From rforno at infowarrior.org Mon Jun 1 12:38:22 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 1 Jun 2009 08:38:22 -0400 Subject: [Infowarrior] - Microsoft's new search engine Message-ID: (www.bing.com is the link to the search engine) http://www.mirror.co.uk/news/technology/2009/06/01/microsoft-bing-live-and-tested-115875-21406362/ Microsoft Bing live and tested Microsoft Bing, Redmond?s latest search engine to challenge Google?s crown, is now live, ready and waiting for you to test. Want to know how it?s been working so far? Read on for our first impressions. Microsoft confirmed Bing, its brand new ?decision engine? was coming late last week, but we only had a placeholder over at Bing.com. Now though the Bing search engine is live, and while some of the features impress, we?re not always getting the results we hoped for. Heading on over to the home page, the Bing search bar sits in a large picture which presumably changes daily. It?s attractive, and despite the absurdity of the name, it is short and easy to remember. Search results looks just like they do in any big search engine, and on the plus side, we like the relevant search terms appearing in the left hand column: it?s certainly a quicker way to jog your memory than mincing around with the Google Wonder Wheel, even if it doesn?t appear for every term you search. The location sensing of Bing is a great touch too. Typing in weather brings up the forecast for the exact borough of London where we?re working, which is hands down win over Google. On the images tab Bing nicely offers search filters on the side you?d have to dive into Google Image advanced search for, and videos play in the thumbnail as you hover over them. On all these counts, Bing excels. But we?re not getting the information we?d like to see thrown up when we type in a heavily searched for product, like iPhone 3G or Palm Pre: just a few sponsored links at the top. Ditto when you type in Australia: no statistical info on the country, unlike Wolfram Alpha, which will shovel everything you could ever need to know in your face. The pop up preview pane meanwhile is a very useful touch, but rarely seems to work (We tested Bing on both Firefox and Opera), and Maps integration within the main Bing results page leave a little to be desired too. Typing in ?ealing hospital? brings up a dentist, nursing home and entirely unrelated shop on the map, rather than the hospital itself. Other obvious problems present themselves too: Microsoft has realised that Google locks in users by providing other services like mail and maps across the top nav bar. Bing attempts this with images, video, shopping and news tabs across the top, and while that?s no bad thing, the shopping tab is just a link to Ciao. Again, searching for an iPhone 3G on it just throws up some iPhone cases, and more importantly, the only way to get back to Bing is by hitting the back button. Google doesn?t do away with the navbar at the top, which is a dealbreaker in our mind. We?re impressed with some of the touches Microsoft has put in to Bing - but all the loveliest bells and whistles have been saved for sub- sections like Videos. The main text search option offers little so far that Google doesn?t, and with the powerful Google Squared tool on the way, that could make Google?s lead hard to close on. It?s early days though, so be sure to jump on and test Bing for yourself. From rforno at infowarrior.org Mon Jun 1 12:52:23 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 1 Jun 2009 08:52:23 -0400 Subject: [Infowarrior] - Swedish pirate party tipped for EU win Message-ID: <58B9AC4B-2B2B-4507-A218-57AA39ECE2B6@infowarrior.org> Swedish pirate party tipped for EU win The backlash has begun By Nick Farrell Monday, 1 June 2009, 14:19 http://www.theinquirer.net/inquirer/news/1184453/swedish-pirate-party-tipped-eu-win THE SWEDISH Pirate Party has been favoured to win at least one seat in the European parliament this week. The party, which wants to bolster Internet privacy, was founded in January 2006 and has been getting a lot of support from those who think that the music and film industries have gone too far in trying to control people's lives. According to AFP, membership shot up after a Stockholm court on April 17 sentenced four Swedes to a year in jail for running one of the world's biggest filesharing sites, The Pirate Bay. Opinion polls show the party with between 5.5 and 7.9 percent of votes, well above the four percent required to win a seat. The Swedish press has pointed out that the traditional parties have been asleep on the issue and ignored how much support the party has gained, particularly among the young. Since the rest of the Swedes are unlikely to go to the polls it is the perfect opportunity for an election sensation and a chance for the younger generation to give the entertainment industry a swift kick in the nadgers. ? From rforno at infowarrior.org Mon Jun 1 12:54:45 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 1 Jun 2009 08:54:45 -0400 Subject: [Infowarrior] - Cellphone Locator System Needs No Satellite Message-ID: June 1, 2009 Cellphone Locator System Needs No Satellite By JENNA WORTHAM http://www.nytimes.com/2009/06/01/technology/start-ups/01locate.html?_r=1&hpw=&pagewanted=print BOSTON ? Wanderers with phones and other devices that have GPS chips can figure out where they are using signals from satellites thousands of miles up, but those are easily blocked by walls or trees. The founders of Skyhook Wireless discovered some alternative navigational beacons: the signals coming from the Wi-Fi network in the coffee shop across the street, or the apartment upstairs. Skyhook uses the chaotic patchwork of the world?s Wi-Fi networks, as well as cell towers, as the basis for a location lookup service that is built into every iPhone, making it easier to pull up a map or find Chinese food nearby. The start-up was founded in 2003 by Ted Morgan and Michael Shean, who traveled frequently for work and noticed the proliferation of wireless signals each time they cracked open their laptops to check their e-mail. ?We were amazed by the sheer growth of Wi-Fi,? Mr. Morgan said in an interview in April at the company?s offices here. ?We knew there had to be a new model for mapping location using those signals.? Wi-Fi signals travel only a few hundred feet at most, so if you have a map of the Wi-Fi networks in a given area, you can use those signals to pinpoint a phone?s location. Making that map is the tricky part. When Mr. Morgan and Mr. Shean decided to pursue their idea, they started building a database of Wi- Fi access points, along with cellphone towers, which have much more powerful signals. At first they tried paying taxi drivers to carry equipment that silently recorded the locations of networks as they roamed the streets, Mr. Morgan said. Then they hired full-time drivers to cover ground systematically, much as Google does for its Street View service. Skyhook says it has scanned areas containing 70 percent of the country?s population. ?It doesn?t seem realistic to drive up and down every street in the U.S.,? Mr. Morgan said. ?But you can.? Skyhook now employs a fleet of 500 drivers to feed a database that spans North America, Asia and Europe. The landscape of signals changes constantly as people and businesses set up and take down wireless networks, so the scanning process never ends. Each Skyhook car contains a laptop outfitted with antennas and equipment that sends out short blasts of radio waves, called probe requests, to detect nearby cell towers and Wi-Fi networks. The system calculates the source of the signals based on their strength and the location of the car. That information is logged in the Skyhook database, which includes more than 100 million wireless networks and 700,000 cellular towers. Skyhook?s big break came in August 2007 when Steven P. Jobs, Apple?s chief executive, requested a meeting with the company. Mr. Morgan said he initially deleted Mr. Jobs?s voice mail message, dismissing it as a prank, but soon realized his mistake. Since then, Apple has sold 37 million iPhones and iPod Touches worldwide, all with Skyhook?s software on them. Mr. Morgan declined to detail specifics of Skyhook?s financial agreement with Apple, other than to say that his company collects a commission for each device sold. When an iPhone owner starts up an application that involves location ? like the restaurant finder Urbanspoon or the forecast service WeatherBug ? the phone calculates whether it is likely to get the best and fastest information from its own GPS chip or from Skyhook?s system. Skyhook says it can provide a fix on location in seconds, versus up to a minute for GPS, although Skyhook is less useful in areas with few Wi-Fi networks. Skyhook checks a list of nearby Wi-Fi access points and cell towers against its database and triangulates the device?s location within 30 to 60 feet. The company says it is not connecting to those Wi-Fi networks, just detecting their presence. (As a backup, the iPhone can also use cell tower information from Google.) Any new access points and cell towers detected by the iPhone are automatically added to the Skyhook database, making it, in Mr. Morgan?s words, ?self-healing.? Apart from Apple, Skyhook also has partnerships with AOL to allow people to see the location of their chat buddies, and with Navteq, a maker of car navigation systems. Skyhook is even embedded into Eye-Fi memory cards for digital cameras, where it keeps track of where photos are taken. The company says it handles 250 million location requests a day. Skyhook has raised $16.8 million in venture capital financing from investors including Bain Capital Ventures and Intel Capital. Mr. Morgan said it was not seeking more financing right now and was working on expanding the business. ?If we do that successfully, there will be plenty of good choices for us,? he said, perhaps including a public offering. As Skyhook finds success and more gadgets become ?location-aware,? competitors are likely to stake out their own share of the market, said Chetan Sharma, an independent telecommunications industry researcher. Mr. Sharma says that Mexens Technology has a system that relies on user contributions to build a signal map. And a Google service called My Location works on many phones and uses a combination of GPS, cellphone towers and Wi-Fi. A Google spokeswoman, Katie Watson, said the company collected its signal data from several sources, including phones running its software. ?Skyhook is certainly ahead of the curve with its service,? Mr. Sharma said. ?Whether they will sustain their momentum for the next five years remains to be seen. But they have a lot of opportunities to make it work.? Charles S. Golvin, a principal analyst at Forrester Research specializing in mobile devices and telecommunications, agreed that Skyhook was well positioned. ?There are so many more phones coming to the market that have GPS and Wi-Fi,? he said. Mr. Golvin added: ?Think about all the other devices with Wi-Fi, like the Nintendo DS, Sony PSP, netbooks, digital cameras.? Mr. Morgan and Mr. Shean are trying to get Skyhook onto as many devices as they can. Programmers who want to build location-based applications for phones other than the iPhone can license its software, and several do. The company has deals to put its software into chips made by Qualcomm and Broadcom, and it plans to announce a partnership with a major manufacturer of netbooks by the end of the year. Mr. Morgan is aware of the competition. ?There?s always the threat that Google or some other company will just give that information away for free,? he said. To that end, the company has filed for multiple patents, including ones to protect its methodology for updating its database. Several framed patents hang on the walls of its offices. ?But we?re hoping that our six years of driving around in cars, mapping out the various countries, will pay off,? he said. ?We?ve done more than 2,000 cities. They have a long way to go.? From rforno at infowarrior.org Mon Jun 1 13:10:38 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 1 Jun 2009 09:10:38 -0400 Subject: [Infowarrior] - Scientology cries foul over Wiki policy Message-ID: Based on the article, Wikipedia is trying to maintain order on its online content, not intimidating someone because they disagree with their views. Frankly, after years of seeing the Scientologists bullying others in cyberspace, I commend Wikipedia for taking a stand here for their own policies and not caving to the politics of whackadoo intimidation. -rick Scientology CEO Outraged About Wikipedia http://www.rantrave.com/Rant/Scientology-CEO-Outraged-About-Wikipedia.aspx < - > "Like all Scientologists, I am outraged that in the 21st century, it is acceptable for Wikipedia's ArbCom to commit such a despicable hate crime as blocking Scientology parishioners from editing Wikipedia in the comfort and security of Scientology-owned properties. Blocking the IP addresses of computers located at Scientology's Pac Base, Int Base and Celebrity Centre is just a way to force Scientology parishioners into an undesired beingness. What's next, will Scientologists have to wear yellow, six-pointed stars on our clothing?" Original story: Wikipedia bans Scientology edits Published: May 31, 2009 at 1:00 AM http://www.upi.com/Top_News/2009/05/31/Wikipedia-bans-Scientology-edits/UPI-34941243746054/ Church of Scientology members may not use their computers to edit the church's entry on Wikipedia, officials with the online information source said. Wikipedia's arbitration committee has concluded the ban is necessary, following complaints that many Scientologists have been using the online encyclopedia to distribute propaganda, The Daily Telegraph reported Saturday. The committee had previously decided to lock in posts about the church, following conflicts among users who support or oppose Scientology, the British newspaper said. "Newcomers (to the site) are treated rudely," the arbitration committee concluded. "Bad faith assumptions, personal attacks, edit wars, soapboxing, and other disruptions are common occurrences." The committee said all Internet addresses "owned or operated by the Church of Scientology and its associates, broadly interpreted, are to be blocked" and users who log on with such IP addresses will be "prohibited from editing articles related to Scientology or Scientologists, broadly defined." The committee found that church followers had set up Wikipedia accounts intending to slant articles in favor of Scientology, and that such users had a "conflict of interest" that threatened Wikipedia's goal of presenting impartial information. The newspaper said church officials did not respond to its requests for comment. ? 2009 United Press International, Inc. All Rights Reserved. From rforno at infowarrior.org Mon Jun 1 16:30:58 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 1 Jun 2009 12:30:58 -0400 Subject: [Infowarrior] - Microsoft Quietly Installs Firefox Extension Message-ID: Microsoft Update Quietly Installs Firefox Extension http://voices.washingtonpost.com/securityfix/2009/05/microsoft_update_quietly_insta.html A routine security update for a Microsoft Windows component installed on tens of millions of computers has quietly installed an extra add-on for an untold number of users surfing the Web with Mozilla's Firefox Web browser. Earlier this year, Microsoft shipped a bundle of updates known as a "service pack" for a programming platform called the Microsoft .NET Framework, which Microsoft and plenty of third-party developers use to run a variety of interactive programs on Windows. The service pack for the .NET Framework, like other updates, was pushed out to users through the Windows Update Web site. A number of readers had never heard of this platform before Windows Update started offering the service pack for it, and many of you wanted to know whether it was okay to go ahead and install this thing. Having earlier checked to see whether the service pack had caused any widespread problems or interfered with third-party programs -- and not finding any that warranted waving readers away from this update -- I told readers not to worry and to go ahead and install it. I'm here to report a small side effect from installing this service pack that I was not aware of until just a few days ago: Apparently, the .NET update automatically installs its own Firefox add-on that is difficult -- if not dangerous -- to remove, once installed. Annoyances.org, which lists various aspects of Windows that are, well, annoying, says "this update adds to Firefox one of the most dangerous vulnerabilities present in all versions of Internet Explorer: the ability for Web sites to easily and quietly install software on your PC." I'm not sure I'd put things in quite such dire terms, but I'm fairly confident that a decent number of Firefox for Windows users are rabidly anti-Internet Explorer, and would take umbrage at the very notion of Redmond monkeying with the browser in any way. Big deal, you say? I can just uninstall the add-on via Firefox's handy Add-ons interface, right? Not so fast. The trouble is, Microsoft has disabled the "uninstall" button on the extension. What's more, Microsoft tells us that the only way to get rid of this thing is to modify the Windows registry, an exercise that -- if done imprecisely -- can cause Windows systems to fail to boot up. When I first learned of this, three thoughts immediately flashed through my mind: 1) How the %#@! did I miss this? 2) The right way would have been to just publish the add-on at Mozilla's Add Ons page. 3) This kind of makes you wonder what else MS is installing without your knowledge. Then I found that I wasn't the only one who had these ideas. Microsoft has heard these criticisms from others who long ago commented on this unfortunate development (see the comments underneath this post). Anyway, I'm sure it's not the end of the world, but it's probably infuriating to many readers nonetheless. Firstly -- to my readers -- I apologize for overlooking this..."feature" of the .NET Framework security update. Secondly -- to Microsoft -- this is a great example of how not to convince people to trust your security updates. From rforno at infowarrior.org Mon Jun 1 22:46:20 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 1 Jun 2009 18:46:20 -0400 Subject: [Infowarrior] - DHS announces cybersecurity personnel Message-ID: <183C2F12-A4C1-43FE-A137-70EFF70D3D1A@infowarrior.org> Secretary Napolitano Announces Key Cybersecurity Personnel Release Date: June 1, 2009 For Immediate Release Office of the Press Secretary Contact: 202-282-8010 http://www.dhs.gov/ynews/releases/pr_1243885447983.shtm U.S. Department of Homeland Security (DHS) Secretary Janet Napolitano announced today appointments for two key cybersecurity posts at the Department?Greg Schaffer as Assistant Secretary for Cybersecurity and Communications (CS&C); and Bruce McConnell as Counselor to the National Protection and Programs Directorate (NPPD) Deputy Under Secretary. In addition, Deputy Under Secretary for NPPD Philip Reitinger will also serve as Director of the National Cybersecurity Center (NCSC)?a major step toward a cohesive DHS strategy on cyber efforts. ?This is a crucial time to strengthen the core of our cybersecurity leadership team,? said Secretary Napolitano. ?Centralizing our cybersecurity efforts under Phil?s leadership will help create a unified DHS as we continue to adapt to an ever-changing array of threats. Together, Phil, Bruce and Greg will guide the Department?s efforts to prevent cyber attacks and protect the nation?s critical information systems and networks.? Philip Reitinger As NCSC Director, Reitinger will be charged with helping secure federal networks and systems by collecting, analyzing, integrating and sharing information among interagency partners. Reitinger will coordinate situational awareness and reporting for federal cybersecurity organizations and personnel and resources in order to gain clear understanding of risks and threats. In his current role at NPPD, Reitinger leads the Department?s integrated efforts to reduce risks across physical and cyber infrastructures. Holding both positions simultaneously will allow Reitinger to provide broader strategic direction to the Department?s cybersecurity efforts while ensuring preparedness and response capabilities across all federal computer systems. Prior to his initial appointment on March 11, Reitinger was Chief Trustworthy Infrastructure Strategist at Microsoft Corp., where he was responsible for improving IT protection and security while coordinating closely with government agencies and private partners in order to build trustworthy computing systems worldwide. Bruce McConnell As Counselor to the Deputy Under Secretary for NPPD, McConnell will serve as senior advisor to Reitinger on a host of strategic and policy matters related to the Directorate and its components. McConnell?s experience with information technology security, procurement and management will be a critical resource for DHS as the Department continues to adapt and prepare for cyber threats. McConnell most recently served on the Obama-Biden Presidential Transition Team, working on a variety of information policy and technology issues. From 2000-2008, he created, built, and sold McConnell International and Government Futures, boutique consultancies that provided strategic and tactical advice in technology, business and government markets. Previously, McConnell was Director of the International Y2K Cooperation Center, where he coordinated regional and global critical information technology infrastructure organizations to promote information sharing and joint action, from 1999-2000. As Chief of Information Policy and Technology in the U.S. Office of Management and Budget from 1993-1999, McConnell led the government- industry team that reformed U.S. encryption export policy, created an information security strategy for government agencies, redirected government technology procurement and management along commercial lines, and extended the presumption of open government information onto the Internet. McConnell holds an M.P.A. from the University of Washington and a B.S. from Stanford University. Greg Schaffer As Assistant Secretary for CS&C, Schaffer will work within NPPD to lead the coordinated efforts of CS&C and its components, including the National Cyber Security Division, the Office of Emergency Communications, and the National Communications System. He will engage the public and private sectors as well as international partners to prepare for, prevent, and respond to catastrophic incidents that could degrade or overwhelm the nation?s strategic cyber and communications infrastructure. Until earlier this year, Schaffer served as Senior Vice President and Chief Risk Officer for Alltel Communications, where he owned responsibility for logical security, physical security, internal and external investigations, fraud, law enforcement relations, privacy and regulatory compliance. Schaffer previously held multiple Vice President-level positions at Alltel Communications?including Chief Risk Officer, Chief Security Officer and Chief Information Security Officer?from 2004-2007. Before joining Alltel, Schaffer was Director of PricewaterhouseCoopers Cybercrime Prevention and Response Practice, where he developed and implemented computer forensic examinations in connection with major internal investigations at Fortune 500 companies, from 1999-2004. Previously, Schaffer served as a computer crime prosecutor in the Computer Crime and Intellectual Property Section at the U.S. Department of Justice from 1997-1999, following a nine-year career as a litigator for various firms. Schaffer holds a J.D. from the University of Southern California Law Center and a B.A. from the George Washington University. ### This page was last reviewed/modified on June 1, 2009. From rforno at infowarrior.org Tue Jun 2 12:50:18 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 2 Jun 2009 08:50:18 -0400 Subject: [Infowarrior] - AP: tech coming to stop "wholesale theft" on 'Net Message-ID: <345E99D7-6C63-42FB-B652-0FD9164FE8A2@infowarrior.org> AP: tech coming to stop "wholesale theft" on 'Net http://arstechnica.com/tech-policy/news/2009/06/ap-tech-coming-to-stop-wholesale-theft-on-net.ars It looks like the Associated Press is getting pretty close to deploying that 'anti-misappropriation' technology the news agency has been talking about. Ars got an AP editor to give us some details. By Matthew Lasar | Last updated June 1, 2009 9:35 PM CT Ever since the Associated Press warned in April that it is going to take steps against "misappropriation" of its content, Ars has been wondering what exactly those efforts will entail. After all, the press release wasn't exactly chock full of details; it simply disclosed that the AP will "develop a system to track content distributed online to determine if it is being legally used." "We can no longer stand by and watch others walk off with our work under misguided legal theories," AP Chairman Dean Singleton declared around the same time. The statement followed last year's AP Digital Millennium Copyright Act takedown warnings against the Drudge Retort for posting AP content, which called some posts a "'hot news' misappropriation." The guidelines cometh So what exactly is AP going to do? While attending a Knight Center for Specialized Journalism conference, we put the question to AP news editor Ted Bridis, who spoke to the gathering of tech-savvy journalists and bloggers on Friday. Bridis explained that the news company is going to update its staff about its mysterious new misappropriation heat-seeking system soon via an internal webcast. "The guidelines are coming," Bridis promised. "AP's main concern are not the bloggers that excerpt a relevant passage, and then derive some commentary. What happens an awful lot is just wholesale theft. So those are the ones that will find the cease and desist letters arriving." OK, we said. How will you define "wholesale theft?" If somebody publishes a paragraph of AP copy with a link to the AP story, will that be theft? "Not at all," Bridis replied. "I don't think AP would have any problem with that." We didn't want to give the impression that we were bargaining, but we pressed on as to exactly how one would disturb AP's comfort zone. Was this about not posting links? No, Bridis replied. "What I'm talking about, and what has really riled up our internal copyright folks, are the bloggers who take, just paste an entire 800 word story into their blog. They don't even comment on it. And it happens way more than most people realize." L'affair Cadenhead Bridis called the reaction to last years' food fight with the Drudge Retort "distorted." That may come as news to supporters of the site, an anti-Drudge Report, and its publisher Rogers Cadenhead, who handled AP's DMCA takedown requests in June 2008. Protesting an AP story excerpt in a post about Hillary Clinton, an AP lawyer told him that "the use is not fair use simply because the work copied happened to be a news article and that the use is of the headline and the first few sentences only." That was a misunderstanding of the concept, AP explained. The company "considers taking the headline and lede of a story without a proper license to be an infringement of its copyrights that additionally constitutes 'hot news' misappropriation." The Retort removed the item in question and some others. In his posts on the controversy, Cadenhead pointed out that the offending excerpts took as few as 33 words from AP articles, and no more than 79. One wonders how much the blogs AP didn't like then resemble the blogs Bridis now says he thinks would be OK. History may play a role in the decision-making process. Robert Cox of the Media Bloggers Association, which helped Cadenhead, noted that, prior to this notorious case, Retort had indeed posted various AP articles in their entirety, which is what had first drawn the company's ire. "AP is not on some wild rampage through the blogosphere, lawyering up to to go after every blogger who quotes an AP story in any way," Cox insisted. "Yet that is how this story has been portrayed, including by a lot of people who should know better but are having too much fun bashing AP." Cadenhead was less sanguine about the future, even after he settled with AP. "If AP's guidelines end up like the ones they shared with me, we're headed for a Napster-style battle on the issue of fair use," he warned. So flag me So what's next? Here's Bridis' explanation of the new application AP plans to deploy. "What we're doing is employing some technology, and the technology is not going to be looking for a paragraph," he disclosed. "The technology is going to be looking for the entire story that gets republished somewhere, and at that point it flags it. It doesn't do anything in an automated way, it's going to flag it for a lawyer or a paralegal to look at, and make a judgment on 'Well, is this OK? Is this a one-time offense?'" OK. "Entire stories"?that's the problem? "There are commercial websites, not even bloggers, necessarily," Bridis added, "that take some of our best AP stories, and rewrite them with a word or two here, and say 'the Associated Press has reported, the AP said, the AP said.' That's not fair. We pay our reporters. We set up the bureaus that are very expensive to run, and, you know, if they want to report what the AP is reporting they either need to buy the service or they need to staff their own bureaus." We need the dough Bridis did acknowledge the importance of fair use. "Because we do it too, necessarily," the AP news editor conceded. "If the New York Times has a story, we may take an element of it and attribute it to the Times and build a story around it." The rest of the discussion covered familiar debate territory. If it weren't for journalists, Bridis noted, bloggers wouldn't have much material. And he graciously placed Ars on the journalist end of the equation. "You guys have original content, obviously," he said. "You should be very protective of it. It is valuable and worthwhile. You should zealously guard it." Returning the complement, it should be mentioned that AP provides terrific coverage of the Federal Communications Commission, my usual beat around here. I'm willing to bet, however, that Ars isn't about to launch a search-and-maybe-threaten bot against the many bloggers who magnify the site with their commentaries on our posts (and which may even include a chunk or two of Ars content). As for AP, though, bloggers may want to prepare themselves for what is coming, whatever exactly that is. "We're going to be learning more ourselves about exactly how the technology is going to work" in about two weeks, Bridis said. But about this he is sure. "You can't just taken an entire AP wire feed or even an entire AP story, or even half of an AP story, necessarily, and republish it or repurpose it," he said. "We need the money. The industry is falling apart." From rforno at infowarrior.org Tue Jun 2 12:56:01 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 2 Jun 2009 08:56:01 -0400 Subject: [Infowarrior] - EFF v Apple on iPhone controls Message-ID: <4AC98AFA-AADC-4DF1-BCF6-5733FA85EF21@infowarrior.org> I agree 100% with the EFF position here; Apple is over-reaching with regards to the items it so graciously allows be used on its iPhone/ iPod. It's like Ford saying you can only use Exxon gas in its vehicles, or AT&T saying what specific devices you can and cannot plug into a phone jack in your house.... --rf June 1st, 2009 Apple Rejects EFF Updates App, Claims Parody Content Is Objectionable News Update by Corynne McSherry http://www.eff.org/deeplinks/2009/06/oh-come-apple-reject Last month, EFF got an email from software developer Duane Fields of Exact Magic, asking if he could use our logo on an iPhone application that exclusively displays content from EFF's RSS feed. Sounded like a great idea to us, as long as it was clear that the app wasn't an EFF- sponsored product. But this morning Apple rejected the app. Why? Because it claims EFF's content runs afoul of the iTune's App Store's policy against "objectionable" content. Apparently, Apple objects to a blog post that linked to a "Downfall" parody video created by EFF Board Chairman Brad Templeton. The parody casts Hitler in the role of entertainment industry executive, ranting about the failure of DRM and the continued popularity of fair use. The parody includes the fleeting appearance of the f-bomb in a subtitle. Now, Apple may find EFF "objectionable" for any number of reasons (here's just one.) But surely linking to a video that includes a "bad word" can't be one of them. After all, the YouTube app that Apple includes on every iPhone that ships will let you watch exactly the same video, bad word and all. And you can use the Safari web browser that ships with every iPhone to access EFF's website, as well as millions of web sites that include much more extreme language. This is just the latest example of the failings of Apple's iTunes App Store approval process, which has been revealed to be not just anti- competitive, discriminatory, censorial, and arbitrary, but downright absurd. Just last month, Apple was widely criticized when it rejected the Eucalyptus e-book reader because it could access the public domain translation of the Kama Sutra (Apple quickly reversed course on that one). Let's be clear: we are not saying that Apple has to carry apps it doesn't like in its App Store. But iPhone owners who don't want Apple playing the role of language police for their software should have the freedom to go elsewhere. This is precisely why EFF has asked the Copyright Office to grant an exemption to the DMCA for jailbreaking iPhones. It's none of Apple's business if I want an app on my phone that lets me read EFF's RSS feed, use Sling Player over 3G, or read the Kama Sutra. From rforno at infowarrior.org Tue Jun 2 17:20:34 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 2 Jun 2009 13:20:34 -0400 Subject: [Infowarrior] - Cybercops Without Borders References: Message-ID: (c/o S.T) http://www.forbes.com/2009/06/01/cyberbusts-security-internet-technology-security-cyberbusts.html?partner=links Cybercops Without Borders Andy Greenberg, 06.01.09, 06:00 PM EDT For years, cybercrime has been moving to Eastern Europe and Asia. Now U.S. law enforcement is following it. The Year's Most Notorious Cyberbusts Glancing at his file, there's little in the case of 23-year-old Ovidiu-Ionut Nicola-Roman to distinguish him from the average cybercriminal. Beginning in 2005, he was a member of a massive "phishing" scheme that harvested millions of e-mail addresses from the Web and used a program called "E-mail Sender Express" to barrage those addresses with spam messages at a rate of around 30,000 an hour. Those e-mails lured users to Web sites that impersonated banking pages requiring account information, realistically spoofing businesses like Wells Fargo ( WFC - news - people ), Regions Bank, Charter One and PayPal. The scheme brought in thousands of credit card numbers and PINs, each of which was used to siphon off cash from ATMs at a rate of as much as $1,000 per card. All of those tactics follow the typical playbook of modern malicious hackers. But Nicola-Roman holds a distinction nonetheless: In March, he became the first foreigner to be extradited to the U.S. and convicted of phishing. In Depth: The Year's Most Notorious Cyberbusts For years, profit-motivated cybercrime has been exploiting the geographic flexibility of the Internet, migrating from the U.S. and Western Europe to Eastern Europe and Asia, where digital crimes are equally lucrative and far harder to prosecute. But over the last year, U.S. law enforcement has been increasingly willing to follow cybercriminals to those far-flung destinations, both to help local authorities track down and arrest cybercriminals and to extradite them into the American legal system. Though the U.S. Department of Justice doesn't track cybercrime statistics--domestic or international--department officials insist the number of computer crime prosecutions that reach beyond U.S. borders is on the rise. "Unquestionably, we're seeing an increase in the international cases of cybercrime and intellectual property crime," says John Lynch, the deputy chief of the Department of Justice's Computer Crime and Intellectual Property Section (CCIPS). "As a result, we're increasingly cooperating with our international partners." The dismantling of the phishing scheme involving Nicola-Roman is an example of American law enforcement's increasingly cozy relationship with foreign cybercrime investigations. Along with the 23-year-old Nicola-Roman, authorities arrested 37 other members of that cybercriminal ring last May. Those globally dispersed defendants were based in countries stretching from the U.S. to Romania to Pakistan. Nicola-Roman, who was sentenced in March to 50 months for his role in the scheme, may have merely been unlucky: He was arrested and extradited to the U.S. during a trip to neighboring Bulgaria. But the 29 other Romanians arrested in the case are likely to follow close behind. On May 8, U.S. Secretary of State Hillary Clinton and Romanian Foreign Minister Cristian Diaconescu announced that they had signed a Mutual Legal Assistance Protocol, along with an extradition treaty between the U.S. and Romania. U.S. law enforcement's renewed focus on international cybercriminals officially began in April of last year, when then-U.S. Attorney Gen. Michael Mukasey told an audience at the Center for Strategic and International Studies that the country needed to launch a new program of cooperation between governments to stop cybercrime. "We will step up what we are already doing with our international partners to get these criminals wherever they hide," he said. "We have people assigned overseas who train and help our counterparts, to strengthen law enforcement efforts around the world. International borders pose no hindrance to criminals, so we're making sure those borders do not pose an obstacle to effective enforcement." That initiative has yielded several high-profile results. Less than a month after the arrest of the 38-person Romanian phishing crew, Spanish officials granted the extradition to the U.S. of another Romanian, 22-year-old Sergiu Daniel Popa, who was accused of running his own phishing ring and of possessing equipment for manufacturing false credit cards. In August, the FBI indicted 11 members of a sophisticated retail store hacking organization with elements based in the Ukraine, Estonia, China and Belarus. One, Ukrainian Maksym Yamstremskiy, was extradited to the U.S. while on vacation in Turkey, and Aleksandr Suvorov, an Estonian, was extradited from Germany. That international retail hacking ring, which the U.S. Department of Justice says stole tens of million credit card numbers, was no ordinary cybercrime operation. Beginning in 2005, the widespread organization used a technique known as "wardriving"--testing wireless networks for security vulnerabilities--to identify targets. When members found that retailer TJ Maxx, for instance, used an outmoded and easily hacked wireless standard, they broke into the store's network from a car in its parking lot and stole more than 45 million credit card numbers, by the company's account. The trick was repeated at other retailers and restaurants including Boston Market, Dave & Busters and Sports Authority. But even as law enforcement has toppled major identity theft schemes around the world, there's no indication those initiatives have slowed international cybercrime's steady growth. According to an April study from Gartner Research, more than 5 million Americans lost money to phishing schemes in 2008, a 40% increase from the year before, although the average amount lost in each scam decreased, largely due to strengthened bank safeguards. Spam e-mail volumes, which dropped nearly 75% after the shutdown of the notorious Web host McColo last November, have staged a comeback. According to a May report from Symantec ( SYMC - news - people ), spam accounted for 90% of all e-mails and grew 5% between April and May. Targeted data thefts, like the kind performed by the TJX ( TJX - news - people ) hackers, are also on the rise. The Identity Theft Resource Center reported in January that 2008 saw 646 data breaches, a 47% increase over the year before. And later that month, credit card processing company Heartland Payment Systems revealed that it had been targeted by seemingly international hackers who had planted malicious software on its systems, exposing as many as 100 million customers' accounts--perhaps the largest breach to date. Those numbers show that law enforcement alone can't stop the growing ranks of cybercriminals, says Dave Jevans, chairman of Anti-Phishing Working Group, a cybersecurity industry consortium. "We're starting to see more international prosecutions, getting more international cooperation. But is there less cybercrime? No. Is it less sophisticated? No," Jevans says. "The problem is getting worse." Even with international partnerships, Jevans points out, the feds haven't been able to capture the so-called Russian Business Network (RBN), a syndicate of organized cybercriminals thought to be based in St. Petersburg. In recent years, the shadowy RBN is suspected of becoming a hub for online crimes ranging from phishing to child pornography, and is suspected to have created the Storm worm that infected millions of computers in 2008. That means American law enforcement needs to cooperate not just with foreign governments, but with the private sector, Jevans says-- leveraging the analysis of cybercrime within information security companies like McAfee ( MFE - news - people ), Symantec or other tech firms. "In the cybersecurity industry, companies are gathering and analyzing massive amounts of information tracking crimes and learning patterns. We have to share that information with banks and with law enforcement," Jevans says. "Arresting people alone may be a deterrent, but it hasn't made a measurable impact in reducing the scope of the problem." -------------- next part -------------- An HTML attachment was scrubbed... URL: https://attrition.org/mailman/private/infowarrior/attachments/20090602/f87588e1/attachment-0001.html From rforno at infowarrior.org Wed Jun 3 03:33:14 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 2 Jun 2009 23:33:14 -0400 Subject: [Infowarrior] - U.S. Releases Secret List of Nuclear Sites Accidentally Message-ID: <5840F576-8FA7-4B88-BBCE-2529A321D01C@infowarrior.org> June 3, 2009 U.S. Releases Secret List of Nuclear Sites Accidentally By WILLIAM J. BROAD http://www.nytimes.com/ The federal government mistakenly made public a 266-page report, its pages marked ?highly confidential,? that gives detailed information about hundreds of the nation?s civilian nuclear sites and programs, including maps showing the precise locations of stockpiles of fuel for nuclear weapons. The publication of the document was revealed Monday in an online newsletter devoted to issues of federal secrecy. That publicity set off a debate among nuclear experts about what dangers, if any, the disclosures posed. It also prompted a flurry of investigations in Washington into why the document had been made public. On Tuesday evening, after inquiries from The New York Times, the document was withdrawn from a Government Printing Office Web site. Several nuclear experts argued that any dangers from the disclosure were minimal, given that the general outlines of the most sensitive information were already known publicly. ?These screw-ups happen,? said John M. Deutch, a former Director of Central Intelligence and deputy secretary of defense who is now at the Massachusetts Institute of Technology. ?It?s going further than I would have gone but doesn?t look like a serious breach.? But David Albright, president of the Institute for Science and International Security, a private group in Washington that tracks nuclear proliferation, said information that shows where nuclear fuels are stored ?can provide thieves or terrorists inside information that can help them seize the material, which is why that kind of data is not given out.? The information, considered sensitive but not classified, was assembled for transmission later this year to the International Atomic Energy Agency as part of a process by which the United States is opening itself up to stricter inspections in hopes that foreign countries, especially Iran and other states believed to be clandestinely developing nuclear arms, will do likewise. President Obama sent the document to Congress on May 5 for Congressional review and possible revision, and the Government Printing Office subsequently posted the draft declaration on its Web site. As of Tuesday evening, the reasons for that action remained a mystery. On its cover, the document attributes its publication to the House Committee on Foreign Affairs. But Lynne Weil, the committee spokeswoman, said the committee ?neither published it nor had control over its publication.? Gary Somerset, a spokesman for the printing office, said it had ?produced? the document ?under normal operating procedures? but had now removed it from its Web site pending further review. The document contains no military information about the nation?s stockpile of nuclear arms, or about the facilities and programs that guard such weapons. Rather, it presents what appears to be an exhaustive listing of the sites that comprise the nation?s civilian nuclear complex, which stretches coast to coast and includes nuclear reactors and highly sensitive sites at weapon laboratories. Steven Aftergood, a security expert at the Federation of American Scientists in Washington, revealed the existence of the document Monday in ?Secrecy News,? an electronic newsletter he publishes on the Web. Mr. Aftergood expressed bafflement at its disclosure, calling it ?a one-stop shop for information on U.S. nuclear programs.? In his letter of transmittal to Congress, Mr. Obama characterized the information as ?sensitive but unclassified? and said that all the information that the United States gathered to comply with the advanced protocol ?shall be exempt from disclosure? under the Freedom of Information Act. The report details the locations of hundreds of nuclear sites and activities. Each page is marked across the top ?Highly Confidential Safeguards Sensitive? in capital letters, with the exception of pages that detailed additional information like site maps. In his transmittal letter, Mr. Obama said the cautionary language was a classification category of the International Atomic Energy Agency?s inspectors. The agency, in Vienna, is a unit of the United Nations whose mandate is to enforce a global treaty that tries to keep civilian nuclear programs from engaging in secret military work. In recent years, it has sought to gain wide adherence to a set of strict inspection rules, known formally as the additional protocol. The rules give the agency powerful new rights to poke its nose beyond known nuclear sites into factories, storage areas, laboratories and anywhere else that a nation might be preparing to flex its nuclear muscle. The United States signed the agreement in 1998 but only recently moved forward with carrying it out. The report lists many particulars about nuclear programs and facilities at the nation?s three nuclear weapons laboratories ? Los Alamos, Livermore and Sandia ? as well as dozens of other federal and private nuclear sites. One of the most serious disclosures appears to center on the Oak Ridge National Laboratory in Tennessee, which houses the Y-12 National Security Complex, a sprawling site ringed by barbed wire and armed guards. It calls itself the nation?s ?Fort Knox? for highly enriched uranium, a main fuel of nuclear arms. The report lists ?Tube Vault 16, East Storage Array,? as a prospective site for nuclear inspection. It said the site, in Building 9720-5, contains highly enriched uranium for ?long-term storage.? An attached map shows the exact location of Tube Vault 16 along a hallway and its orientation in relation to geographic north, although not its location in the Y-12 complex. Tube vaults are typically cylinders embedded in concrete that prevent the accidental formation of critical masses of highly enriched uranium that could undergo bursts of nuclear fission, known as a criticality incident. According to federal reports, a typical tube vault can hold up to 44 tons of highly enriched uranium in 200 tubes. Motion detectors and television cameras typically monitor each vault. Thomas B. Cochran, a senior scientist in the nuclear program of the Natural Resources Defense Council, a private group in Washington that tracks atomic arsenals, called the document harmless. ?It?s a better listing than anything I?ve seen? of the nation?s civilian nuclear complex, Mr. Cochran said. ?But it?s no national-security breach. It confirms what?s already out there and adds a bit more information.? From rforno at infowarrior.org Wed Jun 3 03:49:36 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 2 Jun 2009 23:49:36 -0400 Subject: [Infowarrior] - OpEd: Good riddance to a bad home secretary Message-ID: <7199751E-6E02-4FBD-AE2B-C11CB8E6C2F6@infowarrior.org> Comment: Good riddance to a bad home secretary Tuesday, 02, Jun 2009 05:37 http://www.politics.co.uk/news/legal-and-constitutional/comment-good-riddance-to-a-bad-home-secretary-$1300568.htm Jacqui Smith should have resigned over civil liberties, not expenses ? but we'll take what we can get. By Ian Dunt Jacqui Smith has quit. In the end it happened quickly, prompting frenzied scenes in Westminster as journalists and politicians desperately tried to find out what was going on. But the signs had been there for some time. First, there were her strange living arrangements, where she made a room in her sister's house her primary residence and directed her second home allowance to the house she had with her husband and children. Then her husband's viewing habits, which included two pornographic movies, made matters worse, when it transpired he accidentally charged them to the taxpayer. And then, once expenses became day-to-day front page news, she made it into the scandal once again after it emerged she tried to claim for an iPhone for her husband, who works in her constituency office. But in truth, Smith's expenses claims were never any worse than many others' in Westminster, although the porn angle did make them slightly funnier. In any sensible, decent political system, she would have had to have quit a long time ago. Not over money, but over ethics. Smith's tenure as home secretary marked another sustained attempt by the government to undo some of the best aspects of British politics. Where to start? With drugs. When she reclassified cannabis, the home secretary managed to do several pitiful things at once. Firstly, she took a step backwards, undoing one of the only sensible, liberal actions taken by her predecessor, David Blunkett. But it also flew against the facts, which showed use was down since the drug became Class C. The government's own advisory council ? the view of experts and scientists ? asked for the Home Office not to do it. She did it anyway. She put Daily Mail headlines over and above an effective drug policy which finally saw usage drop and she put shabby politics above scientific advice, setting an awful precedent. Her efforts to basically scrap habeas corpus deserve a special mention. Smith and the prime minister managed to scrape through the vote on 42-day detention, albeit relying on DUP votes. It's been pretty much kicked into the long grass now, but the attempt reflects just how little respect and understanding she had for the things that make this country great, such as the rule of law and freedom from state tyranny. Similar attitudes were on display this time last year, when journalists read her letter to the NUJ with a mixture of horror and resignation. In it, she stated that police could restrict photography "in certain circumstances", going against a long-standing principle in British law of a free press. We got a good indication of why the press should be able to photograph the police a few months ago, during the G20 protests. Throughout the summer, we were briefed of a progressive new policy on prostitution when parliament sat again. Instead we were treated to an abominable piece of law, which made it an offence to have sex with a woman controlled by a pimp. Legal experts exploded, because the law paid no attention to whether or not the client actually knew the woman was under control. But far more importantly, sex worker groups ? who were not even considered worthy of consultation ? immediately said the law would make them less safe. By effectively outlawing prostitution, Smith had forced it further underground, preventing sex workers from organising and cooperating when they sell their services. But then, it's only evidence and empirical data which tells us that when we adopt such a policy, there are more prostitute deaths, and the home secretary had already proved how little she thought of such things when she upgraded cannabis. Then came Damian Green, the shadow immigration spokesman arrested for leaking home office information. Her later attempts in the Commons to suggest this was because there were fears of national security information being leaked would have been laughable were they not a glaring indicator of how far the government was willing to go to silence dissent. After sustained questioning, it transpired she was referring to potential future national security breaches. Those with faith in the British parliamentary system looked on aghast as they witnessed one of the most powerful and important positions in government use such an important warning seemingly to prevent her embarrassment. The came the Gurkhas, and the Home Office's desperate, mean-spirited and cruel attempts to stop veterans coming to stay in the UK. A groundswell of public sympathy and a savvy campaign by former actor Joanna Lumley managed to put a stop to that one. But we saw what we saw: bureaucrats trying to stop those who fought for this country being allowed to enter it. And then, of course, there was ID cards, which the home secretary followed with the same dogged and ridiculous dedication as her predecessors. She started her terms saying it would cost ?30 a head. We now know it will cost considerably more than that. She said the public were gagging for them, despite all evidence to the contrary. It remains a solution in search of a problem. She joined the game of finding things for the cards to fix. Immigration? Terrorism? Identity fraud. Most of the public has come to the conclusion of what they are for already ? to help control and organise the population of Great Britain. The list goes on and on. Is it all Smith's fault? Of course not. We have no idea what Smith thinks about anything. The office of home secretary has become a cipher for Downing Street for so long now, it's impossible to tell what any home secretary has though since Blunkett's tenure. And even then, it was only possible because he so evidently