 17 18:13:16 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 17 Jul 2009 14:13:16 -0400 Subject: [Infowarrior] - Music industry wants cut of Pirate Bay sale Message-ID: <9D2D12E2-0648-47D3-8CBB-D32ACE40BB2A@infowarrior.org> Music industry wants cut of Pirate Bay sale by Greg Sandoval http://news.cnet.com/8301-1023_3-10288495-93.html The music industry will attempt to seize money paid to acquire the Pirate Bay, according to a high-level music industry source and a spokesman for the International Federation of the Phonographic Industry (IFPI), the trade group representing the music industry worldwide. Global Gaming Factory, a Swedish software company, made big news two weeks ago by announcing that it would acquire the Pirate Bay, the popular outlaw file-sharing site, for $7.8 million. Since then the company has been touting a new business model and even hiring executives, such as Wayne Rosso, the former Grokster president, to legally obtain content from film and music industries. What remains to be seen is how that sale might be affected by attempts by the music industry to collect the $3.6 million damages that a court in Sweden awarded it in April. The court found the four operators of the Pirate Bay--Fredrik Neij, Gottfrid Svartholm Warg, Peter Sunde Kolmisoppi, and Carl Lundstr?m--guilty of copyright violations and sentenced each to a year in jail. The court also ordered them to pay 30 million Swedish kronor ($3.6 million). Alex Jacob, a spokesman for the IFPI, said that the group has always intended to collect the damages award, but now, should the sale go through, music execs know that the original Pirate Bay operators have access to the money. Whether these attempts to seize part of the proceeds could hold up a sale remain unclear. The first thing to remember is that the sale isn't yet done. According to a press release, Global Gaming's offer is to pay half of the $7.8 million in cash and the other half in the company's stock. To finance the deal, Global Gaming must issue new shares and to do that it needs the blessing of investors and board of directors. Any acquisition isn't expected to be finalized before August, the company said. On the other side, the Pirate Bay's founders have said that they haven't owned the company for years. "We never had any interest in earning money from the Pirate Bay," Peter Sunde told Dagens Nyheter, a Swedish newspaper. "We haven't owned TPB since the search and seizure in 2006... Those who will get the money, friends in a foreign company, have agreed as a condition to put the money in a foundation for future internet projects." The legal adviser for Global Gaming has said that the Pirate Bay is owned by a company in the Seychelles called Reservella. Jacob, from the IFPI, says it makes no difference who owns the Pirate Bay. He said: "The judge found the four operators guilty and ordered them to pay the damages." That's who the IFPI will try to get the money from. CNET News intern Mats Lewan contributed to this report. From rforno at infowarrior.org Fri Jul 17 18:35:27 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 17 Jul 2009 14:35:27 -0400 Subject: [Infowarrior] - Some E-Books Are More Equal Than Others Message-ID: <221BE081-CCFD-4141-B0B5-9279FEE294DE@infowarrior.org> http://pogue.blogs.nytimes.com/2009/07/17/some-e-books-are-more-equal-than-others/ July 17, 2009, 12:57 pm Some E-Books Are More Equal Than Others This morning, hundreds of Amazon Kindle owners awoke to discover that books by a certain famous author had mysteriously disappeared from their e-book readers. These were books that they had bought and paid for?thought they owned. But no, apparently the publisher changed its mind about offering an electronic edition, and apparently Amazon, whose business lives and dies by publisher happiness, caved. It electronically deleted all books by this author from people?s Kindles and credited their accounts for the price. This is ugly for all kinds of reasons. Amazon says that this sort of thing is ?rare,? but that it can happen at all is unsettling; we?ve been taught to believe that e-books are, you know, just like books, only better. Already, we?ve learned that they?re not really like books, in that once we?re finished reading them, we can?t resell or even donate them. But now we learn that all sales may not even be final. As one of my readers noted, it?s like Barnes & Noble sneaking into our homes in the middle of the night, taking some books that we?ve been reading off our nightstands, and leaving us a check on the coffee table. You want to know the best part? The juicy, plump, dripping irony? The author who was the victim of this Big Brotherish plot was none other than George Orwell. And the books were ?1984? and ?Animal Farm.? From rforno at infowarrior.org Sat Jul 18 02:03:57 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 17 Jul 2009 22:03:57 -0400 Subject: [Infowarrior] - Amazon backtracks on Kindle deletions Message-ID: (Anyone care to bet when the next round of 'deletions' occurs for some other newfound licensing reason? --rf) Amazon Says It Will Stop Deleting Kindle Books By deleting two unauthorized Orwell books from the Kindle devices of readers who had purchased them, Amazon highlighted how poorly real world expectations apply to the digital world. By Thomas Claburn InformationWeek July 17, 2009 07:57 PM http://www.informationweek.com/news/personal_tech/drm/showArticle.jhtml?articleID=218501227 Amazon (NSDQ: AMZN) on Thursday began e-mailing a few hundred owners of its Kindle reading device to explain that it had deleted electronic copies of the George Orwell's "Animal Farm" and "1984" and had refunded the $0.99 purchase price. The company's virtual book burning has prompted howls of derision across the Internet and spurred impassioned discussion on Amazon's Kindle forums. "This is precisely the functional equivalent of Barnes & Noble -- or Amazon itself for that matter -- using a crowbar or lock pick to break into your home or business, then stealing back a previous physical book purchase, replacing it with the equivalent value in cash," said privacy advocate Lauren Weinstein in an e-mail message posted to the Interesting People mailing list. "The irony that the two books involved were 'Animal Farm' and '1984' is just too much," said Fred Von Lohmann, staff attorney for the Electronic Frontier Foundation. The incident, he said, highlighted the gap in understanding about rights in the digital world and the real world. "There's an enormous difference between buying a book and buying a tethered media device. And this incident really underscores that fact. Consumers carry with them analog expectations." Von Lohmann said that it's not clear from the Kindle license agreement that Amazon has the right delete purchased content. "I don't see that many loopholes," he said. He notes that Kindle license agreement states, "Amazon grants you the non-exclusive right to keep a permanent copy of the applicable Digital Content and to view, use, and display such Digital Content an unlimited number of times..." "They say you don't own it but they don't say they can take it away," he said. Amazon's grant of rights, however is made conditional on the company's authorization. And the qualification "applicable Digital Content" could arguably exclude digital content that Amazon isn't legally authorized to provide. The contract also states, "Amazon reserves the right to modify, suspend, or discontinue the Service at any time, and Amazon will not be liable to you should it exercise such right." It defines "the Service" to include "provision of digital content." Amazon says that that the books in question were added to its catalog using the company's self-service platform by a third-party who did not have the rights to the books. And it says it will no longer delete books in this manner. "When we were notified of this by the rights holder, we removed the illegal copies from our systems and from customers' devices, and refunded customers," the company said in an e-mailed statement. "We are changing our systems so that in the future we will not remove books from customers' devices in these circumstances." Von Lohmann believes the Federal Trade Commission may be interested in Amazon's actions. He said the government agency has been looking into situations in which people who bought music protected by a digital rights management system find themselves denied access to their music when the service shuts down. If Kindle books are rentals, he said, they should be described that way. "The Kindle gives you the sense that you are buying the book," he said. From rforno at infowarrior.org Sat Jul 18 02:07:09 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 17 Jul 2009 22:07:09 -0400 Subject: [Infowarrior] - Walter Cronkite Dies At 92 Message-ID: July 17, 2009 Walter Cronkite Dies At 92 http://www.cbsnews.com/stories/2009/07/17/eveningnews/main5170556.shtml?tag=breakingnews Legendary news anchor Walter Cronkite has passed away in New York at the age of 92. His journalistic career covered such historic events as the coronation of Queen Elizabeth, the assassination of JFK and the first man on the moon. Walter Cronkite, who personified television journalism for more than a generation as anchor and managing editor of the "CBS Evening News," has died. CBS vice president Linda Mason says Cronkite died at 7:42 p.m. Friday with his family by his side at his home in New York after a long illness. He was 92. Known for his steady and straightforward delivery, his trim moustache, and his iconic sign-off line -"That?s the way it is" - Cronkite dominated the television news industry during one of the most volatile periods of American history. He broke the news of the Kennedy assassination, reported extensively on Vietnam and Civil Rights and Watergate, and seemed to be the very embodiment of TV journalism. Special Section: Walter Cronkite: 1916-2009 "Cronkite came to be the sort of personification of his era," veteran PBS Correspondent Robert McNeil once said. "He became kind of the media figure of his time. Very few people in history, except maybe political and military leaders, are the embodiment of their time, and Cronkite seemed to be." At one time, his audience was so large, and his image so credible, that a 1972 poll determined he was "the most trusted man in America" - surpassing even the president, vice president, members of Congress and all other journalists. In a time of turmoil and mistrust, after Vietnam and Watergate, the title was a rare feat - and the label stuck. "For decades, Walter Cronkite was the most trusted voice in America," said President Barack Obama in a statement. "His rich baritone reached millions of living rooms every night, and in an industry of icons, Walter set the standard by which all others have been judged." Mr. Obama said that Cronkite calmly shared the world's news while never losing his integrity. "But Walter was always more than just an anchor," Mr. Obama said. "He was someone we could trust to guide us through the most important issues of the day; a voice of certainty in an uncertain world. He was family. He invited us to believe in him, and he never let us down. This country has lost an icon and a dear friend, and he will be truly missed." Cronkite's achievements were remarkable for a man whose beginnings were anything but remarkable. Walter Leland Cronkite was born in St. Joseph, Missouri on November 4, 1916, the only child of a dentist father and homemaker mother. When he was still young, his family moved to Texas. One day, he read an article in "Boys Life" magazine about the adventures of reporters working around the world - and young Cronkite was hooked. He began working on his high school newspaper and yearbook and, in 1933, he entered the University of Texas at Austin to study political science, economic and journalism. He never graduated. He took a part time job at the Houston Post, left college to do what he loved: report. After working as a general assignment reporter for the Post and a sportscaster in Oklahoma City, Cronkite got a job in 1939 working for United Press. He went to Europe to cover World War II as part of the "Writing 69th," a group of reporters who found themselves covering some of the most important developments in the war, including the D- Day invasion, bombing missions over Germany, and later, the Nuremburg war trials. In 1940, he married Mary Elizabeth Maxwell - known as "Betsy" - and for the next six decades she was the dutiful reporter?s wife, enduring sometimes long separations while he covered the world, and raising three children. Cronkite once wrote about her: ''I attribute the longevity of our marriage to Betsy's extraordinary keen sense of humor, which saw us over many bumps (mostly of my making), and her tolerance, even support, for the uncertain schedule and wanderings of a newsman." While working for the UP, Cronkite was offered a job at CBS by Edward R. Murrow - and he turned it down. He finally accepted a second offer in 1950, and stepped into the new medium of television. In the early '50s, it was a medium many of the "serious" journalists at CBS and elsewhere viewed with skepticism, if not disdain. Radio and print, they contended, were for real reporters; television was for actors or comedians. At first, it seemed an unlikely fit. Walter Cronkite, with his serious demeanor and unpretentious style - honed by his years of unvarnished reporting at UP - was named host of "You Are There" in which key moments of history were recreated by actors. Cronkite was depicted on camera interviewing "Joan of Arc" or "Sigmund Freud." But somehow, he managed to make it believable. The young director of the series, Sidney Lumet said he picked Cronkite for the job because "the premise of the series was so silly, so outrageous, that we needed somebody with the most American, homespun, warm ease about him." During his early years at CBS, Cronkite was also named host of "The Morning Show" on CBS, where he was paired with a partner: a puppet named Charlemagne. But he distinguished himself with his coverage of the 1952 and 1956 political conventions and as narrator of the documentary series "Twentieth Century." In 1961, CBS named him the anchor of the "CBS Evening News" - a 15 minute news summary anchored for several years by Douglas Edwards. At the time, the broadcast lived in the long shadow cast by NBC?s Huntley-Brinkley Report, the most popular television newscast in the country. Expectations for the Cronkite newscast were not high. But in 1963, the broadcast was expanded to 30 minutes - and Cronkite won a title for which he had long campaigned, Managing Editor. The added time gave the broadcast more depth and variety, and the title gave Cronkite more influence over the content and coverage. And it came at a significant time. In September of that year, Cronkite launched the expanded program with an extended interview with President John F. Kennedy. Two months later, it was Cronkite who broke into the soap opera "As The World Turns" to announce that the president had been shot - and later to declare that he had been killed. It was a defining moment for Cronkite, and for the country. His presence - in shirtsleeves, slowly removing his glasses to check the time and blink back tears - captured both the sense of shock, and the struggle for composure, that would consume America and the world over the next four days. Cronkite?s audience began to grow - but not quickly enough for network executives who, in 1964, decided to try an anchor team at the conventions - Robert Trout and Roger Mudd - to rival Chet Huntley and David Brinkley at NBC. Cronkite was not happy about the change, and viewer reaction was swift. Over 11,000 letters poured in protesting the switch. Network executives never tried that again. In 1966, The CBS Evening News began to overtake the Huntley-Brinkley report in the ratings, and in 1967 it took the lead. It remained there until Cronkite?s retirement in 1981. They were years filled with astonishing change - and indelible history. In 1968, Cronkite returned from visiting Vietnam and declared on television:"It seems now more certain than ever that the bloody experience of Vietnam is a stalemate." President Lyndon Johnson, on hearing that, reportedly said, "If I?ve lost Cronkite, I?ve lost America." Not long after, Johnson declared his intention not to run for re-election. That same year saw the assassinations of Martin Luther King, Jr. and Robert F. Kennedy - two more shocking moments that bound the country together through the medium of television. Once again, as he had five years earlier, Cronkite was the steadying force during a time of national sorrow. "It's a kind of chemistry," former Johnson aide and CBS News commentator Bill Moyers once said. "The camera either sees you as part of the environment or it rejects you as an alien body, and Walter had 'it,' whatever 'it' was." One of Cronkite?s enthusiasms was the space race. And in 1969, when America sent a man to the moon, he couldn?t contain himself. "Go baby, go!," he said, as Apollo XI took off. He ended up performing what critics described as"Walter to Walter" coverage of the mission - staying on the air for 27 of the 30 hours that Apollo XI took to complete its mission. Cronkite even managed to have a surprising influence on world affairs. In 1977, he interviewed Egyptian President Anwar El-Sadat, who told Cronkite that, if invited, he?d go to Jerusalem to meet with Prime Minister Menachem Begin. The move was unprecedented. The next day, Begin invited Sadat to Jerusalem for talks that eventually led to the Camp David accords and the Israeli-Egyptian treaty. In 1981, Cronkite announced he would retire at the age of 65, to make way for a new anchor in the chair, Dan Rather. A commentator in the New Republic said it was like "George Washington leaving the dollar bill." There were so many requests for interviews, eventually all of them were turned down. In retirement, Cronkite kept busy with other projects - a short-lived magazine program on CBS called "Walter Cronkite's Universe," a few documentaries, plus a seat on the CBS board of directors. He spent a considerable amount of time at his summer home in Martha?s Vineyard, sailing the boat he named for his wife, "The Betsy." And he wrote his autobiography, "A Reporter?s Life," published in 1996. In 2005, Cronkite?s wife Betsy died after a battle with cancer. His two daughters and son survive him. While Cronkite kept a lower profile in his later years, he did make a significant contribution to the "CBS Evening News with Katie Couric": it is his voice that has been used during the opening of the broadcast since its debut in 2006, bridging generations and signifying the newscast?s strong link to its storied past. As Cronkite said on March 6, 1981, concluding his final broadcast as anchorman: "Old anchormen, you see, don't fade away, they just keep coming back for more. And that's the way it is." From rforno at infowarrior.org Sat Jul 18 02:15:36 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 17 Jul 2009 22:15:36 -0400 Subject: [Infowarrior] - Goldman Sachs Backs Down in Legal Battle With Blogger Message-ID: <179EDD9B-A645-462D-8649-895DD1A98431@infowarrior.org> July 16, 2009 12:44 PM Goldman Sachs Backs Down in Legal Battle With Blogger Posted by Brian Baxter http://amlawdaily.typepad.com/amlawdaily/2009/07/goldman-backs-down-in-legal-battle-with-blogger.html Mike Morgan, a Florida-based investment adviser who started the controversial blog GoldmanSachs666.com, has prevailed in a case he brought against the investment bank in April. Goldman, which exceeded expectations by reporting $3.4 billion in second quarter profits this week, quietly agreed to several stipulations last month in order to dismiss the case. The Am Law Daily previously reported that Goldman had sought to muzzle Morgan's Web site and its conspiracy-tinged blog posts via a cease-and- desist letter sent by Chadbourne & Parke IP practice cochair John Squires in April. (Squires served as Goldman's chief in-house IP counsel before leaving for Chadbourne in January.) Morgan responded by hiring Joseph Beckman from The Intellect Law Group in Palm City, Fla., filing a complaint against Goldman in federal court in Florida later that month seeking a declaratory judgment that he was not infringing on the bank's trademarks. The suit wasn't Morgan's first court battle with a corporation he was crusading against on the Internet, but he appears to have emerged victorious in the Goldman matter provided he maintains a prominently displayed disclaimer on his Web site disavowing any affiliation with the investment bank. In turn, Goldman agreed to refrain from interfering with Morgan's use of GoldmanSachs666.com. Squires and Chadbourne IP litigation counsel Peter Bucci represented Goldman in the litigation. Squires declined an Am Law Daily request for comment. But Morgan, who recently told a British newspaper that he'd had a heart attack during the spat and was stepping down from the day-to-day operations of his site, did take some time to crow. In a blog post earlier this month, he wrote that "Lord [sic] Blankfein and his Band of Merry Thugs blinked, and we sliced their heads off." While Morgan's rants might seem off-the-wall, if a recent feature story by Rolling Stone's Matt Taibbi is any indication, some of Morgan's ideas are starting to receive mainstream attention. Taibbi compares Goldman to a "vampire squid wrapped around the face of humanity" in a scathing indictment of the investment bank that has Wall Street buzzing. A Goldman spokesman told Reuters that "Taibbi's article is a compilation of just about every conspiracy theory ever dreamed up about Goldman Sachs . . . We reject the assertion that we are inflators of bubbles and profiteers in busts, and we are painfully conscious of the importance of being a force for good." Goldman's charitable endeavors aside, the firm's surging profits and repayment of government loans have allowed compensation to return to 2007 levels. From rforno at infowarrior.org Sat Jul 18 02:18:54 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 17 Jul 2009 22:18:54 -0400 Subject: [Infowarrior] - =?windows-1252?q?Treasury_cuts_=91Humor_in_the_Wo?= =?windows-1252?q?rkplace=92_job_opening?= Message-ID: Treasury Dept. cuts ?Humor in the Workplace? job opening Share on Facebook By David Edwards and Stephen Webster Published: July 17, 2009 http://rawstory.com/08/news/2009/07/17/treasury-dept-cuts-humor-in-the-workplace/ U.S. Senator Byron Dorgan (D-ND) on Friday morning called on the Treasury Department to axe a job opening seeking an applicant who can ?create cartoons on the spot? in order to introduce ?humor in the workplace.? The move was seemingly in reaction to a link carried by right-wing news aggregator Matt Drudge who followed the Say Anything blog which picked up on the job opening in a Thursday post. The position was also the subject of a Fox News segment on Friday morning. The job posting, offered on FedBizOpps.gov, called for the selected candidate to give ?two, 3-hour, Humor in the Workplace programs that will discuss the power of humor in the workplace, the close relationship between humor and stress, and why humor is one of the most important ways that we communicate in business and office life.? ?Participants shall experience demonstrations of cartoons being created on the spot,? it continued. ?Several conservatives on Capitol Hill found it highly amusing that the Bureau of the Public Debt found it necessary to resort to humor in order to ease the stress of management meetings at a time when the federal deficit is ballooning,? noted The Hill. ?Of all the agencies, the Bureau of Public Debt should know that there is very little that is funny about today?s economic conditions,? Dorgan said, according to the Washington, D.C. publication. ?I understand the need for motivation in the workplace, but I think we have a greater motivation to save the taxpayers some money.? Buy 9:58 a.m. eastern standard time, the Bureau of Public Debt ?determined that it no longer has a need for this requirement.? Fox News host Steve Doocy jokingly asked, ?