savoured tearing up hard-won British liberties like other men enjoy football or fish and chips. Nothing will change. The next home secretary will parrot the same nonsense. It's the government talking ? not them. But let's not deny ourselves some pleasure. After two years of having to listen to her arguments, justifying gross intrusion into our lives, irresponsible, authoritarian legislation and the scrapping of hugely important British rights, it will be a real pleasure to know she's off. When you're faced with this kind of government, you take whatever pleasure you can get. From rforno at infowarrior.org Wed Jun 3 03:55:25 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 2 Jun 2009 23:55:25 -0400 Subject: [Infowarrior] - UK's Jacqui Smith resigns - good riddance, indeed! Message-ID: <1C0CA919-5941-4A24-9CB0-0FF664587333@infowarrior.org> Home Secretary Smith to step down http://news.bbc.co.uk/2/hi/uk_news/politics/8079205.stm Jacqui Smith goes - hit by porn claims, but fatally damaged by 42 days http://www.guardian.co.uk/politics/2009/jun/02/jacqui-smith-resignation .....some of her more noteworthy initiatives, some of which I've posted here in the past.... ISPs frosty on Jacqui's comms surveillance plan http://www.theregister.co.uk/2009/06/02/imp_reception/ Jacqui Smith Vows to Collect DNA from Every Strapping Criminal http://www.glossynews.com/artman/publish/second-home-smith-twists-dna-ruling-1665.shtml State recruit an army of snoopers with police-style powers http://www.dailymail.co.uk/news/article-1187568/State-recruits-army-private-snoopers-police-style-powers.html Britain menaces free speech http://www.trentonian.com/articles/2009/05/27/opinion/doc4a1cc36423e92554485342.txt Jacqui Smith creates 'emergency bill' after 42-day detention defeat http://www.telegraph.co.uk/news/newstopics/politics/lawandorder/3192152/Jacqui-Smith-creates-emergency-bill-after-42-day-detention-defeat.html From rforno at infowarrior.org Wed Jun 3 12:22:22 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 3 Jun 2009 08:22:22 -0400 Subject: [Infowarrior] - Data-Breach Suit Targets Security Auditor Message-ID: In Legal First, Data-Breach Suit Targets Auditor * By Kim Zetter * June 2, 2009 | http://www.wired.com/threatlevel/2009/06/auditor_sued/ When CardSystems Solutions was hacked in 2004 in one of the largest credit card data breaches at the time, it reached for its security auditor?s report. In theory, CardSystems should have been safe. The industry?s primary security standard, known then as CISP, was touted as a sure way to protect data. And CardSystems? auditor, Savvis Inc, had just given them a clean bill of health three months before. Yet, despite those assurances, 263,000 card numbers were stolen from CardSystems, and nearly 40 million were compromised. More than four years later, Savvis is being pulled into court in a novel suit that legal experts say could force increased scrutiny on largely self-regulated credit card security practices. They say the case represents an evolution in data breach litigation and raises increasingly important questions about not only the liability of companies that handle card data but also the liability of third parties that audit and certify the trustworthiness of those companies. ?We?re at a critical juncture where we need to decide . . . whether [network security] auditing is voluntary or will have the force of law behind it,? says Andrea Matwyshyn, a law and business ethics professor at the University of Pennsylvania?s Wharton School who specializes in information security issues. ?For companies to be able to rely on audits . . . there needs to be mechanisms developed to hold auditors accountable for the accuracy of their audits.? The case, which appears to be among the first of its kind against a security auditing firm, highlights flaws in the standards that were established by the financial industry to protect consumer bank data. It also exposes the ineffectiveness of an auditing system that was supposed to guarantee that card processors and other businesses complied with the standards. Credit card companies have touted the standards and the auditing process as evidence that financial transactions conducted under their purview are secure and trustworthy. Yet Heartland Payment Systems and RBS WorldPay, two processors that recently experienced large breaches, were certified compliant before they were breached. And Hannaford Bros. was certified in February 2008 while an ongoing breach of the company?s system was underway. A Visa executive told an audience earlier this month that the companies were not compliant, though auditors certified they were. ?No compromised entity has yet been found to be in compliance with [the standards] at the time of the breach,? she said. In the CardSystems case, Merrick Bank, which is based in Utah and services 125,000 merchants, sued Savvis last year in Missouri. Merrick says Savvis was negligent in certifying that CardSystems was compliant. The case was moved to Arizona five months ago but only recently assigned a judge, allowing the suit to finally move forward. According to Merrick?s complaint, in June 2004 Savvis, a managed services company that bills itself as ?the network that powers Wall Street,? certified that CardSystems had met the Cardholder Information Security Program (CISP) standards. CISP is the precursor to today?s Payment Card Industry Data Security Standard (PCI DSS). CISP was developed by Visa, which required card processors and merchants that handled Visa transactions to certify through an auditor that they met a list of standards that included such things as installing firewalls and encrypting data. Three months after Savvis certified CardSystems, the latter was hacked by intruders who installed a malicious script on its network and stole card numbers. The data belonged to card transactions that CardSystems had retained on its system and stored in unencrypted format, both violations of CISP standards. The hack, which was discovered only in May 2005, was one of the first that was publicly disclosed under a 2003 California breach notification law. Shortly after the breach became public, VISA disclosed that CardSystems had not been compliant, even though it passed an audit before the breach. A Visa spokeswoman told Wired at the time that CardSystems had initially failed an audit in 2003, before being certified in 2004, though she wouldn?t reveal the reason for the failure. That earlier audit could become crucial evidence in the case against Savvis, if the plaintiffs can show that Savvis knew about pre-existing problems with CardSystems? security and intentionally overlooked them or failed to ensure they?d been fixed. According to the complaint, in 2003 CardSystems contracted with a different auditor named Cable and Wireless. Toward the end of that year, the auditor submitted its findings to Visa, which rejected CardSystems?s compliance for unspecified reasons. Shortly thereafter, Merrick Bank contracted with CardSystems to process card transactions for its merchant customers, on the condition that the processor achieve certification from Visa. A second audit was conducted by Savvis, which had bought Cable and Wireless?s auditing division. In June 2004, Savvis concluded that CardSystems ?had implemented sufficient security solutions and operated in a manner consistent with industry best practices.? Visa subsequently certified the processor. After the hack, it was discovered that CardSystems, which has since filed for bankruptcy, had been improperly storing unencrypted card data for more than five years, something Savvis should have known and reported to Visa. The processor?s firewall was also non-compliant with Visa?s standards. ?Consequently, Savvis? . . . indicating that CardSystems was in full compliance with CISP was false and misleading,? the complaint says. Merrick claims the hack cost it about $16 million in fraud losses paid to banks that issued the cards, as well as in legal fees and penalties it suffered for contracting with a non-compliant card processor. Merrick says Savvis ?owes a duty of care? to audit companies and ?breached its duty to competently and professionally assess CardSystems? compliance.? The issue raises questions about the due care placed on certifying certifiers. PCI auditors are certified by the PCI Security Council, a consortium representing the credit card companies that oversees the PCI standards and certification. According to the Council, about 80 percent of PCI audits are done by a dozen of the largest PCI-certified auditors. Under the current PCI system, security companies seeking to become auditors must pay the PCI Council a general fee of between $5,000 and $20,000, depending on the company?s location, plus $1,250 for each employee engaged in auditing. Auditors are required to undergo annual re-qualification training, which costs $995. In light of the recent spate of breaches at companies that were certified compliant, the PCI Council said last year that it was tightening its oversight of auditors. Previously, only the company being audited was able to view the auditing report, since it was paying for the audit ? a situation that mirrors what occurred in the electronic voting machine certification process for years. Now auditors have to submit a copy of the reports to the PCI Council, though the name of the company being audited is redacted. The Council did not respond to a request for comment, but Bob Russo, general manager of the PCI Security Standards Council, told CSO magazine last year, ?We want to make sure no one is rubber-stamping something. We want all these assessors to be doing things with the same rigor.? The Council said it will also be looking at resumes of people conducting the audits, though it acknowledged that it has only three full-time staff members handling its auditor certification program. The rules and requirements for auditors reveal a number of potential conflicts of interest (.pdf) that could arise between an auditor and the entity it?s assessing. For example, many security auditors also make security products. The rules state that a security company will not use its status as auditor to market its products to companies it audits, but if the auditor should happen to find that the client would benefit from its product, it must also tell the client about competing products. The auditing process isn?t the only problem. Critics say the standards themselves are too complex, and maintaining ongoing compliance is tricky as companies install new programs, change servers and alter their architecture. A company that is certified compliant one month can quickly become non-compliant the next month if they install and configure a new firewall incorrectly. At a congressional hearing in April to discuss the standards, Rep. Yvette Clarke (D-New York) said that while the standards weren?t worthless, PCI compliance wasn?t enough to keep a company secure. ?It is not, and the credit card companies acknowledge that,? she said. These factors are likely to be part of Savvis? defense as it fights Merrick?s suit. Matwyshyn says the case may raise questions about whether an auditor has an ongoing duty to maintain the accuracy of its certification when a company?s security status can change at any time. ?I think it?s not clear as a matter of law to what extent a certification authority has liability in this particular context for a negligent misrepresentation of the security level of an enterprise,? she says. Matwyshyn says that Merrick?s case against Savvis may turn on an Arizona law that allows an entity that is not a direct party to a contract to seek recovery if they are an ?intended beneficiary? of the contract. In this case, even though Merrick didn?t contract with Savvis directly to certify CardSystems, it relied on that certification being trustworthy. From rforno at infowarrior.org Wed Jun 3 18:36:00 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 3 Jun 2009 14:36:00 -0400 Subject: [Infowarrior] - Work begins on cybersecurity R&D Message-ID: Obama administration begins work on cybersecurity R&D By Andrew Noyes, CongressDaily 06/03/2009 http://www.nextgov.com/nextgov/ng_20090603_2540.php Maximizing government investment in federal cybersecurity research and development is a major component of President Obama's plan to bolster defenses against high-tech attacks. If the White House's new cyber strategy and key agencies' fiscal 2010 budget requests are any indication, they're off to a solid start. The intended result -- in the words of former Homeland Security Secretary Michael Chertoff and policy experts who have borrowed a phrase -- is a cyber "Manhattan Project." In the near term, the White House's unnamed cyber czar will be charged with developing a framework for R&D strategies that focus on "game- changing technologies" and provide the research community access to event data to help develop tools and testing theories, according to the Friday report, which stemmed from a 60-day review. That czar will eventually develop threat scenarios and metrics for risk management decisions, recovery planning and R&D prioritization. "Research on new approaches to achieving security and resiliency in information and communications infrastructures is insufficient," the report stated. "The government needs to increase investment in research that will help address cybersecurity vulnerabilities while also meeting our economic needs and national security requirements." One initiative cited in the study is a National Science Foundation grant program for students to pursue cyber-related government careers, which has supported more than 1,000 students in its eight years. NSF's fiscal 2010 request includes $126.7 million for cybersecurity R&D, with $40 million specifically devoted to research in usability, theoretical foundations and privacy in support of the Comprehensive National Cybersecurity Initiative, a multibillion-dollar Bush administration project. The National Institute of Standards and Technology, which has expertise in developing security protocols, has asked for $5.5 million to develop encryption algorithms and metrics for cybersecurity systems. NIST Information Technology Laboratory Director Cita Furlani said her agency has an essential role in achieving Obama's goals through bringing about more secure and reliable systems to drive national initiatives like the development of an electric smart grid and electronic medical records. NIST is collaborating with the intelligence and defense communities on a uniform set of cybersecurity standards. Obama proposed a $37.2 million cyber R&D budget for DHS in fiscal 2010 to support operations in its national cybersecurity division as well as projects within the CNCI. DHS is using much of its fiscal 2009 allotment to deploy Einstein, a system to analyze civilian agencies' systems for cyber threats and intrusions. For his part, Defense Secretary Gates said this spring he wants to increase the number of cyber experts who can be trained from 80 students per year in fiscal 2010 to 250 in fiscal 2011. Members of Congress have ideas for how to bolster R&D. Legislation sponsored by Senate Commerce Chairman John (Jay) Rockefeller, D-W.V., and Sen. Olympia Snowe, R-Maine, would create an annual cybersecurity competition and prize to get students to study in the field. It would increase NSF funding and attempt to place a dollar value on cybersecurity risk by requiring the cyber czar to report on the feasibility of creating a market for cybersecurity risk management. Meanwhile, academic and private sector experts will share perspectives on June 10 at a House Science Research and Science Education Subcommittee hearing on which cyber R&D initiatives should take priority. It is the first of several hearings planned by House Science Chairman Bart Gordon R-Tenn. From rforno at infowarrior.org Wed Jun 3 18:42:39 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 3 Jun 2009 14:42:39 -0400 Subject: [Infowarrior] - Is Hacking Threat To Nation Overblown? References: <8EAA25AF-9EB2-4535-8237-C67329AC9D55@infowarrior.org> Message-ID: Is Hacking Threat To Nation Overblown? * By Ryan Singel Email Author * June 3, 2009 | * 2:19 pm | http://www.wired.com/threatlevel/2009/06/is-hacking-threat-to-nation-overblown/ Is hacking a real threat to the United States or is it just the latest overblown threat to national security, whose magnitude is being exaggerated in order to expand government agencies? budgets and powers? That?s the question asked by Threat Level editor Kevin Poulsen at a panel in Computers, Freedom and Privacy in Washington, D.C. Wednesday. And it?s important because the government is spending billions of dollars on computer security and President Obama is elevating cyber- security to a national priority, using language that makes even security experts wince. Amit Yoran, a former Bush Administration cybersecurity czar, argues the answer is easy. ?Is hacking a national security threat?,? Yoran said. ?The one word answer is yes.? As proof, Yoran pointed to stories about the denial-of-service attacks in Estonia, attacks on government contractor Booz Allen Hamilton and the recently reported breach of a defense contractor that let hackers get at information on the Joint Strike Fighter. ?Cyber 9-11 has happened over the last ten years, but it?s happened slowly so we don?t see it,? Yoran said. Poulsen called the threat of cyber-terrorism ?preposterous,? citing the long-standing warnings that hackers would attack the power grid ? despite the fact that it has never happened. And he argued that calling such intrusions national security threats means information about attacks gets classified unneccessarily. ?If we can?t publicly share info that the attackers already have (since it?s about them) then we are doing far more harm than good,? Poulsen said, arguing that makes it impossible for the security community at large to analyze or prepare defenses for such attacks. Moreover, he pointed out the Joint Strike fighter example involved only unclassified information and the denial-of-service attacks in Estonia have never been proven to be anything other than the work of nationalist Russian citizens. But security expert Bruce Scheiner (a former Wired.com columnist) said there?s going to be cyber-attacks that actually affect the real world, even though such threats are currently overblown. ?Remove the word cyber. Its just a new theater,? Scheiner said. ?Of course there is espionage and as data moves online, there is cyber- espionage. But is it a real threat?? Schneier?s answer is yes, but not as big a threat to infrastructure as natural disasters or bad code. ?We have to be robust against hackers and Murphy,? Schneier said, referring to Murphy?s law. Dr. Herb Lin, a cyber-attack expert at the National Research Council, called the scoffing naive, saying he could imagine hackers getting into classified command-and-control systems, for one. But he lamented that much of the current dialogue is about about cyber- war and cyber-terror, when the largest threat is in cyber-espionage ? which is not considered an act of war. ?We can see why the press and government agencies talk about cyber- terror and cyber-war,? Lin said, referring ostensibly to page views and budgets, respectively. ?But we don?t consider spies inside the United States to be an attack on the United States.? Yoran did admit that cyber-terrorism was improbable, but stuck to his point that there are significant national security threats from hackers. Lin says the government needs to think about getting its own cyber- attack capability. ?Passive defenses alone are not sufficient,? Lin said. ?You have to impose costs on an attacker and maybe the only way to do that is a cyber-attack yourself. The good guys have always had some sort of offense too.? Lin was dumbstruck by Poulsen?s dismissal of the examples that the government, including President Obama, have used as evidence that there is a massive cyber-security threat ? specifically Obama?s recent description of a November USB thumb-drive virus attack as the biggest cyber-attack on the U.S. military. ?Why is something that is an obvious threat not considered a threat to national security?? Lin asked. ?The point is that the way you frame these issues matters,? Schneier explained. In fact, they do matter ? since now the government is pouring billions of dollars into cyber-security for its own networks, and possibly the general public?s net, a far change from the government?s relative indifference to such issues until about two years ago. Indeed, even Amit Yoran, who quit his post in the Bush Administration as cyber-czar in October 2004 after having gotten little support during his year tenure, admitted his job might have been easier and he might not have quit if cyber-attacks had the media attention then that they do now. From rforno at infowarrior.org Wed Jun 3 19:36:47 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 3 Jun 2009 15:36:47 -0400 Subject: [Infowarrior] - The Obama Infatuation (media) References: <4A26CC70.30307@inetassoc.com> Message-ID: It is interesting how much of a 'pass' he is getting these days, and how many DC' journalists are still caught up in the Reality Distortion Field surrounding the Administration. --rf (c/o DS) http://www.washingtonpost.com/wp-dyn/content/article/2009/05/31/AR2009053102079_pf.html *The Obama Infatuation* By Robert J. Samuelson Monday, June 1, 2009 The Obama infatuation is a great unreported story of our time. Has any recent president basked in so much favorable media coverage? Well, maybe John Kennedy for a moment, but no president since. On the whole, this is not healthy for America. Our political system works best when a president faces checks on his power. But the main checks on Obama are modest. They come from congressional Democrats, who largely share his goals if not always his means. The leaderless and confused Republicans don't provide effective opposition. And the press -- on domestic, if not foreign, policy -- has so far largely abdicated its role as skeptical observer. Obama has inspired a collective fawning. What started in the campaign (the chief victim was Hillary Clinton, not John McCain) has continued, as a study by the Pew Research Center's Project for Excellence in Journalism shows. It concludes : "President Barack Obama has enjoyed substantially more positive media coverage than either Bill Clinton or George W. Bush during their first months in the White House." The study examined 1,261 stories by The Post, the New York Times, ABC, CBS and NBC, Newsweek magazine and the "NewsHour" on PBS. Favorable articles (42 percent) were double the unfavorable (20 percent), while the rest were "neutral" or "mixed." Obama's treatment contrasts sharply with coverage in the first two months of the Bush (22 percent of stories favorable) and Clinton (27 percent) presidencies. Unlike George Bush and Bill Clinton, Obama received favorable coverage in both news columns and opinion pages. The nature of stories also changed. "Roughly twice as much of the coverage of Obama (44 percent) has concerned his personal and leadership qualities than was the case for Bush (22 percent) or Clinton (26 percent)," the report said. "Less of the coverage, meanwhile, has focused on his policy agenda." When Pew broadened the analysis to 49 outlets -- cable channels, news Web sites, morning news shows, more newspapers and National Public Radio -- the results were similar, despite some outliers. No surprise: MSNBC was favorable, Fox was not. Another study , released by the Center for Media and Public Affairs at George Mason University, reached parallel conclusions. The infatuation matters because Obama's ambitions are so grand. He wants to expand health-care subsidies, tightly control energy use and overhaul immigration. He envisions the greatest growth of government since Lyndon Johnson. The Congressional Budget Office estimates federal spending in 2019 at nearly 25 percent of the economy (gross domestic product). That's well up from the 21 percent in 2008, and far above the post-World War II average; it would also occur before many baby boomers retire. Are his proposals practical, even if desirable? Maybe they're neither? What might be the unintended consequences? All "reforms" do not succeed; some cause more problems than they solve. Johnson's economic policies, inherited from Kennedy, proved disastrous; they led to the 1970s' "stagflation." The "war on poverty" failed. The press should not be hostile, but it ought to be skeptical. Mostly, it isn't. The idea of a "critical" Obama story is one about a tactical conflict with congressional Democrats or criticism from an important constituency. Larger issues are minimized, despite ample grounds for skepticism. Obama's rhetoric brims with inconsistencies. In the campaign, he claimed he would de-emphasize partisanship -- and also enact a highly partisan agenda; both couldn't be true. He got a pass. Now, he claims he will control health-care spending even though he proposes more government spending. He promotes "fiscal responsibility" when projections show huge and continuous budget deficits. Journalists seem to take his pronouncements at face value even when many are two-faced. From rforno at infowarrior.org Wed Jun 3 19:39:56 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 3 Jun 2009 15:39:56 -0400 Subject: [Infowarrior] - Security Tightened for .org Domain Message-ID: Security Tightened for .org Domain Carolyn Duffy Marsan, Network World Tuesday, June 02, 2009 6:42 AM PDT http://www.pcworld.com/businesscenter/article/165916/security_tightened_for_org_domain.html The Public Interest Registry will announce today that it has begun cryptographically signing the .org top-level domain using DNS security extensions known as DNSSEC. DNSSEC is an emerging standard that prevents spoofing attacks by letting Web sites verify their domain names and corresponding IP addresses using digital signatures and public-key encryption. DNSSEC is viewed as the best way to bolster the DNS against vulnerabilities including the Kaminsky Bug, a DNS flaw discovered last summer that allows a hacker to redirect traffic from a legitimate Web site to a fake one without the user knowing. "DNSSEC is a needed infrastructure upgrade," says Alexa Raad, CEO of the Public Interest Registry (PIR). "It has passed the threshold of being a theoretical opportunity to being a practical necessity. The question then becomes: How do we make it work?" With 7.5 million registered names, .org is the largest domain to deploy DNSSEC. Current DNSSEC users include country code domains run by Sweden, Puerto Rico, Bulgaria, Brazil and the Czech Republic. "Us signing the zone is a very important step, but it's also a symbolic step," Raad says. "A large [generic top-level domain] has now signed their zone. It will signal to all the other players in the chain that it is time to work very seriously on the software and applications to make DNSSEC viable in the near future." PIR announced plans to deploy DNSSEC last June, and in December it vowed to share its experiences with members of the DNSSEC Industry Coalition. The coalition includes leading domain name registries such as VeriSign, NeuStar and Afilias as well as DNS software providers NLnet Labs, Secure64 and InfoBlox. Raad says it's important for PIR to share its experiences with DNSSEC because "this is not something that one actor can take on. It does take a village, to borrow a phrase, to do it properly." One recommendation that PIR is making to the industry is that DNSSEC deployments use the newer NSEC3 algorithm rather than the older NSEC, which is less secure and requires more processing. PIR also is prompting the DNSSEC Industry Coalition to develop operational procedures such as how to transfer domains from a register that supports DNSSEC to one that doesn't. "We take this as an immense responsibility," Raad says. "We want to make sure that prudence and caution take way over haste" with our DNSSEC deployment. On June 2, PIR will announce that it is signing the .org domain with NSEC3 and that it has begun testing DNSSEC with a handful of registrars using first fake and than real .org names. PIR plans to keep expanding its testing over the next few months until the registry is ready to support DNSSEC for all .org domain name operators. Raad says she expects full-blown DNSSEC deployment on the .org domain in 2010. "I don't expect it to be this calendar year," she says. "This is about learning and sharing our learning with industry." The good news for .org domain name holders is that PIR's DNSSEC testing and deployment won't affect their day-to-day operations. "It's important to note that .org domain holders don't have to do anything," Raad says. "Their domain names will function as usual." Raad says enterprise network managers should start asking their ISPs, domain name registrars and DNS vendors what they are doing to support DNSSEC. First envisioned in 1995, DNSSEC efforts have ramped up dramatically since last summer when the Kaminsky bug was discovered. The U.S. federal government is deploying DNSSEC across its .gov domain this year, with plans for all sub-domains to be signed by the end of 2009. VeriSign has committed to deploying DNSSEC across .com and .net by 2011. But the Internet engineering community is waiting for the U.S. federal government to deploy DNSSEC across the root zone. More DNSSEC news is anticipated next week because the DNSSEC Industry Coalition is hosting a symposium in Washington D.C. June 11 and 12 to discuss DNSSEC deployment issues including how best to sign the root zone. From rforno at infowarrior.org Thu Jun 4 03:59:47 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 3 Jun 2009 23:59:47 -0400 Subject: [Infowarrior] - Warrantless surveillance lawsuit thrown out Message-ID: <8604A555-E7E7-4504-8E32-E0E25E86581B@infowarrior.org> Warrantless surveillance lawsuit thrown out A federal district judge has dismissed a lawsuit over warrantless surveillance that the EFF and ACLU filed against prominent telecommunications companies on behalf of the Al-Haramain Islamic Foundation. The judge affirmed that the telecom companies are protected by the immunity provisions added to FISA by Congress. By Ryan Paul | Last updated June 3, 2009 10:10 PM CT http://arstechnica.com/tech-policy/news/2009/06/warrantless-surveillance-lawsuit-thrown-out.ars Federal district judge Vaughn Walker has rejected lawsuits that aimed to hold telecommunications companies accountable for their role in a controversial warrantless surveillance program that was orchestrated in secret by the federal government. The Electronic Frontier Foundation and American Civil Liberties Union are preparing to appeal the dismissal. The warrantless surveillance program is one the more contentious controversies that still lingers from Bush's tenure in office. The Bush administration attempted to leverage the State Secrets privilege to block litigation that aimed to hold participants in the surveillance program accountable for violating privacy laws. When it became clear that the courts were going to allow the lawsuits to move forward, Congress intervened and passed a FISA amendment to grant the telecom companies explicit immunity. President Obama voted in favor of immunity, despite consistently promising to oppose it. EFF and ACLU's lawsuit against the telecoms on behalf of the Al- Haramain Islamic Foundation is one the most significant pending lawsuits targeting the warrantless surveillance program, and it was viewed by privacy advocates as a means of bringing accountability and more robust judicial oversight to the surveillance mess. Judge Walker has thrown out the suit, citing the FISA telecom immunity amendment as the basis for dismissal. He affirmed that the evidence provided under seal by the government demonstrated that the conduct of the telecoms meets the criteria for immunity grants. The ACLU and EFF argued that the surveillance program was so broad and far-reaching that it necessarily extended beyond those boundaries and should not be entitled to protection. They contend that the function of the surveillance program was not to detect or prevent terrorist attacks, but to broadly enable collection of communication records regardless of whether those records are specifically needed. "While plaintiffs have made a valiant effort to challenge the sufficiency of certifications they are barred by statute from reviewing, their contentions under section 802 are not sufficiently substantial to persuade the court that the intent of Congress in enacting the statute should be frustrated in this proceeding in which the court is required to apply the statute," Walker wrote in his decision. "The court has examined the Attorney General's submissions and has determined that he has met his burden under section 802(a). The court is prohibited by section 802(c)(2) from opining further." The EFF and the ACLU are planning to launch an appeal, asserting that the FISA amendments which granted telecom immunity are unconstitutional. "We're deeply disappointed in Judge Walker's ruling today," said EFF Legal Director Cindy Cohn in a statement. "The retroactive immunity law unconstitutionally takes away Americans' claims arising out of the First and Fourth Amendments, violates the federal government's separation of powers as established in the Constitution, and robs innocent telecom customers of their rights without due process of law." The Obama administration has indicated that it has no plans to hold the telecoms or previous administration accountable for alleged illegal activity. It will continue to sit on the details of the surveillance program and will not help to facilitate any of the ongoing litigation. It's looking increasingly likely that the telecoms will get a free pass and the true scope of the Bush administration's surveillance program will never be known. From rforno at infowarrior.org Thu Jun 4 04:00:47 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 4 Jun 2009 00:00:47 -0400 Subject: [Infowarrior] - Internet's root zone to be secured Message-ID: <034F59D3-B9B3-45DF-BE93-841F0548F4AC@infowarrior.org> At long last, internet's root zone to be secured http://www.theregister.co.uk/2009/06/04/dnssec_coming/ VeriSign and ICANN to share DNSSEC duties By Dan Goodin in San Francisco ? Get more from this author Posted in Enterprise Security, 4th June 2009 00:27 GMT The US government said Wednesday it plans to digitally sign the internet's root zone by the end of the year, a move that would end years of inaction securing the internet's most important asset. The US Department of Commerce's National Telecommunications and Information Administration (NTIA) said it was turning to ICANN, or the Internet Corporation for Assigned Names and Numbers, and VeriSign to implement the measure, which is known as DNSSEC. In October, the two organizations submitted separate proposals that offered sharply contrasting visions for putting the complicated framework in place. "The parties are working on an interim approach to deployment, by year's end, of a security technology - Domain Name System Security Extensions (DNSSEC) - at the authoritative root zone (i.e., the address book) of the internet," a statement issued by the NTIA read. "There will be further consultations with the internet technical community as the testing and implementation plans are developed." The statement left many unanswered questions about the roll-out, most notably the specific roles of the two organizations. It also omitted details about exactly how far the temporary solution would go and when a permanent fix can be expected. The answers to such questions are crucial given known vulnerabilities in today's DNS. Last year, researcher Dan Kaminsky of security firm IOActive demonstrated a simple way to plant fraudulent entries in the root zone, which serves as the authoritative document for routing email, web requests, and other internet traffic. The bug had the potential to destroy trust as we know it on the net because it provided a low-cost way for criminals to hijack the websites of banks, government agencies, and similarly sensitive organizations. By August, the majority of the world's DNS servers had been updated to resist Kaminsky's DNS cache-poisoning bug, but he warned the move was a temporary band-aid rather than a permanent solution. DNSSEC is designed to fix that. It affixes a cryptographic seal to results returned from a DNS server to ensure that they haven't been forged. At the heart of the hierarchical DNS is the root zone, which contains the list of servers authorized to provide lookups for each top-level domain such as .com or .gov. In its current form, DNSSEC has existed for about a decade but has yet to be implemented, largely due to the complexity and geopolitical tensions surrounding management of the unwieldy technology. Of particular importance is management of the root key because it controls the topmost tier of the hierarchy. Should it ever fall into the wrong hands, the internet could cease to function. Under the interim solution, VeriSign will manage the root-signing key and ICANN will manage a separate key-signing key, Paul Levins, vice president of corporate affairs for ICANN told The Register. Under last year's proposals, ICANN and VeriSign offered competing arguments why each should manage the root key. (The proposals and public comments responding to them are here.) Representatives from VeriSign didn't return phone calls seeking comment, and an NTIA spokesman declined to confirm ICANN's account. "This is big," said Bart Forbes, the NTIA spokesman. "It's not something we do quickly, but we need to socialize whatever decision is made and make sure everyone is on board." He declined to elaborate on the process the NTIA will use to seek feedback from members of the internet technical community. ICANN is the non-profit group that was established in the late 1990s to oversee the internet's address system. VeriSign operates a wide range of businesses, including management of two of the internet's root-name servers and several businesses that manage digital certificates. While Kaminsky and other experts claim DNSSEC is crucial for securing the internet, not everyone is so sure. Among then is Paul Mockapetris, inventor of DNS. He has long argued that widespread adoption of DNSSEC will be marred by the cost involve and incompatibilities across different systems. "To paraphrase Neil Armstrong, this is one giant step for DNSSEC and one small step for the internet," said Mockapetris, who is chairman and chief scientist for Nominum, which sells DNS servers to service providers and telecos. "This will get us on the road to finding out if DNSSEC will work or not, but it's not going to revolutionize things anytime soon. ? From rforno at infowarrior.org Thu Jun 4 14:24:43 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 4 Jun 2009 10:24:43 -0400 Subject: [Infowarrior] - RIP David Carradine Message-ID: <29FEBCDB-51DC-4613-9E8A-34DA9965C94B@infowarrior.org> Kung Fu star Carradine found dead Carradine was best known recently for starring in Kill Bill Kill Bill and Kung Fu star David Carradine has been found dead in a Bangkok hotel room, BBC correspondent Jonathan Head has reported. The 72-year-old was in Thailand filming his latest film Stretch, according to his personal manager Chuck Binder. Mr Binder said the news was "shocking", adding: "He was full of life, always wanting to work... a great person." More soon. http://news.bbc.co.uk/2/hi/entertainment/8083479.stm From rforno at infowarrior.org Thu Jun 4 18:14:56 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 4 Jun 2009 14:14:56 -0400 Subject: [Infowarrior] - EFF releases 'ToSBack' site Message-ID: <9C39E4CA-E824-4615-9974-F2B904E2938D@infowarrior.org> Electronic Frontier Foundation Media Release For Immediate Release: Thursday, June 04, 2009 Contact: Tim Jones Activism and Technology Manager Electronic Frontier Foundation tim at eff.org +1 415 436-9333 x135 Fred von Lohmann Senior Intellectual Property Attorney Electronic Frontier Foundation fred at eff.org +1 415 436-9333 x123 (office), +1 415 215-6087 (cell) EFF Launches TOSBack - A 'Terms of Service' Tracker for Facebook, Google, eBay, and More New Tool Documents Changes in Policy on the Internet's Biggest Websites San Francisco - "Terms of Service" policies on websites define how Internet businesses interact with you and use your personal information. But most web users don't read these policies -- or understand that the terms are constantly changing. To track these ever-evolving documents, the Electronic Frontier Foundation (EFF) is launching "TOSBack": a "terms of service" tracker for Facebook, Google, eBay, and other major websites. "Terms of service form the foundation of your relationship with social networking sites, online businesses, and other Internet communities, but most people become aware of these terms only when there's a problem," said EFF Activism and Technology Manager Tim Jones. "We created TOSBack to help consumers monitor terms of service for the websites they use everyday, and show how the terms change over time." At www.TOSBack.org, you can see a real-time feed of changes and updates to more than three dozen polices from the Internet's most popular online services. Clicking on an update brings you to a side-by-side before-and-after comparison, highlighting what has been removed from the policy and what has been added. The issue of terms-of-service changes -- and how and why they are made -- was highlighted earlier this year when Facebook modified its terms of use. Facebook users worried that the change gave the company the right to use members' content indefinitely. After a user revolt, Facebook announced that it would restore the former terms while it worked through the concerns users had raised. "Some changes to terms of service are good for consumers, and some are bad," said EFF Senior Staff Attorney Fred von Lohmann. "But Internet users are increasingly trusting websites with everything from their photos to their 'friends lists' to their calendar -- and sometimes even their medical information. TOSBack will help consumers flag changes in the websites they use every day and trust with their personal information." For TOSBack: http://www.TOSBack.org For this release: http://www.eff.org/press/archives/2009/06/03-0 About EFF The Electronic Frontier Foundation is the leading civil liberties organization working to protect rights in the digital world. Founded in 1990, EFF actively encourages and challenges industry and government to support free expression and privacy online. EFF is a member-supported organization and maintains one of the most linked-to websites in the world at http://www.eff.org/ From rforno at infowarrior.org Sat Jun 6 01:34:28 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 5 Jun 2009 21:34:28 -0400 Subject: [Infowarrior] - Jeff Moss named to DHS HSAC Message-ID: Hacker named to Homeland Security Advisory Council by Elinor Mills http://news.cnet.com/8301-1009_3-10258634-83.html?part=rss&subj=news&tag=2547-1_3-0-20 Jeff Moss, founder of the Black Hat and Defcon hacker and security conferences, was among 16 people sworn in on Friday to the Homeland Security Advisory Council. The HSAC members will provide recommendations and advice directly to Secretary of Homeland Security Janet Napolitano. Moss' background as a computer hacker (aka "Dark Tangent") and role as a luminary among young hackers who flock to Defcon in Las Vegas every summer might seem to make him an odd choice to swear allegiance to the government. (Although before running his computer conferences, Moss also worked in the information system security division at Ernst & Young.) I'd like to hear some of the banter as he rubs elbows with the likes of former CIA (Bill Webster) and FBI directors (Louis Freeh), Los Angeles County sheriff, Miami mayor, New York police commissioner, governors of Maryland and Georgia, former Colorado Sen. Gary Hart, and the president of the Navajo Nation. In an interview late on Friday, Moss said he was surprised when he got the call and was asked to join the group. "I know there is a newfound emphasis on cybersecurity and they're looking to diversify the members and to have alternative viewpoints," he said. "I think they needed a skeptical outsider's view because that has been missing." Asked if there was anything in particular he would advocate, Moss said: "There will be more cyber announcements in coming weeks and once that happens my role will become more clear. This meeting was focused on Southwest border protection... With things like Fastpass and Safe Flight, everything they are doing has some kind of technology component." Moss, who is genuinely humble, said he was "fantastically honored and excited to contribute" to the HSAC and not concerned with losing any street cred among what some would call his fan base. He did concede that his new position would give him an unfair advantage in Defcon's "Spot The Fed" contest in which people win prizes for successfully outing undercover government agents. Security consultant Kevin Mitnick, who spent five years in prison on computer-related charges and was on the FBI's most wanted list, praised Moss' diplomacy, but said: "I'm surprised to see Jeff on the list. I would have expected (crypto/security guru and author) Bruce Schneier to be on the council." Moss "is a great crowd pleaser" and "he's just bad enough for them to say 'we're crossing the ranks,'" said journalist and threat analyst Adrian Lamo, who served two years of probation for breaking into computer networks. "But the reality is he's as corporate as hiring someone out of Microsoft." Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor. From rforno at infowarrior.org Sat Jun 6 01:44:34 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 5 Jun 2009 21:44:34 -0400 Subject: [Infowarrior] - House curbs 'virtual strip searches' at airports Message-ID: House curbs 'virtual strip searches' at airports by Declan McCullagh http://news.cnet.com/8301-13578_3-10258700-38.html?part=rss&subj=news&tag=2547-1_3-0-20 WASHINGTON--The Transportation Security Agency's plans to use X-rays to peek under air travelers' clothes may soon be shelved. In a 310-118 vote on Thursday, the U.S. House of Representatives approved legislation that curbs the growing use of what critics call "virtual strip searches" at airport checkpoints. Privacy groups say that the low-energy backscatter X-rays allow "a highly realistic image to be reconstructed... of the traveler's nude form" that's "detailed enough to show genitalia." The TSA, on the other hand, says it has made improvements to its scanning technology including a "privacy algorithm" that will provide the operator with vaguer outlines of body parts. (See related CBS News video.) The House vote attached an amendment drafted by Rep. Jason Chaffetz, a Utah Republican, to a broader TSA bill. TSA's X-ray backscatter scanning with "privacy filter," front view (Credit: TSA.gov) Chaffetz's amendment says that whole body imaging "may not be used" as the primary method of passenger screening, and that passengers have the right to refuse it and "shall be offered a pat-down search" as an alternative. It also prohibits the storage or transmission of the whole-body images after they're no longer necessary for screening. "Whole-body imaging is exactly what it says; it allows TSA employees to conduct the equivalent of a strip search," Chaffetz said in a statement after the vote. "Nobody needs to see my wife and kids naked to secure an airplane." Chaffetz had first introduced the measure as a standalone bill in April. His original bill made it a federal crime for a TSA screener to share or copy a passenger image; that penalty vanished in the final version attached as an amendment. Backscatter X-rays are relatively low-power and are believed to be safe even for frequent flyers. One manufacturer, Rapiscan Systems, boasts that its equipment can detect "explosives, narcotics, ceramic weapons" such as ceramic knives that traditional metal detectors can't. (A competing technology is called millimeter wave.) On May 31, a coalition of advocacy groups including the ACLU, the Electronic Privacy Information Center, Gun Owners of America, and the Consumer Federation of America sent a letter to Homeland Security Secretary Janet Napolitano asking her to "suspend the program until the privacy and security risks are fully evaluated." TSA says that it's currently using millimeter wave technology at 19 U.S. airports, including Los Angeles, San Francisco, Atlanta, and Washington Reagan National. During the Computers, Freedom and Privacy conference on Tuesday in Washington, D.C., Peter Pietra, the TSA's director for privacy policy and compliance, defended full-body scanning technology. (See CNET's 2006 interview with Pietra.) "It's much better for me than going through a magnetometer," Pietra said. There's "an awful lot of work that's gone into it." Any suggestions on how to improve the privacy of the screening process, he said, could be sent to tsaprivacy at dhs.gov. On Thursday, the full House approved the Transportation Security Administration Authorization Act by a vote of 397 to 25. Now the bill heads to the Senate, which could choose to preserve or strip out the privacy amendments. Declan McCullagh, CBSNews.com's chief political correspondent, chronicles the intersection of politics and technology. He has covered politics, technology, and Washington, D.C., for more than a decade, which has turned him into an iconoclast and a skeptic of anyone who says, "We oughta have a new federal law against this." E-mail Declan. From rforno at infowarrior.org Sun Jun 7 19:10:42 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 7 Jun 2009 15:10:42 -0400 Subject: [Infowarrior] - German hacker-tool law snares...no-one Message-ID: <38D0FC50-8676-416B-8EBF-E0754606BF0A@infowarrior.org> Original URL: http://www.theregister.co.uk/2009/06/07/germany_hacker_tool_law/ German hacker-tool law snares...no-one Security researchers are put out By Mark Rasch, SecurityFocus Posted in Crime, 7th June 2009 08:02 GMT On August 10, 2007, a new section of the German Penal code went into effect. The statute, intended to implement certain provisions of the Council of Europe Treaty on Cybercrime, could be interpreted to make the creation or distribution of computer security software a criminal offense. In the wake of the statute, numerous computer security companies announced their relocation out of Germany. However, to date there have been no prosecutions under this provision, and only a small amount of reported litigation. So far, the statute that scared the bejeezus out of the legitimate security community has not deterred or diminished the spread of hacker tools in Germany or anywhere else and has created legal uncertainty about potential liability. The German law came out of the February 24, 2005 Council of Europe's Convention on Cybercrime (pdf (http://eur-lex.europa.eu/LexUriServ/site/en/oj/2005/l_069/l_06920050316en00670071.pdf) ). This convention compelled signatories to adopt implement legislation that, among other things, defined cybercrime, provided procedures for collecting evidence, and create a framework for international cooperation on cybercrime investigations. Article 6 of the Treaty required signatories to make it a crime to intentionally engage in: the production, sale, procurement for use, import, distribution or otherwise making available of ... a device, including a computer program, designed or adapted primarily for the purpose of committing [a computer crime] [or] a computer password, access code, or similar data by which the whole or any part of a computer system is capable of being accessed, with intent that it be used for the purpose of committing [a computer crime]. The treaty language goes on to note that it would not be a crime to produce, sell or distribute a "hacker tool" if it is for a legitimate security purpose. Of Tools and Authors Germany adopted Section 202(c) of its penal code in an effort to comply with its obligations under the COE Cybercrime Convention. The German law makes it an offense to create, obtain or distribute any computer program that violates its cybercrime laws. The penalty set by law is up to a year in jail and fines. The statute is broad enough to cover the creation and transmission of a host of programs ? whether in hardware, software or both ? including password crackers, decryption programs, penetration testing tools, and other common security tools, if it is done as a way of preparing to commit a cybercrime. The statute requires that the commission of the criminal offense be the express purpose of the computer program. The intent of the programmer does not, apparently, matter. Worded differently, the statute could have focused on the intent of the author or distributor, and not on the purpose of the tool. The law still would have left open the question of whether committing a crime had to be the sole purpose, or just one of the purposes, of the author or distributor of the hacker tools. The German law was intended to criminalize only the creation or distribution of devices (including software) that were "designed or adapted primarily for the purpose of committing [cybercrime] offences." However, these offenses include things like unauthorized access and destruction. A tool does not know whether the access is authorized or not. It does not know whether the file destruction is with or without the consent of the file owner. Tools primarily designed to find and exploit vulnerabilities are commonly used by security professionals to test and secure software, networks, and applications. They are, in fact, primarily designed to do things which, if not for the authorization of the network owners, would be a violation of the statute. Moreover, whether the use of tools without the authorization of the owner of the hardware or software is "authorized" is hardly a neat question. Apple recently argued (pdf (http://www.copyright.gov/1201/2008/responses/apple-inc-31.pdf) ) that the use of software by the owner of an iPhone or iPod Touch to jailbreak their own phone violated the provisions of the U.S. Digital Millennium Copyright Act, and was therefore unlawful and unauthorized. Under this interpretation, the creation or distribution of such software, which would be primarily designed to make an "unauthorized" access to your own phone, would be a crime. Terms of Service, Terms of Use, and End User License Agreements would set out the conditions under which the licensee could test the security of the software, hardware or other products they were buying or licensing. A notorious case of a few years back involved Network Associates EULA which prohibited (http://news.cnet.com/2100-1023-981228.html) both benchmarking and the publication of the results of benchmarking. Thus, contract terms, which limit the right to do security testing, are then used to render testing tools into felonies. The COE treaty which the German law is intended to implement, noted that it was not intended to create criminal liability where "the production, sale, procurement for use, import, distribution or otherwise making available or possession ... is not for the purpose of committing a [computer crime] offence." If I intend to facilitate some other crime like unauthorized access or destruction, then can?t I be prosecuted as a conspirator or aider and abettor even without this statute? Moreover, because the definition of computer crime hinges on the authorization to access or use a computer system or network, it is difficult if not impossible to determine whether the creation or distribution of the tool is intended to facilitate a crime. A wily hacker could simply say ? with a wink and a nod ? that the tool ?should not be used to commit any crime,? and thereby escape liability. Better laws needed For all these reasons, the German statute is a mess. While we can empathize with the desire to keep hacker tools out of the hands of script kiddies who intend harm, and keep black hat hackers from developing and distributing ever more sophisticated hacker tools and zero day attacks, the problem remains that these same tools can be and are used for good purposes by good people. While the statute attempts to focus on bad people with bad intent, it lacks the precision to do so. There were a few cases where the German statute was challenged. The government investigated but declined to prosecute the online magazine Tec-Channel in September 2007, where someone offered a password cracker on the website. In that case, the Federal Office for Security in Information Technology (BSI) determined that there was no intent to violate section 202(c). There has been a constitutional challenge to the statute. German law, like the law of many countries, requires that criminal statutes be sufficiently definite to describe precisely what is prohibited without overreaching and banning conduct which should be permissible. In Germany, this is codified in Article 103(2) of the fundamental laws of the Constitution. Right after the law went into force, a German computer security company Visukom filed a lawsuit seeking to declare the statute to be unconstitutionally vague and prohibiting lawful and legitimate conduct. The case remains pending, and according to Visukom?s former president, should be decided later this year. We should recognize that there are similar laws on the books in the UK, Poland and even in the United States. Amendments to the UK Computer Misuse Act in 2006 created a new section which makes it a crime if someone "makes, adapts, supplies or offers to supply any [program or data] intending it to be used to commit, or to assist in the commission of [a cybercrime] believing that it is likely to be so used." Similarly, Article 269(b) of the Polish penal code states that, "whoever prepares, obtains, sells or makes available for other persons the computer devices or software tailored to the purposes of committing [a cybercrime], or prepares computer passwords, entry codes or other data that makes information stored in a computer system or network available? shall be guilty of a crime. While neither the United States nor Canada appear to have any explicit "hacker tools" statutes, the US makes it a crime to make or distribute hardware or software designed to get pirated cable or satellite TV signals. Two years out, the German law has been effectively used to scare legitimate security researchers, while no reported cases have been brought against computer hackers for a violation of the hacker tools provision. We should use the general laws against conspiracy and aiding and abetting crime ? laws which require strict proof of intent to facilitate crime, or acting in concert to achieve an objective ? rather than simply passing laws which, subject to the whim of the local prosecutor, could be used to criminalize legitimate conduct. Mark D. Rasch is an attorney and technology expert in the areas of intellectual property protection, computer security, privacy and regulatory compliance. He formerly worked at the Department of Justice, where he was responsible for the prosecution of Robert Morris, the Cornell University graduate student responsible for the so- called Morris Worm and the investigations of the Hannover hackers featured in Clifford Stoll?s book, "The Cuckoo?s Egg." This article originally appeared in Security Focus (http://www.securityfocus.com/columnists/502 ). Copyright ? 