[Vice President] Joe Biden says a lot of funny stuff. Would he be available to do this job?? Clayton Morris, who called the job posting ?absurd,? added that Biden may need a second job. ?Why not go over?? asked Doocy. ?The Treasury Department is right next door to the White House!? On FedBizOpps.gov, one anonymous user posting under the name ?A- pimphand? jeered, ?STOP WASTING TAXPAYER MONEY AND INFLATING THE CURRENCY. Obama wanted $787,000,000,000 for THIS?!? ?Every contractor on this list should be ashamed to be fleecing the American taxpayer with this worthless contract,? ?A-pimphand? continued. ?Hard working people are being forced to give the government the sweat of their brow?to fund this joke on the taxpayer. Every single one of you should be fired.? ?I?m all for laughter, and if any group of people need to learn how to laugh it?s federal bureaucrats, but even so,? noted Say Anything blogger Rob. ?Is it appropriate - especially now in the midst of a national fiscal disaster - for the taxpayers to be footing the bill for laughter lessons?? ?What?s next?? asked Michael Roston at True/Slant. ?FEMA will put out a requisition for sketch comedy as a means of disaster preparedness? ?Then again,? he added, ?given the skillful way that President Bush dealt with Hurricane Katrina, you might think they?ve already done that.? From rforno at infowarrior.org Sat Jul 18 14:22:39 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 18 Jul 2009 10:22:39 -0400 Subject: [Infowarrior] - WH cites Google search term as 'progress' Message-ID: <9DE87814-488F-49A4-8F2F-AEF19695283E@infowarrior.org> Hell of a metric for progress, eh? -rf Larry Summers cites Google search as progress Of all the statistics pouring into the White House every day, top economic adviser Larry Summers highlighted one Friday to make his case that the economic free-fall has ended. The number of people searching for the term ?economic depression? on Google is down to normal levels, Summers said. Searches for the term were up four-fold when the recession deepened in the earlier part of the year, and the recent shift goes to show consumer confidence is higher, Summers told the Peterson Institute for International Economics. Read more: http://www.politico.com/news/stories/0709/25083.html#ixzz0LcXlseTz From rforno at infowarrior.org Sat Jul 18 14:44:50 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 18 Jul 2009 10:44:50 -0400 Subject: [Infowarrior] - The NSA wiretapping story nobody wanted Message-ID: The NSA wiretapping story nobody wanted Whistleblower Mark Klein tells in his new book of how he was ignored. He spoke with IDG News. Robert McMillan http://www.computerworld.com/s/article/9135645/The_NSA_wiretapping_story_nobody_wanted July 17, 2009 (IDG News Service) They sometimes call national security the third rail of politics. Touch it and, politically, you're dead. The clich? doesn't seem far off the mark after reading Mark Klein's new book, "Wiring up the Big Brother Machine ... and Fighting It." It's an account of his experiences as the whistleblower who exposed a secret room at a Folsom Street facility in San Francisco that was apparently used to monitor the Internet communications of ordinary Americans. Klein, 64, was a retired AT&T communications technician in December 2005, when he read the New York Times story that blew the lid off the Bush administration's warrantless wiretapping program. Secretly authorized in 2002, the program lets the U.S. National Security Agency (NSA) monitor telephone conversations and e-mail messages of people inside the U.S. to identify suspected terrorists. Klein knew right away that he had proof -- documents from his time at AT&T -- that could provide a snapshot of how the program was siphoning data off of the AT&T network in San Francisco. Amazingly, however, nobody wanted to hear his story. In his book he talks about meetings with reporters and privacy groups that went nowhere until a fateful January 20, 2006, meeting with Kevin Bankston of the Electronic Frontier Foundation (EFF). Bankston was preparing a lawsuit that he hoped would put a stop to the wiretap program, and Klein was just the kind of witness the EFF was looking for. With the EFF on board, Klein was briefly a media celebrity -- the man who had the guts to expose the NSA's secret wiretapping program. In his book he provides the documents and the stories that illustrate how all of this transpired. Klein has been politically active since the 1960s, when he protested the Vietnam war. "I came to view the government with great suspicion like a lot of people back then and I still do," he said in an interview he granted the IDG News service on Friday. "I guess that sort of laid the groundwork for my later experience, because I didn't trust the government to begin with." Today he lives in the San Francisco Bay Area with his wife, Linda, and his two dogs. He self-published his book last week. Related Story Obama administration defends Bush wiretapping Following is an edited transcript of the interview. IDG News Service: By some estimates there are 15 to 20 of these secret wiretapping rooms across the country. You're the only AT&T employee who has come forward and talked about them in detail. Why? Mark Klein: Fear. First of all it was a scary time. It still is a scary time, but during the Bush years it was sort of a witch hunt atmosphere and people were afraid. People are afraid of losing their jobs, and it's a rule of thumb that if you become a whistleblower you'll probably lose your job. And if you have a security clearance, you not only lose your job, but you probably will be prosecuted by the government. The Bush administration made that very clear in statements they made over and over again: 'Anybody who reveals anything about our secret programs will be prosecuted and we are running investigations to find out who leaked this to the New York Times.' Well that puts a fear in people. IDGNS: Have you heard from other AT&T employees who told you that they knew of these activities? Klein: I haven't tried to get in contact with people I knew at AT&T for this very reason. I didn't want to jeopardize their livelihood. IDGNS: In your book you describe how a meeting with your lawyer was videotaped to preserve evidence in case you "disappeared." How scared were you? Klein: I was very worried. The Bush administration was capable of very crazy things and illegal things. I knew they were doing torture. And I knew they had taken into custody and jailed people who were citizens of the United States ... and just thrown them away in a brig with no trial and no charges. So I didn't think it was beyond the possibility that they'd do the same to me. Maybe I was getting a little paranoid in hindsight, but hindsight is cheap. I was most worried at the time when the LA Times was killing my story, but at the same time the LA Times showed it to the government. Then I really was panicking because that meant that the government knew everything and probably knew my name, but I didn't have any publicity. IDGNS: The media merit a full chapter (entitled: 'Going Public vs. Media Chickens') in your book. What happened there? Klein: The LA Times was particularly egregious because they were planning a front-page spread. They were the first entity I'd given all the documents to. Then they talked to the government about it, and it turned out they were talking to not only the NSA director, but the director of national intelligence, who was John Negroponte at the time. So that meant the government knew it. And then a few weeks later the LA Times killed the story. So the only thing you can read into is that basically the government squashed the story. [The LA Times' editor in early 2006, Dean Baquet, said the government had nothing to do with the decision. 'We did not have a story, that we could not figure out what was going on,' he told ABC News -- ed.] IDGNS: How long did they have the story? Klein: I started dealing with them in late January 2006, and in February they showed it to the government, and then they started wobbling. By the end of March 2006, they officially told me the story was killed. IDGNS: Did they cover it in April, after it became public? Klein: No that was funny. After it finally hit the news everywhere else, The LA Times didn't run with the stuff I'd given them. They'd squashed the whole thing. IDGNS: A lot of people you might have expected to be interested in this story weren't interested initially. In the book, you talk about going to EPIC [the Electronic Privacy Information Center] and getting nowhere; you talk about the media and you also talk about Congress. You never testified before Congress. Klein: This book has several aspects. The first aspect is the spying itself and the technical apparatus; another aspect is the role of the media and how the media has basically functioned as a propaganda apparatus for the government, more or less willingly. Part of the book is about the struggle to make the media cover this story. And the third part of this story is about Congress. It was a struggle, a struggle which failed I might add, to get Congress to investigate and do something about this. Congress ran away from me. They didn't want to touch me with a 10-foot pole, starting with my own senator, Dianne Feinstein, who was a key member of both the Intelligence Committee in the Senate and the Judiciary Committee. She was one of the first legislators I tried to contact in February 2006. I was given the number of her chief attorney in Washington, and he first was very interested. He talked to me on the phone and asked me a bunch of detailed questions and told me he'd get back to me. And then I never heard from him again. IDGNS: Why do you think you had trouble getting Congress interested? Klein: With the Republicans, it's obvious why they didn't want to deal with it. Their administration was responsible for the whole illegal spying operation. The first layer of the Democratic party leadership, it turns out, had been knowledgeable and briefed on this program and was complicit, in my view. IDGNS: What do you think you've accomplished by coming forward with these documents? Klein: My main accomplishment is to let everybody know about what exactly the government is doing to people. How the government in detail is screwing over people's privacy and trampling over the Constitution and the Fourth Amendment, and lay out in great detail how everybody's personal lives are being delved into by the government and stored in secret databases for future reference. From rforno at infowarrior.org Sat Jul 18 14:46:35 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 18 Jul 2009 10:46:35 -0400 Subject: [Infowarrior] - Riot police raid birthday barbecue for 'all-night' Facebook tag Message-ID: <5695300E-E547-4D07-A163-9B9ADC50A97F@infowarrior.org> Riot police raid birthday barbecue for 'all-night' Facebook tag Four cars, van, helicopter storm 15-guest cookout By Austin Modine ? Get more from this author Posted in Odds and Sods, 17th July 2009 17:44 GMT http://www.theregister.co.uk/2009/07/17/police_raid_birthday_barbecue_facebook_invitation/ Riot police stormed a man's 30th birthday barbecue for 15 guests because it was advertised as an "all-night" party on Facebook. Four police cars, a riot van, and a force helicopter were dispatched to a privately-owned field in a small village near Sowton, Devon in the UK on Saturday, ordering the party shut down or everyone would be arrested. Andrew Poole, a coach driver from Sowton, said his birthday barbecue was busted up before they even had a chance to plug the music in, reports the BBC. "What effectively the police did was come in and stop 15 people eating burgers," Poole said. The event was shuttered under section 63 of the Criminal Justice and Public Order Act 1994, which grants police powers to remove persons attending or preparing for a "rave" (defined as playing amplified music "wholly or predominantly characterised by the emission of a succession of repetitive beats," during the night). Poole said it was about 4pm when eight officers with camouflage pants and body armor jumped out of their vehicles and ordered everyone out about an hour into the party. He claims his party was advertised on Facebook as an "all-night" affair in case his guests wanted to stay the night. A police spokeswoman told the BBC the helicopter was deployed for less than 20 minutes, costing about ?200. "The decision to close down a rave or illegal music festival is not taken lightly," she said. "On this occasion, we were extremely concerned how the event had been advertised on the internet as an all-night party and it was therefore necessary to take the appropriate steps." The spokeswoman added if the party hadn't been stormed the officers, riot police and accompanying helicopter, "far more resources would have been used to police the event and there would have been considerable disruption to neighbouring properties." ? From rforno at infowarrior.org Sat Jul 18 16:16:16 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 18 Jul 2009 12:16:16 -0400 Subject: [Infowarrior] - Gov admits RFID cards vulnerable Message-ID: <9CA2DFB8-3184-4336-85D2-A94264D47099@infowarrior.org> This is first rate Kafka security -- the government issues you an insecure id card, admits it's insecure and offers an inconvenient work- around. Of course, it remains illegal for you to protect yourself by disabling the insecure part of the federal ID card or passport. Improved security? Hardly. Improved terrorist detection? Nope. Boatloads of cash for RFID ID card companies and ID-card-sleeve vendors? Hells yeah!! Brilliant. -rick Special alloy sleeves urged to block hackers? By TODD LEWAN The Associated Press Sunday, July 12, 2009 2:57 AM http://www.washingtonpost.com/wp-dyn/content/article/2009/07/11/AR2009071101929_pf.html -- To protect against skimming and eavesdropping attacks, federal and state officials recommend that Americans keep their e-passports tightly shut and store their RFID-tagged passport cards and enhanced driver's licenses in "radio-opaque" sleeves. That's because experiments have shown that the e-passport begins transmitting some data when opened even a half inch, and chipped passport cards and EDLs can be read from varying distances depending on reader techonology. The cover of the e-passport booklet contains a metallic sheathing that can diminish the distances radio waves travel, presumably hindering unwanted interceptions. Alloy envelopes that come with the PASS cards and driver's licenses do the same, the government says. The State Department asserts that hackers won't find any practical use for data skimmed from RFID chips embedded in the cards, but "if you don't want the cards read, put them in an attenuation sleeve," says John Brennan, a senior policy adviser at the Office of Consular Affairs. Gigi Zenk, a spokeswoman for the Washington state Department of Licensing, says the envelope her state offers with the enhanced driver's license "ensures that nothing can scan it at all." But that wasn't what researchers from the University of Washington and RSA Laboratories, a data security company in Bedford, Mass., found last year while testing the data security of the cards. The PASS card "is readable under certain circumstances in a crumpled sleeve," though not in a well maintained sleeve, the researchers wrote in a report. Another test on the enhanced driver's license demonstrated that even when the sleeve was in pristine condition, a clandestine reader could skim data from the license at a distance of a half yard. Will Americans consistently keep their enhanced driver's licenses in the protective sleeves and maintain those sleeves in perfect shape - even as driver's licenses are pulled out for countless tasks, from registering in hotels to buying alcohol? The report's answer: "It is uncertain ... " And when the sleeves come off, "you're essentially saying to the world, 'Come and read what's in my wallet,'" says Marc Rotenberg, executive director of the Electronic Privacy Information Center in Washington, D.C. By obliging Americans to use these sleeves, he says, the government has, in effect, shifted the burden of privacy protection to the citizen. Meanwhile, researchers have raised other red flags. - In 2006, a mobile security company, Flexilis, conducted an experiment in which the transponder of a partially opened e-passport triggered an explosive planted in a trashcan when a dummy carrying the chipped passport approached the bin. A video of the experiment was shown that year at a security conference. Flexilis has suggested that the government adopt a dual cover shield and specifically designed RFID tag that would make the e-passport remotely unreadable until it is fully opened. No changes have been made to the U.S. e-passport in response, according to the State Department. - Some RFID critics wonder: Could government officials read the microchips in an enhanced driver's license or passport card by scanning people via satellite or through a cell phone tower network? The short answer is no - because the chips in PASS cards and EDLs are "passive," or batteryless, meaning they rely on the energy of readers to power up. Passive tags are designed to beam information out 30 feet. However, research is moving forward to make batteries tinier and more powerful, says Ari Juels, director of RSA Laboratories. A "semi- passive" tag that could transmit into the atmosphere when triggered by a reader "may be feasible at some point," he says. Separately, a system called STAR, that adapts deep-space communications technologies to read passive tags from distances greater than 600 feet, was announced last year by a Los Angeles startup called Mojix, Inc. It uses "smart antennas" and "digital beam forming" to process signals in four dimensions - time, space, frequency and polarization. Mojix, founded by a former NASA scientist, promotes the technology for supply chain management and asset tracking. ? 2009 The Associated Press From rforno at infowarrior.org Sat Jul 18 23:50:40 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 18 Jul 2009 19:50:40 -0400 Subject: [Infowarrior] - Three Levels Beyond Kernel Rootkits Message-ID: <53A26803-7E1D-4D92-9EEC-9F363F697B78@infowarrior.org> Exclusive Interview: Going Three Levels Beyond Kernel Rootkits Today we have the pleasure of chatting with Joanna Rutkowska, one of the top computing security innovators in the world. She is the founder and CEO of Invisible Things Lab (ITL), a boutique computer security consulting and research firm. Alan: Joanna, thanks for taking the time to chat. Let's start with the basics for our readers. You've carved out a niche in the security world with your expertise on stealthy attacks, such as rootkits, and more recently by exposing vulnerabilities with virtual machines and low-level hardware. But before we go into all of this, why don't you tell us a little bit about yourself? Joanna: I'm a researcher focusing on system-level security issues like the kernel, hypervisor, chipset, etc. Researcher--not a bug hunter or a pen-tester. I'm more interested in fundamental problems rather then specific bugs affecting specific user software. For example, can the OS/platform provide any security to the user, despite its apps such as Adobe Reader or IE being potentially compromised? I believe in ?Security by Isolation.? Business-wise, I'm a founder and director of Invisible Things Lab (ITL), a boutique security research and consulting firm. I'm very proud of the team I managed to create at ITL, which includes Alexander Tereshkin and Rafal Wojtczuk, who are two of the most skilled researchers in the field of system-level security. Recently, I've been becoming less and less of a "debugger-attached- researcher," gravitating towards a higher-level role, which is needed to supervise the work done by my team. I enjoy this new role of a director a lot, in fact. < - > http://www.tomshardware.com/reviews/joanna-rutkowska-rootkit,2356.html From rforno at infowarrior.org Sun Jul 19 14:20:06 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 19 Jul 2009 10:20:06 -0400 Subject: [Infowarrior] - =?windows-1252?q?Music_Industry_Lures_=91Casual?= =?windows-1252?q?=92_Pirates_to_Legal_Sites?= Message-ID: July 20, 2009 Music Industry Lures ?Casual? Pirates to Legal Sites By ERIC PFANNER http://www.nytimes.com/2009/07/20/technology/internet/20stream.html?hpw=&pagewanted=print PARIS ? Record company executives say there are three kinds of music fans. There are those who buy music, and those who get a kick out of never paying for it. And then there are those whom Rob Wells at Universal Music Group calls ?dinner party pirates?: the vast majority of listeners, those who copy music illegally because it is more convenient than buying it. If those low-level copyright cheats could be converted to using legal music services, the digital music business would get much-needed help. Yet even industry executives acknowledge that until recently, they were not giving those listeners many ways to do what they wanted: to sample new music and to play it back anytime, at little or no cost. Over the past year, however, as sales of CDs have continued to fall and paid-for downloads from services like Apple?s iTunes have fallen short of hopes, record companies have moved to embrace casual file- sharers. Legal services offering free, unlimited streaming of music, rather than downloads, are proliferating. According to a survey published last week, they are taking some of the wind out of the pirates? sails. ?Consumers are doing exactly what we said they would do,? said Steve Purdham, chief executive of We7, a service that says it has attracted two million users in Britain in a little more than half a year by offering unlimited access to millions of songs. ?They weren?t saying, ?Give me pirated music?; they were saying, ?Give me the music I want.?? The music industry has high hopes that the growth of sites like We7, whose investors include the former Genesis musician Peter Gabriel, can change the reputation of Europe as a hive of digital piracy. Similar businesses include Deezer, in France, and Spotify, which was started by two Swedish entrepreneurs and has grown rapidly in Britain and elsewhere. All of them are licensed by the music industry and hope to make money from advertising. Last week, Microsoft said it, too, planned to offer a music streaming service in Britain, via its MSN Web business, though it provided few details. Meanwhile, the survey by two research firms, Music Ally and Leading Question, showed that Britons were adopting such services in large numbers. Among British teenage music fans, 65 percent said they listened to streamed music at least once a month, with 31 percent saying they did so every day. The survey showed a striking decline in the number of British teenagers who said they had regularly engaged in unauthorized file- sharing; only 26 percent said they had done so as of January, when the survey was taken, compared with 42 percent in December 2007. Music industry executives say that does not mean the piracy problem has been solved. The survey results did not distinguish between licensed and unlicensed streaming services or others, like YouTube, where both kinds of music can be found. Illegally copied music still accounts for the vast majority of digital listening, they add. Still, executives say there are some promising signs. Rather than cannibalizing existing digital businesses, they say, the new services are often attracting people who previously shared files illegally. According to research by one of the major record companies, nearly two- thirds of Spotify users say they now engage in less piracy. Spotify says it has two million registered users in Britain and another two million in Sweden, Spain and France. Paul Brown, managing director of its British arm, said it wants to expand to the United States by the end of the year. There, it would go up against a number of digital businesses that also offer free music in various ways, including MySpace Music, Imeem, Last.FM, Pandora and others. While Pandora has said it expects to be profitable by the end of the year, analysts say most other free streaming services are still losing money. Some advertising-supported free music sites, like SpiralFrog, have already gone out of business. ?You only have to use these services for a while to realize that there?s not a lot of advertising on them,? said Paul Brindley, chief executive of Music Ally. Analysts say the European services like Spotify, We7 and Deezer are different from most of the American streamed offerings because they focus on the music, rather than using it to build, for instance, a social networking service. They also give users more control than, say, Pandora, which is more like an online radio service, with preselected programming, rather than on-demand listening. To try to supplement advertising income, Spotify offers users a premium service, priced at ?9.99, or $16.32, in Britain, which eliminates advertising. The company also plans to add other enhancements to the premium service, including a mobile offering for Apple?s iPhone and other devices. Mr. Brown declined to say how many users were upgrading to the premium service, but added: ?Each new addition creates customers who say, ?Hey, I want that.? It?s not just about the ads.? Over all, he said, revenue has doubled every month since the company began its commercial operations in Britain in February. Costs are rising, too, because Spotify and similar services pay royalties to rights holders, including music companies, every time a track is streamed. Those payments are turning into a promising revenue source for the record companies. In Sweden, a market where piracy has been rampant, Spotify is already the biggest digital revenue earner for Universal Music, even though it has been operating for less than a year, said Mr. Wells, senior vice president of Universal?s international digital operations. Analysts say record companies have agreed to reduce licensing costs slightly in recent months, with the typical going rate dropping to about 0.8 cent a track from 1 cent a track. The labels are also striking different kinds of agreements, insisting on equity stakes in some cases, or a share of revenue from advertising or subscriptions, in an effort to ensure that they benefit from the growth of the new services. ?Now they have to turn these into sustainable businesses,? said Dan Cryan, an analyst at Screen Digest in London. ?You can have 1,001 start-ups, but if they all close down after two years, you?re not any better off.? From rforno at infowarrior.org Mon Jul 20 01:42:44 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 19 Jul 2009 21:42:44 -0400 Subject: [Infowarrior] - Subtle web privacy risk (content script) Message-ID: <0CB05A7F-56D7-4C82-93A2-B637A764E828@infowarrior.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 FYI here is an exchange I had with some securitygeek friends about an interesting web script I came across over the weekend. Subtle yet scary! From Rick: Go to Politico.Com and pick an article. Highlight a word, a paragraph, or paragraphs, cut and paste into another document or email message, and you see a built-in "Read More" link at the bottom of the selection you cut. Kind of a convenient way of 'marking' one's content in the age of cut-and-paste.....not exactly DRM or airtight security, but it seems to be a fair, though easily-circumvented (if you want) way of trying to make sure you get credit for your work. For example, visit this story's page @ http://www.politico.com/news/stories/0709/25083.html .... I highlight the second paragraph, cut and paste into the message below: "The number of people searching for the term “economic depression” on Google is down to normal levels, Summers said. Read more: http://www.politico.com/news/stories/0709/25083.html#ixzz0LcaU3Omx " (Note the "Read More..." is appended to my paste into this message. Sure not there in the article.) .... same paragraph, by word count. 7 words is the non-URL threshold, as it seems 8 words gets you the URL. The number of people searching for the (no URL in the cut) The number of people searching for the term (you get the URL when you cut) ....same article, further down: "We pledged at the time the Recovery" (no URL in the cut) "We pledged at the time the Recovery Act" (you get the URL when you cut) Interesting. I gather it's some embedded script, but haven't the time to go check it out. Still, I commend Politico for what seems to be a convenient and unobtrusive way of trying to mark one's content in the age of blogs and Twitter. Can it be cirvumvented? Sure. But IMHO perhaps the intent is to shame folks who go the extra step to remove the URL from said extracts of Politico articles in reposting that content around the web. Then again maybe the script does some spying on what's being done @ the site and with the content for enforcement or tracking purposes?? (That was my original message to some securitygeek friends who cmmented below. Turns out it is not only a handy URL inclusion to extracts of Politico's content, but also a potentially serious and sneaky privacy threat as well. If you're not using a good browser script blocker such as NoScript or YesScript already, you might want to!! My thanks to those who commented and allowed their thoughts put forward here. - rick) === begin securitygeek comments === (securitygeek comments anonymized per their request.) ===== Securitygeek #1:: !-- Tynt Tracer-- script type="text/javascript" src="http://tcr.tynt.com/javascripts/Tracer.js?user=bKDyiUp9mr3OhNab7jrHcU&s=22 " /script !-- //Tynt Tracer-- see www.tynt.com I noticed every time I highlighted something that it was being sent to them. It's a free service right now, capturing people's highlights and copies. http://tracer.tynt.com/faq-general-product-info ===== Securitygeek #2: All the more reason to be using NoScript. This seems worse than all the uproar over DoubleClick tracking in the past. Now they are tracking the specific words you are interested in in addition to the URLs. I can see the future. You cut a paragraph about the accuracy of a search engine and when you paste you get an ad banner and link to Bing. Unless you turn off JavaScript you are potentially sending everything you do in the browser to 3rd parties and they can also control your experience beyond the browser as in this clipboard usage. Quite ingenious. =======Securitygeek #3: So I went to Tynt's site. The first thing that is interesting is to see the flash description of what Tynt is on the front page you need to enable JavaScript from tynt.com. Nice trick guys. How many people will then disable it later? Then from the FAQ: Q. What about user privacy? A. None of the data that Tynt Tracer tracks can be used to uniquely identify an individual user. Then from the Privacy Policy TYNT may use information you have provided in registering for, or use in, TYNT Products without directly or indirectly identifying you, to third parties. This may be done, for example, in order to identify the number of people visiting a specific web site, or commenting on a certain product, person, or idea. This may be used to provide advertisements to you on products or services that will potentially be more interesting or relevant to you. Under no circumstances will we provide information identifying you to a third party, rather we will pass on an advertising announcement to you, but we will not tell the third party who you are. The interesting thing is people are using Tynt products without even really knowing it. If a blog is using Tynt and you interact with that blog then you are using Tynt. How many people are going to know to read this privacy policy? -----BEGIN PGP SIGNATURE----- Version: 9.8.3.4028 Comment: Rick's Current Public Key @ http://infowarrior.org/pgpkey.txt wj8DBQFKY8uWKWZyO29ebPYRAmbBAJwK9HDt6zZl1+lJivZ93/KGlWuOtACeK00Z 6/xfHg2BOP1rX/+M14GpOlU= =NLtV -----END PGP SIGNATURE----- From rforno at infowarrior.org Mon Jul 20 12:18:12 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 20 Jul 2009 08:18:12 -0400 Subject: [Infowarrior] - Swiss starting Internet monitoring Message-ID: <8DA68B51-A1A3-4FF9-A383-4EAEF202AF1C@infowarrior.org> Big Brother Switzerland: real-time internet interception to start on August 1, 2009 These confidential documents detail information on an official program for centralized, real-time, interception of Internet traffic in Switzerland. The interception will start on August 1, 2009. The documents are those referenced yesterday by the Swiss-German weekly newspaper WOZ http://www.wikileaks.org/wiki/Big_Brother_Switzerland:_real-time_internet_interception_to_start_on_August_1%2C_2009 From rforno at infowarrior.org Mon Jul 20 13:14:43 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 20 Jul 2009 09:14:43 -0400 Subject: [Infowarrior] - Free concert tix for military personnel Message-ID: http://ravendrumfoundation.org/news-events/free-dl-tickets-for-veterans.html Free Def Leppard tickets for military personnel and veterans 7/2/2009 8:16:25 PM | RavenDrumFoundation.org.com Def Leppard & Raven Drum Foundation Offer Active and Veteran Military Personnel Free Concert Tickets to Their 2009 Summer Tour Def Leppard and Raven Drum Foundation announced today that they will be celebrating America\s military veterans with the gift of music - free tickets to Def Leppard Summer 2009 concert dates! The offering is intended to thank these heroes in a meaningful way for their service. In a time where families are unsure of their personal and professional stability, many of our heroes are coming home to families that are suffering in the wake of a turbulent economy and these families are often forced into a position of having to do more with less, eliminating the opportunity for a night out for an important, bonding entertainment experience. Def Leppard's involvement did not come by chance: "It came through a desire to give something back and what better way to honor these heroes than with a night of music," said Def Leppard drummer and Raven Drum Foundation founder Rick Allen. "Our mission with Raven Drum Foundation is to serve, educate and empower veterans and people in crisis through the power of the drum, and music is just one of the tools we use to promote healing. It is so exciting to have my band, family and so many others contributing to this effort; it is a significant part of who I am as a person. To have this moment means a great deal in ways I cannot measure. And I thank everyone involved, especially the veterans." Military personnel and veterans with a military ID are eligible to receive 2 tickets to one Def Leppard show. Tickets are available on a first come, first serve basis through www.ravendrumfoundation.org. Raven Drum Foundation's partners, Wounded Warrior Project and Salute America's Heroes will handle the distribution of the tickets. For more information on the Raven Drum Foundation, visit their website at www.ravendrumfoundation.org. From rforno at infowarrior.org Mon Jul 20 17:42:48 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 20 Jul 2009 13:42:48 -0400 Subject: [Infowarrior] - Invitation to Future Internet Information Meeting Message-ID: <95AB17C2-A87F-4D0A-9AC9-27DD48BD7D88@infowarrior.org> (via IP) Subject: Invitation to Future Internet Information Meeting July 29, 2009 You are invited to attend an information meeting to hear about plans that CISE/NSF has to support research into overarching architectures for a Future Internet. Future Internet architecture encompasses the overarching structure and protocol-based interaction of network components with the wide range of networked entities, including security and trust, network management, the traditional layers 1 and 2 (technology use of and support for fiber optics, wireless networks, sensor networks, etc. insofar as they impact an overall architecture) and layers 3 and 4 (network and transport functions). Applications, web services, distributed content networks, real-time social interaction such as games, social networks over the digital communication network (as opposed to networks of people only), service delivery, etc. make difficult demands on the overarching architecture and need to be considered as part of the architectural effort. CISE calls for multidisciplinary research that addresses the question of how to design Future Internet architectures, understanding what is now known about requirements and mechanisms, considering lessons from the past, incorporating what is good, proposing new approaches where they are needed, and fitting these ideas into fresh overarching architectures that reach beyond core networking. In this respect, the process of design has been called ?clean slate? in that the research is not to be constrained by features of existing networks. Information about the meeting: Reception: 6:30 pm ? 8:30 pm on July 28, 2009 Information Meeting: 9:00 am -4:00 pm on July 29, 2009 Location: Westin Gateway Hotel 801 N. Glebe Road, Arlington, VA Registration Site for the meeting: http://www.gtisc.gatech.edu/nsf_find09.html The Westin is holding a block of sleeping rooms for this meeting. You may register for a room by clicking on ?Hotel? on the registration website above and registering for a hotel room. The block of rooms is available until July 22, 2009 on a first come, first serve basis. Note NSF is not providing attendee travel support. This information meeting is being jointly sponsored by CISE/NSF and IPTO/DARPA. Who should attend? ? Researchers from the CISE research community who have a systems view with cross-cutting expertise that would be essential for designing a viable trustworthy Future Internet ? Researchers interested in evaluation of Future Internets ? Experts in security and privacy ? Experts in economics and other social scientists who have an interest in a Future Internet ? Application designers who want to impact what a Future Internet could enable and deliver ? Individuals, from other domains, such as law, biology, health sciences or application designers, and with different perspectives, whose knowledge and expertise can be brought to bear on the design and development of future Internets in the context of a range of scientific, technical, economic and social challenges Please send this email to colleagues you think would be interested in attending this information meeting. If you are unable to attend, the meeting will be live webcast and the webcast will be stored on the CISE homepage. Instructions for how to access the live web cast will be posted on the CISE homepage as well. For more information about research conducted to date on components of a Future Internet as well as papers, slides and activities, please go to www.nets-find.net From rforno at infowarrior.org Mon Jul 20 17:43:47 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 20 Jul 2009 13:43:47 -0400 Subject: [Infowarrior] - CA plans UAV for crimefighting Message-ID: Lancaster eye in sky plan aims at crime By Sue Doyle and Kevin Modesti, Staff Writers Updated: 07/19/2009 10:42:00 PM PDT LANCASTER - It could spot burglars breaking into homes from five miles away. It could record unsuspecting bank robbers making their getaways. It could detect car crashes and help police decide how to respond. But would it also take pictures of you sunbathing in your backyard? Lancaster officials are developing an "eye in the sky" surveillance system consisting of a camera attached to an airplane that would fly over the city 24 hours a day on the lookout for crime. It would relay instant footage to sheriff's deputies on the ground, capturing images up to five miles away from an elevation of 5,000 feet. Some civil libertarians and city residents are concerned it may represent a Big Brother-ish invasion of privacy. But Lancaster Mayor R. Rex Parris, who is developing the system with the help of renowned aviator Dick Rutan, touts the system as a high-tech boost for law enforcement. "Suppose your wife is at home and she thinks somebody is breaking in the back door," Parris said. "We can see it in 30 seconds." He acknowledged he has gotten calls from residents concerned about privacy. "I'm astonished by how many people have called me and said, `I sunbathe naked in the backyard or swim naked in the backyard,"' Parris said. But, he said, when the system is fully developed, there will be built-in safeguards against misuse. Those details have yet to be hammered out by city and sheriff's officials. With the system still in development, officials must work out issues ranging from how it will be funded to whether it will be flown by sheriff's deputies or private contractors. Capt. Axel H. Anderson of the Los Angeles County Sheriff's Department in Lancaster estimated the start-up cost at $1.5 million. If deployed, local officials believe the high desert city would be the first in the nation to use such a system. Parris said he thought such high-powered aerial surveillance was a movie fantasy before Rutan said it could be put into real-life practice and began working on applying the technology. Parris, a civil-litigation attorney, said Rutan pilots his private airplane. Parris expects it to take at least a year - and as long as three years - to put the plan into operation. Anderson recently went along with Parris, Rutan and others on a test ride in an airplane outfitted with an aerial surveillance system borrowed from a private business. > From an elevation of 5,000 feet, the camera was able to record > images five miles away, Anderson said. Anderson said deputies on the ground could type in a location into a computer system linked to the airplane's camera. The camera would then target the address, allowing officials to see what's happening before patrol cars arrive. "It's not good enough to hone in and pick out a license plate," Anderson said. "But you can really hone in and get a good physical description of an individual involved - height, weight, race, gender, clothing description. That's all quality stuff. "Although it wouldn't be the quality where you can pick the person out of a lineup." Anderson said the airplane operator could spot traffic accidents and suspicious activities and assist patrol officers. Imagining such a powerful surveillance system, some wonder if it could also tread on the privacy of Lancaster's 145,000 residents. UCLA law professor Eugene Volokh said the danger is that authorities could film more than criminals and car crashes. He said the equipment would increase the government's power to see what residents are doing. "They can't just limit the photos to public streets," Volokh said. "They could get photos of someone sunning themselves on the back deck." Despite assurances the surveillance camera cannot closely identify people today, the technology could improve so that it could in the future, said Lillie Coney, associate director for the Washington D.C-based Electronic Privacy Information Center. "They say the detail isn't that good now," Coney said. "There is technology that is that good. Now whether they're willing to invest in it and improve it is another question." Coney warned that if the system is run by a private contractor instead of by government agents, the public might not have a right to know what data is being collected. If Lancaster and the Sheriff's Department do iron out the details, the aircraft carrying the surveillance equipment would be the only one flying above the north Los Angeles County city on a 24-hour basis. The city of Los Angeles is not considering a similar system. Two to three police helicopters buzz over Los Angeles on a 24-hour basis and can respond directly to calls when crime breaks, said Capt. Jim Miller, commanding officer of the Los Angeles Police Department Air Support Division. Miller said the aerial surveillance system proposed for Lancaster would not work in Los Angeles because the job would be too big and costly in a city of Los Angeles' size, and there's too much air traffic over the metropolitan area. "To a degree, we are already doing what they want to do," Miller said. "We are able to get license plates off cars and very good subject descriptions with helicopters by using binoculars." From rforno at infowarrior.org Mon Jul 20 17:45:40 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 20 Jul 2009 13:45:40 -0400 Subject: [Infowarrior] - =?windows-1252?q?Court_Rebukes_Government_Over_?= =?windows-1252?q?=93Secret_Law=94?= Message-ID: http://www.fas.org/blog/secrecy/2009/07/secret_law-3.html http://www.fas.org/blog/secrecy/?p=2714 ?Government must operate through public laws and regulations? and not through ?secret law,? a federal appellate court declared in a decision last month. When our government attempts to do otherwise, the court said, it is emulating ?totalitarian regimes.? The new ruling (pdf) overturned the conviction of a defendant who had been found guilty of exporting rifle scopes in violation of the International Traffic in Arms Regulations (ITAR). The court said that the government had failed to properly identify which items are subject to export control regulations, or to justify the criteria for controlling them. It said the defendant could not be held responsible for violating such vague regulations. Accepting the State Department?s claim of ?authority to classify any item as a ?defense article? [thereby making it subject to export controls], without revealing the basis of the decision and without allowing any inquiry by the jury, would create serious constitutional problems,? wrote Chief Judge Frank H. Easterbrook of the Seventh Circuit Court of Appeals. ?It would allow the sort of secret law that [the Supreme Court in] Panama Refining Co. v. Ryan, 293 U.S. 388 (1935), condemned.? Normally, ?A regulation is published for all to see,? explained Judge Easterbrook, a Reagan appointee who is considered a judicial conservative. ?People can adjust their conduct to avoid liability. [In contrast,] a designation by an unnamed official, using unspecified criteria, that is put in a desk drawer, taken out only for use at a criminal trial, and immune from any evaluation by the judiciary, is the sort of tactic usually associated with totalitarian regimes,? he said. See the Court?s ruling in United States of America v. Doli Syarief Pulungan, June 15, 2009. The new ruling ?could be a very big deal in terms of export controls, and indeed in terms of ?secret law? in general,? said Gerald Epstein, a science and security policy scholar who served on a recent National Academy of Sciences panel on export control policy. ?This case goes to the heart of the ambiguity of the International Traffic in Arms Regulations, which give the State Department great latitude in determining what is and what is not covered, and which are administered in a notoriously opaque way,? Dr. Epstein told Secrecy News. Export control policy was addressed from various perspectives in an April 24, 2008 Senate hearing entitled ?Beyond Control: Reforming Export Licensing Agencies for National Security and Economic Interests? (pdf) that was published last month. Last year, Sen. Russ Feingold convened a hearing on the subject of ?Secret Law and the Threat to Democratic and Accountable Government.? My prepared statement from that hearing on the diverse categories of secret law is available here (pdf). From rforno at infowarrior.org Tue Jul 21 01:08:40 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 20 Jul 2009 21:08:40 -0400 Subject: [Infowarrior] - Secret Space Shuttles Message-ID: Secret Space Shuttles When you?re 200 miles up, it?s easy to hide what you?re up to. ? By Michael Cassutt ? Air & Space Magazine, August 01, 2009 http://www.airspacemag.com/space-exploration/Secret-Space-Shuttles.html?c=y&page=1 The giant gold and silver satellite glittered against the black sky as space shuttle Atlantis closed in on it from below. Commander Hoot Gibson and pilot Guy Gardner flew the approach, while mission specialist Mike Mullane, at the other end of the flight deck, readied the shuttle?s robot arm for a capture. Downstairs in the airlock, mission specialists Jerry Ross and Bill Shepherd waited in their spacesuits for Gibson?s order to go outside and attempt a rescue. The mission of STS-27 had been to deploy the first in a series of new spy satellites that used radar to observe ground targets, in any kind of weather, day or night. But shortly after the astronauts released the spacecraft, called ONYX, from the shuttle?s cargo bay, on December 2, 1988, one of its antenna dishes had failed to open. Without intervention by the crew, the billion-dollar satellite would become a hunk of space junk. As it turned out, they succeeded in grabbing, fixing, and re-releasing ONYX, for which they later received a medal from the U.S. intelligence community. At least that?s one possible scenario for what happened. The astronauts may just as well have fixed the satellite without a spacewalk by Ross and Shepherd. We don?t know because not a word of the ONYX rescue was reported in newspapers or on television. Why not? Because STS-27 was?and remains?a secret mission. Between 1982 and 1992, NASA launched 11 shuttle flights with classified payloads, honoring a deal that dated to 1969, when the National Reconnaissance Office?an organization so secret its name could not be published at the time?requested certain changes to the design of NASA?s new space transportation system. The NRO built and operated large, expensive reconnaissance satellites, and it wanted a bigger shuttle cargo bay than NASA had planned. The spysat agency also wanted the option to fly ?once around? polar missions, which demanded more flexibility to maneuver for a landing that could be on either side of the vehicle?s ground track. ?NRO requirements drove the shuttle design,? says Parker Temple, a historian who served on the policy staff of the secretary of the Air Force and later with the NRO?s office within the Central Intelligence Agency. The Air Force signed on to use the shuttle too, and in 1979 started building a launch pad at Vandenberg Air Force Base in northern California for reaching polar orbits. Neither the Air Force nor the NRO was ever comfortable relying exclusively on NASA?s vehicle, however. Delays in shuttle launches only increased their worry; even before the 1986 Challenger accident, they were looking for a way off the shuttle and back onto conventional rockets like the Titan. The uneasy relationship between the Air Force, NRO, and NASA assumed a human face in 1979, when the military chose its first group of shuttle astronauts. Two years before the shuttle?s first launch, the NRO selected 13 Manned Spaceflight Engineers as potential payload specialists, all but one from the Air Force. The new military astronauts ranged in age from 24 to 36. Most had advanced degrees in engineering; one was a Ph.D. They were experienced in satellite flying and acquisition. And they believed they were the vanguard of the Air Force in space. Only one of that first group ever made it to orbit. Paul Sefchek, one of those who didn?t (he retired from the Air Force in 1989 and died in 1997 at the age of 51), told me in an interview years ago that his colleagues were like ?old Army scouts who were sort of aimed at NASA by the Air Force and told to find out whatever they could find out. They returned to the fort bleeding and full of wounds.? One fundamental problem was how the two agencies perceived ?payload specialists.? NASA thought of them as outsiders, almost guests? engineers or scientists who tended one particular satellite or experiment, and typically flew just once. The MSEs thought their job was to help bridge the gulf between the military and civilian space agencies. It didn?t work. Gary Payton, now deputy undersecretary of the Air Force for space, is the only one of the first group of military astronauts to fly; he recalls, ?I was naive enough to believe that the payload side would be treated by NASA the same way the Air Force launch people treated us. In the world I came from, payload requirements would drive the time of day you launched, the time of year, everything. In 1980, NASA was still worried about getting the shuttle to fly. So we were not paid much attention to. It was a rude awakening.? In addition to cultural differences, there were plain old turf battles. According to Dave Vidrine, director of the military astronaut program in the early 1980s, one eager MSE, whom he didn?t want to name for publication, was ?coming up with a lot of new projects and carving out his own turf.? On one occasion, NASA astronaut Ellison Onizuka was training underwater at the Johnson Space Center for a spacewalk when the MSE, a qualified scuba diver, decided he needed to measure a piece of equipment. He and another member of the Air Force team in Houston jumped into the training pool and went to work. The NASA test conductor spotted the two unauthorized divers and ordered them out of the pool. A shouting match ensued, and the offending MSE was banned temporarily from the center. T.K. (Ken) Mattingly, an Apollo-era astronaut who also reached the rank of rear admiral before retiring from the Navy in 1989, commanded the shuttle?s fourth mission, in June 1982, which carried the program?s first classified payload. He describes the relationship between the NASA astronauts and the MSEs in those early days as ?sour.? Nor did the MSEs have much support within the Pentagon. Jeff DeTroye, one of the first 13 military astronauts, was assigned to escort General Lew Allen, Air Force chief of staff, during a visit to Los Angeles for the 20th anniversary of the NRO in 1981. Upon learning of DeTroye?s involvement in the shuttle, Allen was blunt. He had played ?a primary role in canceling the Manned Orbiting Laboratory [a proposed military space station of the 1960s], and had he had his way, would have canceled the shuttle,? DeTroye says. Allen made it clear he thought there was no role for man in space, period, according to DeTroye. Mattingly says, ?I sometimes thought the only people in the Air Force really interested in the shuttle were the MSEs.? Still, the classified payloads had to be launched?not just on the secret flights, but as secondary payloads on NASA-sponsored shuttle flights too. Once the two sides started working together on actual missions, things improved, according to Payton, who was part of the support team for Mattingly?s STS-4 flight. ?We found that once the shuttle had flown, there were people inside NASA who were eager to satisfy military requirements,? he remembers. ?We saw that the [NASA] folks were pretty damn good!? On the other hand, the STS-4 payload, identified only as ?P82-1,? didn?t impress Mattingly. ?It was a rinky-dink collection of minor stuff they wanted to fly,? he recalls. P82-1 turned out to be the Cryonic InfraRed Radiance Instrumentation for Shuttle (CIRRIS) and the Ultraviolet Horizon Scanner (UHS), two sensors designed to test missile detection from space. A cover failed to open, so neither worked. The Air Force-NRO control center for shuttle missions was located in Sunnyvale, California. While Houston and Columbia conversed frequently, no one had come up with a way to refer to the classified control center over the open channel. Payload communicator DeTroye recalled a last-minute panic about the mere mention of ?Sunnyvale.? ?What were we supposed to say? ?Columbia, this is&hellipSaratoga?? I can?t imagine