2008, SecurityFocus (http://www.securityfocus.com/) From rforno at infowarrior.org Mon Jun 8 03:25:36 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 7 Jun 2009 23:25:36 -0400 Subject: [Infowarrior] - Sweden's Pirate Party captures Euro seat Message-ID: <96333EE6-D4EA-4A43-8BA1-C5FAF5065A74@infowarrior.org> Sweden's Pirate Party captures Euro seat Sun Jun 7, 2009 10:09pm GMT http://af.reuters.com/article/oddlyEnoughNews/idAFTRE55623320090607 By Veronica Ek STOCKHOLM (Reuters) - Sweden's Pirate Party, striking a chord with voters who want more free content on the Internet, won a seat in the European Parliament, early results showed on Sunday. The Pirate Party captured 7.1 percent of votes in Sweden in the Europe- wide ballot, enough to give it a single seat. The party wants to deregulate copyright, abolish the patent system and reduce surveillance on the Internet. "This is fantastic!" Christian Engstrom, the party's top candidate, told Reuters. "This shows that there are a lot of people who think that personal integrity is important and that it matters that we deal with the Internet and the new information society in the right way." Previously an obscure group of single-issue activists, the party enjoyed a jump in popularity after the conviction in April of four men behind The Pirate Bay, one of the world's biggest free file-sharing website. The case cast a spotlight on the issue of internet file-sharing, a technique used to download movies, music and other content. The defendants have called for a retrial. Despite the similar names, the party and the website are not linked. The party was founded in 2006 and contested a Swedish general election that year, but received less than one percent of the vote. Engstrom credited the party's appeal to young voters for its success. "We are very strong among those under 30. They are the ones who understand the new world the best. And they have now signalled they don't like how the big parties deal with these issues." The Pirate Party will take up one of Sweden's 18 seats in the 785-seat parliament. "We will use all of our strength to defend personal integrity and our civil rights," Engstrom said. (Reporting by Veronica Ek, writing by Adam Cox) ? Thomson Reuters 2009. From rforno at infowarrior.org Mon Jun 8 12:46:41 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 8 Jun 2009 08:46:41 -0400 Subject: [Infowarrior] - Fear-mongering over aerial images (again) Message-ID: <35BF21CC-B86A-4B13-B3F9-5AB4A2042D75@infowarrior.org> Aerial images online endanger national security, critics say June 5, 2009 -- Updated 1609 GMT (0009 HKT) By Mike M. Ahlers http://edition.cnn.com/2009/TECH/06/05/aerial.images.security/ WASHINGTON (CNN) -- One is a assemblyman in California; the other a piano tuner in Pennsylvania. Critics fear that online aerial images of nuclear power plants in the U.S., like this one, could aid terrorists. Critics fear that online aerial images of nuclear power plants in the U.S., like this one, could aid terrorists. But when they independently looked at online aerial imagery of nuclear power plants and other sites, they had the same reaction: They said they feared that terrorists might be doing the same thing. Now, both have launched efforts to try to get Internet map services to remove or blur images of sensitive sites, saying the same technology that allows people to see a neighbor's swimming pool can be used by terrorists to chose targets and plan attacks. "It is disturbing to me that terrorists can now perform considerable surveillance without visiting the targeted site," piano tuner and nuclear watchdog Scott Portzline wrote in a letter to Homeland Security Secretary Janet Napolitano. Portzline is asking the Department of Homeland Security and the Nuclear Regulatory Commission to seek voluntary compliance from satellite and aerial imagery companies to blur images of nuclear plants. Video See how detailed these aerial images are ? Joel Anderson, a member of the California Assembly, has more expansive goals. He has introduced a bill in the state Legislature that would prohibit "virtual globe" services from providing unblurred pictures of schools, churches and government or medical facilities in California. It also would prohibit those services from providing street-view photos of those buildings. Don't Miss * Probe finds U.S. military hardware easy to buy, ship * Obama creates top job for guarding online security "It struck me that a person in a tent halfway around the world could target an attack like that with a laptop computer," said Anderson, a Republican legislator who represents San Diego's East County. Anderson said he doesn't want to limit technology, but added, "There's got to be some common sense." Without leaving his Pennsylvania home, Portzline can take a virtual tour of the nation's 66 nuclear power plants. Using the online mapping services, he zooms in on the iconic cooling towers of one plant and the less-distinctive reactor building. But the more striking images come when Portzline clicks on the "bird's- eye" option offered by the map service. The overhead views, which come chiefly from satellites, are replaced with strikingly clear oblique- angle photos, chiefly shot from aircraft. By clicking another button, he can see the same building from all four sides. "What we're seeing here is a guard shack," Portzline said, pointing to a rooftop structure. "This is a communications device for the nuclear plant." He added, "This particular building is the air intake for the control room. And there's some nasty thing you could do to disable the people in the control room. So this type of information should not be available. I look at this and just say, 'Wow.' " Terror expert and author Brian Jenkins agreed that the pictures are "extraordinarily impressive." "If I were a terrorist planning an attack, I would want that imagery. That would facilitate that mission," he said. "And given the choice between renting an airplane or trying some other way to get it, versus tapping in some things on my computer, I certainly want to do the latter. (It will) reduce my risk, and the first they're going to know about my attack is when it takes place." The operators of Three Mile Island, the plant closest to Portzline's home, say they are not worried about the online imagery. "Our security programs are designed and tested to defend against (an attacker) that has insider information -- even more information then is available on the Internet," said Ralph DeSantis, spokesman for AmerGen, which operates the plant. "In addition to that, our physical security is constantly changing... so what you see one day won't be the same as the next day," he said. The Nuclear Regulatory Commission tells CNN it has seen Portzline's letter and is reviewing the images. "In the past we've considered such images to be dated and of sufficiently low resolution as to not be a concern. But we're taking another look because the resolution of nuclear power plants is something we take very seriously, and we frequently assess and reassess risk as the situation changes," said NRC spokesman Eliot Brenner. But any action beyond requesting voluntary blurring of images may be well beyond the purview of the NRC or the DHS, industry officials say. That is because while the government licenses imaging satellites and restricts the resolution satellite operators can provide commercially, it does not license aerial photography, which provides the higher quality images. Regulating aerial imagery of sensitive infrastructure would be problematic or impossible, a spokesman for one major satellite imagery company said, noting that people can take aerial photos of the CIA headquarters in Virginia while landing at Reagan National Airport in Washington. And, he adds, "Who defines what sensitive is?" Anderson, the legislator, said he first became concerned after hearing that terrorists used online mapping programs to plan the Mumbai, India, attack last November. His concern increased when he heard Hamas say they used the technology to help plan rocket attacks on Israeli cities. He exposed the programs and saw photos of buildings so detailed he could identify air ducts and elevator shafts. "I thought, 'What's the useful purpose of having that level of detail?'" he said. "We still have to live our lives, but I'm not sure that having intimate details of buildings that are high-risk targets is something we should do," he said. Anderson said he understands his bill has First Amendment and censorship implications, and he has intentionally slow-tracked it so it can be given proper consideration. But he is adamant that something needs to be done. "Techno-geeks hate it because they don't want any kind of limit on anything," he said. "If they could get down to the atoms in the brick, they would do it. The man on the streets says 'I get it. I don't know why I need to see the bricks to get to the building.'" Microsoft, which operates one of the most popular map sites, said it operates with security and privacy in mind, but declined to say what images have been blurred or removed from its site. "Our mapping products fully comply with U.S. laws...and have been designed to meet the demands of many of our customers," the company said. "While not all images are able to be removed, Microsoft also provides people and governmental entities with the opportunity to report images that may raise concerns and may remove or blur images brought to our attention. Microsoft will review all reports and make changes to the image as quickly as possible." But is the cat already out of the bag? Is it too late to rein in detailed imagery? "Yes, but..." Brian Jenkins, the terror expert, said. "I think there's utility in doing this (blurring images)." advertisement "In the coming years, there will be additional security technology that will become available and additional things that we may want to do to further improve the security of those facilities. We would like to have the ability to do that without that being promptly broadcast on the Internet," he said. "People think of security in physical terms, barriers, walls, fences. But mystery -- that is, creating uncertainty in the minds of would-be adversaries -- is an important component of security," Jenkins said. "This (imagery) takes away that uncertainty. It removes all mystery." From rforno at infowarrior.org Mon Jun 8 17:59:25 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 8 Jun 2009 13:59:25 -0400 Subject: [Infowarrior] - =?windows-1252?q?OpEd=3A_What_the_government_does?= =?windows-1252?q?n=92t_understand_about_the_Internet?= Message-ID: <52BB69CD-5C36-499B-8023-358F4023D9E3@infowarrior.org> What the government doesn?t understand about the Internet, and what to do about it By Tom Steinberg on Friday, May 29th, 2009 http://www.mysociety.org/2009/05/29/what-the-government-doesnt-understand-about-the-internet-and-what-to-do-about-it/ Current government policy in relation to the Internet can broadly be summarised as occupying three areas: 1. Getting people online (broadband access, and lessons for people who don?t have the skills or interest) 2. Protecting people from bad things done using the Internet (terrorism, child abuse, fraud, hacking, intellectual property infringement) 3. Building websites for departments and agencies. The government does all these things primarily because it believes that the Internet boosts the economy of the UK, and that IT can reduce the cost of public services whilst increasing their quality. Together, these outweigh the dangers, meaning it doesn?t get banned. Gordon Brown?s recent speech at Google was an exemplar of this mainly economically driven celebration of the Internet?s virtues, telling audience members that your industry is driving the next stage of globalisation?. The first challenge for the government is to understand that whilst these beliefs are true, they are only a minor part of the picture. Tellingly, Browns? speech contained almost no language that couldn?t have been used to explain the positive impact of electrification or shipping containers. The way in which the Internet Is not like Electrification or Shipping Containers The Internet has been relentlessly undermining previous practices in the running of businesses, dating, parenting, spying, producing art and many other areas. So, however, did electrification and shipping containers. From cheaper raw materials, to cheaper cars to have sex in the back of, economic and social change has always been driven by technological change. What is different is the way in which the Internet changes social and economic practices - the vector of attack. In the 20th century, advancement of human welfare went hand in hand with the rise of companies that used economies of scale to deliver better goods and services for customers. Technology effectively made it possible and much easier to be a big, highly productive company, to gather expertise and capital together and to target markets for maximum yields. Now take a look for a moment at Wikipedia, MoneySavingExpert, Blogger or Match.com - all big websites, all doing different things. Each one, however, is in its own way is reducing the ability of large, previously well functioning institutions to function as easily. These services are reducing traditional institutions ability to charge for information, seize big consumer surpluses, limit speech or fix marriages. It has, in other words, become harder to be a big business, newspaper, repressive institution or religion. Nor is this traditional ?creative destruction? going on in a normal capitalist economy: this isn?t about one widget manufacturer replacing another, this is about a newspaper business dying and being replaced by no one single thing, and certainly nothing recognisable as a newspaper business. This common pattern of more powerful tools for citizens making life harder for traditional institutions is, for me, a cause for celebration. However, I am not celebrating as a libertarian (which I am not) I celebrate it because it marks a historic increase in the freedom of people and groups of people, and a step-change in their ability to determine the direction of their own lives. How the government can be on the side of the citizen in the midst of the great Internet disruption Disruption like this is scary for any institution, which will tend to mean that as a public entity which interfaces with other institutions the temptation will be to hold back the sea, not swim with it. Government must swim with the tide, though, not just to help citizens more but to avoid the often ruinous tension of a citizenry going one way and a government going another. There are various things government can do to be on the right side. 1. Accept that any state institution that says ?we control all the information about X? is going to look increasingly strange and frustrating to a public that?s used to be able to do whatever they want with information about themselves, or about anything they care about (both private and public). This means accepting that federated identity systems are coming and will probably be more successful than even official ID card systems: ditto citizen-held medical records. It means saying ?We understand that letting train companies control who can interface with their ticketing systems means that the UK has awful train ticket websites that don?t work as hard as they should to help citizens buy cheaper tickets more easily. And we will change that, now.? 2. Seize the opportunity to bring people together. Millions of people visit public sector websites every day, often trying to achieve similar or identical ends. It is time to start building systems to allow them to contact people in a similar situation, just as they?d be able to if queuing together in a job centre, but with far more reach and power. This does open the scary possibility that citizens might club together to protest about poor service or bad policies, but given recent news, if you were a minister would you rather know about what was wrong as soon as possible, or really late in the day (cf MPs? expenses, festering for years)? 3. Get a new cohort of civil servants who understand both the Internet and public policy, and end the era of signing huge technology contracts when the negotiators on the government?s side have no idea how they systems they are paying for actually work. Coming up with new uses of technology, or perceiving how the Internet might be involved with undermining something in the future is an essential part of a responsible policy expert?s skill-set these days, no matter what policy area they work in. It should be considered just as impossible for a new fast-stream applicant without a reasonably sophisticated view of how the Internet works to get a job as if they were illiterate ( a view more sophisticated than generated simply by using Facebook a lot, a view that is developed through tuition ). Unfashionably, this change almost certainly has to be driven from the center. 4. Resist calls from institutions of all sorts to change laws to give them back the advantages they previously had over citizens, and actively appoint a team to see where legislation is preventing possible Internet-enabled challenges to institutions that could do with shaking up. At the moment, this is mostly seen in the music and video fields, but doubtless it will occur in more fields in the next decade, many of them quite possibly less sexy but more economically and socially significant than a field containing so many celebrities. 5. Spend any money whatsoever on a centrally driven project to cherry pick the best opportunities to ?be on the side of the citizen? and drive them through recalcitrant and risk averse departments and agencies. Whilst UK government is spending ?12-13bn a year on IT at the moment, almost none of that is being spent on projects which I would describe as fitting any of the objectives described above. And the good news, for a cash strapped era, is that almost anything meaningful that the government can do on the Internet will cost less than even the consulting fees for one large traditional IT project. Conclusion There are, obviously, more reasons why the Internet isn?t like electrification or shipping containers. But keeping the narrative simple is always valuable when proposing anything. The idea that a wave is coming that empowers citizens and threatens institutions makes government?s choice stark - who?s side do we take? History will not be kind to those that take the easy option. From rforno at infowarrior.org Tue Jun 9 00:47:12 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 8 Jun 2009 20:47:12 -0400 Subject: [Infowarrior] - Reuters suit against Zotero dismissed Message-ID: <6BB88EA0-D8C9-4FAB-BBB0-807F5C6E7C19@infowarrior.org> Thomson Reuters Lawsuit Against Competing Software Product Dismissed from the reverse-engineering-allowed dept http://techdirt.com/articles/20090605/2136345145.shtml Last year, we wrote about the troubling lawsuit filed by Thomson Reuters claiming that George Mason University, the makers of an open bibliography software, Zotero, had violated its copyright by reverse engineering the file format used by Thomson Reuters' own proprietary bibliography software, EndNote. Zotero could open bibliographies created in EndNote and then resave them in an open format -- a very useful tool that should be perfectly legal -- but which Thomson Reuters claims violated its license agreement, which bars reverse engineering. Luckily, a judge has tossed out the lawsuit, though (as of right now) it's not entirely clear what the reason for the dismissal was (the ruling doesn't appear to be anywhere online, and the reports on it don't seem to have the details either). Hopefully, Thomson Reuters takes the hint and drops the case, but there's probably a half-decent chance that it will refile the suit or appeal. However, one hopes that the company realizes that felony interference with a business model isn't a crime, and reverse engineering has been held to be perfectly legal. Also, wouldn't it be nice if the company focused on competing by innovating on tools and features, rather than trying to sue competitors out of existence? http://techdirt.com/articles/20090605/2136345145.shtml From rforno at infowarrior.org Tue Jun 9 02:31:18 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 8 Jun 2009 22:31:18 -0400 Subject: [Infowarrior] - Blogs Falling in an Empty Forest Message-ID: June 7, 2009 Blogs Falling in an Empty Forest By DOUGLAS QUENQUA http://www.nytimes.com/2009/06/07/fashion/07blogs.html?_r=1&pagewanted=print ?HI, I?m Judy Nichols. Welcome to my rant.? Thus was born Rantings of a Crazed Soccer Mom, the blog of a stay-at- home mother and murder-mystery writer from Wilmington, N.C. Mrs. Nichols, 52, put up her first post in late 2004, serving up a litany of gripes about the Bush administration and people who thought they had ?a monopoly on morality.? After urging her readers to vote for John Kerry, she closed with a flourish: ?Practice compassionate regime change.? The post generated no comments. Today, Mrs. Nichols speaks about her blog as if it were a diet or half- finished novel. ?I?m going to get back to it,? she swears. Her last entry, in December of last year, was curt and none too profound. ?Books make great gifts,? she began, breaking a silence of nearly a month. Like Mrs. Nichols, many people start blogs with lofty aspirations ? to build an audience and leave their day job, to land a book deal, or simply to share their genius with the world. Getting started is easy, since all it takes to maintain a blog is a little time and inspiration. So why do blogs have a higher failure rate than restaurants? According to a 2008 survey by Technorati, which runs a search engine for blogs, only 7.4 million out of the 133 million blogs the company tracks had been updated in the past 120 days. That translates to 95 percent of blogs being essentially abandoned, left to lie fallow on the Web, where they become public remnants of a dream ? or at least an ambition ? unfulfilled. Judging from conversations with retired bloggers, many of the orphans were cast aside by people who had assumed that once they started blogging, the world would beat a path to their digital door. ?I was always hoping more people would read it, and it would get a lot of comments,? Mrs. Nichols said recently by telephone, sounding a little betrayed. ?Every once in a while I would see this thing on TV about some mommy blogger making $4,000 a month, and thought, ?I would like that.? ? Not all fallow blogs die from lack of reader interest. Some bloggers find themselves too busy ? what with, say, homework and swim practice, or perhaps even housework and parenting. Others graduate to more immediate formats, like Twitter and Facebook. And a few ? gasp ? actually decide to reclaim some smidgen of personal privacy. ?Before you could be anonymous, and now you can?t,? said Nancy Sun, a 26-year-old New Yorker who abandoned her first blog after experiencing the dark side of minor Internet notoriety. She had started it in 1999, back when blogging was in its infancy and she did not have to worry too hard about posting her raw feelings for a guy she barely knew. Ms. Sun?s posts to her blog ? www.cromulent.org, named for a fake word from ?The Simpsons? ? were long and artful. She quickly attracted a large audience and, in 2001, was nominated for the ?best online diary? award at the South by Southwest media powwow. But then she began getting e-mail messages from strangers who had seen her at parties. A journalist from Philadelphia wanted to profile her. Her friends began reading her blog and drawing conclusions ? wrong ones ? about her feelings toward them. Ms. Sun found it all very unnerving, and by 2004 she stopped blogging altogether. ?The Internet is different now,? she said over a cup of tea in Midtown. ?I was too Web 1.0. You want to be anonymous, you want to write, like, long entries, and no one wants to read that stuff.? Richard Jalichandra, chief executive of Technorati, said that at any given time there are 7 million to 10 million active blogs on the Internet, but ?it?s probably between 50,000 and 100,000 blogs that are generating most of the page views.? He added, ?There?s a joke within the blogging community that most blogs have an audience of one.? That?s a serious letdown from the hype that greeted blogs when they first became popular. No longer would writers toil in anonymity or suffer the indignities of the publishing industry, we were told. Finally the world of ideas would be democratized! This was the catnip that intoxicated Mrs. Nichols. ?That was when people were starting to talk about blogs and how anyone could, if not get famous, get their opinions out there and get them read,? she recalled. ?I just wanted to post something interesting and get people talking, but mostly it was just my sister commenting.? Many people who think blogging is a fast path to financial independence also find themselves discouraged. Matt Goodman, an advertising executive in Atlanta, had no trouble attracting an audience to his self-explanatory site, Things My Dog Ate, which included tales of his foxhound, Watson, eating remote controls, a wig and a $400 pair of Prada shoes. ?I did some Craigslist postings to advertise it, and I very quickly got an audience of about 50,000 viewers a month,? he said. That led to some small advertising deals, including one with PetSmart and another with a company that made dog-proof cellphone chargers. Mr. Goodman posted a video of his dog failing to destroy one. ?I guess the charger wasn?t very popular,? he said. ?I think I made about $20? from readers clicking on the ads. He last updated the site in November. Mr. Jalichandra of Technorati ? a blogger himself ? also points out that some retired bloggers have merely found new platforms. ?Some of that activity has gone to Facebook and MySpace, and obviously Twitter is a new phenomenon,? he said. Others simply tire of telling their stories. ?Stephanie,? a semi- anonymous 17-year-old with a precocious knowledge of designers and a sharp sense of humor, abandoned her blog, Fashion Robot, about a week before it got a shoutout in the ?blog watch? column of The Wall Street Journal last December. Her final post, simply titled ?The End,? said she just didn?t feel like blogging any more. She declined an e-mail request for an interview, saying she was no longer interested in publicity. As for Ms. Sun of Cromulent.org, she has made peace with being public. She has a new blog, SaladDays.org, where she keeps her posts short and jaunty, not personally revealing; mostly, she offers up health and diet tips, with the occasional quote from Simone de Beauvoir. What is she after this time around? In person, she was noncommittal, but that night she sent a follow-up e-mail message. ?To be honest, I would love a book deal to come out of my blog,? she wrote. ?Or I would love for Salad Days to give me a means to be financially independent to continue pursuing and sharing what I love with the world.? From rforno at infowarrior.org Tue Jun 9 03:49:04 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 8 Jun 2009 23:49:04 -0400 Subject: [Infowarrior] - 1984 published 60 years ago today Message-ID: <65B654D2-67D9-47C9-8E09-3211409099D0@infowarrior.org> (c/o Anonymous) Nineteen Eighty-Four Author George Orwell Publisher Secker and Warburg (London) Publication date 8 June 1949 Nineteen Eighty-Four (sometimes abbreviated to 1984) is a classic dystopian novel by English author George Orwell. Published in 1949, it is set in the eponymous year and focuses on a repressive, totalitarian regime. The story follows the life of one seemingly insignificant man, Winston Smith, a civil servant assigned the task of perpetuating the regime's propaganda by falsifying records and political literature. Smith grows disillusioned with his meager existence and so begins a rebellion against the system that leads to his arrest and torture. The novel has become famous for its portrayal of pervasive government surveillance and control, and government's increasing encroachment on the rights of the individual. Since its publication, many of its terms and concepts, such as "Big Brother", "doublethink", and "Newspeak" have entered the popular vernacular. The word "Orwellian" itself has come to refer to anything reminiscent of the book's fictional regime. From rforno at infowarrior.org Tue Jun 9 11:39:01 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 9 Jun 2009 07:39:01 -0400 Subject: [Infowarrior] - Ritholtz: How to Fix Financial Television Message-ID: <4F862975-5F48-401C-959B-3C47A4A544EA@infowarrior.org> http://www.ritholtz.com/blog/2009/06/how-to-fix-financial-television/ Over the past 5 years, I have appeared on various Financial TV shows over a 100 times. But I am also a huge consumer of financial news, in print, on the web, radio, and of course, TV. Being on both sides of the camera gives me a fairly good perspective on what does and doesn?t work on TV. I also have some strong ideas as to what is good and bad TV in terms of providing a social utility, being part of the democratic process, etc. Indeed, this is a longstanding interest of mine. Over the weekend, I referenced the current Columbia Journalism Review (CJR) issue that focused on the role of the media in the credit crisis, stock market and economic collapse (CJR on CNBC, WSJ & Business Press). This area has long interested me (hence, our media panel at TBP conference). But I was surprised this post generated 100 comments from readers. One emailer challenged me on CJR?s CNBC piece: ?Its easy to complain, but what would you do to ?fix? Financial Television?? Challenge accepted. Here are my general suggestions How to Fix Financial Television 1. Stop Yelling. Stop interrupting. Stop Talking Over Each Other: This is not Jerry Springer, its serious business. People?s retirement and investments are at stake. Please treat it that way. 2. Bring us People We Don?t Have Access to. What various FinTV channels do really well is when they bring us long, thoughtful interviews with the likes of Warren Buffett, WIlliam Ackman, David Einhorn, and others. People we wouldn?t ordinarily have access to. Example: This morning, CNBC had on James Rickard. More of this please. 3. S - L - O - W D - O - W - N 4. Risk: All traders must appreciate the potential downside of trades. So too, must FinTV. Explain stop losses. Understand Risk/ Reward. Recognize there are periods when Buy & Hold is a jumbo loser. 5. Lose the Octobox. Fire whoever came up with the Decabox. ?Nuff said. 6. Separate the Signal from the Noise. Understand that most of the day-to-day action is simply noise. Look at a long term chart, you can barely see 9187 or 9/11. If those major events get lost in the long term trend, what does the intraday jags, kinks and reversals mean? Very little. Recognize that not every data release, slice of news, or rumor is at all significant. Stop treating them as if they were. 7. Fact Check: An awful lot of things on air get stated with authority and confidence. Much of them are little more than junk or pop myths. Why is it that the more dubious a proposition is, the greater the confidence the speaker seems to muster? Consider fact checking as much of the statements that are made on air as possible, and making frequent corrections. 8. Accountability is important: I am astounded at some of the money losing hacks that are various shows again and again. These are the ?articulate incompetants? to use Bennett Goodspeed??s phrase. Why not keep track of the records of guests ? and let the viewers know how their past few calls have been. Are they Perma-bulls or bears? Are their stock picks awful? Are they reliable money makers? If not, let us know. (Of course, the better question is, if not, why even have them on?) 9. Bring Back Louis Rukeyser: Not the man, but rather, his style. Wall $treet Week ? Rukeyser hosted it from 1970 to 2005 ? was plain-spoken, thoughtful and accessible. Quiet, contemplative, discussions, with intelligent market participants, revealing helpful information. The investing public would appreciate something of that sort ? again. 10. Sound FX: What is with all the bizarre sound effects every time a screen changes? Its financial news, not a video game. Kill ?em. 11. Embed your video (on your own website or YouTube) instead of using WMP. At long last, thank you. 12. Investigative Pieces: David Faber seems to have a monopoly on deep, long thoughtful analyses. Be they on Wal-Mart, the credit crisis, whatever, his long format work is a highlight of CNBC. More of these, please. 13. Most stock picks are losers. That?s normal, but the audience does not realize this. A big part of the challenge is informing the viewer that finding the biog winners is a low probability, high outcome event. As in a baseball, a 350 hitter is a star. Explain this to your audience. 14. Stop the Bull/Bear Debate: This is a vast over-simplification of the market, and often does not serve the audience well. There are nuances and variables that get lost when you reduce everything to black and white. 15. Partisanship: Leave your personal politics at home. Viewers don?t care what most of you think. 16. Respect the Audience: We are adults. Treat us that way. From rforno at infowarrior.org Tue Jun 9 12:25:10 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 9 Jun 2009 08:25:10 -0400 Subject: [Infowarrior] - UK students' op-ed on classroom CCTV Message-ID: <91DA879B-6827-4C53-9FAB-0CBE67479A6C@infowarrior.org> We don't need no CCTV in our classroom Our school's installation of TV cameras to watch our lessons is an insult ? a fact many adults failed to grasp when we protested Leia Clancy and Sam Goodman guardian.co.uk, Wednesday 3 June 2009 13.30 BST http://www.guardian.co.uk/commentisfree/libertycentral/2009/jun/03/cctv-classroom Earlier this year, on a school day like any other, we shuffled into our politics class at 11.20 on a Monday morning. What we didn't notice straight away were four tinted CCTV domes hanging from the ceiling including a huge monitor dome staring right at us. Confusion and anger broke out among us. A teacher casually stated that they were for teacher training purposes. After a thought of "God, George Orwell was right", some of us angrily packed up and left ? we weren't comfortable working in a classroom with cameras. It turned out that our entire class was angry or confused over the cameras. Out of a class of 18 students, 17 felt uncomfortable with the idea and decided to boycott the room until the issue, and the students, were addressed. This was a difficult decision as we were three months away from exams and we had five lessons a fortnight in the room. The student body was supportive and a petition gained over 130 signatures from the sixth-form. Two weeks later our teacher read a statement from our headteacher explaining the cameras were to be used for teacher training purposes alone, that the system was not currently switched on, and that we would be warned whenever it was meant to go live. It did, however, also say that it was initially not deemed "necessary" to consult the pupils about the installation. Lessons continued, although a few weeks later when students discovered that the recording system was in a cupboard in our classroom the microphones were found to in fact be switched on. We switched them off. The school is currently awaiting a decision from the information commissioner as to whether the cameras can remain or not. Henry's Porter's blog about our decision to "revolt against classroom CCTV" sparked a huge debate on the issue of CCTV in schools. Although users were largely supportive, we wanted to respond to some of the misinformation posted by commentators. Many users suggested that cameras were a good idea because they could be used to keep an eye on bullying and student behaviour, we were accused of been "narcissistic megalomaniacs" angry at "being nabbed for our churlish troublemaking". This stereotypical and frankly ignorant view ignores the fact that Davenant Foundation School produces some of the best exam results in Essex. Violent behaviour among pupils is simply not an issue, making the justification for putting cameras in our classrooms more surprising. Adults are often quick to define the youth of today as stereotypical troublemakers and violent offenders ? generalisations which are prompted by the media ? when in fact the majority of students at our school are as responsible and arguably better behaved then the majority of adults. Some commentators insinuated that we overheard adults talking about rights and repeated it. That notion isn't worth the space it was typed upon. We are A-level politics students who have been studying civil liberties as part of the curriculum for the last two years. Sam campaigned for David Davis when he resigned over the issue of civil liberties and spoke at speakers' corner about the issue. The criticism of our campaign only serves to illustrate the ignorance of adults who have surrendered within only the last few years our right to protest in parliament, our right to go about our business without being stopped and questioned by police about our identity and our affairs, and our personal privacy. Eroding standards in schools and deteriorating discipline are down to a broken society and the failure of the education system. The truth is that we are whatever the generation before us has created. If you criticise us, we are your failures; and if you applaud us we are your successes, and we reflect the imperfections of society and of human life. If you want to reform the education system, if you want to raise education standards, then watching children every hour of every day isn't the answer. The answer is to encourage students to learn by creating an environment in which they can express their ideas freely and without intimidation. From rforno at infowarrior.org Tue Jun 9 12:28:14 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 9 Jun 2009 08:28:14 -0400 Subject: [Infowarrior] - Auto-Immune War Message-ID: <5E799E10-BC18-4C0E-964F-6822710BCBA7@infowarrior.org> Accidental Guerrilla: Part 1, Theoretical Framework http://yorksranter.wordpress.com/2009/06/07/accidental-guerrilla-part-1-theoretical-framework/ Accidental Guerrilla; Part 2, Strategy http://yorksranter.wordpress.com/2009/06/07/accidential-guerrilla-part-2-strategy/ "The reason why biology should get dragged in here is that we are to be destroyed by the over-reaction of our own security system, just as auto-immune diseases turn the immune system on the body. This is a crucial concept, and it is one whose implications cascade through all kinds of other problems, from grand strategy down to airport security measures. Specifically, auto-immune war is a strategy, but its tactical implementation is the creation of false positive responses. Security obsession gums up the economy with inefficiencies. Terrorism terrorises the public; security theatre keeps them that way. As Kilcullen points out, every day, millions of travellers are systematically reminded of terrorism by government security precautions. Profiling measures subject entire communities to indignity and waste endless hours of police time. Vast sums of money are spent on counterproductive equipment programs and unlikely techno- fixes. National identity cards and monster databases are the specific symptoms of this pathology in the UK, just as idiotic militarism is in the US." From rforno at infowarrior.org Tue Jun 9 12:51:01 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 9 Jun 2009 08:51:01 -0400 Subject: [Infowarrior] - Apple security is 'struggling,' researcher says Message-ID: (Rich knows his stuff.....-rf) Apple security is 'struggling,' researcher says Laments lack of 'formal security program' By Dan Goodin in San Francisco r Posted in Anti-Virus, 9th June 2009 00:52 GMT http://www.theregister.co.uk/2009/06/09/apple_security_suggestions/ A well-known security consultant says Apple is struggling to effectively protect its users against malware and other online threats and suggests executives improve by adopting a secure development lifecycle to design its growing roster of products. "Based on a variety of sources, we know that Apple does not have a formal security program, and as such fails to catch vulnerabilities that would otherwise be prevented before product releases," writes Rich Mogull, founder of security firm Securosis and a self-described owner of seven Macs. "To address this lack, Apple should integrate secure software development into all internal development efforts." Microsoft was among the first companies to integrate an SDL into its internal development routine. Under the program, products are built from the ground up with security in mind, so that poorly written sections of older code are replaced with code that can better withstand attack. It also subjects programs to a variety of simulated attacks. Adobe Systems recently beefed up the SDL program for Reader and Acrobat following criticism about the security of those two programs. Mogull's suggestion was one of five he made recently to ensure company is doing everything it should to safeguard its customers. "It's clear that that Apple considers security important, but that the company also struggles to execute effectively when faced with security challenges," he writes in a recent article on Mac news website Tidbits. He goes on to fault the company for its ongoing failure to patch a gaping security hole in Mac versions of Java. The suggestions came as Apple on Monday announced Safari 4.0, a release that fixes more than 50 vulnerabilities in the browser. Protection against clickjacking attacks, denial-of-service flaws and bugs that allow for remote code execution were among the fare. Another suggestion from Mogull is that Apple appoint and empower a high-ranking executive to oversee security in all Apple products. The CSO, or chief security officer, would serve as the public face for Apple security as well as the internal boss who coordinates the company's response to security incidents and development of new products that are safe. "None of this will work if the CSO is merely a figurehead, and this must be an executive management position with the budget, staff, and authority to get the job done," Mogull says. The researcher also called on Apple to complete work adding anti- exploitation technologies into OS X. While features such as sandboxing, library randomization, no-execute flags and stack protection are partially implemented now, "these implementations are either incomplete or flawed in ways that nearly eliminate their security advantages," Mogull says. (Fellow researcher Charlie Miller has said largely the same thing.) Mogull's remaining two suggestions are: * Establish a security response team to manage communications between internal employees and external researchers reporting vulnerabilities in Apple products, and * Manage vulnerabilities in third-party software. Apple has yet to respond to criticism about the vulnerable version of Java it continues to ship with its Macs. ? From rforno at infowarrior.org Tue Jun 9 17:55:59 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 9 Jun 2009 13:55:59 -0400 Subject: [Infowarrior] - AT&T jettisons the last of its Usenet Message-ID: <386FF0B4-0A68-4348-B77B-081832DC633B@infowarrior.org> AT&T jettisons the last of its Usenet A bad year for newsgroups By Cade Metz in San Francisco ? Get more from this author Posted in Telecoms, 9th June 2009 17:10 GMT http://www.theregister.co.uk/2009/06/09/att_kills_usenet/ AT&T has dealt another blow to the internet relic known as Usenet. Sometime next month, the American telcom giant will terminate its entire newsgroup service. "Please note that on or around July 15, 2009, AT&T will no longer be offering access to the Usenet netnews service," reads a note sent to AT&T and posted on the company's Usenet servers. Last July, bowing to pressure from grandstanding New York Attorney General Andrew Cuomo, AT&T eliminated access to all alt.binary newsgroups - i.e. all groups that serve up full-blown data files. As he had done with AOL, Time Warner Cable, Sprint, and Verizon, Cuomo coaxed AT&T into signing an agreement that cut the cord to 88 newsgroups where state investigations had turned up nearly 11,000 "sexually lewd photos featuring prepubescent children." But like many of its ISP brethren, AT&T chose to extend this ostensible porn crackdown beyond those 88 groups. "We?ll no longer include alt.binary newsgroups [as part of its broadband package] because of the prevalence of child pornography in that particular newsgroup hierarchy, and the difficulty in ensuring that no child porn reappears in those newsgroups," an AT&T spokesman told us at the time. Now, AT&T is bagging the entire service - though customers can still tap Usenet through third-party offerings. ? From rforno at infowarrior.org Wed Jun 10 11:31:22 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 10 Jun 2009 07:31:22 -0400 Subject: [Infowarrior] - Cyberscares About Cyberwars Equal Cybermoney Message-ID: <8C71D074-563D-4DE3-927E-4BA25CC1F64B@infowarrior.org> ....although perhaps coming across a bit ranty, it's still a very good article, I must say. Cyberscares About Cyberwars Equal Cybermoney Watching the Cybermilitary-Industrial Complex Form by: Frida Berrigan http://www.huffingtonpost.com/frida-berrigan/cyberscares-about-cyberwa_b_213316.html From rforno at infowarrior.org Wed Jun 10 11:54:42 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 10 Jun 2009 07:54:42 -0400 Subject: [Infowarrior] - Paper: "Social Connectivity in America" Message-ID: (c/o aior) Subtitle: Changes in Adult Friendship Network Size from 2002 to 2007 New paper by Hua (Helen) Wang and Barry Wellman. Forthcoming in American Behavioral Scientist (2009 or 2010). http://www.chass.utoronto.ca/~wellman/publications/social-connectivity/social-connectivity.pdf or just go to my website http://www.chass.utoronto.ca/~wellman > Publications > Cyber Society > Other Cyber Society Research Papers Abstract: There is some panic in the United States about a possible decline in social connectivity. We use two American national surveys (from the Center for the Digital Future, World Internet Project) to analyze how changes in the number of friends are related to changes in Internet use. We find that friendships continue to be abundant among adult Americans between the ages of 25 to 74 and to have grown from 2002 to 2007. This trend is similar among Internet non-users, light users, moderate users, and heavy users ? and across communication contexts: offline, virtual only, and migrating from online to offline. Heavy users are particularly active, having the most friends both on- and off-line. Intracohort change consistently outweighs cohort replacement in overall growth in friendship. From rforno at infowarrior.org Wed Jun 10 22:46:54 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 10 Jun 2009 18:46:54 -0400 Subject: [Infowarrior] - Army Orders Bases to Stop Blocking Twitter, Facebook, Flickr Message-ID: Danger Room What?s Next in National Security Army Orders Bases to Stop Blocking Twitter, Facebook, Flickr * By Noah Shachtman Email Author * June 10, 2009 | * 3:13 pm | http://www.wired.com/dangerroom/2009/06/army-orders-bases-stop-blocking-twitter-facebook-flickr/ The Army has ordered its network managers to give soldiers access to social media sites like Facebook, Flickr, and Twitter, Danger Room has learned. That move reverses a years-long trend of blocking the web 2.0 locales on military networks. Army public affairs managers have worked hard to share the service?s stories through social sites like Flickr, Delicious and Vimeo. Links to those sites featured prominently on the Army.mil homepage. The Army carefully nurtured a Facebook group tens of thousands strong, and posted more than 4,100 photos to a Flickr account. Yet the people presumably most interested in these sites ? the troops ? were prevented from seeing the material. Many Army bases banned access to the social networks. An operations order from the Army?s 93rd Signal Brigade to all domestic Directors of Information Management, or DOIMs, aims to correct that. Issued on May 18th ?for official use only,? the document has not been made public until now. It is ?the intent of senior Army leaders to leverage social media as a medium to allow soldiers to ?tell the Army story? and to facilitate the dissemination of strategic, unclassified information,? says the order, obtained by Danger Room. Therefore, ?the social media sites available from the Army homepage will be made accessible from all campus area networks. Additionally, all web-based email will be made accessible.? The operations order (OPORD) doesn?t apply to all GI Bases overseas, or those run by the other armed services, which aren?t affected by the decree. Nor does the order overturn the long-standing, military-wide ban on sites like MySpace, YouTube and Pandora. And it?s almost certain some Army posts that still block the now-approved web 2.0 networks. Still, it?s a click in the right direction for the armed service which seems to be making a slow but steady recovery from its lingering hostility towards social media. The full OPORD, after the jump.... < - > http://www.wired.com/dangerroom/2009/06/army-orders-bases-stop-blocking-twitter-facebook-flickr/ From rforno at infowarrior.org Wed Jun 10 22:56:42 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 10 Jun 2009 18:56:42 -0400 Subject: [Infowarrior] - SiriusXM raising rates Message-ID: <70A473BE-E7B6-43AB-985B-15DC8965E78A@infowarrior.org> Sorry, maybe I'm being paranoid but I don't buy this 15% increase to our rates as royalty-only. Plus given my current feelings for XM's quality over the past year I am severely tempted to let it expire when it comes up for renewal soon. -rf Price Increase: Sirius XM to pass Music Royalty Fees to consumers By Ryan Saghir on June 3, 2009 5:14 AM | 160 Comments Sirius XM RadioSatellite radio subscribers will be seeing their subscription price grow by nearly $2 a month thanks to increased music royalty rates, according to leaked internal company document. Orbitcast has confirmed the U.S. music royalty rates will be passed along to subscribers with multiple sources familiar with the matter. According to the leaked information, the royalty cost increase will take effect on July 29, 2009. Sirius XM Radio Inc. does not appear to be characterizing this as a rate increase, as the subscription rates "officially" charged by the company will remain the same - but subscribers will end up paying more, nonetheless. In late 2007, the Copyright Royalty Board made a decision to increase the royalty payments for "performance fees" for playing music on satellite radio. The license rate of 6.0% of gross revenue was applied for 2007 and 2008 - it was then increased to 6.5% for 2009 and will continue to increase to 7.0% for 2010, 7.5% for 2011 and 8.0% for 2012. "Unfortunately we can no longer absorb these increased costs," the company stated in the leaked Sirius XM customer service script. < - > http://www.orbitcast.com/archives/price-increase-sirius-xm-to-pass-music-royalty-fees-to-consumers.html From rforno at infowarrior.org Thu Jun 11 14:37:56 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 11 Jun 2009 10:37:56 -0400 Subject: [Infowarrior] - Facebook Users Cancel Friday Night Plans to Claim New Names Message-ID: <103B4D62-5122-4053-BBC5-4B6DA97B973A@infowarrior.org> Facebook Users Cancel Friday Night Plans to Claim New Names http://www.bloomberg.com/apps/news?pid=20601109&sid=afbl_HKpAJHA# By Joseph Galante and Ian King June 11 (Bloomberg) -- Tomorrow night may be a late one for some Facebook users. The world?s largest social-networking site is offering people the chance to claim a personalized Web address beginning at midnight New York time on a first-come, first-served basis. The plan?s announcement two days ago sparked a frenzy among users planning to grab their names. David Whittemore, 25, typically hangs out at bars on Friday nights with his friends. This week, he?ll be at his computer, ready to take his name when the clock strikes midnight. ?It?s going to be a land grab,? said Whittemore, who works for a finance startup in New York. ?I?m definitely going to be staying home.? Facebook Inc. is allowing users to select one name per person, letting them create a Web address for their Facebook profile, such as http://www.facebook.com/david . At the moment, addresses typically contain a sequence of numbers. The aim, Facebook says, is to make it easier to find profiles using search engines such as Google Inc. If someone else has already snagged your name, you?re out of luck. And once users confirm the name they want, it can?t be changed. Jacquie Brennan, a 57-year-old attorney in Houston, says she?s trying for the name ?iJac,? because she?s a fan of Apple Inc. products. If she can?t get that, she?ll settle for ?MoreMerlot.? ?Cool Name? ?You can bet that if everyone else has a cool name, I am going to have one too,? said Brennan, who?s been on Facebook for more than a year and has the site open on her computer all day. Facebook, based in Palo Alto, California, says it can?t predict how many people will hit the site requesting their names. ?We have taken steps to take a look at the infrastructure and put the necessary pieces in place to make sure the service isn?t affected,? said Larry Yu, a spokesman for the company. Facebook attracted 67.5 million users in April, making it the eighth- most visited Web site in the U.S., according to ComScore Inc., a research firm in Reston, Virginia. The site lets people share photos, post updates on what they?re doing, and send messages to each other. After people have set their user names, they have the option to publish it in their ?stream,? or the rolling list of updates they share with friends, Facebook said. The rush to grab user names harks back to the early days of the Internet, when squatters would take domain names and try to sell them at a profit, said Dan Neely, chief executive officer of Networked Insights, a Madison, Wisconsin-based firm that advises companies on how to promote themselves on social- networking sites. Domain Squatting ?You remember the days of folks buying random domains because they thought they were going to be able to sell them for massive amounts of money? It?s going to be like that,? Neely said. Facebook is taking steps to prevent squatting. Users won?t be able to transfer their names to others. The company will also only allow users to claim a name if they had an account before the feature was announced June 9, according to its Web site. This will prevent people from creating new accounts just to grab their addresses, Facebook said. That restriction lifts on June 28. The excitement from users rushing to register their names could have been a moneymaking opportunity for Facebook, said Charlene Li, founder of Altimeter Group, a San Mateo, California-based research firm that specializes in social technology. Revenue Option? ?The question is: How come Facebook isn?t charging for this?? Li said. ?They could make some money on it.? Facebook, whose investors include Microsoft Corp. and venture-capital firm Accel Partners, was founded by Mark Zuckerberg in 2004 as a social-networking service for his classmates at Harvard University. The company generates sales through advertising, and expects revenue to climb 70 percent this year, Chief Operating Officer Sheryl Sandberg said in April. ?We think offering the feature for free is in the best interest of the vast majority of users,? Facebook?s Yu said. Facebook received a $200 million investment last month from Russian investment firm Digital Sky Technologies, valuing the company at $10 billion. Companies are increasingly seeing social networks as a way to build their brands because of the number of people on them, Digital Sky partner Alexander Tamas said at a conference in Carlsbad, California, last month. Twitter Inc., the San Francisco-based social-networking service that lets people type short updates to their friends, already offers Web addresses that include user names. That means Twitter users could lead the charge to lock up their names on Facebook, said Christopher Peri, a 44-year-old software developer and entrepreneur based in Oakland, California. Peri said he will try to get ?Perivision,? a brand that he has been using online since he studied virtual reality at the University of California, Berkeley. ?If there?s going to be a Perivision, it?s going to be me,? Peri said. To contact the reporters on this story: Joseph Galante in San Francisco at jgalante3 at bloomberg.netIan King in San Francisco at ianking at bloomberg.net Last Updated: June 11, 2009 00:00 EDT From rforno at infowarrior.org Thu Jun 11 14:44:01 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 11 Jun 2009 10:44:01 -0400 Subject: [Infowarrior] - WHO set to declare first flu pandemic since 1968 Message-ID: WHO set to declare first flu pandemic since 1968 Thu Jun 11, 2009 9:39am EDT By Stephanie Nebehay http://www.reuters.com/article/topNews/idUSTRE55A1U720090611?feedType=RSS&feedName=topNews&sp=true GENEVA (Reuters) - The World Health Organization was poised on Thursday to declare that the new H1N1 virus has caused the first influenza pandemic in more than 40 years, health sources said on Thursday. The move will trigger heightened health measures in the WHO's 193 member states as authorities brace for the worldwide spread of the virus that has so far caused mainly mild illness. WHO Director-General Dr Margaret Chan was to hold a news conference on the outbreak at 1600 GMT. Flu experts advising Chan, who met earlier on Thursday, were expected to recommend moving to the top phase 6 on the WHO's six-point scale, the sources said. That would reflect the fact that the disease, widely known as swine flu, was spreading geographically, but not necessarily indicate how virulent it is. "Phase 6, if we call a phase 6, doesn't mean anything concerning severity, it is concerning geographic spread ... Pandemic means global, but it doesn't have any connotation of severity or mildness," WHO spokesman Gregory Hartl said. "In fact, what we are seeing with this virus so far is overwhelmingly to date mild disease. So we would think that this event is really a moderate event for the time being, because the numbers are high but the disease is overwhelmingly mild," he told Reuters Television before the talks. David Heymann, a former top WHO official now chairing Britain's Health Protection Agency, said that countries had tried to contain the virus through measures including school closures during the current phase 5. This has extended the precious time needed to prepare for a full-blown pandemic. "During phase 5, the government and people in the U.K. have had the time to prepare for a pandemic -- this has hopefully decreased any surprise and concern that might be associated with a WHO announcement of phase 6, if one is made," he told Reuters. As it spreads in humans, science cannot predict what course the virus will take, the disease it causes and the age groups infected, Heymann said. "The severity of that disease, the effectiveness of antiviral drugs and the stability of the virus must all be watched closely," he added. A pandemic could cause enormous disruption to business as workers stay home because they are sick or to look after family members and authorities restrict gatherings of large numbers of people or movement of people or goods. World markets shrugged off the possibility of a pandemic, as investors focused on possible global economic recovery. AUSTRALIA LIKELY TRIGGER Widespread transmission of the virus in Victoria, Australia, signaling that it is entrenched in another region besides North America, is likely to be the trigger for moving to phase 6. Five people have been admitted to intensive care in Australia and more than 1,000 cases confirmed following widespread testing in the state. "We have tested 5,500 people in the last two weeks, that is more people than we test in our whole influenza season," said Victorian state premier John Brumby. One health source, who declined to be named, said the experts were also expected to recommend finishing production currently under way of seasonal flu vaccine for the northern hemisphere next winter. "They might say finish seasonal vaccine and say begin pandemic vaccine as soon as it is feasible," he said. Drugmakers have obtained the new influenza A (H1N1) seed virus in the past two weeks, enabling them to begin the production process by growing the virus in eggs. Company officials said on Wednesday that they were on track to have a vaccine against the new strain ready for the northern hemisphere autumn. Seasonal flu each year kills up to half a million people, mainly elderly, and causes severe illness in millions, so a premature switch in vaccine production to cope with the new strain could put many people at risk. The new strain can be treated by antiviral drugs oseltamivir, the generic name of Roche Holding's Tamiflu tablets, and Relenza, a spray made by GlaxoSmithKline. The strain, which emerged in April in Mexico and the United States, has spread widely in nations including Australia, Britain, Chile and Japan. Authorities in Germany have confirmed 30 cases of H1N1 at a school in the industrial Rhineland city of Duesseldorf, the most concentrated outbreak of the virus so far in Europe's biggest economy. There have been 27,737 infections reported in 74 countries to date, including 141 deaths, according to the WHO's latest tally of laboratory confirmed cases, but the real number of people with the disease is likely to run into at least hundreds of thousands, as mild cases may not have been detected. A survey by New York City's health department showed that 6.9 percent of the city's population of over 8 million had experienced "flu-like illness" -- which could include other diseases -- in the first three weeks of May. "The findings don't tell us exactly how many New Yorkers have had H1N1 influenza," said New York City Health Commissioner Dr Thomas Farley in a statement. "But they suggest it has been widespread, and mild in most affected people." From rforno at infowarrior.org Thu Jun 11 17:32:30 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 11 Jun 2009 13:32:30 -0400 Subject: [Infowarrior] - Collateral Damage (in Cyberspace) Message-ID: <30D49AEB-91B8-4999-A08F-C0735895EBE0@infowarrior.org> Collateral Damage http://www.cringely.com/2009/06/collateral-damage/ There was lots of good discussion last time about cyber warfare, cyber security, and U.S. policy, but what most respondents seemed to miss was the international nature of the IT business ? all the outsourcing and offshoring that we were told was so great ? and its implications for U.S. security. The upshot is that any U.S. cyber warfare czar will have to effectively function as a WORLD cyber warfare czar, a fact that neither Republican nor Democratic Administrations have yet been willing to embrace, at least in public. Forget for the moment about data incursions within the DC beltway, what happens when Pakistan takes down the Internet in India? Here we have technologically sophisticated regional rivals who have gone to war periodically for six decades. There will be more wars between these two. And to think that Pakistan or India are incapable or unlikely to take such action against the Internet is simply naive. The next time these two nations fight YOU KNOW there will be a cyber component to that war. And with what effect on the U.S.? It will go far beyond nuking customer support for nearly every bank and PC company, though that?s sure to happen. A strategic component of any such attack would be to hobble tech services in both economies by destroying source code repositories. And an interesting aspect of destroying such repositories ? in Third World countries OR in the U.S. ? is that the logical bet is to destroy them all without regard to what they contain, which for the most part negates any effort to obscure those contents. You can have 1000 safe deposit boxes with only three holding anything of real value, but that obfuscation is meaningless if the target is ALL safety deposit boxes. To this point cyber security conferences tend to concentrate on intelligence (probing attacks to learn about a potential enemy, gather information and map defenses) and tactical deployment (using that intelligence information to blind, disable, or defend some network resources in what?s usually perceived as an encounter lasting hours). There is little to no regard for strategic use of cyber warfare as in the India-Pakistan example or the nuking of source code libraries. We don?t talk about it because it is too horrific, not because it can?t happen. The result, of course, is that any major power has to be concerned about the cyber security of all its technology partners, which over the last decade has come to include a lot of Third World nations. Try to do a security audit of Argentina or Bangladesh and see what nightmare is unveiled. Yet this is exactly where major international companies are deploying more and more technical resources. The military answer of course is to isolate network traffic, as many readers have suggested. But how do you enforce that in other countries? And how effective is it at all against a strategic attack on essentially commercial resources? Not very. This is not a battle but a war and wars take a long time to prepare for and wage. As readers have pointed out we?re not just concerned with malware and viruses but even hardware-based attacks. Who knows if that flash memory from Malaysia or that router card from Taiwan is compromised? Who CAN know? And if you?ve found one hardware exploit in a product does that mean you?ve found all that are there? Hardly. One point of view is that this makes both old tech and traditional firepower more valuable. Analog systems, for example, are unlikely to be compromised by digital exploits. And 2000-pound bombs are a pretty darned effective response to a cyber attack IF you can clearly identify the attacker and figure out where to drop the bombs. Both effects tend to neutralize the effect of advanced systems, making Syria a more effective opponent against Israel, AND push superpowers toward brandishing their biggest guns ? nuclear weapons. So cyber warfare is internationally destabilizing in whole new ways with the world being dramatically less safe as a result. This works mainly to the advantage of the bad guys. Then there?s the Code God Effect ? the potential strategic impact of a single programmer with commanding skills. That very guy or gal who typically is the creative heart of an entire company (but they never admit it) because he is the equivalent of 100 average coders can be the secret weapon in a cyber war, too. And the distribution of such megabrains is random enough that to say one or more aren?t working right now in North Korea would be a bad bet ? one that a nation like the United States would be unwise to make. We see the Code God Effect happening right now with publicized Chinese Internet incursions and those are just amateurs: the real damage is being done by much more skillful players we have yet to even detect. What this means for any major power is that they aren?t as powerful as they think they are and that power is even less across borders. There isn?t a U.S. agency I know of ? ANY agency ? that is prepared to win such a war against a clever and determined opponent of almost any size. If the game is U.S. versus Albania, who wins? I don?t know. We need new tools and new weapons. We need to find ways of changing the battlefield to negate opponents (this is HUGE), not just shooting back. We need leadership that understands this. Maybe President Obama understands it, maybe not. He hasn?t demonstrated yet that he does, at least not to me. Let?s hope that?s just part of an incredibly clever master plan. Yeah, right. From rforno at infowarrior.org Fri Jun 12 03:00:32 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 11 Jun 2009 23:00:32 -0400 Subject: [Infowarrior] - IRS considers cellphone tax Message-ID: <7E3498F4-9B9E-4B04-96B3-3399B5326E72@infowarrior.org> Tax Man's Target: The Mobile Phone By MARTIN VAUGHAN and AMOL SHARMA http://online.wsj.com/article/SB124473141538306335.html The use of company-issued mobile phones could trigger new federal income taxes on millions of Americans as a "fringe benefit." The Internal Revenue Service proposed employers assign 25% of an employee's annual phone expenses as a taxable benefit. Under that scenario, a worker in the 28% tax bracket, whose wireless device costs the company $1,500 a year, could see $105 in additional federal income tax. The IRS, in a notice issued this week, said employees could avoid tax liability if they showed proof they used personal cellphones for nonbusiness calls during work hours. The agency also could decide on a set number of phone minutes as "minimal personal use" that would be untaxed. In a third option proposed by the IRS, employers could use a statistical sampling to determine what portion of workers' cellphone use is personal and how much is work-related. Workers would be taxed on the difference. The IRS move, which is spurring efforts by the wireless industry and others to kill the idea, would mark a stricter enforcement of an existing rule that classifies employer-provided cellphones as a taxable benefit, rather than a 24-hour-a-day work tool. Under a 1989 law, workers who use company-provided mobile phones for personal calls are supposed to count the value of those calls as income and pay federal income taxes accordingly. But businesses and workers have long ignored the requirement, prompting the IRS to consider steps the agency said would make it easier for businesses and workers to comply. Some firms said they have ignored the tax because of the paperwork required to account for personal and work calls. U.S. companies allow incidental personal use for about 40% of employees with cellphones, according to a survey by In-Stat, a market research firm. "The idea that you should keep a log saying, 'I made a call saying I will be late for dinner again,' that's a totally cumbersome and burdensome requirement that most employers and employees are not going to comply with," said Jot Carpenter, vice president of government affairs for CTIA-The Wireless Association, a trade group of cellphone- equipment manufacturers and service providers. "It would be a nightmare for corporations to try to figure out what are work calls and what are personal calls," said Gerry Coady, chief information officer at Frontier Airlines Holdings Inc., who manages about 100 BlackBerrys for workers at the Denver-based airline. Some employees aren't so happy about the idea, either. "Your job gives you a phone to be in 24-hour contact. It's only natural that you're going to use it personally," said Anthony Cecchini, an analyst at investment bank Oppenheimer & Co. "If I need to get a personal email or call, it shouldn't be a big deal." [talk time] Individual taxes on employer-issued cellphones and smart phones would depend on the annual cost of the wireless service, as well as an employee's tax bracket. The IRS didn't respond to requests for interviews on the tax. The agency will collect comment on its proposal through September before issuing a decision. The mobile-phone industry has a big stake in the outcome. U.S. businesses will spend an estimated $59 billion on cellular voice service for employees in 2009, according to research by In-Stat. The market has been a big revenue source for wireless carriers, though it has taken a hit in the recession. Cellphone companies worry, for example, that client firms wishing to avoid trouble with the IRS will cancel wireless contracts and instead reimburse employees for a portion of their personal cellphone. David Lemelin, a telecom analyst, said enforcement of the tax could discourage sales employees from tending to customers after hours. "Personal use of cellular in these instances has increasingly become considered a cost of doing business," he said. Wireless companies also argue the IRS rule is outdated. Rates have declined so dramatically in the past decade -- with night and weekend calls free under many plans -- that it makes little sense for the IRS to assess employee benefits by nickels and dimes. "This is a regulation from a bygone time, dating back to the infancy of the cellphone business, and it is in desperate need of updating," said Howard Woolley, a senior vice president with Verizon Wireless, a venture of Verizon Communications Inc. and Vodafone Group PLC. Such companies as Verizon and Sprint Nextel Corp. are backing congressional proposals to repeal the tax. They are supported by local government, education and farm groups. "This is an outdated regulation that was established at the infancy of our industry," Sprint spokesman John Taylor said. "We don't think it's really relevant in today's economy." Over the past couple of years, the IRS has begun challenging employers over the accounting of workers' cellphone expenses during tax audits, said Mr. Carpenter, the trade-group spokesman. The 1989 law requires that company-provided wireless services be included in a worker's gross income -- unless the employee keeps detailed records showing the device was used only for work. Following one IRS audit, the University of California system owed additional payroll taxes because it couldn't substantiate that employees' cellphone use was solely work-related. John Harper, the mayor of Rowlett, Texas, said his town wrestled with whether to declare as worker income a portion of the 100 cellphones provided to city employees, but decided it was too much work. "I'm all for collecting taxes for the government," he said, "but let's not end up costing us more to do it than the tax you ultimately collect." ?Ben Worthen contributed to this article. Write to Martin Vaughan at martin.vaughan at dowjones.com and Amol Sharma at amol.sharma at wsj.com From rforno at infowarrior.org Fri Jun 12 13:21:30 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 12 Jun 2009 09:21:30 -0400 Subject: [Infowarrior] - DRM licensing group presses on with plan to plug analog hole Message-ID: <29033181-DF51-493B-B9B1-903D89F5EB50@infowarrior.org> DRM licensing group presses on with plan to plug analog hole The AACS-LA plans to phase out analog output of Blu-ray and other AACS- protected content over the next few years. The move is ostensibly to prevent pirating, but it seems more likely to just cause headaches for legitimate consumers. By Chris Foresman | Last updated June 11, 2009 9:31 PM CT http://arstechnica.com/media/news/2009/06/drm-licensing-group-presses-on-with-plan-to-plug-analog-hole.ars The AACS Licensing Authority, which licenses the AACS content protection scheme (read "DRM") used in high-definition Blu-ray discs, has released the terms of its "AACS Final Adopter Agreement" online. Buried in its 188 pages of cryptic terms are details of what the AACSLA is calling the "analog sunset"?an eventual phasing out of analog output of AACS-protected content. The goal of this phasing out is to plug the "analog hole," whereby digital content can be copied by redigitizing the analog output of a Blu-ray player, for instance. Digital signals transmitted over HDMI are already protected by the HDCP scheme, which provides encryption between players and HDTVs and monitors. The terms of the agreement state that AACS licensees must limit analog output to interlaced SD resolution ("composite video, s-video, 480i component video and 576i video") for any device manufactured after December 31, 2010. Then, after December 31, 2013, no device that can decrypt AACS content can be made with any analog output whatsoever. By 2014 the vast majority of TVs made are likely to be purely digital devices. But plenty of older, analog-only, perfectly functional HDTVs will still be around in a few years. And, as the EFF notes, discs can be encoded with an Image Constraint Token that can limit analog output despite a player being capable of higher resolution analog output. Particularly puzzling is the fact that plugging the so-called "analog hole" won't stop direct digital ripping, enabled by software such as AnyDVD HD. And even the MPAA itself recommends using a camcorder pointed at a TV as a way to make fair use copies, creating another analog hole. All this time and effort to block means of casual copying, though, doesn't really thwart commercial pirates, and serves mostly as an annoyance to paying customers. HDCP has already presented issues for users with newer Blu-ray players and older HDTVs, and for some users of newer Macs attempting to play iTunes content on non-HDCP-equipped monitors and projectors. From rforno at infowarrior.org Fri Jun 12 13:51:57 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 12 Jun 2009 09:51:57 -0400 Subject: [Infowarrior] - Another reason to distrust big pharma Message-ID: <24FD2397-6EC4-441D-B580-AF4EF1202592@infowarrior.org> Lilly Sold Drug for Dementia Knowing It Didn?t Help, Files Show By Margaret Cronin Fisk, Elizabeth Lopatto and Jef Feeley June 12 (Bloomberg) -- Eli Lilly & Co. urged doctors to prescribe Zyprexa for elderly patients with dementia, an unapproved use for the antipsychotic, even though the drugmaker had evidence the medicine didn?t work for such patients, according to unsealed internal company documents. In 1999, four years after Lilly sent study results to the U.S. Food and Drug Administration showing Zyprexa didn?t alleviate dementia symptoms in older patients, it began marketing the drug to those very people, according to documents unsealed in insurer suits against the company for overpayment. Regulators required Lilly and other antipsychotic drug- makers in April 2005 to warn that the products posed an increased risk to elderly patients with dementia. The documents show the health dangers in marketing a drug for an unapproved use, called off-label promotion, said Sidney Wolfe, head of the health research group at Public Citizen in Washington. ?By definition, off-label means there is no clear evidence that the benefits of a drug outweigh the risks,? Wolfe said. ?The reason why off-label promotion is illegal is that you can greatly magnify the number of people who will be harmed.? In 1999, when Lilly began its marketing push, Zyprexa?s only approved use was for patients suffering from schizophrenia, according to the FDA. In 2008, Zyprexa was Lilly?s best-selling drug, with $4.7 billion in sales, while antipsychotics as a group topped U.S. drug sales last year, with $14.6 billion. < - > http://www.bloomberg.com/apps/news?pid=20601109&sid=aTLcF3zT1Pdo From rforno at infowarrior.org Sat Jun 13 03:07:38 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 12 Jun 2009 23:07:38 -0400 Subject: [Infowarrior] - Privacy May Be a Victim in Cyberdefense Plan Message-ID: <9088060B-0460-4E35-A6AC-9C25E93AFD0E@infowarrior.org> June 13, 2009 Cyberwar Privacy May Be a Victim in Cyberdefense Plan By THOM SHANKER And DAVID E. SANGER http://www.nytimes.com/2009/06/13/us/politics/13cyber.html?_r=2&hp=&pagewanted=print WASHINGTON ? A plan to create a new Pentagon cybercommand is raising significant privacy and diplomatic concerns, as the Obama administration moves ahead on efforts to protect the nation from cyberattack and to prepare for possible offensive operations against adversaries? computer networks. President Obama has said that the new cyberdefense strategy he unveiled last month will provide protections for personal privacy and civil liberties. But senior Pentagon and military officials say that Mr. Obama?s assurances may be challenging to guarantee in practice, particularly in trying to monitor the thousands of daily attacks on security systems in the United States that have set off a race to develop better cyberweapons. Much of the new military command?s work is expected to be carried out by the National Security Agency, whose role in intercepting the domestic end of international calls and e-mail messages after the Sept. 11, 2001, attacks, under secret orders issued by the Bush administration, has already generated intense controversy. There is simply no way, the officials say, to effectively conduct computer operations without entering networks inside the United States, where the military is prohibited from operating, or traveling electronic paths through countries that are not themselves American targets. The cybersecurity effort, Mr. Obama said at the White House last month, ?will not ? I repeat, will not ? include monitoring private sector networks or Internet traffic.? But foreign adversaries often mount their attacks through computer network hubs inside the United States, and military officials and outside experts say that threat confronts the Pentagon and the administration with difficult questions. Military officials say there may be a need to intercept and examine some e-mail messages sent from other countries to guard against computer viruses or potential terrorist action. Advocates say the process could ultimately be accepted as the digital equivalent of customs inspections, in which passengers arriving from overseas consent to have their luggage opened for security, tax and health reasons. ?The government is in a quandary,? said Maren Leed, a defense expert at the bipartisan Center for Strategic and International Studies who was a Pentagon special assistant on cyberoperations from 2005 to 2008. Ms. Leed said a broad debate was needed ?about what constitutes an intrusion that violates privacy and, at the other extreme, what is an intrusion that may be acceptable in the face of an act of war.? In a recent speech, Gen. James E. Cartwright, vice chairman of the Joint Chiefs of Staff and a chief architect of the new cyberstrategy, acknowledged that a major unresolved issue was how the military ? which would include the National Security Agency, where much of the cyberwar expertise resides ? could legally set up an early warning system. Unlike a missile attack, which would show up on the Pentagon?s screens long before reaching American territory, a cyberattack may be visible only after it has been launched in the United States. ?How do you understand sovereignty in the cyberdomain?? General Cartwright asked. ?It doesn?t tend to pay a lot of attention to geographic boundaries.? For example, the daily attacks on the Pentagon?s own computer systems, or probes sent from Russia, China and Eastern Europe seeking chinks in the computer systems of corporations and financial institutions, are rarely seen before their effect is felt inside the United States. Some administration officials have begun to discuss whether laws or regulations must be changed to allow law enforcement, the military or intelligence agencies greater access to networks or Internet providers when significant evidence of a national security threat was found. Ms. Leed said that while the Defense Department and related intelligence agencies were the only organizations that had the ability to protect against such cyberattacks, ?they are not the best suited, from a civil liberties perspective, to take on that responsibility.? Under plans being completed at the Pentagon, the new cybercommand will be run by a four-star general, much the way Gen. David H. Petraeus runs the wars in Afghanistan and Iraq from Central Command in Tampa, Fla. But the expectation is that whoever is in charge of the new command will also direct the National Security Agency, an effort to solve the turf war between the spy agency and the military over who is in charge of conducting offensive operations. While the N.S.A.?s job is chiefly one of detection and monitoring, the agency also possesses what Michael D. McConnell, the former director of national intelligence, called ?the critical skill set? to respond quickly to cyberattacks. Yet the Defense Department views cyberspace as its domain as well, a new battleground after land, sea, air and space. The complications are not limited to privacy concerns. The Pentagon is increasingly worried about the diplomatic ramifications of being forced to use the computer networks of many other nations while carrying out digital missions ? the computer equivalent of the Vietnam War?s spilling over the Cambodian border in the 1960s. To battle Russian hackers, for example, it might be necessary to act through the virtual cyberterritory of Britain or Germany or any country where the attack was routed. General Cartwright said military planners were trying to write rules of engagement for scenarios in which a cyberattack was launched from a neutral country that might have no idea what was going on. But, with time of the essence, it may not be possible, the scenarios show, to ask other nations to act against an attack that is flowing through their computers in milliseconds. ?If I pass through your country, do I have to talk to the ambassador?? General Cartwright said. ?It is very difficult. Those are the questions that are now really starting to emerge vis-?-vis cyber.? Frida Berrigan, a longtime peace activist who is a senior program associate at the New America Foundation?s arms and security initiative, expressed concerns about whether the Obama administration would be able to balance its promise to respect privacy in cyberspace even as it appeared to be militarizing cybersecurity. ?Obama was very deliberate in saying that the U.S. military and the U.S. government would not be looking at our e-mail and not tracking what we do online,? Ms. Berrigan said. ?This is not to say there is not a cyberthreat out there or that cyberterrorism is not a significant concern. We should be vigilant and creative. But once again we see the Pentagon being put at the heart of it and at front lines of offering a solution.? Ms. Berrigan said that just as the counterinsurgency wars in Iraq and Afghanistan had proved that ?there is no front line anymore, and no demilitarized zone anymore, then if the Pentagon and the military services see cyberspace as a battlefield domain, then the lines protecting privacy and our civil liberties get blurred very, very quickly.? From rforno at infowarrior.org Sun Jun 14 16:13:25 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 14 Jun 2009 12:13:25 -0400 Subject: [Infowarrior] - Ex-Gov Cyber Official, Exec Mulled for Czar Job Message-ID: <83036BD4-7D59-445E-8592-B19F78D5CC6A@infowarrior.org> Ex-Government Cyber Official, Exec Mulled for Czar Job ? By Diane Bartz ? June 11, 2009 | ? 2:55 pm http://www.wired.com/epicenter/2009/06/ex-government-cyber-official-exec-mulled-for-czar-job/ HINGTON (Reuters) - Microsoft?s security chief and a veteran of Clinton?s and Bush?s national security teams are leading candidates for cybersecurity czar, a job that needs White House access and clout to protect networks that underpin the U.S. economy. President Barack Obama promised last month that he would personally decide who would lead the fight against an epidemic of cybercrime and organize a response to any major cyber attack. A leading candidate for the post is Scott Charney, head of Microsoft?s cybersecurity division, who has said he won?t take the job, according to a source who had direct knowledge of the matter but was not authorized to discuss it. The source said, however, that Charney would change his mind if pressed. Charney also led PricewaterhouseCoopers? cybercrime unit and headed the Justice Department?s computer crime section. His main competitor is likely Paul Kurtz, who led Obama?s cybersecurity transition team and who worked on the National Security Council under both Bush and Clinton, the source said. Others under consideration include former Rep. Tom Davis, a moderate Virginia Republican; Sun Microsystems executive Susan Landau; Maureen Baginski, a veteran of the National Security Agency and Federal Bureau of Investigation, and Frank Kramer, an assistant defense secretary under Clinton, the source told Reuters. Also in the running but less likely to be picked are Melissa Hathaway, who led a cybersecurity review for the president, and James Lewis of the Center for Strategic and International Studies think tank, the source said. John Thompson, chairman of the board of Symantec Corp, had been under consideration but turned it down, the source said. The exact responsibilities of the new job remain largely undefined, although the position described in a report by Hathaway?s team describes a coordinator who reports to both the National Security Council and the National Economic Council. Holes in U.S. cybersecurity defenses have allowed major incidents of thefts of identity, money, intellectual property and corporate secrets. In one incident, a bank lost $10 million in cash in a day. There have also been thefts of sensitive military information and a penetration of the U.S. electrical grid. Susan Landau, who declined to discuss if she has been short-listed for the job, said she would urge Obama to make it a top-level position, as he promised. ?The job is very important,? said Landau. ?We have all sorts of different kinds of threats. ? What you want is ubiquitous security.? Landau is a Sun Microsystems engineer who has worked on digital rights, privacy and export control. Lewis, who also declined to discuss on the record whether he was being considered, said the White House must emphasize national security expertise in picking a cybersecurity czar. ?Some guy from industry is going to write a national security strategy? No, they aren?t. You don?t just pick this up,? said Lewis. ?You need somebody who knows the national security game, who knows government and who knows about the technology.? Before becoming a senior fellow at CSIS on technology and national security, Lewis worked for the federal government as a foreign service officer with assignments on such disparate topics as global arms sales, encryption and high-tech trade with China. Lawmakers on Capitol Hill shared Lewis? and Landau?s views, said a senate staffer who has been briefed on the issue. ?The president?s vision is a heavyweight,? said a Senate staffer. ?I?m concerned that he or she will get sort of tied up, like Gulliver, tied down by a million different reporting requirements.? From rforno at infowarrior.org Sun Jun 14 16:27:46 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 14 Jun 2009 12:27:46 -0400 Subject: [Infowarrior] - Half Of Your Friends Lost In Seven Years, Social Network Study Finds Message-ID: Half Of Your Friends Lost In Seven Years, Social Network Study Finds http://www.sciencedaily.com/releases/2009/05/090527111907.htm ScienceDaily (May 27, 2009) ? Had a good chat with someone recently? Has a good friend just helped you to do up your home? Then you will be lucky if that person still does that in seven years time. Sociologist Gerald Mollenhorst investigated how the context in which we meet people influences our social network. One of his conclusions: you lose about half of your close network members every seven years. You are stuck with your family but you can choose your friends. Really? For years sociologists have argued to what extent personal networks are the result of your own preferences or the context in which you can meet someone. Would your best friend have been your best friend if you had not been in the same class for three years? And if you had not got to know your wife via mutual friends but in a dodgy bar then would she still have become and remained your wife? In order to answer such questions, Mollenhorst conducted a survey under 1007 people aged between 18 and 65 years. Seven years later the respondents were contacted once again and 604 people were reinterviewed. They answered questions such as: Who do you talk with, regarding important personal issues? Who helps you with DIY in your home? Who do you pop by to see? Where did you get to know that person? And where do you meet that person now? Limited in your choices Mollenhorst investigated, for example, whether the social context in which contacts are made influences the degree of similarity between partners, friends and acquaintances. It was expected that the influence of social contexts on similarity in relationships would be stronger for weak relationships than for strong ones. After all, you are less fussy about your choice of acquaintances than your choice of partner. In relationships with partners, Mollenhorst indeed found more similarity than in relationships with friends. Yet interestingly, the influence of the social context on similarity did not differ between partners, friends and acquaintances. This reveals how strongly opportunities to meet influence the social composition of personal networks. With his research Mollenhorst has confirmed that personal networks are not formed solely on the basis of personal choices. These choices are limited by opportunities to meet. Another strong indication for this came from the fact that people often choose friends from a context in which they have previously chosen a friend. Moreover, the extent to which our friends know each other strongly depends on the context in which people meet each other. Individualism Many sociologists assume that our society is becoming increasingly individualistic. For example, it is held that we strictly separate work, clubs and friends. Mollenhorst established, however, that public contexts such as work or the neighbourhood and private contexts frequently overlap each other. Furthermore, Mollenhorst's research reveals that networks are not shrinking, whereas American research reveals such a decline. Over a period of seven years the average size of personal networks was found to be strikingly stable. However, during the course of seven years we replace many members of our network with other people. Only thirty percent of the discussion partners and practical helpers still held the same position seven years later. Only 48 percent were still part of the network. Therefore value the friends you have. As long as you have them that is. Gerald Mollenhorst's research is part of the project "Where friends are made. Contexts, Contacts, Consequences," set up by Beate V?lker. She received a Vidi grant from NWO in 2001 and used this to set up her project. From rforno at infowarrior.org Sun Jun 14 22:53:59 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 14 Jun 2009 18:53:59 -0400 Subject: [Infowarrior] - REAL ID getting scaled back possibly Message-ID: <38AD153A-68BF-45C7-A592-FD323ADE54A6@infowarrior.org> Administration Plans to Scale Back Real ID Law By Spencer S. Hsu Washington Post Staff Writer Sunday, June 14, 2009 http://www.washingtonpost.com/wp-dyn/content/article/2009/06/13/AR2009061302036_pf.html Yielding to a rebellion by states that refused to pay for it, the Obama administration is moving to scale back a federal law passed after the Sept. 11 terrorist attacks that was designed to tighten security requirements for driver's licenses, Homeland Security Department and congressional officials said. Homeland Security Secretary Janet Napolitano wants to repeal and replace the controversial, $4 billion domestic security initiative known as Real ID, which calls for placing more secure licenses in the hands of 245 million Americans by 2017. The new proposal, called Pass ID, would be cheaper, less rigorous and partly funded by federal grants, according to draft legislation that Napolitano's Senate allies plan to introduce as early as tomorrow. The rebranding effort follows months of talks with the National Governors Association and poses political risk for Obama as well as Napolitano, a former NGA chairwoman who wants to soothe strained relations with the states without appearing to retreat on a recommendation by the 9/11 Commission. Commissioners called for federal standards for driver's licenses and birth certificates, noting, "For terrorists, travel documents are as important as weapons." Eighteen of 19 terrorist hijackers obtained state IDs, some of them fraudulently, easing their movements inside the country. But the Bush administration struggled to implement the 2005 law, delaying the program repeatedly as states called it an unfunded mandate and privacy advocates warned it would create a de facto national ID. As governor of Arizona, Napolitano called Real ID "feel-good" legislation not worth the cost, and she signed a state law last year opting out of the plan. As secretary, she said a substitute would "accomplish some of the same goals." Eleven states have refused to participate in Real ID despite a Dec. 31 federal deadline. "The department's goal is to fix, not repeal" Real ID, allowing all jurisdictions to comply by year's end, said a DHS official, who spoke on the condition of anonymity before a formal announcement. "If the law cannot be implemented, it is hard to claim that it increases security," said David Quam, lobbyist for the NGA. The new plan keeps elements of Real ID, such as requiring a digital photograph, signature and machine-readable features such as a bar code. States also will still need to verify applicants' identities and legal status by checking federal immigration, Social Security and State Department databases. But it eliminates demands for new databases -- linked through a national data hub -- that would allow all states to store and cross- check such information, and a requirement that motor vehicle departments verify birth certificates with originating agencies, a bid to fight identity theft. Instead, it adds stronger privacy controls and limits such development to a pilot program in Mississippi. DHS would have nine months to write new regulations, and states would have five years to reissue all licenses, with completion expected in 2016. Supporters saw a slimmer measure as better than nothing. But critics said the changes gut the law, weakening tools to fight fraud and learn whether bad drivers, drug runners or counterfeiters have licenses in more than one state. "Real ID, not a gutted version with a tough-sounding name, is necessary to continue to keep us safe," said Rep. Lamar Smith (Tex.), the ranking Republican member of the House Judiciary Committee. "Any attempt to repeal or weaken [Real ID] will harm national security." The new plan would still let people get licenses with fake documents, said Rep. F. James Sensenbrenner Jr. (R-Wis.), who authored the 2005 legislation. "We go right back to where we were on Sept. 10, 2001," he said, "Maybe governors should have been in the Capitol when we knew a plane was on its way to Washington wanting to kill a few thousand more people." Pass ID also penalizes states that have spent millions to digitize their records, rewards laggards with federal funds and makes new requirements unenforceable, foes said. For example, the new bill kills provisions that would have required the new IDs to board airplanes and that IDs that did not comply with the requirements feature a different color or design. Meanwhile, privacy groups also objected, saying Real ID should just be killed. "We don't want to end up with National ID Lite," said Chris Calabrese, counsel to the technology and liberty program at the American Civil Liberties Union. Jim Harper, director of information policy studies at the libertarian Cato Institute, said the plan is "a lot softer" but will still leave more Americans' personal data subject to theft and misuse. Sens. Daniel K. Akaka (D-Hawaii) and George V. Voinovich (R-Ohio), the bill's sponsors, are seeking support from Sens. Joseph I. Lieberman (I- Conn.) and Susan Collins (Maine), the chairman and ranking Republican, respectively, on the Senate homeland security committee, and other centrist lawmakers. So far, no other Republicans have signed on. From rforno at infowarrior.org Tue Jun 16 11:56:10 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 16 Jun 2009 07:56:10 -0400 Subject: [Infowarrior] - Social Networks Spread Iranian Defiance Online Message-ID: <48A01CAA-9DEC-4872-B2D6-90F092FD2905@infowarrior.org> une 16, 2009 Social Networks Spread Iranian Defiance Online By BRAD STONE and NOAM COHEN http://www.nytimes.com/2009/06/16/world/middleeast/16media.html?hp=&pagewanted=print As the embattled government of President Mahmoud Ahmadinejad appears to be trying to limit Internet access and communications in Iran, new kinds of social media are challenging those traditional levers of state media control and allowing Iranians to find novel ways around the restrictions. Iranians are blogging, posting to Facebook and, most visibly, coordinating their protests on Twitter, the messaging service. Their activity has increased, not decreased, since the presidential election on Friday and ensuing attempts by the government to restrict or censor their online communications. On Twitter, reports and links to photos from a peaceful mass march through Tehran on Monday, along with accounts of street fighting and casualties around the country, have become the most popular topic on the service worldwide, according to Twitter?s published statistics. A couple of Twitter feeds have become virtual media offices for the supporters of the leading opposition candidate, Mir Hussein Moussavi. One feed, mousavi1388 (1388 is the year in the Persian calendar), is filled with news of protests and exhortations to keep up the fight, in Persian and in English. It has more than 7,000 followers. Mr. Moussavi?s fan group on Facebook has swelled to over 50,000 members, a significant increase since election day. Labeling such seemingly spontaneous antigovernment demonstrations a ?Twitter Revolution? has already become something of a clich?. That title had been given to the protests in Moldova in April. But Twitter is aware of the power of its service. Acknowledging its role on the global stage, the San Francisco-based company said Monday that it was delaying a planned shutdown for maintenance for a day, citing ?the role Twitter is currently playing as an important communication tool in Iran.? Twitter users are posting messages, known as tweets, with the term #IranElection, which allows users to search for all tweets on the subject. On Monday evening, Twitter was registering about 30 new posts a minute with that tag. One read, ?We have no national press coverage in Iran, everyone should help spread Moussavi?s message. One Person = One Broadcaster. #IranElection.? The Twitter feed StopAhmadi calls itself the ?Dedicated Twitter account for Moussavi supporters? and has more than 6,000 followers. It links to a page on the photo-hosting site Flickr that includes dozens of pictures from the rally on Monday in Tehran. The feed Persiankiwi, which has more than 15,000 followers, sends users to a page in Persian that is hosted by Google and, in its only English text, says, ?Due to widespread filters in Iran, please view this site to receive the latest news, letters and communications from Mir Hussein Moussavi.? Some Twitter users were also going on the offensive. On Monday morning, an antigovernment activist using the Twitter account ?DDOSIran? asked supporters to visit a Web site to participate in an online attack to try to crash government Web sites by overwhelming them with traffic. By Monday afternoon, many of those sites were not accessible, though it was not clear if the attack was responsible ? and the Twitter account behind the attack had been removed. A Twitter spokeswoman said the company had no connection to the deletion of the account. The crackdown on communications began on election day, when text- messaging services were shut down in what opposition supporters said was an attempt to block one of their most important organizing tools. Over the weekend, cellphone transmissions and access to Facebook and some other Web sites were also blocked. Iranians continued to report on Monday that they could not send text messages. But it appears they are finding ways around Big Brother. Many Twitter users have been sharing ways to evade government snooping, such as programming their Web browsers to contact a proxy ? or an Internet server that relays their connection through another country. Austin Heap, a 25-year-old information technology consultant in San Francisco, is running his own private proxies to help Iranians, and is advertising them on Twitter. He said on Monday that his servers were providing the Internet connections for about 750 Iranians at any one moment. ?I think that cyber activism can be a way to empower people living under less than democratic governments around the world,? he said. Global Internet Freedom Consortium, an Internet proxy service with ties to the banned Chinese spiritual movement Falun Gong, offers downloadable software to help evade censorship. It said its traffic from Iran had tripled in the last week. Shiyu Zhou, founder of the organization, has no idea how links to the software spread within Iran. ?In China we have sent mass e-mails, but nothing like in Iran,? he said. ?The Iranian people actually found out by themselves and have passed this on by word of mouth.? Jonathan Zittrain, a professor at Harvard Law School who is an expert on the Internet, said that Twitter was particularly resilient to censorship because it had so many ways for its posts to originate ? from a phone, a Web browser or specialized applications ? and so many outlets for those posts to appear. As each new home for this material becomes a new target for censorship, he said, a repressive system faces a game of whack-a-mole in blocking Internet address after Internet address carrying the subversive material. ?It is easy for Twitter feeds to be echoed everywhere else in the world,? Mr. Zittrain said. ?The qualities that make Twitter seem inane and half-baked are what make it so powerful.? From rforno at infowarrior.org Tue Jun 16 11:58:11 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 16 Jun 2009 07:58:11 -0400 Subject: [Infowarrior] - DOD cybercommand focus on .mil Message-ID: <73344293-1AA5-4270-AB5E-E0B136D87B18@infowarrior.org> If true, does this not sound like the JTF-CND / JTF-CNO / JTF-GNO on steroids, albeit perhaps with a bit more offensive capability to it? --rf New DOD cyber command will focus on the dot-mil domain * By William Jackson, Doug Beizer * Jun 15, 2009 http://gcn.com/Articles/2009/06/15/Web-DOD-cyber-command.aspx?p=1 Defense Secretary