what [Mattingly] would have done if he?d heard that.? The use of code words occasionally got comical. On the seventh day of the mission, Mattingly and pilot Hank Hartsfield were getting ready to return to Earth and had just stored the classified checklists in Columbia?s safe. Sunnyvale then asked them to perform ?Tab Echo.? The astronauts looked at each other; neither could remember what Tab Echo was. They opened the safe, removed the checklist, and began paging through it. Sure enough, there was Tab Echo: ?Store checklist.? A few years later, when NASA astronaut Kathy Thornton was preparing for her classified mission, STS-33, ?training schedules were coded,? she recalls. ?They would say things like ?Event 7012.? You had to open up the safe every morning to find out that Event 7012 was food tasting in another building, and you were already five minutes late.? After STS-4, an ambitious schedule of military missions loomed, and in 1982 the Air Force recruited 14 more MSEs. But the first fully classified flight, STS-10, got delayed due to problems with the new Air Force-built Inertial Upper Stage, used to boost satellites to their designated orbit. Other military experiments flew on NASA missions in the meantime. On flight STS-41G, launched in October 1984, the crew conducted a satellite refueling test ?hatched by some Air Force general,? according to journalist Henry S.F. Cooper Jr. in his 1986 book Before Liftoff. Oceanographer Paul Scully-Power was also on board, observing ship wakes on the surface of the sea for the U.S. Navy. Meanwhile, the crew of STS-10 (renamed STS-51C and commanded by Mattingly) continued to train, all the while pioneering the security procedures that classified missions mandated. A ready room was set up in the astronaut office, complete with a secure telephone that had a secret number. ?If certain people need to get hold of you,? Mattingly was told, ?they?ll call.? The phone rang just once: The caller asked if Mattingly was interested in subscribing to MCI long distance service. Another time, Mattingly and three STS-51C crewmates?Onizuka, Loren Shriver, and Jim Buchli?had to take a trip to Sunnyvale. The astronauts were ordered to disguise their destination by filing a flight plan for Denver, then diverting to the San Francisco Bay area. They landed their T-38s at NASA?s Ames Research Center in Mountain View, rented a ?junky old car that could hardly run,? according to Mattingly, and drove to an out-of-the-way motel arranged by their secretary. As they pulled up, Buchli, in the back seat, called a halt. ?We made extra stops to make sure we wouldn?t come here directly,? he said. ?We didn?t tell our families, we didn?t tell anybody where we are. Look at that motel.? On the marquee was written ?Welcome STS-51C Astronauts,? with all four names in big type. Mattingly?s crew?including MSE payload specialist Payton?finally got off the ground in January 1985. For the first time in NASA history, there was no pre-launch public affairs commentary until nine minutes before liftoff. During the flight, the Air Force lifted the veil of secrecy only to admit that the payload was successfully deployed, and that an Inertial Upper Stage was used. According to most accounts, STS-51C?s payload was ORION, an eavesdropping satellite for signals intelligence. Parked in geosynchronous orbit, it unfurled a dish almost as wide as a football field is long (hence the need for the shuttle?s large payload bay) to listen in on ground communications and telemetry. No one involved with the mission will comment beyond this recent statement from Payton: ?It?s still up there, and still operating.? The second dedicated military flight was STS-51J, the following October. Karol Bobko commanded the crew of five, and Bill Pailes, a member of the second military astronaut group, was on board as a payload specialist. Even before the launch, outside analysts deduced that Atlantis would release a pair of Defense Satellite Communications System spacecraft in orbit. When STS-51J landed, the first launch from the new west coast shuttle pad at Vandenberg was just a year away. The mission, STS-62A, was to have been commanded by four-time shuttle astronaut Robert Crippen, with Air Force undersecretary Edward ?Pete? Aldridge and MSE Brett Watterson along as payload specialists. Then came the 1986 Challenger accident. As NASA struggled to return the shuttle to flight, the Air Force and NRO sped up their plans to move payloads back to unmanned rockets. The only satellites that would still be launched on NASA?s shuttle were those that couldn?t be shifted to the Titan IV. When the military abandoned the shuttle, MSEs like Frank Casserino and Watterson suddenly lost their flights. By 1988?the year NASA returned the shuttle to service?the military astronaut corps had disbanded, its members scattered to new assignments. (Of the 27 officers in the first two MSE groups, five would later become generals.) The remaining classified flights fell to NASA astronauts. The first post-Challenger military mission was STS-27, whose crew rescued the ONYX satellite. Then came STS-28 in August 1989, which analysts assumed at the time?based on its 57-degree orbit that overflew a large percentage of the Earth?carried another imaging satellite. Years later, the sleuths determined that STS-28 had instead carried a Satellite Data System spacecraft for relaying imagery from NRO spy satellites. (That conclusion was confirmed for me by an Air Force officer familiar with the mission, who upon seeing CBS news footage of the NRO satellites in 1998 said, ?It?s strange to work on a secret project for 10 years, then see it on network television.?) The next classified mission was STS-33, in November 1989. Discovery?s crew was commanded by Fred Gregory, with John Blaha as pilot and three mission specialists: veteran astronaut Story Musgrave, Sonny Carter, and Kathy Thornton. Musgrave and Thornton (who had once worked as a scientist for the Army) were the only civilians ever assigned to secret missions. In orbit over Thanksgiving, the crew of STS-33 was able to conduct its mission with limited public scrutiny. The Air Force admitted only that the astronauts deployed a spacecraft using the Inertial Upper Stage; the payload is believed to have been the second ORION eavesdropping satellite. The cargo for the next classified flight, STS-36 in February 1990, was harder for ground-based sleuths to figure out. The mission was unusual for its highly inclined orbit?62 degrees, still a shuttle record?which took the crew well above the Arctic Circle and far enough south that they could glimpse the coast of Antarctica. The industry magazine Aviation Week & Space Technology reported the payload?s name as ?AFP-731? and its weight as 37,000 pounds. For years it was thought to have been an advanced KH-11 imaging satellite; not long after Atlantis? return, the Soviet news agency Novosti reported that the satellite had ?malfunctioned,? and that large pieces of debris were being tracked prior to reentry. Wrong, says author Jeffrey Richelson, whose credits include books on the Defense Support Program (DSP) early warning satellites and The Wizards of Langley, a 2001 history of technical innovation at the CIA. In the latter book he claims that STS-36 deployed a stealthy reconnaissance satellite named MISTY. The ?debris? had likely been jettisoned shrouds or instrument covers. Stealthy or not, the satellite was eventually spotted by amateur trackers in a roughly 500- mile-altitude orbit at a 65-degree inclination. The November 1990 flight of STS-38 presented another puzzle for spysat detectives. Its trajectory east of Cape Canaveral initially pointed toward a third ORION eavesdropping satellite, but NRO information released eight years later indicates that it might have been a data relay satellite. Richelson has suggested that in addition, STS-38 carried a small ?inspector? satellite designed to get close to other spacecraft in geosynchronous orbit. That scenario is still being debated. With the launch of STS-39 in April 1991, the Department of Defense began to lift the veil on its shuttle operations. The mission was declassified before launch, and NASA was allowed to reveal that it carried a military-sponsored pallet called AFP-675, a reflight of the payload flown years earlier on Mattingly?s STS-4 mission. Which is not to say that STS-39 didn?t have secrets. One day, according to a member of the crew, another astronaut, Guy Bluford, ?went up on the aft flight deck by himself while the rest of us pretended not to notice.? Bluford launched a small classified satellite, purpose still undisclosed. The trend toward declassification continued with STS-44 in November 1991. Months before the launch, the Air Force acknowledged that Atlantis would carry the 16th DSP satellite for early warning of missile launches. Also on board were some secondary experiments and Army intelligence specialist Thomas Hennen, who flew in space to observe military targets on the ground, under a program known as Terra Scout. The following year, the existence of the National Reconnaissance Office was officially revealed, just as the queue of secret shuttle payloads wound down to the end. The last dedicated military mission, STS-53, flew in December 1992, carrying a satellite identified as DOD-1, which Richelson and other analysts surmise was another data relay vehicle. NASA closed the secure control room at JSC in Houston and the equally secure Firing Room 4 at the Kennedy Space Center. The cadre of Air Force support personnel was dispersed. And that brought to an end the sometimes testy, always mysterious relationship between NASA and the Air Force/NRO, which had figured so prominently in the middle decade of the shuttle?s nearly-30-year history. In 1993, a person identified publicly only as a ?high-ranking intelligence official? traveled from Washington to the Johnson Space Center to meet with all the astronauts who had flown secret shuttles and present them with National Intelligence Achievement Medals. At that time, each astronaut was officially cleared to wear the medal in public and to acknowledge the facts written on the citation. Hoot Gibson, for example, could now disclose that he had ?returned to? STS-27?s satellite payload, and that the mission specialist on that flight, Mike Mullane, had used the shuttle?s robot arm. Sixteen years later, those brief citations provide almost the only official details of what happened. Today, the astronauts remain bound to silence. Says Mattingly, ?The accomplishments were first-class. I would give anything if someone would say, ?Here?s what we did. You should be proud of it.? ? As for the Ross-Shepherd spacewalk on STS-27, we still can?t say for certain that it happened. There is another clue, however. On February 14, 2001, astronauts Tom Jones and Robert Curbeam were in the middle of their third spacewalk of space station assembly mission STS-98. NASA public affairs had advertised it beforehand as the 100th American spacewalk. But just as the astronauts were about to say something to mark the event, pilot Mark Polansky radioed them on a private channel to warn them off. According to Jones? 2006 memoir, Skywalking, ?Somebody had done a recount, and discovered that the real 100th EVA [extravehicular activity] had been two days ago on EVA-2.? How could that happen? Had there been a secret spacewalk that never made it into the official tally? Maybe someday we?ll all be cleared to know. Michael Cassutt is a novelist and television writer in Studio City, California. Find this article at: http://www.airspacemag.com/space-exploration/Secret-Space-Shuttles.html?c=y&page=1 From rforno at infowarrior.org Tue Jul 21 01:15:44 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 20 Jul 2009 21:15:44 -0400 Subject: [Infowarrior] - NYC Park outrage - HSBC 'license' agreement Message-ID: <4D8D40C6-845D-41FD-B9FA-8228EEE41116@infowarrior.org> PARK OUTRAGE: HSBC Ad Campaign and the Lawyers Have Taken Over Madison Square Park What follows is a picture of the legal disclaimer that you "sign" just by walking into one of New York City's fine public spaces today: Madison Square Park. This is it! This is the moment that the machines and the lawyers have taken over, creating a Bloombergian cyst of revoltingness! (The lawn of the park, by the way, is closed, so don't try to use your public space today, because the CITY HAS SOLD IT TO HSBC.) What is going on is that the bank called HSBC is having what they call a "soapbox" thing where you, the "park attendee," stand in a kiosk, in front of a picture of a baby or a gadget or a nuclear power plant and explain to cameras how it makes you feel, while you are digesting your Shake Shack burger. THEN THEY WILL MAKE ADS OUT OF YOU. http://www.theawl.com/2009/07/park-horror-hsbc-ad-campaign-and-the-lawyers-have-taken-over-madison-square-park From rforno at infowarrior.org Wed Jul 22 01:16:16 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 21 Jul 2009 21:16:16 -0400 Subject: [Infowarrior] - =?windows-1252?q?BlackBerry_Spyware_Wasn=92t_Read?= =?windows-1252?q?y_for_Prime_Time?= Message-ID: <190CB340-CA11-47B2-88D4-3EDDB40F705E@infowarrior.org> Researcher: BlackBerry Spyware Wasn?t Ready for Prime Time ? By Kim Zetter ? July 21, 2009 | ? 2:47 pm | http://www.wired.com/threatlevel/2009/07/blackberry-spyware/ A BlackBerry software upgrade in the Middle East that turned out to be an e-mail interception program was likely a buggy beta version of a U.S.-made surveillance product, according to an analyst who dissected the malicious code. Sheran Gunasekera, who works as a security consultant in Asia, released a white paper examining the spyware. (.pdf) Gunasekera said the software had no protective measures to obfuscate it, making it easy to decompile and examine ? an unusual flaw for a program designed for surreptitious interception. What?s more, command messages sent to the BlackBerry to initiate and halt interception can be transmitted to the device through e-mail or BlackBerry?s proprietary PIN messaging system. But the PIN messages are visible on the handheld?s screen for a fraction of a second when they arrive and a copy of commands sent via e-mail appear in the user?s inbox, which would conceivably alert an observant user to suspicious activity. Gunasekera says the e-mail command function is turned off by default, apparently because of this glitch. The spyware came to light when Etisalat, a phone and internet service provider in the United Arab Emirates, pushed out a message to its more than 100,000 UAE BlackBerry subscribers on July 8, notifying them that they needed to install a ?performance-enhancement patch? to their devices. Users complained that after installing the patch, the performance of their device degraded and the battery drained. Another researcher named Nigel Gourlay was the first to examine the code and report that it was spyware, designed to intercept a user?s e- mail messages. The program appeared to be written by a U.S.-based company named SS8, which markets surveillance tools to law-enforcement and intelligence agencies. The company hasn?t responded to repeated inquiries from Threat Level. Etisalat has not responded directly to criticism that it abused the trust of customers by lying to them about the nature of the program. Lawful interception in the United States is generally done at the ISP level, not at the client level, although the FBI is allowed to install spyware on an individual suspect?s computing device after obtaining a warrant. Research-in-Motion, which makes the BlackBerry, issued a statement saying that it did not authorize the upgrade and ?was not involved in any way in the testing, promotion or distribution of this software application.? The company has issued a free tool to help BlackBerry users remove the spyware from their phones. Gunasekera said the SS8 spyware is designed to check whether it?s visible in the BlackBerry application folder every time the handheld is rebooted. If it is, it hides itself. The spyware has limited functionality in its present form, because it intercepts only outgoing e-mail messages sent by the user, not incoming ones. It also doesn?t intercept instant messages, BlackBerry PIN messages, phone calls, SMS messages or Bluetooth, wireless or GPS data. Nor does it have the ability to be silently updated with a newer version of the program. The performance degradation and battery drain were caused in part because the program regularly checked every message folder for new messages, draining the processing power. Gunasekera says now that the source code has been released, it can be easily modified by anyone and used to intercept messages from unsuspecting BlackBerry users who are tricked into installing the program. ?[T]here may be possibilities that other, less ethical groups, use this software to aid them in rapidly developing and deploying improved versions of the spyware,? he writes on his blog. Gunasekera has provided a tool on his site to help users search their phones for this or other spyware. He has included source code for the tool, but Threat Level recommends consumers use the official tool provided by Research-in-Motion. From rforno at infowarrior.org Wed Jul 22 21:19:07 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 22 Jul 2009 17:19:07 -0400 Subject: [Infowarrior] - Apple Legal Reportedly Hinders Reporter's Investigation of iPods Catching Fire Message-ID: <11F9AE14-0C5E-43F1-9062-80C286B22B7F@infowarrior.org> Apple Legal Reportedly Hinders Reporter's Investigation of iPods Catching Fire Wednesday July 22, 2009 02:41 PM EST Written by Eric Slivka http://www.macrumors.com/2009/07/22/apple-legal-reportedly-hinders-reporters-investigation-of-ipods-catching-fire/ Amy Clancy of KIRO 7 TV in Seattle reports on her investigation of complaints of iPods overheating, smoldering and catching fire. The complaints, made to the U.S. Consumer Product Safety Commission, amount to over 800 pages of documentation covering 15 incidents that Apple's lawyers repeatedly tried to prevent Clancy from accessing under a Freedom of Information Act request. It took more than 7-months for KIRO 7 Consumer Investigator Amy Clancy to get her hands on documents concerning Apple's iPods from the Consumer Product Safety Commission because Apple's lawyers filed exemption after exemption. In the end, the CPSC released more than 800 pages which reveal, for the very first time, a comprehensive look that shows, on a number of occasions, iPods have suddenly burst into flames, started to smoke, and even burned their owners. The complaints cover a broad array of iPod models over the years and include incidents that occurred while the devices were charging and not. Analysis of the incidents suggests that the lithium-ion batteries used in the iPods are responsible for the overheating. Apple last summer acknowledged that in some cases batteries in the first-generation iPod nano could overheat, leading the company to request that concerned users contact Apple to discuss possible replacement. Apple's replacement policy gained renewed attention earlier this month when South Korean media initially suggested that Apple had issued a full recall of the first-generation iPod nano, although Apple quickly denied that there had been any change in its procedures for the affected devices. While the Consumer Product Safety Commission has not taken action against Apple regarding the overheating iPods, the agency is requesting that Apple continue to keep it abreast of the situation. The agency also notes that Apple has addressed these specific concerns in recent model releases by having changed its battery technology, although similar reports regarding Apple's newer iPod touch models have begun to surface. One of the reasons the CPSC gives for not taking action now is because "the current generation of iPods uses a battery which has not been shown to have similar problems." When asked by Clancy, when this "current generation" of batteries started being used, and what type of battery it is, Apple would not comment. But earlier this year a lawsuit against Apple was filed in Cincinnati because, the lawyer claims, an iPod Touch, one of Apple's newest edition of iPods, also powered by a lithium ion battery, exploded and caught fire while in a teenager?s pocket. The suit claims the boy suffered second-degree burns to his leg, and that the iPod was off at the time. This incident is not included in the CPSC's file. From rforno at infowarrior.org Wed Jul 22 22:15:11 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 22 Jul 2009 18:15:11 -0400 Subject: [Infowarrior] - Report: Fed Lacks Cybersecurity Expertise Message-ID: Cyber IN-Security: Strengthening the Federal Cybersecurity Workforce Author(s): Partnership for Public Service and Booz Allen Hamilton Publication Date: 07/22/2009 President Obama has declared cybersecurity to be ?one of the most serious economic and national security challenges we face as a nation.? Critical government and privatesector computer networks are under constant attack from foreign nations, criminal groups, hackers, virus writers and terrorist organizations. The president?s success in combating these threats and the safety of the nation will depend on implementing a comprehensive and coordinated strategy?a goal that must include building a vibrant, highly trained and dedicated cybersecurity workforce in this country. Our analysis revealed four primary challenges that threaten the quality and quantity of our federal cybersecurity workforce. ? The pipeline of potential new talent is inadequate. ? Fragmented governance and uncoordinated leadership hinders the ability to meet federal cybersecurity workforce needs. ? Complicated processes and rules hamper recruiting and retention efforts. ? There is a disconnect between front-line hiring managers and government's HR specialists. http://ourpublicservice.org/OPS/publications/viewcontentdetails.php?id=135 From rforno at infowarrior.org Thu Jul 23 11:31:39 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 23 Jul 2009 07:31:39 -0400 Subject: [Infowarrior] - Letterman on Twitter Message-ID: Kevin Spacey guested on Letterman last night?and proceeded to (try to) convert David Letterman to Twitter. He was unsuccessful. Perhaps Dave was thinking that the greatest trick the devil ever pulled was convincing the world it should tweet? http://www.cjr.org/the_kicker/letterman_i_dont_know_anything.php I must admit agreeing with Dave's final thought in this video. :) -rf From rforno at infowarrior.org Thu Jul 23 16:09:44 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 23 Jul 2009 12:09:44 -0400 Subject: [Infowarrior] - CJCSM 6510.01A IA/CND Incident Handling Message-ID: <4390806F-0F77-4D66-B7CC-AC270A968E7D@infowarrior.org> CJCSM 6510.01A Information Assurance (IA) and Computer Network Defense (CND) Volume I (Incident Handling Program), 24 Jun 09 http://www.dtic.mil/cjcs_directives/cdata/unlimit/m651001_v1.pdf From rforno at infowarrior.org Thu Jul 23 18:41:11 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 23 Jul 2009 14:41:11 -0400 Subject: [Infowarrior] - House bill would restrict laptop searches Message-ID: <57E54CEC-966C-47FA-AEBF-8DB8DB06068C@infowarrior.org> (c/o DS) http://fcw.com/articles/2009/07/22/sanchez-bill-protects-laptops-at-borders.aspx?s=fcwdaily_230709 House bill would restrict laptop searches DHS would have to perform rule-making to continue searches * By Alice Lipowicz * Jul 22, 2009 A bill pending before a House subcommittee would require the Homeland Security Department to provide official notice and conduct a rule- making if that department wants to continue its laptop searches and data seizures that affect U.S. citizens at all the nation's borders. Under the bill (H.R. 1726) sponsored by Rep. Loretta Sanchez (D- Calif.), DHS officials would be required to perform an open rule- making process with public comment to continue their policy of searching computer laptops belonging to U.S. citizens at the borders. The bill is scheduled for mark-up today by the House Homeland Security Committee?s Border, Maritime and Global Counterterrorism Subcommittee, which is chaired by Sanchez, according to a news release. It is intended to bolster privacy protections for U.S. citizens whose electronic data is seized in such searches, she said. ?This bill preserves the Department of Homeland Security?s broad authority to search individuals and their belongings at our borders, while setting standards to protect travelers? privacy,? Sanchez said. ?In short, the bill strikes the right balance between security and civil liberties by requiring DHS to engage the American public and undertake an open rule-making process.? The National Business Travel Association supports the bill. From rforno at infowarrior.org Fri Jul 24 02:13:15 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 23 Jul 2009 22:13:15 -0400 Subject: [Infowarrior] - Traders Profit With Computers Set at High Speed Message-ID: <4E848A83-560A-4144-A7C0-97929A05E178@infowarrior.org> Traders Profit With Computers Set at High Speed By CHARLES DUHIGG Published: July 23, 2009 http://www.nytimes.com/2009/07/24/business/24trading.html?_r=1&hp It is the hot new thing on Wall Street, a way for a handful of traders to master the stock market, peek at investors? orders and, critics say, even subtly manipulate share prices. It is called high-frequency trading ? and it is suddenly one of the most talked-about and mysterious forces in the markets. Powerful computers, some housed right next to the machines that drive marketplaces like the New York Stock Exchange, enable high-frequency traders to transmit millions of orders at lightning speed and, their detractors contend, reap billions at everyone else?s expense. These systems are so fast they can outsmart or outrun other investors, humans and computers alike. And after growing in the shadows for years, they are generating lots of talk. Nearly everyone on Wall Street is wondering how hedge funds and large banks like Goldman Sachs are making so much money so soon after the financial system nearly collapsed. High-frequency trading is one answer. And when a former Goldman Sachs programmer was accused this month of stealing secret computer codes ? software that a federal prosecutor said could ?manipulate markets in unfair ways? ? it only added to the mystery. Goldman acknowledges that it profits from high-frequency trading, but disputes that it has an unfair advantage. Yet high-frequency specialists clearly have an edge over typical traders, let alone ordinary investors. The Securities and Exchange Commission says it is examining certain aspects of the strategy. ?This is where all the money is getting made,? said William H. Donaldson, former chairman and chief executive of the New York Stock Exchange and today an adviser to a big hedge fund. ?If an individual investor doesn?t have the means to keep up, they?re at a huge disadvantage.? For most of Wall Street?s history, stock trading was fairly straightforward: buyers and sellers gathered on exchange floors and dickered until they struck a deal. Then, in 1998, the Securities and Exchange Commission authorized electronic exchanges to compete with marketplaces like the New York Stock Exchange. The intent was to open markets to anyone with a desktop computer and a fresh idea. But as new marketplaces have emerged, PCs have been unable to compete with Wall Street?s computers. Powerful algorithms ? ?algos,? in industry parlance ? execute millions of orders a second and scan dozens of public and private marketplaces simultaneously. They can spot trends before other investors can blink, changing orders and strategies within milliseconds. High-frequency traders often confound other investors by issuing and then canceling orders almost simultaneously. Loopholes in market rules give high-speed investors an early glance at how others are trading. And their computers can essentially bully slower investors into giving up profits ? and then disappear before anyone even knows they were there. High-frequency traders also benefit from competition among the various exchanges, which pay small fees that are often collected by the biggest and most active traders ? typically a quarter of a cent per share to whoever arrives first. Those small payments, spread over millions of shares, help high-speed investors profit simply by trading enormous numbers of shares, even if they buy or sell at a modest loss. ?It?s become a technological arms race, and what separates winners and losers is how fast they can move,? said Joseph M. Mecane of NYSE Euronext, which operates the New York Stock Exchange. ?Markets need liquidity, and high-frequency traders provide opportunities for other investors to buy and sell.? The rise of high-frequency trading helps explain why activity on the nation?s stock exchanges has exploded. Average daily volume has soared by 164 percent since 2005, according to data from NYSE. Although precise figures are elusive, stock exchanges say that a handful of high-frequency traders now account for a more than half of all trades. To understand this high-speed world, consider what happened when slow- moving traders went up against high-frequency robots earlier this month, and ended up handing spoils to lightning-fast computers. It was July 15, and Intel, the computer chip giant, had reporting robust earnings the night before. Some investors, smelling opportunity, set out to buy shares in the semiconductor company Broadcom. (Their activities were described by an investor at a major Wall Street firm who spoke on the condition of anonymity to protect his job.) The slower traders faced a quandary: If they sought to buy a large number of shares at once, they would tip their hand and risk driving up Broadcom?s price. So, as is often the case on Wall Street, they divided their orders into dozens of small batches, hoping to cover their tracks. One second after the market opened, shares of Broadcom started changing hands at $26.20. The slower traders began issuing buy orders. But rather than being shown to all potential sellers at the same time, some of those orders were most likely routed to a collection of high-frequency traders for just 30 milliseconds ? 0.03 seconds ? in what are known as flash orders. While markets are supposed to ensure transparency by showing orders to everyone simultaneously, a loophole in regulations allows marketplaces like Nasdaq to show traders some orders ahead of everyone else in exchange for a fee. In less than half a second, high-frequency traders gained a valuable insight: the hunger for Broadcom was growing. Their computers began buying up Broadcom shares and then reselling them to the slower investors at higher prices. The overall price of Broadcom began to rise. Soon, thousands of orders began flooding the markets as high-frequency software went into high gear. Automatic programs began issuing and canceling tiny orders within milliseconds to determine how much the slower traders were willing to pay. The high-frequency computers quickly determined that some investors? upper limit was $26.40. The price shot to $26.39, and high-frequency programs began offering to sell hundreds of thousands of shares. The result is that the slower-moving investors paid $1.4 million for about 56,000 shares, or $7,800 more than if they had been able to move as quickly as the high-frequency traders. Multiply such trades across thousands of stocks a day, and the profits are substantial. High-frequency traders generated about $21 billion in profits last year, the Tabb Group, a research firm, estimates. ?You want to encourage innovation, and you want to reward companies that have invested in technology and ideas that make the markets more efficient,? said Andrew M. Brooks, head of United States equity trading at T. Rowe Price, a mutual fund and investment company that often competes with and uses high-frequency techniques. ?But we?re moving toward a two-tiered marketplace of the high-frequency arbitrage guys, and everyone else. People want to know they have a legitimate shot at getting a fair deal. Otherwise, the markets lose their integrity.? From rforno at infowarrior.org Fri Jul 24 18:44:34 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 24 Jul 2009 14:44:34 -0400 Subject: [Infowarrior] - Open Letter To The Financial Media Message-ID: (All I can say is "right on!" --rf) An Open Letter To The Financial Media Submitted by 1-2 on Fri, 07/24/2009 - 11:15 By 1-2 and Marla Singer http://www.zerohedge.com/article/open-letter-financial-media It can hardly have escaped your notice that a battle of epic proportions, simmering at the fringes for months, was this very week finally joined. Pursuing what can only be termed a "mobius strip news cycle" strategy, certain "financial news" programs have taken to throwing those pesky "parasitic" bloggers to the proverbial wolves at every opportunity. Given the tenor of discourse and the ad hominem pursuits of our mainstream colleagues, conveniently beamed right into our offices from the from the otherwise warming glow of our LCD panels, we at Zero IntelligenceHedge welcome the opportunity to contribute to the discussion- not, mind you, because our feelings are hurt (you can?t hurt something that doesn?t bleed), but rather because our appraisal of these attacks puts them on par with the baseless ramblings of the Tourette's afflicted homeless guy who loiters about outside our offices. Pure stream of consciousness, laden with panic and paranoia, and characterized more by shrill tone and volume than a respectable signal to noise ratio. Desperate, and desperately ill. Not so long ago, the dual-class share structure of newspapers was a bedrock principal of media corporate governance. Insulating- the argument went- the paper from the whims of the public was necessary to the independence of the Fourth Estate (can't have pesky shareholders dictating sacrosanct editorial policy, after all). Those days are over. This change is neither the result of some maverick revolt in corporate governance, nor is it the consequence of a dramatic awakening by institutional holders (who would require close order thermonuclear detonations to rouse). It is merely the sad result of the most abject and base squandering of a valuable estate since the Manor of Marr fell into the bloodsucking clutches of early 19th century English probate. The Fourth Estate has spent and leveraged its reputation capital in keeping with the finest traditions of 21st century investment banking. As a consequence, these age-old institutions are quickly for the way of their banking parallels: Bear Stearns and Lehman Brothers. We are actually quite fortunate to witness the historic dying gasps of old media, painfully resisting the very same creative destruction they utilized to, temporarily, supplant town criers, printed pulp, Valueline and teletype as primary sources of daily news-flow. When the future of no lesser institution than the New York Times seems uncertain, and Tribune's only real valued asset is a baseball team (and the Chicago Cubs at that) it becomes difficult to go long old media brands. However, like all dying industries, instead of changing their own ways they choose to attack the new guardians of the estate: New Media. This is not to say "new media" is perfect, far from it. It does, however, have the virtue of being effective. Too effective, in fact, if you ask certain networks. Is it any wonder that we are now in the midst of new "circulation wars" or that the same "yellow journalism" has once again become en vogue? Today, however, we call them "click through rates" and "hard hitting programming." ("Hard hitting" referring primarily to the effect the carefully selected anchors have on viewers of the opposite sex- and so it has been since Arthur "The Desert Fox" Kent went to the sandbox for CNN). It is easy to point fingers, to try to shift blame for what is, at the core, a lack of adaptability. Viewed from a distance, that mainstream media, burdened by its wholesale dependence on personality, would be threatened by anonymous speech is totally unsurprising. How old exactly is the phrase "media personality" after all? How alien must it be to veterans of the business that media without the personality might appeal? How difficult it must be to fight in a ring with someone who doesn't play by the rules, and when there is no ammunition for the only weapons available, the personal attack and the dirt- digger? If the primary complaint is that we have yet to provide a photocopy of our driver's licenses, that is concerning. With this in mind, Ladies and Gentlemen of the media, we would like to make a few points: 1. Anonymous speech is not a crime. You may or may not be aware that there is a long tradition of anonymous speech in the United States. It did not begin here. Not by a long shot. In 509 BC Publius Valerius Publicola and colleagues transformed, with the help of extensive pamphleteering, the monarchy that ruled Rome into a republic by deposing and banishing Lucius Tarquinius Superbus. (What a great anchor name that would make!) The result was twofold. First, the invention of the Roman title of "Consul." Second, the beginning of the Roman Republic. You may recognize "Publius Valerius Publicola," as the precursor later taken by Alexander Hamilton, John Jay and James Madison in the form of "Publius," the pen name over which they wrote the Federalist Papers. We shouldn't have to point out the import of these events. If they escape you, may we recommend the World Book?s new age form, Wikipedia. (Britannica is, as one might expect, as dead as parchment). All this is a long way of pointing out exactly what you are indicting when you belittle pseudonymity. (As an aside, in sophisticated discourse, it pays to know the difference between anonymity and pseudonymity). Confusing identity with reputation is a common error made by the enemies of anonymity. Do we respect the anchor of a well-known financial news channel (roll with us for a minute here) because of his Italian last name? Or do we respect him because of his reputation for hard-hitting financial journalism? Surely some embarrassing moments about his past might cause some snickering. But this is identity, not reputation- certainly not professional reputation. Is it relevant to the content of the news that another anchor on said channel got a wee- bit amorous in a taxi with a woman (or two) not his wife? (Or a woman someone else's wife?) Only insofar as that anchor makes his career about identity, that is personality, instead of reputation. If he does that, he is fair game for all the snark and gossip he whorishly solicits. Since we write under pseudonyms we have but one currency: the quality of our content, and the reputation built since we started writing it. Readers will decide for themselves whether our content is informative and worthy of their time. There is no cloak of personality in which we may hide. Our professional "brands" are just as vulnerable as any reporter on any network. Unless you are a Luddite of some kind we are easy to contact. Contrast this with our experience with you. We have discovered, as it happens, that you never return our e-mails. It is apparently beneath you. Furthermore, owing to our lack of a highly leveraged, publicly held parent, we lack the traditional gatekeepers many personalities use to screen potential "bearers of bad newscorrection." Are there some bloggers out there who seek no more than to rake muck? Of course, but the same can be said for any circle of journalists you may care to name. Our writing is all we have (personality does not interest us) and so we strive to keep it accurate, informative, and interesting- just as any journalist would. Does that mean we consider ourselves journalists? What's in a name? Many of us are closer to op-ed writers. Many of us are purely editors. Some of us even fancy ourselves philosophers. But, may i remind you, editorials are generally written by a ?board? even more anonymous than ourselves- subject to no army of instant-gratification grammar Nazis, and rarely lowering themselves to so much as issue a correction. Think anonymous writers are all scum? Read the Economist some time. As to the personal habits of various mainstream reporters, we are totally uninterested in these details. They are only relevant where they expose the hypocritical tenor of someone who chides anonymous authors to reveal themselves and then hides behind a "no comment" when confronted with his or her own personality defects. Attacking anonymity is the nexus of this misdirection error and an over-reliance on the media value of personality over content. This must end. We've said so long before mainstream media attacked us, not least in our manifesto. Content is what is important here, and none of you seem to understand that. You fall back to personality because it is your last and only hope. We don't care to play along, thank you. Why? 2. Your unveiling motives are less than pure. Demanding the unveiling of anonymous authors is often a pretense for opening the door to personal attacks. We recognize that conflict makes for good prime time television. We understand that producers seek to capitalize on this and that, for reasons obvious even to a first year psychology student, juicy personal attacks draw ratings. Zero Hedge enjoyed a bit of personal experience in this vein when exposed to the high-pressure "are we doing this or what" come-on of a certain financial network producer. We declined, prompting "the talent"'s attempt to savage us on-air (and our largest spike of web traffic theretofore). Interesting as it will be in 20 years for sociologists to study, this is not journalism. Ladies and Gentlemen, one-line zingers and contrived time limits designed to impale your hapless guests do not constitute "constructive conflict" worthy of the your interest in the Fourth Estate, which, incidentally, you do not own, but rather hold in trust on behalf of the citizenry. Want to see real, purposeful conflict on television? Try pulling some 5 or 10 year old archive tapes on the McLaughlin Group, or 1980s vintage runs of the British quiz show "Mastermind." The latter was invented by Bill Wright, a former gunner in the Royal Air Force who based the premise of the show on his experience resisting interrogation by the Gestapo. Do we need to point out that you are out of your league? That was conflict television. Mastermind itself is even purely entertainment (the British love to watch their fellows squirm). Your efforts pale in comparison and, as it happens, your urge to entertain is entirely misplaced when mixed with "financial journalism." We suggest you reflect seriously on this before you put the deci-split-screen up for the [n]th time. Actually, we take it back. Nothing better characterizes everything that is wrong with your approach than the deci-split-screen. As you were. In case it was not already clear, let us just be plain: we are not interested in your ad hominem drama. We are not so in love with fame that we are prepared to subject ourselves to that kind of artifice in exchange for it. We understand this worldview puzzles and frightens you, and that we must seem an opponent no easier to grasp than quantum mechanics (well we have a former physicist among us, so maybe that's a bad example). Look back at real drama and notice that it never needed to be invented in the newsrooms of 1972. Demanding our unveiling is an excuse. An excuse wielded by those who have no content of value to offer. Just to be clear: this means you. 3. The era of personality-centric media needs to end- quickly, and (hopefully) painfully. The fact that you thrive on the momentum of personality-centric reporting does not mean that we do, or that it is the right kind of reporting. Your shrill cries of "coward" in the face of anonymous or pseudonymous authors somehow implies that narcissism is equivalent to bravery. This is, in your case, self-serving. And, frankly, we beg to differ with respect to your basic premise. On the contrary, we think narcissism is cowardice. Personality- centric reporting is the last resort of those who have no valuable content to offer on fading networks with waning delivery channels. Edutainment is a mutation designed (poorly) to forestall total decline. None of you seem to understand that the issue is content, not comment. There was a time when the pinnacle of global discourse came from the newsroom at CBS. When no self-respecting citizen who considered themselves informed would go long without the evening news. What do we have now? Can we not all recognize what a severe devolution this is? When we have Dan Rather's 77 year old face on HDTV, and this program is called "Dan Rather Reports," (the focus on the personality of the host is almost daunting) can we not agree that something is wrong? It is not that Dan Rather's majestic countenance is not comely (well, not only that) but that any countenance at all is a major portion of the visual offering. People, HDTV is for football, not news. If you have any doubt that this is so, consider how many HDTV reports of any weight emerged from Iran this month, or last. Zero. None. Of course. This was easily the most important foreign policy story of the year. Where did the scoops come from? Twitter and YouTube. We don't claim Twitter and YouTube are the next revolution. We think Twitter and YouTube are sort of lame. It's just that they are somewhat less lame than your medium. Stepping back for a moment, that is really quite sad. Video killed the newsroom. Stop trying to jump-start the corpse. 4. You can't fight a dead model. (They don't respond to the sleeper hold at all, and getting caught with one while trying is bad news). It is not our fault or our problem that your business model is dead. We didn't kill it. You did. You killed it when you did a 16 minute expose on the business of porn. You killed it when you stacked the anchor desk with stacked anchors. You killed it when you started writing books for six-figure advances, and schmoozing for access to fill those books with juicy tidbits about (and dialogue from) senior executives on Wall Street. You killed it when you hired an audio producer to dub in dramatic music in times of financial crisis. You killed it when you started paying someone six-figures to create eye- catching graphics. Every dollar you spent on this nonsense was a dollar you took away from the newsroom. Is it any wonder that reporters at the Wall Street Journal are paid shameful trifles while "the talent" (for the unwashed, we mean the TV anchors) rival investment banking paychecks? 5. Take it from us. It's time to punt. When you've gotten to the point where you are attacking online media in order to boost viewing of embedded video clips of your content, inventing fights with new media to boost ratings, when you are boosting online ad revenue this way, might not it be the time to just cut out the expensive cost center middlemen (we are looking at you- in the eye- stacked anchors) and move to online distribution entirely? We've been watching quite carefully and we haven't seen a story above the 5th grade level out of you in over a year. (Except, perhaps for the piece on porn, that was at 7th grade level for sure). Instead it seems clear that you have been reduced to calling us "morons" and "dickweeds." (We can say "fuckhead" in our medium, how about you?) We are sorry to tell you that the last decent movie John Hughes wrote was Uncle Buck. (Some people cite Home Alone, which came out a year later, but we think this nonsense). That is to say, personal attacks, one-liners, snarky comedy and "zingers" were funnier in 1989. It is now 2009, and no one is going to play "Don't You Forget About Me" while you walk away through the parking lot after work. (That is unless your producer hangs speakers out the window). If you want to drop a zinger here and there, better make sure it is bracketed on both sides with some real content. Stick to parody and satire. Name calling only works for awhile. 6. Get out of the cycle of co-personality-dependence. When your biggest ratings and embedded hit counts come from fights between the various gargantuan egos on your anchor desk it should tell you two things. First, that your have become addicted to on-air sideshows. Second, that you have hauled your audience down with you into the blackness of personality-dependence addiction. They are so starved for something real that they cannot comprehend that there might be something better than watching someone scream and push buttons to produce canned sound effects, or call a fellow anchor an intellectual lightweight. Of course, when you run out of material for staged, behind-the-scenes drama, we are the next easiest target. We are shocked. May we recommend something novel? Investigate something other than your co-anchor. How about fraud? Groundbreaking, we know. All our criticism aside for a moment, we recognize that in many ways it is not your fault. A drowning institution grasps at anything that floats. If we are discouraged by anything it is your inability to just swim on your own. Perhaps it has been so long that you've forgotten how. That's easy to fix. Kick your legs. Breathe. Do a lap. Trust us. They get easier. Meanwhile, we'll keep researching and writing. See you for couple's swim! From rforno at infowarrior.org Fri Jul 24 18:46:57 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 24 Jul 2009 14:46:57 -0400 Subject: [Infowarrior] - Associated Press Tries To DRM The New Message-ID: <020FAD06-FAAA-4A46-80B6-B41BF62BF312@infowarrior.org> Associated Press Tries To DRM The News from the good-luck-with-that dept http://techdirt.com/articles/20090723/1858235640.shtml DRM has failed in almost every instance it's been tried. Not only does it fail to actually prevent copying, it tends to piss off legitimate users and limit value rather than enhance it. And yet... people keep trying. But, honestly, I can't think of anything as pointless as the latest move from the Associated Press which appears to be an attempt to DRM the news. That's not what they call it, but that's what it sounds like: The Associated Press Board of Directors today directed The Associated Press to create a news registry that will tag and track all AP content online to assure compliance with terms of use. The system will register key identifying information about each piece of content that AP distributes as well as the terms of use of that content, and employ a built-in beacon to notify AP about how the content is used.... The registry will employ a microformat for news developed by AP and which was endorsed two weeks ago by the Media Standards Trust, a London-based nonprofit research and development organization that has called on news organizations to adopt consistent news formats for online content. The microformat will essentially encapsulate AP and member content in an informational "wrapper" that includes a digital permissions framework that lets publishers specify how their content is to be used online and which also supplies the critical information needed to track and monitor its usage. Hopefully I haven't "violated" that rule by quoting the section above. It really does sound like the mythical dreams of DRM that the software industry discussed two decades ago and the music industry discussed a decade ago. Neither one worked -- and both of those were (theoretically) a lot more "protectable" than news. Honestly, it's difficult to think of anything quite this useless: ? It won't work. It physically can't work. News is news. You can't put any real DRM on it, because it's so easy to copy text and remove any sort of "registry" tags. ? It removes value. Nothing in this move increases the value of the AP's content to anyone. It does the opposite. It significantly limits the value, and for those who actually want to help promote the content, it now gives you extra incentives not to do so. ? It's a waste of AP resources. At a time when the AP should be focusing on looking for ways to add value to create a better business model, it's now about to throw away money, time and staff on putting together a DRM for news that doesn't work? Talk about screwed up priorities. This has been said before (multiple times) but you don't rescue your business model by "protecting" against what people want to do. You don't rescue your business model by wasting resources trying to hold back what people want to do. You rescue your business by providing more value and figuring out a way to monetize that value. Putting bogus DRM on news does none of that. It only hastens failure. From rforno at infowarrior.org Fri Jul 24 18:49:22 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 24 Jul 2009 14:49:22 -0400 Subject: [Infowarrior] - The economics of Botnets Message-ID: <5B021CF3-93AA-4308-A529-72991FFD1AFE@infowarrior.org> The economics of Botnets Jul 22 2009 | comment Yury Namestnikov In the past ten years, botnets have evolved from small networks of a dozen PCs controlled from a single