Robert Gates has not yet made a final decision about establishing a new major command in charge of cyber defense, Deputy Defense Secretary William Lynn said today. A crowd of several hundred government, industry and academic officials gathered today at the Center for Strategic and International Studies in Washington hoping to hear an announcement about the new command, which will coordinate efforts across the services to defend the newly recognized cyber domain. However, Lynn said that ?as of today, Secretary [Robert] Gates has not made a decision on this. The secretary is evaluating proposals,? and the joint staff is still ironing out details of how the organization will work and what the chain of command will be. The command is a recognition that cyberspace is a new theater of operations, in addition to land, sea and air. It has been proposed as part of the administration?s reworking of the government?s cybersecurity initiatives. The organization and duties of the new cyber command have not been finalized, but Lynn was very clear today about what the command would not be. ?Such a command would not represent the militarization of cyberspace,? Lynn said. DOD will continue to focus on its .mil domain, while primary responsibility for the civilian .gov domain will remain with the Department of Homeland Security, he said. The private sector will be responsible for the rest of the country?s Internet infrastructure. He said DOD and the National Security Agency (NSA0 would be available to lend their expertise in cyber defense ?in a way that upholds and respects our civil liberties.? Lynn?s message was the same as that of NSA Director Lt. Gen. Keith Alexander at an industry gathering earlier this year, when he assured his audience that NSA had no desire to take over the non-national security portion of the country?s information infrastructure. Some observers have expressed skepticism that DOD and NSA, which not only have a great depth of expertise in cyber defense but are developing offensive capabilities, would take a back seat to DHS and industry in protecting the interconnected online world. Lynn said coordinating the efforts of the different sectors and overseeing their cooperation would be the job of the White House cyber coordinator, a position President Barack Obama announced last month. The president is in the process of selecting the person who will fill that position, and some observers expect an announcement by the end of this month. The cyber command will be a unified subcommand of the U.S. Strategic Command. As such it would not require legislation from Congress, but its commander would require Senate approval, Lynn said. He emphasized the importance of networking to today?s DOD. ?There is no exaggerating the military?s dependence on our networks,? he said. ?Our twenty-first century military simply cannot function without them.? The threat to those networks is not emerging, he said. ?It is here today. It is here now. Our defense networks are constantly under attack.? More than 100 foreign intelligence operations are trying to breach DOD networks, which are scanned millions of times a day. A number of countries are developing offensive capabilities, and terrorist and criminal organizations are also prying at the interfaces. In one of the most serious incidents, thousands of computers were compromised last year, and DOD banned the use of many removable memory devices in response. Lynn said no lives have been lost to cyberattacks to date, but the cost of defending networks is increasing. DOD spent $100 million in six months last year defending .mil networks. Due in part to that constant pressure, the military has some of the best defensive capabilities on its networks, and each service has its own operational organizations. ?The DOD will defend its networks,? Lynn said. ?It will protect this domain. [But] we need to do better.? DOD is not producing the trained professionals it needs to defend its networks. Only 80 information technology security specialists graduate each year from its military academies. The proposed fiscal 2010 budget includes funding that would more than triple that number to 250 per year, Lynn said. The military also must do a better job of overall training in cybersecurity and end the competition between commands for the limited manpower and resources now available in that field, Lynn said. The new cyber command will coordinate the military services? activities and establish the rules of engagement for responding to cyberattacks. Creating those rules is complicated by the fact that attacks in cyberspace can happen in a matter of milliseconds rather than days or even minutes, and responses must occur as close to real time as possible. The effort is further complicated by the difficulty in attributing the source and goal of attacks. Although scans, probes and breaches sometimes can be tracked to computers in other countries, Lynn said officials are not able to attribute those incidents to a particular government or party, or say whether the intent was military, political or criminal. Although the cyber command will restrict its activities to the .mil domain, Lynn stressed the need for better cooperation among the military, civilian agencies, the private sector and other countries. About the Authors William Jackson is a senior writer for GCN. Doug Beizer is a staff writer for Federal Computer Week. From rforno at infowarrior.org Tue Jun 16 12:09:13 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 16 Jun 2009 08:09:13 -0400 Subject: [Infowarrior] - Pirate Bay Launches VPN Service Message-ID: Threat Level Privacy, Crime and Security Online Pirate Bay Launches VPN Service * By David Kravets Email Author * June 15, 2009 | * 6:21 pm | http://www.wired.com/threatlevel/2009/06/ipredator/ The operators of The Pirate Bay launched a long-awaited VPN service Monday, promising to make file sharers and other internet users more anonymous online. The IPREDATOR Global Anonymity Service, at about $7 monthly, is named for Sweden?s IPRED law that went into force in April. That law empowers copyright owners to acquire data from ISPs identifying people linked to file sharing. The four operators of the Pirate Bay are staring down a year in prison each, and millions of dollars in fines, after being convicted in a Swedish court for facilitating copyright infringement. They run the world?s most notorious BitTorrent search engine. Their fines and imprisonment are pending appeal. On Monday, The Pirate Bay announced that 180,000 people have signed up for the service. Invitations to the first 3,000 who signed up in April went out Monday. ?There?s been some small issues but it?s being resolved right now,? the Bay announced Monday on its blog. ?Then we?ll invite more people in? We?re hoping that all will have their invite within a month?s period.? TorrentFreak notes that the IPREDATOR service, announced in April, likely would be more secure than rank-and-file virtual private networks, which encrypt a user?s traffic stream, making it theoretcially invulnerable to interception by a local ISP, or intermediate carriers. ?The weak link in any VPN/anonymity service is always their willingness (or otherwise) to hand over your customer data when pressured under the law. However, with IPREDATOR this should not be an issue since the service is promising to keep no logs of user activity whatsoever,? TorrentFreak said. Pirate Bay administrators Fredrik Neij, Gottfrid Svartholm Warg and Peter Sunde were found guilty in April, along with Carl Lundstr?m, who was accused of funding the five-year-old operation. In addition to jail time, the defendants were ordered to pay damages of 30 million kronor ($3.6 million) to a handful of entertainment companies, including Sony Music Entertainment, Warner Bros, EMI and Columbia Pictures, for the infringement of 33 specific movie and music properties tracked by industry investigators. The April verdicts are on appeal amid allegations the judge who presided over the case was biased because he was a member of pro- copyright groups. From rforno at infowarrior.org Tue Jun 16 12:24:23 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 16 Jun 2009 08:24:23 -0400 Subject: [Infowarrior] - Responsible Twitter? Message-ID: Interesting - private company delaying a major outage because of world events. You don't see that very often in the tech / IT world! Even if they have some (unspoken) flexibility in schedule, it still is a positive PR coup for the company, I think. -rick Down Time Rescheduled A critical network upgrade must be performed to ensure continued operation of Twitter. In coordination with Twitter, our network host had planned this upgrade for tonight. However, our network partners at NTT America recognize the role Twitter is currently playing as an important communication tool in Iran. Tonight's planned maintenance has been rescheduled to tomorrow between 2-3p PST (1:30a in Iran). Our partners are taking a huge risk not just for Twitter but also the other services they support worldwide?we commend them for being flexible in what is essentially an inflexible situation. We chose NTT America Enterprise Hosting Services early last year specifically because of their impeccable history of reliability and global perspective. Today's decision and actions continue to prove why NTT America is such a powerful partner for Twitter. http://blog.twitter.com/2009/06/down-time-rescheduled.html From rforno at infowarrior.org Wed Jun 17 13:04:05 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 17 Jun 2009 09:04:05 -0400 Subject: [Infowarrior] - E-Mail Surveillance Renews Concerns in Congress Message-ID: June 17, 2009 E-Mail Surveillance Renews Concerns in Congress By JAMES RISEN and ERIC LICHTBLAU http://www.nytimes.com/2009/06/17/us/17nsa.html?_r=2&hp=&pagewanted=print WASHINGTON ? The National Security Agency is facing renewed scrutiny over the extent of its domestic surveillance program, with critics in Congress saying its recent intercepts of the private telephone calls and e-mail messages of Americans are broader than previously acknowledged, current and former officials said. The agency?s monitoring of domestic e-mail messages, in particular, has posed longstanding legal and logistical difficulties, the officials said. Since April, when it was disclosed that the intercepts of some private communications of Americans went beyond legal limits in late 2008 and early 2009, several Congressional committees have been investigating. Those inquiries have led to concerns in Congress about the agency?s ability to collect and read domestic e-mail messages of Americans on a widespread basis, officials said. Supporting that conclusion is the account of a former N.S.A. analyst who, in a series of interviews, described being trained in 2005 for a program in which the agency routinely examined large volumes of Americans? e-mail messages without court warrants. Two intelligence officials confirmed that the program was still in operation. Both the former analyst?s account and the rising concern among some members of Congress about the N.S.A.?s recent operation are raising fresh questions about the spy agency. Representative Rush Holt, Democrat of New Jersey and chairman of the House Select Intelligence Oversight Panel, has been investigating the incidents and said he had become increasingly troubled by the agency?s handling of domestic communications. In an interview, Mr. Holt disputed assertions by Justice Department and national security officials that the overcollection was inadvertent. ?Some actions are so flagrant that they can?t be accidental,? Mr. Holt said. Other Congressional officials raised similar concerns but would not agree to be quoted for the record. Mr. Holt added that few lawmakers could challenge the agency?s statements because so few understood the technical complexities of its surveillance operations. ?The people making the policy,? he said, ?don?t understand the technicalities.? The inquiries and analyst?s account underscore how e-mail messages, more so than telephone calls, have proved to be a particularly vexing problem for the agency because of technological difficulties in distinguishing between e-mail messages by foreigners and by Americans. A new law enacted by Congress last year gave the N.S.A. greater legal leeway to collect the private communications of Americans so long as it was done only as the incidental byproduct of investigating individuals ?reasonably believed? to be overseas. But after closed-door hearings by three Congressional panels, some lawmakers are asking what the tolerable limits are for such incidental collection and whether the privacy of Americans is being adequately protected. ?For the Hill, the issue is a sense of scale, about how much domestic e-mail collection is acceptable,? a former intelligence official said, speaking on condition of anonymity because N.S.A. operations are classified. ?It?s a question of how many mistakes they can allow.? While the extent of Congressional concerns about the N.S.A. has not been shared publicly, such concerns are among national security issues that the Obama administration has inherited from the Bush administration, including the use of brutal interrogation tactics, the fate of the prison at Guant?namo Bay, Cuba, and whether to block the release of photographs and documents that show abuse of detainees. In each case, the administration has had to navigate the politics of continuing an aggressive intelligence operation while placating supporters who want an end to what they see as flagrant abuses of the Bush era. The N.S.A. declined to comment for this article. Wendy Morigi, a spokeswoman for Dennis C. Blair, the national intelligence director, said that because of the complex nature of surveillance and the need to adhere to the rules of the Foreign Intelligence Surveillance Court, the secret panel that oversees surveillance operation, and ?other relevant laws and procedures, technical or inadvertent errors can occur.? ?When such errors are identified,? Ms. Morigi said, ?they are reported to the appropriate officials, and corrective measures are taken.? In April, the Obama administration said it had taken comprehensive steps to bring the security agency into compliance with the law after a periodic review turned up problems with ?overcollection? of domestic communications. The Justice Department also said it had installed new safeguards. Under the surveillance program, before the N.S.A. can target and monitor the e-mail messages or telephone calls of Americans suspected of having links to international terrorism, it must get permission from the Foreign Intelligence Surveillance Court. Supporters of the agency say that in using computers to sweep up millions of electronic messages, it is unavoidable that some innocent discussions of Americans will be examined. Intelligence operators are supposed to filter those out, but critics say the agency is not rigorous enough in doing so. The N.S.A. is believed to have gone beyond legal boundaries designed to protect Americans in about 8 to 10 separate court orders issued by the Foreign Intelligence Surveillance Court, according to three intelligence officials who spoke anonymously because disclosing such information is illegal. Because each court order could single out hundreds or even thousands of phone numbers or e-mail addresses, the number of individual communications that were improperly collected could number in the millions, officials said. (It is not clear what portion of total court orders or communications that would represent.) ?Say you get an order to monitor a block of 1,000 e-mail addresses at a big corporation, and instead of just monitoring those, the N.S.A. also monitors another block of 1,000 e-mail addresses at that corporation,? one senior intelligence official said. ?That is the kind of problem they had.? Overcollection on that scale could lead to a significant number of privacy invasions of American citizens, officials acknowledge, setting off the concerns among lawmakers and on the secret FISA court. ?The court was not happy? when it learned of the overcollection, said an administration official involved in the matter. Defenders of the agency say it faces daunting obstacles in trying to avoid the improper gathering or reading of Americans? e-mail as part of counterterrorism efforts aimed at foreigners. Several former intelligence officials said that e-mail traffic from all over the world often flows through Internet service providers based in the United States. And when the N.S.A. monitors a foreign e- mail address, it has no idea when the person using that address will send messages to someone inside the United States, the officials said. The difficulty of distinguishing between e-mail messages involving foreigners from those involving Americans was ?one of the main things that drove? the Bush administration to push for a more flexible law in 2008, said Kenneth L. Wainstein, the homeland security adviser under President George W. Bush. That measure, which also resolved the long controversy over N.S.A.?s program of wiretapping without warrants by offering immunity to telecommunications companies, tacitly acknowledged that some amount of Americans? e-mail would inevitably be captured by the N.S.A. But even before that, the agency appears to have tolerated significant collection and examination of domestic e-mail messages without warrants, according to the former analyst, who spoke only on condition of anonymity. He said he and other analysts were trained to use a secret database, code-named Pinwale, in 2005 that archived foreign and domestic e-mail messages. He said Pinwale allowed N.S.A. analysts to read large volumes of e-mail messages to and from Americans as long as they fell within certain limits ? no more than 30 percent of any database search, he recalled being told ? and Americans were not explicitly singled out in the searches. The former analyst added that his instructors had warned against committing any abuses, telling his class that another analyst had been investigated because he had improperly accessed the personal e-mail of former President Bill Clinton. Other intelligence officials confirmed the existence of the Pinwale e- mail database, but declined to provide further details. The recent concerns about N.S.A.?s domestic e-mail collection follow years of unresolved legal and operational concerns within the government over the issue. Current and former officials now say that the tracing of vast amounts of American e-mail traffic was at the heart of a crisis in 2004 at the hospital bedside of John Ashcroft, then the attorney general, as top Justice Department aides staged a near revolt over what they viewed as possibly illegal aspects of the N.S.A.?s surveillance operations. James Comey, then the deputy attorney general, and his aides were concerned about the collection of ?meta-data? of American e-mail messages, which show broad patterns of e-mail traffic by identifying who is e-mailing whom, current and former officials say. Lawyers at the Justice Department believed that the tracing of e-mail messages appeared to violate federal law. ?The controversy was mostly about that issue,? said a former administration official involved in the dispute. From rforno at infowarrior.org Wed Jun 17 13:24:14 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 17 Jun 2009 09:24:14 -0400 Subject: [Infowarrior] - Secret war on web crooks revealed Message-ID: <4C57F1A9-54F3-48D7-A05A-E2C35405DDBC@infowarrior.org> http://www.ft.com/cms/s/0/0457bd68-5945-11de-80b3-00144feabdc0.html?nclick_check=1 Secret war on web crooks revealed By Maija Palmer Published: June 15 2009 03:00 | Last updated: June 15 2009 03:00 The people who run the world's internet systems are a rather secretive bunch. Three times a year, senior technical officers from companies such as Google, Yahoo, AT&T, Comcast and Verizon meet to discuss ways of stopping the internet from being swamped by rising levels of spam, viruses and hacking attacks by organised criminals. They do not generally like discussing these meetings. "Some people might get nervous if they knew all the things we talked about," said Michael O'Rierdan, chairman of the Messaging Anti-Abuse Working Group (MAAWG). "Its our job to make the internet safe, but we don't want to put people off using the web." They are also worried about being targeted by the cyber-criminals they are trying to thwart. Most of the spam and hacking on the internet is run by organised crime rings. There is an underground economy that hacks into computers, sells stolen identities and orchestrates the sending of spam e-mails about everything from fake Viagra pills to banking scams. There is a lot of money at stake in keeping these operations running. "We get threats every day," said Larry, chief technical officer of Spamhaus, a non-profit organisation that exposes spammers. He prefers not to reveal his surname. "In the US it is people bringing lawsuits against us. And then there are organised criminals in Russia and Ukraine, who use different methods." Steve Linford, the organisation's founder, has been advised by police not to open unexpected packages arriving at his home. MAAWG meetings are also places to discuss some of the controversial measures that internet companies need to take in the fight against spam, such as blocking some types of e-mail traffic. This measure sits awkwardly with civil liberties bodies. The 270 delegates from 19 countries who met at Amsterdam's venerable Hotel Krasnapolsky last week were far from the usual, suit-wearing conference crowd. An eclectic mix of tattoos, ponytails, high-waisted trousers and backpacks indicated that these were true operations people who work in the bowels of the network. Membership is strictly vetted and journalists are not normally invited to attend, but MAAWG has started to lift its veil a little. There is a growing feeling that the industry must reach out to consumers and get them to help fight cyber-crime. In 2008, 349.6bn spam messages were sent across the internet, according to Symantec, the internet security company. Spam accounts for an average of almost 94 per cent of all e-mail messages. Nearly 90 per cent of spam is sent from computers that have been hacked into and are being remotely programmed to send out spam. More than 9.4m computers have been hijacked in this way and their owners are usually entirely unaware it is going on. It will be impossible to clean up these machines without talking to consumers. "Sometimes we want people to know what we are doing, so they can yell at the politicians to give us more help," said Jerry Upton, executive director of MAAWG. There is a rising sense of crisis among internet companies about the cost of spam. Few are willing to quantify how much they have to spend to fight spam, but Mr O'Rierdan estimated that big internet service providers employ five to 10 staff just to look at spam. In addition they must buy spare servers, routers and other equipment to cope with the volumes of junk mail, buy spam-filtering software and run support centres for their customers. Viriya Upatising, chief technical officer of True Internet, a Thai internet service provider, said junk mail was a crippling cost for the company because it was paying to send the unwanted data across undersea cable connections to destinations such as the US and Europe. "The cost of bandwidth is expensive in Asia," Mr Upatising said. "It costs us $250 per megabit per month to send data internationally." The company put in place a draconian system that prevents suspected spammers from using its network. The measures have cut unwanted messages from 3.5m a day to a more manageable 250,000. "We are all sharing these costs," said Patrick Peterson, chief technology officer at Ironport Systems, Cisco's e-mail security arm. "Spam is a stealth tax on consumers. ISPs have to pay for the spam, for the extra bandwidth, for equipment, and they are forced to put up their prices for consumers." There is a fear among internet security professionals that they might be losing the battle to cyber-criminals. This may also be why they now want the public to know more about what they do, to show they have at least tried. "I don't know if we can control it," said Dave Crocker, one of the early pioneers of e-mail and now a senior technical adviser to MAAWG. He added: "It is an arms race. We are getting better at filtering out rogue messages but every day the criminals get better too, and they are better organised and more aggressive." Keywords: the dark side of the web * Spam: Unsolicited electronic messages, most commonly e-mail, but also increasingly common in instant messaging, blogs and mobile phone messages. The first e-mail spam is believed to have been sent in 1978. * Malware: Malicious software designed to infiltrate or damage a computer system without the owners' consent. Symantec, the internet security company, has estimated there is now more malware released each year than legitimate software programs. There are many different types of malware, including viruses, worms and Trojan horses. * Phishing : The fraudulent attempt to acquire sensitive information such as passwords, bank account details and credit card numbers. Typically it is in the form of an e-mail that directs people to a fake website - that looks like the legitimate site of a bank or other trusted organisation - where people are asked to enter personal details. * Botnets: A network of computers that have been hacked and are being remotely controlled by cyber-criminals. Typically they are used to send out spam messages or viruses in large numbers. Most users will be unaware if their computer has been infiltrated and added to a botnet. Symantec estimated there were more than 9.4m machines hijacked in this way in 2008. Copyright The Financial Times Limited 2009 From rforno at infowarrior.org Wed Jun 17 15:12:39 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 17 Jun 2009 11:12:39 -0400 Subject: [Infowarrior] - GPS Satellite Glitches Fuel Concern on Next Generation Message-ID: GPS Satellite Glitches Fuel Concern on Next Generation By ANDY PASZTOR http://online.wsj.com/article/SB124520702464422059.html Technical problems are degrading the accuracy of signals from the last GPS satellite launched by the Pentagon, sparking concerns among U.S. military and aerospace industry officials that the next generation of the widely used satellites could face similar troubles. The Air Force's Southern California space acquisition center on Tuesday announced that a Global Positioning System satellite, manufactured by Lockheed Martin Corp. and launched in March, is experiencing performance problems in orbit. It hasn't become part of the "operational constellation" of more than two dozen other GPS satellites, and is slated to undergo a battery of tests expected to stretch through October to try to resolve the problems, according to an Air Force news release. The GPS system, which serves both military and civilian users, provides precise time and location coordinates for everything from military missile launches and "smart" bombs to automated bank-teller machines to aircraft, ships and everyday vehicles. The Lockheed satellite is the first to include a new civilian frequency -- dubbed L5 -- designed for, among other things, use by future nationwide air- traffic control systems. But that signal, part of test package, apparently is interfering with other signals from the satellite and reducing their accuracy, according to industry and Air Force officials. The degraded signals are accurate only to about 20 feet, versus about two feet for typical GPS signals, industry officials said. The issue is significant, according to these officials, because it could complicate deployment of a new family of Boeing Co. GPS satellites currently being built that also feature the L5 signal. Already years behind schedule and hundreds of millions of dollars over budget, the 12 satellites, which are scheduled to replace satellites currently in orbit, could face further testing and delays to ensure that they are free of interference problems. The Boeing satellites have a history of quality-control and manufacturing problems unrelated to the latest concerns. While the Air Force said it has "high confidence there is no related concern" with other Lockheed satellites in orbit or waiting for launch, Air Force brass have begun examining whether Boeing versions of GPS satellites require additional tests and analysis to eliminate concerns, according to industry officials familiar with the details. A spokeswoman for Boeing declined to comment. A Lockheed Martin spokesman said the company is working with the Air Force "to fully evaluate the issue and to ensure the satellite meets GPS requirements." In its release, the Air Force said the routine in-orbit checkout of the suspect Lockheed satellite revealed that some signals "were inconsistent" with comparable GPS satellites. The Air Force also said upcoming tests will include simulations and "testing of real-life GPS receiver equipment to the greatest extent possible" to prevent "inadvertent impacts to GPS users." The first of Boeing's GPS IIF satellites, incorporating the new civilian signal, is slated to launch late this year or early 2010, delayed from the summer. In May 2008, Lockheed bested Boeing to win a contract worth at least $1.8 billion to build the most-advanced navigation satellites yet, dubbed GPS III, scheduled to go into operation around the middle of the next decade. Concerns over signal quality come barely weeks after a Congressionally- ordered study raised a red flag about potential erosion of GPS accuracy in the next few years due to launch delays and other challenges. If certain launches get delayed up to two years, the General Accountability Office report predicted, the Pentagon could have trouble maintaining the desired fleet of 24 fully-functional GPS satellites in operation. The Pentagon responded by minimizing the potential risk, arguing that significant spare capacity remains on orbit and on the ground to handle unexpected problems. Gen. Robert Kehler, head of Air Force Space Command, said in an interview earlier this month that the GAO conclusions were overly pessimistic partly because they failed to take into account strategies the Air Force could use to extend the life of existing satellites. For example, Gen Kehler said, managing power output could give solar arrays longer life. Despite some continuing quality-control issues with Boeing's IIF versions, Gen. Kehler said, "we're not going to have an issue" maintaining the current robust constellation. Write to Andy Pasztor at andy.pasztor at wsj.com From rforno at infowarrior.org Thu Jun 18 15:11:19 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 18 Jun 2009 11:11:19 -0400 Subject: [Infowarrior] - Comment: CCV2 lunacy Message-ID: <9994FA16-2EED-4152-8A7C-A0C7E227A914@infowarrior.org> Thought I'd raise an old question based on something I just read when checking out at online merchant: "CVV2 is a authentication technique established by credit card companies to reduce credit card fraud. The CVV2 numbers are an additional set of numbers which are printed on the card. These numbers are not recorded when your card is manually imprinted or run through a magnetic reader. This makes them much harder to steal than the rest of the credit number." Okay. Therefore, the question remains: if the use of the CCV2 is is to prevent CC fraud at retail points of sale in stores/restaurants when the card is physically presented, doesnt asking for the CVV2 number when presenting it virtually over the Internet only shift the target of opportunity (point of vulnerability) to the web merchants who ask and collect all that information? Isn't this just more security kibuki? ...and yet we continue to play along with this practice. Moo. -rf From rforno at infowarrior.org Fri Jun 19 00:24:16 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 18 Jun 2009 20:24:16 -0400 Subject: [Infowarrior] - Court orders Jammie Thomas to pay RIAA $1.92 million Message-ID: Court orders Jammie Thomas to pay RIAA $1.92 million by Greg Sandoval http://news.cnet.com/8301-1023_3-10268199-93.html?tag=newsLeadStoriesArea.1 Jammie Thomas-Rasset was found guilty of willful copyright infringement on Thursday in a Minneapolis federal court and must pay the recording industry $1.92 million. In a surprise decision, the jury imposed damages against Thomas- Rasset, who was originally accused to sharing more than 1,700 songs, at a whopping $80,000 for each of the 24 songs she was ultimately found guilty of illegally sharing.. In 2007, the Recording Industry Association of America claimed in a lawsuit that Thomas-Rasset pilfered 1,700 songs. The RIAA eventually culled that number down to a representative sample of 24. Thomas-Rasset lost a previous trial in October 2007 when a jury rendered a $222,000 verdict against the Minnesota native. U.S. District Judge Michael David threw out the decision after acknowledging he erred when giving his jury instructions. According to Ars Technica reporter Nate Anderson, Thomas-Rasset gasped when the dollar amount was read in court. For the four largest recording companies, the jury's decision is an affirmation of the legality of the industry's copyright claims. "We appreciate the jury's service and that they take this issue as seriously as we do," said Cara Duckworth, an RIAA spokeswoman. "We are pleased that the jury agreed with the evidence and found the defendant liable. Since day 1, we have been willing to settle the case and remain willing to do so." According to Ben Sheffner, a copyright advocate and former attorney for 20th Century Fox who attended the entire hearing, one of Thomas' attorneys is willing to discuss a settlement with the music industry. Greg Sandoval covers media and digital entertainment for CNET News. He is a former reporter for The Washington Post and the Los Angeles Times. E-mail Greg, or follow him on Twitter at http://twitter.com/sandoCNET . From rforno at infowarrior.org Fri Jun 19 00:25:00 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 18 Jun 2009 20:25:00 -0400 Subject: [Infowarrior] - DMCA endangering American security Message-ID: The DMCA is endangering American security Lockdown with Angela Gunn Why government cybersecurity's a joke as long as security research is hamstrung. By Angela Gunn | Published June 11, 2009, 6:41 PM http://www.betanews.com/article/The-DMCA-is-endangering-American-security/1244758683 I've had the the government's 60-day Cyberspace Policy Review sitting on my desk for many days now, dutifully highlighted and marked up with notes about how this bit could turn out interesting and that section looks a lot like what we've previous heard from DC about cybersecurity and that passage over there appears to have been lifted from the questionable financial-loss statistics one hears from the RIAA and BSA and MPAA and such. And I see one gigantic self-inflicted wound that I fear the current administration will ignore like the last two have -- ignored it since 1998, in fact. Lockdown with Angela GunnThe cybersecurity review says we need to improve academic and industry collaboration on cybersecurity and other technology issues. It also states we should "expand university curricula; and set the conditions to create a competent workforce for the digital age." What the cybersecurity review should have said is, "We are raising a nation of timid technophobes who mistake using MyTwitFace for being a geek. Meanwhile, we have comprehensively, at every educational level, stripped away useful teaching tools and criminalized modes of research and inquiry in the name of copyright and liability laws, and sooner rather than later we are going to reap the whirlwind." Or, putting it simply: We made ourselves stupid and now we must pay. Since the rise of the Information Age, America has convinced itself that safety is a better choice than knowledge, and that anyone who doesn't make safety a priority over knowledge is Dangerous And Up To No Good. The 1998 Digital Millennium Copyright Act, which is entering its twelfth year of chilling security research, acts in direct opposition to the government's alleged goal of improving American cybersecurity by criminalizing the research and inquiry that make security products, and thus security, stronger. And not only have we attained this vulnerable position step by step, special-interest groups such as liability lawyers and the entertainment industry -- not to mention the computer industry itself -- have paved the path for us, making us easily fleeced, easily frightened, and easily led. We'll start with the little ones. I'm willing to bet that you, as a young geek, had a certain amount of curiosity about science. Did you own a chemistry set? Do you remember some of the chemicals that shipped in it, some of the reactions you could test? Enjoy your memories of, as Oliver Sacks put it in Uncle Tungsten, "stinks and bangs." As Steve Silberman has written about so effectively in Wired, legislators and law enforcement now send a loud-and-clear message that science is something best left to the professionals. As geekish youth will discover over and over, the claim that "someone could get hurt!" is the way that people who are unnerved by smart people make sure that no one actually gets smart. Head for the schools -- the elementary schools, even. The entertainment industry hasn't been as successful as it would like in eliminating fair use for educational purposes. But it has managed to get its point of view into the classroom starting in third grade with Music Rules, which "informs students about the laws of copyright and the risks of online file-sharing." Parents are cautioned against the dangers of "songlifting" (the RIAA's preferred new term for downloading and/or ripping) and the program handouts conflate music downloading with exposure to online predators. The "someone could get hurt" motif continues, with the introduction of the "and you'll be a criminal if you try it" theme. Speaking of online predators, move to the higher grades. We don't really like teenagers in America if they're not Miley Cyrus or the Jonas Brothers (so clean-cut, such radio-friendly unit shifters!), so despite multiple studies indicating that most teens know enough to ignore online weirdos and most teens are smart enough not to go a- sexting and most teens can deal with "cyberbullying," social networking and mobile phones are as reliably panic-inducing in the mainstream media as rock-and-roll and long hair were back in the day. Again, "someone could get hurt" (especially teenaged girls, whose interest in tech when they could be interested in makeup and clothes is already unseemly and suspicious); but teenagers being generally scary, we're equally convinced that they're out to get each other. Meanwhile, we're at the age when the hacker gene expresses. Criminalizing young men (and women) who hack is old fare, documented as far back as Cap'n Crunch and Joe Engressia and a couple of Steves (Jobs and Wozniak), and where social pressures didn't push status- conscious kids away from exploring computers, legal pressures often did. Ask anyone who attended 2600 meetups back in the day -- even those meetups destined for nothing more subversive than a really bad movie -- what percentage of "attendees" were cops hoping to get lucky. Onward to the world -- to college and adult lives. Those who still have the geek fever by now -- and US university enrollment rates in science and computer science curricula tell us it's not very many these days -- may hope to connect with worthwhile research projects and really dig into what makes systems tick. And here's where the DMCA works its wonders for security researchers (and I mean real security researchers, not hopeful political appointees putting together a 60- day job application) by chilling research and collaboration. Ask Ed Felten about his research on flaws in e-voting machines. Ask Seth Finkelstein about his research on censorware. Ask J. Alex Haldeman about the Sony-BMG rootkit. For that matter, ask the researchers who'd previously requested an exemption to the DMCA to examine that rootkit, a request denied by the Copyright Office. (I find, by the way, no evidence in the Cybersecurity Policy Review that Melissa Hathaway or any of her minions spoke to the Copyright Office to ask who the hell they think they are to make security decisions. I wish somebody would.) Ask Dmitry Sklyarov about that five-month detention, and getting arrested at DEFCON. Ask Luigi Auriemma about informing GameSpy of vulnerabilities and getting no answer but a DMCA cease-and-desist. (Apparently GameSpy's lawyers were as excellent as their coders, since Mr. Auriemma lives in Italy and had no intention of coming to the US to be prosecuted, but oh well.) Ask Eric Corley about simply attempting to publish the DeCSS software code -- in a printed magazine -- in 2600. Ask former cybersecurity chief Richard Clarke how much traction he got after he told a Boston newspaper that the DMCA needed rethinking, because "I think a lot of people didn't realize that it would have this potential chilling effect on vulnerability research." (Hint: He was out of government in 2003.) Want to dig into a software program the way we used to dig into a car engine or an unexplored continent? For shame; you're obviously attempting to steal something. In the wake of 9/11 copyright holders and the law-enforcement folk who do their work have managed to turn the "steal something" gripe into "ZOMG TERRORISTS!," but otherwise, we're in the second decade of intellectual curiosity being a pre-crime condition. Meanwhile... need I say more than "China" and "India?" The new administration doesn't need to plead for better cybersecurity education for the masses; in fact, considering what's passing for "education" on that front these days I'd prefer that education stuck with the basics -- reading, writing, arithmetic, and blowing stuff up with chemistry sets that actually teach something besides "lawyers want to ruin your fun." It needs to put muscle behind the idea of "expanding academic curricula," re-establishing the importance of the freedom to conduct research and to communicate the results without fear of hearing from lawyers for a company that simply doesn't want anyone to know they're shipping vulnerable products. The DMCA is deeply dishonest legislation, and -- as it continues to undermine security research -- deeply dangerous to our future. From rforno at infowarrior.org Fri Jun 19 00:42:03 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 18 Jun 2009 20:42:03 -0400 Subject: [Infowarrior] - Rare political video comment Message-ID: <38598186-06BD-473C-ABCF-05976C393FEB@infowarrior.org> Senate Environment and Public Works Committee chairwoman Sen. Barbara Boxer (D-CA) shows a level of pettiness that defies belief in her discussion with Army Corps of Engineers division leader, Brigadier General Michael Walsh. What does she complain about? "Could you say 'senator' instead of 'ma'am? It's just a thing. I worked so hard to get that title. I'd appreciate it." Talk about being petty. I don't care who you are in Congress or the civilian government --- unless you've served in uniform before entering politics, whatever you've done to get where you are in POLITICS should never be placed in front of someone who's taken an oath to defend this country and possibly die as a result. I've yet to see ANY Congresscritter (House or Senate), man or woman, complain when a military officer calls them "sir" or "ma'am" in their testimony - it's part of who they are as members of our Armed Forces. Infantry or Engineer, Comms or Supply, Pilot or Sub-driver, it makes no difference. They still offer the appropriate deference and respect to you based on their military traditions -- and you should be thankful they do. For shame, "Misses" Boxer. How petty can you be? Video clip: http://www.youtube.com/watch?v=WrpFSfpXD50 From rforno at infowarrior.org Fri Jun 19 14:44:58 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 19 Jun 2009 10:44:58 -0400 Subject: [Infowarrior] - City to job applicants: Facebook, MySpace log-ins please Message-ID: <8FDCBE2A-6755-412D-87C6-8601157FADA7@infowarrior.org> Ummm. Yeah.....okay, sure, I'll give you my PASSWORDS so you can check up on me before hiring me. Good luck with that. Definately clueless folks in their HR department! ---rf City to job applicants: Facebook, MySpace log-ins please http://arstechnica.com/web/news/2009/06/city-to-job-applicants-facebook-myspace-log-ins-please.ars The city government in Bozeman, Montana, isn't content to cyberstalk its potential employees?they're now asking applicants for their login information for any social networking sites. By John Timmer | Last updated June 18, 2009 9:25 PM CT One of the things people tend to forget when posting pictures and personal information online is that a lot of it is only a short Internet search away from their current or potential employers (not to mention their parents). It has now become standard procedure for many employers to sit down with Google and cyberstalk potential employees, while the more savvy hunt down Facebook profiles and Twitter feeds. The city of Bozeman Montana, however, has decided that all of that is too much work?it's now requesting that potential employees hand over the login credentials for any social networking sites they frequent. Background checks are standard procedure for many jobs, as it allows employers to identify problematic legal histories and things of that nature. Bozeman is no exception, as it uses a waiver form to obtain an applicant's consent to use their Social Security and driver's license numbers to dig into their past. But the form is notable in that about a third of area that needs to be filled out by an applicant is devoted to website information. "Please list any and all, current personal or business websites, web pages or memberships on any Internet-based chat rooms, social clubs or forums, to include, but not limited to: Facebook, Google, Yahoo, YouTube.com, MySpace, etc." the form reads. But Bozeman isn't simply interested in finding out where to look for potentially embarrassing personal details; the city wants full disclosure, since the form demands username and password information for each. City employees will apparently be able to dig through any information applicants have put online, regardless of whether it's accessible to the public. This is especially ironic given that Bozeman's website has an extensive privacy policy that indicates a significant familiarity with some of the major issues that have cropped up regarding the retention and security of information entrusted to websites. This actually goes well beyond a startling invasion of privacy in a state that has a reputation for a strong independent streak; it provides a serious risk of running afoul of employment law. Employers are typically prohibited from digging into an applicant's ethnic or religious background. An Internet search already runs the risk of picking up photos or text that can reveal these sorts of details; opening a person's social networking accounts would seem to make the discovery of these details almost inevitable. A local news station spoke to Bozeman's attorney and asked about the potential for problems of this sort. The city's answer? Trust us! "One thing that's important for folks to understand about what we look for is none of the things that the federal constitution lists as protected things, we don't use those," said attorney Greg Sullivan. The interviewer was wise enough to point out that there were far less invasive ways of obtaining access to some of this information, such as having Bozeman open its own Facebook account, at which point Sullivan apparently said that might be worth looking into. It's probably safer to ascribe this sort of behavior to cluelessness rather than malice. But the cluelessness is apparently a two-way street, as Sullivan indicated that nobody has objected to the city's request for login credentials. From rforno at infowarrior.org Sat Jun 20 14:39:31 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 20 Jun 2009 10:39:31 -0400 Subject: [Infowarrior] - Bozeman drops password requirement Message-ID: <7229D3DB-3E94-495E-B09E-5FE8A0EA67EC@infowarrior.org> Bozeman drops password requirement Posted: June 18, 2009 05:18 PM Updated: June 19, 2009 07:27 PM http://montanasnewsstation.com/global/story.asp?s=10558291&ClientType=Printable A change in Bozmean's city hiring policy -- two days and one worldwide reaction after we broke the story, Bozeman will no longer ask applicants for social networking user names and passwords. "Effective at noon today the city of Bozeman permanently ceased the practice of requesting that candidates selected for positions under a provisional job offer to provide their usernames or passwords for candidates internet sites," said Chris Kukulske, Bozeman City Manager. Kukulski says after a 90 minute staff meeting held earlier today, officials decided asking applicants to provide their passwords to sites such as Facebook or MySpace, "exceeded that which is acceptable to our community." Kukulski apologized for the negative impact the issue has generated from news organizations and blogs around the world. He says this information was never required at the time of application. "This was a question that was asked after you were conditionally offered the job." He says the city also is suspending the practice of viewing any password protected information. The city will continue using the internet as part of background checks to judge the character of applicants, and although the city will stop asking for passwords Kukulski says the passwords already given by previous applicants will remain the confidential property of the city. UPDATE: As of 12:00 p.m. on Friday, the City of Bozeman discontinued the practice of requiring potential job candidates to supply user names and passwords for any social networking site to which they subscribe to, such as like MySpace or Facebook. We'll have more on this developing story during the 5:30 News on Montana's News Station. City of Bozeman Press Release For Immediate Release: The City of Bozeman believes we have a responsibility to ensure candidates hired for positions of public trust are subject to a thorough background check. The extent of our request for a candidate's password, user name, or other internet information appears to have exceeded that which is acceptable to our community. We appreciate the concern many citizens have expressed regarding this practice and apologize for the negative impact this issue is having on the City of Bozeman. Effective at 12:00 p.m. today, Friday June 19, 2009, the City of Bozeman permanently ceased the practice of requesting candidates selected for City positions under a provisional job offer to provide user names and passwords for the candidate's internet sites. In addition, until further notice, the City will suspend its practice of reviewing candidate's password protected internet information until the City conducts a more comprehensive evaluation of the practice. Since the initial media inquiries, the City of Bozeman has been reviewing the practice of requesting user names and passwords to access a candidate's internet sites. Today's decision to terminate the use of passwords and usernames in this process reflects the City's commitment to reconsider this practice. In addition, today's decision to suspend the practice of inquiring into a candidate's password protected internet sites demonstrates a continued commitment to ensure the City's hiring practices comply with state and federal law and protect the safety of Bozeman residents. Chris A. Kukulski City Manager Bozeman city officials held a 90 minute, closed door, meeting with city staff on Friday morning to discuss the controversy that's erupted over a policy that asks city job applicants to supply user names and passwords for any social networking site to which they subscribe to, such as like MySpace or Facebook. Information about what was talked about during the morning meeting was not released to the press, however the city has slated a 3:00 p.m. news conference, which will be held in the Bozeman City Commission Room. We spoke with the Montana Attorney General's Office on Friday morning to get their take on the issue and a spokesman told us that they can not offer information or statements on the issue unless they are contacted by Bozeman city officials. The spokesman added that so far that officials have not yet contacted their office. We'll have more on this developing story during the 5:30 News on Montana's News Station. (from June 18, 2009) One a minute - that's the rate at which emails are arriving in the email inbox belonging to the City of Bozeman's attorney in response to a story about the City requiring that job applicants hand over login information and passwords for social network sites. A story aired on KBZK Wednesday and by Thursday, city offices were being deluged by people outraged about the matter. At the heart of the uproar is a requirement included on a waiver statement applicants must sign, giving the City permission to conduct an investigation into the person's "background, references, character, past employment, education, credit history, criminal or police records." Montana's News Station was alerted to the requirement by an anonymous viewer who emailed the station to express concern with part of the City's background check policy for job applicants, which states that to be considered for a job, applicants must provide login information and passwords for social network sites in which they participate. "Please list any and all, current personal or business websites, web pages or memberships on any Internet-based chat rooms, social clubs or forums, to include, but not limited to: Facebook, Google, Yahoo, YouTube.com, MySpace, etc.," the City form states. There are then three lines where applicants can list the Web sites, their user names and log-in information and their passwords. City attorney Greg Sullivan who was interviewed in the first story said he met with the human resources department Thursday and the matter is being discussed. Officials said they are looking into the legality of the requirement. They also said they are looking into Facebook's policies. The City heard from Fox News, NPR, CBS and ABC Thursday. It has also received a lot of negative reaction from the public. City Manager Chris Kukulski says Bozeman stands by the policy of looking at social network pages of applicants. He said it's important for judging the character of future police, fireman and other employees. But Bozeman resident Michael Becker has problems with how the city views that information. He sent an email to Sullivan Thursday with 14 questions on the legality of the practice. Asking for passwords is not just an invasion of privacy, Becker said. "Well, first of all it is a violation of Facebook and MySpace's terms of service. Both of them prohibit giving out your password to a third party, right in the terms of service, the one's you agreed upon when you signed up for the site. So that's not illegal, but it is a violation