C&C (command and control center) into sophisticated distributed systems comprising millions of computers with decentralized control. Why are these enormous zombie networks created? The answer can be given in a single word: money. < - > http://www.viruslist.com/en/analysis?pubid=204792068 From rforno at infowarrior.org Fri Jul 24 23:45:28 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 24 Jul 2009 19:45:28 -0400 Subject: [Infowarrior] - Network Solutions Hack Compromises 573, 000 Credit, Debit Accounts Message-ID: <90138F28-B528-4922-ABD2-3C23F1DC6740@infowarrior.org> (c/o Jericho) Network Solutions Hack Compromises 573,000 Credit, Debit Accounts http://voices.washingtonpost.com/securityfix/2009/07/network_solutions_hack_comprom.html Hackers have broken into Web servers owned by domain registrar and hosting provider Network Solutions, planting rogue code that resulted in the compromise of more than 573,000 debit and credit card accounts over the past three months, Security Fix has learned. Herndon, Va. based Network Solutions discovered in early June that attackers had hacked into Web servers the company uses to provide e- commerce services - a package that includes everything from Web hosting to payment processing -- to at least 4,343 customers, mostly mom-and-pop online stores. The malicious code left behind by the attackers allowed them to intercept personal and financial information for customers who purchased from those stores, Network Solutions spokeswoman Susan Wade said. Wade said the company is working with federal law enforcement and a commercial data breach forensics team to determine the cause and source of the break-in. The payment data stolen was captured from transactions made between March 12, 2009 and June 8, 2009. On Friday, Network Solutions began notifying affected customers by e- mail and postal mail. Due to the potential high cost of notifying individual victims, the hosting company is offering to handle the notification of affected customers of the breached online stores. Forty-five states and the District of Columbia have enacted laws requiring organizations to notify consumers when a data breach or loss jeopardizes the security of personal and financial data, but the rules for complying with those laws differ from state to state. "We feel terribly about it to burden them with the notification process, which can be kind of tricky because there is no one federal data breach statute," Wade said. Network Solutions also is offering to pay for 12 months of credit monitoring service through Trans Union for each consumer whose financial and personal data was compromised. From rforno at infowarrior.org Fri Jul 24 23:51:02 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 24 Jul 2009 19:51:02 -0400 Subject: [Infowarrior] - Skype singled out as threat to Russia's security Message-ID: Skype singled out as threat to Russia's security Fri Jul 24, 2009 11:49am EDT http://www.reuters.com/article/technologyNews/idUSTRE56N41I20090724?feedType=RSS&feedName=technologyNews&rpc=22&sp=true By Simon Shuster and Anastasia Teterevleva MOSCOW (Reuters) - Russia's most powerful business lobby moved to clamp down on Skype and its peers this week, telling lawmakers that the Internet phone services are a threat to Russian businesses and to national security. In partnership with Prime Minister Vladimir Putin's political party, the lobby created a working group to draft legal safeguards against what they said were the risks of Skype and other Voice over Internet Protocol (VoIP) telephone services. VoIP software has used the Internet to let hundreds of millions of people talk long-distance for free, or at far cheaper rates than traditional service providers can offer. At a meeting of the lobby this week, telecom executives portrayed the most popular VoIP programs like Skype and Icq as encroaching foreign entities that the government must control. "Without government restrictions, IP telephony causes certain concerns about security," the lobby's press release said. "Most of the service operators working in Russia, such as Skype and Icq, are foreign. It is therefore necessary to protect the native companies in this sector and so forth." Skype was not immediately available for comment. In a presentation posted on the lobby's Web site, Vice President of TTK, a telecoms unit of state-owned Russian Railways, Vitaly Kotov, called on regulators to stop VoIP services from causing "a likely and uncontrolled fall in profits for the core telecom operators." Valery Ermakov, deputy head of Russia's No.3 mobile phone firm MegaFon, drove the point home with a picture of two hands in handcuffs, the caption running, "protect investments and fight VoIP services." Delegates at the meeting also warned that it has been impossible for police to spy on VoIP conversations, Vedomosti business daily reported on Friday. The lobby, called the Russian Union of Industrialists and Entrepreneurs, forecast that 40 percent of calls could be made through VoIP services by 2012. As an alternative to Skype and its peers, the telecom executives proposed creating VoIP services inside their own firms, which would then make them safely available to the Russian public. "MegaFon is interested in this market. We're interested in providing analogous services. We don't support limiting competition, but we want the market to be civilized," Ermakov said. TTK's press service said on Friday that it will take until September for the relevant legal amendments to be drafted by the special committee, whose members include top telecoms executives and lawmakers from Putin's United Russia party. (Editing by Rupert Winchester) From rforno at infowarrior.org Sat Jul 25 16:57:55 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 25 Jul 2009 12:57:55 -0400 Subject: [Infowarrior] - Citing Privacy Concerns, Senate Seeks Legal Justifications for Govt. Cybersecurity Plan Message-ID: <0423E2DA-8D5F-4706-BCC8-E031DDA1A1DF@infowarrior.org> Citing Privacy Concerns, Senate Seeks Legal Justifications for Govt. Cybersecurity Plan ? By Kim Zetter ? July 24, 2009 | ? 5:44 pm | ? Categories: Cyber Warfare, Cybersecurity http://www.wired.com/threatlevel/2009/07/senators-demand-cybersecurity/ The Senate Intelligence Committee is demanding that the Obama administration supply it with the legal justifications it has produced for conducting government cybersecurity operations, or face losing funding for the projects, NextGov reports. ?During the next three years, the executive branch will begin new and unprecedented cybersecurity programs with new technology,? the senators write in a report (.pdf) released Wednesday, which accompanies the senate?s version of the FY2010 Intelligence Authorization Act, which will be voted on at an undetermined date. These new technologies ? which go beyond standard firewall and anti- virus protection products, the senators write in their report ? pose new legal and ?significant potential privacy implications,? which makes ?congressional and Executive oversight particularly important.? The report mentions privacy concerns about e-mail or other electronic communications intended for personnel in one government agency or department but that is forwarded to another department ? such as the Department of Homeland Security or an intelligence agency ? as part of a cybersecurity program intended to protect government networks. DHS is tasked with protecting non-military government networks, while the National Security Agency has been tasked with protecting military networks and providing advice to DHS about non-military networks. Before the senators are willing to approve full funding for the government?s Comprehensive National Cybersecurity Initiative (CNCI) ? the highly classified government cybersecurity plan established last year by the Bush administration to protect government networks ? the committee wants the administration to provide any legal justifications the Justice Department?s Office of Legal Counsel has produced for the cybersecurity programs, any certifications of the programs? legality, as well as any privacy-impact assessments that have been conducted on the programs and information about any plans for an independent audit or review of the programs. The senators are asking for the same documentation for any programs already in operation, to be submitted within 30 days of the enactment of the Authorization Act. The DoJ Office of Legal Counsel is the office where former deputy assistant attorney general John Yoo produced constitutionally questionable memos providing legal justification for the Bush administration?s torture and warrantless wiretapping programs. In addition to the documentation mentioned, the senate committee, which is chaired by Senator Dianne Feinstein (D - California) also wants the directors of the Office of National Intelligence and the Department of Homeland Security to submit by January 1, 2010, a comprehensive assessment of cybersecurity threats and vulnerabilities, and calls on the Obama administration to create ?a survivable government communications network to sustain critical national security functions under and following [a] major cyber attack.? In the comments section of the report, the senators reveal that because the secretive CNCI gave the intelligence community ?key national roles in cyber security,? the committee has expended much effort in examining the issues around cybersecurity, including holding six closed-door cyber hearings in the last two years and compiling several six-month studies through its Technical Advisory Group. They chastise the government?s ?prior reluctance to invite Congress into the cybersecurity debate in a timely manner? (presumably referring to the Bush administration?s secrecy around the CNCI) and assert that the administration must now make it a priority to clearly communicate its cybersecurity plan to the public. ?Though some elements must be classified, it is important that the U.S. people understand the government?s basic role in helping to secure information networks,? they write. ?The general rules and expectations for government involvement, and how these may affect privacy, must be clearly explained.? Equally important is the government?s communication on the international front with regard to cyber warfare and other activity. The committee calls for strong international outreach with traditional allies and other key nations to develop a consensus about what cyber activities ?will be promoted, tolerated and censured? and says that an international framework for cyber warfare ?is needed to govern this rapidly growing field.? Photo: Susan Walsh/AP From rforno at infowarrior.org Sat Jul 25 17:31:52 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 25 Jul 2009 13:31:52 -0400 Subject: [Infowarrior] - Report: Bush Mulled Sending Troops Into Buffalo Message-ID: Report: Bush Mulled Sending Troops Into Buffalo By THE ASSOCIATED PRESS Filed at 12:09 p.m. ET http://www.nytimes.com/aponline/2009/07/25/us/politics/AP-US-Terror-Domestic-Raid.html?pagewanted=print WASHINGTON (AP) -- The Bush administration in 2002 considered sending U.S. troops into a Buffalo, N.Y., suburb to arrest a group of terror suspects in what would have been a nearly unprecedented use of military power, The New York Times reported. Vice President Dick Cheney and several other Bush advisers at the time strongly urged that the military be used to apprehend men who were suspected of plotting with al Qaida, who later became known as the Lackawanna Six, the Times reported on its Web site Friday night. It cited former administration officials who spoke on condition of anonymity. The proposal advanced to at least one-high level administration meeting, before President George W. Bush decided against it. Dispatching troops into the streets is virtually unheard of. The Constitution and various laws restrict the military from being used to conduct domestic raids and seize property. According to the Times, Cheney and other Bush aides said an Oct. 23, 2001, Justice Department memo gave broad presidential authority that allowed Bush to use the domestic use of the military against al-Qaida if it was justified on the grounds of national security, rather than law enforcement. Among those arguing for the military use besides Cheney were his legal adviser David S. Addington and some senior Defense Department officials, the Times reported. Opposing the idea were Condoleezza Rice, then the national security adviser; John B. Bellinger III, the top lawyer at the National Security Council; FBI Director Robert S. Mueller III; and Michael Chertoff, then the head of the Justice Department's criminal division. Bush ultimately nixed the proposal and ordered the FBI to make the arrests in Lackawanna. The men were subsequently arrested and pleaded guilty to terrorism-related charges. Scott L. Silliman, a Duke University law professor specializing in national security law, told the Times that a U.S. president had not deployed the active-duty military on domestic soil in a law enforcement capacity, without specific statutory authority, since the Civil War. From rforno at infowarrior.org Mon Jul 27 14:14:44 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 27 Jul 2009 10:14:44 -0400 Subject: [Infowarrior] - At a Border Crossing, Security Trumps Openness Message-ID: At a Border Crossing, Security Trumps Openness By NICOLAI OUROUSSOFF MASSENA, N.Y. ? It has been nearly eight years since the 9/11 terrorist attacks, but the fears and anxieties they gave rise to continue to take a toll on the design of public buildings. Even the words ?United States,? it seems ? when spelled out in the wrong size and color ? can be an unacceptable security risk. Four years ago, when the federal General Services Administration unveiled its plans for a new border-crossing station here in northeastern New York State, the design was presented as part of the agency?s campaign to raise the dismal standards of government architecture. Even many in the famously fractious architectural community celebrated the complex ? particularly its main building, emblazoned with glossy yellow, 21-foot-high letters spelling ?United States? ? as a rare project the government could point to with pride. The Customs and Border Protection agency of the Department of Homeland Security seemed to like it too. After years of working closely with the architects, the New York firm of Smith-Miller & Hawkinson, the agency signed off on the final version of the project in 2007. Yet three weeks ago, less than a month after the station opened, workers began prying the big yellow letters off the building?s facade on orders from Customs and Border Protection. The plan is to dismantle the rest of the sign this week. ?At the end of the day, I think they were somewhat surprised at how bold and how bright it was,? said Les Shepherd, the chief architect of the General Services Administration, referring to the customs agency?s sudden turnaround. ?There were security concerns,? said Kelly Ivahnenko, a spokeswoman for the customs agency. ?The sign could be a huge target and attract undue attention. Anything that would place our officers at risk we need to avoid.? < - > http://www.nytimes.com/2009/07/27/arts/design/27border.html?_r=1&pagewanted=print From rforno at infowarrior.org Tue Jul 28 03:13:06 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 27 Jul 2009 23:13:06 -0400 Subject: [Infowarrior] - P2P Hearing on Congress 7/29 Message-ID: <1AC7C5CE-E075-473D-B543-CEA04C796DFD@infowarrior.org> Thursday, July 23, 2009 Oversight Committee to Examine Risks of Peer to Peer Networks http://oversight.house.gov/story.asp?ID=2554 For Immediate Release: Thursday, July 23, 2009 Contact: Committee on Oversight and Government Reform Press Office, (202) 225-5051 Oversight Committee to Examine Risks of Peer to Peer File Sharing Washington, DC ? On Wednesday, July 29, 2009, the Committee on Oversight and Government Reform will hold a hearing titled: ?Inadvertent File Sharing Over Peer-To-Peer Networks: How it Endangers Citizens and Jeopardizes National Security.? The hearing, which will take place at 10:00 a.m. in room 2154 Rayburn House Office Building, will examine the dangers associated with peer-to-peer (P2P) file sharing, including the problem of inadvertent file sharing and the privacy and security risks associated with the use of LimeWire software. Witness List*: Mr. Mark Gorton Chairman The Lime Group Mr. Robert Boback Chief Executive Officer Tiversa, Inc. Mr. Thomas D. Sydnor, II Senior Fellow & Director Center for the Study of Digital Property The Progress and Freedom Foundation From rforno at infowarrior.org Tue Jul 28 11:29:47 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 28 Jul 2009 07:29:47 -0400 Subject: [Infowarrior] - DHS Tornado Alley Lab idiocy questioned Message-ID: Infectious Diseases Study Site Questioned Tornado Alley May Not Be Safe, GAO Says By Carol D. Leonnig Washington Post Staff Writer Monday, July 27, 2009 http://www.washingtonpost.com/wp-dyn/content/article/2009/07/26/AR2009072602857_pf.html The Department of Homeland Security relied on a rushed, flawed study to justify its decision to locate a $700 million research facility for highly infectious pathogens in a tornado-prone section of Kansas, according to a government report. The department's analysis was not "scientifically defensible" in concluding that it could safely handle dangerous animal diseases in Kansas -- or any other location on the U.S. mainland, according to a Government Accountability Office draft report obtained by The Washington Post. The GAO said DHS greatly underestimated the chance of accidental release and major contamination from such research, which has been conducted only on a remote island off the United States. DHS staff members tried quietly last week to fend off a public airing of the facility's risks, agency correspondence shows. Department officials met privately with staff members of a congressional oversight subcommittee to try to convince them that the GAO report was unfair, and to urge them to forgo or postpone a hearing. But the House Energy and Commerce Committee's oversight and investigations subcommittee, chaired by Rep. Bart Stupak (D-Mich.), decided otherwise. It plans to hold a hearing Thursday on the risk analysis, according to two sources briefed on the plans. The criticism of DHS's site selection comes as the proposed research lab, the National Bio and Agro-Defense Facility (NBAF), was expected to win construction funding in the congressional appropriations process. "Drawing conclusions about relocating research with highly infectious exotic animal pathogens from questionable methodology could result in regrettable consequences," the GAO warned in its draft report. DHS's review was too "limited" and "inadequate" to decide that any mainland labs were safe, the report found. GAO officials declined to comment on the findings. The new developments started another round of accusations that politics steered DHS's decision in January to build the proposed lab in Manhattan, Kan. Critics of the choice argue that a Kansas contingent of Republican Sens. Sam Brownback and Pat Roberts and then- Gov. Kathleen Sebelius, a Democrat, aggressively lobbied DHS to pick their state. Records show that a DHS undersecretary and his site selection committee met frequently with the senators, one of whom is a member of an appropriations subcommittee that helps set DHS funding. A Texas consortium that hoped to lure the DHS facility to San Antonio argues that the agency has wasted millions of dollars trying to justify its choice, and said the GAO's findings show that the selection method was "preposterous." "They call it 'Tornado Alley' for a reason," said Michael Guiffre, an attorney for the consortium. "This really boils down to politics at its very worst and public officials who are more concerned about erecting some gleaming new research building than thinking about what's best for the general public." DHS officials and Kansas leaders say the selection system, which began in late 2006, was always fair and open. Brownback has noted that George W. Bush was president in mid-January when his home state of Texas lost the competition. "The process involved a transparent six-year process, run by career civil servants and punctuated with multiple public meetings near each finalist location," DHS spokesman Matthew Chandler said. The DHS lab would replace and expand upon the mission of a federal research facility on a remote island on the northern tip of Long Island, N.Y. Critics of moving the operation to the mainland argue that a release could lead to widespread contamination that could kill livestock, devastate a farm economy and endanger humans. Along with the highly contagious foot-and-mouth disease, NBAF researchers plan to study African swine fever, Japanese encephalitis, Rift Valley fever and other viruses. GAO's draft report said the agency's assessment of the risk of accidental release of toxins on mainland locations, including Kansas, was based on "unrepresentative accident scenarios," "outdated modeling" and "inadequate" information about the sites. The agency's analysis of the economic impact of domestic cattle being infected by foot-and-mouth disease played down the financial losses by not considering the worst-case scenario. The agency noted that the United Kingdom's outbreak of foot-and-mouth disease in 2001, which resulted from an accidental release at a biological research laboratory south of London. Six million sheep, cattle and pigs were slaughtered to stop the contamination, and the country's agriculture market, comparatively a fraction of the U.S. market, lost $4.9 billion. DHS had cited a foot-and-mouth disease facility in Winnipeg, Manitoba, as evidence that doing this research on the mainland is safe. But GAO said that is illogical: The NBAF would have a less sophisticated method for containing releases than the Winnipeg lab, it said, but would handle as many as 10 times the number of animals. Selecting a spot for the lab has been rife with political battling and vigorous lobbying from five states that were finalists. Though the general public repeatedly voiced concern about the safety of such research, elected leaders were seeking the $3.5 billion jolt that the facility was expected to bring to its host's economy. Critics of the selection of Kansas note that DHS Undersecretary Jay Cohen and others met often with the state's senators. Brownback said this month that he had helped add $36 million to a Senate bill to build the Kansas facility, and that he would work for the same in the House. "We fought hard for this funding, and I'm glad my colleagues in the Senate realized the significant role this facility will play in researching emerging diseases that could endanger our food supply," he said on his Web site. In recent days, DHS science officials involved in choosing the Manhattan site, adjoining Kansas State University, told Secretary Janet Napolitano's top staff members that GAO exceeded its authority in reviewing the agency's risk assessment, according to internal correspondence shared with The Post. Chandler confirmed that agency staff members told the Energy and Commerce subcommittee staff members in their meeting last Monday that DHS would prefer not to have a hearing now. DHS officials were not trying to avoid discussing the issue during the appropriations process, Chandler said, but wanted to avoid wasting the agency's and committee's time until they saw the final GAO report. "This has nothing to do with politics," Chandler said. "This is about logical reasoning . . . and was in the interest of everyone's time." From rforno at infowarrior.org Tue Jul 28 12:38:48 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 28 Jul 2009 08:38:48 -0400 Subject: [Infowarrior] - IBM to Buy SPSS for $1.2 Billion Message-ID: <70FE5653-9F1D-4D0D-9314-0753222F3D48@infowarrior.org> IBM to Buy SPSS for $1.2 Billion to Gain Analytics (Update1) http://www.bloomberg.com/apps/news?pid=20601087&sid=aoMQ.s71r3UI By Julie Alnwick July 28 (Bloomberg) -- International Business Machines Corp., the world?s biggest computer-services provider, said it will buy SPSS Inc. for about $1.2 billion in cash to gain analytics software. The per-share price is $50, the companies said today in a statement. Chicago-based SPSS?s technologies help businesses assess data, determining demand and analyzing patterns to detect fraud. IBM, led by Chief Executive Officer Sam Palmisano, will use the purchase to bolster the software business, where profit margins are more than twice as big as in services. Palmisano pledged this year to ?go on offense? in the global recession, making acquisitions and investing in research. This month, IBM raised its full-year profit target to $9.70 a share from $9.20. Armonk, New York-based IBM dropped 1 cent yesterday $117.63 on the New York Stock Exchange. SPSS was halted in early trading after closing at $35.09 yesterday on the Nasdaq Stock Market. The companies expect the transaction to close in the second half of the year. (SPSS will hold a conference call at 10 a.m. New York time today to discuss the transaction. To listen, go to www.spss.com/invest.) To contact the reporter on this story: Julie Alnwick in New York at jalnwick at bloomberg.net From rforno at infowarrior.org Tue Jul 28 15:15:34 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 28 Jul 2009 11:15:34 -0400 Subject: [Infowarrior] - Sprint-Nextel to acquire Virgin Mobile USA Message-ID: <5BF36415-8C60-455C-8E44-479A7A2D63F2@infowarrior.org> Sprint-Nextel to acquire Virgin Mobile USA By Paul Taylor in New York Published: July 28 2009 15:35 | Last updated: July 28 2009 15:35 http://www.ft.com/cms/s/0/12c64f08-7b83-11de-9772-00144feabdc0.html?referrer_id=yahoofinance&ft_ref=yahoo1&segid=03058&nclick_check=1 Sprint Nextel, the third largest US mobile network operator, agreed to acquire Virgin Mobile USA, a leading prepaid phone company, in an all stock deal valued at $5.50 per share or $483m including Sprint?s existing 13.1 per cent stake in Virgin Mobile USA. The deal, which is expected to close in the fourth quarter or early next year, will enable Sprint to significantly expand it presence in the US prepaid phone market and combine Virgin Mobile USA, set up by Richard Branson?s Virgin group, with its existing Boost Mobile prepaid unit. Boost Mobile has emerged as a key growth driver for Sprint which has been struggling to stem post paid subscriber losses following its $36bn acquisition of Nextel in 2005. The prepaid market in the US has benefited recently as consumers, concerned about job losses and facing an uncertain economic outlook, have turned to prepaid plans as a way to control mobile phone spending. Sprint already provides the network capacity for Virgin Mobile USA which has mainly targeted young subscribers making integration relatively straight forward. After the deal closes, Sprint?s prepaid business will be run by Dan Schulman, Virgin Mobile USA?s chief executive. The transaction represents a 31 percent premium to Virgin Mobile?s Monday closing share price of $4.21. When the deal closes, Sprint will retire Virgin Mobile USA?s outstanding debt, which is expected to be no more than $205m at the end of September. Sprint plans to issue between 81.4 million and 104.7 million shares in exchange for all Virgin Mobile USA common and preferred stock that it does not already own. The stock has ranged from 60 cents to $5.31 over the past year. Copyright The Financial Times Limited 2009 From rforno at infowarrior.org Wed Jul 29 02:38:41 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 28 Jul 2009 22:38:41 -0400 Subject: [Infowarrior] - Future of Cyber Security: Hackers Have Grown Up Message-ID: (c/o St) Future of Cyber Security: Hackers Have Grown Up By Kevin Poulsen | 07.28.09 http://www.wired.com/dualperspectives/article/news/2009/07/dp_security_wired0728 Late last year, the software engineers developing a new Windows-based networking client confronted an all-too-common problem in today's hostile internet environment: How would they make their software resistant to the legions of enemies waiting to attack it? Particularly worrisome was a key feature of their code, a mechanism to accept updates online. If it were subverted, an attacker could slip his own program into an installed base of millions of machines. The coders decided to fortify their software with MIT's brand-new, high-security cryptographic hashing algorithm called MD-6. It was an ambitious choice: MD-6 had been released just two months before, and hadn't yet faced the rigors of real-life deployment. Sure enough, the move seemed to backfire when a security hole was found in MD-6's reference implementation not long after the launch. But the coders rallied, and pushed out a corrected version in a new release of their software just weeks later. It would be a model for secure software development, except for one detail: The "Windows-based networking client" in the example above is the B-variant of the spam-spewing Conficker worm; the corrected version is Conficker C, and the hard-working security-minded coders and software engineers? A criminal gang of anonymous malware writers, likely based in Ukraine. The very first real-world use of MD-6, an important new security algorithm, was by the bad guys. This is the future of hacking: professional, smart, and above-all well- funded. In the old days, hackers were mostly kids and college-age acolytes sowing their wild oats before joining the establishment. Today, the best hackers have the skill and discipline of the best legitimate programmers and security gurus. They're using mind-bending obfuscation techniques to deliver malicious code from hacked websites undetected. They're writing malware for mobile phones and PDAs. The underground has even embraced the next-generation internet protocol IPv6, according to research by IBM -- setting up IPv6 chat rooms, file stores and websites, even as legitimate adoption lags. Ten years ago, an oft-repeated aphorism held that hackers were unskilled vandals: Just because they can break a window, doesn't mean they could build one. Today's bad guys could handcraft the stained glass in the Sainte- Chapelle. Money is the catalyst for this change: Computer criminals are scooping in millions through various scams and attacks. The best hackers are growing up in Russia and former Soviet satellite states, where there are fewer legitimate opportunities for smart coders. "If you're a sophisticated team of software developers, but you happen to be in Eastern Europe, what's your way of raising a lot of money?" says Phillip Porras, the cyber threat expert at SRI International who dissected Conficker. "Maybe we're dealing with business models that work for countries where it's more difficult for them to sell mainstream software." One result is hacking-as-a-service. Want your custom code installed in a botnet of hacked machines? It'll cost you $23 for a 1,000 computers, $130 if you want them exclusively, says Uri Rivner, head of new technologies at security company RSA. Or you can pay for a custom Trojan horse that will sneak past anti-virus software, or a toolkit that will let you craft your own. "They actually have a testing lab where they test their malicious code against the latest anti-virus companies," says Rivner, whose group closely monitors the underground. While most computer criminals are "thugs," the programmers and software entrepreneurs supplying them are scary-smart, he says. Particularly disturbing to security experts is the speed with which the bad guys are jumping on newly disclosed vulnerabilities. "Even one year ago, a lot of these web exploit toolkits were using vulnerabilities that had been discovered one or two years prior," says Holly Stewart, Threat Response Manager at IBM's X-Force. "They were really, really old.... That has really changed, especially this year. We're seeing more and more current exploits go into these toolkits. And we're seeing exploits come out that are even just a couple days after the vulnerability announcement." Even worse, hackers are finding or purchasing their own vulnerabilities, called "zero day" exploits, for which no security patch exists. With real money to be had, there's evidence that legitimate security workers are being tempted themselves. In April, federal prosecutors filed a misdemeanor conspiracy charge against security consultant Jeremy Jethro for allegedly selling a "zero day" Internet Explorer exploit to accused TJ Maxx hacker Albert Gonzales. The price tag: $60,000. It could take a lot of consulting gigs to make that kind of money performing penetration tests. The change is being felt at every level of the cyber security world. When SRI's Porras dug into the Conficker worm -- which still controls an estimated 5 million machines, mostly in China and Brazil -- the update mechanism initially baffled him and his team. "I know a lot of people stared at that segment of code and couldn't figure out what it was," he says. It wasn't until crypto experts analyzed it that they realized it was MD-6, which at the time was available only from the websites of MIT and the U.S. National Institute of Standards and Technologies. Other portions of Conficker were equally impressive: the way it doggedly hunts for anti-virus software on a victim's machine, and disables it; or the peer-to-peer mechanism. "There were points where it was pretty clear that certain major threads inside Conficker C seemed to be written by different people," he says. "It left us feeling that we had a more organized team that brought different skills to bear.... They aren't people who have day jobs." Looking back, the first 20 years in the war between hackers and security defenders was pretty laid back for both sides. The hackers were tricky, sometimes even ingenious, but rarely organized. A wealthy anti-virus industry rose on the simple counter-measure of checking computer files for signatures of known attacks. Hackers and security researchers mixed amiably at DefCon every year, seamlessly switching sides without anyone really caring. From now on, it's serious. In the future, there won't be many amateurs. From rforno at infowarrior.org Wed Jul 29 02:47:40 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 28 Jul 2009 22:47:40 -0400 Subject: [Infowarrior] - Apple climbs on the cybergeddon bandwagon Message-ID: <157E3063-348D-410B-A677-56008CD8BDC0@infowarrior.org> Way to spread the FUD, Apple. Time to ratchet up that Reality Distortion Field..... -- rick http://www.wired.com/threatlevel/2009/07/jailbreak/ The nation?s cellphone networks could suffer ?potentially catastrophic? cyberattacks by iPhone-wielding hackers at home and abroad if iPhone owners are permitted to legally jailbreak their shiny wireless devices ? that?s what Apple claims. < - > By tinkering with this code, ?a local or international hacker could potentially initiate commands (such as a denial of service attack) that could crash the tower software, rendering the tower entirely inoperable to process calls or transmit data,? Apple wrote the government. ?Taking control of the BBP software would be much the equivalent of getting inside the firewall of a corporate computer ? to potentially catastrophic result. ?The technological protection measures were designed into the iPhone precisely to prevent these kinds of pernicious activities, and if granted, the jailbreaking exemption would open the door to them,? Apple added. Threat Level had no idea the iPhone was so dangerous. We?re gratified that Apple locked down this potential weapon of mass disruption before hackers could unleash cybarmageddon. This also explains why Apple rejected the official Google Voice App for the iPhone this week. We thought it was because Google Voice posed a threat to AT&T?s exclusivity deal with Apple. Now we know it threatened national security. < - > From rforno at infowarrior.org Wed Jul 29 02:50:08 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 28 Jul 2009 22:50:08 -0400 Subject: [Infowarrior] - NYSE data exposed on FTP server Message-ID: <4F7115EB-1C7B-402A-A38F-D675A4D962FB@infowarrior.org> http://www.wired.com/threatlevel/2009/07/nyse/#more-7453 Sensitive information about the technical infrastructure of the New York Stock Exchange computer network was left unsecured on a public server for possibly more than a year, Wired.com has learned. The data was removed after Wired.com disclosed the situation to the NYSE. It included several directories of files containing logs, server names, IP addresses, lists of hardware, lists of software versions running on the network, and configuration and patch histories (including which patches have not yet been installed). It was all available on a publicly accessible, unprotected FTP server maintained by EMC, a company that sells storage systems and managed services to the NYSE and other companies. ?We have discussed the matter with EMC, and at this point we believe that there has been no impact on our operations or our customers,? said NYSE spokeswoman Mirtha Medina in an e-mail. EMC?s executive team includes Art Coviello, who is also president of RSA Security, which EMC bought in 2006. Per EMC's web site: "Coviello?s expertise and influence have made him a recognized leader in the industry, where he plays a key role in several national cyber-security initiatives." From rforno at infowarrior.org Wed Jul 29 11:33:49 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 29 Jul 2009 07:33:49 -0400 Subject: [Infowarrior] - Microsoft's Emergency Patch Mess Message-ID: Microsoft's Emergency Patch Mess http://voices.washingtonpost.com/securityfix/2009/07/microsofts_emergency_patch_mes.html?hpid=sec-tech Microsoft today released a pair of emergency software updates (Redmond calls them "out-of-band" updates). Yes, that's right folks: If you use Windows -- and especially if you browse the Web with Internet Exploder Explorer - it's once again time to update. The backstory to these patches is a bit complex, so here's the short version: A while back, Microsoft introduced several security flaws into a set of widely-used third-party software development tools, and today it's correcting that error by issuing an updated set of tools. Another update tries to block attackers from exploiting those weaknesses while third-party software makers figure out how to fix their code with the updated tools. On a scale of 1 to 10, with 10 being the most dire and far-reaching, Eric Schultze, chief technology officer at Shavlik Technologies, said he'd put the seriousness of today's out-of-band patch releases at an 8. "When I was at Microsoft, there were a couple of issues that we referred to as 'Voldemort,' meaning they were so nasty you didn't even want to speak their names, and this one is kind of like 'Son of Voldemort,'" Schultze said. "You really start to lose confidence in Microsoft's security mechanisms when something like this happens." At issue is a faulty software development "template" or code library that Microsoft makes available to other software makers. This flawed template, known as an active template library or ATL, was shipped as part of Microsoft Visual Studio, a Web application development platform. This ATL helps developers create ActiveX controls, powerful components of Windows and Internet Explorer that were designed to allow Web sites to develop interactive, multimedia-rich pages. The problem is that having a flaw in this software development template means that potentially all of the ActiveX controls crafted with that template may also be flawed. A good example of a buggy ActiveX control produced by this flawed template came to light last month, when Microsoft warned that attackers were exploiting a flawed Video ActiveX control to break into Windows systems when users visited booby-trapped Web sites with IE. To blunt the threat from that vulnerability, Microsoft simply disabled that flawed Video ActiveX control in Windows, so that it could no longer be invoked by Web pages. Or so Redmond thought. Turns out, disabling faulty controls isn't as effective as fixing them, as several security researchers presenting Wednesday at the Black Hat hacker conference in Las Vegas will show. Researchers Ryan Smith and David Dewey from Verisign iDefense, and Mark Dowd from IBM's X-Force team, will demonstrate how attackers can still exploit these buggy ActiveX controls, even after they have been disabled in Windows. The researchers have provided a teaser video of what they will present at Black Hat, at this link here. In response to this threat, one of the patches Microsoft shipped today includes a fix for the flawed code library in Visual Studio that the company is urging developers to use to fix any ActiveX controls that may have been developed with the earlier version. The other patch pushed out today updates Internet Explorer so that it looks for and blocks any attempts to load ActiveX controls developed with the faulty code library. "The reason we've released these out of cycle is that we were aware of attacks on [the Video ActiveX control] that were using the vulnerability in ATL, and we saw that more details about the issue were being disclosed, increasing the risk to customers," said Mike Reavey, director of the Microsoft Security Response Center. We decided to issue these updates now rather than wait for things to get worse." Reavey declined to say just how many third party ActiveX controls or developers may need to revamp their code to fix this bug, but he said Microsoft has been reaching out to the most affected parties with guidance on how best to fix the problem. "That collaboration has been underway for a while," he said. "I don't want to go into specifics of who we've reported to or what status of that investigation is." The company is urging developers who may be affected to check their ActiveX controls at Verizon's free ActiveX Control Testing site. If you use Windows but browse the Web with a non-IE browser, you probably still want to apply this emergency Internet Explorer patch, for two reasons. "Because IE is so tightly integrated with the operating system, there's a chance you could click on something in one application that would open something in IE, so it's best to be on the safe side," Shavlik's Schultze said. Also, the IE update includes fixes for three unrelated, critical vulnerabilities that hackers could exploit to install malicious code on your system just by tricking you into visiting a hacked or specially crafted evil Web site (with IE, of course, but then again, see warning No. 1). From rforno at infowarrior.org Wed Jul 29 14:32:07 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 29 Jul 2009 10:32:07 -0400 Subject: [Infowarrior] - BIND Dynamic Update DoS Message-ID: https://www.isc.org/node/474 BIND denial of service (server crash) caused by receipt of a specific remote dynamic update message. Summary: BIND denial of service (server crash) caused by receipt of a specific remote dynamic update message. Description: Urgent: this exploit is public. Please upgrade immediately. Receipt of a specially-crafted dynamic update message to a zone for which the server is the master may cause BIND 9 servers to exit. Testing indicates that the attack packet has to be formulated against a zone for which that machine is a master. Launching the attack against slave zones does not trigger the assert. This vulnerability affects all servers that are masters for one or more zones ? it is not limited to those that are configured to allow dynamic updates. Access controls will not provide an effective workaround. dns_db_findrdataset() fails when the prerequisite section of the dynamic update message contains a record of type ?ANY? and where at least one RRset for this FQDN exists on the server. db.c:659: REQUIRE(type != ((dns_rdatatype_t)dns_rdatatype_any)) failed exiting (due to assertion failure). Workarounds: None. (Some sites may have firewalls that can be configured with packet filtering techniques to prevent nsupdate messages from reaching their nameservers.) Active exploits: An active remote exploit is in wide circulation at this time. Solution: Upgrade BIND to one of 9.4.3-P3, 9.5.1-P3 or 9.6.1-P1. These versions can be downloaded from: http://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz http://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz http://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz Acknowledgment: Matthias Urlichs for reporting the problem. Tom Daly for methodical follow-on testing. Revision History: 2009-07-28 Initial text 2009-07-29 Update to reflect Tom Daly's findings back to top? 2001-2009 Internet Systems Consortium From rforno at infowarrior.org Wed Jul 29 18:31:54 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 29 Jul 2009 14:31:54 -0400 Subject: [Infowarrior] - Over 2.4 Million Hold Security Clearances Message-ID: <89F22FE9-1F2A-4D1B-A424-5FA1EEA6D3B6@infowarrior.org> More Than 2.4 Million Hold Security Clearances Author: Steven Aftergood Some 2.4 million persons currently hold security clearances for authorized access to classified information, according to a recent Government Accountability Office report (pdf) to the House Intelligence Committee, citing an estimate from the security clearance Joint Reform Team. This figure does not include ?some of those with clearances who work in areas of national intelligence,? the GAO noted (at p.1). An accurate tally of the number of cleared government employees and contractors ? as opposed to a round-number estimate ? is not currently available anywhere in government. The House version of the FY2010 intelligence authorization act (sec. 366) would require an annual report that indicates the number of individuals with security clearances. In 1993, an estimated 3.2 million persons held security clearances, according to a 1995 GAO report (cited by the Moynihan Commission, chapter 4). http://www.fas.org/blog/secrecy/2009/07/security_clearances.html From rforno at infowarrior.org Wed Jul 29 20:24:56 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 29 Jul 2009 16:24:56 -0400 Subject: [Infowarrior] - CSNET Network Receives 2009 Jonathan B. Postel Service Award Message-ID: Trailblazing CSNET Network Receives 2009 Jonathan B. Postel Service Award http://isoc.org/wp/newsletter/?p=1098 Internet Society recognizes leaders of effort that pointed the way towards today?s Internet Stockholm, Sweden ? 29 July 2009 ? The Internet Society (ISOC) today awarded the Jonathan B. Postel Service Award for 2009 to CSNET (the Computer Science Network), the research networking effort that during the early 1980s provided the critical bridge from the original research undertaken through the ARPANET to the modern Internet. Today?s award recognizes the pioneering work of the four principal investigators that conceived and later led the building of CSNET?Peter J. Denning, David Farber, Anthony C. Hearn and Lawrence Landweber?and the U.S. National Science Foundation program officer and visionary responsible for encouraging and funding CSNET?Kent Curtis. Stephen Wolff, a past recipient of the Postel Award, said, ?CSNET was a critical link in the transition from the research-oriented ARPANET to today?s global Internet. CSNET also helped lead the way by sharing technologies, fostering connections, and nurturing the worldwide community that provided a foundation for the global expansion of the Internet.? The Internet Society presented the award, including a US$20,000 honorarium and a crystal engraved globe, during the 75th meeting of the Internet Engineering Task Force (IETF) in Stockholm, Sweden. The awardees have requested that the Internet Society present the honorarium to non-profit organizations they believe support the spirit of the award. Lynn St. Amour, President and CEO of the Internet Society, said ?In many ways, CSNET helped set the stage for the Internet that today reaches more than 1 billion people. CSNET?s community-driven, self- sustaining governance structure was an early example of the model that helps ensure that even as today?s Internet grows and evolves, it remains an open platform for innovation around the world.? < - > http://isoc.org/wp/newsletter/?p=1098 From rforno at infowarrior.org Thu Jul 30 00:59:55 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 29 Jul 2009 20:59:55 -0400 Subject: [Infowarrior] - WH still seeking cybersecurity "czar" Message-ID: <8E3555C5-66AC-4F87-9A5C-3D35ECA3D252@infowarrior.org> White House Still Has a Vacancy for a Lesser Czar By Al Kamen Wednesday, July 29, 2009 http://www.washingtonpost.com/wp-dyn/content/article/2009/07/28/AR2009072802903.html?hpid=sec-politics In an East Room speech at the end of May, President Obama declared a new "strategic national asset": the computer networks our country depends on to keep trains running and planes from colliding, to control weapons systems and allow banks to process payments. He also promised to "personally" select a White House cybersecurity coordinator to advise him on all things cyber and to coordinate cyber- policies across the government. Two months later, White House staffers have approached a number of prospects, but there's still no white smoke, our colleague Ellen Nakashima reports, and several said "no thanks." Those who have politely declined a prospective vetting include former Virginia congressman Tom Davis (R), Microsoft exec Scott Charney, Symantec Chairman John W. Thompson (whose interest was gauged months ago) and retired Air Force Gen. Harry D. Raduege Jr., a former director of the Defense Information Systems Agency. What's not to like about being Obama's cyber-czar? First, you're not really a czar, reporting as you would to national security adviser Jim Jones and White House economic adviser Larry Summers. "What real authority do you have?" said one of those who demurred. "Who's going to go to Jim Jones and say, 'This is what you need to do?'. . . Do you have the president behind you?" Second, "It's a huge, huge turf war. You have Defense fighting the Treasury fighting the intel groups fighting Homeland Security" for control, he said. "The sheep," said cyber-expert Jim Lewis, "don't want a shepherd." Lewis described the job as "bag-holder in chief -- if something bad happens, you're responsible for cybersecurity, even if you don't have the authority to pull it off." So far, CongressDaily reported Monday, former White House special adviser and longtime government computer security expert Howard Schmidt and former Clinton administration assistant defense secretary Frank Kramer are seen as front-runners for the job. "The president is personally committed to finding the right person for this job, and a rigorous selection process is well underway," said White House spokesman Nick Shapiro. From rforno at infowarrior.org Thu Jul 30 12:18:20 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 30 Jul 2009 08:18:20 -0400 Subject: [Infowarrior] - 2009 Verizon Data Breach Investigations Report Message-ID: 2009 Data Breach Investigations Report A study conducted by the Verizon Business RISK team http://www.verizonbusiness.com/resources/security/reports/2009_databreach_rp.pdf From rforno at infowarrior.org Thu Jul 30 12:27:55 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 30 Jul 2009 08:27:55 -0400 Subject: [Infowarrior] - White House Confronts Cookies Message-ID: White House Confronts Cookies By Aliya Sternstein 07/27/09 03:15 pm ET http://techinsider.nextgov.com/2009/07/white_house_formally_confronts.php The White House may lift its policy barring federal Web sites from tracking users' online behavior. A Federal Register notice published on Monday seeks public comment on revisions to an existing ban on persistent cookies -- common software programs that commercial sites deposit on a visitor's computer to collect usage information. The 2000 cookie policy issued by the Office of Management and Budget was intended to protect citizen privacy but has sparked criticism -- even from White House officials -- for hampering citizen outreach. "The goal of this review is for the federal government to continue to protect the privacy of people who visit federal government Web sites while at the same time making these Web sites more user-friendly, providing better customer service, and allowing for enhanced Web analytics," the notice states. The administration is contemplating three levels of tracking. One would only track users over a single visit, not return visits. The second method would follow users over multiple sessions just to analyze Web traffic. The third approach would trace user behavior over multiple sessions to remember users' settings and unique preferences for "purposes beyond what is needed for Web analytics." In a May interview with Government Executive, Bev Godwin, the director of online resources and interagency development at the White House's new media office, said the policy on persistent cookies has hampered efforts to engage the public online. On Friday, she blogged on the White House Web site, "We want to use cookies for good, not evil" - and invited the public to comment on cookies through various online channels, including the Office of Science and Technology Policy blog. People can comment on the Federal Register notice via the Open Government Initiative blog, too. From rforno at infowarrior.org Thu Jul 30 17:47:48 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 30 Jul 2009 13:47:48 -0400 Subject: [Infowarrior] - =?windows-1252?q?DOD_May_Ban_Twitter=2C_Facebook_?