of their terms of service. So by giving your password to the City of Bozeman, you're placing your account in Jeopardy," he said. Bozeman City Hall isn't the only place where the requirement has become a hot topic. It has ignited a heated response on the social networking site Twitter where people are tweeting vigorously about the requirement. Comments on Twitter range from the outraged to the snarky. "Note to self, don't apply in Bozeman for a city job," one person wrote. "It could be worse :) City of Bozeman could partner with Dept. of corrections and issues ankle bracelets to all employees," said another. "Interview comment #817 ?I'm sorry, according to the 'Which Vegetable Are You' quiz, you are a turnip. We can't hire turnips,'" one person wrote, making reference to Facebook quizzes. As of 10 a.m. 6,454 people had voted in a poll on www.kbzk.com asking "What do you think of the City of Bozeman requiring job applicants to provide social network site login and password information?" So 6,347 people have voted "I'm against it - It's an invasion of privacy," 62 people have voted "I'm for it - It's important for the City to judge the applicant's character," and 45 people have said they don't care either way. News Web sites and bloggers from around the world are also picking up the story. Slashdot, The Guardian, Computer World and celebrity blogger Perez Hilton are just a few of the places where the requirement has gotten noticed. From rforno at infowarrior.org Sat Jun 20 14:44:56 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 20 Jun 2009 10:44:56 -0400 Subject: [Infowarrior] - Is AT&T playing gatekeeper to the Wireless Web? Message-ID: <05BB9C63-BBF8-4B93-B6D0-FF4387FA4DE1@infowarrior.org> June 18, 2009 5:07 PM PDT Is AT&T playing gatekeeper to the Wireless Web? by Marguerite Reardon http://news.cnet.com/8301-1035_3-10268319-94.html?tag=newsEditorsPicksArea.0 AT&T's decision to allow Major League Baseball fans to stream games live onto their iPhones while restricting video streaming using another video application has one advocacy group crying foul. With the release of the 3.0 version of Apple's iPhone operating system this week, subscribers to a popular application from Major League Baseball called At Bat will now get the chance to stream live video feeds of baseball games directly to their iPhones or iPod Touches. The first game was streamed Thursday afternoon, featuring a match up between the Chicago Cubs and White Sox. But unlike other video streaming applications, such as SlingPlayer, the MLB At Bat live video can be accessed regardless of whether a subscriber is connected to the Internet via AT&T's 3G network or a Wi- Fi connection. The SlingPlayer app, which allows iPhone users to redirect cable and broadcast TV from their TVs at home to their iPhones, is only permitted by AT&T to operate over a Wi-Fi connection. When the SlingPlayer application was first released last month, AT&T said that it restricted the application to Wi-Fi because streaming live broadcast TV over its 3G wireless network "violated the company's terms of use." But now AT&T is allowing MLB to do exactly what it would not allow Sling to do, which is stream live broadcast TV over its 3G cellular network onto iPhones. So what gives? Is AT&T playing favorites? That's exactly what Ben Scott, policy director for the advocacy group Free Press, thinks. The group issued a statement Thursday expressing its concern over what it sees as an inconsistent policy. "We are troubled that carriers like AT&T are playing gatekeeper to the next generation of wireless Internet applications," Scott said in a statement. "No Internet service provider should be allowed to pick winners and losers online." Free Press has long supported the notion of a free and open Internet. And the company has pushed the Federal Communications Commission to confirm that its Net Neutrality principles also apply to wireless networks. The FCC's Internet Policy Statement protects consumers' right to access any online content and services on any device of their choosing. These principles were used effectively last year to punish broadband provider Comcast for deliberately slowing some of its customers' BitTorrent traffic, a move that other broadband providers including AT&T has pointed to as evidence that no further regulation is needed to protect consumers' access to Internet applications. AT&T has also publicly supported the notion that these Net Neutrality rules should also apply to wireless Internet access. In fact, Jim Cicconi, senior executive vice president of legislative affairs for AT&T, said as much during a panel discussion hosted by a Washington Post reporter in November. "The same principles should apply across the board. As people migrate to the use of wireless devices to access the Internet, they...certainly expect that we treat these services the same way," the Washington Post reporter quoted Cicconi as saying in her blog post. Free Press's Scott, who appeared on the panel with Cicconi in November, pointed out AT&T's contradiction in his statement. "AT&T has acknowledged that open Internet principles should apply to wireless and that consumers expect unfettered mobile access," Scott said. "So why is AT&T deciding what online video its iPhone customers can watch and what they can't?" The argument put forth by Free Press is a compelling one. And right now, AT&T doesn't have an answer or an explanation as to why the MLB streaming video would be treated differently from the Sling video. Mark Siegel, an AT&T spokesman, said the company could not comment yet until it looked into the matter further. But earlier this year, Siegel had plenty to say about Sling and streaming video in general. As a guest on the Clark Howard radio show, Siegel compared using Sling's service over a wireless connection to sending bulk e-mail and spam, activities that he said eat up too much of the network's bandwidth. "You can't use a service called 'Slinging,' where you redirect a wireless TV signal to your phone. We do not allow that type of application on our phones," he said. "It's absolutely cool (technology), but if we allowed these kinds of services, the highway would quickly become clogged." Indeed, streaming video eats up a lot of bandwidth. Because cellular networks are divided into cells, users in a particular cell share the available bandwidth in that cell or region. This means that streaming a lot of high-quality video over the network could potentially eat up all the available bandwidth and degrade service for other subscribers in that cell. This is why MLB.com is using a standards-based streaming technology that will detect the speed of the network and adjust the quality of the video to the bandwidth that is available. The latest version of the SlingPlayer submitted to Apple for the App Store used similar technology that would cap the bit rate to ensure it was below Apple's and AT&T's threshold, according to David Eyler, a project manager for Sling Media, who commented for an earlier story on CNET News on this topic. Eyler also said during that earlier interview that the explanation he had been given for not allowing the SlingPlayer to be used over the 3G network was that AT&T doesn't allow video services that redirect TV signals onto its network. What's even more puzzling about why AT&T would allow MLB's At Bat application to be used over its 3G network and not the SlingPlayer, is the fact that the MLB application is likely to put a lot more strain on the network than the SlingPlayer App. Here's why. The MLB At Bat application is likely to have more subscribers streaming video than the SlingPlayer app. MLB.com At Bat 2009 ranks among the top 100 overall paid applications in the App Store, according to the MLB's own Web site. And the application, which costs $9.99 to download, has only been available for about two months.The new, free streaming capability is likely to encourage even more downloads. Meanwhile, the SlingPlayer app, which costs $29.99 to download, is likely to appeal to only a niche audience, since it also requires users to have a $150 SlingBox device in their homes to redirect the TV signals to their iPhones. But more importantly, MLB At Bat subscribers will be tuning into the same video event at the same time. And since sports fans often root for teams in their own city, there is a good chance that many fans tuning into a particular game on their iPhones will be in the same geographic area, which is exactly the kind of scenario that could bring a cellular network to its knees. AT&T struggled to keep its 3G network up and running in Austin during the South By Southwest (SXSW) conference earlier this year when there was a high concentration of iPhone users. By contrast, SlingPlayer users are not likely to be accessing the same video content at the same time in the same exact cell or region, which is actually less taxing on a wireless network. But this isn't the first time that AT&T has shown preferential treatment to one application over another. OrbLive, which is offered on the App Store, also redirects TV signals onto the iPhone using a Wi- Fi network or the 3G cellular network. The application is designed to allow people to stream media from a PC to the iPhone wirelessly, much like how the SlingPlayer works. For right now, iPhone users are simply left to wonder "why?" But stay tuned for more updates. I'm confident that AT&T will have an explanation shortly. From rforno at infowarrior.org Sat Jun 20 16:54:06 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 20 Jun 2009 12:54:06 -0400 Subject: [Infowarrior] - Looking for a Few Good Spies Message-ID: Obama Administration Looks to Colleges for Future Spies By Walter Pincus Washington Post Staff Writer Saturday, June 20, 2009 http://www.washingtonpost.com/wp-dyn/content/article/2009/06/19/AR2009061903501_pf.html To the list of collegiate types -- nerds, jocks, Greeks -- add one more: spies in training. The government is hoping they'll be hard to spot. The Obama administration has proposed the creation of an intelligence officer training program in colleges and universities that would function much like the Reserve Officers' Training Corps run by the military services. The idea is to create a stream "of first- and second-generation Americans, who already have critical language and cultural knowledge, and prepare them for careers in the intelligence agencies," according to a description sent to Congress by Director of National Intelligence Dennis C. Blair. In recent years, the CIA and other intelligence agencies have struggled to find qualified recruits who can work the streets of the Middle East and South Asia to penetrate terrorist groups and criminal enterprises. The proposed program is an effort to cultivate and educate a new generation of career intelligence officers from ethnically and culturally diverse backgrounds. Under the proposal, part of the administration's 2010 intelligence authorization bill, colleges and universities would apply for grants that would be used to expand or introduce courses of study to "meet the emerging needs of the intelligence community." Those courses would include certain foreign languages, analysis and specific scientific and technical fields. The students' participation in the program would probably be kept secret to prevent them from being identified by foreign intelligence services, according to an official familiar with the proposal. Students attending participating colleges and universities who agree to take the specialized courses would apply to the national intelligence director for admittance to the program, whose administrators would select individuals "competitively" for financial assistance. Much like the support provided to those in the military programs, the financial assistance could include "a monthly stipend, tuition assistance, book allowances and travel expenses," according to the proposal. It also would involve paid summer internships at one or more intelligence agencies. Applicants to the intelligence training program would have to pass a security background investigation, although it is unclear when they would have to do so. Students who receive a certain amount of financial assistance would be obligated to serve in an intelligence agency for the same length of time as they received their subsidy. Students in the military programs typically participate for all four years of college, but the intelligence program would seek to recruit sophomores and juniors. Through grants to colleges and universities, intelligence agencies have been building partnerships with academia and specific professors, some of whom in past decades served as channels for recommending applicants to the CIA and other intelligence agencies. The intelligence community already has a Centers of Academic Excellence Program that funds programs in national security studies at more than 14 colleges and universities, with a goal of having 20 participating schools by 2015. The programs receive between $500,000 and $750,000 a year. The intelligence officer training program would build on two earlier efforts. One was a pilot program, first authorized in 2004, for as many as 400 students who took cryptologic training and agreed to work for the National Security Agency or another intelligence agency for each year they received financial assistance. That program will be replaced by the new one because cryptology is not as needed as it once was. A second program provided financial assistance to selected intelligence community employees who agreed to study in specialized academic areas in which officials believed there were analytic deficiencies. Named the Pat Roberts Intelligence Scholars Program, after the Kansas Republican who chaired the Senate Select Committee on Intelligence, over the past four years it has provided funds to some 800 students and current employees. The director of national intelligence would make the Roberts program permanent under the new proposal and expand it beyond analysts to include personnel in acquisition, science and technology. It also could be used to help recruit employees by reimbursing them for prior education in critical areas. From rforno at infowarrior.org Sat Jun 20 20:18:20 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 20 Jun 2009 16:18:20 -0400 Subject: [Infowarrior] - PirateBay and Iran Protests Message-ID: <1A30E23C-9D7D-4D0D-8709-B1B08407445C@infowarrior.org> An Iran Protest link. This link is being hosted by The Pirate Bay and others. This link contains blogs, security information (for protesters) and other useful information. http://iran.whyweprotest.net/ From rforno at infowarrior.org Sun Jun 21 02:29:09 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 20 Jun 2009 22:29:09 -0400 Subject: [Infowarrior] - Technology is a weapon for governments, reformers in Iran, China Message-ID: <8A16B980-0538-4D57-AEB9-74C9CDC8B2A2@infowarrior.org> Technology is a weapon for governments, reformers in Iran, China By John Boudreau Mercury News Posted: 06/19/2009 12:00:00 PM PDT Updated: 06/20/2009 05:29:34 PM PDT http://www.mercurynews.com/valley/ci_12624598 Over recent weeks, world headlines have been filled with tales of the promises and the perils of information technology. In Iran, technology is being celebrated as a powerful democratizing force, as activists use Twitter and Facebook to rally opposition to a disputed election. But in China, it is being used as a tool of control as the government forces PC makers to install software on all new machines to block Web sites it does not favor. After years of predictions that online communication would empower a free flow of information no authoritarian government could control, world events in recent weeks have underscored that is not always true. The weapon of those who oppose repressive regimes is also one governments can use to silence opponents. Silicon Valley tech companies, widely admired for providing a global megaphone to those who advocate liberties, are also sometimes eyed suspiciously by activists who accuse them of complicity with authoritarian governments. "It's a very fierce information warfare over the Internet," said Samuel Zhou, deputy director of the Global Internet Freedom Consortium, a group of five companies that creates software to help Internet users work around online roadblocks erected by the Chinese government. "The censorship technology from Beijing and our anti- censorship technology are developed in a competitive way." Google, Yahoo and Cisco Systems have been pressured by Congress to do more to Advertisement protect user privacy and fight censorship overseas. In 2007, Yahoo settled a lawsuit with two pro-democracy Chinese journalists, Shi Tao and Wang Xiaoning, who were sent to jail after Chinese authorities demanded and received information about their online activities from the Sunnyvale Internet giant. The Global Network Initiative, a group that includes Yahoo, Google, Microsoft and academic and human rights organizations, endorsed a code of ethics last year that commits companies to "respect, protect and advance user rights to freedom of expression and privacy" in the face of government pressure for censorship and to disclose users' personal information. Organizers hope to recruit other companies, such as Cisco Systems and Hewlett-Packard. Every day, technological battles are fought between those who erect Internet barricades and those punching holes in them. "It's a cat-and-mouse game," said Zhou, whose anti-censorship consortium, which also helps people in other countries, particularly Iran in recent days, just released software to counter China's so- called Green Dam-Youth Escort software. The software is designed to block certain Web sites with content ranging from pornography to taboo political topics like independence for Tibet and Taiwan. It has caused a global uproar and, according to University of Michigan researchers, will expose Chinese PC users to information-stealing malware. There are risks to heavy-handed moves by governments, said Clay Shirky, a professor at New York University's Graduate Interactive Telecommunications Program. Shutting down a service that plays an important role in daily lives and business, from text-messaging to Google Earth, could be so disruptive to society the government could unwittingly radicalize a much larger group of people, he said. "Governments rely on apathy," Shirky said. "Anything that makes a large section of the population start to care risks losing the apathy required for them to continue to govern. The real threat is when the population that is on the sidelines starts to side with the students." In Iran, protesters have requested news through Facebook about demonstrations outside the country held in support of their cause, said Niloofar Nafici, a Facebook employee with family in the country. "When they go out onto the streets, they know they are not alone in their message," she said. On Friday, Google and Facebook announced they are offering services in Farsi to meet the demand for more communications about the protests surrounding the disputed June 12 election. The Iranian government has expelled Western journalists or significantly limited their ability to report on the escalating tensions in Tehran. "Ten, eight years ago, all the government had to do was shut down three newspapers. Now they have tens of thousands of reporters who are talking about what is going on," said Shayan Zadeh, co-CEO of San Francisco social dating network Zoosk. He left Iran nine years ago and is keeping in touch with events there through Facebook. "It's a lot harder to contain information than ever before." The Iranian government is working to block sites such as Facebook, though it's unclear how effective it has been. China, so far, has been successful at tamping down dissent it views as threatening. Its vibrant blogosphere has more freedom to criticize the government and courts in some circumstances, but no one has come close to launching an opposition party, said Rebecca MacKinnon, an expert on Internet freedoms at the University of Hong Kong and a former CNN Beijing bureau chief. "If they talk about regime change or go after leaders, they still go to jail," she said. "You don't see democratization. The courts are no more independent of the Communist Party than they were 10 years ago. You have no progress toward representative government." Contact John Boudreau at jboudreau at mercurynews.com or 408-278-3496. From rforno at infowarrior.org Sun Jun 21 15:31:20 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 21 Jun 2009 11:31:20 -0400 Subject: [Infowarrior] - ROEs for Journalists on Twitter Message-ID: http://www.pbs.org/mediashift/2009/06/rules-of-engagement-for-journalists-on-twitter170.html Rules of Engagement for Journalists on Twitter Julie Posetti by Julie Posetti, June 19, 2009 The Guardian apologizes for an inaccurate re-tweet. Twitter's role in the Iranian election aftermath leaves no doubt about its power as a global, real time, citizen-journalism style news wire service, along with a tool for facilitating dissent, while countering the view of Twitter as simply a zone for egotistical banality. But it also highlighted Twitter's role as a platform and content generator for traditional media outlets, along with some of the key dilemmas being faced by professional journalists in the Twittersphere. I've been researching the ways in which journalists and traditional media outlets are using Twitter and exploring the ethical dilemmas raised by the clash of the private and the public for journalists in the sphere via interviews with Australian, US and South African journalists. And, while I'm convinced Twitter is now a vital journalistic tool for both reporting events and breaking down barriers between legacy media and its audiences, there are still multiple questions around professional journalists' activities on Twitter that require thoughtful, open debate. While many journalists recognize Twitter's power as a reporting tool, some news organizations are still reluctant to embrace it while others have issued rules restraining their writers' use of the service. In this third installment of my Mediashift series on the intersection of journalism and Twitter, I'll attempt to determine the rules of engagement for tweeting journalists. Rules of Engagement Some media outlets are making tweeting almost compulsory for their journalists but others are much more cautious, or even ban journalists from tweeting on the job. The Wall Street Journal, the New York Times and Bloomberg have all introduced conservative codes of conduct for social media, partly in response to problems resulting from the unique mix of personal and professional information on social media. These policies have been criticized for missing the point of social media -- humanized interaction -- and too rigidly regulating journalists' tweeting. But in Australia, journo-tweeting is largely unregulated by media outlets. None of the 25 Australian journalists I interviewed for this study (from Fairfax, News Ltd, ABC, ACP, Sky News and a range of smaller outlets) was aware of such a policy in their workplace. According to some of the interviewees, management ignorance could account for the absence of such policies. When asked why he thought his Australian employer didn't have a policy like the WSJ, one journalist responded, "They just don't get it." posettiirantweet.jpg There's growing realization among employers, however, that guidelines may be a helpful adjunct to corporate editorial policies in the brave new world of social media. There's evidence of a policy shift at the powerful Fairfax group, publisher of the Sydney Morning Herald and Melbourne's The Age. Asher Moses (who was at the center of the tweeting controversy featured in part two of this series) indicated that, even though there was no official policy, the company had expectations that he could tweet either for professional or personal use but not both. And the ABC is currently consulting staff as a precursor to publishing new guidelines. "I think they're still feeling their way on social networking sites. It's a new world and they're trying to figure out exactly how to approach it," prominent ABC presenter Leigh Sales said. Newsrooms Blocking Twitter at Work But some employers are either so afraid of the platform or so disdainful about its journalistic potential that they've tried to bar their reporters from even accessing Twitter in the workplace. The Sydney Star Observer's (SSO) Harley Dennett says he's denied access to both his Facebook and Twitter accounts at work via web filters on office computers. "The publishing editor said staff can make those contacts in their own time," he explained. "But I get around that by using the Tweetie desktop and iPhone applications. I do so openly and unashamedly." Nevertheless, Dennett's newspaper happily prints copy generated by his extra-curricular tweeting. "During news conferences I declare if a story originated from Twitter, but my editor has never verbally acknowledged that," he said. "I can't explain the resistance to popular social media and networking websites. Personally, I would welcome some guidance from my employer on Twitter use, if it made sense at least." The SSO's policy is clearly a short-sighted and narrow-minded approach to managing the issues raised by journalists' interactions with social networking sites but it's not an isolated example. Jonathan Ancer, from South Africa's Independent Newspapers group, which publishes Johannesburg's The Star along with other influential titles, plans to use Twitter to help trainee journalists to write with brevity and clarity, but he is also barred from Twitter at work. "When I tried to log onto Twitter a few days ago, I was surprised to find myself blocked with a note saying my attempt to access porn had been recorded," he said. "I think media companies should open up access to Twitter, Facebook and other social networking platforms because this is where people -- readers, eyeballs, etc. -- are going." However, while individual journalists with the Independent group may have difficulty accessing Twitter, the company's online publication has a moderately active Twitter account. South Africa's media certainly need to make active use of Twitter ahead of the 2010 soccer World Cup when they'll be seeking the world's eyeballs. Australia's national parliament in Canberra where journalists have been granted permission to live-tweet parliamentary sessions. Meanwhile, in Australia, the Speaker of the Federal Parliament recently approved live tweeting from the floor of the House of Representatives during Question Time via cell or PC. This breaks a decades-long ban on reporting from inside the House. This will likely both enliven political reporting and make it impossible for resistant journalists and media outlets Down Under to continue holding out. As Twitter becomes entrenched in daily reporting practice, it would seem appropriate for media organizations to update existing editorial guidelines to make them relevant to social media platforms like Twitter. But if they want to bank on the significant benefits that can flow from their participation in the Twittersphere (such as developing new audiences and enhancing traffic to their websites), they will need to ensure their journalists have unfettered access to the site and also be flexible about interactions in the space to encourage reporters to engage in conversations with their followers. What principles guide J-Twits? So, for those journalists who tweet according to their own personal code, what principles guide them? For the ABC's Leigh Sales, it's a mix of gut instinct and rules derived from industry experience. "If I have even the slightest hesitation about posting something, for example, a slightly off-color witticism, I choose not to post it," she said. "I don't post gags about stories on which I may have to report seriously. I don't put any significant personal content on Twitter. I may occasionally say that I've been to a movie or express a like or dislike, but I don't engage in personal chit-chat...I view it as a professional tool." Dave Earley from Brisbane's Courier Mail has changed his approach since Twitter began hitting the headlines. "Until Twitter's recent media exposure, my Twitter account had remained relatively unknown in my workplace," he said. "Now that it's on the radar, I'm probably more conscious of what I say." Early also chooses not to "tweet angry." "I do try to make sure my tweets are never inflammatory, there's no point setting out to make enemies," he said. For John Bergin of Sky News, it's a case of common sense and basic training. "Our journalists receive legal training," he said. "Issues such as defamation, contempt of court, statutory restrictions and so forth should apply as much to the online world as they do in the offline. Obviously, anything that is private and confidential in a newsroom should remain so -- again, common sense and respect for the workplace and its people is paramount." But Harley Dennett's approach is to tweet independently of his employer. This allows him to publicly criticize his paper and its policies if he desires -- an act which he believes demonstrates transparency and buys him credibility with his followers. "Increasingly, I'm confident the best model is for the journo to have a direct relationship with their Twitter followers independent of the media outlet that employs him or her," he said. "The spectre of a big media outlet appearing to control what a journo says online would also really hamper that personal quality that Twitter can bring out of a conversation." Lessons from Iran What information on Twitter is fair game for a journalist to report? There needs to be further discussion between media professionals, their employers, journalism academics and social media experts to help navigate this complex territory. But my preliminary views go like this: Although social media etiquette may not recognize a journalist's right to report any material published openly, the reality is that open Twitter accounts are a matter of permanent public record and fair game for journalists. While attribution is vital and it might be polite (but not necessary) to seek the approval of a Twitterer to quote them, I don't see anything unethical about using tweets in mainstream news coverage. However, the locked Twitter account is a more delicate matter. I'd suggest that a locked account amounts to an "off the record" comment which requires permission from the tweeter before re-publishing. And does re-tweeting (or RT) -- re-publishing someone else's tweet -- equate to giving their tweets your professional stamp of approval if you tweet openly as a practicing journalist? If you are passing on information to your "followers," do you have an obligation to first establish the information's authenticity or acknowledge it as "unconfirmed" -- an obligation many journalists would feel if they were doing the same for a newspaper or broadcaster? When I raised concerns this week about the practice of tweeters who openly identify as professional journalists re-tweeting without verification, in the context of the indiscriminate dissemination of tweets claiming to emanate from Iran, I found myself engaged in a lively discussion on Twitter. I asserted that when Patrick LaForge, an editor at the New York Times, re-tweeted (without acknowledgement of verification or absence thereof) a list of Iranian tweeters sourced from expert blogger Dave Winer (who had, in turn, passed on the list without verifying its contents) it amounted to an approval of that list, LaForge disagreed. NYU's Jay Rosen then reminded me not to expect open systems like Twitter to behave in the same manner expected of editorial systems. But while I agree with Rosen, my concern wasn't directed at the unmediated Twittersphere. Rather it was directed at the way journalists approach this flood of information. I'm of the view that professional journalists will be judged more harshly by society if they RT content which later proves to be false -- particularly in the context of a crisis. This goes to their professional credibility and their employer's. Therefore, while I wouldn't for a minute suggest journalists step back from reporting on social media contributions flowing from zones like Iran, nor from repeating tweets purporting to represent witness accounts -- clearly these are valid contemporary storytelling devices -- I do think they need to critically assess information to the best of their capacity before republishing it and, if there's no way to do so, flag this with "unconfirmed" or some other abbreviated signal that the information has not been substantiated by the journalist. In many international settings, there are legal as well as ethical imperatives to consider here. If you inadvertently RT a defamatory tweet in Australia, for example, arguing "I was just passing on a link," would not be a defense against a defamation action. Writing in The Atlantic, Marc Ambinder advises readers to treat the flood of information from Iran like a CIA analyst would -- sifting it and weighing it up. I think that's sage advice for professional journalists operating on Twitter, too. The ABC provided a good example of an appropriate approach to this problem in their online amalgamation of the social media coverage of Iran by simply acknowledging that some of the content was unable to be substantiated. (These issues will be a theme at the #media140 conference to be held in Sydney later this year.) Top 20 Take Away Tips for Tweeting Journos 1) Think before you tweet -- you can't delete an indiscreet tweet! (Well, you can, but it will survive in Twitter search for three months and it's likely live on as cached copy somewhere.) 2) Think carefully about what you're re-tweeting and acknowledge if it's unsubstantiated. 3) Be an active twit: tweet daily if you want your followers to stick. 4) Determine your Twitter identity. 5) Be human; be honest; be open; be active. 6) Don't lock your account if you want to use Twitter for reporting purposes -- this fosters distrust. 7) Twitter is a community, not just a one-way conversation or broadcast channel -- actively engage. 8) Check if your employer has a social media policy. 9) Be cautious when tweeting about your employer/workplace/colleagues. 10) Be a judicious follower -- don't be stingy but avoid following everyone as your list grows to avoid tweet bombardment. 11) If you quote a tweet, attribute it. 12) Expect your competitors to steal your leads if you tweet about them. 13) Don't tweet while angry or drunk. 14) Avoid racist, sexist, bigoted and otherwise offensive tweets and never abuse a follower. 15) Scrutinize crowdsourced stories closely. 16) Find people to follow. Foster followers by pilfering the lists of other twits. 17) Twitter is a 'time vampire' (via @anne_brand) -- you don't need to keep track of all tweets, so dip in and out through the day. 18) Prevent information overload by using an application such as Tweetdeck. 19) Add applications to your Internet-enabled mobile device to allow live-tweeting on the road. 20) Add value to your tweets with links, Twitpic and other applications for audio and video. A useful resource: You can find a list of the top 100 Australian media professionals on Twitter compiled by @earleyedition here. Julie Posetti is an award winning journalist and journalism academic who lectures in radio and television reporting at the University of Canberra, Australia. She's been a national political correspondent, a regional news editor, a TV documentary reporter and presenter on radio and television with the Australian national broadcaster, the ABC. Her academic research centers on talk radio, public broadcasting, political reporting and broadcast coverage of Muslims post-9/11. She blogs at J-Scribe and you can follow her on Twitter. From rforno at infowarrior.org Mon Jun 22 03:50:47 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 21 Jun 2009 23:50:47 -0400 Subject: [Infowarrior] - =?windows-1252?q?It=92s_Mind_Your_BlackBerry_or_M?= =?windows-1252?q?ind_Your_Manners?= Message-ID: At Meetings, It?s Mind Your BlackBerry or Mind Your Manners By ALEX WILLIAMS Published: June 21, 2009 http://www.nytimes.com/2009/06/22/us/22smartphones.html?hp Smartphone use has become routine in meetings in the corporate and political worlds but retains the potential to annoy. For the first half-hour of the meeting, it was hardly surprising to see a potential client fiddling with his iPhone, said Rowland Hobbs, the chief executive of a marketing firm in Manhattan. At an hour, it seemed a bit much. And after an hour and a half, Mr. Hobbs and his colleagues wondered what the man could possibly be doing with his phone for the length of a summer blockbuster. Someone peeked over his shoulder. ?He was playing a racing game,? Mr. Hobbs said. ?He did ask questions, though, peering occasionally over his iPhone.? But, Mr. Hobbs added, ?we didn?t say anything. We still wanted the business.? As Web-enabled smartphones have become standard on the belts and in the totes of executives, people in meetings are increasingly caving in to temptation to check e-mail, Facebook, Twitter, even (shhh!) ESPN.com. But a spirited debate about etiquette has broken out. Traditionalists say the use of BlackBerrys and iPhones in meetings is as gauche as ordering out for pizza. Techno-evangelists insist that to ignore real- time text messages in a need-it-yesterday world is to invite peril. In Hollywood, both the Creative Artists Agency and United Talent Agency ban BlackBerry use at meetings. Tom Golisano, a billionaire and power broker in New York State politics, said last week that he pushed to remove Malcolm A. Smith as the State Senate majority leader after the senator met with him on budget matters in April and spent the time reading e-mail on his BlackBerry. The phone use has become routine in the corporate and political worlds ? and grating to many. A third of more than 5,300 workers polled in May by Yahoo HotJobs, a career research and job listings Web site, said they frequently checked e-mail in meetings. Nearly 20 percent said they had been castigated for poor manners regarding wireless devices. Despite resistance, the etiquette debate seems to be tilting in the favor of smartphone use, many executives said. Managing directors do it. Summer associates do it. It spans gender and generation, private and public sectors. A few years ago, only ?the investment banker types? would use BlackBerrys in meetings, said Frank Kneller, the chief executive of a company in Elk Grove Village, Ill., that makes water-treatment systems. ?Now it?s everybody.? He said that if he spotted 6 of 10 colleagues tapping away, he knew he had to speed up his presentation. It is routine for Washington officials to bow heads silently around a conference table ? not praying ? while others are speaking, said Philippe Reines, a senior adviser to Secretary of State Hillary Rodham Clinton. Although BlackBerrys are banned in certain areas of the State Department headquarters for security reasons, their use is epidemic where they are allowed. ?You?ll have half the participants BlackBerrying each other as a submeeting, with a running commentary on the primary meeting,? Mr. Reines said. ?BlackBerrys have become like cartoon thought bubbles.? Some professionals admitted that they occasionally sent mocking commentary about the proceedings, but most insisted that they used smartphones for legitimate reasons: responding to deadline requests, plumbing the Web for data to illuminate an issue under discussion or simply taking notes. Still, the practice retains the potential to annoy. Joel I. Klein, the New York City schools chancellor, has gained such a reputation for checking his BlackBerry during public meetings that some parents joke that they might as well send him an e-mail message. Few companies have formal policies about smartphone use in meetings, according to Nancy Flynn, the executive director of the ePolicy Institute, a consulting group in Columbus, Ohio. Ms. Flynn tells clients to encourage employees to turn off all devices. ?People mistakenly think that tapping is not as distracting as talking,? she said. ?In fact, it can be every bit as much if not more distracting. And it?s pretty insulting to the speaker.? Still, business can be won or lost, executives say, depending on how responsive you are to an e-mail message. ?Clients assume they can get you anytime, anywhere,? said David Brotherton, a media consultant in Seattle. ?Consultants who aren?t readily available 24/7 tend to languish.? Playful electronic bantering can stimulate creativity in meetings, in the view of Josh Rabinowitz, the director of music at Grey Group in New York, an advertising agency. In pitch meetings, Mr. Rabinowitz said, he often traded messages on his Palm Treo ? jokes, ideas, questions ? with colleagues, ?things that you might not say out loud.? The chatter tends to loosen the proceedings. ?It just seems to add to the productive energy,? he said. But business relationships can be jeopardized. Lori Levine, the founder of Flying Television, a talent-booking agency in Manhattan, said that in an effort to be environmentally sensitive she instructed employees to take notes on BlackBerrys instead of paper during client meetings. ?Then I got a call from a client screaming that our vice president spent an hour on his BlackBerry during a huge meeting,? Ms. Levine recalled. To soothe the client, Ms. Levine read aloud the notes the vice president had taken. In Dallas, a college student sunk his chance to have an internship at a hedge fund last summer when he pulled out a BlackBerry to look up a fact to help him make a point during his interview, then lingered ? momentarily, but perceptibly ? to check a text message a friend had sent, said Trevor Hanger, the head of equity trading at the hedge fund, who was helping conduct the interview. Very few companies have policies on smartphone use in meetings, which leaves it up to employees to feel their way across uncertain terrain. To Jason Chan, a digital-strategy consultant in Manhattan, different rules apply for in-house meetings (where checking BlackBerrys seems an expression of informal collegiality) and those with clients, where the habit is likely to offend. There is safety in numbers, he added in an e-mail message: ?The acceptability of checking devices is proportional to the number of people attending the meeting. The more people there are, the less noticeable your typing will be.? Beyond practical considerations, there is also the issue of image. In many professional circles, where connections are power, making a show of reaching out to those connections even as co-workers are presenting a spreadsheet presentation seems to have become a kind of workplace boast. Mr. Brotherton, the consultant, wrote in an e-mail message that it was customary now for professionals to lay BlackBerrys or iPhones on a conference table before a meeting ? like gunfighters placing their Colt revolvers on the card tables in a saloon. ?It?s a not-so-subtle way of signaling ?I?m connected. I?m busy. I?m important. And if this meeting doesn?t hold my interest, I?ve got 10 other things I can do instead.? ? From rforno at infowarrior.org Mon Jun 22 03:52:18 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 21 Jun 2009 23:52:18 -0400 Subject: [Infowarrior] - =?windows-1252?q?As_Blogs_Are_Censored=2C_It=92s_?= =?windows-1252?q?Kittens_to_the_Rescue?= Message-ID: <623F2328-90B8-4A06-AB07-111B407196C2@infowarrior.org> As Blogs Are Censored, It?s Kittens to the Rescue By NOAM COHEN http://www.nytimes.com/2009/06/22/technology/internet/22link.html?hpw=&pagewanted=print TO censor the Internet painlessly, undetectably, is the dream that keeps repressive governments up late at their mainframe computers. After all, no users are so censored online as those who never see it. The Iranian government is carrying out an Internet crackdown in hopes of subduing the protest movement that has surged since the disputed results of the presidential election on June 12. At the same time, the Iranian government has been sending out the police to restrain protesters and foreign journalists. Thus far, however, the Iranian government has learned the difficulty of trying to control the Internet in half-steps. Because the government?s censorship efforts are so evident ? transparent, even ? there is a battle raging online to keep Iran connected to the world digitally, and thus connected to the world. Sympathizers around the world are guiding Iranians to safe access to the Internet and are hosting and publicizing material that is being banned within Iran. If only Iran?s leaders had thought through the implications of what can be called the Cute Cat Theory of Internet Censorship, as propounded by Ethan Zuckerman, a senior researcher at the Berkman Center for Internet and Society at Harvard Law School. His idea is deceptively simple: most people use the Internet to enjoy their lives, and among the ways people spread joy is to share pictures of cute cats. Even the sarcastic types (who, for example, have been known to insert misspelled messages under pictures of kittens) seem to be under their thrall. So when a government censors the Internet, it had better think twice: ?Cute cats are collateral damage when governments block sites,? Mr. Zuckerman wrote for a recent talk. People who could not ?care less about presidential shenanigans are made aware that their government fears online speech so much that they?re willing to censor the millions of banal videos? and thereby ?block a few political ones.? As it happens, Mr. Zuckerman said, the Iranian government?s censorship task has been made harder because there is a thriving blogging community there, which he attributes to an earlier Iranian censorship campaign against traditional print media, in 2003. Writers flocked to the Internet. This fact, combined with a history of blocking access to social media tools since at least 2004, means that a large group of computer-savvy communicators ?have had five years to figure out? how to get their message out. They have learned about all manner of ?proxies,? that is, improvised ways of evading censorship ? often connecting to a computer outside of Iran, which then can connect to the Internet freely. In earlier cases, the important news that bloggers had to share on a social network might have related to soccer, or a certain favorite pet, but today those same tools are used to get the word out about protests and a spirit of defiance within Iran. From his experience as a founder of Global Voices, an aggregator of citizen media from around the world, Mr. Zuckerman says he has learned to value the roots laid down by a community of bloggers. In Kenya, he said, bloggers were important commentators and reporters in 2007-8 on a disputed election, and people would ask why there were so many bloggers in Kenya. It turned out, he said, that ?Kenya has the second-most bloggers in Africa and that mostly they are not writing about politics; many are writing about rugby.? There was, he said, ?a fascinating latent capacity ? people who knew how to use the tools, knew how to write well, to tell a story with words and pictures.? The Russia-Georgia war, he said, offered a contrast. ?Suddenly a bunch of people flocked to blogging tools,? he said. ?We had never heard about of lot of those people. A number of people were manufacturing blogs from whole cloth for propaganda purposes. It was hard to know who they were, if they were credible. In Kenya, we knew who they were; we knew their favorite rugby team.? There are practical benefits to the mainstreaming of political protest online. It presents another barrier to censorship. Mr. Zuckerman said there had been discussion about having a dedicated human rights site ? ?and we realized that it will be the most attacked site in the world,? he said. ?The response,? he said, ?is to say let?s go in the other direction ? encourage anyone that has a human rights site to mirror it everywhere, including sites like Blogspot.com with lots of noncontroversial sites. It is kind of hard for Iran to block Blogger.com well, not that it is hard, but it is complicated. They would have close down a lot of blogs, including blogs with cute cats.? Beyond the practical benefits, there is something satisfying about a country being assisted by ordinary bloggers who suddenly show their skills in organizing and belief in basic political principles. It harks back to heroes like the Roman leader Cincinnatus, a farmer who had to be persuaded to lead the republic in a time of need and after succeeding quickly returned to the farm. Any functioning society needs professional politicians, just as any modern society needs political blogs, but it is good to be reminded that leadership and political voices can come from other ranks. But, Mr. Zuckerman reminded me, ?You have to have the sword at home. You don?t want to have to buy a sword at the last minute.? From rforno at infowarrior.org Mon Jun 22 13:52:34 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 22 Jun 2009 09:52:34 -0400 Subject: [Infowarrior] - Lancaster, Pa., keeps a close eye on itself Message-ID: <054A7BC5-D363-4D23-9CA7-DBBF72328592@infowarrior.org> http://www.latimes.com/news/nationworld/nation/la-na-spycam-city21-2009jun21,0,4840616,full.story Lancaster, Pa., keeps a close eye on itself A vast and growing web of security cameras monitors the city of 55,000, operated by a private group of self-appointed gatekeepers. There's been surprisingly little outcry. By Bob Drogin June 21, 2009 Reporting from Lancaster, Pa. -- This historic town, where America's founding fathers plotted during the Revolution and Milton Hershey later crafted his first chocolates, now boasts another distinction. It may become the nation's most closely watched small city. Some 165 closed-circuit TV cameras soon will provide live, round-the- clock scrutiny of nearly every street, park and other public space used by the 55,000 residents and the town's many tourists. That's more outdoor cameras than are used by many major cities, including San Francisco and Boston. Unlike anywhere else, cash-strapped Lancaster outsourced its surveillance to a private nonprofit group that hires civilians to tilt, pan and zoom the cameras -- and to call police if they spot suspicious activity. No government agency is directly involved. Perhaps most surprising, the near-saturation surveillance of a community that saw four murders last year has sparked little public debate about whether the benefits for law enforcement outweigh the loss of privacy. "Years ago, there's no way we could do this," said Keith Sadler, Lancaster's police chief. "It brings to mind Big Brother, George Orwell and '1984.' It's just funny how Americans have softened on these issues." "No one talks about it," agreed Scott Martin, a Lancaster County commissioner who wants to expand the program. "Because people feel safer. Those who are law-abiding citizens, they don't have anything to worry about." A few dozen people attended four community meetings held last spring to discuss what sponsors called "this exciting public safety initiative." But opposition has grown since big red bulbs, which shield the video cameras, began appearing on corner after corner. Mary Pat Donnellon, head of Mission Research, a local software company, vowed to move if she finds one on her block. "I don't want to live like that," she said. "I'm not afraid. And I don't need to be under surveillance." "No one has the right to know who goes in and out my front door," agreed David Mowrer, a laborer for a company that supplies quarry pits. "That's my business. That's not what America is about." Hundreds of municipalities -- including Los Angeles and at least 36 other California cities -- have built or expanded camera networks since the attacks of Sept. 11, 2001. In most cases, Department of Homeland Security grants helped cover the cost. In the most ambitious project, New York City police announced plans several years ago to link 3,000 public and private security cameras across Lower Manhattan designed to help deter, track and detect terrorists. The network is not yet complete. How they affect crime is open to debate. In the largest U.S. study, researchers at UC Berkeley evaluated 71 cameras that San Francisco put in high-crime areas starting in 2005. Their final report, released in December, found "no evidence" of a drop in violent crime but "substantial declines" in property crime near the cameras. Only a few communities have said no. In February, the city council in Cambridge, Mass., voted not to use eight cameras already purchased with federal funds for fear police would improperly spy on residents. Officials in nearby Brookline are considering switching off a dozen cameras for the same reason. Lancaster is different, and not just because it sits amid the rolling hills and rich farms of Pennsylvania Dutch country. Laid out in 1730, the whole town is 4 square miles around a central square. Amish families still sell quilts in the nation's oldest public market, and the Wal-Mart provides a hitching post to park a horse and buggy. Tourists flock to art galleries and Colonial-era churches near a glitzy new convention center. But poverty is double the state's average, and public school records list more than 900 children as homeless. Police blame most of last year's 3,638 felony crimes, chiefly thefts, on gangs that use Lancaster as a way station to move cocaine, heroin and other illegal drugs along the Eastern Seaboard. "It's not like we're making headlines as the worst crime-ridden city in the country," said Craig Stedman, the county's district attorney. "We have an average amount of crime for our size." In 2001, a local crime commission concluded that cameras might make the city safer. Business owners, civic boosters and city officials formed the Lancaster Community Safety Coalition, and the nonprofit organization installed its first camera downtown in 2004. Raising money from private donors and foundations, the coalition had set up 70 cameras by last year. And the crime rate rose. Officials explained the increase by saying cameras caught lesser offenses, such as prostitution and drunkenness, that otherwise often escape prosecution. The cameras also helped police capture and convict a murderer, and solve several other violent crimes. Another local crime meeting last year urged an expansion of the video network, and the city and county governments agreed to share the $3- million cost with the coalition. Work crews are trying to connect 95 additional high-resolution cameras by mid-July. "Per capita, we're the most watched city in the state, if not the entire United States," said Joseph Morales, a city councilman who is executive director of the coalition. "There are very few public streets that are not visible to our cameras." The digital video is transmitted to a bank of flat-screen TVs at coalition headquarters, several dingy offices beside a gas company depot. A small sign hangs outside. On a recent afternoon, camera operator Doug Winglewich sat at a console and watched several dozen incoming video feeds plus a computer linked to the county 911 dispatcher. The cameras have no audio, so he works in silence. Each time police logged a new 911 call, he punched up the camera closest to the address, and pushed a joystick to maneuver in for a closer look. A license plate could be read a block away, and a face even farther could be identified. After four years in the job, Winglewich said, he "can pretty much tell right away if someone's up to no good." He called up another feed and focused on a woman sitting on the curb. "You get to know people's faces," he said. "She's been arrested for prostitution." Moments later, he called police when he spotted a man drinking beer in trouble-prone Farnum Park. Two police officers soon appeared on the screen, and as the camera watched, issued the man a ticket for violating a local ordinance. "Lots of times, the police find outstanding warrants and the guy winds up in jail," said Winglewich, 49, who works from a wheelchair on account of a spinal injury. If a camera records a crime in progress, the video is given to police and prosecutors, and may be subpoenaed by defense lawyers in a criminal case. More than 300 tapes were handed over last year, records show. Morales says he refuses all other requests. "The divorce lawyer who wants video of a husband coming out of a bar with his mistress, we won't do it," he said. No state or federal law governs use of public cameras, so Morales is drafting ethical guidelines for the coalition's 10 staffers and dozen volunteers. Training has been "informal" until now, he said, but will be stiffened. Morales said he tries to weed out voyeurs and anyone who might use the tapes for blackmail or other illegal activity. "We are not directly responsible to law enforcement or government at this point," he said. "So we have to be above suspicion ourselves." Morales, 45, has a master's degree in public administration. Born in Brooklyn, N.Y., he grew up mostly on Army bases. He was accepted to the U.S. Naval Academy, he said, but turned it down. "I made a lot of bad choices," he said. "Substance abuse was part of that." Mary Catherine Roper, staff attorney for the American Civil Liberties Union of Pennsylvania, says the coalition's role as a self-appointed, self-policed gatekeeper for blanket surveillance of an entire city is unique. "This is the first time, the only time, I've heard of it anywhere," she said. "It is such a phenomenally bad idea that it is stunning to me." She said the coalition structure provides no public oversight or accountability, and may be exempt from state laws governing release of public records. "When I hear people off the street can come in and apply to watch the camera on my street, now I'm terrified," she added. "That could be my nosy neighbor, or my stalker ex-boyfriend, or a burglar stalking my home." J. Richard Gray, Lancaster's mayor since 2005, backs the program but worries about such abuses. He is a former defense attorney, a self- described civil libertarian, and a free-spirited figure who owns 12 motorcycles. "I keep telling [the coalition] you're on a short leash with me," Gray said. "It's one strike and you're out as far as I'm concerned." His campaign treasurer, Larry Hinnenkamp, a tax attorney and certified public accountant, took a stronger view. He "responded with righteous indignation" when a camera was installed without prior notice by his home. "I used to give it the finger when I walked by," Hinnenkamp said. But Jack Bauer, owner of the city's largest beer and soft drink distributor, calls the network "a great thing." His store hasn't been robbed, he said, since four cameras went up nearby. "There's nothing wrong with instilling fear," he said. bob.drogin at latimes.com From rforno at infowarrior.org Mon Jun 22 14:14:42 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 22 Jun 2009 10:14:42 -0400 Subject: [Infowarrior] - More on why I'm anti-Kindle Message-ID: I don't care how convenient it may be but this sure doesn't sound convenient, and thanks to Murphy's Law of Life, this is usually when you need access to such books! (and can't get 'em) Sorry Amazon, I'll stick with hard-copy,contrarian that I am. -rf http://www.boingboing.net/2009/06/22/some-kindle-books-ha.html Some Kindle books have secret caps on the number of times you can download them Posted by Cory Doctorow, June 22, 2009 7:10 AM | permalink It turns out that there's an undocumented restriction on Kindle books -- if you download them "too many" (where "too many" is a secret number) times to your Kindle or iPhone or whatever, you run out of downloads and can't get copies anymore. Months ago, an Amazon manager wrote to me to tell me that the Kindle now had DRM-free options for ebooks, and to ask if I had any questions. I had three questions: 1. Is there anything in the Kindle EULA that prohibits moving your purchased DRM-free Kindle files to a competing device? 