= =?windows-1252?q?as_Security_=91Headaches=92?= Message-ID: <684094D7-28C0-4E82-815F-FB3A383219B6@infowarrior.org> Danger Room What?s Next in National Security Military May Ban Twitter, Facebook as Security ?Headaches? ? By Noah Shachtman ? July 30, 2009 | ? 12:21 pm | ? Categories: Info War http://www.wired.com/dangerroom/2009/07/military-may-ban-twitter-facebook-as-security-headaches/ The US military is strongly considering a near-total ban on Twitter, Facebook, and all other social networking sites throughout the Department of Defense, multiple sources within the armed forces tell Danger Room. It?s the latest twist in the Defense Department?s tangled relationship with so-called ?Web 2.0? sites. But while earlier social media blockades have been thrown up over bandwidth and secrecy concerns, this fresh ban stems from fears that Facebook and the like make it far too easy for hackers and cybercrooks to gain access to the military?s networks. Last week, U.S. Strategic Command issued a ?warning order? to the rest of the military, asking for feedback on a social media ban on the NIPRNet, the Defense?s Department?s unclassified network. (Naturally, access is already denied on the secret and top secret nets.) ?The mechanisms for social networking were never designed for security and filtering. They make it way too easy for people with bad intentions to push malicious code to unsuspecting users. It?s just a fact of life,? says a source at Stratcom, which is responsible for securing the military?s ?global information grid.? Last month, for instance, well-known venture capitalist Guy Kawasaki?s Twitter account was hijacked, and used to spread a sex video come-on to his 139,000 followers. Those following the link were asked to install a software update. The application was, in fact, a Trojan, which allowed hackers to take over a user?s machine. Similarly, one variant of the nasty Koobface worm searches a PC to find a Facebook cookie. Then the malware program uses that information to gain access to the user?s Facebook account. Once it?s in, Koobface spreads messages to online friends, enticing them to download viruses and Trojans. ?People are much more trusting of a message from a friend or colleague on a social network than they are of an e-mail, because they?re used to e-mails being forged,? says Graham Cluley, a senior consultant with the network security firm Sophos. That?s ironic, he adds, because ?social networks aren?t really doing enough to stop these things. With GMail or Hotmail or a military e-mail account, messages are scanned for spam and viruses. Social networks aren?t doing that scanning. They aren?t checking if a link posted to a wall is malicious or spammy. They?re just letting it through.? Officially, ?the concept of allowing access to social networking sites (SNS) on the Department of Defense .mil networks is currently under review at this time,? a Stratcom spokesperson e-mails Danger Room. ?It would be premature to comment on the outcome of the review.? But unofficially, the ban is all-but-certain, military officers and civilian employees say. Many are upset, because after years keeping the social networks at arms? length, the armed services appeared to be finally embracing the Web 2.0 sites. The Army recently ordered all U.S. bases to provide access to Facebook. The Chairman of the Joint Chiefs of Staff has 4,000 followers on Twitter. The Department of Defense is getting ready to unveil a new home page, packed with social media tools. ?We fought so hard for this,? says one Army source. ?This is a huge step backwards.? Under Stratcom?s plan, units that have to regularly communicate with the civilian world, like media relations and recruiting, may be given ?dirty computers? ? machines that are connecting only to the public internet, and not to the military?s private networks. The rest of the Defense Department would be cut off from the social media sites, despite protests from inside the Pentagon. People started working with these social networks ?before we got a handle on how to use them in the context of the Department of Defense,? a Stratcom source says. ?Now, they?re just too big of a headache.? From rforno at infowarrior.org Thu Jul 30 19:12:08 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 30 Jul 2009 15:12:08 -0400 Subject: [Infowarrior] - RIAA Lawyer: DRM shouldn't work forever Message-ID: <4A27AF91-244F-4782-89DD-EC33925EF739@infowarrior.org> Big Content: ludicrous to expect DRMed music to work forever By Nate Anderson | Last updated July 29, 2009 11:54 AM CT http://arstechnica.com/tech-policy/news/2009/07/big-content-ridiculous-to-expect-drmed-music-to-work-forever.ars When Wal-Mart announced in 2008 that it was pulling down the DRM servers behind its (nearly unused) online music store, the Internet suffered a collective aneurysm of outrage, eventually forcing the retail giant to run the servers for another year. Buying DRMed content, then having that content neutered a few months later, seemed to most consumers not to be fair. But that's not quite how Big Content sees things?just ask Steven Metalitz, the Washington DC lawyer who represents the MPAA, RIAA, and other rightsholders before the Copyright Office. Because the Copyright Office is in the thick of its triennial DMCA review process, in which it will decide to allow certain exemptions to the rules against cracking DRM, Metalitz has been doing plenty of representation of late. He has now responded to a host of questions from the Copyright Office following up on live hearings held earlier this year, and in those comments, Metalitz (again) strongly opposes any exemption that would allow users to legally strip DRM from content if a store goes dark and takes down its authentication servers. "We reject the view," he writes in a letter to the top legal advisor at the Copyright Office, "that copyright owners and their licensees are required to provide consumers with perpetual access to creative works. No other product or service providers are held to such lofty standards. No one expects computers or other electronics devices to work properly in perpetuity, and there is no reason that any particular mode of distributing copyrighted works should be required to do so." This is, of course, true, but that doesn't make it any less weird. The only reason that such tracks are crippled after authentication servers go down is because of a system that was demanded by content owners and imposed on companies like Wal-Mart and Apple; buyers who grudgingly bought tracks online because it was easy accepted, but never desired the DRM. To simply say that they are "out of luck" because they used a system that the rightsholders demanded is the height of callousness to one's customers. While computers and electronics devices do break down over time, these music tracks were crippled by design. Such an attitude looks even stranger when you consider that the music labels have in fact removed DRM as a requirement at stores like iTunes and Amazon, so all tracks purchased today are open and may work in perpetuity, however much the labels would prefer people to keep repurchasing the same song. Keep this reality in mind when you read Metalitz's next comment, which continues, "To recognize the proposed exemption would surely discourage any content provider from entering the marketplace for online distribution... unless it was committed to do so... forever. This would not be good for consumers, who would find a marketplace with less innovation and fewer choices and options." The mind boggles. This reads like copy from a Bizarro World manifesto on DRM, since the reality of the market for downloaded music (which was the issue behind the proposed exemption) has shown quite clearly that people don't want DRM on their tunes and providers are happy to comply once the labels allowed it. The current situation, with several major stores and little or no DRM on downloads, is manifestly better for buyers. While the issue may seem almost irrelevant now for downloaded music, DRM is still alive and well on streaming music and most video streams and downloads. Metalitz doesn't want his clients to face a situation where decryption tools can be produced under the proposed exemption, then widely distributed. How could such decryption tools be limited to those who have actually suffered from authentication servers going dark, he wonders? But the Copyright Office indicated that it may grant the exemption, asking Metalitz and other respondents to "assume that" the case has been made. Metalitz declined to assume this, writing that "we cannot accept this invitation to assume that the Register [of Copyright] will recommend that the Librarian [of Congress] violate his statutory duty by recognizing Exemption 10B." Metalitz suggests that the market will take care of problems that arise, pointing out that Wal-Mart and others have all kept their DRM servers running after public outcries. But Harvard Fellow Chris Soghoian, who proposed the exemption, noted that Wal-Mart will be shutting down its DRM servers for good in October 2009. "Wal-Mart's latest actions provide ample evidence that the issue of DRM abandonware is not a hypothetical concern and that the market cannot be counted on to provide consumers with an adequate remedy," he wrote. From rforno at infowarrior.org Thu Jul 30 19:13:49 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 30 Jul 2009 15:13:49 -0400 Subject: [Infowarrior] - B&N DRM'ing public domain books Message-ID: B&N Claims It Must DRM Public Domain Books To Protect The Copyright On Them http://techdirt.com/articles/20090730/0257115712.shtml "So, they recognize that the works are in the public domain... but they encrypt them with DRM to protect the copyright that doesn't exist on those works. That's convincing." From rforno at infowarrior.org Thu Jul 30 20:03:22 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 30 Jul 2009 16:03:22 -0400 Subject: [Infowarrior] - It's Time to Scale Back the Security Mania Message-ID: <2ECBDF0D-A39B-4E11-B6CF-BFF0ABE228F5@infowarrior.org> No Unguarded Moment It's Time to Scale Back the Security Mania By David Ignatius Thursday, July 30, 2009 http://www.washingtonpost.com/wp-dyn/content/article/2009/07/29/AR2009072902627.html?hpid=opinionsbox1 It was an unsettling image: Arrayed in front of the neighborhood barbershop last week were four burly men with the characteristic earpieces and bulky suits that marked them as security officers. Inside, gracing the barber's chair, was the well-trimmed director of the Federal Bureau of Investigation, Robert Mueller. Perhaps in today's Washington, the FBI director truly needs a security detail to protect him when he gets a haircut. But I wonder. From my vantage, the blatant obviousness of his bodyguards only called attention to him. At the grocery store across the street, he was the talk of the checkout line. "Who's over at the barbershop?" "The FBI guy, what's-his-name." "No way!" People were coming out just to look. Protecting our public servants is important, to be sure. But we have gotten so cranked up about security in the United States that senior officials travel in cocoons, as if they are under constant threat. Every Cabinet secretary seems to have a security detail; so do governors and mayors and prominent legislators. What are all these security folks protecting our officials from? Al- Qaeda? Hezbollah? Crazy people? Aggrieved constituents? Or is it something more ephemeral -- a nameless, pervasive sense of danger that may suddenly assault the secretary of energy or the governor of New Jersey? What I encountered at the local barbershop was a small example of the general security mania that seized the country after Sept. 11, 2001. So here's a suggestion: This September, as we mark the eighth anniversary of the Sept. 11 attacks, let's resolve to dial the paranoia meter back a notch. The hyper-security has added as much to public fear (and annoyance) as to public safety. The Transportation Security Administration is so pervasive at airports that we forget how bizarre it is to see old ladies and pregnant mothers and 8-year-old kids frisked and searched as if they had just arrived from Waziristan. Does this really make sense? The security culture has its own momentum, wiping away other values, such as openness or privacy. These days, you can't get into any self- respecting building in Washington, public or private, without showing identification and signing a visitors' log. When I went to give a talk at the National Defense University last week, it was like entering the Green Zone in Baghdad. They made me open the trunk, the hood and all four doors of my car -- and that was after my license plate number had been cleared in advance. The Secret Service has the most difficult security job in Washington -- and the most visible. You can hear the roar of the sirens each evening as the enormous motorcade of a dozen cars and a half-dozen motorcycles conveys the vice president to his residence on Massachusetts Avenue. Maybe it's necessary to have so many cars, but it's a scene, frankly, that reminds me of Moscow during the Soviet days. The Secret Service must deal with a reported 3,000 threats a year against the president. And al-Qaeda aside, there are a lot of nut jobs out there who might like to harm the president and his family. That said, Secret Service officers can be among the rudest people in Washington. A White House chief of staff confided several years ago that he discovered their unfriendliness when he was stopped without his badge one day by an officer who didn't recognize him. A few Secret Service personnel also seem to think that leaking embarrassing personal details about the president and his family is part of the assignment. (See the gossip-filled new book by Ron Kessler, "In the President's Secret Service," for leaks about the Bushes and the Obamas.) Making trade-offs isn't easy when it comes to security. But surely we have reached the point of diminishing returns with the fortress mentality. The truth is, we all must live with vulnerability. It's a part of modern life. We need to take reasonable precautions, yes. But it would be good for our public officials to step out of the bubble occasionally and smell the roses -- unfiltered by the security detail. The next haircut is on me, Mr. Mueller, and if your security detail doesn't object, I'll show you around the neighborhood. davidignatius at washpost.com From rforno at infowarrior.org Thu Jul 30 23:19:36 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 30 Jul 2009 19:19:36 -0400 Subject: [Infowarrior] - Take Back the Beep Campaign Message-ID: Take Back the Beep Campaign http://pogue.blogs.nytimes.com/2009/07/30/the-mandatory-15-second-voicemail-instructions/ [UPDATE: T-Mobile deleted hundreds of complaints on this topic from its forum, and even blocked any new messages containing the word "beep." Finally, it has created a new forum just for complaints on this topic, linked below.] Last week, in The Times and on my blog, I?ve been ranting about one particularly blatant money-grab by U.S. cellphone carriers: the mandatory 15-second voicemail instructions. Suppose you call my cell to leave me a message. First you hear my own voice: ?Hi, it?s David Pogue. Leave a message, and I?ll get back to you??and THEN you hear a 15-second canned carrier message. * Sprint: ?[Phone number] is not available right now. Please leave a detailed message after the tone. When you have finished recording, you may hang up, or press pound for more options.? * Verizon: ?At the tone, please record your message. When you have finished recording, you may hang up, or press 1 for more options. To leave a callback number, press 5. (Beep)? * AT&T: ?To page this person, press five now. At the tone, please record your message. When you are finished, you may hang up, or press one for more options.? * T-Mobile: ?Record your message after the tone. To send a numeric page, press five. When you are finished recording, hang up, or for delivery options, press pound.? (You hear a similar message when you call in to hear your own messages. ?You. Have. 15. Messages. To listen to your messages, press 1.? WHY ELSE WOULD I BE CALLING?) I, the voicemailbox owner, cannot turn off this additional greeting message. You, the caller, can bypass it, but only if you know the secret keypress?and it?s different for each carrier. So you?d have to know which cellphone carrier I use, and that of every person you?ll ever call; in other words, this trick is no solution. [UPDATE: iPhone owners' voicemail doesn't have these instructions-- Apple insisted that AT&T remove them. And Sprint already DOES let you turn off the instructions message, although it's a buried, multi-step procedure, which you can read in the comments below.] These messages are outrageous for two reasons. First, they waste your time. Good heavens: it?s 2009. WE KNOW WHAT TO DO AT THE BEEP. Do we really need to be told to hang up when we?re finished!? Would anyone, ever, want to ?send a numeric page?? Who still carries a pager, for heaven?s sake? Or what about ?leave a callback number?? We can SEE the callback number right on our phones! Second, we?re PAYING for these messages. These little 15-second waits add up?bigtime. If Verizon?s 70 million customers leave or check messages twice a weekday, Verizon rakes in about $620 million a year. That?s your money. And your time: three hours of your time a year, just sitting there listening to the same message over and over again every year. In 2007, I spoke at an international cellular conference in Italy. The big buzzword was ARPU?Average Revenue Per User. The seminars all had titles like, ?Maximizing ARPU In a Digital Age.? And yes, several attendees (cell executives) admitted to me, point-blank, that the voicemail instructions exist primarily to make you use up airtime, thereby maximizing ARPU. Right now, the carriers continue to enjoy their billion-dollar scam only because we?re not organized enough to do anything about it. But it doesn?t have to be this way. You don?t have to sit there, waiting to leave your message, listening to a speech recorded by a third-grade teacher on Ambien. Let?s push back, and hard. We want those time-wasting, money-leaking messages eliminated, or at least made optional. I asked my Twitter followers for help coming up with a war cry, a slogan, to identify this campaign. They came up with some good ones: ?Where?s the Beep?? ?Let it Beep? ?We Know. Let?s Go.? ?Lose the Wait? ?My Voicemail, My Recording? ?Hell, no, we won?t hold!? My favorite, though, is the one that sounds like a call to action: ?Take Back the Beep.? And here?s how we?re going to do it. We?re going to descend, en masse, on our carriers. Send them a complaint, politely but firmly. Together, we?ll send them a LOT of complaints. If enough of us make our unhappiness known, I?ll bet they?ll change. I?ve told each of the four major carriers that they?ll be hearing from us. They?ve told us where to send the messages: * Verizon: Post a complaint here: http://bit.ly/FJncH. * AT&T: Send e-mail to Mark Siegel, executive director of media relations: MS8460 at att.com. * Sprint: Post a complaint here: http://bit.ly/9CmrZ * T-Mobile: Post a complaint here: http://bit.ly/2rKy0u. Three of the four carriers are just directing us to their general Web forums. Smells like a cop-out, I know. (As for AT&T: Props to the guy for letting me publish his e-mail address! Hope he knows what he?s in for!) Yet all four carriers promise that they?ll read and consider our posts. And we have two things going for us. First, I have a feeling that the volume of complaints will be too big for them to ignore. To that end, I hope you?ll pass these instructions along, blog them, Twitter them, and spread the word. (Gizmodo, Engadget, Consumerist and others have agreed to help out.) And I hope you?ll take the time to complain yourself. Do it now, before you forget. Second, we?ll all be watching. I?ll be reporting on the carriers? responses. If they ignore us, we?ll shame them. If they respond, we?ll celebrate them. Either way, it?s time to rise up. It?s time for this crass, time- wasting money-grab to end for good. http://pogue.blogs.nytimes.com/2009/07/30/the-mandatory-15-second-voicemail-instructions/ From rforno at infowarrior.org Fri Jul 31 12:00:58 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 31 Jul 2009 08:00:58 -0400 Subject: [Infowarrior] - Student sues Amazon over Kindle snafu Message-ID: <67037615-A9E6-4C55-914B-B3F99CDAB145@infowarrior.org> High school student suing Amazon over book-deletions which rendered his study-notes useless Posted by Cory Doctorow, July 30, 2009 10:19 PM | permalink http://www.boingboing.net/2009/07/30/high-school-student-1.html High school student Justin Gawronski is suing Amazon for deleting his Kindle copy of Nineteen Eighty-Four, because in so doing, they messed the annotations he'd created to the text for class (the annotations say things like "remember this paragraph for class" but the paragraph in question has been deleted). The case is intended to become a class- action on behalf of other Kindle owners whose annotations were deleted by Amazon when it improperly deleted an infringing copy of the Orwell book from Kindles. Nothing in Amazon's EULA or US copyright law gives them permission to delete books off your Kindle, so this sounds like a plausible suit to me. PDF: http://www.prnewschannel.com/pdf/Amazon_Complaint.pdf From rforno at infowarrior.org Fri Jul 31 12:49:10 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 31 Jul 2009 08:49:10 -0400 Subject: [Infowarrior] - Apple warns on iPhone jailbreaks Message-ID: http://support.apple.com/kb/HT3743 (last paragraph) ? Last Modified: July 30, 2009 ? Article: HT3743 "Apple strongly cautions against installing any software that hacks the iPhone OS. It is also important to note that unauthorized modification of the iPhone OS is a violation of the iPhone end-user license agreement and because of this, Apple may deny service for an iPhone or iPod touch that has installed any unauthorized software. " ...while I can sort of understand and perhaps agree with the first part of this paragraph, the second sentence is a doozie --- even if you have a proggie that does nothing more than display a pic of your favorite cartoon character, if Apple "doesn't like it" or deems it "unauthorized" you are not able to use it on YOUR device, even if you never use it on a network or it never hacks the OS. More draconian talk from Apple, and reason enough for me to continue avoiding the iPhone. I don't trust the device, and I don't trust Apple. Anyone know if the same provisions apply on the iPod touch? -rf From rforno at infowarrior.org Fri Jul 31 12:56:17 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 31 Jul 2009 08:56:17 -0400 Subject: [Infowarrior] - Shock threat to shut Skype Message-ID: Shock threat to shut Skype Asher Moses July 31, 2009 - 1:38PM http://www.theage.com.au/technology/biz-tech/shock-threat-to-shut-skype-20090731-e3qe.html eBay says it may have to shut down Skype due to a licensing dispute with the founders of the internet telephony service. The surprise admission puts a cloud over the 40 million active daily users around the world who use Skype for business or to keep in touch with friends and far-flung relatives. A recent study by market researcher TeleGeography found Skype carried about 8 per cent of all international voice traffic, making it the world?s largest provider of cross-border voice communications. The online auction powerhouse bought Skype from entrepreneurs Niklas Zennstrom and Janus Friis for $US2.6 billion in 2005, but this did not include a core piece of peer-to-peer communications technology that powers the software. eBay has since been licensing the technology from the founders? new company, Joltid, but the pair recently decided to revoke the licensing agreement. The matter is now the subject of a legal battle in the English High Court of Justice, with eBay trying to force Joltid to let it continue using the technology. In a quarterly report filed with the US Securities and Exchange Commission, eBay said in no uncertain terms that if it lost the right to use the software it would most likely have to shut Skype down. eBay said it was working on developing ??alternative software?? to that licensed through Joltid, but this ??may not be successful, may result in loss of functionality or customers even if successful, and will in any event be expensive??. ??If Skype was to lose the right to use the Joltid software as the result of the litigation, and if alternative software was not available, Skype would be severely and adversely affected and the continued operation of Skype?s business as currently conducted would likely not be possible,?? eBay wrote. In the filing eBay also said that, even if it was successful in developing alternative software, the technical challenge of assuring backward compatibility with older versions of Skype?s technology ??may be difficult to overcome??. This was echoed by analysts, with the Info-Tech Research Group?s Jayanth Angl telling Bloomberg that ??it would be quite difficult to replace what they already have as the underlying component to their service??. ??There are a number of barriers to that, not the least of which are legal barriers,? he said. The case is set to go to trial in June next year, which could seriously hinder eBay?s plans to spin Skype off as a separate company in a public stock offering next year. Already, eBay has had to write down Skype on its books to $US1.7 billion, an admission that the business is not worth nearly as much as it originally paid for it. However, its revenues for the second quarter grew 25 per cent to $US170 million. But, even though Skype has not been a major financial success, it has succeeded in becoming the dominant internet telephony service globally. Skype has more than 480 million user accounts - almost twice as many as Facebook - and the application comes bundled with more than 50 mobile phones and even the Sony PSP. Source: smh.com.au