2. Is there anything in the Kindle file-format (such as a patent or trade-secret) that would make it illegal to produce a Kindle format- reader or converter for a competing device? 3. What flags are in the DRM-free Kindle format, and can a DRM-free Kindle file have its features revoked after you purchase it? He never answered them. After promising to get back to me, he just disappeared and stop answering my emails. I wrote to Amazon later on behalf of the Guardian newspaper, asking the same thing, and they never replied to that, either. And my contact at O'Reilly, who are releasing their entire catalog as DRM-free Kindle books, has been blown off by his Amazon contact on these questions, too. The news about a secret limit on downloads is part of #3: we found out the hard way that Amazon can revoke your Kindle's ability to read your ebooks aloud after you've bought them. Now we discover that there is a secret counter that limits your refreshes of your Kindle library (say, across multiple Kindle devices as you upgrade, or replace lost, broken or defective units). It may be that the market would be willing to pay Kindle book prices for books with these restrictions (and whichever other ones are lurking in the shadows), but it's just not fair or right for a company that prides itself on being customer-centered to refuse to tell you what you're buying when you buy its ebooks. When I got the Amazon Kindle app I knew there was one particular book I needed to download to both devices immediately. It's a reference book that I wanted to make sure that I had on my device as the weekend began. But when I opened the app it only showed me a small subset of my books. "What?" I wondered. I went into that digital download portion of Amazon store and there I saw a list of all the books that I have purchased for my Kindle. "Great," I thought "I'll just choose the books that I want and click the ' download/send it to...' Button next to the item." I clicked and a few books gave back the message "successfully sent to". A number of the books, however, including the one I was looking for, gave back the message that they were unable to be sent to my iPhone. I tried to download it to my iPod touch and received the same message... The customer rep asked me to send every one of the books in my Amazon library to my iPhone. Most of them gave the message that they were sent but a number of them returned the message "Cannot be sent to selected device". "Oh that's the problem," he said "if some of the books will download and the others won't it means that you've reached the maximum number of times you can download the book." I asked him what that meant since the books I needed to download weren't currently on any device because I had wiped those devices clean and simply wanted to reinstall. He proceeded to tell me that there is always a limit to the number of times you can download a given book. Sometimes, he said, it's five or six times but at other times it may only be once or twice. And, here's the kicker folks, once you reach the cap you need to repurchase the book if you want to download it again. From rforno at infowarrior.org Mon Jun 22 14:17:37 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 22 Jun 2009 10:17:37 -0400 Subject: [Infowarrior] - DOD: Protests are "low-level" terrorism Message-ID: <3D904584-ACFB-486D-9B74-A85085D6935E@infowarrior.org> http://open.salon.com/blog/dennis_loo/2009/06/14/dod_training_manual_protests_are_low-level_terrorism DoD Training Manual: Protests are "Low-Level Terrorism" The Department of Defense is training all of its personnel in its current Antiterrorism and Force Protection Annual Refresher Training Course that political protest is "low-level terrorism." The Training introduction reads as follows: "Anti-terrorism (AT) and Force Protection (FP) are two facets of the Department of Defense (DoD) Mission Assurance Program. It is DoD policy, as found in DoDI 2000.16, that the DoD Components and the DoD elements and personnel shall be protected from terrorist acts through a high pirority, comprehensive, AT program. The DoD's AT program shall be all encompassing using an integrated systems approach." The first question of the Terrorism Threat Factors, "Knowledge Check 1" section reads as follows: Which of the following is an example of low-level terrorism activity? Select the correct answer and then click Check Your Answer. O Attacking the Pentagon O IEDs O Hate crimes against racial groups O Protests *** The "correct" answer is Protests. A copy of this can be found on the last two pages of this pdf. (more under the cut) http://open.salon.com/blog/dennis_loo/2009/06/14/dod_training_manual_protests_are_low-level_terrorism From rforno at infowarrior.org Tue Jun 23 02:07:54 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 22 Jun 2009 22:07:54 -0400 Subject: [Infowarrior] - ASCAP Wants To Be Paid When Your Phone Rings Message-ID: <23B3EEC2-6443-49B8-8A4B-DDBF8F2153BC@infowarrior.org> ASCAP Wants To Be Paid When Your Phone Rings Legal Analysis by Fred von Lohmann http://www.eff.org/deeplinks/2009/06/ascap-wants-be-paid- ASCAP (the same folks who went after Girl Scouts for singing around a campfire) appears to believe that every time your musical ringtone rings in public, you're violating copyright law by "publicly performing" it without a license. At least that's the import of a brief [2.5mb PDF] it filed in ASCAP's court battle with mobile phone giant AT&T. This will doubtless come as a shock to the millions of Americans who have legitimately purchased musical ringtones, contributing millions to the music industry's bottom line. Are we each liable for statutory damages (say, $80,000) if we forget to silence our phones in a restaurant? ASCAP's outlandish claim is part of its battle with major mobile carriers (including Verizon and AT&T) over whether ASCAP is owed any money for "public performances" of the musical ringtones sold by the carriers. The carriers point out that the owners of the musical compositions (i.e., songwriters and music publishers) are already paid for each ringtone download, but ASCAP claims that it's owed another royalty for the "public performances" (i.e., ringing in a restaurant) of those same ringtones. Fortunately, ASCAP is wrong. Even if the incidental mobile phone playback of a short snippet in a public place were viewed as a "public performance" (something no court has ever held, and that would also put you in jeopardy for playing your car radio with the window down), the Copyright Act has a specific exception, 17 U.S.C. 110(4), that covers performances made "without any purpose of direct or indirect commercial advantage." That should take care of ringtones going off in the restaurant. Confronted with Section 110(4), ASCAP makes an even more dangerous and wrongheaded argument -- that the carrier cannot "stand in the shoes of its customer" when asserting a copyright defense like Section 110(4). In other words, because AT&T is in the ringtone business for the money, it's on the hook even if the customer isn't. To appreciate how anti-consumer this argument is, consider what it would mean in practice. Congress has decided that many activities should be beyond the reach of copyright law, including not only the performances covered by Section 110(4), but also fair use and first sale, among other things. It's thanks to these exceptions and limitations that libraries can lend books, you can use a TiVo, and Apple can sell iPods to help you get the most from your CD collection. ASCAP is arguing, however, that just because you can't be held liable for copyright infringement for these things, a copyright owner could still sue any technology company that helps you enjoy your rights under copyright law. Fortunately for consumers, ASCAP's theory is foreclosed by the Sony Betamax ruling, where the Supreme Court held that because it's a fair use for you to time-shift TV, it's also perfectly legal for Sony to sell you a VCR to do it. Sony did not have to run a second fair use gauntlet for its commercial VCR-selling business. In short, if there's no infringement liability for the customer, there can be no secondary liability for the carriers. (ASCAP also has a theory that the carriers are direct infringers because they set up the system that causes phones to ring in public, but that theory is pretty handily wiped out by the recent Cablevision ruling, where the court found that setting up a "remote DVR" service doesn't make you a direct infringer when your customers use it.) Or, put another way, if it's noninfringing for you, it's also noninfringing for a technology company to provide you with the means to do it. From rforno at infowarrior.org Tue Jun 23 02:42:11 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 22 Jun 2009 22:42:11 -0400 Subject: [Infowarrior] - Clear Shuts Down Registered Traveler Lanes Message-ID: Clear Shuts Down Registered Traveler Lanes Posted by Benet Wilson at 6/22/2009 6:00 PM CDT http://www.aviationweek.com/aw/blogs/commercial_aviation/ThingsWithWings/index.jsp?plckController=Blog&plckScript=blogScript&plckElementId=blogDest&plckBlogPage=BlogViewPost&plckPostId=Blog%3a7a78f54e-b3dd-4fa6-ae6e-dff2ffd7bdbbPost%3ad3867997-f8fd-403d-93ef-a7c047cd849a&plckCommentSortOrder=TimeStampAscending Verified Identity Pass?s Clear registered traveler lanes, located at 20 airports, are shutting down at 11:00 p.m. Pacific time tonight. The company web site was blank except for a white page with the official statement and no calls were returned. Clear said it was ?unable to negotiate an agreement with its senior creditor to continue operations.? Orlando International Airport spokeswoman Carolyn Fennell said they had not received notice until late this afternoon via email that Clear was ceasing operations. "We haven't had time to evaluate the impact or get further information," she said. The pilot program was rolled out with great fanfare July 18, 2005, in Orlando. Travelers initially paid $99 a year for a card that was supposed to target those who posed a minimum security risk, and give them a special line that would process them through airport security more quickly. The Transportation Security Administration (TSA) was slow to release the program from the pilot phase, finally giving the green light to roll out the program in January 2007. The program hit a snag after TSA halted the use of GE SRT kiosks designed to serve as a shoe scanner and explosives detection system, blunting one of the program?s key benefits ? allowing passengers to keep on shoes and jackets, and keep laptop computers in their bags. And opponents of the program called Clear nothing but ?a "glorified frequent flyer" program. ?The demise of Clear is an effect the recession and fall-off in travelers and people willing to pay the higher prices that Clear is charging,? said Henry Harteveldt, vice president and principal analyst for airline and travel research at Forrester Research, and a former Clear customer. Clear almost doubled its prices last fall, said Harteveldt. ?They misread consumer demand for a limited service like theirs, failed to do customer win back after the price hike and failed to secure access to enough major airports,? he said. Founder and CEO Steven Brill resigned his position in March to focus on projects in journalism and public service. From rforno at infowarrior.org Tue Jun 23 11:38:58 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 23 Jun 2009 07:38:58 -0400 Subject: [Infowarrior] - DHS To Kill Domestic Satellite Spying Message-ID: <08668A6A-6382-4F65-B4B2-7A1A424A3119@infowarrior.org> WASHINGTON, June 22, 2009 DHS To Kill Domestic Satellite Spying Napolitano To Nix Bush Administration Program, Funded In Obama Budget http://www.cbsnews.com/stories/2009/06/22/politics/main5104893.shtml (AP) Homeland Security Secretary Janet Napolitano plans to kill a program begun by the Bush administration that would use U.S. spy satellites for domestic security and law enforcement, a government official said Monday. Napolitano recently reached her decision after the program was discussed with law enforcement officials, and she was told it was not an urgent issue, said the official, who spoke on condition of anonymity because he was not authorized to talk about it. The program was announced in 2007 and was to have the Homeland Security Department use overhead and mapping imagery from existing satellites for homeland security and law enforcement purposes. The program, called the National Applications Office, has been delayed because of privacy and civil liberty concerns. The program was included in the Obama administration's 2010 budget request, according to Rep. Jane Harman, a California Democrat and House Homeland Security Committee member who was briefed on the department's classified intelligence budget. Harman said Monday she had not been given final word that the program would be killed. She said she would talk to Napolitano on Tuesday. Harman has been outspoken about her concerns that the program is unnecessary, far reaching and open-ended. "I thought this was just an invitation to huge mischief," Harman said. Of killing the program, she said, "It shows real leadership on the part of Janet Napolitano." Homeland Security spokeswoman Amy Kudwa said Napolitano began looking at the program shortly after she became secretary. Kudwa said the department expects to announce the results of that review soon. Rep. Peter King, R-N.Y., said he hoped the department wasn't canceling the program. "If it is true, it's a very big mistake," said King, who is the top Republican on the House Homeland Security Committee. "This is definitely a step back in the war on terror." For years, domestic agencies such as the Federal Emergency Management Agency and Interior Department have had access to this satellite imagery for scientific research, to assist in response to natural disasters like hurricanes and fires, and to map out vulnerabilities during a major public event like the Super Bowl. Since 1974 the agency's requests satellite imagery have been made through the federal interagency group, the Civil Applications Committee. The Bush administration, however, decided to funnel the requests through the Homeland Security Department and expand their use for homeland security and law enforcement purposes. After receiving a letter from Los Angeles Police Chief William Bratton, Napolitano decided the program should be canceled. Bratton, in his role as head of the Major City Chiefs Association, wrote on June 21 that the program, as envisioned by the Bush administration, is not an urgent need for local law enforcement. Instead, Bratton said, Homeland Security should focus on the fusion centers across the country and improving information-sharing with state and local officials to improve the domestic intelligence picture. Bratton said he was unaware whether police chiefs have been consulted by Bush administration officials about the satellite program. "To my knowledge, this is the first opportunity major law enforcement organizations have had to participate in this significant and complex initiative," he said in the letter. ? MMIX The Associated Press. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed. From rforno at infowarrior.org Tue Jun 23 11:41:38 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 23 Jun 2009 07:41:38 -0400 Subject: [Infowarrior] - Congressional paranoia hysterics Message-ID: (here's another example of fear-based proposals.....what about when a terrorist invents a plexiglass-dissolving pen ink that can melt that shield before tossing in their bomb? do we need plexiglass-shielding shields? What's next? Worrying about the theft of our precious bodily fluids by a rogue tourist? ---rf) Congressman proposes enclosing Capitol gallery in Plexiglas By John Byrne Published: June 22, 2009 http://rawstory.com/08/news/2009/06/22/congressman-proposes-enclosing-capitol-in-plexiglas/ A Republican Indiana congressman has a new plan to protect members of Congress from a terrorist attack: enclose the Capitol gallery with a Plexiglas shield. In a little-noticed proposed amendment to a bill last week, Rep. Dan Burton (R-IN) sought a study to examine the feasibility of enclosing the Capitol gallery chamber with a protective shield. ?What this bill does is it would authorize a study to look at enclosing the chamber, the gallery chamber, with Plexiglas so that somebody can?t throw a bomb down on the floor and kill a lot of us,? Burton told the Rules Committee Thursday. To the shock of onlooking congressmembers, Burton described how a terrorist could kill the lot of them. Someone could kill ?half the Members of Congress right now,? he said. ?You could take a detonating device that looks like a watch so you could get through the metal detector,? Burton explained. ?And when everybody was on the floor, as many as you wanted, you could put that into the plastic explosive, toss it out on the floor, and there is no way you would lose half of us if we were on the floor, at least, or more. I don?t know how much damage it would do.? Plexiglas, he said, would protect legislators from a disaster ??and you can do it in a way that would be very attractive,? he quipped. ?They do it in the Knesset in Israel.? The Washington Post?s Mary Ann Akers noted: ?Before rejecting his amendment, members of the committee stared at Burton dumbfounded, according to sources in the room, as if wondering to themselves how to delicately explain to the Indiana Republican that he may be more in need of Xanax than Plexiglas.? Burton?s spokesman was quoted as saying his boss ?hoped the Rules Committee would think outside the box.? The Indiana legislator is most famously known for re-enacting the alleged murder of former Clinton aide Vince Foster by using a gun and a melon (the type of melon is in dispute). From rforno at infowarrior.org Tue Jun 23 11:46:27 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 23 Jun 2009 07:46:27 -0400 Subject: [Infowarrior] - =?windows-1252?q?Apple=92s_Secrecy_on_Products_an?= =?windows-1252?q?d_Top_Executives?= Message-ID: <1B12D13E-3FEF-4FB9-B6E4-1269882DAB67@infowarrior.org> June 23, 2009 Apple?s Secrecy on Products and Top Executives By BRAD STONE and ASHLEE VANCE http://www.nytimes.com/2009/06/23/technology/23apple.html?_r=1&hp=&pagewanted=print SAN FRANCISCO ? Apple is one of the world?s coolest companies. But there is one cool-company trend it has rejected: chatting with the world through blogs and dropping tidbits of information about its inner workings. Few companies, indeed, are more secretive than Apple, or as punitive to those who dare violate the company?s rules on keeping tight control over information. Employees have been fired for leaking news tidbits to outsiders, and the company has been known to spread disinformation about product plans to its own workers. ?They make everyone super, super paranoid about security,? said Mark Hamblin, who worked on the touch-screen technology for the iPhone and left Apple last year. ?I have never seen anything else like it at another company.? But even by Apple?s standards, its handling of news about the health of its chief executive and co-founder, Steven P. Jobs, who has battled pancreatic cancer and recently had a liver transplant while on a leave of absence, is unparalleled. Mr. Jobs received the liver transplant about two months ago, according to people briefed on the matter by current and former board members. Despite intense interest in Mr. Jobs?s condition among the news media and investors, Apple representatives have declined to address the matter, reciting with maddening discipline only that Mr. Jobs is due back at the company by the end of June. Mr. Jobs was actually at work on Apple?s sprawling corporate campus on Monday, according to a person who saw him there. Company representatives would not say whether he had returned permanently. Even senior officials at Apple fear crossing Mr. Jobs. One official, who is normally more open, when asked for a deep-background briefing about Mr. Jobs?s health after the news of the transplant had become public, replied: ?Just can?t do it. Too sensitive.? Secrecy at Apple is not just the prevailing communications strategy; it is baked into the corporate culture. Employees working on top- secret projects must pass through a maze of security doors, swiping their badges again and again and finally entering a numeric code to reach their offices, according to one former employee who worked in such areas. Work spaces are typically monitored by security cameras, this employee said. Some Apple workers in the most critical product-testing rooms must cover up devices with black cloaks when they are working on them, and turn on a red warning light when devices are unmasked so that everyone knows to be extra-careful, he said. Apple employees are often just as surprised about new products as everyone else. ?I was at the iPod launch,? said Edward Eigerman, who spent four years as a systems engineer at Apple and now runs his own technology consulting firm. ?No one that I worked with saw that coming.? Mr. Eigerman was fired from Apple in 2005 when he was implicated in an incident in which a co-worker leaked a preview of some new software to a business customer as a favor. He said Apple routinely tries to find and fire leakers. Philip Schiller, Apple?s senior vice president for marketing, has held internal meetings about new products and provided incorrect information about a product?s price or features, according to a former employee who signed an agreement not to discuss internal matters. Apple then tries to track down the source of news reports that include the incorrect details. Five years ago, Apple took its obsession with secrecy to the courts. It sued several bloggers who had covered the company, arguing that they had violated trade-secret laws and were not entitled to First Amendment protections. A California appeals court ruled for the bloggers, and the company had to pay $700,000 in legal fees. Apple also sued a blog called Think Secret and settled the case for an undisclosed amount, but as part of the settlement that blog shut down. Regis McKenna, a well-known Silicon Valley marketing veteran who advised Apple on its media strategy in its early days, said the culture of secrecy had its origin in the release of the first Macintosh, which competitors like Microsoft and Sony knew about before it was unveiled. ?It really started around trying to keep the surprise aspect to product launches, which can have a lot of power,? Mr. McKenna said. He added: ?But what most people don?t understand is that Steve has always been very personal about his life. He has always kept things close to the vest since I?ve known him, and only confided in relatively few people.? Apple?s decision to severely limit communication with the news media, shareholders and the public is at odds with the approach taken by many other companies, which are embracing online outlets like blogs and Twitter and generally trying to be more open with shareholders and more responsive to customers. ?They don?t communicate. It?s a total black box,? said Gene Munster, an analyst at Piper Jaffray who has covered Apple for the last five years. Mr. Munster said he jokes with other colleagues covering the company about how Apple routinely ?jams the frequencies,? or gives them misinformation to throw them off the scent of a new product or other news it hopes to keep confidential. Four years ago, he said, a senior Apple executive directly told him the company had no interest in developing a cheap iPod with no screen. Soon after, the company released just that: the iPod Shuffle. For corporate governance experts, and perhaps federal regulators, the biggest question is whether Mr. Jobs?s approach has led to violating laws that cover what companies must disclose to the public about the well-being of their chief executive. On that key issue, the experts are divided. Some believe Apple did not need to disclose Mr. Jobs?s liver transplant because Mr. Jobs was on a leave of absence and had passed responsibility for the day-to-day operations of the company to the chief operating officer, Timothy Cook. Other governance experts argue that the liver transplant now makes one of Apple?s assertions from January ? that Mr. Jobs was suffering only from a hormonal imbalance ? seem like a deliberate mistruth, unless Mr. Jobs?s health condition suddenly deteriorated. Of course, no one knows enough to say definitively. Most governance experts do seem to agree on one point: that the secrecy that adds surprise and excitement to Apple product announcements is not serving the company well in other areas. ?In this environment, where transparency is critical, the more information you give the marketplace the better,? said Charles Elson, director of the John L. Weinberg Center for Corporate Governance at the University of Delaware. ?For a technology company that views itself as innovative, it?s a little odd that they are getting a reputation for lack of transparency.? Apple?s stock dropped $2.11 to $137.37 on Monday amid a larger market sell-off. And the company did, in fact, have something to reveal: it said it had sold a million units of its new iPhone 3G S over the weekend, well above analysts? forecasts. From rforno at infowarrior.org Tue Jun 23 11:48:23 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 23 Jun 2009 07:48:23 -0400 Subject: [Infowarrior] - DARPA seeks Borg powers Message-ID: <417991FA-D197-483F-A7BA-817DC3618A8B@infowarrior.org> DARPA seeking Genesis-style godware capability By Lewis Page ? Get more from this author http://www.theregister.co.uk/2009/06/23/darpa_physical_intelligence/ Posted in Science, 23rd June 2009 11:04 GMT US military wacky-professor bureau DARPA has outdone itself this time, issuing a request for "intelligent" electronic components and chemicals which can "self-organise" themselves to form complex items such as routers, fuel cells, biofuel factories or medical drugs. Indeed, reading between the lines it appears as though the American killboffins are seeking nothing less than the creation of artificial intelligent lifeforms. The Pentagon crazytech chiefs' name for this initiative is "Physical Intelligence", and full details were released last week. According to DARPA, humanity at present has only a dim grasp of what intelligence actually is and how it came into existence: For the past 50 years, the dominant paradigm for intelligence supposes that the brain is the seat of intelligence and is functionally equivalent to a computer capable of executing any algorithm... the goal of true machine intelligence remains distant... our understanding of the evolution of life is rooted primarily in observations of the natural world... With some exceptions, current approaches to understanding intelligence and evolution are disconnected and often lack grounding in fundamental physical principles. The idea behind "physical intelligence" seems to be to achieve a much better, hard-science understanding of what intelligence and life actually is and how it evolves as a matter of physics. Needless to say, this being DARPA, this almost God-like intellectual toolkit is then to be put to use. Although the idea that life is ?a struggle for entropy? (Boltzmann) has been supposed for more than a century... applications to engineered systems are scarce. The Physical Intelligence program aspires to change this situation... The objective is to demonstrate the first human-engineered open thermodynamic systems that spontaneously evolve non-trivial ?intelligent? behavior... Specifically, bidders for DARPA Physical Intelligence cash will be invited to design one of two things: electronic gizmos or "basic units that might be described variously as 'gates' or 'cells' or 'neurons'", or alternatively "an open chemical environment". The electronic "units", which may initially exist only in a simulated environment "comparable in complexity to simple video games (eg, Tetris)" are expected to "self organise" and "evolve" into a complex configuration, presumably one demonstrating some non-trivial aspects of intelligence. As a starter for ten, the super Tetris-block electronic neurocells should be able to spontaneously form into "a continuously self-organizing router for internet traffic or similarly complex application". One should then be able to "extract the algorithm, and map it to a conventional computer" - effectively turning that computer into an intelligent lifeform. As for the vatful of smart-chemicals, they're expected - without human intervention - to be able to form themselves into drugs, organic fuel cells, solar powered biofuel supercrops or "a similarly complex system". It won't have escaped alert Reg readers that the Physical Intelligence DARPA wonder-ware will be quite capable of becoming intelligent life - potentially much more capable life than humanity itself. The AI algorithms which evolve from the spontaneously self-organising Tetris blocks might far outclass the human noggin: the fuel-celled, solar- powered, self-medicating lifeforms which emerged from the smartware vats would be immeasurably our superiors physically. Quite frankly we can't help thinking that some more appropriate name might have been in order here, like Project Genesis or LET LIGHT=ON or something. It's definitely a return to full-on loopy form on DARPA's part, anyway. From rforno at infowarrior.org Tue Jun 23 15:10:08 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 23 Jun 2009 11:10:08 -0400 Subject: [Infowarrior] - Iranian Firewall Analysis Message-ID: <306CD0BC-73DF-4D53-AA5E-53C2720A3758@infowarrior.org> Iranian Traffic Engineering http://asert.arbornetworks.com/2009/06/iranian-traffic-engineering/ A Deeper Look at The Iranian Firewall http://asert.arbornetworks.com/2009/06/a-deeper-look-at-the-iranian-firewall/ From rforno at infowarrior.org Tue Jun 23 17:34:18 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 23 Jun 2009 13:34:18 -0400 Subject: [Infowarrior] - Generation Y: We're just not that into Twitter Message-ID: <27CA7474-9FF1-42FC-AD0C-2D63A01EA1EA@infowarrior.org> June 23, 2009 9:00 AM PDT Generation Y: We're just not that into Twitter by Sharon Vaknin http://news.cnet.com/8301-17939_109-10265060-2.html?part=rss&subj=news&tag=2547-1_3-0-20 Given that Generation Y is often pegged as narcissistic, lazy, having high expectations, craving the limelight, and other such flattering characterizations, one might expect we'd be Twittering as if it were breathing. After all, Twitter is known as a place where people expose the most minute details of their lives--missing the bus, stubbing a toe, toasting an English muffin. But a recent survey from Pace University and the Participatory Media Network shows that only 22 percent of 18- to 24-year-olds use Twitter, while 99 percent have profiles on social networks. This may seem surprising on the face of it, but as a member of the Millennial Generation myself, I have some theories as to why it might be true. To see why we're not into Twitter, I'll have to revisit the start of the social-networking timeline: MySpace. We Gen Yers spent hours on MySpace customizing our profiles and making them perfect representations of us (or rather, who we wanted to be). We couldn't wait for our friends to comment a new photo: "New pic, please comment!" MySpace made many of us feel popular, or even famous. I remember posting a new profile picture and refreshing the page in anticipation of responses. Jean Twenge, psychologist and author of "The Narcissism Epidemic: Living in the Age of Entitlement," calls this phenomenon "self- branding." People use MySpace as a portal for creating their own personal brand, Twenge says, complete with photos, custom banners, gossip, and fans (friends). One of the most successful self-branders is Tila Tequila, who tactfully used MySpace to achieve status as one of the users with the most friends on the site, and later parlayed that fame into a career as an MTV reality star. Though we weren't international superstars, my friends and I were content on MySpace. But fast-forward a couple years to Facebook. It proved to be a difficult transition: where were all the flashing graphics, purple fonts, and exhaustive, multimedia-laden About Me sections? Why weren't the number of photo comments shown? Every user's profile looks the same, and at a glance, it seems self-branding is not easily attained. The clean design of Facebook deemed decked-out profiles and artsy photos passe, but the site provided us with a new form of self- expression--"What are you doing?" status updates, which became the new platform for what Twenge describes as my generation's narcissistic need for attention. What Facebook intends as a forum for sharing, Gen Yers see as a game of show-off. A quick look at my news feed and I see "Melissa" (name changed to protect the innocent) is having "one of the funnest nights of her life," and "beer and vodka make a interesting combination oww." 'Nuff said. Brendon Nemeth, a 22-year-old San Franciscan whom I met this spring, says he updates his status to "keep family and friends informed on what's going on that's interesting in my life." We no longer impress our friends with profiles that represent us through our creative flourishes, but rather with profiles that spell out what we're doing. (Out of fairness, our status updates don't always revolve around happenings at the local bar; plenty of us want to share our work promotions or volunteer activities, too.) When Facebook implemented its news feed, users formed groups to oppose the feature. Now our status updates are lost in a flood of information, including quiz results, wall posts (not our own), and links. An update is posted, two minutes pass, and it's nowhere to be seen. Some of us even resort to reposting our updates just so they grab the attention they deserve. On her blog, Twenge suggests that the kids of Gen Y aren't interested in their community, they are interested in themselves: "Younger generations are more individualistic and are higher in self-esteem and narcissism. There have been no changes in 'communal' traits." I'd have to agree. We do anticipate seeing our friends' activities, but what we really look forward to is what they think of our activities--we want to be "cyberstalked," preferably in the form of replies to our self-published content. Nemeth says that "there are times when I update my status to induce a reaction." Reactions are what drive us to add photos, update our status, and write on our friends' walls. So where does Twitter fit in? Twitter's microblogging platform is what many Gen Y's may describe as "like Facebook, but just the status update." What is the point of that? We like to consolidate, so Nemeth explains that he doesn't "want to join another community, just tell people what (he's) doing." We have everything we need on Facebook. Based on Twenge's theory, a good explanation of my generation's lag in joining the Twitter mania is that there isn't an obvious way to achieve a self-brand on Twitter. Participating on Twitter requires a fan base that knows why you are unique, special, and deserve attention. Fan base aside, the Web site's interface paves a short path for cyberstalking--there is nothing to find past a user's status. For example, Sally went to a great party last weekend, but where are the photos? Who went with her? These features, which Gen Y's value so much, are missing. As much as I like to know what my friends are doing, updates on Twitter happen so fast there really isn't time to react. More importantly, my friends don't have time to react to my activities. Largely as a result of the digital communication tools on which we were raised, a big part of my generation wants to know what the cyberworld thinks of us, and we want its inhabitants to pay attention to us. How can they do this if they're following 300 other people? For the Millennials to make the move, Twitter will have to find a way to integrate the self-branding features MySpace gave birth to and Facebook nurtured. Even if they're packaged in 140 characters or less. Sharon Vaknin is the CNET Labs' go-to intern. When she's not testing MP3 players, blogging, or making the lab look presentable, she can be found playing computer games. Sharon formerly worked for Best Buy and is currently studying journalism at San Francisco State University. E- mail Sharon. From rforno at infowarrior.org Wed Jun 24 01:24:16 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 23 Jun 2009 21:24:16 -0400 Subject: [Infowarrior] - DOD Cybercommand Memo (PDF) Message-ID: <302CFAC0-EE8D-40D4-A795-1687D2797BE3@infowarrior.org> SECDEF directive on the CyberCommand. http://infowarrior.org/users/rforno/cybercommand.pdf From rforno at infowarrior.org Wed Jun 24 02:14:31 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 23 Jun 2009 22:14:31 -0400 Subject: [Infowarrior] - OpEd: '1984' even more pertinent today Message-ID: Orwell's '1984' even more pertinent today Sixty years ago, he foresaw the rise of spin, spying. http://www.philly.com/inquirer/opinion/48757657.html By John P. Rossi It is 25 years since 1984, the eponymous year of George Orwell's terrifying novel of what the future held in store, and this month marks 60 years since the book's publication. Nineteen Eighty-Four has sold 25 million copies, is still read in high school and college, and remains the best-known example of anti-utopian literature. While Orwell did not see Nineteen Eighty-Four as a prophetic work, some of his concerns about the future have taken on a new urgency. According the Times of London, the average English person is recorded on camera 300 times a day. By one estimate, there are 4.2 million closed-circuit television cameras operating in England today, accumulating personal data that is filed away by the government. Video advertising screens in shopping malls, health clubs, supermarkets, and other public areas can have cameras embedded in them that track the viewer, much as Winston Smith in Nineteen Eighty-Four was watched by his "telescreen." These cameras contain software that can determine the viewer's sex, approximate age, and even ethnicity. It is increasingly common for cameras to be mounted on traffic lights, outside buildings, and in elevators to record the public's daily comings and goings. Big Brother - a character invented by Orwell - is truly watching you. But it's not only today's technology that Orwell envisioned. Another one of his major concerns, the corruption of the language, is everywhere around us, especially in advertising, public relations, and politics. No politician, for example, admits doing anything wrong. Instead, "mistakes were made." The agency of our government charged with waging war is, of course, the Department of Defense - just as the agency in charge of propaganda in Nineteen Eighty-Four was the Ministry of Truth, which coined such slogans and terms as "two plus two equals five," "Newspeak," and "war is peace." Similarly, the U.S. Strategic Air Command adopted the slogan "Peace is our profession." Orwell was so concerned about the state of the language because he believed that its debasement would make it difficult for people to think critically and make concrete distinctions. He worried that the concept of historical truth would disappear amid the foggy thinking brought on by the language's corruption. We see this today in denial of the Holocaust, the belief that astronauts never landed on the moon, the popularity of vampire tales, and a wide variety of conspiracy theories. The success of such books and films as The Da Vinci Code and its companion, Angels and Demons, is another example of the widespread inability to think critically and historically. A major theme of Nineteen Eighty-Four, as well as other Orwell writings, was his belief that government, whether of the right or the left, was growing too powerful. This power, Orwell thought, would eventually be used not for the benefit of society, but to further enhance the power of the state. Looking around the world, who is to say he wasn't right? John P. Rossi is a professor emeritus of history at La Salle University. His most recent essay on Orwell appeared in "The Cambridge Companion to George Orwell." He can be contacted at rossi at lasalle.edu. From rforno at infowarrior.org Wed Jun 24 12:40:43 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 24 Jun 2009 08:40:43 -0400 Subject: [Infowarrior] - GOOD READ: Cyber-Scare Message-ID: <2F1446C3-CBC0-4E41-B4E9-9B65CA4514F2@infowarrior.org> This is one of the best analyses of the 'cyber threat' I have come across thus far. Long but well worth reading. Perhaps no higher praise can be given from me other than to say "I wish I had the time to write this." Well done! Cyber-Scare The exaggerated fears over digital warfare Evgeny Morozov http://www.bostonreview.net/BR34.4/morozov.php From rforno at infowarrior.org Wed Jun 24 13:43:25 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 24 Jun 2009 09:43:25 -0400 Subject: [Infowarrior] - Clear common sense for takeoff Message-ID: Clear common sense for takeoff: How the TSA can make airport security work for passengers again By Bruce Schneier Special to NYDailyNews.com http://www.nydailynews.com/opinions/2009/06/24/2009-06-24_clear_common_sense_for_takeoff_how_the_tsa_can_make_airport_security_work_for_pa.html?print=1&page=all Wednesday, June 24th 2009, 4:00 AM It's been months since the Transportation Security Administration has had a permanent director. If, during the job interview (no, I didn't get one), President Obama asked me how I'd fix airport security in one sentence, I would reply: "Get rid of the photo ID check, and return passenger screening to pre-9/11 levels." Okay, that's a joke. While showing ID, taking your shoes off and throwing away your water bottles isn't making us much safer, I don't expect the Obama administration to roll back those security measures anytime soon. Airport security is more about CYA than anything else: defending against what the terrorists did last time. But the administration can't risk appearing as if it facilitated a terrorist attack, no matter how remote the possibility, so those annoyances are probably here to stay. This would be my real answer: "Establish accountability and transparency for airport screening." And if I had another sentence: "Airports are one of the places where Americans, and visitors to America, are most likely to interact with a law enforcement officer - and yet no one knows what rights travelers have or how to exercise those rights." Obama has repeatedly talked about increasing openness and transparency in government, and it's time to bring transparency to the Transportation Security Administration (TSA). Let's start with the no-fly and watch lists. Right now, everything about them is secret: You can't find out if you're on one, or who put you there and why, and you can't clear your name if you're innocent. This Kafkaesque scenario is so un-American it's embarrassing. Obama should make the no-fly list subject to judicial review. Then, move on to the checkpoints themselves. What are our rights? What powers do the TSA officers have? If we're asked "friendly" questions by behavioral detection officers, are we allowed not to answer? If we object to the rough handling of ourselves or our belongings, can the TSA official retaliate against us by putting us on a watch list? Obama should make the rules clear and explicit, and allow people to bring legal action against the TSA for violating those rules; otherwise, airport checkpoints will remain a Constitution-free zone in our country. Next, Obama should refuse to use unfunded mandates to sneak expensive security measures past Congress. The Secure Flight program is the worst offender. Airlines are being forced to spend billions of dollars redesigning their reservations systems to accommodate the TSA's demands to preapprove every passenger before he or she is allowed to board an airplane. These costs are borne by us, in the form of higher ticket prices, even though we never see them explicitly listed. Maybe Secure Flight is a good use of our money; maybe it isn't. But let's have debates like that in the open, as part of the budget process, where it belongs. And finally, Obama should mandate that airport security be solely about terrorism, and not a general-purpose security checkpoint to catch everyone from pot smokers to deadbeat dads. The Constitution provides us, both Americans and visitors to America, with strong protections against invasive police searches. Two exceptions come into play at airport security checkpoints. The first is "implied consent," which means that you cannot refuse to be searched; your consent is implied when you purchased your ticket. And the second is "plain view," which means that if the TSA officer happens to see something unrelated to airport security while screening you, he is allowed to act on that. Both of these principles are well established and make sense, but it's their combination that turns airport security checkpoints into police- state-like checkpoints. The TSA should limit its searches to bombs and weapons and leave general policing to the police - where we know courts and the Constitution still apply. None of these changes will make airports any less safe, but they will go a long way to de-ratcheting the culture of fear, restoring the presumption of innocence and reassuring Americans, and the rest of the world, that - as Obama said in his inauguration speech - "we reject as false the choice between our safety and our ideals." Schneier, a security technologist and author, blogs at Schneier on Security. From rforno at infowarrior.org Thu Jun 25 13:21:58 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 25 Jun 2009 09:21:58 -0400 Subject: [Infowarrior] - Elsevier backtracks on review payola Message-ID: <817D9BA4-C7EA-429F-9C19-A42E2563691E@infowarrior.org> Elsevier Won't Pay for Praise June 23, 2009 As if the textbook industry didn't have an image problem already... Elsevier officials said Monday that it was a mistake for the publishing giant's marketing division to offer $25 Amazon gift cards to anyone who would give a new textbook five stars in a review posted on Amazon or Barnes & Noble. While those popular Web sites' customer reviews have long been known to be something less than scientific, and prone to manipulation if an author has friends write on behalf of a new work, the idea that a major academic publisher would attempt to pay for good reviews angered some professors who received the e-mail pitch. < - > http://www.insidehighered.com/news/2009/06/23/elsevier From rforno at infowarrior.org Thu Jun 25 13:59:28 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 25 Jun 2009 09:59:28 -0400 Subject: [Infowarrior] - UK looks to young geeks to secure cyberspace Message-ID: <88C36B60-9791-4B4F-8356-F90CB66516BB@infowarrior.org> UK looks to young geeks to secure cyberspace * By DAVID STRINGER, Associated Press Writer - Thu Jun 25, 2009 9:29AM EDT http://tech.yahoo.com/news/ap/20090625/ap_on_hi_te/eu_britain_cyber_security Britain is hiring former computer hackers to join a new security unit aimed at protecting cyberspace from foreign spies, thieves and terrorists, the country's terrorism minister said. Alan West said the technology-savvy staff will join efforts to trace the source of ? and prevent ? cyber attacks on Britain's government, businesses and individuals. The country also will develop its capability to wage cyber warfare against the country's foes, he said. Prime Minister Gordon Brown announced the creation of the unit Thursday as he published an updated national security strategy, detailing Britain's response to global terrorism and emerging threats. "Just as in the 19th century we had to secure the seas for our national safety and prosperity, and in the 20th century we had to secure the air, in the 21st century we also have to secure our position in cyberspace," Brown said. West said British government systems had probably come under cyber attack but that he did not know of any specific cases where sensitive data had been lost. British telecom BT Group PLC, one of the world's largest telecommunications providers, estimates it has about 1,000 attempted cyber attacks per day on its systems, West said. Jonathan Evans, the head of Britain's domestic spy agency MI5, has previously warned that both China and Russia are using new technology to spy on Britain. Russia is accused of mounting large-scale attacks on Estonia's computer systems in 2007. British officials are concerned that some terrorist groups, including those linked to al-Qaida, are likely to soon develop the capability to use cyber warfare to attempt attacks on Western targets. "So far, the terrorists have not been the biggest threat in that area, but they are learning quickly," West said. Britain estimates about 52 billion pounds ($86 billion) is lost to the world economy each year as a result of malicious attacks on computer systems. Britons spend about 50 billion ($82.6 billion) online per year. West said the British government was looking to young computer geeks ? including those previously involved in hacking or low-level cyber crime ? to help overhaul the country's defenses. "You need youngsters who are actually deep into this stuff ? and they really get into it. If they've been slightly naughty, very often they really enjoying stopping others," said West, a former head of Britain's defense intelligence staff. Hackers often use computer programing skills to test for weaknesses in the security systems of computer networks, steal or delete files, or install malicious programs ? sometimes called trojan horses ? that can be activated at a later date. Criminal hackers commonly steal banking data such as credit card details. West said the new cyber security operations unit will be based at Britain's vast Government Communications Headquarters, a major eavesdropping center in Cheltenham, western England. He said some staff would likely have colorful backgrounds, but within limits. "I think we have to be a bit careful, we wouldn't have ultra, ultra criminals who've made millions, I'm not saying that," he said. But Eugene Spafford, a professor of computer science at Purdue University, in Indiana, said it won't be easy for all former hackers to become cyberspace police. "Knowing how to break a window is different from knowing how to fix it or to install it," he said. "They may find flaws, but that doesn't know they know how to fix the system." West also confirmed that ? like the U.S. military ? Britain has the ability to carry out its own cyber operations. "It would be silly to say that we don't have any capability to do offensive work from Cheltenham," West said. The U.S. National Security Agency has said the United States is developing plans for a new cyber command at a Maryland army facility. In a report released last month, the U.S. Government Accountability Office said the number of cyber threats or incidents reported by federal agencies rose from about 5,500 in 2006 to more than 16,800 last year. Military officials in the U.S. say the Pentagon spent more than $100 million in the past six months responding to, and repairing damage from, cyber attacks and other computer network problems. ___ Associated Press Writer Meera Selva in London contributed to this story. From rforno at infowarrior.org Fri Jun 26 00:27:00 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 25 Jun 2009 20:27:00 -0400 Subject: [Infowarrior] - IBM solves longstanding cryptographic challenge Message-ID: IBM researcher solves longstanding cryptographic challenge Posted on 25 June 2009. http://www.net-security.org/secworld.php?id=7690 An IBM researcher has solved a thorny mathematical problem that has confounded scientists since the invention of public-key encryption several decades ago. The breakthrough, called "privacy homomorphism," or "fully homomorphic encryption," makes possible the deep and unlimited analysis of encrypted information - data that has been intentionally scrambled - without sacrificing confidentiality. IBM's solution, formulated by IBM Researcher Craig Gentry, uses a mathematical object called an "ideal lattice," and allows people to fully interact with encrypted data in ways previously thought impossible. With the breakthrough, computer vendors storing the confidential, electronic data of others will be able to fully analyze data on their clients' behalf without expensive interaction with the client, and without seeing any of the private data. With Gentry's technique, the analysis of encrypted information can yield the same detailed results as if the original data was fully visible to all. Using the solution could help strengthen the business model of "cloud computing," where a computer vendor is entrusted to host the confidential data of others in a ubiquitous Internet presence. It might better enable a cloud computing vendor to perform computations on clients' data at their request, such as analyzing sales patterns, without exposing the original data. Other potential applications include enabling filters to identify spam, even in encrypted email, or protecting information contained in electronic medical records. The breakthrough might also one day enable computer users to retrieve information from a search engine with more confidentiality. "At IBM, as we aim to help businesses and governments operate in more intelligent ways, we are also pursuing the future of privacy and security," said Charles Lickel, vice president of Software Research at IBM. "Fully homomorphic encryption is a bit like enabling a layperson to perform flawless neurosurgery while blindfolded, and without later remembering the episode. We believe this breakthrough will enable businesses to make more informed decisions, based on more studied analysis, without compromising privacy. We also think that the lattice approach holds potential for helping to solve additional cryptography challenges in the future." Two fathers of modern encryption - Ron Rivest and Leonard Adleman - together with Michael Dertouzos, introduced and struggled with the notion of fully homomorphic encryption approximately 30 years ago. Although advances through the years offered partial solutions to this problem, a full solution that achieves all the desired properties of homomorphic encryption did not exist until now. IBM enjoys a tradition of making major cryptography breakthroughs, such as the design of the Data Encryption Standard (DES); Hash Message Authentication Code (HMAC); the first lattice-based encryption with a rigorous proof-of-security; and numerous other solutions that have helped advance Internet security. Craig Gentry conducted research on privacy homomorphism while he was a summer student at IBM Research and while working on his PhD at Stanford University. From rforno at infowarrior.org Fri Jun 26 03:13:21 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 25 Jun 2009 23:13:21 -0400 Subject: [Infowarrior] - Tehran shows LOTR to distract population Message-ID: <5CDF60AE-7F07-419A-8D51-B791FE56803E@infowarrior.org> http://www.salon.com/news/feature/2009/06/24/tehran_seven/print.html Tehran dispatch: The regime shows us movies They want to keep us indoors, and quiet. But which subversive programmer picked "The Lord of the Rings"? By Anonymous Editor's note: For reasons of personal safety, the author chooses to remain anonymous. Jun. 24, 2009 | (For Neda.) In Tehran, state television's Channel Two is putting on a "Lord of the Rings" marathon, part of a bigger push to keep us busy. Movie mad and immunized from international copyright laws, Iranians are normally treated to one or two Hollywood or European movie nights a week. Now it's two or three films a day. The message is "Don't Worry, Be Happy." Let's watch, forget about what's happened, never mind. Stop dwelling in the past. Look ahead. Frodo: "I wish the ring had never come to me. I wish that none of this had happened." Gandalf: "So do all who live to see such times, but that is not for them to decide. All we have to decide is what to do with the time that is given us." On the news, it's more of the same. The state-run media is trying to tell us that life needs to go on, that politics is a nasty business, but now it's over. Except for that first night, the news broadcasts have not shied away from the violence outside. Instead they've found a way to turn it inside out, make it about the protesters and not the curious mathematics of the election. At least nothing is hidden or subtle. When they want to make a point they lay it on, 10 minutes at a time, sometimes close to 15. It's like a friend says -- this is not news, it's interpretation, spin. They interview regular folk on the street and in the parks. They want viewers to know that all those millions of protesters are, somehow, not regular folk: "Khastekonande." It's getting old. "Kasebam. Barayenke moafaq basham bayad moid e am dashte bashe." I'm a businessman. For my business to succeed, I need for there to be calm. "Ma faghat mikhaim ye nooni darbiarim, dombal e kar e zendegi berim." We just wanna make some bread, take care of our lives and our business. "In ha kay shooloogh mikonand mardoom nistand. Man fekr nemikonam kay mardoom hastand." The ones who are rioting aren't of the people. I don't think that they're part of the people. "Chand rooze ke natoonestam pesar va dokhtaram biaram park bekhatere in shoolooghia." It's been several days that I haven't been able to bring my son and daughter to the park, because of the violence. Back to "Lord of the Rings." Gandalf the Gray returns to the Fellowship as Gandalf the White. He casts a blinding white light, and his face is hidden behind a halo. "Imam zaman e?!" someone in the room asks. Is it the Mahdi, the last imam and, according to Shia Islam, the savior of mankind? Who picked this film? I start to suspect that there is a subversive soul manning the controls at Seda va Sima, AKA the Islamic Republic of Iran Broadcasting. It is way too easy to play with the film, to draw comparisons to what is happening in real life. There are the overt Mousavi themes: the unwanted quest and the risking of life in pursuit of an unanticipated destiny. Then there is the sly nod to Ahmadinejad. Iranian films are dubbed (forget the wretched dubbing into English in the U.S.; in Iran dubbing is a craft) and there are plenty of references to "kootoole," little person, the Farsi word used in the movie for hobbit and dwarf. "Kootoole," of course, was, is, the term used in many of the chants out on the street against President Ahmadinejad. He is the "little person." ("And whose side are you on?" Pippin asks the ancient, forest-dwelling giant named Treebeard. Those watching might think the answer is Mousavi, since Treebeard is decked out in green.) The 9-year-old in the room loudly predicts that the "Lord of the Rings" marathon will put an end to the nightly shouts of "Allah Akbar" from Tehran's rooftops. People will not take to the roofs and windows because these films will keep them occupied. Besides, there is a dubious rumor going around that the basij are marking the doorways of those households that continue to call out "Allah Akbar!" at night, a kind of reverse Passover. Fear, as well as Tolkien, will no doubt play a part. The 9-year-old goes on to report that the kids on his school "service" (no Blue Bird buses in Tehran, but long Toyota vans instead) have been chanting, "Pas rai e ma koojast?! Pas rai e ma koojast?! Pas rai e ma koojast?!" Then where is our vote?! Then where is our vote?! Then where is our vote?! I ask him what the driver is doing while all this goes on and he tells me that the driver honks along. Honk honk- honk-honk! "Pas rai e ma koojast?!" Honk honk-honk-honk! Back to the movie. Gandalf's white steed strides into the frame. It is instantly transformed by local viewers into Rostam's mythical horse, Rakhsh. Rostam, the great dragon-slaying champion of Ferdowsi's poetic epic "Shahnameh," which recounts the whole history of Iran. The 9-year-old is wrong about the rooftops. The sound begins as a low roll from a nearby park then quickly builds upward. "Allah Akbar! Allah Akbar!" No way. We rush to the window. It begins at 10 at night and will continue for another 30 minutes ... On the television screen, Boromir, human of Aragon, falls. He dies an honorable death defending the lives of his compatriots. "In edame dare." This is to be continued. The phrase has become our hesitant slogan, our phrase of reassurance. "In edame dare." People are not going to let up so easily. Each time I've lost faith, I've been wrong. Iranians are proving to be a sturdier lot than I have given them credit, much mightier even than the formidable kootooloos that stand in their way. -- By Anonymous From rforno at infowarrior.org Fri Jun 26 04:38:42 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 26 Jun 2009 00:38:42 -0400 Subject: [Infowarrior] - Will Congress Read Bills Before Voting? Message-ID: (Gee, just like how the 'Patriot' Act was rushed to the floor for a vote less than 24 hours after it was printed...nobody read that mammoth bill before voting on it, and look @ the mess we're in as a result. Same antics, different party. --rf) June 24, 2009 5:33 PM Will Congress Read Bills Before Voting? Posted by Stephanie Condon (CBS) http://www.cbsnews.com/blogs/2009/06/24/politics/politicalhotsheet/entry5110850.shtml Last month, when Republicans tried to stall energy legislation with hundreds of amendments, Democrats hired a speed reader to get through them all. Now, with Democratic leadership barreling through its hefty agenda this summer, it looks as if the speed reader's services may be needed once more. Various grassroots organizations are blasting Congress for not taking the time to properly consider the energy bill or health care reform -- two very significant pieces of legislation. Let Freedom Ring, a non-profit, grassroots organization that supports a conservative agenda, announced an initiative today urging members of Congress to sign a pledge to read and give citizens the opportunity to read any health care reform legislation before voting on it. "For something as significant as health care reform, which influences 16 percent to 17 percent of GDP, I think it is important for legislators to know what they're voting on, and not have lobbyists and staff members be the only ones who know what's in there," said Colin Hanna, Let Freedom Ring president. The pledge was distributed to members of Congress on Tuesday, and Hanna has so far received signatures from Senators James Inhofe (R- Okla.) and Jim DeMint (R-S.C.). Certainly, Hanna said, it would be in the members' best interests to sign it. "I can assure you, legislators will be held accountable if there are parts in there their constituents find objectionable," he said. Meanwhile, the Sunlight Foundation, a non-profit with the goal of increasing government transparency, is raising similar concerns about the energy bill that the House of Representatives is slated to vote on Friday. With a full House vote just days away, the authors of the deal are still negotiating the details, the New York Times has reported. In a measure as complex as the energy bill -- which consists of around 1,000 pages -- the details can make a big difference. "The fastest speed-readers and the most intelligent minds can't make informed decisions with that much time. How can Congress?" Sunlight Foundation Engagement Director Jake Brewer said today in a statement. "The problem here is the bill wasn't developed in the open in a committee, so no one -- including those members of Congress not on the Energy Committee -- knows how this latest version was created." The foundation points out that while the bill, formally called the American Clean Energy and Security Act, was 946 pages long last week, it has ballooned to 1,201 pages in recent days with little explanation for how or why. The group is supporting a bill introduced last week that would require the House to post all non-emergency legislation online 72 hours before debate begins. Hanna said Congress could benefit by keeping legislation simpler. "Legislation has become so complex, you can really make the arugment the system the framers devised is broken," he said. "Most bills are voted upon without those voting understanding much of what's in it." That's when members are forced to resort to speed readers. "It makes a mockery of the process," Hanna said. From rforno at infowarrior.org Fri Jun 26 14:06:16 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 26 Jun 2009 10:06:16 -0400 Subject: [Infowarrior] - =?windows-1252?q?FAMS=3A_=91The_most_needless=2C_?= =?windows-1252?q?useless_federal_agency=22?= Message-ID: (c/o DS) http://www.gsnmagazine.com/cms/features/news-analysis/2205.html OPINION / Federal Air Marshal Service: ?The most needless, useless agency in the entire Federal Government? By Rep. John Duncan Jr. (R-TN) Published June 23rd, 2009 [Remarks delivered on the House floor on June 19, 2009.] Probably the most needless, useless agency in the entire Federal Government is the Air Marshal Service. In the Homeland Security Appropriations bill we will take up next week, we will appropriate $860 million for this needless, useless agency. This money is a total waste: $860 million for people to sit on airplanes and simply fly back and forth, back and forth. What a cushy, easy job. And listen to this paragraph from a front-page story in the USA Today last November: ?Since 9/11, more than three dozen Federal air marshals have been charged with crimes, and hundreds more have been accused of misconduct. Cases range from drunken driving and domestic violence to aiding a human-trafficking ring and trying to smuggle explosives from Afghanistan.'' Actually, there have been many more arrests of Federal air marshals than that story reported, quite a few for felony offenses. In fact, more air marshals have been arrested than the number of people arrested by air marshals. We now have approximately 4,000 in the Federal Air Marshals Service, yet they have made an average of just 4.2 arrests a year since 2001. This comes out to an average of about one arrest a year per 1,000 employees. Now, let me make that clear. Their thousands of employees are not making one arrest per year each. They are averaging slightly over four arrests each year by the entire agency. In other words, we are spending approximately $200 million per arrest. Let me repeat that: we are spending approximately $200 million per arrest. Professor Ian Lustick of the University of Pennsylvania wrote last year about the money feeding frenzy of the war on terror. And he wrote this: ``Nearly 7 years after September 11, 2001,'' he wrote this last year, "what accounts for the vast discrepancy between the terrorist threat facing America and the scale of our response? Why, absent any evidence of a serious terror threat, is a war to on terror so enormous, so all-encompassing, and still expanding?" The fundamental answer is that al Qaeda's most important accomplishment was not to hijack our planes but to hijack our political system. "For a multitude of politicians, interest groups and professional associations, corporations, media organizations, universities, local and State governments and Federal agency officials, the war on terror is now a major profit center, a funding bonanza, and a set of slogans and sound bites to be inserted into budget project grant and contract proposals.'' And finally, Professor Lustick wrote: ``For the country as a whole, however, it has become maelstrom of waste.'' And there is no agency for which those words are more applicable than the Federal Air Marshal Service. In case anyone is wondering, the Air Marshal Service has done nothing to me, and I know none of its employees. But I do know with absolute certainty that this $860 million we are about to give them could be better spent on thousands of other things. As far as I'm concerned, it is just money going down a drain for the little good it will do. When we are so many trillions of dollars in debt, a national debt of over $13 trillion, we simply cannot afford to waste money in this way. From rforno at infowarrior.org Fri Jun 26 18:01:53 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 26 Jun 2009 14:01:53 -0400 Subject: [Infowarrior] - New ICANN head ex-cybersecurity official Message-ID: <8C573AD7-2BF9-4258-9BF1-29C1E2C2B25B@infowarrior.org> June 26, 2009 10:41 AM PDT ICANN names new CEO by Lance Whitney http://news.cnet.com/8301-13578_3-10273668-38.html?part=rss&subj=news&tag=2547-1_3-0-20 Former U.S. cybersecurity official Rod Beckstrom has been named the new CEO and president of ICANN. His appointment was announced at the annual meeting Friday in Australia of ICANN, which stands for the Internet Corporation for Assigned Names and Numbers. A global nonprofit, ICANN is responsible for assigning and managing Internet domain names and IP addresses, among other tasks. "Rod Beckstrom has exactly the sort of strong personal and technical background that ICANN needs," ICANN Chairman Peter Dengate Thrush said in announcing the decision. Beckstrom, who received his MBA from Stanford University, has served on the boards of several nonprofit groups and written four books. But it was his role as director of the U.S. National Cybersecurity Center (NCSC) where he made an impression. As head of the federal center, he oversaw a large, disparate agency spanning civilian, military and intelligence communities. However, Beckstrom resigned his government role in March after complaining of interference from the National Security Agency. In a letter to Department of Homeland Security Secretary Janet Napolitano, he said the NSA dominated most of his agency's efforts and that he was "unwilling to subjugate the NCSC underneath the NSA." Beckstrom defended the achievements of the NCSC and said he favored a decentralized approach so that security is not handled by any single organization. Beckstrom's ICANN appointment triggered favorable statements from many sides. "Rod Beckstrom is strikingly well-prepared to undertake a new role as CEO of ICANNs" Vint Cert, who is considered to be the "father" of the Internet, said in a statement. "His experience in industry and government equip him for this global and very challenging job." "Rod Beckstrom is an outstanding choice to head ICANN. He understands people, institutions, and technology," Marc Rotenberg, Executive Director of the Electronic Privacy Information Center (EPIC), said in a statement. "He recognizes both the potential and the challenges for ICANN. And has stood up for the civil liberties of Internet users with courage and foresight." ICANN has been criticized over the years for a host of reasons, including internal squabbles, the fees it levies, and the perceived shroud of secrecy under which it operates. Last year, ICANN proposed new rules for Internet names that would expand suffixes beyond the familiar .com, .net, and .org domains. The proposal worried many who thought it would lead to confusion on the Internet. But Beckstrom's comments upon his appointment reflect faith in the organization. "The Internet has changed the way the world communicates and conducts commerce," Beckstrom said at a press conference. "And in no small way, this multi-stakeholder, bottom-up organization has been and will continue to be at the core of the Internet's on-going evolution. Quite simply, the proof that ICANN works, is that the Internet works." Lance Whitney wears a few different technology hats--journalist, Web developer, and software trainer. He's a contributing editor for Microsoft TechNet Magazine and writes for other computer publications and Web sites. You can follow Lance on Twitter at @lancewhit. Lance is a member of the CNET Blog Network, and he is not an employee of CNET. From rforno at infowarrior.org Sat Jun 27 04:44:16 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 27 Jun 2009 00:44:16 -0400 Subject: [Infowarrior] - Google thought MJ searches were an attack Message-ID: http://news.cnet.com/8301-17939_109-10274137-2.html?part=rss&subj=news&tag=2547-1_3-0-20 Google has confirmed that the surge of Michael Jackson-related searches on Google News Thursday was first interpreted as an attack on its service. Google News was inaccessible for some people Thursday afternoon right as rumors of Jackson's death began to circulate, replaced by an error message reading "We're sorry, but your query looks similar to automated requests from a computer virus or spyware application. To protect our users, we can't process your request right now." Of course, those queries were quite legitimate, as millions around the world searched for accurate information regarding Jackson following reports that he had suffered cardiac arrest. The spike in queries began at about 2:45 p.m. PDT Thursday, and Google thought the traffic was an attack for about 25 minutes before realizing what was going on. Google also noted that it saw a huge spike in mobile searches. Yahoo's data backed up Google's; it set a record for unique visitors in a single day with 16.4 million visitors, and its lead story on Jackson's death was the most highly-visited story in its history. From rforno at infowarrior.org Sat Jun 27 04:47:21 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 27 Jun 2009 00:47:21 -0400 Subject: [Infowarrior] - GAO: DHS still not satisfying cybersecurity role Message-ID: ...new year, same findings, and even same recommendations. Lather, rinse, repeat --- activity is the desired endstate, not effectiveness!!! :( --rf Since 2005, GAO has reported that DHS has yet to comprehensively satisfy its key cybersecurity responsibilities, including those related to establishing effective partnerships with the private sector. Shortcomings exist in key areas that are essential for DHS to address in order to fully implement its cybersecurity responsibilities (see table). http://cryptome.org/gao-09-835t.pdf From rforno at infowarrior.org Mon Jun 29 00:52:37 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 28 Jun 2009 20:52:37 -0400 Subject: [Infowarrior] - TV pitchman Billy Mays dead Message-ID: Wow....what a week!!! -rf http://www.washingtonpost.com/wp-dyn/content/article/2009/06/28/AR2009062800820_pf.html Infomercial King Had the Perfect Pitch By Joe Holley Washington Post Staff Writer Monday, June 29, 2009 Billy Mays, the bearded, boisterous pitchman who, as the undisputed king of TV yell and sell, became an unlikely pop culture icon, died yesterday at his Tampa home at age 50. Tampa police told the Associated Press that his wife discovered him unresponsive early yesterday morning. A fire rescue crew pronounced him dead at 7:45 a.m. The man many TV viewers knew as "the OxiClean guy" was among the passengers on a US Airways flight that made a rough landing Saturday afternoon at Tampa International Airport. Mr. Mays told Tampa's Fox TV affiliate that something fell from the ceiling and hit him on the head, "but I got a hard head." A police spokeswoman said linking his death to the rough landing would "purely be speculation." As often as 400 times a week, his "Hi! Billy Mays here!" signaled yet another paean to Mighty Putty, Simoniz Fix It scratch remover, the Big City Slider Station, the Handy Switch, the Awesome Auger and numerous other "As Seen on TV" products. In a 2008 profile of Mr. Mays, The Washington Post noted that top pitchmen get about $20,000 upfront for each commercial they tape, although Mr. Mays made even more money from a commission on gross revenue. He refused to be specific about his annual income, although Forbes magazine said his efforts accounted for more than $1 billion in combined sales for the products he pitched. Recently, he was featured on the Discovery Channel reality show "Pitchmen," which follows Mr. Mays and Anthony Sullivan, his business partner and producer, as they entice viewers with such new gadgets as the Impact Gel shoe insert, the Tool Band-It and the Soft Buns portable seat cushion. "One of the things that we hope to do with 'Pitchmen' is to give people an appreciation of what we do," he told the Tampa Tribune this year. "I don't take on a product unless I believe in it. I use everything that I sell." He was born William D. Mays Jr. in McKees Rocks, Pa., and grew up in Pittsburgh, where he was a high school football player. He dropped out of West Virginia University and worked for his father's hazardous- waste trucking company. In 1983, he ran into a high school friend who was headed to Atlantic City to sell Ginsu knives on the boardwalk, at the time a pitchman's mecca. Mr. Mays went along for the ride and ended up becoming a pitchman himself. He worked for a company called International Housewares; the first product he pitched was WashMatik, a hose that could pump water from a bucket without being hooked up to a faucet. He told The Post that he wasn't much of a salesman at first. He spent too much time describing the product and not enough time "chilling 'em down" -- that is, getting potential buyers to fork over their money. After a few years with the WashMatik, he spent five years pitching the Ultimate Chopper at home shows and state fairs across the country. His demonstration involved "ballying," as the pitchman sales banter is known, at full volume for hours on end and then making salsa with the kitchen tool. Along the way, he met Max Appel, an inventor and pitchman who was selling Orange Glo, a wood-polishing liquid. When Appel asked Mr. Mays to pitch his product on the Home Shopping Network, he sold 6,000 units in 11 minutes, at $18 a piece. He was on his way to superstardom. He reached the pinnacle of pitchman success in 1999, when he did a two- minute commercial for the all-purpose OxiClean, which Appel had created. Appel would later sell his company, which included OxiClean and other products, for $325 million. By then, Mr. Mays had become an infomercial phenom. His marriage to Dolores "Dee Dee" Mayes ended in divorce. Survivors include his wife, Deborah Mays, of Tampa. From rforno at infowarrior.org Mon Jun 29 12:56:51 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 29 Jun 2009 08:56:51 -0400 Subject: [Infowarrior] - Cyber security minister ridiculed over s'kiddie hire plan Message-ID: <229B5926-7CBB-404C-A798-90AAE6C262DF@infowarrior.org> Cyber security minister ridiculed over s'kiddie hire plan http://www.theregister.co.uk/2009/06/29/cyberminister_gaffe/ By John Leyden ? Get more from this author Posted in Crime, 29th June 2009 12:36 GMT Security experts have strongly criticised suggestions by a government minister that former hackers might play a key role in Britain's newly announced cybersecurity strategy. Lord West, the Home Office security minster, made the controversial suggestion that the government had recruited former hackers to work in its new Cyber Security Operations Centre, a key components of the UK government?s cybersecurity strategy announced last week. West told the BBC that the government had avoided employing "ultra, ultra criminals" but needed the mad skillz expertise of former miscreants. "You need youngsters who are deep into this stuff? If they have been slightly naughty boys, very often they really enjoy stopping other naughty boys," he said. Rik Ferguson, a security consultant at Trend Micro, and someone who has worked wth GCHQ, described the idea of hiring reformed hackers to face off state-sponsored cyberspies and cybercriminals from eastern European as misguided at best in an entertaining blog post here. The government has actually hired a team of people known to have committed criminal acts using computers and is rewarding them for that activity with civil service jobs. It is also giving these same criminals access to signals intelligence at extremely high levels of clearance and relying on them for national defence. This sounds like the kind of people that have been disparagingly referred to as script-kiddies for many years now and I really can?t see their value to national security or law enforcement. Would it be fair to paraphrase this as "We have hired some hackers, but don?t worry, we didn?t hire the successful ones"? Ferguson goes on to ask how the active recruitment of known hackers and criminals squares with the government's stated aim of pursuing an ethical cyber-security policy. Chris Boyd, a security researcher at FaceTime, agrees that Lord West is talking tosh in a post on Twitter. Boyd writes: "Lord West sez: hire lots of talentless script kiddies to shore up UK cyberdefences. How can people be so dense?" Lord West popped up in numerous news outlets last week suggesting the he didn't really trust this new fangled interweb and is worried about carrying about a smart phone near his Hackney home in case it might get nicked (hello encryption, backup) while, curiously, in conversation with Radio 4, suggesting (under tough questioning) the proactive cyber-offensives played a role in the Falklands War of 1982. As Ferguson points out the war in the south Atlantic happened a year before the first TCP/IP based wide area network became operational. Confusion about technical terms in a former Naval chief turned government minister is one thing but it's far more of a worry for someone chosen to serve as the UK's first cyber security minister. ? From rforno at infowarrior.org Mon Jun 29 14:09:59 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 29 Jun 2009 10:09:59 -0400 Subject: [Infowarrior] - SCOTUS rules for white firefighters Message-ID: <8F8D5CDA-D265-4FF5-B004-B1715A17DAAD@infowarrior.org> http://www.nytimes.com/aponline/2009/06/29/business/AP-US-SupremeCourt-Fire.html Supreme Court Rules for White Firefighters in Affirmative Action Case Article Tools Sponsored By By THE ASSOCIATED PRESS Published: June 29, 2009 Filed at 10:02 a.m. ET WASHINGTON (AP) -- The Supreme Court has ruled that white firefighters in New Haven, Conn., were unfairly denied promotions because of their race, reversing a decision that high court nominee Sonia Sotomayor endorsed as an appeals court judge. From rforno at infowarrior.org Mon Jun 29 16:42:53 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 29 Jun 2009 12:42:53 -0400 Subject: [Infowarrior] - Madoff sentenced to 150 years in prison Message-ID: Bernard Madoff sentenced to 150 years in prison Monday, June 29, 2009 By the Associated Press NEW YORK ? Bernard Madoff has been sentenced to 150 years in prison for his multibillion-dollar fraud scheme. U.S. District Judge Denny Chin handed down the sentence in New York on Monday. The 71-year-old former Nasdaq chairman was arrested late last year after confessing to his sons that his secretive investment advisory business was a ?big lie.? He pleaded guilty to securities fraud and other charges in March and has been jailed since. URL: http://www.news-herald.com/articles/2009/06/29/news/doc4a48df6f4dc68642692652.prt From rforno at infowarrior.org Tue Jun 30 02:48:40 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 29 Jun 2009 22:48:40 -0400 Subject: [Infowarrior] - Review: iPod v. Walkman Message-ID: (aaaah, nostalgia!!! --rf) When the Sony Walkman was launched, 30 years ago this week, it started a revolution in portable music. But how does it compare with its digital successors? The Magazine invited 13-year-old Scott Campbell to swap his iPod for a Walkman for a week.... < - > http://news.bbc.co.uk/2/hi/uk_news/magazine/8117619.stm From rforno at infowarrior.org Tue Jun 30 02:54:19 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 29 Jun 2009 22:54:19 -0400 Subject: [Infowarrior] - SCOTUS won't block remote storage DVR system Message-ID: <6C60D1DE-84ED-4D92-AD12-E71CD61EFD95@infowarrior.org> High court won't block remote storage DVR system By DEBORAH YAO ? 6 hours ago http://www.google.com/hostednews/ap/article/ALeqM5huA29y1WNNqS4rykHhxbWlvPUcUAD994I0CO0 PHILADELPHIA (AP) ? Cable TV operators won a key legal battle against Hollywood studios and television networks on Monday as the Supreme Court declined to block a new digital video recording system that could make it even easier for viewers to bypass commercials. The justices declined to hear arguments on whether Cablevision Systems Corp.'s remote-storage DVR system would violate copyright laws. That allows the Bethpage, N.Y.-based company to proceed with plans to start deploying the technology this summer. With remote storage, TV shows are kept on the cable operator's servers instead of the DVR inside the customer's home, as systems offered by TiVo Inc. and cable operators currently do. The distinction is important because a remote system essentially transforms every digital set-top box in the home into a DVR, allowing customers to sign up instantly, without the need to pick up a DVR from the nearest cable office or wait for a technician to visit. Movie studios, TV networks and cable TV channels had argued that the service is more akin to video-on-demand, for which they negotiate licensing fees with cable providers. They claimed a remote-storage DVR service amounts to an unauthorized rebroadcast of their programs. In a statement, the Copyright Alliance, whose members include Hollywood studios and television broadcasters, called the Supreme Court action "unfortunate and potentially harmful to creators and creative enterprises across the spectrum of copyright industries." Cablevision argued its service was permissible because the control of the recording and playback was in the hands of the consumer. Industry experts say the new technology could put digital recording service in nearly half of all American homes, about twice the current number. "This is a tremendous victory," said Tom Rutledge, Cablevision's chief operating officer, in a statement. "At the same time, we are mindful of the potential implications for ad skipping and the concerns this has raised in the programming community." Rutledge said the technology could benefit programmers and advertisers. Cablevision, which has 3 million subscribers in the New York metro area, has launched targeted, interactive advertising in half a million households and plans to double that number by year's end. TiVo's DVR users already see ads when they pause or fast-forward shows. Less clear is whether there will be savings down the road for consumers. Remote-storage DVR saves cable operators money because they don't have to invest and deploy digital set-top boxes with hard drives anymore, nor would they have broken machines inside homes to fix in person. Sanford Bernstein analyst Craig Moffett had estimated that DVRs account for as much as 10 percent to 15 percent of major cable's capital spending. But whether those savings will trickle down to the consumer depends on the level of competition, expenditures by cable to deploy the new system and other factors. Cable operators also have to contend with bandwidth capacity, as shows will be transmitted to each DVR viewer from their central servers, instead of individual DVRs already in the home. Still, it's a win for cable even though most consumers won't see much of a change for years, in part because there are millions of in-home DVRs already in use. "It's clearly an important chapter in the history of digital television," said Standard & Poor's analyst Tuna Amobi. But the new system will take "a few years to materialize. Right now the focus is on trying to get up to speed and get this technology beyond the test phase." Perhaps in the next decade, remote-storage DVR would start to make set- top boxes obsolete, he said. At least, cable operators won't be hampered by the limits of a DVR hard drive. They can choose to offer more storage capacity to consumers whenever they wish, as they respond to competition or try to retain subscribers. Amobi said satellite TV operators also are losers in the high court's decision because their systems don't let them offer remote-storage DVR. Their subscribers still have to get DVRs with hard drives and satellite TV companies have to continue to invest in these boxes. In siding with Cablevision, the 2nd U.S. Circuit Court of Appeals overturned a lower court ruling that Cablevision, rather than its customers, would be making copies of programs, thereby violating copyright laws. The Screen Actors Guild, songwriters, music companies, Major League Baseball, the National Football League and the NCAA all sided with the networks and studios in asking for high court review, while the Obama administration urged the court not to hear the case. The case is Cable News Network v. CSC Holdings Inc., 08-448. Shares of Cablevision were up 43 cents, or 2.3 percent, to close Monday at $19.29. Associated Press writer Jesse J. Holland in Washington contributed to this story. From rforno at infowarrior.org Tue Jun 30 12:14:47 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 30 Jun 2009 08:14:47 -0400 Subject: [Infowarrior] - Juniper Networks Gags "ATM Jackpot" Researcher Message-ID: Juniper Networks Gags "ATM Jackpot" Researcher Patrick Gray's picture Security and networking company Juniper yields to ATM vendor pressure... By Patrick Gray June 30, 2009 -- http://risky.biz/news_and_opinion/patrick-gray/2009-06-30/juniper-networks-gags-atm-jackpot-researcher RISKY.BIZ EXCLUSIVE -- A demonstration in which security researcher Barnaby Jack would "jackpot" an ATM live on stage at the upcoming Black Hat security conference in Las Vegas has been pulled by his employer. Security and network device vendor Juniper Networks forced Mr. Jack to cancel his presentation, an anticipated highlight of the Black Hat event, following pressure from the affected ATM vendor. The demonstration would have seen the researcher hack an ATM live on stage, causing it to spit out cash, or "jackpot". "The affected ATM vendor has expressed to us concern about publicly disclosing the research findings before its constituents were fully protected," a statement issued by Juniper Networks reads. "Considering the scope and possible exposure of this issue on other vendors, Juniper decided to postpone Jack?s presentation until all affected vendors have sufficiently addressed the issues found in his research." Risky.Biz understands the ATM vendor had been given notification of the upcoming presentation, and Juniper Networks was initially happy for Mr. Jack to present his research findings publicly. Security researcher and the maintainer of the Open Source Vulnerability Database, Brian Martin, told Risky.Biz the cancelation of security-themed presentations by researchers' employers is an all- too-common experience. "Why does it come down to the vendor changing their mind or waiting to pressure," he asks. "They knew about the research, knew about the talk." The latest cancellation echoes a similar event in 2005, when a talk on vulnerabilities in Cisco equipment by Michael Lynn was pulled from the conference by the networking giant in cooperation with Lynn's employer, security software maker ISS, which is now a division of IBM. In a dramatic twist, Lynn resigned and gave his talk anyway. Ironically, he was hired by Juniper Networks, where he still works to this day. In 2008 a talk on flaws in Apple's FileVault encryption technology was also pulled following pressure from the computer maker. A security researcher who did not wish to be named expressed his disappointment at the cancellation. "It is a shame that this work won't see the light of day, at least for now," he told Risky.Biz. "Barnaby has always done great work and it would be great to learn some of his innovative new approaches to attacking systems that we trust with all of our money... plus, it's just damn cool." From rforno at infowarrior.org Tue Jun 30 12:27:31 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 30 Jun 2009 08:27:31 -0400 Subject: [Infowarrior] - Pirate Bay is Bought? Message-ID: <44E18D07-F369-401B-9D9D-5B7BD0AC74D7@infowarrior.org> (One wonders if this indeed is "real" or just a joke......if the former, I suspepct it will lose its underground luster and popularity by day's end today. If the latter, bravo to them for an out-of-cycle April Fools' prank. ---rick) http://www.marketwatch.com/story/global-gaming-factory-x-acquisitions-of-the-pirate-bay-and-new-file-sharing-technology-p2p-20 Jun 30, 2009, 3:14 a.m. EST Global Gaming Factory X: Acquisitions of The Pirate Bay and New File - Sharing Technology, p2p 2.0 Pave the Way for Compensation Model STOCKHOLM, Jun 30, 2009 (BUSINESS WIRE) -- The listed software company, Global Gaming Factory X AB (publ) (GGF) acquires The Pirate Bay website, http://www.thepiratebay.org, one of the 100 most visited websites in the world and the technology company Peerialism, that has developed next generation file-sharing technology. Following the completion of the acquisitions, GGF intends to launch new business models that allow compensation to the content providers and copyright owners. The responsibility for, and operation of the site will be taken over by GGF in connection with closing of the transaction, which is scheduled for August 2009. "We would like to introduce models which entail that content providers and copyright owners get paid for content that is downloaded via the site, " said Hans Pandeya, CEO GGF. "The Pirate Bay is a site that is among the top 100 most visited Internet sites in the world. However, in order to live on, The Pirate Bay requires a new business model, which satisfies the requirements and needs of all parties, content providers, broadband operators, end users, and the judiciary. Content creators and providers need to control their content and get paid for it. File sharers 'need faster downloads and better quality, " continues Hans Pandeya. GGF acquires domain names and related web sites, including http://www.thepiratebay.org . The consideration for the purchase amounts to MSEK 60 consisting of at least MSEK 30 in cash and up to the equivalent of MSEK 30 in the form of newly issued shares in GGF (according to valuation in connection with the completion of the acquisition). The stock share of the purchase price is expected to be equivalent to a maximum of three per cent of the total number of outstanding shares of GGF after the acquisition. In the case that three percent of the shares is not equivalent to 30 MSEK, the major shareholder of GGF has declared that he will contribute the equivalent in cash. GGF has entered into an agreement to acquire the shares in Peerialism AB. Peerialism AB is a software technology company with its origin in KTH Royal Institute of Technology and SICS, Swedish Institute of Computer Science and which presently is owned by the employees. The owners as well as the employees will continue to work for the company. Peerialism develops solutions for data distribution and distributed storage based on new p2p- technology. The access to the technology is secured by the acquisition. The consideration amounts to in aggregate MSEK 100 consisting of at least MSEK 50 in cash and up to the equivalent of MSEK 50 in newly issued shares in GGF (according to valuation during a period of ten days after the announcement). The share part of the purchase price should not exceed five percent of the total number of shares in GGF after the transaction. In addition GGF has undertaken to make initial investments of MSEK 25 in the acquired business. "Peerialism has developed a new data distribution technology which now can be introduced on the best known file - sharing site, The Pirate Bay. Since the technology is compatible with the existing it will quickly allow for new values to be created for all key stakeholders and facilitate new business opportunities", says Johan Ljungberg, CEO Peerialism. Completion of the acquisitions are primarily subject to GGF obtaining financing for the acquisition, that any necessary resolutions are adopted by a General Meeting of GGF, and that GGF and the Board of Directors consider that the acquired assets can be used in a legally and appropriate way. GGF intends to issue new shares in order to obtain the necessary financing for the acquisition. The acquisition is deemed to be completed in August 2009. In connection therewith, the ownership of, and responsibility for, the acquired assets will be transferred to GGF. "As a result of the acquisitions of The Pirate Bay and Peerialism, GGF will have a strategic position in the international digital distribution market. File sharing traffic is estimated to account for more than half of today's global Internet traffic. The Pirate Bay has a global brand and holds a key position with over 20 million visitors and over one billion page views per month," says Hans Pandeya. A Press briefing will be held on June 30th 2009 at 11.00 at Sparvagshallarna, Birger Jarlsgatan 57 A, Stockholm. Global Gaming Factory X AB (publ) has been listed on Aktietorget since 2006 GGFX has the largest network of Internet cafes and game centers and provides software. GGFX thus has access to the largest group of games players on the Internet. The company's principal shareholders are Magnus Bergman (Chairman), Hans Pandeya, (CEO) and Johan Sellstrom, (CTO) (for more details see attached CV and http://www.globalgamingfactory.com ). The Pirate Bay is one of the 100 most visited Internet sites in the world and one of the leading search engines for file sharing. The site has more than 20 million visitors and over one billion searches per month. Peerialism AB develops solutions to transport and store data over Internet based on new p2p technologies. The solutions are capable of large scale media distribution with clear advantages over existing solutions; it makes better use of networks resources whilst reducing ISP traffic and significantly lowering the cost of media distribution. The technology has its origin from research projects within SICS (Swedish Institute for Computer Science) and KTH (Kungliga Tekniska Hogskolan). The head of research at SICS, Seif Haridi who also is a professor at KTH will continue to be advisor to Peerialism.The company was founded in 2007 and has 14 employees and is based in Stockholm (more information http://www.peerialism.com, http://www.sics.com, http://www.kth.se ). Background The market for the consumption and distribution of digital media is characterised by a complex landscape of both national and international legislation with difficult conflicts between different areas of law - not least in balancing copyright law and rights of privacy. This has led to a widespread global debate among opinion- makers, politicians, academics, the general public and business people. In addition to the responsibilities of the individual Internet user, the responsibility for user-generated material is diversely allocated between different market participants and may also vary from country to country. However, both U.S. and European law place certain obligations on Internet Service Providers (ISP) and on Information Society Service Providers (ISSP) to prevent the distribution of unauthorised or illegal material. Time consuming legislative work and costly litigation are taking place in all parts of the world as a result of the demands posed by the technological evolution on the rules that are to apply. All market participants, e.g. technology and broadband providers, various service providers, search engines and rights' holders would all benefit from a clearer legal landscape that enables safe investments and the continued evolution of the information society. GGF wants to accept the challenge to position itself as a respectable participant in the market and contribute to Internet's infrastructure, with the goal to establish working models for co-operation and a clear allocation of responsibilities on market terms, respecting both intellectual property rights and the rights of privacy. Below you can find a selection of links related to the discussion; http://hbswk.hbs.edu/item/4206.html http://www.downloadsquad.com/2009/04/18/is-google-the-next-pirate-bay-in-a-word-no/http://cci.mit.edu/research/prediction.html CV - Global Gaming Factory X AB Hans Chandra Pandeya, CEO St. Columba's School, New Delhi, MSc Engineering Physics, Royal Institute of Technology, KTH, Sweden and MBA Harvard Business School. Co-founder of Bargain Pages, an advertising paper for free ads in Birmingham, UK. Sold to one of the biggest classifieds publishers in Europe. Co-founder of Ad-Mag, advertising papers for free ads in India. Co-founder of advertising papers for free ads in Australia. Sold to John MacBain's Trader Classified Media, the biggest classifieds publisher in the world. CEO of Interline Networks, an Internet telephony network in Sydney, Australia. Launched a web phone for free phone calls in 2000. Founder and owner of Unika Bostader AB, a property developer in Stockholm, Sweden. Worked with advertising papers, IT companies, and property development for 17 years. Johan Sellstrom, Technical Director MSc Engineering Physics, Royal Institue of Technology, (KTH) Sweden. Co-founder and Chief Technology Officer, Icon Medialab, one of the biggest IT consultancy firms in Europe. Analytical methods and implementation, Aeronautical Institue of Sweden, SAAB Military Aircraft, Volvo. Magnus Bergman, Chairman MSc in Aeronautics, Royal Institue of Technology, (KTH) Sweden, PhD in Physics, Institute National Polytechnique, Toulouse, France. Co-founder and CEO of Parallel Consulting Group AB that was sold to Icon Medialab in 1999. Former Director of Icon Medialab. Co-founder and CEO of Cross Connect Network Group AB. Chairman of Mobispine AB, Efield AB, CrossVenture Capital AB. More than 20 years of experience in development of IT companies in the areas of parallell computing, advanced computer technology, IT security, application interfaces, communication and methodology. This information was brought to you by Cision http://www.cisionwire.com SOURCE: Global Gaming Factory X Hans Pandeya, CEO, Global Gaming Factory X AB, +46 733 16 42 10 or Media contact, + 46 706 55 24 36 From rforno at infowarrior.org Tue Jun 30 16:15:18 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 30 Jun 2009 12:15:18 -0400 Subject: [Infowarrior] - Government Launches Web Site to Track IT Spending Message-ID: Government Launches Web Site to Track IT Spending By Kim Hart Washington Post Staff Writer Tuesday, June 30, 2009 10:29 AM http://www.washingtonpost.com/wp-dyn/content/article/2009/06/30/AR2009063001370_pf.html NEW YORK, June 30 -- Vivek Kundra, the federal chief information officer, on Tuesday announced a new Web site designed to track more than $70 billion in government information technology spending, showing all contracts held by major firms within every agency. The revamped site, USAspending.gov, was launched early this morning, and Kundra unveiled it at the Personal Democracy Forum conference on technology and politics. The site shows detailed information about whether IT contracts are being monitored and budgets being met. "Everyone knows there have been spectacular failures when it comes to technology investments," Kundra said. "Now for the first time the entire country can see how we're spending money and give us input." The site is the latest effort by Kundra and the Office of Management and Budget to make data about the government's projects and performance visible to the public. Citizens and Web developers can parse the data, combine it with other data sets and publish the results on Web feeds or their Facebook profiles. The data also show which contracts were won through a competitive process or in a no-bid method, which has been criticized by good-government advocates for excluding firms from business opportunities. Each prime contractor is listed as well as the status of that project; sub-contractors are not yet shown on the site. Last month, Kundra launched Data.gov, a repository for data feeds that are publicly available but often hard to find. The site started with 47 data sets. Kundra said there are now more than 100,000. Kundra's announcement was met with cheers and a standing ovation from the Twittering crowd at a Lincoln Center auditorium. The launch fulfills one of the promises Kundra made to Congress, in which he pledged to develop a new way of monitoring federal technology spending by the end of June. Launching a site that makes spending practices open to the public met some opposition from the agencies' chief information officers and government contractors, some of whom were nervous about letting citizens who aren't familiar with the contracting process and technology needs of the government judge the spending decisions. Kundra said he met with every agency and dozens of company executives over the past six weeks. "I talked to the CIO Council and saw the data change overnight," Kundra said. "It was cleaned up immediately when people realized it was going to be made public." A federal report last year found that $30 billion worth of IT projects were not going smoothly or were in danger of failing. Kundra pointed to a $6 million project to use wireless devices in gathering information for the U.S. Census. After two years, it was deemed unsuccessful and census takers reverted to using the old paper-based system. "We've seen this with system after system," he said. "Vendors over- promise and budgets have run away in terms of excessive spending. We're trying to provide you with the tools to let American people show us a better way." Because the data change frequently as IT contracts change, the feeds run the risk of containing inaccuracies. Maintaining and updating the databases is also labor-intensive and some agencies say the initiative creates an enormous workload for them. "There is a good chance you'll go through this and find places where the data is wrong, and that's okay," said Macon Phillips, new media director for the White House. "I'd rather have this up and out there than not at all."